1: <?php
2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14:
15:
16: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
17:
18: 19: 20: 21: 22: 23:
24: class cBackend {
25:
26: 27: 28: 29: 30:
31: protected $_actions = array();
32:
33: 34: 35: 36: 37:
38: protected $_files = array();
39:
40: 41: 42: 43: 44:
45: protected $_frame = 0;
46:
47: 48: 49: 50: 51:
52: protected $_errors = array();
53:
54: 55: 56: 57: 58:
59: protected $_area = '';
60:
61: 62: 63: 64: 65:
66: public function setFrame($frame = 0) {
67: $this->_frame = cSecurity::toInteger($frame);
68: }
69:
70: 71: 72: 73: 74: 75:
76: public function select($area) {
77:
78: global $cfg, $client, $lang, $db, $perm, $action, $idcat;
79: global $idcat, $idtpl, $idmod, $idlay;
80:
81: if (isset($idcat)) {
82: $itemid = $idcat;
83: } elseif (isset($idtpl)) {
84: $itemid = $idtpl;
85: } elseif (isset($idmod)) {
86: $itemid = $idmod;
87: } elseif (isset($idlay)) {
88: $itemid = $idlay;
89: } else {
90: $itemid = 0;
91: }
92:
93: $itemid = cSecurity::toInteger($itemid);
94: $area = $db->escape($area);
95:
96:
97: $this->_area = $area;
98:
99:
100: $sql = 'SELECT
101: b.name AS name,
102: b.code AS code,
103: b.relevant as relevant_action,
104: a.relevant as relevant_area
105: FROM
106: ' . $cfg['tab']['area'] . ' AS a,
107: ' . $cfg['tab']['actions'] . " AS b
108: WHERE
109: a.name = '" . $area . "' AND
110: b.idarea = a.idarea AND
111: a.online = '1'";
112:
113:
114:
115:
116:
117:
118: if (!$perm->have_perm_area_action($area)) {
119: $sql .= " AND a.relevant = '0'";
120: }
121:
122: $db->query($sql);
123:
124: while ($db->nextRecord()) {
125:
126:
127:
128:
129:
130:
131: if ($db->f('relevant_action') == 1 && $db->f('relevant_area') == 1) {
132:
133: if ($perm->have_perm_area_action_item($area, $db->f('name'), $itemid)) {
134: $this->_actions[$area][$db->f('name')] = $db->f('code');
135: }
136:
137: if ($itemid == 0) {
138:
139:
140:
141:
142: if ($action == 'mod_edit' || $action == 'tpl_edit' || $action == 'lay_edit') {
143: if ($perm->have_perm_area_action_anyitem($area, $db->f('name'))) {
144: $this->_actions[$area][$db->f('name')] = $db->f('code');
145: }
146: }
147: }
148: } else {
149: $this->_actions[$area][$db->f('name')] = $db->f('code');
150: }
151: }
152:
153: $sql = 'SELECT
154: b.filename AS name,
155: b.filetype AS type,
156: a.parent_id AS parent_id
157: FROM
158: ' . $cfg['tab']['area'] . ' AS a,
159: ' . $cfg['tab']['files'] . ' AS b,
160: ' . $cfg['tab']['framefiles'] . " AS c
161: WHERE
162: a.name = '" . $area . "' AND
163: b.idarea = a.idarea AND
164: b.idfile = c.idfile AND
165: c.idarea = a.idarea AND
166: c.idframe = '" . $this->_frame . "' AND
167: a.online = '1'";
168:
169:
170:
171:
172: if (!$perm->have_perm_area_action($area)) {
173: $sql .= " AND a.relevant = '0'";
174: }
175: $sql .= ' ORDER BY b.filename';
176:
177: $db->query($sql);
178:
179: while ($db->nextRecord()) {
180:
181:
182: if (strstr($db->f('name'), '/')) {
183: $filepath = $cfg['path']['plugins'] . $db->f('name');
184: } else {
185: $filepath = $cfg['path']['includes'] . $db->f('name');
186: }
187:
188:
189: if ($db->f('parent_id') != 0 && $db->f('type') == 'main') {
190: $this->_files['sub'][] = $filepath;
191: }
192:
193: $this->_files[$db->f('type')][] = $filepath;
194: }
195:
196: $debug = "Files:\n" . print_r($this->_files, true) . "\n" . "Actions:\n" . print_r($this->_actions[$this->_area], true) . "\n" . "Information:\n" . "Area: $area\n" . "Action: $action\n" . "Client: $client\n" . "Lang: $lang\n";
197: cDebug::out($debug);
198: }
199:
200: 201: 202: 203: 204: 205: 206: 207:
208: public function getCode($action) {
209: $actionCodeFile = cRegistry::getBackendPath() . 'includes/type/action/include.' . $action . '.action.php';
210: if (cFileHandler::exists($actionCodeFile)) {
211: return cFileHandler::read($actionCodeFile);
212: }
213:
214: return '';
215: }
216:
217: 218: 219: 220: 221: 222: 223: 224: 225: 226:
227: public function getFile($which) {
228: if (isset($this->_files[$which])) {
229: return $this->_files[$which];
230: }
231: }
232:
233: 234: 235: 236: 237: 238: 239: 240: 241:
242: public function log($idcat, $idart, $client, $lang, $idaction) {
243: global $perm, $auth;
244:
245: if (!cSecurity::isInteger($client)) {
246: return;
247: } elseif (!cSecurity::isInteger($lang)) {
248: return;
249: }
250:
251: $oDb = cRegistry::getDb();
252:
253: $timestamp = date('Y-m-d H:i:s');
254: $idcatart = 0;
255:
256: $idcat = (int) $idcat;
257: $idart = (int) $idart;
258: $client = (int) $client;
259: $lang = (int) $lang;
260: $idaction = $oDb->escape($idaction);
261:
262: if ($idcat > 0 && $idart > 0) {
263: $oCatArtColl = new cApiCategoryArticleCollection();
264: $oCatArt = $oCatArtColl->fetchByCategoryIdAndArticleId($idcat, $idart);
265: $idcatart = $oCatArt->get('idcatart');
266: }
267:
268: $oldaction = $idaction;
269: $idaction = $perm->getIDForAction($idaction);
270:
271: if ($idaction != '') {
272: $oActionLogColl = new cApiActionlogCollection();
273: $oActionLogColl->create($auth->auth['uid'], $client, $lang, $idaction, $idcatart, $timestamp);
274: } else {
275: echo $oldaction . ' is not in the actions table!<br><br>';
276: }
277: }
278: }
279: