1: <?php
  2: /**
  3:  * This file contains the backend class.
  4:  *
  5:  * @package Core
  6:  * @subpackage Backend
  7:  * @author Jan Lengowski
  8:  * @copyright four for business AG <www.4fb.de>
  9:  * @license http://www.contenido.org/license/LIZENZ.txt
 10:  * @link http://www.4fb.de
 11:  * @link http://www.contenido.org
 12:  */
 13: 
 14: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
 15: 
 16: /**
 17:  * This class controls all backend actions.
 18:  *
 19:  * @package Core
 20:  * @subpackage Backend
 21:  */
 22: class cBackend {
 23: 
 24:     /**
 25:      * Possible actions
 26:      *
 27:      * @var array
 28:      */
 29:     protected $_actions = array();
 30: 
 31:     /**
 32:      * Files
 33:      *
 34:      * @var array
 35:      */
 36:     protected $_files = array();
 37: 
 38:     /**
 39:      * Stores the frame number
 40:      *
 41:      * @var int
 42:      */
 43:     protected $_frame = 0;
 44: 
 45:     /**
 46:      * Errors
 47:      *
 48:      * @var array
 49:      */
 50:     protected $_errors = array();
 51: 
 52:     /**
 53:      * Save area
 54:      *
 55:      * @var string
 56:      */
 57:     protected $_area = '';
 58: 
 59:     /**
 60:      * Set the frame number in which the file is loaded.
 61:      *
 62:      * @param int $frame [optional]
 63:      *         as number
 64:      */
 65:     public function setFrame($frame = 0) {
 66:         $this->_frame = cSecurity::toInteger($frame);
 67:     }
 68: 
 69:     /**
 70:      * Loads all required data from the DB and stores it in the $_actions and
 71:      * $_files array.
 72:      *
 73:      * @param string $area
 74:      *         selected area
 75:      */
 76:     public function select($area) {
 77:         // Required global vars
 78:         global $cfg, $client, $lang, $db, $perm, $action, $idcat;
 79:         global $idcat, $idtpl, $idmod, $idlay;
 80: 
 81:         if (isset($idcat)) {
 82:             $itemid = $idcat;
 83:         } elseif (isset($idtpl)) {
 84:             $itemid = $idtpl;
 85:         } elseif (isset($idmod)) {
 86:             $itemid = $idmod;
 87:         } elseif (isset($idlay)) {
 88:             $itemid = $idlay;
 89:         } else {
 90:             $itemid = 0;
 91:         }
 92: 
 93:         $itemid = cSecurity::toInteger($itemid);
 94:         $area = $db->escape($area);
 95: 
 96:         // Store Area
 97:         $this->_area = $area;
 98: 
 99:         // extract actions
100:         $sql = 'SELECT
101:                     b.name AS name,
102:                     b.code AS code,
103:                     b.relevant as relevant_action,
104:                     a.relevant as relevant_area
105:                 FROM
106:                     ' . $cfg['tab']['area'] . ' AS a,
107:                     ' . $cfg['tab']['actions'] . " AS b
108:                 WHERE
109:                     a.name   = '" . $area . "' AND
110:                     b.idarea = a.idarea AND
111:                     a.online = '1'";
112: 
113:         // Check if the user has access to this area.
114:         // Yes -> Grant him all actions
115:         // No -> Grant him only action which are irrelevant = (Field 'relevant'
116:         // is 0)
117: 
118:         if (!$perm->have_perm_area_action($area)) {
119:             $sql .= " AND a.relevant = '0'";
120:         }
121: 
122:         $db->query($sql);
123: 
124:         while ($db->nextRecord()) {
125: 
126:             // Save the action only access to the desired action is granted.
127:             // If this action is relevant for rights check if the user has
128:             // permission to
129:             // execute this action
130: 
131:             if ($db->f('relevant_action') == 1 && $db->f('relevant_area') == 1) {
132: 
133:                 if ($perm->have_perm_area_action_item($area, $db->f('name'), $itemid)) {
134:                     $this->_actions[$area][$db->f('name')] = $db->f('code');
135:                 }
136: 
137:                 if ($itemid == 0) {
138:                     // itemid not available, since its impossible the get the
139:                     // correct rights out
140:                     // we only check if userrights are given for these three
141:                     // items on any item
142:                     if ($action == 'mod_edit' || $action == 'tpl_edit' || $action == 'lay_edit') {
143:                         if ($perm->have_perm_area_action_anyitem($area, $db->f('name'))) {
144:                             $this->_actions[$area][$db->f('name')] = $db->f('code');
145:                         }
146:                     }
147:                 }
148:             } else {
149:                 $this->_actions[$area][$db->f('name')] = $db->f('code');
150:             }
151:         }
152: 
153:         $sql = 'SELECT
154:                     b.filename AS name,
155:                     b.filetype AS type,
156:                     a.parent_id AS parent_id
157:                 FROM
158:                     ' . $cfg['tab']['area'] . ' AS a,
159:                     ' . $cfg['tab']['files'] . ' AS b,
160:                     ' . $cfg['tab']['framefiles'] . " AS c
161:                 WHERE
162:                     a.name    = '" . $area . "' AND
163:                     b.idarea  = a.idarea AND
164:                     b.idfile  = c.idfile AND
165:                     c.idarea  = a.idarea AND
166:                     c.idframe = '" . $this->_frame . "' AND
167:                     a.online  = '1'";
168: 
169:         // Check if the user has access to this area.
170:         // Yes -> Extract all files
171:         // No -> Extract only irrelevant Files = (Field 'relevant' is 0)
172:         if (!$perm->have_perm_area_action($area)) {
173:             $sql .= " AND a.relevant = '0'";
174:         }
175:         $sql .= ' ORDER BY b.filename';
176: 
177:         $db->query($sql);
178: 
179:         while ($db->nextRecord()) {
180: 
181:             // Test if entry is a plug-in. If so don't add the Include path
182:             if (strstr($db->f('name'), '/')) {
183:                 $filepath = $cfg['path']['plugins'] . $db->f('name');
184:             } else {
185:                 $filepath = $cfg['path']['includes'] . $db->f('name');
186:             }
187: 
188:             // If filetype is Main AND parent_id is 0 file is a sub file
189:             if ($db->f('parent_id') != 0 && $db->f('type') == 'main') {
190:                 $this->_files['sub'][] = $filepath;
191:             }
192: 
193:             $this->_files[$db->f('type')][] = $filepath;
194:         }
195: 
196:         $debug = "Files:\n" . print_r($this->_files, true) . "\n" . "Actions:\n" . print_r($this->_actions[$this->_area], true) . "\n" . "Information:\n" . "Area: $area\n" . "Action: $action\n" . "Client: $client\n" . "Lang: $lang\n";
197:         $debug = $sql;
198:         cDebug::out($debug);
199:     }
200: 
201:     /**
202:      * Return code of action.
203:      * Checks if code file for given action exists. If so, read and return it
204:      * else return an empty string.
205:      *
206:      * @param string $action
207:      *         action to be read
208:      * @return string
209:      *         code for given action
210:      */
211:     public function getCode($action) {
212:         $actionCodeFile = cRegistry::getBackendPath() . 'includes/type/action/include.' . $action . '.action.php';
213:         if (cFileHandler::exists($actionCodeFile)) {
214:             return cFileHandler::read($actionCodeFile);
215:         }
216: 
217:         return '';
218:     }
219: 
220:     /**
221:      * Returns the specified file path.
222:      * Distinction between 'inc' and 'main' files.
223:      *
224:      * 'inc' => Required file like functions/classes etc.
225:      * 'main' => Main file
226:      *
227:      * @param string $which
228:      *         'inc' / 'main'
229:      * @return array
230:      */
231:     public function getFile($which) {
232:         if (isset($this->_files[$which])) {
233:             return $this->_files[$which];
234:         }
235:     }
236: 
237:     /**
238:      * Creates a log entry for the specified parameters.
239:      *
240:      * @param int $idcat
241:      *         Category-ID
242:      * @param int $idart
243:      *         Article-ID
244:      * @param int $client
245:      *         Client-ID
246:      * @param int $lang
247:      *         Language-ID
248:      * @param int|string $idaction
249:      *         Action (ID or canonical name)
250:      */
251:     public function log($idcat, $idart, $client, $lang, $idaction) {
252:         global $perm, $auth;
253: 
254:         if (!cSecurity::isInteger($client)) {
255:             return;
256:         } elseif (!cSecurity::isInteger($lang)) {
257:             return;
258:         }
259: 
260:         $oDb = cRegistry::getDb();
261: 
262:         $timestamp = date('Y-m-d H:i:s');
263:         $idcatart = 0;
264: 
265:         $idcat = (int) $idcat;
266:         $idart = (int) $idart;
267:         $client = (int) $client;
268:         $lang = (int) $lang;
269:         $idaction = $oDb->escape($idaction);
270: 
271:         if ($idcat > 0 && $idart > 0) {
272:             $oCatArtColl = new cApiCategoryArticleCollection();
273:             $oCatArt = $oCatArtColl->fetchByCategoryIdAndArticleId($idcat, $idart);
274:             $idcatart = $oCatArt->get('idcatart');
275:         }
276: 
277:         $oldaction = $idaction;
278:         $idaction = $perm->getIDForAction($idaction);
279: 
280:         if ($idaction != '') {
281:             $oActionLogColl = new cApiActionlogCollection();
282:             $oActionLogColl->create($auth->auth['uid'], $client, $lang, $idaction, $idcatart, $timestamp);
283:         } else {
284:             echo $oldaction . ' is not in the actions table!<br><br>';
285:         }
286:     }
287: }
288: