db=$db; $this->log=$log; } function GetContent($filename){ $filename = addslashes($filename); $sql = "select * from content,family where "; $sql.= "con_active=1 and fam_active=1 and con_fam_id=fam_id "; $sql.= "and fam_filename='$filename' and fam_module=0 and "; $sql.= "((NOW()>fam_start_date and NOW()db->DoQuery($sql); } function GetParentContent(){ $sql = "select * from content,family where "; $sql.= "con_fam_id=fam_id and con_title!='' group by con_fam_id order by fam_left asc"; return $this->db->DoQuery($sql); } function GetAllContent(){ $sql = "SELECT * FROM family "; $sql.= "ORDER BY fam_left ASC"; return $this->db->DoQuery($sql); } /* function GetAllContent(){ // retrieve the left and right value of the $root node $sql = "SELECT * FROM family WHERE fam_id=1"; $result = mysql_query($sql); $row = mysql_fetch_array($result); // start with an empty $right stack $right = array(); $fam_left = $row['fam_left']; $fam_right = $row['fam_right']; // now, retrieve all descendants of the $root node $sql = "SELECT * FROM family,content WHERE fam_id=con_fam_id and fam_left BETWEEN $fam_left AND $fam_right "; $sql.= "and con_active=1 ORDER BY fam_left ASC"; $result = mysql_query($sql); // display each row $depth = 0; $olddepth = 0; $map = "
"; while ($row = mysql_fetch_array($result)) { $fam_id = $row['fam_id']; $con_title = $row['con_title']; $fam_module = $row['fam_module']; // only check stack if there is one if (count($right)>0) { // check if we should remove a node from the stack $popcount = 0; while ($right[count($right)-1]<$row['fam_right']) { array_pop($right); $map.= "
"; $depth--; } } // display indented node title $map.= "
$con_title\n"; if($olddepth>$depth) $map.= '
'; // add this node to the stack $right[] = $row['fam_right']; $map.= "
"; $depth++; } for($i=$depth;$i>=0;$i--) $map.= "
"; $map = str_replace('
','',$map); return $map; } function GetAllContent($parent,$level) { $sql = "select * from family,content where fam_id=con_fam_id and "; $sql.= "con_active=1 and fam_parent_id=$parent order by fam_menu_order"; $result = mysql_query($sql); // $map.= "
\r\n"; while($trow = mysql_fetch_array($result)) { $fam_id = $trow['fam_id']; $con_title = $trow['con_title']; $fam_module = $trow['fam_module']; $fam_active = $trow['fam_active']; if($fam_module==1) if($fam_active==1) $fam_image = 'images/icons/plugin.gif'; else $fam_image = 'images/icons/plugin_disabled.gif'; else if($fam_active==1) $fam_image = 'images/icons/page.gif'; else $fam_image = 'images/icons/page_white.gif'; $map.= "
\r\n"; $map.= " "; $map.= "$con_title\r\n"; $map.= $this->GetAllContent($fam_id,$level+1); $map.= "
\r\n"; } // $map.= '
'; return $map; } */ function GetRevisions($famid){ $famid = addslashes($famid); $sql = "select * from content,family,user where "; $sql.= "con_fam_id=fam_id and fam_id=$famid and con_user_id=user_id order by con_date desc"; return $this->db->DoQuery($sql); } function AddRevision($famid,$title_bar,$title,$keywords,$description,$text,$userid,$startdate,$enddate,$active,$pagetype){ $famid = addslashes($famid); $title_bar = addslashes($title_bar); $title = addslashes($title); $keywords = addslashes($keywords); $description = addslashes($description); $text = addslashes($text); $userid = addslashes($userid); $startdate = addslashes($startdate); $enddate = addslashes($enddate); $active = addslashes($active); $pagetype = addslashes($pagetype); $sql = "insert into content (con_user_id,con_date,con_text,con_active,con_fam_id,con_keywords,con_description,"; $sql.= "con_start_date,con_end_date,con_title_bar,con_page_type,con_title"; $sql.= ") values ("; $sql.= "$userid,NOW(),'$text',$active,$famid,'$keywords','$description',"; $sql.= "'$startdate','$enddate','$title_bar','$pagetype','$title')"; $revid = $this->db->DoInsert($sql); $this->log->AddLogItem($_SESSION['sess_userid'],"Edited '$title'"); return $this->ToggleRevision($revid,$famid); } function GetFamilyByID($fid){ $fid = addslashes($fid); $sql = "select * from family where fam_id=$fid"; return $this->db->DoQuery($sql); } function UpdateParent($fid,$parent){ $fid = addslashes($fid); $parent = addslashes($parent); $sql = "update family set fam_parent_id=$parent where fam_id=$fid"; $result = $this->db->DoUpdate($sql); $this->log->AddLogItem($_SESSION['sess_userid'],"Moved '$title'"); $this->Rebuild_Tree(0,1); return $result; } function GetContentByID($cid){ $cid = addslashes($cid); $sql = "select * from content,family where "; $sql.= "con_fam_id=fam_id and con_id=$cid"; return $this->db->DoQuery($sql); } function GetContentByCategory($catid){ $catid = addslashes($catid); $sql = "select * from family where "; $sql.= "fam_cat_id=$catid order by con_title"; return $this->db->DoQuery($sql); } function GetModulePageType($module,$filename){ $module = addslashes($module); $filename = addslashes($filename); $sql = "select * from family,content where "; $sql.= "fam_module_path='$module' and fam_filename='$filename' and fam_id=con_fam_id and con_active=1"; return $this->db->DoQuery($sql); } function UpdatePageType($fid,$pagetype){ $fid = addslashes($fid); $pagetype = addslashes($pagetype); $sql = "update content set con_page_type='$pagetype' where con_fam_id=$fid"; return $this->db->DoUpdate($sql); } function EditContent($famid,$sitemap,$filename,$startdate,$enddate,$parent, $secure,$active,$userid,$menu,$ismodule,$module_path,$usedate){ $famid = addslashes($famid); $sitemap = addslashes($sitemap); $filename = addslashes($filename); $startdate = addslashes($startdate); $enddate = addslashes($enddate); $parent = addslashes($parent); $secure = addslashes($secure); $active = addslashes($active); $userid = addslashes($userid); $menu = addslashes($menu); $ismodule = addslashes($ismodule); $module_path = addslashes($module_path); $usedate = addslashes($usedate); // update family $sql = "update family set fam_active=$active,fam_sitemap=$sitemap,fam_filename='$filename',"; $sql.= "fam_secure=$secure,fam_parent_id=$parent,fam_menu=$menu,"; $sql.= "fam_module=$ismodule,fam_module_path='$module_path',fam_use_date=$usedate,"; $sql.= "fam_start_date='$startdate',fam_end_date='$enddate' where fam_id=$famid"; $this->db->DoUpdate($sql); $this->log->AddLogItem($_SESSION['sess_userid'],"Edited '$title'"); if($active==1 && $conid!=0 && $conid!=''){ // set all other content for this family to inactive $this->ToggleRevision($conid,$famid); } $this->Rebuild_Tree(0,1); return $famid; } function AddContent($sitemap,$filename,$startdate,$enddate, $parent,$secure,$active,$userid,$menu,$ismodule,$module_path,$usedate){ $sitemap = addslashes($sitemap); $filename = addslashes($filename); $startdate = addslashes($startdate); $enddate = addslashes($enddate); $parent = addslashes($parent); $userid = addslashes($userid); $active = addslashes($active); $menu = addslashes($menu); $ismodule = addslashes($ismodule); $module_path = addslashes($module_path); $usedate = addslashes($usedate); if($parent=='') $parent = 0; // first create the family record $sql = "insert into family (fam_active,fam_sitemap,fam_filename,"; $sql.= "fam_parent_id,fam_lock,fam_menu,fam_date,fam_module,fam_module_path,"; $sql.= "fam_use_date,fam_start_date,fam_end_date"; $sql.= ") values ("; $sql.= "$active,$sitemap,'$filename',"; $sql.= "$parent,0,$menu,NOW(),$ismodule,'$module_path',"; $sql.= "$usedate,'$startdate','$enddate')"; $famid = $this->db->DoInsert($sql); $this->log->AddLogItem($_SESSION['sess_userid'],"Added '$title'"); $this->Rebuild_Tree(0,1); $this->AddUserGroupToFamily($_SESSION['sess_userlevel'],$famid); // always add the 'admin usergroup' if($_SESSION['sess_userlevel']!=7) $this->AddUserGroupToFamily(7,$famid); // if family record insert failed, return 0 return $famid; } function rebuild_tree($parent, $left) { // the right value of this node is the left value + 1 $right = $left+1; // get all children of this node $sql = "SELECT fam_id FROM family WHERE fam_parent_id=$parent order by fam_menu_order"; $result = mysql_query($sql); while ($row = mysql_fetch_array($result)) { // recursive execution of this function for each // child of this node // $right is the current right value, which is // incremented by the rebuild_tree function // $right++; $right = $this->rebuild_tree($row['fam_id'], $right); } // we've got the left value, and now that we've processed // the children of this node we also know the right value $sql = "UPDATE family SET fam_left=$left, fam_right=$right WHERE fam_id=$parent"; // echo "$sql
"; mysql_query($sql); // return the right value of this node + 1 return $right+1; } function ToggleSitemap($famid,$status){ $famid = addslashes($famid); $status = addslashes($status); if($status==1){ $newstatus = 0; $newstatus_text = 'no sitemap'; } else{ $newstatus = 1; $newstatus_text = 'in sitemap'; } $this->GetRevisions($famid); $row = $this->fetch_row(); $this->log->AddLogItem($_SESSION['sess_userid'],"Set '" . $row['con_title'] . "' to $newstatus_text"); $sql = "update family set fam_sitemap=$newstatus where fam_id=$famid"; return $this->db->DoUpdate($sql); } function ToggleActive($famid,$status){ $famid = addslashes($famid); $status = addslashes($status); if($status==1){ $newstatus = 0; $newstatus_text = 'inactive'; } else{ $newstatus = 1; $newstatus_text = 'active'; } $this->GetRevisions($famid); $row = $this->fetch_row(); $this->log->AddLogItem($_SESSION['sess_userid'],"Set '" . $row['con_title'] . "' to $newstatus_text"); $sql = "update family set fam_active=$newstatus where fam_id=$famid"; return $this->db->DoUpdate($sql); } function ToggleRevision($conid,$famid){ $conid = addslashes($conid); $famid = addslashes($famid); $sql = "update content set con_active=0 where con_id!=$conid and con_fam_id=$famid"; $this->db->DoUpdate($sql); $this->GetRevisions($famid); $row = $this->fetch_row(); $this->log->AddLogItem($_SESSION['sess_userid'],"Toggled revision of '" . $row['con_title'] . "' active"); $sql = "update content set con_active=1 where con_id=$conid"; return $this->db->DoUpdate($sql); } function ToggleSecure($famid,$status){ $famid = addslashes($famid); $status = addslashes($status); if($status==1){ $newstatus = 0; $newstatus_text = 'open'; } else{ $newstatus = 1; $newstatus_text = 'secure'; } $this->GetRevisions($famid); $row = $this->fetch_row(); $this->log->AddLogItem($_SESSION['sess_userid'],"Set '" . $row['con_title'] . "' to $newstatus_text"); $sql = "update family set fam_secure=$newstatus where fam_id=$famid"; return $this->db->DoUpdate($sql); } function ToggleMenu($famid,$status){ $famid = addslashes($famid); $status = addslashes($status); if($status==1){ $newstatus = 0; $newstatus_text = 'not in menu'; } else{ $newstatus = 1; $newstatus_text = 'in menu'; } $this->GetRevisions($famid); $row = $this->fetch_row(); $this->log->AddLogItem($_SESSION['sess_userid'],"Set '" . $row['con_title'] . "' to $newstatus_text"); $sql = "update family set fam_menu=$newstatus where fam_id=$famid"; return $this->db->DoUpdate($sql); } function ToggleLock($famid,$status){ $famid = addslashes($famid); $status = addslashes($status); if($status==1){ $newstatus = 0; $newstatus_text = 'unlocked'; } else{ $newstatus = 1; $newstatus_text = 'locked'; } $this->GetRevisions($famid); $row = $this->fetch_row(); $this->log->AddLogItem($_SESSION['sess_userid'],"Set '" . $row['con_title'] . "' to $newstatus_text"); $sql = "update family set fam_lock=$newstatus where fam_id=$famid"; return $this->db->DoUpdate($sql); } function DeleteContent($famid){ $famid = addslashes($famid); $this->GetRevisions($famid); $row = $this->fetch_row(); $this->log->AddLogItem($_SESSION['sess_userid'],"Deleted '" . $row['con_title'] . "'"); // delete content $sql = "delete from content where con_fam_id=$famid"; $this->db->DoUpdate($sql); // delete family $sql = "delete from family where fam_id=$famid"; return $this->db->DoUpdate($sql); } function DeleteRevision($conid){ $conid = addslashes($conid); $this->GetContentByID($conid); $row = $this->fetch_row(); $this->log->AddLogItem($_SESSION['sess_userid'],"Deleted revision of '" . $row['con_title'] . "'"); $sql = "delete from content where con_id=$conid"; return $this->db->DoUpdate($sql); } /************************************************ usergroup to family **************************************************/ function AddUserGroupToFamily($ugid,$famid){ $ugid = addslashes($ugid); $famid = addslashes($famid); $sql = "insert into ug_to_family (ugf_ug_id,ugf_fam_id) values ($ugid,$famid)"; return $this->db->DoInsert($sql); } function DeleteUserGroupToFamily($ugid,$famid){ $ugid = addslashes($ugid); $famid = addslashes($famid); $sql = "delete from ug_to_family where ugf_ug_id=$ugid and ugf_fam_id=$famid"; return $this->db->DoUpdate($sql); } function GetUserGroupToFamily($ugid,$famid){ $ugid = addslashes($ugid); $famid = addslashes($famid); $sql = "select ugf_id from ug_to_family where ugf_ug_id=$ugid and ugf_fam_id=$famid"; // will return 0 if not able to edit, 1 or more if can edit return $this->db->DoQuery($sql); } function GetUserGroupsToFamily($famid){ $famid = addslashes($famid); $sql = "select * from ug_to_family,usergroup where ug_id=ugf_ug_id and ugf_fam_id=$famid"; return $this->db->DoQuery($sql); } /************************************************ user to family **************************************************/ function AddUserToFamily($userid,$famid){ $userid = addslashes($userid); $famid = addslashes($famid); $sql = "insert into user_to_family (uf_user_id,uf_fam_id) values ($userid,$famid)"; return $this->db->DoInsert($sql); } function DeleteUserToFamily($userid,$famid){ $userid = addslashes($userid); $famid = addslashes($famid); $sql = "delete from user_to_family where uf_user_id=$userid and uf_fam_id=$famid"; return $this->db->DoUpdate($sql); } function GetUserToFamily($uid,$famid){ $uid = addslashes($uid); $famid = addslashes($famid); $sql = "select uf_id from user_to_family where uf_user_id=$uid and uf_fam_id=$famid"; // will return 0 if not able to edit, 1 or more if can edit return $this->db->DoQuery($sql); } function GetUsersToFamily($famid){ $famid = addslashes($famid); $sql = "select * from user_to_family,user where user_id=uf_user_id and uf_fam_id=$famid"; return $this->db->DoQuery($sql); } function CanEdit($uid,$ugid,$famid){ $uid = addslashes($uid); $ugid = addslashes($ugid); $famid = addslashes($famid); if($ugid==7) return true; // first check usergroup $result = $this->GetUserGroupToFamily($ugid,$famid); // if the ug can't edit, check the user if($result==0) $result = $this->GetUserToFamily($uid,$famid); // return false if no results... if($result==0) return false; else return true; } /******************************** module functions *******************************/ function isModule($fid){ $fid = addslashes($fid); $sql = "select fam_module from family where fam_id=$fid"; $this->db->DoQuery($sql); $row = $this->fetch_row(); if($row['fam_module']==1) return true; else return false; } function getModulePath($fid){ $fid = addslashes($fid); $sql = "select fam_module_path from family where fam_id=$fid"; $this->db->DoQuery($sql); $row = $this->fetch_row(); return $row['fam_module_path']; } /********************************************* db functions *********************************************/ function movefirst(){ return $this->db->movefirst(); } function fetch_row(){ return $this->db->fetch_row(); } function db_close(){ return $this->db->close(); } } // end userClass Class ?>dbhost = $dbhost; $this->user = $user; $this->pass = $pass; $this->dbName = $dbName; $this->link_id = mysql_connect($this->dbhost,$this->user,$this->pass); if(!$this->link_id){ $this->MYSQL_ERRNO = 0; $this->MYSQL_ERROR = "Connection Failed to the host $this->dbhost"; } else if(empty($this->dbName)){ $this->MYSQL_ERRNO = mysql_errno(); $this->MYSQL_ERROR = mysql_error(); } else if(!mysql_select_db($this->dbName)){ $this->MYSQL_ERRNO = mysql_errno(); $this->MYSQL_ERROR = mysql_error(); } } function sql_error(){ global $MYSQL_ERRNO, $MYSQL_ERROR; if(empty($this->MYSQL_ERROR)){ $this->MYSQL_ERRNO = mysql_errno(); $this->MYSQL_ERROR = mysql_error(); } return "$this->MYSQL_ERRNO: $this->MYSQL_ERROR"; } function DoQuery($sql){ // run query // echo "$sql
"; $this->result = mysql_query($sql,$this->link_id) or die($sql); // return the number of rows... return mysql_num_rows($this->result); } function DoUpdate($sql){ // echo "sql
"; $this->result = mysql_query($sql,$this->link_id) or die ("Update Failed"); return $this->result; } function DoInsert($sql){ // echo "$sql
"; $this->result = mysql_query($sql,$this->link_id); $recid = mysql_insert_id($this->link_id); return $recid; } function fetch_row(){ return mysql_fetch_array($this->result); } function movefirst(){ return mysql_data_seek($this->result, 0); } function install($filename){ $filepointer = fopen($filename,'rb'); if($filepointer){ $full_line = ''; while(!feof($filepointer)){ //Get the line and its length $line = rtrim(fgets($filepointer)); $line_length = strlen($line); //Append to the 'full line'...used for //multi-line statements. $sql .= $line; //If the line starts with an SQL comment, drop it. if(substr($line,0,2)=='--'){ $sql = ''; continue; } if(substr($line,$line_length - 1,1)==';'){ //End of statement $this->DoInsert($sql); $sql = ''; } } } } function db_close(){ mysql_close($this->link_id); } } // end DBClass Class ?>db = $this->GetClone($db); $this->log = $log; $this->tp = $tp; $this->settings = $settings; } function GetClone ($db) { if (substr(phpversion(), 0, 1) == 5){ return $this->db = clone($db); } else{ $this->db = $db; } } function DoHook($hook,$content){ // build the variable list foreach($_REQUEST as $key => $value){ $vars[$key] = $value; } $this->GetHookActiveFilters($hook); while($row = $this->fetch_row()){ include_once($this->settings['path_to_filters'] . $row['filt_name'] . '/filter.php'); $func = 'Do' . $row['filt_name'] . 'Filter'; $content = $func($this->db,$this->log,$this->tp,$content,$this->settings,$row['filt_settings'],$vars); } return $content; } function EditOrder($filtid,$order){ $filtid = addslashes($filtid); $order = addslashes($order); $sql = "update filter set filt_order=$order where filt_id=$filtid"; return $this->db->DoUpdate($sql); } function GetHookActiveFilters($hook){ $hook = addslashes($hook); $sql = "select * from filter,filter_to_hook,hook where "; $sql.= "fh_hook_id=hook_id and fh_filt_id=filt_id and "; $sql.= "hook_name='$hook' and filt_active=1 order by filt_order"; return $this->db->DoQuery($sql); } function GetHookFilters($hook){ $hook = addslashes($hook); $sql = "select * from filter,filter_to_hook,hook where "; $sql.= "fh_hook_id=hook_id and fh_filt_id=filt_id and "; $sql.= "hook_name='$hook' order by filt_order"; return $this->db->DoQuery($sql); } function GetFilterList(){ $this->tp->SetFile($this->settings['admin_base_path'] . $this->settings['admin_skin_path'] . 'cms/filter-row.tpl.php'); // get the contents of the path_filters directory $dir = dir($this->settings['path_to_filters']); while(false !== ($e = $dir->read())){ $sql = "select * from filter where filt_name='$e'"; $installed = $this->db->DoQuery($sql); $row = $this->fetch_row(); if($e!='.' && $e!= '..'){ if(file_exists($this->settings['path_to_filters'] . $e . '/' . $e . '.class.php')){ include_once($this->settings['path_to_filters'] . $e . '/' . $e . '.class.php'); $params['db'] = $this->db; $func = $e . 'FilterClass'; $myobj = new $func($params); if($installed){ $funcname = $e . '_uninstall'; if(method_exists($myobj,$funcname)){ $row['istatus'] = 'Uninstall'; } else{ $row['istatus'] = 'Uninstall'; } } else{ $funcname = $e . '_install'; if(method_exists($myobj,$funcname)){ $row['istatus'] = 'Install'; } else{ $row['istatus'] = 'Install'; } } } else{ $row['istatus'] = 'Uninstall'; } if($row['filt_active']==1){ $row['status'] = 'Active'; } elseif($row['filt_active']==0 && $row['filt_name']==$e){ $row['status'] = 'InActive'; } else{ $row['status'] = ' '; } if($row['filt_id']!=''){ $row['settings'] = 'Settings'; } else{ $row['settings'] = ' '; } if($row['filt_name'] == $e){ $row['name'] = ''; $row['name'].= '' . $e . ''; } else{ $row['name'] = ''; $row['name'].= $e; } $row['filt_name'] = $e; $t['filter-rows'].= $this->tp->ParseTemplate($row); } } $this->tp->SetFile($this->settings['admin_base_path'] . $this->settings['admin_skin_path'] . 'cms/filter-table.tpl.php'); $content = $this->tp->ParseTemplate($t); return $content; } function GetFilter($filtid){ $filtid = addslashes($filtid); $sql = "select * from filter where filt_id=$filtid"; return $this->db->DoQuery($sql); } function SetSettings($filtid,$settings){ $filtid = addslashes($filtid); $settings = addslashes($settings); $sql = "update filter set filt_settings='$settings' where filt_id=$filtid"; return $this->db->DoUpdate($sql); } function GetHooks(){ $sql = "select * from hook"; return $this->db->DoQuery($sql); } function CheckFilterHook($filtid,$hookid){ $filtid = addslashes($filtid); $hookid = addslashes($hookid); $sql = "select * from filter,filter_to_hook where fh_filt_id=$filtid and filt_id=$filtid and fh_hook_id=$hookid"; return $this->db->DoQuery($sql); } function RemoveFilterHooks($filtid){ $filtid = addslashes($filtid); $sql = "delete from filter_to_hook where fh_filt_id=$filtid"; return $this->db->DoUpdate($sql); } function AddFilterHook($filtid,$hookid){ $filtid = addslashes($filtid); $hookid = addslashes($hookid); $sql = "insert into filter_to_hook (fh_filt_id,fh_hook_id) values ($filtid,$hookid)"; return $this->db->DoInsert($sql); } function ToggleFilter($filtid,$status){ $filtid = addslashes($filtid); if($status==1) $nstatus = 0; else $nstatus = 1; $sql = "update filter set filt_active=$nstatus where filt_id=$filtid"; return $this->db->DoUpdate($sql); } /********************************************* db functions *********************************************/ function movefirst(){ return $this->db->movefirst(); } function fetch_row(){ return $this->db->fetch_row(); } function db_close(){ return $this->db->close(); } } // end userClass Class ?>db = $db; $this->log = $log; $this->tp = $tp; $this->settings = $settings; } function DoModule($module,$filename){ $this->GetModule($module); $row = $this->fetch_row(); if($row['mod_active']==1){ include_once($this->settings['path_to_modules'] . "$module/module.php"); $func = 'Do' . $module . 'Module'; $content = $func($this->db,$this->log,$this->tp,$this->settings,$filename); } return $content; } function GetModules($mod){ // find all the installed modules $mod = addslashes($mod); $this->tp->SetFile($this->settings['admin_base_path'] . $this->settings['admin_skin_path'] . 'cms/content-option-module.tpl.php'); $sql = "select * from module where mod_active=1 order by mod_name"; $this->db->DoQuery($sql); while($p = $this->db->fetch_row()){ if(strtolower($mod) == $p['mod_name']) $p['mod_selected'] = 'selected'; else $p['mod_selected'] = ''; $content.= $this->tp->ParseTemplate($p); } return $content; } function ListModules(){ $sql = "select * from module order by mod_name"; return $this->db->DoQuery($sql); } function GetModule($module){ $module = addslashes($module); $sql = "select * from module where mod_name='$module'"; return $this->db->DoQuery($sql); } function GetModuleByID($mid){ $mid = addslashes($mid); $sql = "select * from module where mod_id=$mid"; return $this->db->DoQuery($sql); } function GetModuleList(){ $modcount = 0; $d = dir($this->settings['path_to_modules']); $this->tp->SetFile($this->settings['admin_base_path'] . $this->settings['admin_skin_path'] . 'cms/module-row.tpl.php'); while (false !== ($entry = $d->read())) { if(is_dir($d->path . '/' . $entry) && $entry != '.' && $entry !='..'){ $mods[] = $entry; $modcount++; } } $d->close(); sort($mods); for($i=0;$i<$modcount;$i++){ if($this->GetModule($mods[$i])>0){ // the module is installed! $p = $this->fetch_row(); $modname = $p['mod_name']; $p['mod_url'] = '../modules/module.php?module=' . $mods[$i] . '&page=admin.php'; $p['mod_name'] = '' . $p['mod_name'] . ''; if($p['mod_active']==1) $p['status'] = 'Active'; else $p['status'] = 'InActive'; $p['settings'] = 'Settings'; $p['status'] = '' . $p['status'] . ''; // check for an uninstall method if(file_exists($this->settings['path_to_modules'] . $mods[$i] . '/' . $mods[$i] . '.class.php')){ include_once($this->settings['path_to_modules'] . $mods[$i] . '/' . $mods[$i] . '.class.php'); $func = $mods[$i] . 'ModuleClass'; $myobj = new $func($this->db,$this->log,$this->tp,$this->settings,$dummy); $funcname = $mods[$i] . '_uninstall'; if(method_exists($myobj,$funcname)){ $p['action'] = 'Uninstall'; } else{ $p['action'] = 'Uninstall'; } } else{ $p['action'] = 'Uninstall'; } } else{ // module isn't installed // check for an install method // check for an uninstall method $p['mod_name'] = $mods[$i]; $p['settings'] = ' '; $p['status'] = ' '; if(file_exists($this->settings['path_to_modules'] . $mods[$i] . '/' . $mods[$i] . '.class.php')){ include_once($this->settings['path_to_modules'] . $mods[$i] . '/' . $mods[$i] . '.class.php'); $func = $mods[$i] . 'ModuleClass'; $myobj = new $func($this->db,$this->log,$this->tp,$this->settings,$dummy); $funcname = $mods[$i] . '_install'; if(method_exists($myobj,$funcname)){ $p['action'] = 'Install'; } else{ $p['action'] = 'Install'; } } else{ $p['action'] = 'Install'; } } $t['module-rows'].= $this->tp->ParseTemplate($p); } $this->tp->SetFile($this->settings['admin_base_path'] . $this->settings['admin_skin_path'] . 'cms/module-table.tpl.php'); $content = $this->tp->ParseTemplate($t); return $content; } function ToggleModule($modid,$status){ $modid = addslashes($modid); if($status==1) $nstatus = 0; else $nstatus = 1; $sql = "update module set mod_active=$nstatus where mod_id=$modid"; return $this->db->DoUpdate($sql); } function SetSettings($mid,$settings){ $mid = addslashes($mid); $settings = addslashes($settings); $sql = "update module set mod_settings='$settings' where mod_id=$mid"; return $this->db->DoUpdate($sql); } /********************************************* db functions *********************************************/ function movefirst(){ return $this->db->movefirst(); } function fetch_row(){ return $this->db->fetch_row(); } function db_close(){ return $this->db->close(); } } // end userClass Class ?>db=$db; } function AddLogItem($userid,$action){ $userid = addslashes($userid); $action = addslashes($action); $sql = "insert into log (log_user_id,log_action,log_date) "; $sql.= "values ($userid,'$action',NOW())"; return $this->db->DoInsert($sql); } function GetRecentLogs(){ $sql = "select user_name,date_format(log_date,'%m/%d/%Y %l:%i %p') as log_date_f,log_action "; $sql.= "from log,user where log_user_id=user_id order by log_date desc limit 0,30"; return $this->db->DoQuery($sql); } function GetLog($userid=0,$start='',$end=''){ $userid = addslashes($userid); $start = addslashes($start); $end = addslashes($end); $sql = "select user_name,date_format(log_date,'%m/%d/%Y %l:%i %p') as log_date_f,log_action from log,user where log_user_id=user_id "; if($userid!=0) $sql.= "and log_user_id=$userid "; if($start!='' && $end!='') $sql.= "and log_date between '$start' and '$end'"; elseif($start!='') $sql.= "and log_date > '$start'"; elseif($end!='') $sql.= "and log_date < '$end'"; return $this->db->DoQuery($sql); } /********************************************* db functions *********************************************/ function movefirst(){ return $this->db->movefirst(); } function fetch_row(){ return $this->db->fetch_row(); } function db_close(){ return $this->db->close(); } } // end userClass Class ?>db = $db; $this->log = $log; } function GetPages(){ $sql = "select * from security order by sec_filename"; return $this->db->DoQuery($sql); } function GetPage($pid){ $pid = addslashes($pid); $sql = "select * from security where sec_id=$pid"; return $this->db->DoQuery($sql); } function IsAllowed($userid,$usergroup,$filename){ $userid = addslashes($userid); $usergroup = addslashes($usergroup); $filename = addslashes($filename); // first SEE if the userlevel is allowed to access this page $sql = "select * from security,security_to_usergroup where "; $sql.= "stu_sec_id=sec_id and stu_ug_id=$usergroup and sec_filename='$filename'"; $result = $this->db->DoQuery($sql); if($result>0){ // the usergroup is allowed to access this page! return true; } else{ // since the usergroup can't access this page, lets see if the // individual user can. $sql = "select * from security,security_to_user where "; $sql.= "stuser_user_id=$userid and stuser_sec_id=sec_id and sec_filename='$filename'"; $result = $this->db->DoQuery($sql); if($result>0){ return true; } } return false; } function GetUserGroup($ugid){ $ugid = addslashes($ugid); $sql = "select * from usergroup where ug_id=$ugid"; return $this->db->DoQuery($sql); } function GetPageLevels($secid){ $secid = addslashes($secid); $sql = "select * from security_to_usergroup,usergroup where ug_id=stu_ug_id and stu_sec_id=$secid"; return $this->db->DoQuery($sql); } function GetPageLevel($stuid){ $secid = addslashes($stuid); $sql = "select * from security_to_usergroup,usergroup,security where sec_id=stu_sec_id and ug_id=stu_ug_id and stu_id=$stuid"; return $this->db->DoQuery($sql); } function GetAllowed($secid){ $secid = addslashes($secid); $sql = "select * from security_to_user,user where stuser_user_id=user_id and stuser_sec_id=$secid"; return $this->db->DoQuery($sql); } function AddPageLevel($secid,$usergroup){ $secid = addslashes($secid); $usergroup = addslashes($usergroup); $this->GetUserGroup($usergroup); $row = $this->fetch_row(); $ugname = $row['ug_name']; $this->GetPage($secid); $row = $this->fetch_row(); $filename = $row['sec_filename']; $this->log->AddLogItem($_SESSION['sess_userid'],"Added page usergroup '$ugname' to '$filename'"); $sql = "insert into security_to_usergroup (stu_sec_id,stu_ug_id) "; $sql.= "values ($secid,$usergroup)"; return $this->db->DoInsert($sql); } function DeletePageLevel($stuid){ $stuid = addslashes($stuid); $this->GetPageLevel($stuid); $row = $this->fetch_row(); $ugname = $row['ug_name']; $filename = $row['sec_filename']; $this->log->AddLogItem($_SESSION['sess_userid'],"Deleted page usergroup '$ugname' to '$filename'"); $sql = "delete from security_to_usergroup where stu_id=$stuid"; return $this->db->DoUpdate($sql); } function GetUser($userid){ $userid = addslashes($userid); $sql = "select * from user where user_id=$userid"; return $this->db->DoQuery($sql); } function AddAllowed($secid,$userid){ $secid = addslashes($secid); $userid = addslashes($userid); $this->GetUser($userid); $row = $this->fetch_row(); $username = $row['user_name']; $this->GetPage($secid); $row = $this->fetch_row(); $filename = $row['sec_filename']; $this->log->AddLogItem($_SESSION['sess_userid'],"Added page user '$username' to '$filename'"); $sql = "insert into security_to_user (stuser_user_id,stuser_sec_id) "; $sql.= "values ($userid,$secid)"; return $this->db->DoInsert($sql); } function GetAllowedByID($stuserid){ $stuserid = addslashes($stuserid); $sql = "select * from security_to_user,security,user where stuser_sec_id=sec_id and stuser_user_id=user_id and stuser_id=$stuserid"; return $this->db->DoQuery($sql); } function DeleteAllowed($stuserid){ $stuserid = addslashes($stuserid); $this->GetAllowedByID($stuserid); $row = $this->fetch_row(); $username = $row['user_name']; $filename = $row['sec_filename']; $this->log->AddLogItem($_SESSION['sess_userid'],"Deleted page user '$username' to '$filename'"); $sql = "delete from security_to_user where stuser_id=$stuserid"; return $this->db->DoUpdate($sql); } function GetAllowedUserGroups($pageid){ $pageid = addslashes($pageid); $sql = "select * from security_to_usergroup,usergroup where stu_ug_id=ug_id and stu_sec_id=$pageid"; return $this->db->DoQuery($sql); } function GetAllowedUsers($pageid){ $pageid = addslashes($pageid); $sql = "select * from security_to_user,user where stuser_user_id=user_id and stuser_sec_id=$pageid"; return $this->db->DoQuery($sql); } function IsUserGroupAllowed($ugid,$fid){ $ugid = addslashes($ugid); $fid = addslashes($fid); $sql = "select * from ug_to_family where ugf_ug_id=$ugid and ugf_fam_id=$fid"; return $this->db->DoQuery($sql); } function IsUserAllowed($uid,$fid){ $uid = addslashes($uid); $fid = addslashes($fid); $sql = "select * from user_to_family where uf_user_id=$uid and uf_fam_id=$fid"; return $this->db->DoQuery($sql); } function IsUserGroupAllowedModule($ugid,$mname){ $ugid = addslashes($ugid); $mname = addslashes($mname); $sql = "select * from ug_to_module where ugm_usergroup_id=$ugid and ugm_module='$mname'"; return $this->db->DoQuery($sql); } function IsUserAllowedModule($uid,$mname){ $uid = addslashes($uid); $mname = addslashes($mname); $sql = "select * from user_to_module where um_user_id=$uid and um_module='$mname'"; return $this->db->DoQuery($sql); } function GetFamily($cid){ $cid = addslashes($cid); $sql = "select con_fam_id from content where con_id=$cid"; $this->db->DoQuery($sql); $row = $this->fetch_row(); return $row['con_fam_id']; } function AddPage($filename){ $filename = addslashes($filename); $this->log->AddLogItem($_SESSION['sess_userid'],"Added page '$filename'"); $sql = "insert into security (sec_filename) values ('$filename')"; return $this->db->DoInsert($sql); } function EditPage($pid,$filename){ $pid = addslashes($pid); $filename = addslashes($filename); $this->log->AddLogItem($_SESSION['sess_userid'],"Edited page '$filename'"); $sql = "update security set sec_filename='$filename' where sec_id=$pid"; return $this->db->DoUpdate($sql); } /********************************************* db functions *********************************************/ function movefirst(){ return $this->db->movefirst(); } function fetch_row(){ return $this->db->fetch_row(); } function db_close(){ return $this->db->close(); } } // end userClass Class ?>db=$db; } function GetSettings(){ $sql = "select * from settings"; $result = $this->db->DoQuery($sql); $row = $this->fetch_row(); return unserialize(stripslashes($row['set_settings'])); } function EditSettings($settings){ $settings = addslashes(serialize($settings)); $sql = "update settings set set_settings='$settings'"; return $this->db->DoUpdate($sql); } function AddSettings($settings){ $settings = addslashes(serialize($settings)); $sql = "insert into settings (set_settings) values ('$settings')"; return $this->db->DoInsert($sql); } /********************************************* db functions *********************************************/ function movefirst(){ return $this->db->movefirst(); } function fetch_row(){ return $this->db->fetch_row(); } function db_close(){ return $this->db->close(); } } // end settingsClass Class ?>db=$db; $this->log=$log; } function GetCustomTags(){ $sql = "select * from custom order by custom_tag"; return $this->db->DoQuery($sql); } function GetCustomTag($cid){ $cid = addslashes($cid); $sql = "select * from custom where custom_id=$cid"; return $this->db->DoQuery($sql); } function AddCustomTag($tag,$text){ $tag = addslashes($tag); $text = addslashes($text); $sql = "insert into custom (custom_tag,custom_text"; $sql.= ") values ("; $sql.= "'$tag','$text')"; return $this->db->DoInsert($sql); } function EditCustomTag($cid,$tag,$text){ $cid = addslashes($cid); $tag = addslashes($tag); $text = addslashes($text); $sql = "update custom set custom_tag='$tag',custom_text='$text' "; $sql.= "where custom_id=$cid"; return $this->db->DoUpdate($sql); } function DeleteCustomTag($cid){ $cid = addslashes($cid); $sql = "delete from custom where custom_id=$cid"; return $this->db->DoUpdate($sql); } function DoCustomTags($content){ // find the custom tags... $this->GetCustomTags(); while($row = $this->fetch_row()){ if(strstr($content,$row['custom_tag'])!==false){ ob_start(); eval("?>" . $row['custom_text']); $tag = ob_get_contents(); ob_end_clean(); $content = str_replace($row['custom_tag'],$tag,$content); } } return $content; } /********************************************* db functions *********************************************/ function movefirst(){ return $this->db->movefirst(); } function fetch_row(){ return $this->db->fetch_row(); } function db_close(){ return $this->db->close(); } } // end userClass Class ?>db=$db; $this->log=$log; } function GetUser($userid){ $userid = addslashes($userid); $sql = "select * from user where user_id = $userid"; return $this->db->DoQuery($sql); } function GetUserByUsername($username){ $username = addslashes($username); $sql = "select * from user where user_email='$username'"; return $this->db->DoQuery($sql); } function DeleteUser($userid){ $userid = addslashes($userid); $this->GetUser($userid); $row = $this->fetch_row(); $this->log->AddLogItem($_SESSION['sess_userid'],"Deleted user '" . $row['user_name'] . "'"); $sql = "delete from user where user_id=$userid"; return $this->db->DoUpdate($sql); } function GetUsers($ugid){ $ugid = addslashes($ugid); $sql = "select * from user where user_userlevel=$ugid order by user_name"; return $this->db->DoQuery($sql); } function GetAllUsers(){ $sql = "select * from user order by user_name"; return $this->db->DoQuery($sql); } function GetLogin($username,$password){ $username = addslashes($username); $password = addslashes($password); $sql = "select * from user where user_name='$username' and user_pass='$password'"; return $this->db->DoQuery($sql); } function GetLoginByEmail($email,$password){ $email = addslashes($email); $password = addslashes($password); $sql = "select * from user where user_email='$email' and user_pass='$password'"; return $this->db->DoQuery($sql); } function FindPassword($email){ $email = addslashes($email); $sql = "select * from user where user_email='$email'"; return $this->db->DoQuery($sql); } function FindUsername($email){ $email = addslashes($email); $sql = "select * from user where user_email='$email'"; return $this->db->DoQuery($sql); } function AddUser($name,$pass,$userlevel,$fname,$lname,$email,$phone,$city,$state,$country,$active,$faddress,$saddress,$zip,$tier){ $name = addslashes($name); $pass = addslashes($pass); $userlevel = addslashes($userlevel); $fname = addslashes($fname); $lname = addslashes($lname); $email = addslashes($email); $phone = addslashes($phone); $city = addslashes($city); $state = addslashes($state); $country = addslashes($country); $active = addslashes($active); $faddress = addslashes($faddress); $saddress = addslashes($saddress); $zip = addslashes($zip); $tier = addslashes($tier); // first check uniqueness of username $sql = "select user_id from user where user_email='$email'"; $result = $this->db->DoQuery($sql); if($result==0){ $this->log->AddLogItem($_SESSION['sess_userid'],"Added user '$name'"); $sql = "insert into user (user_name,user_pass,user_userlevel,user_fname,user_lname,"; $sql.= "user_email,user_phone,user_city,user_state,user_country,user_active,user_created,"; $sql.= "user_faddress,user_saddress,user_zip,user_price_tier"; $sql.= ") values ("; $sql.= "'$name','$pass',$userlevel,'$fname','$lname',"; $sql.= "'$email','$phone','$city','$state','$country',$active,NOW(),"; $sql.= "'$faddress','$saddress','$zip',$tier)"; return $this->db->DoInsert($sql); exit; } return 0; } function EditUser($userid,$name,$userlevel,$fname,$lname,$email,$phone,$city,$state,$country,$active,$faddress,$saddress,$zip,$tier){ $userid = addslashes($userid); $name = addslashes($name); $userlevel = addslashes($userlevel); $fname = addslashes($fname); $lname = addslashes($lname); $email = addslashes($email); $phone = addslashes($phone); $city = addslashes($city); $state = addslashes($state); $country = addslashes($country); $active = addslashes($active); $faddress = addslashes($faddress); $saddress = addslashes($saddress); $zip = addslashes($zip); $tier = addslashes($tier); $sql = "update user set user_name='$name',user_userlevel=$userlevel,user_fname='$fname',"; $sql.= "user_lname='$lname',user_email='$email',user_phone='$phone',user_city='$city',"; $sql.= "user_state='$state',user_country='$country',user_active=$active,"; $sql.= "user_faddress='$faddress',user_saddress='$saddress',user_zip='$zip',user_price_tier='$tier' "; $sql.= "where user_id=$userid"; // echo "$sql
"; $this->log->AddLogItem($_SESSION['sess_userid'],"Edited user '$name'"); return $this->db->DoUpdate($sql); } function EditUserSelf($userid,$fname,$lname,$email,$phone,$city,$state,$country){ $userid = addslashes($userid); $fname = addslashes($fname); $lname = addslashes($lname); $email = addslashes($email); $phone = addslashes($phone); $city = addslashes($city); $state = addslashes($state); $country = addslashes($country); $sql = "update user set user_fname='$fname',"; $sql.= "user_lname='$lname',user_email='$email',user_phone='$phone',user_city='$city',"; $sql.= "user_state='$state',user_country='$country' "; $sql.= "where user_id=$userid"; return $this->db->DoUpdate($sql); } function SetPassword($userid,$password){ $userid = addslashes($userid); $password = addslashes($password); $this->GetUser($userid); $row = $this->fetch_row(); $this->log->AddLogItem($_SESSION['sess_userid'],"Changing Password for user '" . $row['user_name'] . "'"); $sql = "update user set user_pass='$password' where user_id=$userid"; return $this->db->DoUpdate($sql); } function SetStatus($userid,$currentStatus){ $userid = addslashes($userid); if($currentStatus==1){ $newstatus = 0; $newstatus_text = 'inactive'; } else{ $newstatus = 1; $newstatus_text = 'active'; } $this->GetUser($userid); $row = $this->fetch_row(); $this->log->AddLogItem($_SESSION['sess_userid'],"Changing status for user '" . $row['user_name'] . "' to $newstatus_text"); $sql = "update user set user_active=$newstatus where user_id=$userid"; $result = $this->db->DoUpdate($sql); } // module stuff function ClearUserModules($uid){ $uid = addslashes($uid); $sql = "delete from user_to_module where um_user_id=$uid"; return $this->db->DoUpdate($sql); } function AddUserModule($uid,$mname){ $uid = addslashes($uid); $mname = addslashes($mname); $sql = "insert into user_to_module (um_user_id,um_module) values ($uid,'$mname')"; return $this->db->DoInsert($sql); } /********************************* user groups ****************************/ function GetUserGroups(){ $sql = "select * from usergroup order by ug_name"; return $this->db->DoQuery($sql); } function GetUserGroup($ugid){ $ugid = addslashes($ugid); $sql = "select * from usergroup where ug_id=$ugid"; return $this->db->DoQuery($sql); } function AddUserGroup($name){ $name = addslashes($name); $this->log->AddLogItem($_SESSION['sess_userid'],"Added Usergroup '$name'"); $sql = "insert into usergroup (ug_name) values ('$name')"; return $this->db->DoInsert($sql); } function EditUserGroup($ugid,$name){ $ugid = addslashes($ugid); $name = addslashes($name); $this->log->AddLogItem($_SESSION['sess_userid'],"Edited Usergroup '$name'"); $sql = "update usergroup set ug_name='$name' where ug_id=$ugid"; return $this->db->DoUpdate($sql); } /********************************************* db functions *********************************************/ function movefirst(){ return $this->db->movefirst(); } function fetch_row(){ return $this->db->fetch_row(); } function db_close(){ return $this->db->close(); } } // end userClass Class ?>