1: <?php
  2: /**
  3:  * This file contains the backend class.
  4:  *
  5:  * @package Core
  6:  * @subpackage Backend
  7:  * @version SVN Revision $Rev:$
  8:  *
  9:  * @author Jan Lengowski
 10:  * @copyright four for business AG <www.4fb.de>
 11:  * @license http://www.contenido.org/license/LIZENZ.txt
 12:  * @link http://www.4fb.de
 13:  * @link http://www.contenido.org
 14:  */
 15: 
 16: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
 17: 
 18: /**
 19:  * This class controls all backend actions.
 20:  *
 21:  * @package Core
 22:  * @subpackage Backend
 23:  */
 24: class cBackend {
 25: 
 26:     /**
 27:      * Possible actions
 28:      *
 29:      * @var array
 30:      */
 31:     protected $_actions = array();
 32: 
 33:     /**
 34:      * Files
 35:      *
 36:      * @var array
 37:      */
 38:     protected $_files = array();
 39: 
 40:     /**
 41:      * Stores the frame number
 42:      *
 43:      * @var int
 44:      */
 45:     protected $_frame = 0;
 46: 
 47:     /**
 48:      * Errors
 49:      *
 50:      * @var array
 51:      */
 52:     protected $_errors = array();
 53: 
 54:     /**
 55:      * Save area
 56:      *
 57:      * @var string
 58:      */
 59:     protected $_area = '';
 60: 
 61:     /**
 62:      * Set the frame number in which the file is loaded.
 63:      *
 64:      * @param int $frame [optional]
 65:      *         as number
 66:      */
 67:     public function setFrame($frame = 0) {
 68:         $this->_frame = cSecurity::toInteger($frame);
 69:     }
 70: 
 71:     /**
 72:      * Loads all required data from the DB and stores it in the $_actions and
 73:      * $_files array.
 74:      *
 75:      * @param string $area
 76:      *         selected area
 77:      */
 78:     public function select($area) {
 79:         // Required global vars
 80:         global $cfg, $client, $lang, $db, $perm, $action, $idcat;
 81:         global $idcat, $idtpl, $idmod, $idlay;
 82: 
 83:         if (isset($idcat)) {
 84:             $itemid = $idcat;
 85:         } elseif (isset($idtpl)) {
 86:             $itemid = $idtpl;
 87:         } elseif (isset($idmod)) {
 88:             $itemid = $idmod;
 89:         } elseif (isset($idlay)) {
 90:             $itemid = $idlay;
 91:         } else {
 92:             $itemid = 0;
 93:         }
 94: 
 95:         $itemid = cSecurity::toInteger($itemid);
 96:         $area = $db->escape($area);
 97: 
 98:         // Store Area
 99:         $this->_area = $area;
100: 
101:         // extract actions
102:         $sql = 'SELECT
103:                     b.name AS name,
104:                     b.code AS code,
105:                     b.relevant as relevant_action,
106:                     a.relevant as relevant_area
107:                 FROM
108:                     ' . $cfg['tab']['area'] . ' AS a,
109:                     ' . $cfg['tab']['actions'] . " AS b
110:                 WHERE
111:                     a.name   = '" . $area . "' AND
112:                     b.idarea = a.idarea AND
113:                     a.online = '1'";
114: 
115:         // Check if the user has access to this area.
116:         // Yes -> Grant him all actions
117:         // No -> Grant him only action which are irrelevant = (Field 'relevant'
118:         // is 0)
119: 
120:         if (!$perm->have_perm_area_action($area)) {
121:             $sql .= " AND a.relevant = '0'";
122:         }
123: 
124:         $db->query($sql);
125: 
126:         while ($db->nextRecord()) {
127: 
128:             // Save the action only access to the desired action is granted.
129:             // If this action is relevant for rights check if the user has
130:             // permission to
131:             // execute this action
132: 
133:             if ($db->f('relevant_action') == 1 && $db->f('relevant_area') == 1) {
134: 
135:                 if ($perm->have_perm_area_action_item($area, $db->f('name'), $itemid)) {
136:                     $this->_actions[$area][$db->f('name')] = $db->f('code');
137:                 }
138: 
139:                 if ($itemid == 0) {
140:                     // itemid not available, since its impossible the get the
141:                     // correct rights out
142:                     // we only check if userrights are given for these three
143:                     // items on any item
144:                     if ($action == 'mod_edit' || $action == 'tpl_edit' || $action == 'lay_edit') {
145:                         if ($perm->have_perm_area_action_anyitem($area, $db->f('name'))) {
146:                             $this->_actions[$area][$db->f('name')] = $db->f('code');
147:                         }
148:                     }
149:                 }
150:             } else {
151:                 $this->_actions[$area][$db->f('name')] = $db->f('code');
152:             }
153:         }
154: 
155:         $sql = 'SELECT
156:                     b.filename AS name,
157:                     b.filetype AS type,
158:                     a.parent_id AS parent_id
159:                 FROM
160:                     ' . $cfg['tab']['area'] . ' AS a,
161:                     ' . $cfg['tab']['files'] . ' AS b,
162:                     ' . $cfg['tab']['framefiles'] . " AS c
163:                 WHERE
164:                     a.name    = '" . $area . "' AND
165:                     b.idarea  = a.idarea AND
166:                     b.idfile  = c.idfile AND
167:                     c.idarea  = a.idarea AND
168:                     c.idframe = '" . $this->_frame . "' AND
169:                     a.online  = '1'";
170: 
171:         // Check if the user has access to this area.
172:         // Yes -> Extract all files
173:         // No -> Extract only irrelevant Files = (Field 'relevant' is 0)
174:         if (!$perm->have_perm_area_action($area)) {
175:             $sql .= " AND a.relevant = '0'";
176:         }
177:         $sql .= ' ORDER BY b.filename';
178: 
179:         $db->query($sql);
180: 
181:         while ($db->nextRecord()) {
182: 
183:             // Test if entry is a plug-in. If so don't add the Include path
184:             if (strstr($db->f('name'), '/')) {
185:                 $filepath = $cfg['path']['plugins'] . $db->f('name');
186:             } else {
187:                 $filepath = $cfg['path']['includes'] . $db->f('name');
188:             }
189: 
190:             // If filetype is Main AND parent_id is 0 file is a sub file
191:             if ($db->f('parent_id') != 0 && $db->f('type') == 'main') {
192:                 $this->_files['sub'][] = $filepath;
193:             }
194: 
195:             $this->_files[$db->f('type')][] = $filepath;
196:         }
197: 
198:         $debug = "Files:\n" . print_r($this->_files, true) . "\n" . "Actions:\n" . print_r($this->_actions[$this->_area], true) . "\n" . "Information:\n" . "Area: $area\n" . "Action: $action\n" . "Client: $client\n" . "Lang: $lang\n";
199:         $debug = $sql;
200:         cDebug::out($debug);
201:     }
202: 
203:     /**
204:      * Return code of action.
205:      * Checks if code file for given action exists. If so, read and return it
206:      * else return an empty string.
207:      *
208:      * @param string $action
209:      *         action to be read
210:      * @return string
211:      *         code for given action
212:      */
213:     public function getCode($action) {
214:         $actionCodeFile = cRegistry::getBackendPath() . 'includes/type/action/include.' . $action . '.action.php';
215:         if (cFileHandler::exists($actionCodeFile)) {
216:             return cFileHandler::read($actionCodeFile);
217:         }
218: 
219:         return '';
220:     }
221: 
222:     /**
223:      * Returns the specified file path.
224:      * Distinction between 'inc' and 'main' files.
225:      *
226:      * 'inc' => Required file like functions/classes etc.
227:      * 'main' => Main file
228:      *
229:      * @param string $which
230:      *         'inc' / 'main'
231:      * @return array
232:      */
233:     public function getFile($which) {
234:         if (isset($this->_files[$which])) {
235:             return $this->_files[$which];
236:         }
237:     }
238: 
239:     /**
240:      * Creates a log entry for the specified parameters.
241:      *
242:      * @param int $idcat
243:      *         Category-ID
244:      * @param int $idart
245:      *         Article-ID
246:      * @param int $client
247:      *         Client-ID
248:      * @param int $lang
249:      *         Language-ID
250:      * @param int|string $idaction
251:      *         Action (ID or canonical name)
252:      */
253:     public function log($idcat, $idart, $client, $lang, $idaction) {
254:         global $perm, $auth;
255: 
256:         if (!cSecurity::isInteger($client)) {
257:             return;
258:         } elseif (!cSecurity::isInteger($lang)) {
259:             return;
260:         }
261: 
262:         $oDb = cRegistry::getDb();
263: 
264:         $timestamp = date('Y-m-d H:i:s');
265:         $idcatart = 0;
266: 
267:         $idcat = (int) $idcat;
268:         $idart = (int) $idart;
269:         $client = (int) $client;
270:         $lang = (int) $lang;
271:         $idaction = $oDb->escape($idaction);
272: 
273:         if ($idcat > 0 && $idart > 0) {
274:             $oCatArtColl = new cApiCategoryArticleCollection();
275:             $oCatArt = $oCatArtColl->fetchByCategoryIdAndArticleId($idcat, $idart);
276:             $idcatart = $oCatArt->get('idcatart');
277:         }
278: 
279:         $oldaction = $idaction;
280:         $idaction = $perm->getIDForAction($idaction);
281: 
282:         if ($idaction != '') {
283:             $oActionLogColl = new cApiActionlogCollection();
284:             $oActionLogColl->create($auth->auth['uid'], $client, $lang, $idaction, $idcatart, $timestamp);
285:         } else {
286:             echo $oldaction . ' is not in the actions table!<br><br>';
287:         }
288:     }
289: }
290: