1: <?php
  2: /**
  3:  * This file contains the backend class.
  4:  *
  5:  * @package    Core
  6:  * @subpackage Backend
  7:  * @version    SVN Revision $Rev:$
  8:  *
  9:  * @author     Jan Lengowski
 10:  * @copyright  four for business AG <www.4fb.de>
 11:  * @license    http://www.contenido.org/license/LIZENZ.txt
 12:  * @link       http://www.4fb.de
 13:  * @link       http://www.contenido.org
 14:  */
 15: 
 16: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
 17: 
 18: /**
 19:  * This class controls all backend actions.
 20:  *
 21:  * @package    Core
 22:  * @subpackage Backend
 23:  */
 24: class cBackend {
 25: 
 26:     /**
 27:      * Possible actions
 28:      *
 29:      * @var array
 30:      */
 31:     protected $_actions = array();
 32: 
 33:     /**
 34:      * Files
 35:      *
 36:      * @var array
 37:      */
 38:     protected $_files = array();
 39: 
 40:     /**
 41:      * Stores the frame number
 42:      *
 43:      * @var int
 44:      */
 45:     protected $_frame = 0;
 46: 
 47:     /**
 48:      * Errors
 49:      *
 50:      * @var array
 51:      */
 52:     protected $_errors = array();
 53: 
 54:     /**
 55:      * Save area
 56:      *
 57:      * @var string
 58:      */
 59:     protected $_area = '';
 60: 
 61:     /**
 62:      * Set the frame number in which the file is loaded
 63:      */
 64:     public function setFrame($frame_nr = 0) {
 65:         $frame_nr = cSecurity::toInteger($frame_nr);
 66:         $this->_frame = $frame_nr;
 67:     }
 68: 
 69:     /**
 70:      * Loads all required data from the DB and stores it in the $_actions and
 71:      * $_files array
 72:      *
 73:      * @param $area string selected area
 74:      */
 75:     public function select($area) {
 76:         // Required global vars
 77:         global $cfg, $client, $lang, $db, $perm, $action, $idcat;
 78:         global $idcat, $idtpl, $idmod, $idlay;
 79: 
 80:         if (isset($idcat)) {
 81:             $itemid = $idcat;
 82:         } elseif (isset($idtpl)) {
 83:             $itemid = $idtpl;
 84:         } elseif (isset($idmod)) {
 85:             $itemid = $idmod;
 86:         } elseif (isset($idlay)) {
 87:             $itemid = $idlay;
 88:         } else {
 89:             $itemid = 0;
 90:         }
 91: 
 92:         $itemid = cSecurity::toInteger($itemid);
 93:         $area = cSecurity::escapeDB($area, $db);
 94: 
 95:         // Store Area
 96:         $this->_area = $area;
 97: 
 98:         // extract actions
 99:         $sql = 'SELECT
100:                     b.name AS name,
101:                     b.code AS code,
102:                     b.relevant as relevant_action,
103:                     a.relevant as relevant_area
104:                 FROM
105:                     ' . $cfg['tab']['area'] . ' AS a,
106:                     ' . $cfg['tab']['actions'] . " AS b
107:                 WHERE
108:                     a.name   = '" . $area . "' AND
109:                     b.idarea = a.idarea AND
110:                     a.online = '1'";
111: 
112:         // Check if the user has access to this area.
113:         // Yes -> Grant him all actions
114:         // No -> Grant him only action which are irrelevant = (Field 'relevant'
115:         // is 0)
116: 
117:         if (!$perm->have_perm_area_action($area)) {
118:             $sql .= " AND a.relevant = '0'";
119:         }
120: 
121:         $db->query($sql);
122: 
123:         while ($db->nextRecord()) {
124: 
125:             // Save the action only access to the desired action is granted.
126:             // If this action is relevant for rights check if the user has
127:             // permission to
128:             // execute this action
129: 
130:             if ($db->f('relevant_action') == 1 && $db->f('relevant_area') == 1) {
131: 
132:                 if ($perm->have_perm_area_action_item($area, $db->f('name'), $itemid)) {
133:                     $this->_actions[$area][$db->f('name')] = $db->f('code');
134:                 }
135: 
136:                 if ($itemid == 0) {
137:                     // itemid not available, since its impossible the get the
138:                     // correct rights out
139:                     // we only check if userrights are given for these three
140:                     // items on any item
141:                     if ($action == 'mod_edit' || $action == 'tpl_edit' || $action == 'lay_edit') {
142:                         if ($perm->have_perm_area_action_anyitem($area, $db->f('name'))) {
143:                             $this->_actions[$area][$db->f('name')] = $db->f('code');
144:                         }
145:                     }
146:                 }
147:             } else {
148:                 $this->_actions[$area][$db->f('name')] = $db->f('code');
149:             }
150:         }
151: 
152:         $sql = 'SELECT
153:                     b.filename AS name,
154:                     b.filetype AS type,
155:                     a.parent_id AS parent_id
156:                 FROM
157:                     ' . $cfg['tab']['area'] . ' AS a,
158:                     ' . $cfg['tab']['files'] . ' AS b,
159:                     ' . $cfg['tab']['framefiles'] . " AS c
160:                 WHERE
161:                     a.name    = '" . $area . "' AND
162:                     b.idarea  = a.idarea AND
163:                     b.idfile  = c.idfile AND
164:                     c.idarea  = a.idarea AND
165:                     c.idframe = '" . $this->_frame . "' AND
166:                     a.online  = '1'";
167: 
168:         // Check if the user has access to this area.
169:         // Yes -> Extract all files
170:         // No -> Extract only irrelevant Files = (Field 'relevant' is 0)
171:         if (!$perm->have_perm_area_action($area)) {
172:             $sql .= " AND a.relevant = '0'";
173:         }
174:         $sql .= ' ORDER BY b.filename';
175: 
176:         $db->query($sql);
177: 
178:         while ($db->nextRecord()) {
179: 
180:             // Test if entry is a plug-in. If so don't add the Include path
181:             if (strstr($db->f('name'), '/')) {
182:                 $filepath = $cfg['path']['plugins'] . $db->f('name');
183:             } else {
184:                 $filepath = $cfg['path']['includes'] . $db->f('name');
185:             }
186: 
187:             // If filetype is Main AND parent_id is 0 file is a sub file
188:             if ($db->f('parent_id') != 0 && $db->f('type') == 'main') {
189:                 $this->_files['sub'][] = $filepath;
190:             }
191: 
192:             $this->_files[$db->f('type')][] = $filepath;
193:         }
194: 
195:         $debug = "Files:\n" . print_r($this->_files, true) . "\n" . "Actions:\n" . print_r($this->_actions[$this->_area], true) . "\n" . "Information:\n" . "Area: $area\n" . "Action: $action\n" . "Client: $client\n" . "Lang: $lang\n";
196:         cDebug::out($debug);
197:     }
198: 
199:     /**
200:      * Checks if choosen action exists.
201:      * If so, execute/eval it.
202:      *
203:      * @param $action String Action to execute
204:      * @return string $action Code for selected Action
205:      */
206:     public function getCode($action) {
207:         $actionCodeFile = cRegistry::getBackendPath() . 'includes/type/action/include.' . $action . '.action.php';
208:         if (cFileHandler::exists($actionCodeFile)) {
209:             return cFileHandler::read($actionCodeFile);
210:         }
211: 
212:         return '';
213:     }
214: 
215:     /**
216:      * Returns the specified file path.
217:      * Distinction between 'inc' and 'main' files.
218:      *
219:      * 'inc' => Required file like functions/classes etc.
220:      * 'main' => Main file
221:      *
222:      * @param $which String 'inc' / 'main'
223:      */
224:     public function getFile($which) {
225:         if (isset($this->_files[$which])) {
226:             return $this->_files[$which];
227:         }
228:     }
229: 
230:     /**
231:      * Creates a log entry for the specified parameters.
232:      *
233:      * @param int $idcat Category-ID
234:      * @param int $idart Article-ID
235:      * @param int $client Client-ID
236:      * @param int $lang Language-ID
237:      * @param int|string $idaction  Action (ID or canonical name)
238:      */
239:     public function log($idcat, $idart, $client, $lang, $idaction) {
240:         global $perm, $auth;
241: 
242:         if (!cSecurity::isInteger($client)) {
243:             return;
244:         } elseif (!cSecurity::isInteger($lang)) {
245:             return;
246:         }
247: 
248:         $oDb = cRegistry::getDb();
249: 
250:         $timestamp = date('Y-m-d H:i:s');
251:         $idcatart = 0;
252: 
253:         $idcat = (int) $idcat;
254:         $idart = (int) $idart;
255:         $client = (int) $client;
256:         $lang = (int) $lang;
257:         $idaction = $oDb->escape($idaction);
258: 
259:         if ($idcat > 0 && $idart > 0) {
260:             $oCatArtColl = new cApiCategoryArticleCollection();
261:             $oCatArt = $oCatArtColl->fetchByCategoryIdAndArticleId($idcat, $idart);
262:             $idcatart = $oCatArt->get('idcatart');
263:         }
264: 
265:         $oldaction = $idaction;
266:         $idaction = $perm->getIDForAction($idaction);
267: 
268:         if ($idaction != '') {
269:             $oActionLogColl = new cApiActionlogCollection();
270:             $oActionLogColl->create($auth->auth['uid'], $client, $lang, $idaction, $idcatart, $timestamp);
271:         } else {
272:             echo $oldaction . ' is not in the actions table!<br><br>';
273:         }
274:     }
275: 
276: }
277: