1: <?php
  2: /**
  3:  * This file contains the backend class.
  4:  *
  5:  * @package Core
  6:  * @subpackage Backend
  7:  * @version SVN Revision $Rev:$
  8:  *
  9:  * @author Jan Lengowski
 10:  * @copyright four for business AG <www.4fb.de>
 11:  * @license http://www.contenido.org/license/LIZENZ.txt
 12:  * @link http://www.4fb.de
 13:  * @link http://www.contenido.org
 14:  */
 15: 
 16: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
 17: 
 18: /**
 19:  * This class controls all backend actions.
 20:  *
 21:  * @package Core
 22:  * @subpackage Backend
 23:  */
 24: class cBackend {
 25: 
 26:     /**
 27:      * Possible actions
 28:      *
 29:      * @var array
 30:      */
 31:     protected $_actions = array();
 32: 
 33:     /**
 34:      * Files
 35:      *
 36:      * @var array
 37:      */
 38:     protected $_files = array();
 39: 
 40:     /**
 41:      * Stores the frame number
 42:      *
 43:      * @var int
 44:      */
 45:     protected $_frame = 0;
 46: 
 47:     /**
 48:      * Errors
 49:      *
 50:      * @var array
 51:      */
 52:     protected $_errors = array();
 53: 
 54:     /**
 55:      * Save area
 56:      *
 57:      * @var string
 58:      */
 59:     protected $_area = '';
 60: 
 61:     /**
 62:      * Set the frame number in which the file is loaded.
 63:      *
 64:      * @param int $frame as number
 65:      */
 66:     public function setFrame($frame = 0) {
 67:         $this->_frame = cSecurity::toInteger($frame);
 68:     }
 69: 
 70:     /**
 71:      * Loads all required data from the DB and stores it in the $_actions and
 72:      * $_files array.
 73:      *
 74:      * @param string $area selected area
 75:      */
 76:     public function select($area) {
 77:         // Required global vars
 78:         global $cfg, $client, $lang, $db, $perm, $action, $idcat;
 79:         global $idcat, $idtpl, $idmod, $idlay;
 80: 
 81:         if (isset($idcat)) {
 82:             $itemid = $idcat;
 83:         } elseif (isset($idtpl)) {
 84:             $itemid = $idtpl;
 85:         } elseif (isset($idmod)) {
 86:             $itemid = $idmod;
 87:         } elseif (isset($idlay)) {
 88:             $itemid = $idlay;
 89:         } else {
 90:             $itemid = 0;
 91:         }
 92: 
 93:         $itemid = cSecurity::toInteger($itemid);
 94:         $area = $db->escape($area);
 95: 
 96:         // Store Area
 97:         $this->_area = $area;
 98: 
 99:         // extract actions
100:         $sql = 'SELECT
101:                     b.name AS name,
102:                     b.code AS code,
103:                     b.relevant as relevant_action,
104:                     a.relevant as relevant_area
105:                 FROM
106:                     ' . $cfg['tab']['area'] . ' AS a,
107:                     ' . $cfg['tab']['actions'] . " AS b
108:                 WHERE
109:                     a.name   = '" . $area . "' AND
110:                     b.idarea = a.idarea AND
111:                     a.online = '1'";
112: 
113:         // Check if the user has access to this area.
114:         // Yes -> Grant him all actions
115:         // No -> Grant him only action which are irrelevant = (Field 'relevant'
116:         // is 0)
117: 
118:         if (!$perm->have_perm_area_action($area)) {
119:             $sql .= " AND a.relevant = '0'";
120:         }
121: 
122:         $db->query($sql);
123: 
124:         while ($db->nextRecord()) {
125: 
126:             // Save the action only access to the desired action is granted.
127:             // If this action is relevant for rights check if the user has
128:             // permission to
129:             // execute this action
130: 
131:             if ($db->f('relevant_action') == 1 && $db->f('relevant_area') == 1) {
132: 
133:                 if ($perm->have_perm_area_action_item($area, $db->f('name'), $itemid)) {
134:                     $this->_actions[$area][$db->f('name')] = $db->f('code');
135:                 }
136: 
137:                 if ($itemid == 0) {
138:                     // itemid not available, since its impossible the get the
139:                     // correct rights out
140:                     // we only check if userrights are given for these three
141:                     // items on any item
142:                     if ($action == 'mod_edit' || $action == 'tpl_edit' || $action == 'lay_edit') {
143:                         if ($perm->have_perm_area_action_anyitem($area, $db->f('name'))) {
144:                             $this->_actions[$area][$db->f('name')] = $db->f('code');
145:                         }
146:                     }
147:                 }
148:             } else {
149:                 $this->_actions[$area][$db->f('name')] = $db->f('code');
150:             }
151:         }
152: 
153:         $sql = 'SELECT
154:                     b.filename AS name,
155:                     b.filetype AS type,
156:                     a.parent_id AS parent_id
157:                 FROM
158:                     ' . $cfg['tab']['area'] . ' AS a,
159:                     ' . $cfg['tab']['files'] . ' AS b,
160:                     ' . $cfg['tab']['framefiles'] . " AS c
161:                 WHERE
162:                     a.name    = '" . $area . "' AND
163:                     b.idarea  = a.idarea AND
164:                     b.idfile  = c.idfile AND
165:                     c.idarea  = a.idarea AND
166:                     c.idframe = '" . $this->_frame . "' AND
167:                     a.online  = '1'";
168: 
169:         // Check if the user has access to this area.
170:         // Yes -> Extract all files
171:         // No -> Extract only irrelevant Files = (Field 'relevant' is 0)
172:         if (!$perm->have_perm_area_action($area)) {
173:             $sql .= " AND a.relevant = '0'";
174:         }
175:         $sql .= ' ORDER BY b.filename';
176: 
177:         $db->query($sql);
178: 
179:         while ($db->nextRecord()) {
180: 
181:             // Test if entry is a plug-in. If so don't add the Include path
182:             if (strstr($db->f('name'), '/')) {
183:                 $filepath = $cfg['path']['plugins'] . $db->f('name');
184:             } else {
185:                 $filepath = $cfg['path']['includes'] . $db->f('name');
186:             }
187: 
188:             // If filetype is Main AND parent_id is 0 file is a sub file
189:             if ($db->f('parent_id') != 0 && $db->f('type') == 'main') {
190:                 $this->_files['sub'][] = $filepath;
191:             }
192: 
193:             $this->_files[$db->f('type')][] = $filepath;
194:         }
195: 
196:         $debug = "Files:\n" . print_r($this->_files, true) . "\n" . "Actions:\n" . print_r($this->_actions[$this->_area], true) . "\n" . "Information:\n" . "Area: $area\n" . "Action: $action\n" . "Client: $client\n" . "Lang: $lang\n";
197:         $debug = $sql;
198:         cDebug::out($debug);
199:     }
200: 
201:     /**
202:      * Return code of action.
203:      * Checks if code file for given action exists. If so, read and return it
204:      * else return an empty string.
205:      *
206:      * @param string $action action to be read
207:      * @return string code for given action
208:      */
209:     public function getCode($action) {
210:         $actionCodeFile = cRegistry::getBackendPath() . 'includes/type/action/include.' . $action . '.action.php';
211:         if (cFileHandler::exists($actionCodeFile)) {
212:             return cFileHandler::read($actionCodeFile);
213:         }
214: 
215:         return '';
216:     }
217: 
218:     /**
219:      * Returns the specified file path.
220:      * Distinction between 'inc' and 'main' files.
221:      *
222:      * 'inc' => Required file like functions/classes etc.
223:      * 'main' => Main file
224:      *
225:      * @param string $which 'inc' / 'main'
226:      * @return array
227:      */
228:     public function getFile($which) {
229:         if (isset($this->_files[$which])) {
230:             return $this->_files[$which];
231:         }
232:     }
233: 
234:     /**
235:      * Creates a log entry for the specified parameters.
236:      *
237:      * @param int $idcat Category-ID
238:      * @param int $idart Article-ID
239:      * @param int $client Client-ID
240:      * @param int $lang Language-ID
241:      * @param int|string $idaction Action (ID or canonical name)
242:      */
243:     public function log($idcat, $idart, $client, $lang, $idaction) {
244:         global $perm, $auth;
245: 
246:         if (!cSecurity::isInteger($client)) {
247:             return;
248:         } elseif (!cSecurity::isInteger($lang)) {
249:             return;
250:         }
251: 
252:         $oDb = cRegistry::getDb();
253: 
254:         $timestamp = date('Y-m-d H:i:s');
255:         $idcatart = 0;
256: 
257:         $idcat = (int) $idcat;
258:         $idart = (int) $idart;
259:         $client = (int) $client;
260:         $lang = (int) $lang;
261:         $idaction = $oDb->escape($idaction);
262: 
263:         if ($idcat > 0 && $idart > 0) {
264:             $oCatArtColl = new cApiCategoryArticleCollection();
265:             $oCatArt = $oCatArtColl->fetchByCategoryIdAndArticleId($idcat, $idart);
266:             $idcatart = $oCatArt->get('idcatart');
267:         }
268: 
269:         $oldaction = $idaction;
270:         $idaction = $perm->getIDForAction($idaction);
271: 
272:         if ($idaction != '') {
273:             $oActionLogColl = new cApiActionlogCollection();
274:             $oActionLogColl->create($auth->auth['uid'], $client, $lang, $idaction, $idcatart, $timestamp);
275:         } else {
276:             echo $oldaction . ' is not in the actions table!<br><br>';
277:         }
278:     }
279: }
280: