1: <?php
  2:   3:   4:   5:   6:   7:   8:   9:  10:  11:  12:  13: 
 14: 
 15: if (!defined('CON_FRAMEWORK')) {
 16:     define('CON_FRAMEWORK', true);
 17: }
 18: 
 19: 
 20: include_once('./includes/startup.php');
 21: 
 22: cRegistry::bootstrap(array(
 23:     'sess' => 'cSession',
 24:     'auth' => 'Contenido_Challenge_Crypt_Auth',
 25:     'perm' => 'cPermission'
 26: ));
 27: 
 28: i18nInit($cfg['path']['contenido_locale'], $belang);
 29: 
 30: 
 31: $db = cRegistry::getDb();
 32: $db2 = cRegistry::getDb();
 33: 
 34: 
 35: $sSession = '';
 36: $sSessionTmp = '';
 37: 
 38: 
 39: $iSpeachId = $lang;
 40: $iSpeachIdTmp = NULL;
 41: 
 42: 
 43: $iSearchId = NULL;
 44: $iSearchIdTmp = 0;
 45: 
 46: 
 47: $sSearchStr = NULL;
 48: $sSearchStrTmp = '';
 49: 
 50: 
 51: $sSearchStrDateType = NULL;
 52: $sSearchStrDateTypeTmp = '';
 53: 
 54: 
 55: $sSearchStrDateFrom = NULL;
 56: $sSearchStrDateFromTmp = '';
 57: 
 58: 
 59: $sSearchStrDateTo = NULL;
 60: $sSearchStrDateToTmp = '';
 61: 
 62: $bLostAndFound = false;
 63: 
 64: $sWhere = '';
 65: 
 66: $iLangId = ((int) $lang > 0 ? (int) $lang : 1);
 67: 
 68: $sDateFormat = getEffectiveSetting('dateformat', 'date', 'Y-m-d');
 69: 
 70: $sLoadSubnavi = '';
 71: $iIdCat = 0;
 72: $iDisplayMenu = 0;
 73: $iIdTpl = 0;
 74: $sScript = '';
 75: 
 76: 
 77: if (isset($_POST[$sess->name])) {
 78:     $sSessionTmp = trim(strip_tags($_POST[$sess->name]));
 79: } elseif (isset($_GET[$sess->name])) {
 80:     $sSessionTmp = trim(strip_tags($_GET[$sess->name]));
 81: }
 82: if (cString::getStringLength($sSessionTmp) > 0) {
 83:     $sSession = $sSessionTmp;
 84: }
 85: 
 86: if (isset($_POST['speach'])) {
 87:     $iSpeachIdTmp = (int) $_POST['speach'];
 88:     if ((string) $iSpeachIdTmp === $_POST['speach']) {
 89:         $iSpeachId = $iSpeachIdTmp;
 90:     }
 91: }
 92: if (!empty($sSession)) {
 93:     
 94:     cRegistry::bootstrap(array(
 95:         'sess' => 'cSession',
 96:         'auth' => 'cAuthHandlerBackend',
 97:         'perm' => 'cPermission'
 98:     ));
 99:     i18nInit($cfg['path']['contenido_locale'], $belang);
100: } else {
101:     
102:     cRegistry::bootstrap(array(
103:         'sess' => 'cFrontendSession',
104:         'auth' => 'cAuthHandlerFrontend',
105:         'perm' => 'cPermission'
106:     ));
107: }
108: 
109: 
110: $sSortByValues = array('title', 'lastmodified', 'published', 'artsort');
111: $sSortBy = in_array($_POST['sortby'], $sSortByValues) ? $_POST['sortby'] : 'lastmodified';
112: $sSortMode = ($_POST['sortmode'] == 'asc') ? 'asc' : 'desc';
113: 
114: 115: 116: 117: 118: 119: 120: 
121: 
122: $sSaveTitle = 'save_title';
123: $sSaveId = 'save_id';
124: $sSaveDateFrom = 'save_date_from';
125: $sSaveDateFromYear = 'save_date_from_year';
126: $sSaveDateFromMonth = 'save_date_from_month';
127: $sSaveDateFromDay = 'save_date_from_day';
128: $sSaveDateTo = 'save_date_to';
129: $sSaveDateToYear = 'save_date_to_year';
130: $sSaveDateToMonth = 'save_date_to_month';
131: $sSaveDateToDay = 'save_date_to_day';
132: $sSaveDateField = 'save_date_field';
133: $sSaveAuthor = 'save_author';
134: $sSaveName = 'save_name';
135: $sType = 'savedsearch';  
136: $sRefreshScript = '';        
137: $sSaveSuccessfull = '';    
138: 
139: 
140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 
156: function generateJs($aValues) {
157:     if (is_array($aValues)) {
158:         global $sSaveTitle;
159:         global $sSaveId;
160:         global $sSaveDateFromYear;
161:         global $sSaveDateFromMonth;
162:         global $sSaveDateFromDay;
163:         global $sSaveDateToYear;
164:         global $sSaveDateToMonth;
165:         global $sSaveDateToDay;
166:         global $sSaveDateField;
167:         global $sSaveAuthor;
168:         global $sSaveName;
169: 
170:         return 'function refreshArticleSearchForm(refresh) {
171:                     var oFrame = Con.getFrame("left_top");
172:                     if (oFrame) {
173:                         oForm = oFrame.document.backend_search;
174: 
175:                         oForm.bs_search_text.value = "' . $aValues[$sSaveTitle] . '";
176:                         oForm.bs_search_id.value = "' . $aValues[$sSaveId] . '";
177:                         oForm.bs_search_date_type.value = "' . $aValues[$sSaveDateField] . '";
178: 
179:                         oFrame.toggle_tr_visibility("tr_date_from");
180:                         oFrame.toggle_tr_visibility("tr_date_to");
181: 
182:                         oForm.bs_search_date_from_day.value = "' . $aValues[$sSaveDateFromDay] . '";
183:                         oForm.bs_search_date_from_month.value = "' . $aValues[$sSaveDateToMonth] . '";
184:                         oForm.bs_search_date_from_year.value = "' . $aValues[$sSaveDateFromYear] . '";
185: 
186:                         oForm.bs_search_date_to_day.value = "' . $aValues[$sSaveDateToDay] . '";
187:                         oForm.bs_search_date_to_month.value = "' . $aValues[$sSaveDateToMonth] . '";
188:                         oForm.bs_search_date_to_year.value = "' . $aValues[$sSaveDateToYear] . '";
189: 
190:                         oForm.bs_search_author.value = "' . $aValues[$sSaveAuthor] . '";
191:                     }
192:                 }
193:                 refreshArticleSearchForm();
194:                 ';
195:     } else {
196:         return false;
197:     }
198: }
199: 
200: 201: 202: 203: 204: 
205: function mask($sString) {
206:     $sString = str_replace('\\', '\\\\', $sString);
207:     $sString = str_replace('\'', '\\\'', $sString);
208:     $sString = str_replace('"', '\\"', $sString);
209:     return $sString;
210: }
211: 
212: 213: 214: 215: 216: 217: 
218: function getSearchResults($itemidReq, $itemtypeReq) {
219:     global $sSaveTitle;
220:     global $sSaveId;
221:     global $sSaveDateFrom;
222:     global $sSaveDateFromYear;
223:     global $sSaveDateFromMonth;
224:     global $sSaveDateFromDay;
225:     global $sSaveDateTo;
226:     global $sSaveDateToYear;
227:     global $sSaveDateToMonth;
228:     global $sSaveDateToDay;
229:     global $sSaveDateField;
230:     global $sSaveAuthor;
231:     global $sSaveName;
232:     global $sType;
233: 
234:     $retValue = array();
235:     
236:     $propertyCollection = new cApiPropertyCollection();
237:     $results = $propertyCollection->getValuesByType($itemtypeReq, $itemidReq, $sType);
238: 
239:     
240:     $retValue[$sSaveTitle] = $results[$sSaveTitle];
241:     $retValue[$sSaveId] = $results[$sSaveId];
242:     $retValue[$sSaveDateField] = $results[$sSaveDateField];
243:     $retValue[$sSaveAuthor] = $results[$sSaveAuthor];
244: 
245:     
246:     $sSearchStrDateFromDayTmp = 0;
247:     $sSearchStrDateFromMonthTmp = 0;
248:     $sSearchStrDateFromYearTmp = 0;
249:     $saveDateFrom = $results[$sSaveDateFrom];
250:     if (isset($saveDateFrom) && sizeof($saveDateFrom) > 0) {
251:         $saveDateFrom = str_replace(' 00:00:00', '', $saveDateFrom);
252:         $saveDateFromParts = explode('-', $saveDateFrom);
253:         if (sizeof($saveDateFromParts) == 3) {
254:             $retValue[$sSaveDateFromYear] = $saveDateFromParts[0];
255:             $retValue[$sSaveDateFromMonth] = $saveDateFromParts[1];
256:             $retValue[$sSaveDateFromDay] = $saveDateFromParts[2];
257:         }
258:     }
259:     
260:     $sSearchStrDateToDayTmp = 0;
261:     $sSearchStrDateToMonthTmp = 0;
262:     $sSearchStrDateToYearTmp = 0;
263:     $saveDateTo = $results[$sSaveDateTo];
264:     if (isset($saveDateTo) && sizeof($saveDateTo) > 0) {
265:         $saveDateTo = str_replace(' 23:59:59', '', $saveDateTo);
266:         $saveDateToParts = explode('-', $saveDateTo);
267:         if (sizeof($saveDateToParts) == 3) {
268:             $retValue[$sSaveDateToYear] = $saveDateToParts[0];
269:             $retValue[$sSaveDateToMonth] = $saveDateToParts[1];
270:             $retValue[$sSaveDateToDay] = $saveDateToParts[2];
271:         }
272:     }
273:     return $retValue;
274: }
275: 
276: 
277: if (sizeof($_GET) == 0 && isset($_POST['save_search'])) {
278:     $itemtype = rand(0, 10000);
279:     $itemid = time();
280:     $propertyCollection = new cApiPropertyCollection();
281: 
282:     
283:     
284:     
285: 
286:     
287:     $propertyCollection->setValue($itemtype, $itemid, $sType, $sSaveTitle, $_POST[$sSaveTitle]);
288:     
289:     $propertyCollection->setValue($itemtype, $itemid, $sType, $sSaveId, $_POST[$sSaveId]);
290:     
291:     $propertyCollection->setValue($itemtype, $itemid, $sType, $sSaveDateFrom, $_POST[$sSaveDateFrom]);
292:     
293:     $propertyCollection->setValue($itemtype, $itemid, $sType, $sSaveDateTo, $_POST[$sSaveDateTo]);
294:     
295:     $propertyCollection->setValue($itemtype, $itemid, $sType, $sSaveDateField, $_POST[$sSaveDateField]);
296:     
297:     $propertyCollection->setValue($itemtype, $itemid, $sType, $sSaveAuthor, $_POST[$sSaveAuthor]);
298:     
299:     $propertyCollection->setValue($itemtype, $itemid, $sType, $sSaveName, $_POST[$sSaveName]);
300: 
301:     
302:     $aSearchResults = getSearchResults($itemid, $itemtype);
303:     $sSearchStrTmp = $aSearchResults[$sSaveTitle];
304:     $iSearchIdTmp = $aSearchResults[$sSaveId];
305:     $sSearchStrDateTypeTmp = $aSearchResults[$sSaveDateField];
306:     $sSearchStrDateFromDayTmp = $aSearchResults[$sSaveDateFromDay];
307:     $sSearchStrDateFromMonthTmp = $aSearchResults[$sSaveDateFromMonth];
308:     $sSearchStrDateFromYearTmp = $aSearchResults[$sSaveDateFromYear];
309:     $sSearchStrDateToDayTmp = $aSearchResults[$sSaveDateToDay];
310:     $sSearchStrDateToMonthTmp = $aSearchResults[$sSaveDateToMonth];
311:     $sSearchStrDateToYearTmp = $aSearchResults[$sSaveDateToYear];
312:     $sSearchStrAuthorTmp = $aSearchResults[$sSaveAuthor];
313: 
314:     $sScript = generateJs($aSearchResults);
315: 
316:     
317:     $sRefreshScript .= 'Con.getFrame("left_top").location.href = Con.getFrame("left_top").location.href + "&save_search=true";';
318: 
319:     
320:     $sSaveSuccessfull = i18n("Thank you for saving this search from extinction!");
321: } elseif (sizeof($_GET) > 0) {
322:     
323: 
324:     $itemtypeReq = $_GET['itemtype'];
325:     $itemidReq = $_GET['itemid'];
326:     
327:     if ((isset($itemtypeReq) && cString::getStringLength($itemtypeReq) > 0) && (isset($itemidReq) && cString::getStringLength($itemidReq) > 0)) {
328:         $aSearchResults = getSearchResults($itemidReq, $itemtypeReq);
329:         $sSearchStrTmp = $aSearchResults[$sSaveTitle];
330:         $iSearchIdTmp = $aSearchResults[$sSaveId];
331:         $sSearchStrDateTypeTmp = $aSearchResults[$sSaveDateField];
332:         $sSearchStrDateFromDayTmp = $aSearchResults[$sSaveDateFromDay];
333:         $sSearchStrDateFromMonthTmp = $aSearchResults[$sSaveDateFromMonth];
334:         $sSearchStrDateFromYearTmp = $aSearchResults[$sSaveDateFromYear];
335:         $sSearchStrDateToDayTmp = $aSearchResults[$sSaveDateToDay];
336:         $sSearchStrDateToMonthTmp = $aSearchResults[$sSaveDateToMonth];
337:         $sSearchStrDateToYearTmp = $aSearchResults[$sSaveDateToYear];
338:         $sSearchStrAuthorTmp = $aSearchResults[$sSaveAuthor];
339:         $sSearchStrDateFromTmp = $aSearchResults[$sSaveDateFrom];
340:         $sSearchStrDateToTmp = $aSearchResults[$sSaveDateTo];
341: 
342:         
343:         $sScript = generateJs($aSearchResults);
344:     } elseif (isset($_GET['recentedit'])) {
345:         
346:         $actDate = time();
347:         $weekInSeconds = 60 * 60 * 24 * 7;  
348:         $oneWeekEarlier = $actDate - $weekInSeconds;
349: 
350:         $sSearchStrDateTypeTmp = 'lastmodified';
351:         $sSearchStrDateFromDayTmp = date('d', $oneWeekEarlier);
352:         $sSearchStrDateFromMonthTmp = date('m', $oneWeekEarlier);
353:         $sSearchStrDateFromYearTmp = date('Y', $oneWeekEarlier);
354:         $sSearchStrDateToDayTmp = date('d', $actDate);
355:         $sSearchStrDateToMonthTmp = date('m', $actDate);
356:         $sSearchStrDateToYearTmp = date('Y', $actDate);
357:     } elseif (isset($_GET['myarticles'])) {
358:         $sSearchStrAuthorTmp = $auth->auth['uname'];
359:     } elseif (isset($_GET['lostfound'])) {
360:         $bLostAndFound = true;
361:     }
362: } elseif (sizeof($_GET) == 0 && isset($_POST)) {
363:     
364: 
365:     $sSearchStrTmp = trim(strip_tags($_POST['bs_search_text']));
366:     $iSearchIdTmp = (int) $_POST['bs_search_id'];
367:     $sSearchStrDateTypeTmp = trim(strip_tags($_POST['bs_search_date_type']));
368:     $sSearchStrDateFromDayTmp = (int) trim(strip_tags($_POST['bs_search_date_from_day']));
369:     $sSearchStrDateFromMonthTmp = (int) trim(strip_tags($_POST['bs_search_date_from_month']));
370:     $sSearchStrDateFromYearTmp = (int) trim(strip_tags($_POST['bs_search_date_from_year']));
371:     $sSearchStrDateToDayTmp = (int) trim(strip_tags($_POST['bs_search_date_to_day']));
372:     $sSearchStrDateToMonthTmp = (int) trim(strip_tags($_POST['bs_search_date_to_month']));
373:     $sSearchStrDateToYearTmp = (int) trim(strip_tags($_POST['bs_search_date_to_year']));
374:     $sSearchStrAuthorTmp = trim(strip_tags($_POST['bs_search_author']));
375: }
376: 
377: 
378: 
379: 
380: if (!empty($sSearchStrTmp)) {
381:     $sSearchStr = $sSearchStrTmp;
382: }
383: 
384: if ($iSearchIdTmp > 0) {
385:     $iSearchId = $iSearchIdTmp;
386: }
387: 
388: if ($sSearchStrDateTypeTmp != 'n/a') {
389:     if (($sSearchStrDateFromDayTmp > 0) && ($sSearchStrDateFromMonthTmp > 0) && ($sSearchStrDateFromYearTmp > 0)) {
390:         $sSearchStrDateFrom = $sSearchStrDateFromYearTmp . '-' . $sSearchStrDateFromMonthTmp . '-' . $sSearchStrDateFromDayTmp . ' 00:00:00';
391:     } else {
392:         $sSearchStrDateFrom = '';
393:     }
394: 
395:     if (($sSearchStrDateToDayTmp > 0) && ($sSearchStrDateToMonthTmp > 0) && ($sSearchStrDateToYearTmp > 0)) {
396:         $sSearchStrDateTo = $sSearchStrDateToYearTmp . '-' . $sSearchStrDateToMonthTmp . '-' . $sSearchStrDateToDayTmp . ' 23:59:59';
397:     } else {
398:         $sSearchStrDateTo = '';
399:     }
400: 
401:     $sDateFieldName = $sSearchStrDateTypeTmp;
402: } else {
403:     $sDateFieldName = '';
404: }
405: 
406: if (!empty($sSearchStrAuthorTmp)) {
407:     $sSearchStrAuthor = $sSearchStrAuthorTmp;
408: }
409: 
410: 
411: $sql = "SELECT
412:           DISTINCT a.idart, a.idartlang, a.title, a.online, a.locked, a.idartlang, a.created, a.published,
413:           a.artsort, a.lastmodified, b.idcat, b.idcatart, b.idcatart, c.startidartlang,
414:           c.idcatlang, e.name as 'tplname'
415:         FROM " . $cfg['tab']['art_lang'] . " as a
416:           LEFT JOIN " . $cfg['tab']['cat_art'] . " as b ON a.idart = b.idart
417:           LEFT JOIN " . $cfg['tab']['cat_lang'] . " as c ON a.idartlang = c.startidartlang
418:           LEFT JOIN " . $cfg['tab']['tpl_conf'] . " as d ON a.idtplcfg = d.idtplcfg
419:           LEFT JOIN " . $cfg['tab']['tpl'] . " as e ON d.idtpl = e.`idtpl`
420:           LEFT JOIN " . $cfg['tab']['content'] . " as f ON f.idartlang = a.idartlang
421:         WHERE
422:           (a.idlang = " . cSecurity::toInteger($iSpeachId) . ")
423:         ";
424: 
425: $sWhere = '';
426: 
427: $bNoCriteria = true;
428: 
429: 
430: if ($iSearchId > 0) {
431:     $sWhere .= " AND (a.idart = " . cSecurity::toInteger($iSearchId) . ")";
432:     $bNoCriteria = false;
433: }
434: 
435: 
436: if (!empty($sSearchStr)) {
437:     $sWhere .= " AND ((a.title LIKE '%" . mask($db->escape($sSearchStr)) . "%')";
438:     $sWhere .= " OR (f.value LIKE '%" . mask($db->escape($sSearchStr)) . "%'))";
439:     $bNoCriteria = false;
440: }
441: 
442: if (!empty($sSearchStrDateFrom) && ($sDateFieldName != '')) {
443:     $sWhere .= " AND (a." . $db->escape($sDateFieldName) . " >= '" . mask($db->escape($sSearchStrDateFrom)) . "')";
444:     $bNoCriteria = false;
445: }
446: 
447: if (!empty($sSearchStrDateTo) && ($sDateFieldName != '')) {
448:     $sWhere .= " AND (a." . $sDateFieldName . " <= '" . mask($db->escape($sSearchStrDateTo)) . "')";
449:     $bNoCriteria = false;
450: }
451: 
452: if (!empty($sSearchStrAuthor) && ($sSearchStrAuthor != 'n/a')) {
453:     
454:     $sWhere .= " AND ((a.author = '" . mask($db->escape($sSearchStrAuthor)) . "') OR (a.modifiedby = '" . mask($db->escape($sSearchStrAuthor)) . "'))";
455:     $bNoCriteria = false;
456: }
457: 
458: if (!empty($sWhere)) {
459:     $sql .= $sWhere;
460:     $sql .= ' ORDER BY a.' . $sSortBy . ' ' . cString::toUpperCase($sSortMode);
461:     $db->query($sql);
462: } elseif ($bLostAndFound) {
463:     $sql = "SELECT
464:               DISTINCT a.idart, a.idartlang, a.title, a.online, a.locked, a.idartlang, a.created, a.published,
465:               a.artsort, a.lastmodified, b.idcat, b.idcatart, b.idcatart, c.startidartlang,
466:               c.idcatlang, e.name as 'tplname'
467:             FROM " . $cfg['tab']['art_lang'] . " as a
468:               LEFT JOIN " . $cfg['tab']['cat_art'] . " as b ON a.idart = b.idart
469:               LEFT JOIN " . $cfg['tab']['cat_lang'] . " as c ON a.idartlang = c.startidartlang
470:               LEFT JOIN " . $cfg['tab']['tpl_conf'] . " as d ON a.idtplcfg = d.idtplcfg
471:               LEFT JOIN " . $cfg['tab']['tpl'] . " as e ON d.idtpl = e.`idtpl`
472:             WHERE
473:                 (a.idart NOT IN (SELECT " . $cfg['tab']['cat_art'] . ".idart FROM " . $cfg['tab']['cat_art'] . "))
474:             OR
475:                 (b.idcat NOT IN (SELECT " . $cfg['tab']['cat'] . ".idcat FROM " . $cfg['tab']['cat'] . "));";
476:     $db->query($sql);
477: }
478: 
479: $aTableHeaders = array();
480: foreach ($sSortByValues as $value) {
481:     $sTableHeader = '<a href="#" class="gray">';
482:     switch ($value) {
483:         case 'title':
484:             $sTableHeader .= i18n('Title');
485:             break;
486:         case 'lastmodified':
487:             $sTableHeader .= i18n('Changed');
488:             break;
489:         case 'published':
490:             $sTableHeader .= i18n('Published');
491:             break;
492:         case 'artsort':
493:             $sTableHeader .= i18n('Sort order');
494:             break;
495:         default:
496:             break;
497:     }
498:     $sTableHeader .= '</a>';
499:     
500:     if ($value == $sSortBy) {
501:         $imageSrc = ($sSortMode == 'asc') ? 'images/sort_up.gif' : 'images/sort_down.gif';
502:         $sTableHeader .= '<img src="' . $imageSrc . '">';
503:     }
504:     $aTableHeaders[$value] = $sTableHeader;
505: }
506: 
507: $tpl = new cTemplate();
508: 
509: $tpl->setEncoding('iso-8859-1');
510: $tpl->set('s', 'SCRIPT', $sScript);
511: $tpl->set('s', 'TITLE', i18n('Search results'));
512: $tpl->set('s', 'TH_START', i18n("Article"));
513: $tpl->set('s', 'TH_TITLE', $aTableHeaders['title']);
514: $tpl->set('s', 'TH_CHANGED', $aTableHeaders['lastmodified']);
515: $tpl->set('s', 'TH_PUBLISHED', $aTableHeaders['published']);
516: $tpl->set('s', 'TH_SORTORDER', $aTableHeaders['artsort']);
517: $tpl->set('s', 'TH_TEMPLATE', i18n("Template"));
518: $tpl->set('s', 'TH_ACTIONS', i18n("Actions"));
519: $tpl->set('s', 'CURRENT_SORTBY', $sSortBy);
520: $tpl->set('s', 'CURRENT_SORTMODE', $sSortMode);
521: 
522: 
523: $tpl->set('s', 'REFRESH', $sRefreshScript);
524: 
525: 
526: $tpl->set('s', 'SEARCHSTOREDMESSAGE', $sSaveSuccessfull);
527: 
528: $iAffectedRows = $db->affectedRows();
529: 
530: if ($iAffectedRows <= 0 || (empty($sWhere) && !$bLostAndFound)) {
531:     $sNoArticle = i18n("Missing search value.");
532:     $sNothingFound = i18n("No article found.");
533: 
534:     if ($bNoCriteria && !$bLostAndFound) {
535:         $sErrOut = $sNoArticle;
536:     } else {
537:         $sErrOut = $sNothingFound;
538:     }
539: 
540:     $sRow = '<tr><td colspan="7" class="bordercell">' . $sErrOut . '</td></tr>';
541:     $tpl->set('d', 'ROWS', $sRow);
542:     $sLoadSubnavi = 'Con.getFrame(\'right_top\').location.href = \'main.php?area=con&frame=3&idcat=0&idtpl=' . $iIdTpl . '&contenido=' . $sSession . "';";
543:     $tpl->next();
544: } else {
545:     $bHit = false;
546: 
547:     for ($i = 0; $i < $iAffectedRows; $i++) {
548:         $sRow = '';
549: 
550:         $db->nextRecord();
551: 
552:         $idcat = $db->f("idcat");
553: 
554:         $bCheckRights = $perm->have_perm_area_action("con", "con_makestart");
555: 
556:         if (!$bCheckRights) {
557:             $bCheckRights = $perm->have_perm_area_action("con", "con_makeonline");
558:         }
559:         if (!$bCheckRights) {
560:             $bCheckRights = $perm->have_perm_area_action("con", "con_deleteart");
561:         }
562:         if (!$bCheckRights) {
563:             $bCheckRights = $perm->have_perm_area_action("con", "con_tplcfg_edit");
564:         }
565:         if (!$bCheckRights) {
566:             $bCheckRights = $perm->have_perm_area_action("con", "con_makecatonline");
567:         }
568:         if (!$bCheckRights) {
569:             $bCheckRights = $perm->have_perm_area_action("con", "con_changetemplate");
570:         }
571:         if (!$bCheckRights) {
572:             $bCheckRights = $perm->have_perm_area_action("con_editcontent", "con_editart");
573:         }
574:         if (!$bCheckRights) {
575:             $bCheckRights = $perm->have_perm_area_action("con_editart", "con_edit");
576:         }
577:         if (!$bCheckRights) {
578:             $bCheckRights = $perm->have_perm_area_action("con_editart", "con_newart");
579:         }
580:         if (!$bCheckRights) {
581:             $bCheckRights = $perm->have_perm_area_action("con_editart", "con_saveart");
582:         }
583: 
584:         
585:         if (!$bCheckRights) {
586:             
587:             $aGroupsForUser = $perm->getGroupsForUser($auth->auth['uid']);
588:             $aGroupsForUser[] = $auth->auth['uid'];
589:             $sTmpUserString = implode("','", $aGroupsForUser);
590: 
591:             
592:             $sql = "SELECT *
593:                     FROM " . $cfg["tab"]["rights"] . "
594:                     WHERE user_id IN ('" . $sTmpUserString . "') AND idclient = " . cSecurity::toInteger($client) . "
595:                         AND idlang = " . cSecurity::toInteger($lang) . " AND idcat = " . cSecurity::toInteger($idcat);
596:             $db2->query($sql);
597: 
598:             if ($db2->numRows() != 0) {
599: 
600:                 if (!$bCheckRights) {
601:                     $bCheckRights = $perm->have_perm_area_action_item("con", "con_makestart", $idcat);
602:                 }
603:                 if (!$bCheckRights) {
604:                     $bCheckRights = $perm->have_perm_area_action_item("con", "con_makeonline", $idcat);
605:                 }
606:                 if (!$bCheckRights) {
607:                     $bCheckRights = $perm->have_perm_area_action_item("con", "con_deleteart", $idcat);
608:                 }
609:                 if (!$bCheckRights) {
610:                     $bCheckRights = $perm->have_perm_area_action_item("con", "con_tplcfg_edit", $idcat);
611:                 }
612:                 if (!$bCheckRights) {
613:                     $bCheckRights = $perm->have_perm_area_action_item("con", "con_makecatonline", $idcat);
614:                 }
615:                 if (!$bCheckRights) {
616:                     $bCheckRights = $perm->have_perm_area_action_item("con", "con_changetemplate", $idcat);
617:                 }
618:                 if (!$bCheckRights) {
619:                     $bCheckRights = $perm->have_perm_area_action_item("con_editcontent", "con_editart", $idcat);
620:                 }
621:                 if (!$bCheckRights) {
622:                     $bCheckRights = $perm->have_perm_area_action_item("con_editart", "con_edit", $idcat);
623:                 }
624:                 if (!$bCheckRights) {
625:                     $bCheckRights = $perm->have_perm_area_action_item("con_editart", "con_newart", $idcat);
626:                 }
627:                 if (!$bCheckRights) {
628:                     $bCheckRights = $perm->have_perm_area_action_item("con_editart", "con_saveart", $idcat);
629:                 }
630:             }
631:         }
632: 
633:         if ($bCheckRights) {
634:             $bHit = true;
635: 
636:             $idart = $db->f("idart");
637:             $idartlang = $db->f("idartlang");
638:             $idcatart = $db->f("idcatart");
639:             $idcatlang = $db->f("idcatlang");
640:             $title = $db->f("title");
641:             $idartlang = $db->f("idartlang");
642:             $created = date($sDateFormat, strtotime($db->f("created")));
643:             $lastmodified = date($sDateFormat, strtotime($db->f("lastmodified")));
644:             $published = date($sDateFormat, strtotime($db->f("published")));
645:             $online = $db->f("online");
646:             $locked = $db->f("locked");
647:             $startidartlang = $db->f("startidartlang");
648:             $templatename = $db->f("tplname");
649:             $idtplcfg = $db->f("idtplcfg");
650: 
651:             
652:             if ($i == 0) {
653:                 $iDisplayMenu = 1;
654:                 $iIdCat = $idcat;
655:                 $iIdTpl = $idtpl;
656:             }
657: 
658:             
659:             if ($perm->have_perm_area_action_item("con", "con_makestart", $idcat) && 0 == 1) {
660:                 if ($startidartlang == $idartlang) {
661:                     $sFlagTitle = i18n('Flag as normal article');
662:                     $makeStartarticle = "<td nowrap=\"nowrap\" class=\"bordercell\"><a href=\"main.php?area=con&idcat=$idcat&action=con_makestart&idcatart=$idcatart&frame=4&is_start=0&contenido=$sSession\" title=\"{$sFlagTitle}\"><img src=\"images/isstart1.gif\" border=\"0\" title=\"{$sFlagTitle}\" alt=\"{$sFlagTitle}\"></a></td>";
663:                 } else {
664:                     $sFlagTitle = i18n('Flag as start article');
665:                     $makeStartarticle = "<td nowrap=\"nowrap\" class=\"bordercell\"><a href=\"main.php?area=con&idcat=$idcat&action=con_makestart&idcatart=$idcatart&frame=4&is_start=1&contenido=$sSession\" title=\"{$sFlagTitle}\"><img src=\"images/isstart0.gif\" border=\"0\" title=\"{$sFlagTitle}\" alt=\"{$sFlagTitle}\"></a></td>";
666:                 }
667:             } else {
668:                 if ($startidartlang == $idartlang) {
669:                     $makeStartarticle = "<td nowrap=\"nowrap\" class=\"bordercell\"><img src=\"images/isstart1.gif\" border=\"0\" title=\"{$sFlagTitle}\" alt=\"{$sFlagTitle}\"></td>";
670:                 } else {
671:                     $makeStartarticle = "<td nowrap=\"nowrap\" class=\"bordercell\"><img src=\"images/isstart0.gif\" border=\"0\" title=\"{$sFlagTitle}\" alt=\"{$sFlagTitle}\"></td>";
672:                 }
673:             }
674: 
675:             
676:             if ($online == 1) {
677:                 $sOnlineStatus = i18n('Make offline');
678:                 $bgColorRow = "background-color: #E2E2E2;";
679:                 $setOnOff = "<a href=\"main.php?area=con&idcat=$idcat&action=con_makeonline&frame=4&idart=$idart&contenido=$sSession\" title=\"{$sOnlineStatus}\"><img src=\"images/online.gif\" title=\"{$sOnlineStatus}\" alt=\"{$sOnlineStatus}\" border=\"0\"></a>";
680:             } else {
681:                 $sOnlineStatus = i18n('Make online');
682:                 $bgColorRow = "background-color: #E2D9D9;";
683:                 $setOnOff = "<a href=\"main.php?area=con&idcat=$idcat&action=con_makeonline&frame=4&idart=$idart&contenido=$sSession\" title=\"{$sOnlineStatus}\"><img src=\"images/offline.gif\" title=\"{$sOnlineStatus}\" alt=\"{$sOnlineStatus}\" border=\"0\"></a>";
684:             }
685:             
686:             if ($locked == 1) {
687:                 $sLockStatus = i18n('Unfreeze article');
688:                 $lockArticle = "<a href=\"main.php?area=con&idcat=$idcat&action=con_lock&frame=4&idart=$idart&contenido=$sSession\" title=\"{$sLockStatus}\"><img src=\"images/lock_closed.gif\" title=\"{$sLockStatus}\" alt=\"{$sLockStatus}\" border=\"0\"></a>";
689:             } else {
690:                 $sLockStatus = i18n('Freeze article');
691:                 $lockArticle = "<a href=\"main.php?area=con&idcat=$idcat&action=con_lock&frame=4&idart=$idart&contenido=$sSession\" title=\"{$sLockStatus}\"><img src=\"images/lock_open.gif\" title=\"{$sLockStatus}\" alt=\"{$sLockStatus}\" border=\"0\"></a>";
692:             }
693: 
694:             
695:             if (!empty($templatename)) {
696:                 $sTemplateName = conHtmlentities($templatename);
697:             } else {
698:                 $db2 = cRegistry::getDb();
699:                 $sql2 = "SELECT
700:                             c.idtpl AS idtpl,
701:                             c.name AS name,
702:                             c.description,
703:                             b.idtplcfg AS idtplcfg
704:                         FROM
705:                             " . $cfg['tab']['tpl_conf'] . " AS a,
706:                             " . $cfg['tab']['cat_lang'] . " AS b,
707:                             " . $cfg['tab']['tpl'] . " AS c
708:                         WHERE
709:                             b.idcat     = " . cSecurity::toInteger($idcat) . " AND
710:                             b.idlang    = " . cSecurity::toInteger($lang) . " AND
711:                             b.idtplcfg  = a.idtplcfg AND
712:                             c.idtpl     = a.idtpl AND
713:                             c.idclient  = " . cSecurity::toInteger($client);
714:                 $db2->query($sql2);
715:                 $db2->nextRecord();
716:                 $sTemplateName = $db2->f("name") ? '<i>' . $db2->f("name") . '</i>' : "--- " . i18n("None") . " ---";
717:             }
718: 
719:             $sTodoListSubject = i18n("Reminder");
720:             $sReminder = i18n("Set reminder / add to todo list");
721:             $sDuplicateArticle = i18n("Duplicate article");
722:             $sArticleProperty = i18n("Article properties");
723:             $sConfigureTpl = i18n("Configure template");
724:             $sDeleteArticle = i18n("Delete article");
725:             $sDeleteArticleQuestion = i18n("Do you really want to delete the following article");
726:             $sRowId = "$idart-$idartlang-$idcat-0-$idcatart-$iLangId";
727: 
728:             if ($i == 0) {
729:                 $tpl->set('s', 'FIRST_ROWID', $sRowId);
730:             }
731: 
732:             $categoryHelper = cCategoryHelper::getInstance();
733:             $catArt = new cApiCategoryArticle($idcatart);
734:             $catArray = $categoryHelper->getCategoryPath($catArt->get("idcat"));
735:             $catstring = "";
736:             foreach ($catArray as $cat) {
737:                 $catstring .= $cat->get("name") . "-> ";
738:             }
739:             if (cString::getStringLength($catstring) > 0) {
740:                 $catstring = cString::getPartOfString($catstring, 0, cString::getStringLength($catstring) - 3);
741:             }
742: 
743:             $strTitle = cSecurity::unFilter($db->f("title"));
744: 
745:             if ($idcat == '') {
746:                 $idcat = 0;
747:             }
748: 
749:             if ($perm->have_perm_area_action_item("con_editcontent", "con_editart", $idcat)) {
750:                 $editart = "<a href=\"main.php?area=con_editcontent&action=con_editart&changeview=edit&idartlang=$idartlang&idart=$idart&idcat=$idcat&frame=4&contenido=$sSession\" title=\"idart: $idart idcatart: $idcatart\" alt=\"idart: $idart idcatart: $idcatart\"><i><span style='font-size: 80%'>" . $catstring . "</span></i><br>" . $strTitle . "</a>";
751:             } else {
752:                 $editart = "<i><span style='font-size: 80%'>" . $catstring . "</span></i><br>" . $strTitle;
753:             }
754: 
755:             if ($perm->have_perm_area_action_item("con", "con_duplicate", $idcat)) {
756:                 $duplicate = "<a href=\"main.php?area=con&idcat=$idcat&action=con_duplicate&duplicate=$idart&frame=4&contenido=$sSession\" title=\"$sDuplicateArticle\"><img src=\"images/but_copy.gif\" border=\"0\" title=\"$sDuplicateArticle\" alt=\"$sDuplicateArticle\"></a>";
757:             } else {
758:                 $duplicate = "";
759:             }
760: 
761:             if ($perm->have_perm_area_action_item("con", "con_deleteart", $idcat)) {
762:                 $tmp_title = conHtmlSpecialChars($db->f("title"));
763:                 if (cString::getStringLength($tmp_title) > 30) {
764:                     $tmp_title = cString::getPartOfString($tmp_title, 0, 27) . "...";
765:                 }
766: 
767:                 $delete = '
768:                 <a
769:                     href="javascript:void(0)"
770:                     onclick="Con.showConfirmation("' . $sDeleteArticleQuestion . ':<br><br><b>' . conHtmlSpecialChars($tmp_title) . '</b>", function() {deleteArticle(' . $idart . ', ' . $idcat . ');});"
771:                     title="' . $sDeleteArticle . '"
772:                 >
773:                     <img src="images/delete.gif" title="' . $sDeleteArticle . '" alt="' . $sDeleteArticle . '">
774:                 </a>';
775:             } else {
776:                 $delete = "";
777:             }
778: 
779:             $sRow = '<tr id="' . $sRowId . '" class="text_medium" onmouseover="artRow.over(this)" onmouseout="artRow.out(this)" onclick="artRow.click(this)">' . "\n";
780:             $sRow .= $makeStartarticle . "\n";
781:             $sRow .= "<td nowrap=\"nowrap\" class=\"bordercell\">$editart</td>
782:                       <td nowrap=\"nowrap\" class=\"bordercell\">$lastmodified</td>
783:                       <td nowrap=\"nowrap\" class=\"bordercell\">$published</td>
784:                       <td nowrap=\"nowrap\" class=\"bordercell\">" . $db->f("artsort") . "</td>
785:                       <td nowrap=\"nowrap\" class=\"bordercell\">$sTemplateName</td>
786:                       <td nowrap=\"nowrap\" class=\"bordercell\">
787:                           <a id=\"m1\" onclick=\"javascript:window.open('main.php?subject=$sTodoListSubject&area=todo&frame=1&itemtype=idart&itemid=$idart&contenido=$sSession', 'todo', 'scrollbars=yes, height=300, width=625');\" alt=\"$sReminder\" title=\"$sReminder\" href=\"#\"><img id=\"m2\" alt=\"$sReminder\" src=\"images/but_setreminder.gif\" border=\"0\"></a>
788:                           $properties
789:                           $tplconfig
790:                           $duplicate
791:                           $delete
792:                       </td>
793:                   </tr>";
794: 
795:             $tpl->set('d', 'ROWS', $sRow);
796:             $tpl->next();
797:         }
798:     }
799: 
800:     if (!$bHit) {
801:         $sNothingFound = i18n("No article found.");
802:         $sRow = '<tr><td colspan="7" class="bordercell">' . $sNothingFound . '</td></tr>';
803:         $tpl->set('d', 'ROWS', $sRow);
804:         $tpl->next();
805:     }
806: 
807:     if ($bLostAndFound) {
808:         $iDisplayMenu = 1;
809:     }
810:     $sLoadSubnavi = 'Con.getFrame(\'right_top\').location.href = \'main.php?area=con&frame=3&idcat=' . $iIdCat . '&idtpl=' . $iIdTpl . '&display_menu=' . $iDisplayMenu . '&contenido=' . $sSession . "';";
811: }
812: 
813: 
814: 
815: 
816: 
817: 
818: if (sizeof($_GET) == 0 && isset($_POST) && !$bNoCriteria) {
819:     
820:     $searchForm = '<form id="save_search" target="right_bottom" method="post" action="backend_search.php">';
821:     
822:     $searchForm .= '<input type="hidden" name="area" value="' . $area . '">';
823:     $searchForm .= '<input type="hidden" name="frame" value="' . $frame . '">';
824:     $searchForm .= '<input type="hidden" name="contenido" value="' . $sess->id . '">';
825:     $searchForm .= '<input type="hidden" name="speach" value="' . $lang . '">';
826:     
827:     $searchForm .= '<input type="hidden" name="save_search" id="save_search" value="true">';
828:     $searchForm .= '<input type="hidden" name="' . $sSaveTitle . '" id="' . $sSaveTitle . '" value="' . $sSearchStr . '">';
829:     $searchForm .= '<input type="hidden" name="' . $sSaveId . '" id="' . $sSaveId . '" value="' . $iSearchId . '">';
830:     $searchForm .= '<input type="hidden" name="' . $sSaveDateFrom . '" id="' . $sSaveDateFrom . '" value="' . $sSearchStrDateFrom . '">';
831:     $searchForm .= '<input type="hidden" name="' . $sSaveDateTo . '" id="' . $sSaveDateTo . '" value="' . $sSearchStrDateTo . '">';
832:     $searchForm .= '<input type="hidden" name="' . $sSaveDateField . '" id="' . $sSaveDateField . '" value="' . $sDateFieldName . '">';
833:     $searchForm .= '<input type="hidden" name="' . $sSaveAuthor . '" id="' . $sSaveAuthor . '" value="' . $sSearchStrAuthor . '">';
834:     $searchForm .= '<label for="' . $sSaveName . '">' . i18n("Search name") . ': </label>';
835:     $searchForm .= '<input type="text" class="text_medium" name="' . $sSaveName . '" id="' . $sSaveName . '" placeholder="' . i18n("The search") . '" class="vAlignMiddle">';
836:     $searchForm .= '<input type="image" class="vAlignMiddle tableElement" src="./images/but_ok.gif" alt="' . i18n('Store') . '" title="' . i18n('Store') . '" value="' . i18n('Store') . '" name="submit">';
837:     $searchForm .= '</form>';
838:     $tpl->set('s', 'STORESEARCHFORM', $searchForm);
839: 
840:     
841:     $tpl->set('s', 'STORESEARCHINFO', i18n("Save this search"));
842: } else {
843:     $tpl->set('s', 'STORESEARCHINFO', '');
844:     $tpl->set('s', 'STORESEARCHFORM', '');
845: }
846: 
847: $tpl->set('s', 'SUBNAVI', $sLoadSubnavi);
848: sendEncodingHeader($db, $cfg, $lang);
849: $tpl->generate($cfg['path']['templates'] . 'template.backend_search_results.html');
850: