/core/inc/bigtree/admin.php
PHP | 5582 lines | 2839 code | 674 blank | 2069 comment | 667 complexity | 0afe53e60456baae952d671ba41e975a MD5 | raw file
Possible License(s): LGPL-3.0, LGPL-2.1
Large files files are truncated, but you can click here to view the full file
- <?
- /*
- Class: BigTreeAdmin
- The main class used by the admin for manipulating and retrieving data.
- */
- class BigTreeAdmin {
- var $PerPage = 15;
- // !View Types
- var $ViewTypes = array(
- "searchable" => "Searchable List",
- "draggable" => "Draggable List",
- "images" => "Image List",
- "grouped" => "Grouped List",
- "images-grouped" => "Grouped Image List"
- );
- // !Reserved Column Names
- var $ReservedColumns = array(
- "id",
- "position",
- "archived",
- "approved"
- );
- // !View Actions
- var $ViewActions = array(
- "approve" => array(
- "key" => "approved",
- "name" => "Approve",
- "class" => "icon_approve icon_approve_on"
- ),
- "archive" => array(
- "key" => "archived",
- "name" => "Archive",
- "class" => "icon_archive"
- ),
- "feature" => array(
- "key" => "featured",
- "name" => "Feature",
- "class" => "icon_feature icon_feature_on"
- ),
- "edit" => array(
- "key" => "id",
- "name" => "Edit",
- "class" => "icon_edit"
- ),
- "delete" => array(
- "key" => "id",
- "name" => "Delete",
- "class" => "icon_delete"
- )
- );
-
- /*
- Constructor:
- Initializes the user's permissions.
- */
-
- function __construct() {
- if (isset($_SESSION["bigtree"]["email"])) {
- $this->ID = $_SESSION["bigtree"]["id"];
- $this->User = $_SESSION["bigtree"]["email"];
- $this->Level = $_SESSION["bigtree"]["level"];
- $this->Name = $_SESSION["bigtree"]["name"];
- $this->Permissions = $_SESSION["bigtree"]["permissions"];
- } elseif (isset($_COOKIE["bigtree"]["email"])) {
- $user = mysql_escape_string($_COOKIE["bigtree"]["email"]);
- $pass = mysql_escape_string($_COOKIE["bigtree"]["password"]);
- $f = sqlfetch(sqlquery("SELECT * FROM bigtree_users WHERE email = '$user' AND password = '$pass'"));
- if ($f) {
- $this->ID = $f["id"];
- $this->User = $user;
- $this->Level = $f["level"];
- $this->Name = $f["name"];
- $this->Permissions = json_decode($f["permissions"],true);
- $_SESSION["bigtree"]["id"] = $f["id"];
- $_SESSION["bigtree"]["email"] = $f["email"];
- $_SESSION["bigtree"]["level"] = $f["level"];
- $_SESSION["bigtree"]["name"] = $f["name"];
- $_SESSION["bigtree"]["permissions"] = $this->Permissions;
- }
- }
- }
-
- /*
- Function: archivePage
- Archives a page.
-
- Parameters:
- page - Either a page id or page entry.
-
- Returns:
- true if successful. false if the logged in user doesn't have permission.
-
- See Also:
- <archivePageChildren>
- */
- function archivePage($page) {
- global $cms;
-
- if (is_array($page)) {
- $page = mysql_real_escape_string($page["id"]);
- } else {
- $page = mysql_real_escape_string($page);
- }
- $access = $this->getPageAccessLevel($page);
- if ($access == "p" && $this->canModifyChildren($cms->getPage($page))) {
- sqlquery("UPDATE bigtree_pages SET archived = 'on' WHERE id = '$page'");
- $this->archivePageChildren($page);
- $this->growl("Pages","Archived Page");
- $this->track("bigtree_pages",$page,"archived");
- return true;
- }
- return false;
- }
-
- /*
- Function: archivePageChildren
- Archives a page's children and sets the archive status to inherited.
-
- Parameters:
- page - A page id.
-
- See Also:
- <archivePage>
- */
- function archivePageChildren($page) {
- $page = mysql_real_escape_string($page);
- $q = sqlquery("SELECT * FROM bigtree_pages WHERE parent = '$page'");
- while ($f = sqlfetch($q)) {
- if (!$f["archived"]) {
- sqlquery("UPDATE bigtree_pages SET archived = 'on', archived_inherited = 'on' WHERE id = '".$f["id"]."'");
- $this->track("bigtree_pages",$f["id"],"archived");
- $this->archivePageChildren($f["id"]);
- }
- }
- }
- /*
- Function: autoIPL
- Automatically converts links to internal page links.
-
- Parameters:
- html - A string of contents that may contain URLs
-
- Returns:
- A string with hard links converted into internal page links.
- */
- function autoIPL($html) {
- // If this string is actually just a URL, IPL it.
- if (substr($html,0,7) == "http://" || substr($html,0,8) == "https://") {
- $html = $this->makeIPL($html);
- // Otherwise, switch all the image srcs and javascripts srcs and whatnot to {wwwroot}.
- } else {
- $html = preg_replace_callback('/href="([^"]*)"/',create_function('$matches','
- global $cms;
- $href = str_replace("{wwwroot}",$GLOBALS["www_root"],$matches[1]);
- if (strpos($href,$GLOBALS["www_root"]) !== false) {
- $command = explode("/",rtrim(str_replace($GLOBALS["www_root"],"",$href),"/"));
- list($navid,$commands) = $cms->getNavId($command);
- $page = $cms->getPage($navid,false);
- if ($navid && (!$commands[0] || substr($page["template"],0,6) == "module" || substr($commands[0],0,1) == "#")) {
- $href = "ipl://".$navid."//".base64_encode(json_encode($commands));
- }
- }
- $href = str_replace($GLOBALS["www_root"],"{wwwroot}",$href);
- return \'href="\'.$href.\'"\';'
- ),$html);
- $html = str_replace($GLOBALS["www_root"],"{wwwroot}",$html);
- }
- return $html;
- }
-
- /*
- Function: canAccessGroup
- Returns whether or not the logged in user can access a module group.
- Utility for form field types / views -- we already know module group permissions are enabled so we skip some overhead
-
- Parameters:
- module - A module entry.
- group - A group id.
-
- Returns:
- true if the user can access this group, otherwise false.
- */
-
- function canAccessGroup($module,$group) {
- if ($this->Level > 0) {
- return true;
- }
- $id = $module["id"];
- if ($this->Permissions["module"][$id] && $this->Permissions["module"][$id] != "n") {
- return true;
- }
- if (is_array($this->Permissions["module_gbp"][$id])) {
- $gp = $this->Permissions["module_gbp"][$id][$group];
- if ($gp && $gp != "n") {
- return true;
- }
- }
- return false;
- }
-
- /*
- Function: canModifyChildren
- Checks whether the logged in user can modify all child pages or a page.
- Assumes we already know that we're a publisher of the parent.
-
- Parameters:
- page - The page entry to check children for.
-
- Returns:
- true if the user can modify all the page children, otherwise false.
- */
-
- function canModifyChildren($page) {
- if ($this->Level > 0) {
- return true;
- }
-
- $q = sqlquery("SELECT id FROM bigtree_pages WHERE path LIKE '".mysql_real_escape_string($page["path"])."%'");
- while ($f = sqlfetch($q)) {
- $perm = $this->Permissions["page"][$f["id"]];
- if ($perm == "n" || $perm == "e") {
- return false;
- }
- }
-
- return true;
- }
-
- /*
- Function: changePassword
- Changes a user's password via a password change hash and redirects to a success page.
- Paramters:
- hash - The unique hash generated by <forgotPassword>.
- password - The user's new password.
- See Also:
- <forgotPassword>
- */
- function changePassword($hash,$password) {
- global $config;
- $hash = mysql_real_escape_string($hash);
- $user = sqlfetch(sqlquery("SELECT * FROM bigtree_users WHERE change_password_hash = '$hash'"));
- $phpass = new PasswordHash($config["password_depth"], TRUE);
- $password = mysql_real_escape_string($phpass->HashPassword($password));
- sqlquery("UPDATE bigtree_users SET password = '$password', change_password_hash = '' WHERE id = '".$user["id"]."'");
- header("Location: ".$GLOBALS["admin_root"]."login/reset-success/");
- die();
- }
-
- /*
- Function: checkAccess
- Determines whether the logged in user has access to a module or not.
-
- Parameters:
- module - Either a module id or module entry.
-
- Returns:
- true if the user can access the module, otherwise false.
- */
-
- function checkAccess($module) {
- if (is_array($module)) {
- $module = $module["id"];
- }
- if ($this->Level > 0) {
- return true;
- }
- if ($this->Permissions["module"][$module] && $this->Permissions["module"][$module] != "n") {
- return true;
- }
- if (is_array($this->Permissions["module_gbp"][$module])) {
- foreach ($this->Permissions["module_gbp"][$module] as $p) {
- if ($p != "n") {
- return true;
- }
- }
- }
- return false;
- }
-
- /*
- Function: checkHTML
- Checks a block of HTML for broken links/images
-
- Parameters:
- relative_path - The starting path of the page containing the HTML (so that relative links, i.e. "good/" know where to begin)
- html - A string of HTML
- external - Whether to check external links (slow) or not
-
- Returns:
- An array of errors.
- */
- function checkHTML($relative_path,$html,$external = false) {
- if (!$html) {
- return array();
- }
- $errors = array();
- $doc = new DOMDocument();
- $doc->loadHTML($html);
- // Check A tags.
- $links = $doc->getElementsByTagName("a");
- foreach ($links as $link) {
- $href = $link->getAttribute("href");
- $href = str_replace(array("{wwwroot}","%7Bwwwroot%7D"),$GLOBALS["www_root"],$href);
- if (substr($href,0,4) == "http" && strpos($href,$GLOBALS["www_root"]) === false) {
- // External link, not much we can do but alert that it's dead
- if ($external) {
- if (strpos($href,"#") !== false)
- $href = substr($href,0,strpos($href,"#")-1);
- if (!$this->urlExists($href)) {
- $errors["a"][] = $href;
- }
- }
- } elseif (substr($href,0,6) == "ipl://") {
- if (!$this->iplExists($href)) {
- $errors["a"][] = $href;
- }
- } elseif (substr($href,0,7) == "mailto:" || substr($href,0,1) == "#" || substr($href,0,5) == "data:") {
- // Don't do anything, it's a page mark, data URI, or email address
- } elseif (substr($href,0,4) == "http") {
- // It's a local hard link
- if (!$this->urlExists($href)) {
- $errors["a"][] = $href;
- }
- } else {
- // Local file.
- $local = $relative_path.$href;
- if (!$this->urlExists($local)) {
- $errors["a"][] = $local;
- }
- }
- }
- // Check IMG tags.
- $images = $doc->getElementsByTagName("img");
- foreach ($images as $image) {
- $href = $image->getAttribute("src");
- $href = str_replace(array("{wwwroot}","%7Bwwwroot%7D"),$GLOBALS["www_root"],$href);
- if (substr($href,0,4) == "http" && strpos($href,$GLOBALS["www_root"]) === false) {
- // External link, not much we can do but alert that it's dead
- if ($external) {
- if (!$this->urlExists($href)) {
- $errors["img"][] = $href;
- }
- }
- } elseif (substr($href,0,6) == "ipl://") {
- if (!$this->iplExists($href)) {
- $errors["a"][] = $href;
- }
- } elseif (substr($href,0,5) == "data:") {
- // Do nothing, it's a data URI
- } elseif (substr($href,0,4) == "http") {
- // It's a local hard link
- if (!$this->urlExists($href)) {
- $errors["img"][] = $href;
- }
- } else {
- // Local file.
- $local = $relative_path.$href;
- if (!$this->urlExists($local)) {
- $errors["img"][] = $local;
- }
- }
- }
- return array($errors);
- }
-
- /*
- Function: clearCache
- Removes all files in the cache directory.
- */
- function clearCache() {
- $d = opendir($GLOBALS["server_root"]."cache/");
- while ($f = readdir($d)) {
- if ($f != "." && $f != ".." && !is_dir($GLOBALS["server_root"]."cache/".$f)) {
- unlink($GLOBALS["server_root"]."cache/".$f);
- }
- }
- }
-
- /*
- Function: createCallout
- Creates a callout and its files.
-
- Parameters:
- id - The id.
- name - The name.
- description - The description.
- level - Access level (0 for everyone, 1 for administrators, 2 for developers).
- resources - An array of resources.
- */
-
- function createCallout($id,$name,$description,$level,$resources) {
- // If we're creating a new file, let's populate it with some convenience things to show what resources are available.
- $file_contents = '<?
- /*
- Resources Available:
- ';
-
- $cached_types = $this->getCachedFieldTypes();
- $types = $cached_types["callout"];
-
- $clean_resources = array();
- foreach ($resources as $resource) {
- if ($resource["id"] && $resource["id"] != "type") {
- $options = json_decode($resource["options"],true);
- foreach ($options as $key => $val) {
- if ($key != "title" && $key != "id" && $key != "type") {
- $resource[$key] = $val;
- }
- }
-
- $file_contents .= ' $'.$resource["id"].' = '.$resource["title"].' - '.$types[$resource["type"]]."\n";
-
- $resource["id"] = htmlspecialchars($resource["id"]);
- $resource["title"] = htmlspecialchars($resource["title"]);
- $resource["subtitle"] = htmlspecialchars($resource["subtitle"]);
- unset($resource["options"]);
- $clean_resources[] = $resource;
- }
- }
-
- $file_contents .= ' */
- ?>';
-
- // Clean up the post variables
- $id = mysql_real_escape_string(htmlspecialchars($id));
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $description = mysql_real_escape_string(htmlspecialchars($description));
- $level = mysql_real_escape_string($level);
- $resources = mysql_real_escape_string(json_encode($clean_resources));
-
- if (!file_exists($GLOBALS["server_root"]."templates/callouts/".$id.".php")) {
- file_put_contents($GLOBALS["server_root"]."templates/callouts/".$id.".php",$file_contents);
- chmod($GLOBALS["server_root"]."templates/callouts/".$id.".php",0777);
- }
-
- sqlquery("INSERT INTO bigtree_callouts (`id`,`name`,`description`,`resources`,`level`) VALUES ('$id','$name','$description','$resources','$level')");
- }
-
- /*
- Function: createFeed
- Creates a feed.
-
- Parameters:
- name - The name.
- description - The description.
- table - The data table.
- type - The feed type.
- options - The feed type options.
- fields - The fields.
-
- Returns:
- The route to the new feed.
- */
-
- function createFeed($name,$description,$table,$type,$options,$fields) {
- global $cms;
-
- // Options were encoded before submitting the form, so let's get them back.
- $options = json_decode($options,true);
- if (is_array($options)) {
- foreach ($options as &$option) {
- $option = str_replace($www_root,"{wwwroot}",$option);
- }
- }
-
- // Get a unique route!
- $route = $cms->urlify($name);
- $x = 2;
- $oroute = $route;
- $f = $cms->getFeedByRoute($route);
- while ($f) {
- $route = $oroute."-".$x;
- $f = $cms->getFeedByRoute($route);
- $x++;
- }
-
- // Fix stuff up for the db.
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $description = mysql_real_escape_string(htmlspecialchars($description));
- $table = mysql_real_escape_string($table);
- $type = mysql_real_escape_string($type);
- $options = mysql_real_escape_string(json_encode($options));
- $fields = mysql_real_escape_string(json_encode($fields));
- $route = mysql_real_escape_string($route);
-
- sqlquery("INSERT INTO bigtree_feeds (`route`,`name`,`description`,`type`,`table`,`fields`,`options`) VALUES ('$route','$name','$description','$type','$table','$fields','$options')");
-
- return $route;
- }
-
- /*
- Function: createFieldType
- Creates a field type and its files.
-
- Parameters:
- id - The id of the field type.
- name - The name.
- pages - Whether it can be used as a page resource or not ("on" is yes)
- modules - Whether it can be used as a module resource or not ("on" is yes)
- callouts - Whether it can be used as a callout resource or not ("on" is yes)
- */
-
- function createFieldType($id,$name,$pages,$modules,$callouts) {
- $id = mysql_real_escape_string($id);
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $author = mysql_real_escape_string($this->Name);
- $pages = mysql_real_escape_string($pages);
- $modules = mysql_real_escape_string($modules);
- $callouts = mysql_real_escape_string($callouts);
-
- $file = "$id.php";
-
- sqlquery("INSERT INTO bigtree_field_types (`id`,`name`,`pages`,`modules`,`callouts`) VALUES ('$id','$name','$pages','$modules','$callouts')");
-
- // Make the files for draw and process and options if they don't exist.
- if (!file_exists($GLOBALS["server_root"]."custom/admin/form-field-types/draw/$file")) {
- BigTree::touchFile($GLOBALS["server_root"]."custom/admin/form-field-types/draw/$file");
- file_put_contents($GLOBALS["server_root"]."custom/admin/form-field-types/draw/$file",'<? include BigTree::path("admin/form-field-types/draw/text.php"); ?>');
- chmod($GLOBALS["server_root"]."custom/admin/form-field-types/draw/$file",0777);
- }
- if (!file_exists($GLOBALS["server_root"]."custom/admin/form-field-types/process/$file")) {
- BigTree::touchFile($GLOBALS["server_root"]."custom/admin/form-field-types/process/$file");
- file_put_contents($GLOBALS["server_root"]."custom/admin/form-field-types/process/$file",'<? $value = $data[$key]; ?>');
- chmod($GLOBALS["server_root"]."custom/admin/form-field-types/process/$file",0777);
- }
- if (!file_exists($GLOBALS["server_root"]."custom/admin/ajax/developer/field-options/$file")) {
- BigTree::touchFile($GLOBALS["server_root"]."custom/admin/ajax/developer/field-options/$file");
- chmod($GLOBALS["server_root"]."custom/admin/ajax/developer/field-options/$file",0777);
- }
-
- unlink($GLOBALS["server_root"]."cache/form-field-types.btc");
- }
-
- /*
- Function: createMessage
- Creates a message in message center.
-
- Parameters:
- subject - The subject line.
- message - The message.
- recipients - The recipients.
- in_response_to - The message being replied to.
- */
-
- function createMessage($subject,$message,$recipients,$in_response_to = 0) {
- // Clear tags out of the subject, sanitize the message body of XSS attacks.
- $subject = mysql_real_escape_string(htmlspecialchars(strip_tags($subject)));
- $message = mysql_real_escape_string(strip_tags($message,"<p><b><strong><em><i><a>"));
- $in_response_to = mysql_real_escape_string($in_response_to);
-
- // We build the send_to field this way so that we don't have to create a second table of recipients.
- // Is it faster database wise using a LIKE over a JOIN? I don't know, but it makes for one less table.
- $send_to = "|";
- foreach ($recipients as $r) {
- // Make sure they actually put in a number and didn't try to screw with the $_POST
- $send_to .= intval($r)."|";
- }
-
- $send_to = mysql_real_escape_string($send_to);
-
- sqlquery("INSERT INTO bigtree_messages (`sender`,`recipients`,`subject`,`message`,`date`,`response_to`) VALUES ('".$this->ID."','$send_to','$subject','$message',NOW(),'$in_response_to')");
- }
-
- /*
- Function: createModule
- Creates a module and its class file.
-
- Parameters:
- name - The name of the module.
- group - The group for the module.
- class - The module class to create.
- table - The table this module relates to.
- permissions - The group-based permissions.
-
- Returns:
- The new module id.
- */
-
- function createModule($name,$group,$class,$table,$permissions) {
- global $cms;
-
- // Find an available module route.
- $route = $cms->urlify($name);
-
- // Go through the hard coded modules
- $existing = array();
- $d = opendir($GLOBALS["server_root"]."core/admin/modules/");
- while ($f = readdir($d)) {
- if ($f != "." && $f != "..") {
- $existing[] = $f;
- }
- }
- // Go through the directories (really ajax, css, images, js)
- $d = opendir($GLOBALS["server_root"]."core/admin/");
- while ($f = readdir($d)) {
- if ($f != "." && $f != "..") {
- $existing[] = $f;
- }
- }
- // Go through the hard coded pages
- $d = opendir($GLOBALS["server_root"]."core/admin/pages/");
- while ($f = readdir($d)) {
- if ($f != "." && $f != "..") {
- // Drop the .php
- $existing[] = substr($f,0,-4);
- }
- }
- // Go through already created modules
- $q = sqlquery("SELECT route FROM bigtree_modules");
- while ($f = sqlfetch($q)) {
- $existing[] = $f["route"];
- }
-
- // Get a unique route
- $x = 2;
- $oroute = $route;
- while (in_array($route,$existing)) {
- $route = $oroute."-".$x;
- $x++;
- }
-
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $route = mysql_real_escape_string($route);
- $class = mysql_real_escape_string($class);
- $group = mysql_real_escape_string($group);
- $gbp = mysql_real_escape_string(json_encode($permissions));
-
- sqlquery("INSERT INTO bigtree_modules (`name`,`route`,`class`,`group`,`gbp`) VALUES ('$name','$route','$class','$group','$gbp')");
- $id = sqlid();
-
- if ($class) {
- // Create class module.
- $f = fopen($GLOBALS["server_root"]."custom/inc/modules/$route.php","w");
- fwrite($f,"<?\n");
- fwrite($f," class $class extends BigTreeModule {\n");
- fwrite($f,"\n");
- fwrite($f,' var $Table = "'.$table.'";'."\n");
- fwrite($f,' var $Module = "'.$id.'";'."\n");
- fwrite($f," }\n");
- fwrite($f,"?>\n");
- fclose($f);
- chmod($GLOBALS["server_root"]."custom/inc/modules/$route.php",0777);
-
- // Remove cached class list.
- unlink($GLOBALS["server_root"]."cache/module-class-list.btc");
- }
-
- return $id;
- }
-
- /*
- Function: createModuleAction
- Creates a module action.
-
- Parameters:
- module - The module to create an action for.
- name - The name of the action.
- route - The action route.
- in_nav - Whether the action is in the navigation.
- icon - The icon class for the action.
- form - Optional auto module form id.
- view - Optional auto module view id.
- */
-
- function createModuleAction($module,$name,$route,$in_nav,$icon,$form = 0,$view = 0) {
- $module = mysql_real_escape_string($module);
- $route = mysql_real_escape_string(htmlspecialchars($route));
- $in_nav = mysql_real_escape_string($in_nav);
- $icon = mysql_real_escape_string($icon);
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $form = mysql_real_escape_string($form);
- $view = mysql_real_escape_string($view);
-
- $oroute = $route;
- $x = 2;
- while ($f = sqlfetch(sqlquery("SELECT * FROM bigtree_module_actions WHERE module = '$module' AND route = '$route'"))) {
- $route = $oroute."-".$x;
- $x++;
- }
-
- sqlquery("INSERT INTO bigtree_module_actions (`module`,`name`,`route`,`in_nav`,`class`,`form`,`view`) VALUES ('$module','$name','$route','$in_nav','$icon','$form','$view')");
- }
-
- /*
- Function: createModuleForm
- Creates a module form.
-
- Parameters:
- title - The title of the form.
- table - The table for the form data.
- fields - The form fields.
- javascript - Optional Javascript file to include in the form.
- css - Optional CSS file to include in the form.
- callback - Optional callback function to run after the form processes.
- default_position - Default position for entries to the form (if the view is positioned).
-
- Returns:
- The new form id.
- */
-
- function createModuleForm($title,$table,$fields,$javascript = "",$css = "",$callback = "",$default_position = "") {
- $title = mysql_real_escape_string(htmlspecialchars($title));
- $table = mysql_real_escape_string($table);
- $fields = mysql_real_escape_string(json_encode($fields));
- $javascript - mysql_real_escape_string(htmlspecialchars($javascript));
- $css - mysql_real_escape_string(htmlspecialchars($css));
- $callback - mysql_real_escape_string($callback);
- $default_position - mysql_real_escape_string($default_position);
-
- sqlquery("INSERT INTO bigtree_module_forms (`title`,`table`,`fields`,`javascript`,`css`,`callback`,`default_position`) VALUES ('$title','$table','$fields','$javascript','$css','$callback','$default_position')");
- return sqlid();
- }
-
- /*
- Function: createModuleGroup
- Creates a module group.
-
- Parameters:
- name - The name of the group.
- package - The (optional) package id the group originated from.
-
- Returns:
- The id of the newly created group.
- */
-
- function createModuleGroup($name,$in_nav,$package = 0) {
- global $cms;
-
- $name = mysql_real_escape_string($name);
- $packge = mysql_real_escape_string($package);
-
- // Get a unique route
- $x = 2;
- $route = $cms->urlify($name);
- $oroute = $route;
- while ($this->getModuleGroupByRoute($route)) {
- $route = $oroute."-".$x;
- $x++;
- }
-
- // Just to be safe
- $route = mysql_real_escape_string($route);
-
- sqlquery("INSERT INTO bigtree_module_groups (`name`,`route`,`in_nav`,`package`) VALUES ('$name','$route','$in_nav','$package')");
- return sqlid();
- }
-
- /*
- Function: createModuleView
- Creates a module view.
-
- Parameters:
- title - View title.
- description - Description.
- table - Data table.
- type - View type.
- options - View options array.
- fields - Field array.
- actions - Actions array.
- suffix - Add/Edit suffix.
- uncached - Don't cache the view.
- preview_url - Optional preview URL.
-
- Returns:
- The id for view.
- */
-
- function createModuleView($title,$description,$table,$type,$options,$fields,$actions,$suffix,$uncached = "",$preview_url = "") {
- $title = mysql_real_escape_string(htmlspecialchars($title));
- $description = mysql_real_escape_string(htmlspecialchars($description));
- $table = mysql_real_escape_string($table);
- $type = mysql_real_escape_string($type);
- $options = mysql_real_escape_string(json_encode($options));
- $fields = mysql_real_escape_string(json_encode($fields));
- $actions = mysql_real_escape_string(json_encode($actions));
- $suffix = mysql_real_escape_string($suffix);
- $uncached = mysql_real_escape_string($uncached);
- $preview_url = mysql_real_escape_string(htmlspecialchars($preview_url));
-
- sqlquery("INSERT INTO bigtree_module_views (`title`,`description`,`type`,`fields`,`actions`,`table`,`options`,`suffix`,`uncached`,`preview_url`) VALUES ('$title','$description','$type','$fields','$actions','$table','$options','$suffix','$uncached','$preview_url')");
-
- return sqlid();
- }
-
- /*
- Function: createPage
- Creates a page.
- Does not check permissions.
-
- Parameters:
- data - An array of page information.
-
- Returns:
- The id of the newly created page.
- */
- function createPage($data) {
- global $cms;
-
- // Loop through the posted data, make sure no session hijacking is done.
- foreach ($data as $key => $val) {
- if (substr($key,0,1) != "_") {
- if (is_array($val)) {
- $$key = mysql_real_escape_string(json_encode($val));
- } else {
- $$key = mysql_real_escape_string($val);
- }
- }
- }
-
- // If there's an external link, make sure it's a relative URL
- if ($external) {
- $external = $this->makeIPL($external);
- }
-
-
- // Who knows what they may have put in for a route, so we're not going to use the mysql_real_escape_string version.
- $route = $data["route"];
- if (!$route) {
- // If they didn't specify a route use the navigation title
- $route = $cms->urlify($data["nav_title"]);
- } else {
- // Otherwise sanitize the one they did provide.
- $route = $cms->urlify($route);
- }
-
- // We need to figure out a unique route for the page. Make sure it doesn't match a directory in /site/
- $original_route = $route;
- $x = 2;
- // Reserved paths.
- if ($parent == 0) {
- while (file_exists($GLOBALS["server_root"]."site/".$route."/")) {
- $route = $original_route."-".$x;
- $x++;
- }
- }
-
- // Make sure it doesn't have the same route as any of its siblings.
- $f = sqlfetch(sqlquery("SELECT * FROM bigtree_pages WHERE `route` = '$route' AND parent = '$parent'"));
- while ($f) {
- $route = $original_route."-".$x;
- $f = sqlfetch(sqlquery("SELECT * FROM bigtree_pages WHERE `route` = '$route' AND parent = '$parent'"));
- $x++;
- }
-
- // If we have a parent, get the full navigation path, otherwise, just use this route as the path since it's top level.
- if ($parent) {
- $path = $this->getFullNavigationPath($parent)."/".$route;
- } else {
- $path = $route;
- }
-
- // If we set a publish at date, make it the proper MySQL format.
- if ($publish_at) {
- $publish_at = "'".date("Y-m-d",strtotime($publish_at))."'";
- } else {
- $publish_at = "NULL";
- }
- // If we set an expiration date, make it the proper MySQL format.
- if ($expire_at) {
- $expire_at = "'".date("Y-m-d",strtotime($expire_at))."'";
- } else {
- $expire_at = "NULL";
- }
-
- // Make the title, navigation title, description, keywords, and external link htmlspecialchar'd -- these are all things we'll be echoing in the HTML so we might as well make them valid now instead of at display time.
-
- $title = htmlspecialchars($title);
- $nav_title = htmlspecialchars($nav_title);
- $meta_description = htmlspecialchars($meta_description);
- $meta_keywords = htmlspecialchars($meta_keywords);
- $external = htmlspecialchars($external);
- // Make the page!
- sqlquery("INSERT INTO bigtree_pages (`parent`,`nav_title`,`route`,`path`,`in_nav`,`title`,`template`,`external`,`new_window`,`resources`,`callouts`,`meta_keywords`,`meta_description`,`last_edited_by`,`created_at`,`updated_at`,`publish_at`,`expire_at`,`max_age`) VALUES ('$parent','$nav_title','$route','$path','$in_nav','$title','$template','$external','$new_window','$resources','$callouts','$meta_keywords','$meta_description','".$this->ID."',NOW(),NOW(),$publish_at,$expire_at,'$max_age')");
- $id = sqlid();
- // Handle tags
- if (is_array($data["_tags"])) {
- foreach ($data["_tags"] as $tag) {
- sqlquery("INSERT INTO bigtree_tags_rel (`module`,`entry`,`tag`) VALUES ('0','$id','$tag')");
- }
- }
- // If there was an old page that had previously used this path, dump its history so we can take over the path.
- sqlquery("DELETE FROM bigtree_route_history WHERE old_route = '$path'");
-
- // Dump the cache, we don't really know how many pages may be showing this now in their nav.
- $this->clearCache();
- // Let search engines know this page now exists.
- $this->pingSearchEngines();
- // Audit trail.
- $this->track("bigtree_pages",$id,"created");
- return $id;
- }
-
- /*
- Function: createPendingChange
- Creates a pending change.
-
- Parameters:
- table - The table the change applies to.
- item_id - The entry the change applies to's id.
- changes - The changes to the fields in the entry.
- mtm_changes - Many to Many changes.
- tags_changes - Tags changes.
- module - The module id for the change.
-
- Returns:
- The change id.
- */
-
- function createPendingChange($table,$item_id,$changes,$mtm_changes = array(),$tags_changes = array(),$module = 0) {
- $table = mysql_real_escape_string($table);
- $item_id = mysql_real_escape_string($item_id);
- $changes = mysql_real_escape_string(json_encode($changes));
- $mtm_changes = mysql_real_escape_string(json_encode($mtm_changes));
- $tags_changes = mysql_real_escape_string(json_encode($tags_changes));
- $module = mysql_real_escape_string($module);
-
- sqlquery("INSERT INTO bigtree_pending_changes (`user`,`date`,`table`,`item_id`,`changes`,`mtm_changes`,`tags_changes`,`module`) VALUES ('".$this->ID."',NOW(),'$table','$item_id','$changes','$mtm_changes','$tags_changes','$module')");
- return sqlid();
- }
-
- /*
- Function: createPendingPage
- Creates a pending page entry in bigtree_pending_changes
-
- Parameters:
- data - An array of page information.
-
- Returns:
- The id of the pending change.
- */
- function createPendingPage($data) {
- global $cms;
-
- // Make a relative URL for external links.
- if ($data["external"]) {
- $data["external"] = $this->makeIPL($data["external"]);
- }
-
- // Save the tags, then dump them from the saved changes array.
- $tags = mysql_real_escape_string(json_encode($data["_tags"]));
- unset($data["_tags"]);
-
- // Make the nav title, title, external link, keywords, and description htmlspecialchar'd for displaying on the front end / the form again.
- $data["nav_title"] = htmlspecialchars($data["nav_title"]);
- $data["title"] = htmlspecialchars($data["title"]);
- $data["external"] = htmlspecialchars($data["external"]);
- $data["meta_keywords"] = htmlspecialchars($data["meta_keywords"]);
- $data["meta_description"] = htmlspecialchars($data["meta_description"]);
-
- $parent = mysql_real_escape_string($data["parent"]);
- // JSON encode the changes and stick them in the database.
- unset($data["MAX_FILE_SIZE"]);
- unset($data["ptype"]);
- $data = mysql_real_escape_string(json_encode($data));
-
- sqlquery("INSERT INTO bigtree_pending_changes (`user`,`date`,`title`,`table`,`changes`,`tags_changes`,`type`,`module`,`pending_page_parent`) VALUES ('".$this->ID."',NOW(),'New Page Created','bigtree_pages','$data','$tags','NEW','','$parent')");
- $id = sqlid();
-
- // Audit trail
- $this->track("bigtree_pages","p$id","created-pending");
- return $id;
- }
-
- /*
- Function: createResource
- Creates a resource.
-
- Parameters:
- folder - The folder to place it in.
- file - The file path.
- name - The file name.
- type - The file type.
- is_image - Whether the resource is an image.
- height - The image height (if it's an image).
- width - The image width (if it's an image).
- thumbs - An array of thumbnails (if it's an image).
- list_thumb_margin - The margin for the list thumbnail (if it's an image).
-
- Returns:
- The new resource id.
- */
-
- function createResource($folder,$file,$name,$type,$is_image = "",$height = 0,$width = 0,$thumbs = array(),$list_thumb_margin = 0) {
- $folder = mysql_real_escape_string($folder);
- $file = mysql_real_escape_string($file);
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $type = mysql_real_escape_string($type);
- $is_image = mysql_real_escape_string($is_image);
- $height = intval($height);
- $width = intval($width);
- $thumbs = mysql_real_escape_string(json_encode($thumbs));
- $list_thumb_margin = intval($list_thumb_margin);
-
- sqlquery("INSERT INTO bigtree_resources (`file`,`date`,`name`,`type`,`folder`,`is_image`,`height`,`width`,`thumbs`,`list_thumb_margin`) VALUES ('$file',NOW(),'$name','$type','$folder','$is_image','$height','$width','$thumbs','$list_thumb_margin')");
- return sqlid();
- }
-
- /*
- Function: createResourceFolder
- Creates a resource folder.
- Checks permissions.
-
- Paremeters:
- parent - The parent folder.
- name - The name of the new folder.
-
- Returns:
- The new folder id.
- */
-
- function createResourceFolder($parent,$name) {
- $perm = $this->getResourceFolderPermission($parent);
- if ($perm != "p") {
- die("You don't have permission to make a folder here.");
- }
-
- $parent = mysql_real_escape_string($parent);
- $name = mysql_real_escape_string(htmlspecialchars($name));
-
- sqlquery("INSERT INTO bigtree_resource_folders (`name`,`parent`) VALUES ('$name','$parent')");
- return sqlid();
- }
-
- /*
- Function: createSetting
- Creates a setting.
- Parameters:
- data - An array of settings information. Available fields: "id", "name", "description", "type", "locked", "module", "encrypted", "system"
- Returns:
- True if successful, false if a setting already exists with the ID given.
- */
- function createSetting($data) {
- // Avoid _SESSION hijacking.
- foreach ($data as $key => $val) {
- if (substr($key,0,1) != "_" && !is_array($val)) {
- $$key = mysql_real_escape_string(htmlspecialchars($val));
- }
- }
-
- // We don't want this encoded since it's a WYSIWYG field.
- $description = mysql_real_escape_string($data["description"]);
- // See if there's already a setting with this ID
- $r = sqlrows(sqlquery("SELECT id FROM bigtree_settings WHERE id = '$id'"));
- if ($r) {
- return false;
- }
- sqlquery("INSERT INTO bigtree_settings (`id`,`name`,`description`,`type`,`locked`,`encrypted`,`system`) VALUES ('$id','$name','$description','$type','$locked','$encrypted','$system')");
- // Audit trail.
- $this->track("bigtree_settings",$id,"created");
- return true;
- }
-
- /*
- Function: createTag
- Creates a new tag, or returns the id of an existing one.
-
- Parameters:
- tag - The tag.
-
- Returns:
- If the tag exists, returns the existing tag's id.
- Otherwise, returns the new tag id.
- */
-
- function createTag($tag) {
- global $cms;
-
- $tag = strtolower(html_entity_decode($tag));
- // Check if the tag exists already.
- $f = sqlfetch(sqlquery("SELECT * FROM bigtree_tags WHERE tag = '".mysql_real_escape_string($tag)."'"));
-
- if (!$f) {
- $meta = metaphone($tag);
- $route = $cms->urlify($tag);
- $oroute = $route;
- $x = 2;
- while ($f = sqlfetch(sqlquery("SELECT * FROM bigtree_tags WHERE route = '$route'"))) {
- $route = $oroute."-".$x;
- $x++;
- }
- sqlquery("INSERT INTO bigtree_tags (`tag`,`metaphone`,`route`) VALUES ('".mysql_real_escape_string($tag)."','$meta','$route')");
- $id = sqlid();
- } else {
- $id = $f["id"];
- }
-
- return $id;
- }
-
- /*
- Function: createTemplate
- Creates a template and its default files/directories.
-
- Paremeters:
- id - Id for the template.
- name - Name
- description - Description
- routed - Basic ("") or Routed ("on")
- level - Access level (0 for everyone, 1 for administrators, 2 for developers)
- module - Related module id
- image - Image
- callouts_enabled - "on" for yes
- resources - An array of resources
- */
-
- function createTemplate($id,$name,$description,$routed,$level,$module,$image,$callouts_enabled,$resources) {
- // If we're creating a new file, let's populate it with some convenience things to show what resources are available.
- $file_contents = "<?\n /*\n Resources Available:\n";
-
- $types = $this->getCachedFieldTypes();
- $types = $types["template"];
-
- $clean_resources = array();
- foreach ($resources as $resource) {
- if ($resource["id"]) {
- $options = json_decode($resource["options"],true);
- foreach ($options as $key => $val) {
- if ($key != "title" && $key != "id" && $key != "type") {
- $resource[$key] = $val;
- }
- }
-
- $file_contents .= ' $'.$resource["id"].' = '.$resource["title"].' - '.$types[$resource["type"]]."\n";
-
- $resource["id"] = htmlspecialchars($resource["id"]);
- $resource["title"] = htmlspecialchars($resource["title"]);
- $resource["subtitle"] = htmlspecialchars($resource["subtitle"]);
- unset($resource["options"]);
- $clean_resources[] = $resource;
- }
- }
-
-
- $file_contents .= ' */
- ?>';
-
- if ($routed == "on") {
- if (!file_exists($GLOBALS["server_root"]."templates/routed/".$id)) {
- mkdir($GLOBALS["server_root"]."templates/routed/".$id);
- chmod($GLOBALS["server_root"]."templates/routed/".$id,0777);
- }
- if (!file_exists($GLOBALS["server_root"]."templates/routed/".$id."/default.php")) {
- file_put_contents($GLOBALS["server_root"]."templates/routed/".$id."/default.php",$file_contents);
- chmod($GLOBALS["server_root"]."templates/routed/".$id."/default.php",0777);
- }
- } else {
- if (!file_exists($GLOBALS["server_root"]."templates/basic/".$id.".php")) {
- file_put_contents($GLOBALS["server_root"]."templates/basic/".$id.".php",$file_contents);
- chmod($GLOBALS["server_root"]."templates/basic/".$id.".php",0777);
- }
- }
-
- $id = mysql_real_escape_string($id);
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $description = mysql_real_escape_string(htmlspecialchars($description));
- $module = mysql_real_escape_string($module);
- $resources = mysql_real_escape_string(json_encode($clean_resources));
- $image = mysql_real_escape_string($image);
- $level = mysql_real_escape_string($level);
- $callouts_enabled = mysql_real_escape_string($callouts_enabled);
- $routed = mysql_real_escape_string($routed);
-
- sqlquery("INSERT INTO bigtree_templates (`id`,`name`,`module`,`resources`,`image`,`description`,`level`,`callouts_enabled`,`routed`) VALUES ('$id','$name','$module','$resources','$image','$description','$level','$callouts_enabled','$routed')");
- }
-
- /*
- Function: createUser
- Creates a user.
- Checks for developer access.
-
- Parameters:
- data - An array of user data. ("email", "password", "name", "company", "level", "permissions")
-
- Returns:
- id of the newly created user or false if a user already exists with the provided email.
- */
- function createUser($data) {
- global $config;
-
- // Safely go through the post data
- foreach ($data as $key => $val) {
- if (substr($key,0,1) != "_" && !is_array($val)) {
- $$key = mysql_real_escape_string($val);
- }
- }
- // See if the user already exists
- $r = sqlrows(sqlquery("SELECT * FROM bigtree_users WHERE email = '$email'"));
- if ($r > 0) {
- return false;
- }
- $permissions = mysql_real_escape_string(json_encode($data["permissions"]));
-
- // If the user is trying to create a developer user and they're not a developer, then… no.
- if ($level > $this->Level) {
- $level = $this->Level;
- }
-
- // Hash the password.
- $phpass = new PasswordHash($config["password_depth"], TRUE);
- $password = mysql_real_escape_string($phpass->HashPassword($data["password"]));
- sqlquery("INSERT INTO bigtree_users (`email`,`password`,`name`,`company`,`level`,`permissions`) VALUES ('$email','$password','$name','$company','$level','$permissions')");
- $id = sqlid();
-
- // Audit trail.
- $this->track("bigtree_users",$id,"created");
- return $id;
- }
-
- /*
- Function: deleteCallout
- Deletes a callout and removes its file.
-
- Parameters:
- id - The id of the callout.
- */
-
- function deleteCallout($id) {
- $id = mysql_real_escape_string($id);
- sqlquery("DELETE FROM bigtree_callouts WHERE id = '$id'");
- unlink($GLOBALS["server_root"]."templates/callouts/$id.php");
- }
-
- /*
- Function: deleteFeed
- Deletes a feed.
-
- Parameters:
- id - The id of the feed.
- */
-
- function deleteFeed($id) {
- $id = mysql_real_escape_string($id);
- sqlquery("DELETE FROM bigtree_feeds WHERE id = '$id'");
- }
-
- /*
- Function: deleteFieldType
- Deletes a field type and erases its files.
-
- Parameters:
- id - The id of the field type.
- */
-
- function deleteFieldType($id) {
- unlink($GLOBALS["server_root"]."custom/admin/form-field-types/draw/$id.php");
- unlink($GLOBALS["server_root"]."custom/admin/form-field-types/process/$id.php");
- sqlquery("DELETE FROM bigtree_field_types WHERE id = '".mysql_real_escape_string($id)."'");
- }
-
- /*
- Function: deleteModule
- Deletes a module.
-
- Parameters:
- id - The id of the module.
- */
-
- function deleteModule($id) {
- $id = mysql_real_escape_string($id);
-
- // Get info and delete the class.
- $module = $this->getModule($id);
- unlink($GLOBALS["server_root"]."custom/inc/modules/".$module["route"].".php");
-
- // Delete all the related auto module actions
- $actions = $this->getModuleActions($id);
- foreach ($actions as $action) {
- if ($action["form"]) {
- sqlquery("DELETE FROM bigtree_module_forms WHERE id = '".$action["form"]."'");
- }
- if ($action["view"]) {
- sqlquery("DELETE FROM bigtree_module_views WHERE id = '".$action["view"]."'");
- }
- }
-
- // Delete actions
- sqlquery("DELETE FROM bigtree_module_actions WHERE module = '$id'");
-
- // Delete the module
- sqlquery("DELETE FROM bigtree_modules WHERE id = '$id'");
- }
-
- /*
- Function: deleteModuleAction
- Deletes a module action.
- Also deletes the related form or view if no other action is using it.
-
- Parameters:
- id - The id of the action to delete.
- */
-
- function deleteModuleAction($id) {
- $id = mysql_real_escape_string($id);
-
- $a = $this->getModuleAction($id);
- if ($a["form"]) {
- // Only delete the auto-ness if it's the only one using it.
- if (sqlrows(sqlquery("SELECT * FROM bigtree_module_actions WHERE form = '".$a["form"]."'")) == 1) {
- sqlquery("DELETE FROM bigtree_module_forms WHERE id = '".$a["form"]."'");
- }
- }
- if ($a["view"]) {
- // Only delete the auto-ness if it's the only one using it.
- if (sqlrows(sqlquery("SELECT * FROM bigtree_module_actions WHERE view = '".$a["view"]."'")) == 1) {
- sqlquery("DELETE FROM bigtree_module_views WHERE id = '".$a["view"]."'");
- }
- }
- sqlquery("DELETE FROM bigtree_module_actions WHERE id = '$id'");
- }
-
- /*
- Function: deleteModuleForm
- Deletes a module form and its related actions.
-
- Parameters:
- id - The id of the module form.
- */
-
- function deleteModuleForm($id) {
- $id = mysql_real_escape_string($id);
- sqlquery("DELETE FROM bigtree_module_forms WHERE id = '$id'");
- sqlquery("DELETE FROM bigtree_module_actions WHERE form = '$id'");
- }
-
- /*
- Function: deleteModuleGroup
- Deletes a module group. Sets modules in the group to Misc.
-
- Parameters:
- id - The id of the module group.
- */
-
- function deleteModuleGroup($id) {
- $id = mysql_real_escape_string($id);
- sqlquery("DELETE FROM bigtree_module_groups WHERE id = '$id'");
- sqlquery("UPDATE bigtree_modules SET `group` = '0' WHERE `group` = '$id'");
- }
-
- /*
- Function: deleteModuleView
- Deletes a module view and its related actions.
-
- Parameters:
- id - The id of the module view.
- */
-
- function deleteModuleView($id) {
- $id = mysql_real_escape_string($id);
- sqlquery("DELETE FROM bigtree_module_views WHERE id = '$id'");
- sqlquery("DELETE FROM bigtree_module_actions WHERE view = '$id'");
- }
-
- /*
- Function: deletePage
- Deletes a page or a pending page.
- Checks permissions.
-
- Parameters:
- page - A page id or a pending page id prefixed with a "p"
-
- Returns:
- true if successful. Stops page execution if permission issues occur.
- */
- function deletePage($page) {
- global $cms;
- $page = mysql_real_escape_string($page);
- $r = $this->getPageAccessLevel($page);
- if ($r == "p" && $this->canModifyChildren($cms->getPage($page))) {
- // If the page isn't numeric it's most likely prefixed by the "p" so it's pending.
- if (!is_numeric($page)) {
- sqlquery("DELETE FROM bigtree_pending_changes WHERE id = '".mysql_real_escape_string(substr($page,1))."'");
- $this->growl("Pages","Deleted Page");
- $this->track("bigtree_pages","p$page","deleted-pending");
- } else {
- sqlquery("DELETE FROM bigtree_pages WHERE id = '$page'");
- // Delete the children as well.
- $this->deletePageChildren($page);
- $this->growl("Pages","Deleted Page");
- $this->track("bigtree_pages",$page,"deleted");
- }
- return true;
- }
- $this->stop("You do not have permission to delete this page.");
- }
-
- /*
- Function: deletePageChildren
- Deletes the children of a page and recurses downward.
- Does not check permissions.
-
- Parameters:
- id - The parent id to delete children for.
- */
- function deletePageChildren($id) {
- $q = sqlquery("SELECT * FROM bigtree_pages WHERE parent = '$id'");
- while ($f = sqlfetch($q)) {
- $this->deletePageChildren($f["id"]);
- }
- sqlquery("DELETE FROM bigtree_pages WHERE parent = '$id'");
- $this->track("bigtree_pages",$id,"deleted");
- }
-
- /*
- Function: deletePageDraft
- Deletes a page draft.
- Checks permissions.
-
- Parameters:
- id - The page id to delete the draft for.
- */
-
- function deletePageDraft($id) {
- $id = mysql_real_escape_string($id);
- // Get the version, check if the user has access to the page the version refers to.
- $access = $this->getPageAccessLevel($id);
- if ($access != "p") {
- $this->stop("You must be a publisher to manage revisions.");
- }
-
- // Delete draft copy
- sqlquery("DELETE FROM bigtree_pending_changes WHERE `table` = 'bigtree_pages' AND `item_id` = '$id'");
- }
-
- /*
- Function: deletePageRevision
- Deletes a page revision.
- Checks permissions.
-
- Parameters:
- id - The page version id.
- */
-
- function deletePageRevision($id) {
- // Get the version, check if the user has access to the page the version refers to.
- $revision = $this->getPageRevision($id);
- $access = $this->getPageAccessLevel($revision["page"]);
- if ($access != "p") {
- $this->stop("You must be a publisher to manage revisions.");
- }
-
- // Delete the revision
- sqlquery("DELETE FROM bigtree_page_revisions WHERE id = '".$revision["id"]."'");
- }
-
- /*
- Function: deletePendingChange
- Deletes a pending change.
-
- Parameters:
- id - The id of the change.
- */
-
- function deletePendingChange($id) {
- $id = mysql_real_escape_string($id);
- sqlquery("DELETE FROM bigtree_pending_changes WHERE id = '$id'");
- }
-
- /*
- Function: deleteSetting
- Deletes a setting.
-
- Parameters:
- id - The id of the setting.
- */
-
- function deleteSetting($id) {
- $id = mysql_real_escape_string($id);
- sqlquery("DELETE FROM bigtree_settings WHERE id = '$id'");
- }
-
- /*
- Function: deleteTemplate
- Deletes a template.
-
- Parameters:
- id - The id of the template.
- */
-
- function deleteTemplate($id) {
- $id = mysql_real_escape_string($id);
- sqlquery("DELETE FROM bigtree_templates WHERE id = '$id'");
- }
-
- /*
- Function: deleteUser
- Deletes a user.
- Checks for developer access.
-
- Parameters:
- id - The user id to delete.
-
- Returns:
- true if successful. false if the logged in user does not have permission to delete the user.
- */
- function deleteUser($id) {
- $id = mysql_real_escape_string($id);
- // If this person has higher access levels than the person trying to update them, fail.
- $current = $this->getUser($id);
- if ($current["level"] > $this->Level) {
- return false;
- }
- sqlquery("DELETE FROM bigtree_users WHERE id = '$id'");
- // Audit trail
- $this->track("bigtree_users",$id,"deleted");
- return true;
- }
-
- /*
- Function: doesModuleEditActionExist
- Determines whether there is already an edit action for a module.
-
- Parameters:
- module - The module id to check.
-
- Returns:
- 1 or 0, for true or false.
- */
-
- function doesModuleEditActionExist($mo…
Large files files are truncated, but you can click here to view the full file