PageRenderTime 50ms CodeModel.GetById 21ms RepoModel.GetById 0ms app.codeStats 0ms

/admin/modules/system/content.php

https://gitlab.com/mucill/majalengka
PHP | 275 lines | 187 code | 14 blank | 74 comment | 27 complexity | 0f9e06a33b195da0163c8716f299bd1d MD5 | raw file
  1. <?php
  2. /**
  3. *
  4. * Copyright (C) 2007,2008 Arie Nugraha (dicarve@yahoo.com)
  5. *
  6. * This program is free software; you can redistribute it and/or modify
  7. * it under the terms of the GNU General Public License as published by
  8. * the Free Software Foundation; either version 3 of the License, or
  9. * (at your option) any later version.
  10. *
  11. * This program is distributed in the hope that it will be useful,
  12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. * GNU General Public License for more details.
  15. *
  16. * You should have received a copy of the GNU General Public License
  17. * along with this program; if not, write to the Free Software
  18. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  19. *
  20. */
  21. /* Dynamic content Management section */
  22. // key to authenticate
  23. define('INDEX_AUTH', '1');
  24. // key to get full database access
  25. define('DB_ACCESS', 'fa');
  26. // main system configuration
  27. require '../../../sysconfig.inc.php';
  28. // IP based access limitation
  29. require LIB.'ip_based_access.inc.php';
  30. do_checkIP('smc');
  31. do_checkIP('smc-system');
  32. // start the session
  33. require SB.'admin/default/session.inc.php';
  34. require SB.'admin/default/session_check.inc.php';
  35. require SIMBIO.'simbio_GUI/form_maker/simbio_form_table_AJAX.inc.php';
  36. require SIMBIO.'simbio_GUI/template_parser/simbio_template_parser.inc.php';
  37. require SIMBIO.'simbio_GUI/table/simbio_table.inc.php';
  38. require SIMBIO.'simbio_GUI/paging/simbio_paging.inc.php';
  39. require SIMBIO.'simbio_DB/datagrid/simbio_dbgrid.inc.php';
  40. require SIMBIO.'simbio_DB/simbio_dbop.inc.php';
  41. // privileges checking
  42. $can_read = utility::havePrivilege('system', 'r');
  43. $can_write = utility::havePrivilege('system', 'w');
  44. if (!$can_read) {
  45. die('<div class="errorBox">'.__('You don\'t have enough privileges to view this section').'</div>');
  46. }
  47. /* RECORD OPERATION */
  48. if (isset($_POST['saveData'])) {
  49. $contentTitle = trim(strip_tags($_POST['contentTitle']));
  50. $contentPath = trim(strip_tags($_POST['contentPath']));
  51. // check form validity
  52. if (empty($contentTitle) OR empty($contentPath)) {
  53. utility::jsAlert(__('Title or Path can\'t be empty!'));
  54. exit();
  55. } else {
  56. $data['content_title'] = $dbs->escape_string(strip_tags(trim($contentTitle)));
  57. $data['content_path'] = strtolower($dbs->escape_string(strip_tags(trim($contentPath))));
  58. if ($_POST['isNews'] && $_POST['isNews'] == '1') {
  59. $data['is_news'] = 1;
  60. }
  61. $data['content_desc'] = $dbs->escape_string(trim($_POST['contentDesc']));
  62. $data['input_date'] = date('Y-m-d H:i:s');
  63. $data['last_update'] = date('Y-m-d H:i:s');
  64. // create sql op object
  65. $sql_op = new simbio_dbop($dbs);
  66. if (isset($_POST['updateRecordID'])) {
  67. /* UPDATE RECORD MODE */
  68. // remove input date
  69. unset($data['input_date']);
  70. // filter update record ID
  71. $updateRecordID = (integer)$_POST['updateRecordID'];
  72. // update the data
  73. $update = $sql_op->update('content', $data, 'content_id='.$updateRecordID);
  74. if ($update) {
  75. // write log
  76. utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'system', $_SESSION['content_title'].' update content data ('.$data['content_title'].') with contentname ('.$data['contentname'].')');
  77. utility::jsAlert(__('Content data updated'));
  78. echo '<script type="text/javascript">parent.$(\'#mainContent\').simbioAJAX(parent.$.ajaxHistory[0].url);</script>';
  79. } else { utility::jsAlert(__('Content data FAILED to update!')."\nDEBUG : ".$sql_op->error); }
  80. exit();
  81. } else {
  82. /* INSERT RECORD MODE */
  83. // insert the data
  84. if ($sql_op->insert('content', $data)) {
  85. // write log
  86. utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'system', $_SESSION['realname'].' add new content ('.$data['content_title'].') with contentname ('.$data['contentname'].')');
  87. utility::jsAlert(__('Content data saved'));
  88. echo '<script type="text/javascript">parent.$(\'#mainContent\').simbioAJAX(\''.$_SERVER['PHP_SELF'].'\');</script>';
  89. } else { utility::jsAlert(__('Content data FAILED to save!')."\n".$sql_op->error); }
  90. exit();
  91. }
  92. }
  93. exit();
  94. } else if (isset($_POST['itemID']) AND !empty($_POST['itemID']) AND isset($_POST['itemAction'])) {
  95. if (!($can_read AND $can_write)) {
  96. die();
  97. }
  98. /* DATA DELETION PROCESS */
  99. $sql_op = new simbio_dbop($dbs);
  100. $failed_array = array();
  101. $error_num = 0;
  102. if (!is_array($_POST['itemID'])) {
  103. // make an array
  104. $_POST['itemID'] = array((integer)$_POST['itemID']);
  105. }
  106. // loop array
  107. foreach ($_POST['itemID'] as $itemID) {
  108. $itemID = (integer)$itemID;
  109. // get content data
  110. $content_q = $dbs->query('SELECT content_title FROM content WHERE content_id='.$itemID);
  111. $content_d = $content_q->fetch_row();
  112. if (!$sql_op->delete('content', "content_id='$itemID'")) {
  113. $error_num++;
  114. } else {
  115. // write log
  116. utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'system', $_SESSION['realname'].' DELETE content ('.$content_d[0].')');
  117. }
  118. }
  119. // error alerting
  120. if ($error_num == 0) {
  121. utility::jsAlert(__('All Data Successfully Deleted'));
  122. echo '<script type="text/javascript">parent.$(\'#mainContent\').simbioAJAX(\''.$_SERVER['PHP_SELF'].'?'.$_POST['lastQueryStr'].'\');</script>';
  123. } else {
  124. utility::jsAlert(__('Some or All Data NOT deleted successfully!\nPlease contact system administrator'));
  125. echo '<script type="text/javascript">parent.$(\'#mainContent\').simbioAJAX(\''.$_SERVER['PHP_SELF'].'?'.$_POST['lastQueryStr'].'\');</script>';
  126. }
  127. exit();
  128. }
  129. /* RECORD OPERATION END */
  130. /* search form */
  131. ?>
  132. <fieldset class="menuBox">
  133. <div class="menuBoxInner systemIcon">
  134. <div class="per_title">
  135. <h2><?php echo __('Content'); ?></h2>
  136. </div>
  137. <div class="sub_section">
  138. <div class="btn-group">
  139. <a href="<?php echo MWB; ?>system/content.php" class="btn btn-default"><i class="glyphicon glyphicon-list-alt"></i>&nbsp;<?php echo __('Content List'); ?></a>
  140. <a href="<?php echo MWB; ?>system/content.php?action=detail" class="btn btn-default"><i class="glyphicon glyphicon-plus"></i>&nbsp;<?php echo __('Add New Content'); ?></a>
  141. </div>
  142. <form name="search" action="<?php echo MWB; ?>system/content.php" id="search" method="get" style="display: inline;"><?php echo __('Search'); ?> :
  143. <input type="text" name="keywords" size="30" />
  144. <input type="submit" id="doSearch" value="<?php echo __('Search'); ?>" class="btn btn-default" />
  145. </form>
  146. </div>
  147. </div>
  148. </fieldset>
  149. <?php
  150. /* main content */
  151. if (isset($_POST['detail']) OR (isset($_GET['action']) AND $_GET['action'] == 'detail')) {
  152. if (!($can_read AND $can_write)) {
  153. die('<div class="errorBox">'.__('You don\'t have enough privileges to view this section').'</div>');
  154. }
  155. /* RECORD FORM */
  156. // try query
  157. $itemID = (integer)isset($_POST['itemID'])?$_POST['itemID']:0;
  158. $rec_q = $dbs->query('SELECT * FROM content WHERE content_id='.$itemID);
  159. $rec_d = $rec_q->fetch_assoc();
  160. // create new instance
  161. $form = new simbio_form_table_AJAX('mainForm', $_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'], 'post');
  162. $form->submit_button_attr = 'name="saveData" value="'.__('Save').'" class="btn btn-default"';
  163. // form table attributes
  164. $form->table_attr = 'align="center" id="dataList" cellpadding="5" cellspacing="0"';
  165. $form->table_header_attr = 'class="alterCell" style="font-weight: bold;"';
  166. $form->table_content_attr = 'class="alterCell2"';
  167. // edit mode flag set
  168. if ($rec_q->num_rows > 0) {
  169. $form->edit_mode = true;
  170. // record ID for delete process
  171. // form record id
  172. $form->record_id = $itemID;
  173. // form record title
  174. $form->record_title = $rec_d['content_title'];
  175. // submit button attribute
  176. $form->submit_button_attr = 'name="saveData" value="'.__('Update').'" class="btn btn-default"';
  177. }
  178. /* Form Element(s) */
  179. // content title
  180. $form->addTextField('text', 'contentTitle', __('Content Title').'*', $rec_d['content_title'], 'style="width: 100%;"');
  181. // content news flag
  182. $news_chbox[0] = array('0', __('No'));
  183. $news_chbox[1] = array('1', __('Yes'));
  184. $form->addRadio('isNews', __('This is News'), $news_chbox, $rec_d['is_news']);
  185. // content path
  186. $form->addTextField('text', 'contentPath', __('Path (Must be unique)').'*', $rec_d['content_path'], 'style="width: 50%;"');
  187. // content description
  188. $form->addTextField('textarea', 'contentDesc', __('Content Description'), htmlentities($rec_d['content_desc'], ENT_QUOTES), 'class="texteditor" tyle="width: 100%; height: 500px;"');
  189. // edit mode messagge
  190. if ($form->edit_mode) {
  191. echo '<div class="infoBox">'.__('You are going to update Content data'),' : <b>'.$rec_d['content_title'].'</b> <br />'.__('Last Updated').$rec_d['last_update'].'</div>'; //mfc
  192. }
  193. // print out the form object
  194. echo $form->printOut();
  195. // texteditor instance
  196. ?>
  197. <script type="text/javascript">
  198. $(document).ready(
  199. function() {
  200. /*
  201. $(\'#contentDesc\').removeAttr(\'disable\');
  202. tinymce.init({
  203. selector : "textarea#contentDesc",
  204. theme : "modern",
  205. plugins : "table media searchreplace directionality code",
  206. toolbar: "undo redo | styleselect | bold italic | alignleft aligncenter alignright alignjustify | bullist numlist outdent indent | link image | print preview media fullpage | forecolor backcolor emoticons",
  207. content_css : "'.(SWB.'admin/'.$sysconf['admin_template']['css']).'",
  208. height : 300
  209. });
  210. */
  211. CKEDITOR.replace( 'contentDesc' );
  212. $(document).bind('formEnabled', function() {
  213. CKEDITOR.instances.contentDesc.setReadOnly(false);
  214. });
  215. }
  216. );
  217. </script>';
  218. <?php
  219. } else {
  220. /* USER LIST */
  221. // table spec
  222. $table_spec = 'content AS c';
  223. // create datagrid
  224. $datagrid = new simbio_datagrid();
  225. if ($can_read AND $can_write) {
  226. $datagrid->setSQLColumn('c.content_id',
  227. 'c.content_title AS \''.__('Content Title').'\'',
  228. 'c.content_path AS \''.__('Path (Must be unique)').'\'',
  229. 'c.last_update AS \''.__('Last Updated').'\'');
  230. } else {
  231. $datagrid->setSQLColumn('c.content_title AS \''.__('Content Title').'\'',
  232. 'c.content_path AS \''.__('Path (Must be unique)').'\'',
  233. 'c.last_update AS \''.__('Last Updated').'\'');
  234. }
  235. $datagrid->setSQLorder('c.last_update DESC');
  236. // is there any search
  237. $criteria = 'c.content_id IS NOT NULL ';
  238. if (isset($_GET['keywords']) AND $_GET['keywords']) {
  239. $keywords = $dbs->escape_string($_GET['keywords']);
  240. $criteria .= " AND MATCH(content_title, content_desc) AGAINST('$keywords')";
  241. }
  242. $datagrid->setSQLCriteria($criteria);
  243. // set table and table header attributes
  244. $datagrid->table_attr = 'align="center" id="dataList" cellpadding="5" cellspacing="0"';
  245. $datagrid->table_header_attr = 'class="dataListHeader" style="font-weight: bold;"';
  246. // set delete proccess URL
  247. $datagrid->chbox_form_URL = $_SERVER['PHP_SELF'];
  248. // put the result into variables
  249. $datagrid_result = $datagrid->createDataGrid($dbs, $table_spec, 20, ($can_read AND $can_write));
  250. if (isset($_GET['keywords']) AND $_GET['keywords']) {
  251. $msg = str_replace('{result->num_rows}', $datagrid->num_rows, __('Found <strong>{result->num_rows}</strong> from your keywords')); //mfc
  252. echo '<div class="infoBox">'.$msg.' : "'.$_GET['keywords'].'"</div>';
  253. }
  254. echo $datagrid_result;
  255. }
  256. /* main content end */