/core/inc/bigtree/admin.php

Large files files are truncated, but you can click here to view the full file

<?
	/*
		Class: BigTreeAdmin
			The main class used by the admin for manipulating and retrieving data.
	*/

	class BigTreeAdmin {

		var $PerPage = 15;

		// !View Types
		var $ViewTypes = array(
			"searchable" => "Searchable List",
			"draggable" => "Draggable List",
			"images" => "Image List",
			"grouped" => "Grouped List",
			"images-grouped" => "Grouped Image List"
		);

		// !Reserved Column Names
		var $ReservedColumns = array(
			"id",
			"position",
			"archived",
			"approved"
		);

		// !View Actions
		var $ViewActions = array(
			"approve" => array(
				"key" => "approved",
				"name" => "Approve",
				"class" => "icon_approve icon_approve_on"
			),
			"archive" => array(
				"key" => "archived",
				"name" => "Archive",
				"class" => "icon_archive"
			),
			"feature" => array(
				"key" => "featured",
				"name" => "Feature",
				"class" => "icon_feature icon_feature_on"
			),
			"edit" => array(
				"key" => "id",
				"name" => "Edit",
				"class" => "icon_edit"
			),
			"delete" => array(
				"key" => "id",
				"name" => "Delete",
				"class" => "icon_delete"
			)
		);
		
		/*
			Constructor:
				Initializes the user's permissions.
		*/
		
		function __construct() {
			if (isset($_SESSION["bigtree"]["email"])) {
				$this->ID = $_SESSION["bigtree"]["id"];
				$this->User = $_SESSION["bigtree"]["email"];
				$this->Level = $_SESSION["bigtree"]["level"];
				$this->Name = $_SESSION["bigtree"]["name"];
				$this->Permissions = $_SESSION["bigtree"]["permissions"];
			} elseif (isset($_COOKIE["bigtree"]["email"])) {
				$user = mysql_escape_string($_COOKIE["bigtree"]["email"]);
				$pass = mysql_escape_string($_COOKIE["bigtree"]["password"]);
				$f = sqlfetch(sqlquery("SELECT * FROM bigtree_users WHERE email = '$user' AND password = '$pass'"));
				if ($f) {
					$this->ID = $f["id"];
					$this->User = $user;
					$this->Level = $f["level"];
					$this->Name = $f["name"];
					$this->Permissions = json_decode($f["permissions"],true);
					$_SESSION["bigtree"]["id"] = $f["id"];
					$_SESSION["bigtree"]["email"] = $f["email"];
					$_SESSION["bigtree"]["level"] = $f["level"];
					$_SESSION["bigtree"]["name"] = $f["name"];
					$_SESSION["bigtree"]["permissions"] = $this->Permissions;
				}
			}
		}
		
		/*
			Function: archivePage
				Archives a page.
			
			Parameters:
				page - Either a page id or page entry.
		
			Returns:
				true if successful. false if the logged in user doesn't have permission.
			
			See Also:
				<archivePageChildren>
		*/

		function archivePage($page) {
			global $cms;
			
			if (is_array($page)) {
				$page = mysql_real_escape_string($page["id"]);
			} else {
				$page = mysql_real_escape_string($page);
			}

			$access = $this->getPageAccessLevel($page);
			if ($access == "p" && $this->canModifyChildren($cms->getPage($page))) {
				sqlquery("UPDATE bigtree_pages SET archived = 'on' WHERE id = '$page'");
				$this->archivePageChildren($page);
				$this->growl("Pages","Archived Page");
				$this->track("bigtree_pages",$page,"archived");
				return true;
			}
			return false;
		}
		
		/*
			Function: archivePageChildren
				Archives a page's children and sets the archive status to inherited.
			
			Parameters:
				page - A page id.
			
			See Also:
				<archivePage>
		*/

		function archivePageChildren($page) {
			$page = mysql_real_escape_string($page);
			$q = sqlquery("SELECT * FROM bigtree_pages WHERE parent = '$page'");
			while ($f = sqlfetch($q)) {
				if (!$f["archived"]) {
					sqlquery("UPDATE bigtree_pages SET archived = 'on', archived_inherited = 'on' WHERE id = '".$f["id"]."'");
					$this->track("bigtree_pages",$f["id"],"archived");
					$this->archivePageChildren($f["id"]);
				}
			}
		}

		/*
			Function: autoIPL
				Automatically converts links to internal page links.
			
			Parameters:
				html - A string of contents that may contain URLs
			
			Returns:
				A string with hard links converted into internal page links.
		*/

		function autoIPL($html) {
			// If this string is actually just a URL, IPL it.
			if (substr($html,0,7) == "http://" || substr($html,0,8) == "https://") {
				$html = $this->makeIPL($html);
			// Otherwise, switch all the image srcs and javascripts srcs and whatnot to {wwwroot}.
			} else {
				$html = preg_replace_callback('/href="([^"]*)"/',create_function('$matches','
					global $cms;
					$href = str_replace("{wwwroot}",$GLOBALS["www_root"],$matches[1]);
					if (strpos($href,$GLOBALS["www_root"]) !== false) {
						$command = explode("/",rtrim(str_replace($GLOBALS["www_root"],"",$href),"/"));
						list($navid,$commands) = $cms->getNavId($command);
						$page = $cms->getPage($navid,false);
						if ($navid && (!$commands[0] || substr($page["template"],0,6) == "module" || substr($commands[0],0,1) == "#")) {
							$href = "ipl://".$navid."//".base64_encode(json_encode($commands));
						}
					}
					$href = str_replace($GLOBALS["www_root"],"{wwwroot}",$href);
					return \'href="\'.$href.\'"\';'
				),$html);
				$html = str_replace($GLOBALS["www_root"],"{wwwroot}",$html);
			}
			return $html;
		}
		
		/*
			Function: canAccessGroup
				Returns whether or not the logged in user can access a module group.
				Utility for form field types / views -- we already know module group permissions are enabled so we skip some overhead
		
			Parameters:
				module - A module entry.
				group - A group id.
			
			Returns:
				true if the user can access this group, otherwise false.
		*/
			
		function canAccessGroup($module,$group) {
			if ($this->Level > 0) {
				return true;
			}

			$id = $module["id"];

			if ($this->Permissions["module"][$id] && $this->Permissions["module"][$id] != "n") {
				return true;
			}

			if (is_array($this->Permissions["module_gbp"][$id])) {
				$gp = $this->Permissions["module_gbp"][$id][$group];
				if ($gp && $gp != "n") {
					return true;
				}
			}

			return false;
		}
		
		/*
			Function: canModifyChildren
				Checks whether the logged in user can modify all child pages or a page.
				Assumes we already know that we're a publisher of the parent.
			
			Parameters:
				page - The page entry to check children for.
			
			Returns:
				true if the user can modify all the page children, otherwise false.
		*/
		
		function canModifyChildren($page) {
			if ($this->Level > 0) {
				return true;
			}
			
			$q = sqlquery("SELECT id FROM bigtree_pages WHERE path LIKE '".mysql_real_escape_string($page["path"])."%'");
			while ($f = sqlfetch($q)) {
				$perm = $this->Permissions["page"][$f["id"]];
				if ($perm == "n" || $perm == "e") {
					return false;
				}
			}
			
			return true;
		}
		
		/*
			Function: changePassword
				Changes a user's password via a password change hash and redirects to a success page.

			Paramters:
				hash - The unique hash generated by <forgotPassword>.
				password - The user's new password.

			See Also:
				<forgotPassword>

		*/

		function changePassword($hash,$password) {
			global $config;

			$hash = mysql_real_escape_string($hash);
			$user = sqlfetch(sqlquery("SELECT * FROM bigtree_users WHERE change_password_hash = '$hash'"));

			$phpass = new PasswordHash($config["password_depth"], TRUE);
			$password = mysql_real_escape_string($phpass->HashPassword($password));

			sqlquery("UPDATE bigtree_users SET password = '$password', change_password_hash = '' WHERE id = '".$user["id"]."'");
			header("Location: ".$GLOBALS["admin_root"]."login/reset-success/");
			die();
		}
		
		/*
			Function: checkAccess
				Determines whether the logged in user has access to a module or not.
			
			Parameters:
				module - Either a module id or module entry.
			
			Returns:
				true if the user can access the module, otherwise false.
		*/
		
		function checkAccess($module) {
			if (is_array($module)) {
				$module = $module["id"];
			}

			if ($this->Level > 0) {
				return true;
			}

			if ($this->Permissions["module"][$module] && $this->Permissions["module"][$module] != "n") {
				return true;
			}

			if (is_array($this->Permissions["module_gbp"][$module])) {
				foreach ($this->Permissions["module_gbp"][$module] as $p) {
					if ($p != "n") {
						return true;
					}
				}
			}

			return false;
		}
		
		/*
			Function: checkHTML
				Checks a block of HTML for broken links/images
			
			Parameters:
				relative_path - The starting path of the page containing the HTML (so that relative links, i.e. "good/" know where to begin)
				html - A string of HTML
				external - Whether to check external links (slow) or not
		
			Returns:
				An array of errors.
		*/

		function checkHTML($relative_path,$html,$external = false) {
			if (!$html) {
				return array();
			}
			$errors = array();
			$doc = new DOMDocument();
			$doc->loadHTML($html);
			// Check A tags.
			$links = $doc->getElementsByTagName("a");
			foreach ($links as $link) {
				$href = $link->getAttribute("href");
				$href = str_replace(array("{wwwroot}","%7Bwwwroot%7D"),$GLOBALS["www_root"],$href);
				if (substr($href,0,4) == "http" && strpos($href,$GLOBALS["www_root"]) === false) {
					// External link, not much we can do but alert that it's dead
					if ($external) {
						if (strpos($href,"#") !== false)
							$href = substr($href,0,strpos($href,"#")-1);
						if (!$this->urlExists($href)) {
							$errors["a"][] = $href;
						}
					}
				} elseif (substr($href,0,6) == "ipl://") {
					if (!$this->iplExists($href)) {
						$errors["a"][] = $href;
					}
				} elseif (substr($href,0,7) == "mailto:" || substr($href,0,1) == "#" || substr($href,0,5) == "data:") {
					// Don't do anything, it's a page mark, data URI, or email address
				} elseif (substr($href,0,4) == "http") {
					// It's a local hard link
					if (!$this->urlExists($href)) {
						$errors["a"][] = $href;
					}
				} else {
					// Local file.
					$local = $relative_path.$href;
					if (!$this->urlExists($local)) {
						$errors["a"][] = $local;
					}
				}
			}
			// Check IMG tags.
			$images = $doc->getElementsByTagName("img");
			foreach ($images as $image) {
				$href = $image->getAttribute("src");
				$href = str_replace(array("{wwwroot}","%7Bwwwroot%7D"),$GLOBALS["www_root"],$href);
				if (substr($href,0,4) == "http" && strpos($href,$GLOBALS["www_root"]) === false) {
					// External link, not much we can do but alert that it's dead
					if ($external) {
						if (!$this->urlExists($href)) {
							$errors["img"][] = $href;
						}
					}
				} elseif (substr($href,0,6) == "ipl://") {
					if (!$this->iplExists($href)) {
						$errors["a"][] = $href;
					}
				} elseif (substr($href,0,5) == "data:") {
					// Do nothing, it's a data URI
				} elseif (substr($href,0,4) == "http") {
					// It's a local hard link
					if (!$this->urlExists($href)) {
						$errors["img"][] = $href;
					}
				} else {
					// Local file.
					$local = $relative_path.$href;
					if (!$this->urlExists($local)) {
						$errors["img"][] = $local;
					}
				}
			}
			return array($errors);
		}
		
		/*
			Function: clearCache
				Removes all files in the cache directory.
		*/

		function clearCache() {
			$d = opendir($GLOBALS["server_root"]."cache/");
			while ($f = readdir($d)) {
				if ($f != "." && $f != ".." && !is_dir($GLOBALS["server_root"]."cache/".$f)) {
					unlink($GLOBALS["server_root"]."cache/".$f);
				}
			}
		}
		
		/*
			Function: createCallout
				Creates a callout and its files.
			
			Parameters:
				id - The id.
				name - The name.
				description - The description.
				level - Access level (0 for everyone, 1 for administrators, 2 for developers).
				resources - An array of resources.
		*/
		
		function createCallout($id,$name,$description,$level,$resources) {
			// If we're creating a new file, let's populate it with some convenience things to show what resources are available.
			$file_contents = '<?
	/*
		Resources Available:
';			
			
			$cached_types = $this->getCachedFieldTypes();
			$types = $cached_types["callout"];
			
			$clean_resources = array();
			foreach ($resources as $resource) {
				if ($resource["id"] && $resource["id"] != "type") {
					$options = json_decode($resource["options"],true);
					foreach ($options as $key => $val) {
						if ($key != "title" && $key != "id" && $key != "type") {
							$resource[$key] = $val;
						}
					}
					
					$file_contents .= '		$'.$resource["id"].' = '.$resource["title"].' - '.$types[$resource["type"]]."\n";
					
					$resource["id"] = htmlspecialchars($resource["id"]);
					$resource["title"] = htmlspecialchars($resource["title"]);
					$resource["subtitle"] = htmlspecialchars($resource["subtitle"]);
					unset($resource["options"]);
					$clean_resources[] = $resource;
				}
			}
			
			$file_contents .= '	*/
?>';		
			
			// Clean up the post variables
			$id = mysql_real_escape_string(htmlspecialchars($id));
			$name = mysql_real_escape_string(htmlspecialchars($name));
			$description = mysql_real_escape_string(htmlspecialchars($description));
			$level = mysql_real_escape_string($level);
			$resources = mysql_real_escape_string(json_encode($clean_resources));
			
			if (!file_exists($GLOBALS["server_root"]."templates/callouts/".$id.".php")) {
				file_put_contents($GLOBALS["server_root"]."templates/callouts/".$id.".php",$file_contents);
				chmod($GLOBALS["server_root"]."templates/callouts/".$id.".php",0777);
			}
			
			sqlquery("INSERT INTO bigtree_callouts (`id`,`name`,`description`,`resources`,`level`) VALUES ('$id','$name','$description','$resources','$level')");
		}
		
		/*
			Function: createFeed
				Creates a feed.
			
			Parameters:
				name - The name.
				description - The description.
				table - The data table.
				type - The feed type.
				options - The feed type options.
				fields - The fields.
			
			Returns:
				The route to the new feed.
		*/
		
		function createFeed($name,$description,$table,$type,$options,$fields) {
			global $cms;
			
			// Options were encoded before submitting the form, so let's get them back.
			$options = json_decode($options,true);
			if (is_array($options)) {
				foreach ($options as &$option) {
					$option = str_replace($www_root,"{wwwroot}",$option);
				}
			}
			
			// Get a unique route!
			$route = $cms->urlify($name);
			$x = 2;
			$oroute = $route;
			$f = $cms->getFeedByRoute($route);
			while ($f) {
				$route = $oroute."-".$x;
				$f = $cms->getFeedByRoute($route);
				$x++;
			}
			
			// Fix stuff up for the db.
			$name = mysql_real_escape_string(htmlspecialchars($name));
			$description = mysql_real_escape_string(htmlspecialchars($description));
			$table = mysql_real_escape_string($table);
			$type = mysql_real_escape_string($type);
			$options = mysql_real_escape_string(json_encode($options));
			$fields = mysql_real_escape_string(json_encode($fields));
			$route = mysql_real_escape_string($route);
			
			sqlquery("INSERT INTO bigtree_feeds (`route`,`name`,`description`,`type`,`table`,`fields`,`options`) VALUES ('$route','$name','$description','$type','$table','$fields','$options')");
			
			return $route;
		}
		
		/*
			Function: createFieldType
				Creates a field type and its files.
			
			Parameters:
				id - The id of the field type.
				name - The name.
				pages - Whether it can be used as a page resource or not ("on" is yes)
				modules - Whether it can be used as a module resource or not ("on" is yes)
				callouts - Whether it can be used as a callout resource or not ("on" is yes)
		*/
		
		function createFieldType($id,$name,$pages,$modules,$callouts) {
			$id = mysql_real_escape_string($id);
			$name = mysql_real_escape_string(htmlspecialchars($name));
			$author = mysql_real_escape_string($this->Name);
			$pages = mysql_real_escape_string($pages);
			$modules = mysql_real_escape_string($modules);
			$callouts = mysql_real_escape_string($callouts);
			
			$file = "$id.php";
			
			sqlquery("INSERT INTO bigtree_field_types (`id`,`name`,`pages`,`modules`,`callouts`) VALUES ('$id','$name','$pages','$modules','$callouts')");
			
			// Make the files for draw and process and options if they don't exist.
			if (!file_exists($GLOBALS["server_root"]."custom/admin/form-field-types/draw/$file")) {
				BigTree::touchFile($GLOBALS["server_root"]."custom/admin/form-field-types/draw/$file");
				file_put_contents($GLOBALS["server_root"]."custom/admin/form-field-types/draw/$file",'<? include BigTree::path("admin/form-field-types/draw/text.php"); ?>');
				chmod($GLOBALS["server_root"]."custom/admin/form-field-types/draw/$file",0777);
			}
			if (!file_exists($GLOBALS["server_root"]."custom/admin/form-field-types/process/$file")) {
				BigTree::touchFile($GLOBALS["server_root"]."custom/admin/form-field-types/process/$file");
				file_put_contents($GLOBALS["server_root"]."custom/admin/form-field-types/process/$file",'<? $value = $data[$key]; ?>');
				chmod($GLOBALS["server_root"]."custom/admin/form-field-types/process/$file",0777);
			}
			if (!file_exists($GLOBALS["server_root"]."custom/admin/ajax/developer/field-options/$file")) {
				BigTree::touchFile($GLOBALS["server_root"]."custom/admin/ajax/developer/field-options/$file");
				chmod($GLOBALS["server_root"]."custom/admin/ajax/developer/field-options/$file",0777);
			}
				
			unlink($GLOBALS["server_root"]."cache/form-field-types.btc");
		}
		
		/*
			Function: createMessage
				Creates a message in message center.
			
			Parameters:
				subject - The subject line.
				message - The message.
				recipients - The recipients.
				in_response_to - The message being replied to.
		*/
		
		function createMessage($subject,$message,$recipients,$in_response_to = 0) {
			// Clear tags out of the subject, sanitize the message body of XSS attacks.
			$subject = mysql_real_escape_string(htmlspecialchars(strip_tags($subject)));
			$message = mysql_real_escape_string(strip_tags($message,"<p><b><strong><em><i><a>"));
			$in_response_to = mysql_real_escape_string($in_response_to);
			
			// We build the send_to field this way so that we don't have to create a second table of recipients.
			// Is it faster database wise using a LIKE over a JOIN? I don't know, but it makes for one less table.
			$send_to = "|";
			foreach ($recipients as $r) {
				// Make sure they actually put in a number and didn't try to screw with the $_POST
				$send_to .= intval($r)."|";
			}
			
			$send_to = mysql_real_escape_string($send_to);
			
			sqlquery("INSERT INTO bigtree_messages (`sender`,`recipients`,`subject`,`message`,`date`,`response_to`) VALUES ('".$this->ID."','$send_to','$subject','$message',NOW(),'$in_response_to')");	
		}
		
		/*
			Function: createModule
				Creates a module and its class file.
			
			Parameters:
				name - The name of the module.
				group - The group for the module.
				class - The module class to create.
				table - The table this module relates to.
				permissions - The group-based permissions.
			
			Returns:
				The new module id.
		*/
		
		function createModule($name,$group,$class,$table,$permissions) {
			global $cms;
			
			// Find an available module route.
			$route = $cms->urlify($name);
			
			// Go through the hard coded modules
			$existing = array();
			$d = opendir($GLOBALS["server_root"]."core/admin/modules/");
			while ($f = readdir($d)) {
				if ($f != "." && $f != "..") {
					$existing[] = $f;
				}
			}
			// Go through the directories (really ajax, css, images, js)
			$d = opendir($GLOBALS["server_root"]."core/admin/");
			while ($f = readdir($d)) {
				if ($f != "." && $f != "..") {
					$existing[] = $f;
				}
			}
			// Go through the hard coded pages
			$d = opendir($GLOBALS["server_root"]."core/admin/pages/");
			while ($f = readdir($d)) {
				if ($f != "." && $f != "..") {
					// Drop the .php
					$existing[] = substr($f,0,-4);
				}
			}
			// Go through already created modules
			$q = sqlquery("SELECT route FROM bigtree_modules");
			while ($f = sqlfetch($q)) {
				$existing[] = $f["route"];
			}
			
			// Get a unique route
			$x = 2;
			$oroute = $route;
			while (in_array($route,$existing)) {
				$route = $oroute."-".$x;
				$x++;
			}
			
			$name = mysql_real_escape_string(htmlspecialchars($name));
			$route = mysql_real_escape_string($route);
			$class = mysql_real_escape_string($class);
			$group = mysql_real_escape_string($group);
			$gbp = mysql_real_escape_string(json_encode($permissions));
			
			sqlquery("INSERT INTO bigtree_modules (`name`,`route`,`class`,`group`,`gbp`) VALUES ('$name','$route','$class','$group','$gbp')");
			$id = sqlid();
			
			if ($class) {
				// Create class module.
				$f = fopen($GLOBALS["server_root"]."custom/inc/modules/$route.php","w");
				fwrite($f,"<?\n");
				fwrite($f,"	class $class extends BigTreeModule {\n");
				fwrite($f,"\n");
				fwrite($f,'		var $Table = "'.$table.'";'."\n");
				fwrite($f,'		var $Module = "'.$id.'";'."\n");
				fwrite($f,"	}\n");
				fwrite($f,"?>\n");
				fclose($f);
				chmod($GLOBALS["server_root"]."custom/inc/modules/$route.php",0777);
				
				// Remove cached class list.
				unlink($GLOBALS["server_root"]."cache/module-class-list.btc");
			}
			
			return $id;
		}
		
		/*
			Function: createModuleAction
				Creates a module action.
			
			Parameters:
				module - The module to create an action for.
				name - The name of the action.
				route - The action route.
				in_nav - Whether the action is in the navigation.
				icon - The icon class for the action.
				form - Optional auto module form id.
				view - Optional auto module view id.
		*/
		
		function createModuleAction($module,$name,$route,$in_nav,$icon,$form = 0,$view = 0) {
			$module = mysql_real_escape_string($module);
			$route = mysql_real_escape_string(htmlspecialchars($route));
			$in_nav = mysql_real_escape_string($in_nav);
			$icon = mysql_real_escape_string($icon);
			$name = mysql_real_escape_string(htmlspecialchars($name));
			$form = mysql_real_escape_string($form);
			$view = mysql_real_escape_string($view);
		
			$oroute = $route;
			$x = 2;
			while ($f = sqlfetch(sqlquery("SELECT * FROM bigtree_module_actions WHERE module = '$module' AND route = '$route'"))) {
				$route = $oroute."-".$x;
				$x++;
			}
			
			sqlquery("INSERT INTO bigtree_module_actions (`module`,`name`,`route`,`in_nav`,`class`,`form`,`view`) VALUES ('$module','$name','$route','$in_nav','$icon','$form','$view')");
		}
		
		/*
			Function: createModuleForm
				Creates a module form.
			
			Parameters:
				title - The title of the form.
				table - The table for the form data.
				fields - The form fields.
				javascript - Optional Javascript file to include in the form.
				css - Optional CSS file to include in the form.
				callback - Optional callback function to run after the form processes.
				default_position - Default position for entries to the form (if the view is positioned).
				
			Returns:
				The new form id.
		*/
		
		function createModuleForm($title,$table,$fields,$javascript = "",$css = "",$callback = "",$default_position = "") {
			$title = mysql_real_escape_string(htmlspecialchars($title));
			$table = mysql_real_escape_string($table);
			$fields = mysql_real_escape_string(json_encode($fields));
			$javascript - mysql_real_escape_string(htmlspecialchars($javascript));
			$css - mysql_real_escape_string(htmlspecialchars($css));
			$callback - mysql_real_escape_string($callback);
			$default_position - mysql_real_escape_string($default_position);
			
			sqlquery("INSERT INTO bigtree_module_forms (`title`,`table`,`fields`,`javascript`,`css`,`callback`,`default_position`) VALUES ('$title','$table','$fields','$javascript','$css','$callback','$default_position')");
			return sqlid();
		}
		
		/*
			Function: createModuleGroup
				Creates a module group.
			
			Parameters:
				name - The name of the group.
				package - The (optional) package id the group originated from.
			
			Returns:
				The id of the newly created group.
		*/
		
		function createModuleGroup($name,$in_nav,$package = 0) {
			global $cms;
			
			$name = mysql_real_escape_string($name);
			$packge = mysql_real_escape_string($package);
			
			// Get a unique route
			$x = 2;
			$route = $cms->urlify($name);
			$oroute = $route;
			while ($this->getModuleGroupByRoute($route)) {
				$route = $oroute."-".$x;
				$x++;			
			}
			
			// Just to be safe
			$route = mysql_real_escape_string($route);
			
			sqlquery("INSERT INTO bigtree_module_groups (`name`,`route`,`in_nav`,`package`) VALUES ('$name','$route','$in_nav','$package')");
			return sqlid();
		}
		
		/*
			Function: createModuleView
				Creates a module view.
			
			Parameters:
				title - View title.
				description - Description.
				table - Data table.
				type - View type.
				options - View options array.
				fields - Field array.
				actions - Actions array.
				suffix - Add/Edit suffix.
				uncached - Don't cache the view.
				preview_url - Optional preview URL.
				
			Returns:
				The id for view.
		*/
		
		function createModuleView($title,$description,$table,$type,$options,$fields,$actions,$suffix,$uncached = "",$preview_url = "") {
			$title = mysql_real_escape_string(htmlspecialchars($title));
			$description = mysql_real_escape_string(htmlspecialchars($description));
			$table = mysql_real_escape_string($table);
			$type = mysql_real_escape_string($type);
			$options = mysql_real_escape_string(json_encode($options));
			$fields = mysql_real_escape_string(json_encode($fields));
			$actions = mysql_real_escape_string(json_encode($actions));
			$suffix = mysql_real_escape_string($suffix);
			$uncached = mysql_real_escape_string($uncached);
			$preview_url = mysql_real_escape_string(htmlspecialchars($preview_url));
			
			sqlquery("INSERT INTO bigtree_module_views (`title`,`description`,`type`,`fields`,`actions`,`table`,`options`,`suffix`,`uncached`,`preview_url`) VALUES ('$title','$description','$type','$fields','$actions','$table','$options','$suffix','$uncached','$preview_url')");
			
			return sqlid();
		}
		
		/*
			Function: createPage
				Creates a page.
				Does not check permissions.
			
			Parameters:
				data - An array of page information.
			
			Returns:
				The id of the newly created page.
		*/

		function createPage($data) {
			global $cms;
			
			// Loop through the posted data, make sure no session hijacking is done.
			foreach ($data as $key => $val) {
				if (substr($key,0,1) != "_") {
					if (is_array($val)) {
						$$key = mysql_real_escape_string(json_encode($val));
					} else {
						$$key = mysql_real_escape_string($val);
					}
				}
			}
			
			// If there's an external link, make sure it's a relative URL
			if ($external) {
				$external = $this->makeIPL($external);
			}
			
			
			// Who knows what they may have put in for a route, so we're not going to use the mysql_real_escape_string version.
			$route = $data["route"];
			if (!$route) {
				// If they didn't specify a route use the navigation title
				$route = $cms->urlify($data["nav_title"]);
			} else {
				// Otherwise sanitize the one they did provide.
				$route = $cms->urlify($route);
			}
			
			// We need to figure out a unique route for the page.  Make sure it doesn't match a directory in /site/
			$original_route = $route;
			$x = 2;
			// Reserved paths.
			if ($parent == 0) {
				while (file_exists($GLOBALS["server_root"]."site/".$route."/")) {
					$route = $original_route."-".$x;
					$x++;
				}
			}
			
			// Make sure it doesn't have the same route as any of its siblings.
			$f = sqlfetch(sqlquery("SELECT * FROM bigtree_pages WHERE `route` = '$route' AND parent = '$parent'"));
			while ($f) {
				$route = $original_route."-".$x;
				$f = sqlfetch(sqlquery("SELECT * FROM bigtree_pages WHERE `route` = '$route' AND parent = '$parent'"));
				$x++;
			}
			
			// If we have a parent, get the full navigation path, otherwise, just use this route as the path since it's top level.
			if ($parent) {
				$path = $this->getFullNavigationPath($parent)."/".$route;
			} else {
				$path = $route;
			}
			
			// If we set a publish at date, make it the proper MySQL format.
			if ($publish_at) {
				$publish_at = "'".date("Y-m-d",strtotime($publish_at))."'";
			} else {
				$publish_at = "NULL";
			}

			// If we set an expiration date, make it the proper MySQL format.
			if ($expire_at) {
				$expire_at = "'".date("Y-m-d",strtotime($expire_at))."'";
			} else {
				$expire_at = "NULL";
			}
			
			// Make the title, navigation title, description, keywords, and external link htmlspecialchar'd -- these are all things we'll be echoing in the HTML so we might as well make them valid now instead of at display time.
			
			$title = htmlspecialchars($title);
			$nav_title = htmlspecialchars($nav_title);
			$meta_description = htmlspecialchars($meta_description);
			$meta_keywords = htmlspecialchars($meta_keywords);
			$external = htmlspecialchars($external);

			// Make the page!
			sqlquery("INSERT INTO bigtree_pages (`parent`,`nav_title`,`route`,`path`,`in_nav`,`title`,`template`,`external`,`new_window`,`resources`,`callouts`,`meta_keywords`,`meta_description`,`last_edited_by`,`created_at`,`updated_at`,`publish_at`,`expire_at`,`max_age`) VALUES ('$parent','$nav_title','$route','$path','$in_nav','$title','$template','$external','$new_window','$resources','$callouts','$meta_keywords','$meta_description','".$this->ID."',NOW(),NOW(),$publish_at,$expire_at,'$max_age')");

			$id = sqlid();

			// Handle tags
			if (is_array($data["_tags"])) {
				foreach ($data["_tags"] as $tag) {
					sqlquery("INSERT INTO bigtree_tags_rel (`module`,`entry`,`tag`) VALUES ('0','$id','$tag')");
				}
			}

			// If there was an old page that had previously used this path, dump its history so we can take over the path.
			sqlquery("DELETE FROM bigtree_route_history WHERE old_route = '$path'");
			
			// Dump the cache, we don't really know how many pages may be showing this now in their nav.
			$this->clearCache();
			// Let search engines know this page now exists.
			$this->pingSearchEngines();
			// Audit trail.
			$this->track("bigtree_pages",$id,"created");

			return $id;
		}
		
		/*
			Function: createPendingChange
				Creates a pending change.
			
			Parameters:
				table - The table the change applies to.
				item_id - The entry the change applies to's id.
				changes - The changes to the fields in the entry.
				mtm_changes - Many to Many changes.
				tags_changes - Tags changes.
				module - The module id for the change.
				
			Returns:
				The change id.
		*/
		
		function createPendingChange($table,$item_id,$changes,$mtm_changes = array(),$tags_changes = array(),$module = 0) {
			$table = mysql_real_escape_string($table);
			$item_id = mysql_real_escape_string($item_id);
			$changes = mysql_real_escape_string(json_encode($changes));
			$mtm_changes = mysql_real_escape_string(json_encode($mtm_changes));
			$tags_changes = mysql_real_escape_string(json_encode($tags_changes));
			$module = mysql_real_escape_string($module);
			
			sqlquery("INSERT INTO bigtree_pending_changes (`user`,`date`,`table`,`item_id`,`changes`,`mtm_changes`,`tags_changes`,`module`) VALUES ('".$this->ID."',NOW(),'$table','$item_id','$changes','$mtm_changes','$tags_changes','$module')");
			return sqlid();
		}
		
		/*
			Function: createPendingPage
				Creates a pending page entry in bigtree_pending_changes
			
			Parameters:
				data - An array of page information.
		
			Returns:
				The id of the pending change.
		*/

		function createPendingPage($data) {
			global $cms;
			
			// Make a relative URL for external links.
			if ($data["external"]) {
				$data["external"] = $this->makeIPL($data["external"]);
			}
			
			// Save the tags, then dump them from the saved changes array.
			$tags = mysql_real_escape_string(json_encode($data["_tags"]));
			unset($data["_tags"]);
			
			// Make the nav title, title, external link, keywords, and description htmlspecialchar'd for displaying on the front end / the form again.
			$data["nav_title"] = htmlspecialchars($data["nav_title"]);
			$data["title"] = htmlspecialchars($data["title"]);
			$data["external"] = htmlspecialchars($data["external"]);
			$data["meta_keywords"] = htmlspecialchars($data["meta_keywords"]);
			$data["meta_description"] = htmlspecialchars($data["meta_description"]);
			
			$parent = mysql_real_escape_string($data["parent"]);

			// JSON encode the changes and stick them in the database.
			unset($data["MAX_FILE_SIZE"]);
			unset($data["ptype"]);
			$data = mysql_real_escape_string(json_encode($data));
			
			sqlquery("INSERT INTO bigtree_pending_changes (`user`,`date`,`title`,`table`,`changes`,`tags_changes`,`type`,`module`,`pending_page_parent`) VALUES ('".$this->ID."',NOW(),'New Page Created','bigtree_pages','$data','$tags','NEW','','$parent')");
			$id = sqlid();
			
			// Audit trail
			$this->track("bigtree_pages","p$id","created-pending");

			return $id;
		}
		
		/*
			Function: createResource
				Creates a resource.
			
			Parameters:
				folder - The folder to place it in.
				file - The file path.
				name - The file name.
				type - The file type.
				is_image - Whether the resource is an image.
				height - The image height (if it's an image).
				width - The image width (if it's an image).
				thumbs - An array of thumbnails (if it's an image).
				list_thumb_margin - The margin for the list thumbnail (if it's an image).
			
			Returns:
				The new resource id.
		*/
		
		function createResource($folder,$file,$name,$type,$is_image = "",$height = 0,$width = 0,$thumbs = array(),$list_thumb_margin = 0) {
			$folder = mysql_real_escape_string($folder);
			$file = mysql_real_escape_string($file);
			$name = mysql_real_escape_string(htmlspecialchars($name));
			$type = mysql_real_escape_string($type);
			$is_image = mysql_real_escape_string($is_image);
			$height = intval($height);
			$width = intval($width);
			$thumbs = mysql_real_escape_string(json_encode($thumbs));
			$list_thumb_margin = intval($list_thumb_margin);
			
			sqlquery("INSERT INTO bigtree_resources (`file`,`date`,`name`,`type`,`folder`,`is_image`,`height`,`width`,`thumbs`,`list_thumb_margin`) VALUES ('$file',NOW(),'$name','$type','$folder','$is_image','$height','$width','$thumbs','$list_thumb_margin')");	
			return sqlid();
		}
		
		/*
			Function: createResourceFolder
				Creates a resource folder.
				Checks permissions.
			
			Paremeters:
				parent - The parent folder.
				name - The name of the new folder.
			
			Returns:
				The new folder id.
		*/
		
		function createResourceFolder($parent,$name) {
			$perm = $this->getResourceFolderPermission($parent);
			if ($perm != "p") {
				die("You don't have permission to make a folder here.");
			}
			
			$parent = mysql_real_escape_string($parent);
			$name = mysql_real_escape_string(htmlspecialchars($name));
			
			sqlquery("INSERT INTO bigtree_resource_folders (`name`,`parent`) VALUES ('$name','$parent')");
			return sqlid();
		}
		
		/*
			Function: createSetting
				Creates a setting.

			Parameters:
				data - An array of settings information. Available fields: "id", "name", "description", "type", "locked", "module", "encrypted", "system"

			Returns:
				True if successful, false if a setting already exists with the ID given.
		*/

		function createSetting($data) {
			// Avoid _SESSION hijacking.
			foreach ($data as $key => $val) {
				if (substr($key,0,1) != "_" && !is_array($val)) {
					$$key = mysql_real_escape_string(htmlspecialchars($val));
				}
			}
			
			// We don't want this encoded since it's a WYSIWYG field.
			$description = mysql_real_escape_string($data["description"]);

			// See if there's already a setting with this ID
			$r = sqlrows(sqlquery("SELECT id FROM bigtree_settings WHERE id = '$id'"));
			if ($r) {
				return false;
			}

			sqlquery("INSERT INTO bigtree_settings (`id`,`name`,`description`,`type`,`locked`,`encrypted`,`system`) VALUES ('$id','$name','$description','$type','$locked','$encrypted','$system')");
			// Audit trail.
			$this->track("bigtree_settings",$id,"created");

			return true;
		}
		
		/*
			Function: createTag
				Creates a new tag, or returns the id of an existing one.
			
			Parameters:
				tag - The tag.
			
			Returns:
				If the tag exists, returns the existing tag's id.
				Otherwise, returns the new tag id.
		*/
		
		function createTag($tag) {	
			global $cms;
			
			$tag = strtolower(html_entity_decode($tag));
			// Check if the tag exists already.
			$f = sqlfetch(sqlquery("SELECT * FROM bigtree_tags WHERE tag = '".mysql_real_escape_string($tag)."'"));
			
			if (!$f) {
				$meta = metaphone($tag);
				$route = $cms->urlify($tag);
				$oroute = $route;
				$x = 2;
				while ($f = sqlfetch(sqlquery("SELECT * FROM bigtree_tags WHERE route = '$route'"))) {
					$route = $oroute."-".$x;
					$x++;
				}
				sqlquery("INSERT INTO bigtree_tags (`tag`,`metaphone`,`route`) VALUES ('".mysql_real_escape_string($tag)."','$meta','$route')");
				$id = sqlid();
			} else {
				$id = $f["id"];
			}
			
			return $id;
		}
		
		/*
			Function: createTemplate
				Creates a template and its default files/directories.
		
			Paremeters:
				id - Id for the template.
				name - Name
				description - Description
				routed - Basic ("") or Routed ("on")
				level - Access level (0 for everyone, 1 for administrators, 2 for developers)
				module - Related module id
				image - Image
				callouts_enabled - "on" for yes
				resources - An array of resources
		*/
		
		function createTemplate($id,$name,$description,$routed,$level,$module,$image,$callouts_enabled,$resources) {
			// If we're creating a new file, let's populate it with some convenience things to show what resources are available.
			$file_contents = "<?\n	/*\n		Resources Available:\n";
		
			$types = $this->getCachedFieldTypes();
			$types = $types["template"];
		
			$clean_resources = array();
			foreach ($resources as $resource) {
			    if ($resource["id"]) {
			    	$options = json_decode($resource["options"],true);
			    	foreach ($options as $key => $val) {
			    		if ($key != "title" && $key != "id" && $key != "type") {
			    			$resource[$key] = $val;
			    		}
			    	}
			    	
			    	$file_contents .= '		$'.$resource["id"].' = '.$resource["title"].' - '.$types[$resource["type"]]."\n";
			    	
			    	$resource["id"] = htmlspecialchars($resource["id"]);
			    	$resource["title"] = htmlspecialchars($resource["title"]);
			    	$resource["subtitle"] = htmlspecialchars($resource["subtitle"]);
			    	unset($resource["options"]);
			    	$clean_resources[] = $resource;
			    }
			}
						
			
			$file_contents .= '	*/
?>';		
			
			if ($routed == "on") {
				if (!file_exists($GLOBALS["server_root"]."templates/routed/".$id)) {
					mkdir($GLOBALS["server_root"]."templates/routed/".$id);
					chmod($GLOBALS["server_root"]."templates/routed/".$id,0777);
				}
				if (!file_exists($GLOBALS["server_root"]."templates/routed/".$id."/default.php")) {
					file_put_contents($GLOBALS["server_root"]."templates/routed/".$id."/default.php",$file_contents);
					chmod($GLOBALS["server_root"]."templates/routed/".$id."/default.php",0777);
				}
			} else {
				if (!file_exists($GLOBALS["server_root"]."templates/basic/".$id.".php")) {
					file_put_contents($GLOBALS["server_root"]."templates/basic/".$id.".php",$file_contents);
					chmod($GLOBALS["server_root"]."templates/basic/".$id.".php",0777);
				}
			}
			
			$id = mysql_real_escape_string($id);
			$name = mysql_real_escape_string(htmlspecialchars($name));
			$description = mysql_real_escape_string(htmlspecialchars($description));
			$module = mysql_real_escape_string($module);
			$resources = mysql_real_escape_string(json_encode($clean_resources));
			$image = mysql_real_escape_string($image);
			$level = mysql_real_escape_string($level);
			$callouts_enabled = mysql_real_escape_string($callouts_enabled);
			$routed = mysql_real_escape_string($routed);
			
			sqlquery("INSERT INTO bigtree_templates (`id`,`name`,`module`,`resources`,`image`,`description`,`level`,`callouts_enabled`,`routed`) VALUES ('$id','$name','$module','$resources','$image','$description','$level','$callouts_enabled','$routed')");
		}
		
		/*
			Function: createUser
				Creates a user.
				Checks for developer access.
			
			Parameters:
				data - An array of user data. ("email", "password", "name", "company", "level", "permissions")
			
			Returns:
				id of the newly created user or false if a user already exists with the provided email.
		*/

		function createUser($data) {
			global $config;
			
			// Safely go through the post data
			foreach ($data as $key => $val) {
				if (substr($key,0,1) != "_" && !is_array($val)) {
					$$key = mysql_real_escape_string($val);
				}
			}

			// See if the user already exists
			$r = sqlrows(sqlquery("SELECT * FROM bigtree_users WHERE email = '$email'"));
			if ($r > 0) {
				return false;
			}

			$permissions = mysql_real_escape_string(json_encode($data["permissions"]));
			
			// If the user is trying to create a developer user and they're not a developer, then… no.
			if ($level > $this->Level) {
				$level = $this->Level;
			}
			
			// Hash the password.
			$phpass = new PasswordHash($config["password_depth"], TRUE);
			$password = mysql_real_escape_string($phpass->HashPassword($data["password"]));

			sqlquery("INSERT INTO bigtree_users (`email`,`password`,`name`,`company`,`level`,`permissions`) VALUES ('$email','$password','$name','$company','$level','$permissions')");
			$id = sqlid();
			
			// Audit trail.
			$this->track("bigtree_users",$id,"created");

			return $id;
		}
		
		/*
			Function: deleteCallout
				Deletes a callout and removes its file.
			
			Parameters:
				id - The id of the callout.
		*/
		
		function deleteCallout($id) {
			$id = mysql_real_escape_string($id);
			sqlquery("DELETE FROM bigtree_callouts WHERE id = '$id'");
			unlink($GLOBALS["server_root"]."templates/callouts/$id.php");
		}
		
		/*
			Function: deleteFeed
				Deletes a feed.
			
			Parameters:
				id - The id of the feed.
		*/
		
		function deleteFeed($id) {
			$id = mysql_real_escape_string($id);
			sqlquery("DELETE FROM bigtree_feeds WHERE id = '$id'");
		}
		
		/*
			Function: deleteFieldType
				Deletes a field type and erases its files.
		
			Parameters:
				id - The id of the field type.
		*/
		
		function deleteFieldType($id) {
			unlink($GLOBALS["server_root"]."custom/admin/form-field-types/draw/$id.php");
			unlink($GLOBALS["server_root"]."custom/admin/form-field-types/process/$id.php");
			sqlquery("DELETE FROM bigtree_field_types WHERE id = '".mysql_real_escape_string($id)."'");
		}
		
		/*
			Function: deleteModule
				Deletes a module.
			
			Parameters:
				id - The id of the module.
		*/
		
		function deleteModule($id) {
			$id = mysql_real_escape_string($id);
			
			// Get info and delete the class.
			$module = $this->getModule($id);
			unlink($GLOBALS["server_root"]."custom/inc/modules/".$module["route"].".php");
	
			// Delete all the related auto module actions
			$actions = $this->getModuleActions($id);
			foreach ($actions as $action) {
				if ($action["form"]) {
					sqlquery("DELETE FROM bigtree_module_forms WHERE id = '".$action["form"]."'");
				}
				if ($action["view"]) {
					sqlquery("DELETE FROM bigtree_module_views WHERE id = '".$action["view"]."'");
				}
			}
			
			// Delete actions
			sqlquery("DELETE FROM bigtree_module_actions WHERE module = '$id'");
			
			// Delete the module
			sqlquery("DELETE FROM bigtree_modules WHERE id = '$id'");
		}
		
		/*
			Function: deleteModuleAction
				Deletes a module action.
				Also deletes the related form or view if no other action is using it.
			
			Parameters:
				id - The id of the action to delete.
		*/
		
		function deleteModuleAction($id) {
			$id = mysql_real_escape_string($id);
			
			$a = $this->getModuleAction($id);
			if ($a["form"]) {
				// Only delete the auto-ness if it's the only one using it.
				if (sqlrows(sqlquery("SELECT * FROM bigtree_module_actions WHERE form = '".$a["form"]."'")) == 1) {
					sqlquery("DELETE FROM bigtree_module_forms WHERE id = '".$a["form"]."'");
				}
			}
			if ($a["view"]) {
				// Only delete the auto-ness if it's the only one using it.
				if (sqlrows(sqlquery("SELECT * FROM bigtree_module_actions WHERE view = '".$a["view"]."'")) == 1) {
					sqlquery("DELETE FROM bigtree_module_views WHERE id = '".$a["view"]."'");
				}
			}
			sqlquery("DELETE FROM bigtree_module_actions WHERE id = '$id'");
		}
		
		/*
			Function: deleteModuleForm
				Deletes a module form and its related actions.
			
			Parameters:
				id - The id of the module form.
		*/
		
		function deleteModuleForm($id) {
			$id = mysql_real_escape_string($id);
			sqlquery("DELETE FROM bigtree_module_forms WHERE id = '$id'");
			sqlquery("DELETE FROM bigtree_module_actions WHERE form = '$id'");
		}
		
		/*
			Function: deleteModuleGroup
				Deletes a module group. Sets modules in the group to Misc.
			
			Parameters:
				id - The id of the module group.
		*/
		
		function deleteModuleGroup($id) {
			$id = mysql_real_escape_string($id);
			sqlquery("DELETE FROM bigtree_module_groups WHERE id = '$id'");
			sqlquery("UPDATE bigtree_modules SET `group` = '0' WHERE `group` = '$id'");
		}
		
		/*
			Function: deleteModuleView
				Deletes a module view and its related actions.
			
			Parameters:
				id - The id of the module view.
		*/
		
		function deleteModuleView($id) {
			$id = mysql_real_escape_string($id);
			sqlquery("DELETE FROM bigtree_module_views WHERE id = '$id'");
			sqlquery("DELETE FROM bigtree_module_actions WHERE view = '$id'");
		}
		
		/*
			Function: deletePage
				Deletes a page or a pending page.
				Checks permissions.
			
			Parameters:
				page - A page id or a pending page id prefixed with a "p"
			
			Returns:
				true if successful. Stops page execution if permission issues occur.
		*/		

		function deletePage($page) {
			global $cms;

			$page = mysql_real_escape_string($page);

			$r = $this->getPageAccessLevel($page);
			if ($r == "p" && $this->canModifyChildren($cms->getPage($page))) {
				// If the page isn't numeric it's most likely prefixed by the "p" so it's pending.
				if (!is_numeric($page)) {
					sqlquery("DELETE FROM bigtree_pending_changes WHERE id = '".mysql_real_escape_string(substr($page,1))."'");
					$this->growl("Pages","Deleted Page");
					$this->track("bigtree_pages","p$page","deleted-pending");
				} else {
					sqlquery("DELETE FROM bigtree_pages WHERE id = '$page'");
					// Delete the children as well.
					$this->deletePageChildren($page);
					$this->growl("Pages","Deleted Page");
					$this->track("bigtree_pages",$page,"deleted");
				}

				return true;
			}
			$this->stop("You do not have permission to delete this page.");
		}
		
		/*
			Function: deletePageChildren
				Deletes the children of a page and recurses downward.
				Does not check permissions.
			
			Parameters:
				id - The parent id to delete children for.
		*/

		function deletePageChildren($id) {
			$q = sqlquery("SELECT * FROM bigtree_pages WHERE parent = '$id'");
			while ($f = sqlfetch($q)) {
				$this->deletePageChildren($f["id"]);
			}
			sqlquery("DELETE FROM bigtree_pages WHERE parent = '$id'");
			$this->track("bigtree_pages",$id,"deleted");
		}
		
		/*
			Function: deletePageDraft
				Deletes a page draft.
				Checks permissions.
			
			Parameters:
				id - The page id to delete the draft for.
		*/
		
		function deletePageDraft($id) {
			$id = mysql_real_escape_string($id);
			// Get the version, check if the user has access to the page the version refers to.
			$access = $this->getPageAccessLevel($id);
			if ($access != "p") {
				$this->stop("You must be a publisher to manage revisions.");
			}
			
			// Delete draft copy
			sqlquery("DELETE FROM bigtree_pending_changes WHERE `table` = 'bigtree_pages' AND `item_id` = '$id'");
		}
		
		/*
			Function: deletePageRevision
				Deletes a page revision.
				Checks permissions.
			
			Parameters:
				id - The page version id.
		*/
		
		function deletePageRevision($id) {
			// Get the version, check if the user has access to the page the version refers to.
			$revision = $this->getPageRevision($id);
			$access = $this->getPageAccessLevel($revision["page"]);
			if ($access != "p") {
				$this->stop("You must be a publisher to manage revisions.");
			}
			
			// Delete the revision
			sqlquery("DELETE FROM bigtree_page_revisions WHERE id = '".$revision["id"]."'");
		}
		
		/*
			Function: deletePendingChange
				Deletes a pending change.
			
			Parameters:
				id - The id of the change.
		*/
		
		function deletePendingChange($id) {
			$id = mysql_real_escape_string($id);
			sqlquery("DELETE FROM bigtree_pending_changes WHERE id = '$id'");
		}
		
		/*
			Function: deleteSetting
				Deletes a setting.
			
			Parameters:
				id - The id of the setting.
		*/
		
		function deleteSetting($id) {
			$id = mysql_real_escape_string($id);
			sqlquery("DELETE FROM bigtree_settings WHERE id = '$id'");
		}
		
		/*
			Function: deleteTemplate
				Deletes a template.
			
			Parameters:
				id - The id of the template.
		*/
		
		function deleteTemplate($id) {
			$id = mysql_real_escape_string($id);
			sqlquery("DELETE FROM bigtree_templates WHERE id = '$id'");
		}
		
		/*
			Function: deleteUser
				Deletes a user.
				Checks for developer access.
			
			Parameters:
				id - The user id to delete.
		
			Returns:
				true if successful. false if the logged in user does not have permission to delete the user.
		*/

		function deleteUser($id) {
			$id = mysql_real_escape_string($id);
			// If this person has higher access levels than the person trying to update them, fail.
			$current = $this->getUser($id);
			if ($current["level"] > $this->Level) {
				return false;
			}

			sqlquery("DELETE FROM bigtree_users WHERE id = '$id'");

			// Audit trail
			$this->track("bigtree_users",$id,"deleted");

			return true;
		}
		
		/*
			Function: doesModuleEditActionExist
				Determines whether there is already an edit action for a module.
			
			Parameters:
				module - The module id to check.
		
			Returns:
				1 or 0, for true or false.
		*/
		
		function doesModuleEditActionExist($mo…