1: <?php
  2: /**
  3:  * This file contains the backend class.
  4:  *
  5:  * @package Core
  6:  * @subpackage Backend
  7:  * @author Jan Lengowski
  8:  * @copyright four for business AG <www.4fb.de>
  9:  * @license http://www.contenido.org/license/LIZENZ.txt
 10:  * @link http://www.4fb.de
 11:  * @link http://www.contenido.org
 12:  */
 13: 
 14: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
 15: 
 16: /**
 17:  * This class controls all backend actions.
 18:  *
 19:  * @package Core
 20:  * @subpackage Backend
 21:  */
 22: class cBackend {
 23: 
 24:     /**
 25:      * Possible actions
 26:      *
 27:      * @var array
 28:      */
 29:     protected $_actions = array();
 30: 
 31:     /**
 32:      * Files
 33:      *
 34:      * @var array
 35:      */
 36:     protected $_files = array();
 37: 
 38:     /**
 39:      * Stores the frame number
 40:      *
 41:      * @var int
 42:      */
 43:     protected $_frame = 0;
 44: 
 45:     /**
 46:      * Errors
 47:      *
 48:      * @var array
 49:      */
 50:     protected $_errors = array();
 51: 
 52:     /**
 53:      * Save area
 54:      *
 55:      * @var string
 56:      */
 57:     protected $_area = '';
 58: 
 59:     /**
 60:      * Set the frame number in which the file is loaded.
 61:      *
 62:      * @param int $frame [optional]
 63:      *         as number
 64:      */
 65:     public function setFrame($frame = 0) {
 66:         $this->_frame = cSecurity::toInteger($frame);
 67:     }
 68: 
 69:     /**
 70:      * Loads all required data from the DB and stores it in the $_actions and
 71:      * $_files array.
 72:      *
 73:      * @param string $area
 74:      *         selected area
 75:      *
 76:      * @throws cDbException
 77:      * @throws cInvalidArgumentException
 78:      */
 79:     public function select($area) {
 80:         // Required global vars
 81:         global $cfg, $client, $lang, $db, $perm, $action;
 82:         global $idcat, $idtpl, $idmod, $idlay;
 83: 
 84:         if (isset($idcat)) {
 85:             $itemid = $idcat;
 86:         } elseif (isset($idtpl)) {
 87:             $itemid = $idtpl;
 88:         } elseif (isset($idmod)) {
 89:             $itemid = $idmod;
 90:         } elseif (isset($idlay)) {
 91:             $itemid = $idlay;
 92:         } else {
 93:             $itemid = 0;
 94:         }
 95: 
 96:         $itemid = cSecurity::toInteger($itemid);
 97:         $area = $db->escape($area);
 98: 
 99:         // Store Area
100:         $this->_area = $area;
101: 
102:         // extract actions
103:         $sql = 'SELECT
104:                     b.name AS name,
105:                     b.code AS code,
106:                     b.relevant as relevant_action,
107:                     a.relevant as relevant_area
108:                 FROM
109:                     ' . $cfg['tab']['area'] . ' AS a,
110:                     ' . $cfg['tab']['actions'] . " AS b
111:                 WHERE
112:                     a.name   = '" . $area . "' AND
113:                     b.idarea = a.idarea AND
114:                     a.online = '1'";
115: 
116:         // Check if the user has access to this area.
117:         // Yes -> Grant him all actions
118:         // No -> Grant him only action which are irrelevant (i.e. 'relevant' is 0)
119:         if (!$perm->have_perm_area_action($area)) {
120:             $sql .= " AND a.relevant = '0'";
121:         }
122: 
123:         $db->query($sql);
124: 
125:         while ($db->nextRecord()) {
126: 
127:             // Save the action only access to the desired action is granted.
128:             // If this action is relevant for rights check if the user has
129:             // permission to execute this action
130:             if ($db->f('relevant_action') == 1 && $db->f('relevant_area') == 1) {
131: 
132:                 if ($perm->have_perm_area_action_item($area, $db->f('name'), $itemid)) {
133:                     $this->_actions[$area][$db->f('name')] = $db->f('code');
134:                 }
135: 
136:                 if ($itemid == 0) {
137:                     // itemid not available, since its impossible the get the
138:                     // correct rights out
139:                     // we only check if userrights are given for these three
140:                     // items on any item
141:                     if ($action == 'mod_edit' || $action == 'tpl_edit' || $action == 'lay_edit') {
142:                         if ($perm->have_perm_area_action_anyitem($area, $db->f('name'))) {
143:                             $this->_actions[$area][$db->f('name')] = $db->f('code');
144:                         }
145:                     }
146:                 }
147:             } else {
148:                 $this->_actions[$area][$db->f('name')] = $db->f('code');
149:             }
150:         }
151: 
152:         $sql = 'SELECT
153:                     b.filename AS name,
154:                     b.filetype AS type,
155:                     a.parent_id AS parent_id
156:                 FROM
157:                     ' . $cfg['tab']['area'] . ' AS a,
158:                     ' . $cfg['tab']['files'] . ' AS b,
159:                     ' . $cfg['tab']['framefiles'] . " AS c
160:                 WHERE
161:                     a.name    = '" . $area . "' AND
162:                     b.idarea  = a.idarea AND
163:                     b.idfile  = c.idfile AND
164:                     c.idarea  = a.idarea AND
165:                     c.idframe = '" . $this->_frame . "' AND
166:                     a.online  = '1'";
167: 
168:         // Check if the user has access to this area.
169:         // Yes -> Extract all files
170:         // No -> Extract only irrelevant files (i.e. 'relevant' is 0)
171:         if (!$perm->have_perm_area_action($area)) {
172:             $sql .= " AND a.relevant = '0'";
173:         }
174: 
175:         $sql .= ' ORDER BY b.filename';
176: 
177:         $db->query($sql);
178: 
179:         while ($db->nextRecord()) {
180: 
181:             // Test if entry is a plug-in. If so don't add the Include path
182:             if (strstr($db->f('name'), '/')) {
183:                 $filepath = $cfg['path']['plugins'] . $db->f('name');
184:             } else {
185:                 $filepath = $cfg['path']['includes'] . $db->f('name');
186:             }
187: 
188:             // If filetype is Main AND parent_id is 0 file is a sub file
189:             if ($db->f('parent_id') != 0 && $db->f('type') == 'main') {
190:                 $this->_files['sub'][] = $filepath;
191:             }
192: 
193:             $this->_files[$db->f('type')][] = $filepath;
194:         }
195: 
196:         $actions = !empty($this->_actions[$this->_area]) ? $this->_actions[$this->_area] : [];
197:         $debug = "Files:\n" . print_r($this->_files, true) . "\n"
198:             . "Actions:\n" . print_r($actions, true) . "\n"
199:             . "Information:\n" . "Area: $area\n"
200:             . "Action: $action\n"
201:             . "Client: $client\n"
202:             . "Lang: $lang\n";
203:         cDebug::out($debug);
204: 
205:         $debug = $sql;
206:         cDebug::out($debug);
207: 
208:     }
209: 
210:     /**
211:      * Return code of action.
212:      * Checks if code file for given action exists. If so, read and return it
213:      * else return an empty string.
214:      *
215:      * @param string $action
216:      *         action to be read
217:      *
218:      * @return string
219:      *         code for given action
220:      *
221:      * @throws cInvalidArgumentException
222:      */
223:     public function getCode($action) {
224:         $actionCodeFile = cRegistry::getBackendPath() . 'includes/type/action/include.' . $action . '.action.php';
225:         if (cFileHandler::exists($actionCodeFile)) {
226:             return cFileHandler::read($actionCodeFile);
227:         }
228: 
229:         return '';
230:     }
231: 
232:     /**
233:      * Returns the specified file path.
234:      * Distinction between 'inc' and 'main' files.
235:      *
236:      * 'inc' => Required file like functions/classes etc.
237:      * 'main' => Main file
238:      *
239:      * @param string $which
240:      *         'inc' / 'main'
241:      * @return array
242:      */
243:     public function getFile($which) {
244:         if (isset($this->_files[$which]) && is_array($this->_files[$which])) {
245:             return $this->_files[$which];
246:         } else {
247:             return [];
248:         }
249:     }
250: 
251:     /**
252:      * Creates a log entry for the specified parameters.
253:      *
254:      * @param int        $idcat
255:      *         Category-ID
256:      * @param int        $idart
257:      *         Article-ID
258:      * @param int        $client
259:      *         Client-ID
260:      * @param int        $lang
261:      *         Language-ID
262:      * @param int|string $idaction
263:      *         Action (ID or canonical name)
264:      *
265:      * @throws cDbException
266:      * @throws cException
267:      * @throws cInvalidArgumentException
268:      */
269:     public function log($idcat, $idart, $client, $lang, $idaction) {
270:         global $perm, $auth;
271: 
272:         if (!cSecurity::isInteger($client)) {
273:             return;
274:         } elseif (!cSecurity::isInteger($lang)) {
275:             return;
276:         }
277: 
278:         $oDb = cRegistry::getDb();
279: 
280:         $timestamp = date('Y-m-d H:i:s');
281:         $idcatart = 0;
282: 
283:         $idcat = (int) $idcat;
284:         $idart = (int) $idart;
285:         $client = (int) $client;
286:         $lang = (int) $lang;
287:         $idaction = $oDb->escape($idaction);
288: 
289:         if ($idcat > 0 && $idart > 0) {
290:             $oCatArtColl = new cApiCategoryArticleCollection();
291:             $oCatArt = $oCatArtColl->fetchByCategoryIdAndArticleId($idcat, $idart);
292:             $idcatart = $oCatArt->get('idcatart');
293:         }
294: 
295:         $oldaction = $idaction;
296:         $idaction = $perm->getIDForAction($idaction);
297: 
298:         if ($idaction != '') {
299:             $oActionLogColl = new cApiActionlogCollection();
300:             $oActionLogColl->create($auth->auth['uid'], $client, $lang, $idaction, $idcatart, $timestamp);
301:         } else {
302:             echo $oldaction . ' is not in the actions table!<br><br>';
303:         }
304:     }
305: }
306: