/core/inc/bigtree/admin.php
PHP | 5582 lines | 2839 code | 674 blank | 2069 comment | 667 complexity | 0afe53e60456baae952d671ba41e975a MD5 | raw file
Possible License(s): LGPL-3.0, LGPL-2.1
- <?
- /*
- Class: BigTreeAdmin
- The main class used by the admin for manipulating and retrieving data.
- */
- class BigTreeAdmin {
- var $PerPage = 15;
- // !View Types
- var $ViewTypes = array(
- "searchable" => "Searchable List",
- "draggable" => "Draggable List",
- "images" => "Image List",
- "grouped" => "Grouped List",
- "images-grouped" => "Grouped Image List"
- );
- // !Reserved Column Names
- var $ReservedColumns = array(
- "id",
- "position",
- "archived",
- "approved"
- );
- // !View Actions
- var $ViewActions = array(
- "approve" => array(
- "key" => "approved",
- "name" => "Approve",
- "class" => "icon_approve icon_approve_on"
- ),
- "archive" => array(
- "key" => "archived",
- "name" => "Archive",
- "class" => "icon_archive"
- ),
- "feature" => array(
- "key" => "featured",
- "name" => "Feature",
- "class" => "icon_feature icon_feature_on"
- ),
- "edit" => array(
- "key" => "id",
- "name" => "Edit",
- "class" => "icon_edit"
- ),
- "delete" => array(
- "key" => "id",
- "name" => "Delete",
- "class" => "icon_delete"
- )
- );
-
- /*
- Constructor:
- Initializes the user's permissions.
- */
-
- function __construct() {
- if (isset($_SESSION["bigtree"]["email"])) {
- $this->ID = $_SESSION["bigtree"]["id"];
- $this->User = $_SESSION["bigtree"]["email"];
- $this->Level = $_SESSION["bigtree"]["level"];
- $this->Name = $_SESSION["bigtree"]["name"];
- $this->Permissions = $_SESSION["bigtree"]["permissions"];
- } elseif (isset($_COOKIE["bigtree"]["email"])) {
- $user = mysql_escape_string($_COOKIE["bigtree"]["email"]);
- $pass = mysql_escape_string($_COOKIE["bigtree"]["password"]);
- $f = sqlfetch(sqlquery("SELECT * FROM bigtree_users WHERE email = '$user' AND password = '$pass'"));
- if ($f) {
- $this->ID = $f["id"];
- $this->User = $user;
- $this->Level = $f["level"];
- $this->Name = $f["name"];
- $this->Permissions = json_decode($f["permissions"],true);
- $_SESSION["bigtree"]["id"] = $f["id"];
- $_SESSION["bigtree"]["email"] = $f["email"];
- $_SESSION["bigtree"]["level"] = $f["level"];
- $_SESSION["bigtree"]["name"] = $f["name"];
- $_SESSION["bigtree"]["permissions"] = $this->Permissions;
- }
- }
- }
-
- /*
- Function: archivePage
- Archives a page.
-
- Parameters:
- page - Either a page id or page entry.
-
- Returns:
- true if successful. false if the logged in user doesn't have permission.
-
- See Also:
- <archivePageChildren>
- */
- function archivePage($page) {
- global $cms;
-
- if (is_array($page)) {
- $page = mysql_real_escape_string($page["id"]);
- } else {
- $page = mysql_real_escape_string($page);
- }
- $access = $this->getPageAccessLevel($page);
- if ($access == "p" && $this->canModifyChildren($cms->getPage($page))) {
- sqlquery("UPDATE bigtree_pages SET archived = 'on' WHERE id = '$page'");
- $this->archivePageChildren($page);
- $this->growl("Pages","Archived Page");
- $this->track("bigtree_pages",$page,"archived");
- return true;
- }
- return false;
- }
-
- /*
- Function: archivePageChildren
- Archives a page's children and sets the archive status to inherited.
-
- Parameters:
- page - A page id.
-
- See Also:
- <archivePage>
- */
- function archivePageChildren($page) {
- $page = mysql_real_escape_string($page);
- $q = sqlquery("SELECT * FROM bigtree_pages WHERE parent = '$page'");
- while ($f = sqlfetch($q)) {
- if (!$f["archived"]) {
- sqlquery("UPDATE bigtree_pages SET archived = 'on', archived_inherited = 'on' WHERE id = '".$f["id"]."'");
- $this->track("bigtree_pages",$f["id"],"archived");
- $this->archivePageChildren($f["id"]);
- }
- }
- }
- /*
- Function: autoIPL
- Automatically converts links to internal page links.
-
- Parameters:
- html - A string of contents that may contain URLs
-
- Returns:
- A string with hard links converted into internal page links.
- */
- function autoIPL($html) {
- // If this string is actually just a URL, IPL it.
- if (substr($html,0,7) == "http://" || substr($html,0,8) == "https://") {
- $html = $this->makeIPL($html);
- // Otherwise, switch all the image srcs and javascripts srcs and whatnot to {wwwroot}.
- } else {
- $html = preg_replace_callback('/href="([^"]*)"/',create_function('$matches','
- global $cms;
- $href = str_replace("{wwwroot}",$GLOBALS["www_root"],$matches[1]);
- if (strpos($href,$GLOBALS["www_root"]) !== false) {
- $command = explode("/",rtrim(str_replace($GLOBALS["www_root"],"",$href),"/"));
- list($navid,$commands) = $cms->getNavId($command);
- $page = $cms->getPage($navid,false);
- if ($navid && (!$commands[0] || substr($page["template"],0,6) == "module" || substr($commands[0],0,1) == "#")) {
- $href = "ipl://".$navid."//".base64_encode(json_encode($commands));
- }
- }
- $href = str_replace($GLOBALS["www_root"],"{wwwroot}",$href);
- return \'href="\'.$href.\'"\';'
- ),$html);
- $html = str_replace($GLOBALS["www_root"],"{wwwroot}",$html);
- }
- return $html;
- }
-
- /*
- Function: canAccessGroup
- Returns whether or not the logged in user can access a module group.
- Utility for form field types / views -- we already know module group permissions are enabled so we skip some overhead
-
- Parameters:
- module - A module entry.
- group - A group id.
-
- Returns:
- true if the user can access this group, otherwise false.
- */
-
- function canAccessGroup($module,$group) {
- if ($this->Level > 0) {
- return true;
- }
- $id = $module["id"];
- if ($this->Permissions["module"][$id] && $this->Permissions["module"][$id] != "n") {
- return true;
- }
- if (is_array($this->Permissions["module_gbp"][$id])) {
- $gp = $this->Permissions["module_gbp"][$id][$group];
- if ($gp && $gp != "n") {
- return true;
- }
- }
- return false;
- }
-
- /*
- Function: canModifyChildren
- Checks whether the logged in user can modify all child pages or a page.
- Assumes we already know that we're a publisher of the parent.
-
- Parameters:
- page - The page entry to check children for.
-
- Returns:
- true if the user can modify all the page children, otherwise false.
- */
-
- function canModifyChildren($page) {
- if ($this->Level > 0) {
- return true;
- }
-
- $q = sqlquery("SELECT id FROM bigtree_pages WHERE path LIKE '".mysql_real_escape_string($page["path"])."%'");
- while ($f = sqlfetch($q)) {
- $perm = $this->Permissions["page"][$f["id"]];
- if ($perm == "n" || $perm == "e") {
- return false;
- }
- }
-
- return true;
- }
-
- /*
- Function: changePassword
- Changes a user's password via a password change hash and redirects to a success page.
- Paramters:
- hash - The unique hash generated by <forgotPassword>.
- password - The user's new password.
- See Also:
- <forgotPassword>
- */
- function changePassword($hash,$password) {
- global $config;
- $hash = mysql_real_escape_string($hash);
- $user = sqlfetch(sqlquery("SELECT * FROM bigtree_users WHERE change_password_hash = '$hash'"));
- $phpass = new PasswordHash($config["password_depth"], TRUE);
- $password = mysql_real_escape_string($phpass->HashPassword($password));
- sqlquery("UPDATE bigtree_users SET password = '$password', change_password_hash = '' WHERE id = '".$user["id"]."'");
- header("Location: ".$GLOBALS["admin_root"]."login/reset-success/");
- die();
- }
-
- /*
- Function: checkAccess
- Determines whether the logged in user has access to a module or not.
-
- Parameters:
- module - Either a module id or module entry.
-
- Returns:
- true if the user can access the module, otherwise false.
- */
-
- function checkAccess($module) {
- if (is_array($module)) {
- $module = $module["id"];
- }
- if ($this->Level > 0) {
- return true;
- }
- if ($this->Permissions["module"][$module] && $this->Permissions["module"][$module] != "n") {
- return true;
- }
- if (is_array($this->Permissions["module_gbp"][$module])) {
- foreach ($this->Permissions["module_gbp"][$module] as $p) {
- if ($p != "n") {
- return true;
- }
- }
- }
- return false;
- }
-
- /*
- Function: checkHTML
- Checks a block of HTML for broken links/images
-
- Parameters:
- relative_path - The starting path of the page containing the HTML (so that relative links, i.e. "good/" know where to begin)
- html - A string of HTML
- external - Whether to check external links (slow) or not
-
- Returns:
- An array of errors.
- */
- function checkHTML($relative_path,$html,$external = false) {
- if (!$html) {
- return array();
- }
- $errors = array();
- $doc = new DOMDocument();
- $doc->loadHTML($html);
- // Check A tags.
- $links = $doc->getElementsByTagName("a");
- foreach ($links as $link) {
- $href = $link->getAttribute("href");
- $href = str_replace(array("{wwwroot}","%7Bwwwroot%7D"),$GLOBALS["www_root"],$href);
- if (substr($href,0,4) == "http" && strpos($href,$GLOBALS["www_root"]) === false) {
- // External link, not much we can do but alert that it's dead
- if ($external) {
- if (strpos($href,"#") !== false)
- $href = substr($href,0,strpos($href,"#")-1);
- if (!$this->urlExists($href)) {
- $errors["a"][] = $href;
- }
- }
- } elseif (substr($href,0,6) == "ipl://") {
- if (!$this->iplExists($href)) {
- $errors["a"][] = $href;
- }
- } elseif (substr($href,0,7) == "mailto:" || substr($href,0,1) == "#" || substr($href,0,5) == "data:") {
- // Don't do anything, it's a page mark, data URI, or email address
- } elseif (substr($href,0,4) == "http") {
- // It's a local hard link
- if (!$this->urlExists($href)) {
- $errors["a"][] = $href;
- }
- } else {
- // Local file.
- $local = $relative_path.$href;
- if (!$this->urlExists($local)) {
- $errors["a"][] = $local;
- }
- }
- }
- // Check IMG tags.
- $images = $doc->getElementsByTagName("img");
- foreach ($images as $image) {
- $href = $image->getAttribute("src");
- $href = str_replace(array("{wwwroot}","%7Bwwwroot%7D"),$GLOBALS["www_root"],$href);
- if (substr($href,0,4) == "http" && strpos($href,$GLOBALS["www_root"]) === false) {
- // External link, not much we can do but alert that it's dead
- if ($external) {
- if (!$this->urlExists($href)) {
- $errors["img"][] = $href;
- }
- }
- } elseif (substr($href,0,6) == "ipl://") {
- if (!$this->iplExists($href)) {
- $errors["a"][] = $href;
- }
- } elseif (substr($href,0,5) == "data:") {
- // Do nothing, it's a data URI
- } elseif (substr($href,0,4) == "http") {
- // It's a local hard link
- if (!$this->urlExists($href)) {
- $errors["img"][] = $href;
- }
- } else {
- // Local file.
- $local = $relative_path.$href;
- if (!$this->urlExists($local)) {
- $errors["img"][] = $local;
- }
- }
- }
- return array($errors);
- }
-
- /*
- Function: clearCache
- Removes all files in the cache directory.
- */
- function clearCache() {
- $d = opendir($GLOBALS["server_root"]."cache/");
- while ($f = readdir($d)) {
- if ($f != "." && $f != ".." && !is_dir($GLOBALS["server_root"]."cache/".$f)) {
- unlink($GLOBALS["server_root"]."cache/".$f);
- }
- }
- }
-
- /*
- Function: createCallout
- Creates a callout and its files.
-
- Parameters:
- id - The id.
- name - The name.
- description - The description.
- level - Access level (0 for everyone, 1 for administrators, 2 for developers).
- resources - An array of resources.
- */
-
- function createCallout($id,$name,$description,$level,$resources) {
- // If we're creating a new file, let's populate it with some convenience things to show what resources are available.
- $file_contents = '<?
- /*
- Resources Available:
- ';
-
- $cached_types = $this->getCachedFieldTypes();
- $types = $cached_types["callout"];
-
- $clean_resources = array();
- foreach ($resources as $resource) {
- if ($resource["id"] && $resource["id"] != "type") {
- $options = json_decode($resource["options"],true);
- foreach ($options as $key => $val) {
- if ($key != "title" && $key != "id" && $key != "type") {
- $resource[$key] = $val;
- }
- }
-
- $file_contents .= ' $'.$resource["id"].' = '.$resource["title"].' - '.$types[$resource["type"]]."\n";
-
- $resource["id"] = htmlspecialchars($resource["id"]);
- $resource["title"] = htmlspecialchars($resource["title"]);
- $resource["subtitle"] = htmlspecialchars($resource["subtitle"]);
- unset($resource["options"]);
- $clean_resources[] = $resource;
- }
- }
-
- $file_contents .= ' */
- ?>';
-
- // Clean up the post variables
- $id = mysql_real_escape_string(htmlspecialchars($id));
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $description = mysql_real_escape_string(htmlspecialchars($description));
- $level = mysql_real_escape_string($level);
- $resources = mysql_real_escape_string(json_encode($clean_resources));
-
- if (!file_exists($GLOBALS["server_root"]."templates/callouts/".$id.".php")) {
- file_put_contents($GLOBALS["server_root"]."templates/callouts/".$id.".php",$file_contents);
- chmod($GLOBALS["server_root"]."templates/callouts/".$id.".php",0777);
- }
-
- sqlquery("INSERT INTO bigtree_callouts (`id`,`name`,`description`,`resources`,`level`) VALUES ('$id','$name','$description','$resources','$level')");
- }
-
- /*
- Function: createFeed
- Creates a feed.
-
- Parameters:
- name - The name.
- description - The description.
- table - The data table.
- type - The feed type.
- options - The feed type options.
- fields - The fields.
-
- Returns:
- The route to the new feed.
- */
-
- function createFeed($name,$description,$table,$type,$options,$fields) {
- global $cms;
-
- // Options were encoded before submitting the form, so let's get them back.
- $options = json_decode($options,true);
- if (is_array($options)) {
- foreach ($options as &$option) {
- $option = str_replace($www_root,"{wwwroot}",$option);
- }
- }
-
- // Get a unique route!
- $route = $cms->urlify($name);
- $x = 2;
- $oroute = $route;
- $f = $cms->getFeedByRoute($route);
- while ($f) {
- $route = $oroute."-".$x;
- $f = $cms->getFeedByRoute($route);
- $x++;
- }
-
- // Fix stuff up for the db.
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $description = mysql_real_escape_string(htmlspecialchars($description));
- $table = mysql_real_escape_string($table);
- $type = mysql_real_escape_string($type);
- $options = mysql_real_escape_string(json_encode($options));
- $fields = mysql_real_escape_string(json_encode($fields));
- $route = mysql_real_escape_string($route);
-
- sqlquery("INSERT INTO bigtree_feeds (`route`,`name`,`description`,`type`,`table`,`fields`,`options`) VALUES ('$route','$name','$description','$type','$table','$fields','$options')");
-
- return $route;
- }
-
- /*
- Function: createFieldType
- Creates a field type and its files.
-
- Parameters:
- id - The id of the field type.
- name - The name.
- pages - Whether it can be used as a page resource or not ("on" is yes)
- modules - Whether it can be used as a module resource or not ("on" is yes)
- callouts - Whether it can be used as a callout resource or not ("on" is yes)
- */
-
- function createFieldType($id,$name,$pages,$modules,$callouts) {
- $id = mysql_real_escape_string($id);
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $author = mysql_real_escape_string($this->Name);
- $pages = mysql_real_escape_string($pages);
- $modules = mysql_real_escape_string($modules);
- $callouts = mysql_real_escape_string($callouts);
-
- $file = "$id.php";
-
- sqlquery("INSERT INTO bigtree_field_types (`id`,`name`,`pages`,`modules`,`callouts`) VALUES ('$id','$name','$pages','$modules','$callouts')");
-
- // Make the files for draw and process and options if they don't exist.
- if (!file_exists($GLOBALS["server_root"]."custom/admin/form-field-types/draw/$file")) {
- BigTree::touchFile($GLOBALS["server_root"]."custom/admin/form-field-types/draw/$file");
- file_put_contents($GLOBALS["server_root"]."custom/admin/form-field-types/draw/$file",'<? include BigTree::path("admin/form-field-types/draw/text.php"); ?>');
- chmod($GLOBALS["server_root"]."custom/admin/form-field-types/draw/$file",0777);
- }
- if (!file_exists($GLOBALS["server_root"]."custom/admin/form-field-types/process/$file")) {
- BigTree::touchFile($GLOBALS["server_root"]."custom/admin/form-field-types/process/$file");
- file_put_contents($GLOBALS["server_root"]."custom/admin/form-field-types/process/$file",'<? $value = $data[$key]; ?>');
- chmod($GLOBALS["server_root"]."custom/admin/form-field-types/process/$file",0777);
- }
- if (!file_exists($GLOBALS["server_root"]."custom/admin/ajax/developer/field-options/$file")) {
- BigTree::touchFile($GLOBALS["server_root"]."custom/admin/ajax/developer/field-options/$file");
- chmod($GLOBALS["server_root"]."custom/admin/ajax/developer/field-options/$file",0777);
- }
-
- unlink($GLOBALS["server_root"]."cache/form-field-types.btc");
- }
-
- /*
- Function: createMessage
- Creates a message in message center.
-
- Parameters:
- subject - The subject line.
- message - The message.
- recipients - The recipients.
- in_response_to - The message being replied to.
- */
-
- function createMessage($subject,$message,$recipients,$in_response_to = 0) {
- // Clear tags out of the subject, sanitize the message body of XSS attacks.
- $subject = mysql_real_escape_string(htmlspecialchars(strip_tags($subject)));
- $message = mysql_real_escape_string(strip_tags($message,"<p><b><strong><em><i><a>"));
- $in_response_to = mysql_real_escape_string($in_response_to);
-
- // We build the send_to field this way so that we don't have to create a second table of recipients.
- // Is it faster database wise using a LIKE over a JOIN? I don't know, but it makes for one less table.
- $send_to = "|";
- foreach ($recipients as $r) {
- // Make sure they actually put in a number and didn't try to screw with the $_POST
- $send_to .= intval($r)."|";
- }
-
- $send_to = mysql_real_escape_string($send_to);
-
- sqlquery("INSERT INTO bigtree_messages (`sender`,`recipients`,`subject`,`message`,`date`,`response_to`) VALUES ('".$this->ID."','$send_to','$subject','$message',NOW(),'$in_response_to')");
- }
-
- /*
- Function: createModule
- Creates a module and its class file.
-
- Parameters:
- name - The name of the module.
- group - The group for the module.
- class - The module class to create.
- table - The table this module relates to.
- permissions - The group-based permissions.
-
- Returns:
- The new module id.
- */
-
- function createModule($name,$group,$class,$table,$permissions) {
- global $cms;
-
- // Find an available module route.
- $route = $cms->urlify($name);
-
- // Go through the hard coded modules
- $existing = array();
- $d = opendir($GLOBALS["server_root"]."core/admin/modules/");
- while ($f = readdir($d)) {
- if ($f != "." && $f != "..") {
- $existing[] = $f;
- }
- }
- // Go through the directories (really ajax, css, images, js)
- $d = opendir($GLOBALS["server_root"]."core/admin/");
- while ($f = readdir($d)) {
- if ($f != "." && $f != "..") {
- $existing[] = $f;
- }
- }
- // Go through the hard coded pages
- $d = opendir($GLOBALS["server_root"]."core/admin/pages/");
- while ($f = readdir($d)) {
- if ($f != "." && $f != "..") {
- // Drop the .php
- $existing[] = substr($f,0,-4);
- }
- }
- // Go through already created modules
- $q = sqlquery("SELECT route FROM bigtree_modules");
- while ($f = sqlfetch($q)) {
- $existing[] = $f["route"];
- }
-
- // Get a unique route
- $x = 2;
- $oroute = $route;
- while (in_array($route,$existing)) {
- $route = $oroute."-".$x;
- $x++;
- }
-
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $route = mysql_real_escape_string($route);
- $class = mysql_real_escape_string($class);
- $group = mysql_real_escape_string($group);
- $gbp = mysql_real_escape_string(json_encode($permissions));
-
- sqlquery("INSERT INTO bigtree_modules (`name`,`route`,`class`,`group`,`gbp`) VALUES ('$name','$route','$class','$group','$gbp')");
- $id = sqlid();
-
- if ($class) {
- // Create class module.
- $f = fopen($GLOBALS["server_root"]."custom/inc/modules/$route.php","w");
- fwrite($f,"<?\n");
- fwrite($f," class $class extends BigTreeModule {\n");
- fwrite($f,"\n");
- fwrite($f,' var $Table = "'.$table.'";'."\n");
- fwrite($f,' var $Module = "'.$id.'";'."\n");
- fwrite($f," }\n");
- fwrite($f,"?>\n");
- fclose($f);
- chmod($GLOBALS["server_root"]."custom/inc/modules/$route.php",0777);
-
- // Remove cached class list.
- unlink($GLOBALS["server_root"]."cache/module-class-list.btc");
- }
-
- return $id;
- }
-
- /*
- Function: createModuleAction
- Creates a module action.
-
- Parameters:
- module - The module to create an action for.
- name - The name of the action.
- route - The action route.
- in_nav - Whether the action is in the navigation.
- icon - The icon class for the action.
- form - Optional auto module form id.
- view - Optional auto module view id.
- */
-
- function createModuleAction($module,$name,$route,$in_nav,$icon,$form = 0,$view = 0) {
- $module = mysql_real_escape_string($module);
- $route = mysql_real_escape_string(htmlspecialchars($route));
- $in_nav = mysql_real_escape_string($in_nav);
- $icon = mysql_real_escape_string($icon);
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $form = mysql_real_escape_string($form);
- $view = mysql_real_escape_string($view);
-
- $oroute = $route;
- $x = 2;
- while ($f = sqlfetch(sqlquery("SELECT * FROM bigtree_module_actions WHERE module = '$module' AND route = '$route'"))) {
- $route = $oroute."-".$x;
- $x++;
- }
-
- sqlquery("INSERT INTO bigtree_module_actions (`module`,`name`,`route`,`in_nav`,`class`,`form`,`view`) VALUES ('$module','$name','$route','$in_nav','$icon','$form','$view')");
- }
-
- /*
- Function: createModuleForm
- Creates a module form.
-
- Parameters:
- title - The title of the form.
- table - The table for the form data.
- fields - The form fields.
- javascript - Optional Javascript file to include in the form.
- css - Optional CSS file to include in the form.
- callback - Optional callback function to run after the form processes.
- default_position - Default position for entries to the form (if the view is positioned).
-
- Returns:
- The new form id.
- */
-
- function createModuleForm($title,$table,$fields,$javascript = "",$css = "",$callback = "",$default_position = "") {
- $title = mysql_real_escape_string(htmlspecialchars($title));
- $table = mysql_real_escape_string($table);
- $fields = mysql_real_escape_string(json_encode($fields));
- $javascript - mysql_real_escape_string(htmlspecialchars($javascript));
- $css - mysql_real_escape_string(htmlspecialchars($css));
- $callback - mysql_real_escape_string($callback);
- $default_position - mysql_real_escape_string($default_position);
-
- sqlquery("INSERT INTO bigtree_module_forms (`title`,`table`,`fields`,`javascript`,`css`,`callback`,`default_position`) VALUES ('$title','$table','$fields','$javascript','$css','$callback','$default_position')");
- return sqlid();
- }
-
- /*
- Function: createModuleGroup
- Creates a module group.
-
- Parameters:
- name - The name of the group.
- package - The (optional) package id the group originated from.
-
- Returns:
- The id of the newly created group.
- */
-
- function createModuleGroup($name,$in_nav,$package = 0) {
- global $cms;
-
- $name = mysql_real_escape_string($name);
- $packge = mysql_real_escape_string($package);
-
- // Get a unique route
- $x = 2;
- $route = $cms->urlify($name);
- $oroute = $route;
- while ($this->getModuleGroupByRoute($route)) {
- $route = $oroute."-".$x;
- $x++;
- }
-
- // Just to be safe
- $route = mysql_real_escape_string($route);
-
- sqlquery("INSERT INTO bigtree_module_groups (`name`,`route`,`in_nav`,`package`) VALUES ('$name','$route','$in_nav','$package')");
- return sqlid();
- }
-
- /*
- Function: createModuleView
- Creates a module view.
-
- Parameters:
- title - View title.
- description - Description.
- table - Data table.
- type - View type.
- options - View options array.
- fields - Field array.
- actions - Actions array.
- suffix - Add/Edit suffix.
- uncached - Don't cache the view.
- preview_url - Optional preview URL.
-
- Returns:
- The id for view.
- */
-
- function createModuleView($title,$description,$table,$type,$options,$fields,$actions,$suffix,$uncached = "",$preview_url = "") {
- $title = mysql_real_escape_string(htmlspecialchars($title));
- $description = mysql_real_escape_string(htmlspecialchars($description));
- $table = mysql_real_escape_string($table);
- $type = mysql_real_escape_string($type);
- $options = mysql_real_escape_string(json_encode($options));
- $fields = mysql_real_escape_string(json_encode($fields));
- $actions = mysql_real_escape_string(json_encode($actions));
- $suffix = mysql_real_escape_string($suffix);
- $uncached = mysql_real_escape_string($uncached);
- $preview_url = mysql_real_escape_string(htmlspecialchars($preview_url));
-
- sqlquery("INSERT INTO bigtree_module_views (`title`,`description`,`type`,`fields`,`actions`,`table`,`options`,`suffix`,`uncached`,`preview_url`) VALUES ('$title','$description','$type','$fields','$actions','$table','$options','$suffix','$uncached','$preview_url')");
-
- return sqlid();
- }
-
- /*
- Function: createPage
- Creates a page.
- Does not check permissions.
-
- Parameters:
- data - An array of page information.
-
- Returns:
- The id of the newly created page.
- */
- function createPage($data) {
- global $cms;
-
- // Loop through the posted data, make sure no session hijacking is done.
- foreach ($data as $key => $val) {
- if (substr($key,0,1) != "_") {
- if (is_array($val)) {
- $$key = mysql_real_escape_string(json_encode($val));
- } else {
- $$key = mysql_real_escape_string($val);
- }
- }
- }
-
- // If there's an external link, make sure it's a relative URL
- if ($external) {
- $external = $this->makeIPL($external);
- }
-
-
- // Who knows what they may have put in for a route, so we're not going to use the mysql_real_escape_string version.
- $route = $data["route"];
- if (!$route) {
- // If they didn't specify a route use the navigation title
- $route = $cms->urlify($data["nav_title"]);
- } else {
- // Otherwise sanitize the one they did provide.
- $route = $cms->urlify($route);
- }
-
- // We need to figure out a unique route for the page. Make sure it doesn't match a directory in /site/
- $original_route = $route;
- $x = 2;
- // Reserved paths.
- if ($parent == 0) {
- while (file_exists($GLOBALS["server_root"]."site/".$route."/")) {
- $route = $original_route."-".$x;
- $x++;
- }
- }
-
- // Make sure it doesn't have the same route as any of its siblings.
- $f = sqlfetch(sqlquery("SELECT * FROM bigtree_pages WHERE `route` = '$route' AND parent = '$parent'"));
- while ($f) {
- $route = $original_route."-".$x;
- $f = sqlfetch(sqlquery("SELECT * FROM bigtree_pages WHERE `route` = '$route' AND parent = '$parent'"));
- $x++;
- }
-
- // If we have a parent, get the full navigation path, otherwise, just use this route as the path since it's top level.
- if ($parent) {
- $path = $this->getFullNavigationPath($parent)."/".$route;
- } else {
- $path = $route;
- }
-
- // If we set a publish at date, make it the proper MySQL format.
- if ($publish_at) {
- $publish_at = "'".date("Y-m-d",strtotime($publish_at))."'";
- } else {
- $publish_at = "NULL";
- }
- // If we set an expiration date, make it the proper MySQL format.
- if ($expire_at) {
- $expire_at = "'".date("Y-m-d",strtotime($expire_at))."'";
- } else {
- $expire_at = "NULL";
- }
-
- // Make the title, navigation title, description, keywords, and external link htmlspecialchar'd -- these are all things we'll be echoing in the HTML so we might as well make them valid now instead of at display time.
-
- $title = htmlspecialchars($title);
- $nav_title = htmlspecialchars($nav_title);
- $meta_description = htmlspecialchars($meta_description);
- $meta_keywords = htmlspecialchars($meta_keywords);
- $external = htmlspecialchars($external);
- // Make the page!
- sqlquery("INSERT INTO bigtree_pages (`parent`,`nav_title`,`route`,`path`,`in_nav`,`title`,`template`,`external`,`new_window`,`resources`,`callouts`,`meta_keywords`,`meta_description`,`last_edited_by`,`created_at`,`updated_at`,`publish_at`,`expire_at`,`max_age`) VALUES ('$parent','$nav_title','$route','$path','$in_nav','$title','$template','$external','$new_window','$resources','$callouts','$meta_keywords','$meta_description','".$this->ID."',NOW(),NOW(),$publish_at,$expire_at,'$max_age')");
- $id = sqlid();
- // Handle tags
- if (is_array($data["_tags"])) {
- foreach ($data["_tags"] as $tag) {
- sqlquery("INSERT INTO bigtree_tags_rel (`module`,`entry`,`tag`) VALUES ('0','$id','$tag')");
- }
- }
- // If there was an old page that had previously used this path, dump its history so we can take over the path.
- sqlquery("DELETE FROM bigtree_route_history WHERE old_route = '$path'");
-
- // Dump the cache, we don't really know how many pages may be showing this now in their nav.
- $this->clearCache();
- // Let search engines know this page now exists.
- $this->pingSearchEngines();
- // Audit trail.
- $this->track("bigtree_pages",$id,"created");
- return $id;
- }
-
- /*
- Function: createPendingChange
- Creates a pending change.
-
- Parameters:
- table - The table the change applies to.
- item_id - The entry the change applies to's id.
- changes - The changes to the fields in the entry.
- mtm_changes - Many to Many changes.
- tags_changes - Tags changes.
- module - The module id for the change.
-
- Returns:
- The change id.
- */
-
- function createPendingChange($table,$item_id,$changes,$mtm_changes = array(),$tags_changes = array(),$module = 0) {
- $table = mysql_real_escape_string($table);
- $item_id = mysql_real_escape_string($item_id);
- $changes = mysql_real_escape_string(json_encode($changes));
- $mtm_changes = mysql_real_escape_string(json_encode($mtm_changes));
- $tags_changes = mysql_real_escape_string(json_encode($tags_changes));
- $module = mysql_real_escape_string($module);
-
- sqlquery("INSERT INTO bigtree_pending_changes (`user`,`date`,`table`,`item_id`,`changes`,`mtm_changes`,`tags_changes`,`module`) VALUES ('".$this->ID."',NOW(),'$table','$item_id','$changes','$mtm_changes','$tags_changes','$module')");
- return sqlid();
- }
-
- /*
- Function: createPendingPage
- Creates a pending page entry in bigtree_pending_changes
-
- Parameters:
- data - An array of page information.
-
- Returns:
- The id of the pending change.
- */
- function createPendingPage($data) {
- global $cms;
-
- // Make a relative URL for external links.
- if ($data["external"]) {
- $data["external"] = $this->makeIPL($data["external"]);
- }
-
- // Save the tags, then dump them from the saved changes array.
- $tags = mysql_real_escape_string(json_encode($data["_tags"]));
- unset($data["_tags"]);
-
- // Make the nav title, title, external link, keywords, and description htmlspecialchar'd for displaying on the front end / the form again.
- $data["nav_title"] = htmlspecialchars($data["nav_title"]);
- $data["title"] = htmlspecialchars($data["title"]);
- $data["external"] = htmlspecialchars($data["external"]);
- $data["meta_keywords"] = htmlspecialchars($data["meta_keywords"]);
- $data["meta_description"] = htmlspecialchars($data["meta_description"]);
-
- $parent = mysql_real_escape_string($data["parent"]);
- // JSON encode the changes and stick them in the database.
- unset($data["MAX_FILE_SIZE"]);
- unset($data["ptype"]);
- $data = mysql_real_escape_string(json_encode($data));
-
- sqlquery("INSERT INTO bigtree_pending_changes (`user`,`date`,`title`,`table`,`changes`,`tags_changes`,`type`,`module`,`pending_page_parent`) VALUES ('".$this->ID."',NOW(),'New Page Created','bigtree_pages','$data','$tags','NEW','','$parent')");
- $id = sqlid();
-
- // Audit trail
- $this->track("bigtree_pages","p$id","created-pending");
- return $id;
- }
-
- /*
- Function: createResource
- Creates a resource.
-
- Parameters:
- folder - The folder to place it in.
- file - The file path.
- name - The file name.
- type - The file type.
- is_image - Whether the resource is an image.
- height - The image height (if it's an image).
- width - The image width (if it's an image).
- thumbs - An array of thumbnails (if it's an image).
- list_thumb_margin - The margin for the list thumbnail (if it's an image).
-
- Returns:
- The new resource id.
- */
-
- function createResource($folder,$file,$name,$type,$is_image = "",$height = 0,$width = 0,$thumbs = array(),$list_thumb_margin = 0) {
- $folder = mysql_real_escape_string($folder);
- $file = mysql_real_escape_string($file);
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $type = mysql_real_escape_string($type);
- $is_image = mysql_real_escape_string($is_image);
- $height = intval($height);
- $width = intval($width);
- $thumbs = mysql_real_escape_string(json_encode($thumbs));
- $list_thumb_margin = intval($list_thumb_margin);
-
- sqlquery("INSERT INTO bigtree_resources (`file`,`date`,`name`,`type`,`folder`,`is_image`,`height`,`width`,`thumbs`,`list_thumb_margin`) VALUES ('$file',NOW(),'$name','$type','$folder','$is_image','$height','$width','$thumbs','$list_thumb_margin')");
- return sqlid();
- }
-
- /*
- Function: createResourceFolder
- Creates a resource folder.
- Checks permissions.
-
- Paremeters:
- parent - The parent folder.
- name - The name of the new folder.
-
- Returns:
- The new folder id.
- */
-
- function createResourceFolder($parent,$name) {
- $perm = $this->getResourceFolderPermission($parent);
- if ($perm != "p") {
- die("You don't have permission to make a folder here.");
- }
-
- $parent = mysql_real_escape_string($parent);
- $name = mysql_real_escape_string(htmlspecialchars($name));
-
- sqlquery("INSERT INTO bigtree_resource_folders (`name`,`parent`) VALUES ('$name','$parent')");
- return sqlid();
- }
-
- /*
- Function: createSetting
- Creates a setting.
- Parameters:
- data - An array of settings information. Available fields: "id", "name", "description", "type", "locked", "module", "encrypted", "system"
- Returns:
- True if successful, false if a setting already exists with the ID given.
- */
- function createSetting($data) {
- // Avoid _SESSION hijacking.
- foreach ($data as $key => $val) {
- if (substr($key,0,1) != "_" && !is_array($val)) {
- $$key = mysql_real_escape_string(htmlspecialchars($val));
- }
- }
-
- // We don't want this encoded since it's a WYSIWYG field.
- $description = mysql_real_escape_string($data["description"]);
- // See if there's already a setting with this ID
- $r = sqlrows(sqlquery("SELECT id FROM bigtree_settings WHERE id = '$id'"));
- if ($r) {
- return false;
- }
- sqlquery("INSERT INTO bigtree_settings (`id`,`name`,`description`,`type`,`locked`,`encrypted`,`system`) VALUES ('$id','$name','$description','$type','$locked','$encrypted','$system')");
- // Audit trail.
- $this->track("bigtree_settings",$id,"created");
- return true;
- }
-
- /*
- Function: createTag
- Creates a new tag, or returns the id of an existing one.
-
- Parameters:
- tag - The tag.
-
- Returns:
- If the tag exists, returns the existing tag's id.
- Otherwise, returns the new tag id.
- */
-
- function createTag($tag) {
- global $cms;
-
- $tag = strtolower(html_entity_decode($tag));
- // Check if the tag exists already.
- $f = sqlfetch(sqlquery("SELECT * FROM bigtree_tags WHERE tag = '".mysql_real_escape_string($tag)."'"));
-
- if (!$f) {
- $meta = metaphone($tag);
- $route = $cms->urlify($tag);
- $oroute = $route;
- $x = 2;
- while ($f = sqlfetch(sqlquery("SELECT * FROM bigtree_tags WHERE route = '$route'"))) {
- $route = $oroute."-".$x;
- $x++;
- }
- sqlquery("INSERT INTO bigtree_tags (`tag`,`metaphone`,`route`) VALUES ('".mysql_real_escape_string($tag)."','$meta','$route')");
- $id = sqlid();
- } else {
- $id = $f["id"];
- }
-
- return $id;
- }
-
- /*
- Function: createTemplate
- Creates a template and its default files/directories.
-
- Paremeters:
- id - Id for the template.
- name - Name
- description - Description
- routed - Basic ("") or Routed ("on")
- level - Access level (0 for everyone, 1 for administrators, 2 for developers)
- module - Related module id
- image - Image
- callouts_enabled - "on" for yes
- resources - An array of resources
- */
-
- function createTemplate($id,$name,$description,$routed,$level,$module,$image,$callouts_enabled,$resources) {
- // If we're creating a new file, let's populate it with some convenience things to show what resources are available.
- $file_contents = "<?\n /*\n Resources Available:\n";
-
- $types = $this->getCachedFieldTypes();
- $types = $types["template"];
-
- $clean_resources = array();
- foreach ($resources as $resource) {
- if ($resource["id"]) {
- $options = json_decode($resource["options"],true);
- foreach ($options as $key => $val) {
- if ($key != "title" && $key != "id" && $key != "type") {
- $resource[$key] = $val;
- }
- }
-
- $file_contents .= ' $'.$resource["id"].' = '.$resource["title"].' - '.$types[$resource["type"]]."\n";
-
- $resource["id"] = htmlspecialchars($resource["id"]);
- $resource["title"] = htmlspecialchars($resource["title"]);
- $resource["subtitle"] = htmlspecialchars($resource["subtitle"]);
- unset($resource["options"]);
- $clean_resources[] = $resource;
- }
- }
-
-
- $file_contents .= ' */
- ?>';
-
- if ($routed == "on") {
- if (!file_exists($GLOBALS["server_root"]."templates/routed/".$id)) {
- mkdir($GLOBALS["server_root"]."templates/routed/".$id);
- chmod($GLOBALS["server_root"]."templates/routed/".$id,0777);
- }
- if (!file_exists($GLOBALS["server_root"]."templates/routed/".$id."/default.php")) {
- file_put_contents($GLOBALS["server_root"]."templates/routed/".$id."/default.php",$file_contents);
- chmod($GLOBALS["server_root"]."templates/routed/".$id."/default.php",0777);
- }
- } else {
- if (!file_exists($GLOBALS["server_root"]."templates/basic/".$id.".php")) {
- file_put_contents($GLOBALS["server_root"]."templates/basic/".$id.".php",$file_contents);
- chmod($GLOBALS["server_root"]."templates/basic/".$id.".php",0777);
- }
- }
-
- $id = mysql_real_escape_string($id);
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $description = mysql_real_escape_string(htmlspecialchars($description));
- $module = mysql_real_escape_string($module);
- $resources = mysql_real_escape_string(json_encode($clean_resources));
- $image = mysql_real_escape_string($image);
- $level = mysql_real_escape_string($level);
- $callouts_enabled = mysql_real_escape_string($callouts_enabled);
- $routed = mysql_real_escape_string($routed);
-
- sqlquery("INSERT INTO bigtree_templates (`id`,`name`,`module`,`resources`,`image`,`description`,`level`,`callouts_enabled`,`routed`) VALUES ('$id','$name','$module','$resources','$image','$description','$level','$callouts_enabled','$routed')");
- }
-
- /*
- Function: createUser
- Creates a user.
- Checks for developer access.
-
- Parameters:
- data - An array of user data. ("email", "password", "name", "company", "level", "permissions")
-
- Returns:
- id of the newly created user or false if a user already exists with the provided email.
- */
- function createUser($data) {
- global $config;
-
- // Safely go through the post data
- foreach ($data as $key => $val) {
- if (substr($key,0,1) != "_" && !is_array($val)) {
- $$key = mysql_real_escape_string($val);
- }
- }
- // See if the user already exists
- $r = sqlrows(sqlquery("SELECT * FROM bigtree_users WHERE email = '$email'"));
- if ($r > 0) {
- return false;
- }
- $permissions = mysql_real_escape_string(json_encode($data["permissions"]));
-
- // If the user is trying to create a developer user and they're not a developer, then… no.
- if ($level > $this->Level) {
- $level = $this->Level;
- }
-
- // Hash the password.
- $phpass = new PasswordHash($config["password_depth"], TRUE);
- $password = mysql_real_escape_string($phpass->HashPassword($data["password"]));
- sqlquery("INSERT INTO bigtree_users (`email`,`password`,`name`,`company`,`level`,`permissions`) VALUES ('$email','$password','$name','$company','$level','$permissions')");
- $id = sqlid();
-
- // Audit trail.
- $this->track("bigtree_users",$id,"created");
- return $id;
- }
-
- /*
- Function: deleteCallout
- Deletes a callout and removes its file.
-
- Parameters:
- id - The id of the callout.
- */
-
- function deleteCallout($id) {
- $id = mysql_real_escape_string($id);
- sqlquery("DELETE FROM bigtree_callouts WHERE id = '$id'");
- unlink($GLOBALS["server_root"]."templates/callouts/$id.php");
- }
-
- /*
- Function: deleteFeed
- Deletes a feed.
-
- Parameters:
- id - The id of the feed.
- */
-
- function deleteFeed($id) {
- $id = mysql_real_escape_string($id);
- sqlquery("DELETE FROM bigtree_feeds WHERE id = '$id'");
- }
-
- /*
- Function: deleteFieldType
- Deletes a field type and erases its files.
-
- Parameters:
- id - The id of the field type.
- */
-
- function deleteFieldType($id) {
- unlink($GLOBALS["server_root"]."custom/admin/form-field-types/draw/$id.php");
- unlink($GLOBALS["server_root"]."custom/admin/form-field-types/process/$id.php");
- sqlquery("DELETE FROM bigtree_field_types WHERE id = '".mysql_real_escape_string($id)."'");
- }
-
- /*
- Function: deleteModule
- Deletes a module.
-
- Parameters:
- id - The id of the module.
- */
-
- function deleteModule($id) {
- $id = mysql_real_escape_string($id);
-
- // Get info and delete the class.
- $module = $this->getModule($id);
- unlink($GLOBALS["server_root"]."custom/inc/modules/".$module["route"].".php");
-
- // Delete all the related auto module actions
- $actions = $this->getModuleActions($id);
- foreach ($actions as $action) {
- if ($action["form"]) {
- sqlquery("DELETE FROM bigtree_module_forms WHERE id = '".$action["form"]."'");
- }
- if ($action["view"]) {
- sqlquery("DELETE FROM bigtree_module_views WHERE id = '".$action["view"]."'");
- }
- }
-
- // Delete actions
- sqlquery("DELETE FROM bigtree_module_actions WHERE module = '$id'");
-
- // Delete the module
- sqlquery("DELETE FROM bigtree_modules WHERE id = '$id'");
- }
-
- /*
- Function: deleteModuleAction
- Deletes a module action.
- Also deletes the related form or view if no other action is using it.
-
- Parameters:
- id - The id of the action to delete.
- */
-
- function deleteModuleAction($id) {
- $id = mysql_real_escape_string($id);
-
- $a = $this->getModuleAction($id);
- if ($a["form"]) {
- // Only delete the auto-ness if it's the only one using it.
- if (sqlrows(sqlquery("SELECT * FROM bigtree_module_actions WHERE form = '".$a["form"]."'")) == 1) {
- sqlquery("DELETE FROM bigtree_module_forms WHERE id = '".$a["form"]."'");
- }
- }
- if ($a["view"]) {
- // Only delete the auto-ness if it's the only one using it.
- if (sqlrows(sqlquery("SELECT * FROM bigtree_module_actions WHERE view = '".$a["view"]."'")) == 1) {
- sqlquery("DELETE FROM bigtree_module_views WHERE id = '".$a["view"]."'");
- }
- }
- sqlquery("DELETE FROM bigtree_module_actions WHERE id = '$id'");
- }
-
- /*
- Function: deleteModuleForm
- Deletes a module form and its related actions.
-
- Parameters:
- id - The id of the module form.
- */
-
- function deleteModuleForm($id) {
- $id = mysql_real_escape_string($id);
- sqlquery("DELETE FROM bigtree_module_forms WHERE id = '$id'");
- sqlquery("DELETE FROM bigtree_module_actions WHERE form = '$id'");
- }
-
- /*
- Function: deleteModuleGroup
- Deletes a module group. Sets modules in the group to Misc.
-
- Parameters:
- id - The id of the module group.
- */
-
- function deleteModuleGroup($id) {
- $id = mysql_real_escape_string($id);
- sqlquery("DELETE FROM bigtree_module_groups WHERE id = '$id'");
- sqlquery("UPDATE bigtree_modules SET `group` = '0' WHERE `group` = '$id'");
- }
-
- /*
- Function: deleteModuleView
- Deletes a module view and its related actions.
-
- Parameters:
- id - The id of the module view.
- */
-
- function deleteModuleView($id) {
- $id = mysql_real_escape_string($id);
- sqlquery("DELETE FROM bigtree_module_views WHERE id = '$id'");
- sqlquery("DELETE FROM bigtree_module_actions WHERE view = '$id'");
- }
-
- /*
- Function: deletePage
- Deletes a page or a pending page.
- Checks permissions.
-
- Parameters:
- page - A page id or a pending page id prefixed with a "p"
-
- Returns:
- true if successful. Stops page execution if permission issues occur.
- */
- function deletePage($page) {
- global $cms;
- $page = mysql_real_escape_string($page);
- $r = $this->getPageAccessLevel($page);
- if ($r == "p" && $this->canModifyChildren($cms->getPage($page))) {
- // If the page isn't numeric it's most likely prefixed by the "p" so it's pending.
- if (!is_numeric($page)) {
- sqlquery("DELETE FROM bigtree_pending_changes WHERE id = '".mysql_real_escape_string(substr($page,1))."'");
- $this->growl("Pages","Deleted Page");
- $this->track("bigtree_pages","p$page","deleted-pending");
- } else {
- sqlquery("DELETE FROM bigtree_pages WHERE id = '$page'");
- // Delete the children as well.
- $this->deletePageChildren($page);
- $this->growl("Pages","Deleted Page");
- $this->track("bigtree_pages",$page,"deleted");
- }
- return true;
- }
- $this->stop("You do not have permission to delete this page.");
- }
-
- /*
- Function: deletePageChildren
- Deletes the children of a page and recurses downward.
- Does not check permissions.
-
- Parameters:
- id - The parent id to delete children for.
- */
- function deletePageChildren($id) {
- $q = sqlquery("SELECT * FROM bigtree_pages WHERE parent = '$id'");
- while ($f = sqlfetch($q)) {
- $this->deletePageChildren($f["id"]);
- }
- sqlquery("DELETE FROM bigtree_pages WHERE parent = '$id'");
- $this->track("bigtree_pages",$id,"deleted");
- }
-
- /*
- Function: deletePageDraft
- Deletes a page draft.
- Checks permissions.
-
- Parameters:
- id - The page id to delete the draft for.
- */
-
- function deletePageDraft($id) {
- $id = mysql_real_escape_string($id);
- // Get the version, check if the user has access to the page the version refers to.
- $access = $this->getPageAccessLevel($id);
- if ($access != "p") {
- $this->stop("You must be a publisher to manage revisions.");
- }
-
- // Delete draft copy
- sqlquery("DELETE FROM bigtree_pending_changes WHERE `table` = 'bigtree_pages' AND `item_id` = '$id'");
- }
-
- /*
- Function: deletePageRevision
- Deletes a page revision.
- Checks permissions.
-
- Parameters:
- id - The page version id.
- */
-
- function deletePageRevision($id) {
- // Get the version, check if the user has access to the page the version refers to.
- $revision = $this->getPageRevision($id);
- $access = $this->getPageAccessLevel($revision["page"]);
- if ($access != "p") {
- $this->stop("You must be a publisher to manage revisions.");
- }
-
- // Delete the revision
- sqlquery("DELETE FROM bigtree_page_revisions WHERE id = '".$revision["id"]."'");
- }
-
- /*
- Function: deletePendingChange
- Deletes a pending change.
-
- Parameters:
- id - The id of the change.
- */
-
- function deletePendingChange($id) {
- $id = mysql_real_escape_string($id);
- sqlquery("DELETE FROM bigtree_pending_changes WHERE id = '$id'");
- }
-
- /*
- Function: deleteSetting
- Deletes a setting.
-
- Parameters:
- id - The id of the setting.
- */
-
- function deleteSetting($id) {
- $id = mysql_real_escape_string($id);
- sqlquery("DELETE FROM bigtree_settings WHERE id = '$id'");
- }
-
- /*
- Function: deleteTemplate
- Deletes a template.
-
- Parameters:
- id - The id of the template.
- */
-
- function deleteTemplate($id) {
- $id = mysql_real_escape_string($id);
- sqlquery("DELETE FROM bigtree_templates WHERE id = '$id'");
- }
-
- /*
- Function: deleteUser
- Deletes a user.
- Checks for developer access.
-
- Parameters:
- id - The user id to delete.
-
- Returns:
- true if successful. false if the logged in user does not have permission to delete the user.
- */
- function deleteUser($id) {
- $id = mysql_real_escape_string($id);
- // If this person has higher access levels than the person trying to update them, fail.
- $current = $this->getUser($id);
- if ($current["level"] > $this->Level) {
- return false;
- }
- sqlquery("DELETE FROM bigtree_users WHERE id = '$id'");
- // Audit trail
- $this->track("bigtree_users",$id,"deleted");
- return true;
- }
-
- /*
- Function: doesModuleEditActionExist
- Determines whether there is already an edit action for a module.
-
- Parameters:
- module - The module id to check.
-
- Returns:
- 1 or 0, for true or false.
- */
-
- function doesModuleEditActionExist($module) {
- return sqlrows(sqlquery("SELECT * FROM bigtree_module_actions WHERE module = '".mysql_real_escape_string($module)."' AND route = 'edit'"));
- }
-
- /*
- Function: doesModuleLandingActionExist
- Determines whether there is already a landing action for a module.
-
- Parameters:
- module - The module id to check.
-
- Returns:
- 1 or 0, for true or false.
- */
-
- function doesModuleLandingActionExist($module) {
- return sqlrows(sqlquery("SELECT * FROM bigtree_module_actions WHERE module = '".mysql_real_escape_string($module)."' AND route = ''"));
- }
-
- /*
- Function: emailDailyDigest
- Sends out a daily digest email to all who have subscribed.
- */
- function emailDailyDigest() {
- $qusers = sqlquery("SELECT * FROM bigtree_users where daily_digest = 'on'");
- while ($user = sqlfetch($qusers)) {
- $changes = $this->getPendingChanges($user["id"]);
- $alerts = $this->getContentAlerts($user["id"]);
- // Start building the email
- $body = "BigTree Daily Digest\n";
- $body .= "====================\n";
- $body .= $GLOBALS["admin_root"]."\n\n";
-
- if (is_array($alerts) && count($alerts)) {
- $body .= "Content Age Alerts\n";
- $body .= "------------------\n\n";
-
- foreach ($alerts as $alert) {
- $body .= $alert["nav_title"]." - ".$alert["current_age"]." Days Old\n";
- $body .= $GLOBALS["www_root"].$alert["path"]."/\n";
- $body .= $GLOBALS["admin_root"]."pages/edit/".$alert["id"]."/\n\n";
- }
- }
- if (count($changes)) {
- $body .= "Pending Changes\n";
- $body .= "---------------\n\n";
- foreach ($changes as $change) {
- if ($change["title"]) {
- $body .= $change["title"];
- } else {
- $body .= $change["mod"]["name"]." - ";
- if ($change["type"] == "NEW") {
- $body .= "Addition";
- } elseif ($change["type"] == "EDIT") {
- $body .= "Edit";
- }
- }
- $body .= "\n".$change["user"]["name"]." has submitted this change request.\n";
- $body .= $this->getChangeEditLink($change)."\n\n";
-
- }
- }
-
- if (count($alerts) || count($changes)) {
- mail($user["email"],"BigTree Daily Digest",$body,"From: BigTree Digest <mailer@bigtreecms.com>");
- }
- }
- }
-
- /*
- Function: forgotPassword
- Creates a new password change hash and sends an email to the user.
- Parameters:
- email - The user's email address
- Returns:
- Redirects if the email address was found, returns false if the user doesn't exist.
- See Also:
- <changePassword>
- */
- function forgotPassword($email) {
- $email = mysql_real_escape_string($email);
- $f = sqlfetch(sqlquery("SELECT * FROM bigtree_users WHERE email = '$email'"));
- if (!$f) {
- return false;
- }
- $hash = mysql_real_escape_string(md5(md5(md5(uniqid("bigtree-hash".microtime(true))))));
- sqlquery("UPDATE bigtree_users SET change_password_hash = '$hash' WHERE id = '".$f["id"]."'");
- mail($email,"Reset Your Password","A user with the IP address ".$_SERVER["REMOTE_ADDR"]." has requested to reset your password.\n\nIf this was you, please click the link below:\n".$GLOBALS["admin_root"]."login/reset-password/$hash/","From: no-reply@bigtreecms.com");
- header("Location: ".$GLOBALS["admin_root"]."login/forgot-success/");
- die();
- }
-
- /*
- Function: get404Total
- Get the total number of 404s of a certain type.
-
- Parameters:
- type - The type to retrieve the count for (301, ignored, 404)
-
- Returns:
- The number of 404s in the table of the given type.
- */
-
- function get404Total($type) {
- if ($type == "404") {
- $total = sqlfetch(sqlquery("SELECT COUNT(id) AS `total` FROM bigtree_404s WHERE ignored = '' AND redirect_url = ''"));
- } elseif ($type == "301") {
- $total = sqlfetch(sqlquery("SELECT COUNT(id) AS `total` FROM bigtree_404s WHERE ignored = '' AND redirect_url != ''"));
- } elseif ($type == "ignored") {
- $total = sqlfetch(sqlquery("SELECT COUNT(id) AS `total` FROM bigtree_404s WHERE ignored = 'on'"));
- }
-
- return $total["total"];
- }
-
- /*
- Function: getAccessGroups
- Returns a list of all groups the logged in user has access to in a module.
-
- Parameters:
- module - A module id or module entry.
-
- Returns:
- An array of groups if a user has limited access to a module or "true" if the user has access to all groups.
- */
- function getAccessGroups($module) {
- if ($this->Level > 0) {
- return true;
- }
- if (is_array($module)) {
- $module = $module["id"];
- }
-
- if ($this->Permissions["module"][$module] && $this->Permissions["module"][$module] != "n") {
- return true;
- }
- $groups = array();
- if (is_array($this->Permissions["module_gbp"][$module])) {
- foreach ($this->Permissions["module_gbp"][$module] as $group => $permission) {
- if ($permission && $permission != "n") {
- $groups[] = $group;
- }
- }
- }
- return $groups;
- }
-
- /*
- Function: getAccessLevel
- Returns the permission level for a given module and item.
-
- Parameters:
- module - The module id or entry to check access for.
- item - (optional) The item of the module to check access for.
- table - (optional) The group based table.
-
- Returns:
- The permission level for the given item or module (if item was not passed).
-
- See Also:
- <getCachedAccessLevel>
- */
- function getAccessLevel($module,$item = array(),$table = "") {
- if ($this->Level > 0) {
- return "p";
- }
- $id = is_array($module) ? $module["id"] : $module;
- $perm = $this->Permissions["module"][$id];
- // If group based permissions aren't on or we're a publisher of this module it's an easy solution… or if we're not even using the table.
- if (!$item || !$module["gbp"]["enabled"] || $perm == "p" || $table != $module["gbp"]["table"]) {
- return $perm;
- }
-
- if (is_array($this->Permissions["module_gbp"][$id])) {
- $gv = $item[$module["gbp"]["group_field"]];
- $gp = $this->Permissions["module_gbp"][$id][$gv];
- if ($gp != "n") {
- return $gp;
- }
- }
- return $perm;
- }
-
- /*
- Function: getActionClass
- Returns the button class for the given action and item.
-
- Parameters:
- action - The action for the item (edit, feature, approve, etc)
- item - The entry to check the action for.
-
- Returns:
- Class name for the <a> tag.
-
- For example, if the item is already featured, this returns "icon_featured icon_featured_on" for the "feature" action.
- If the item isn't already featured, it would simply return "icon_featured" for the "feature" action.
- */
- function getActionClass($action,$item) {
- $class = "";
- if ($item["bigtree_pending"] && $action != "edit" && $action != "delete") {
- return "icon_disabled";
- }
- if ($action == "feature") {
- $class = "icon_feature";
- if ($item["featured"]) {
- $class .= " icon_feature_on";
- }
- }
- if ($action == "edit") {
- $class = "icon_edit";
- }
- if ($action == "delete") {
- $class = "icon_delete";
- }
- if ($action == "approve") {
- $class = "icon_approve";
- if ($item["approved"]) {
- $class .= " icon_approve_on";
- }
- }
- if ($action == "archive") {
- $class = "icon_archive";
- if ($item["archived"]) {
- $class .= " icon_archive_on";
- }
- }
- if ($action == "preview") {
- $class = "icon_preview";
- }
- return $class;
- }
-
- /*
- Function: getArchivedNavigationByParent
- Returns an alphabetic list of navigation that is archived under the given parent.
-
- Parameters:
- parent - The ID of the parent page
-
- Returns:
- An array of page entries.
- */
- function getArchivedNavigationByParent($parent) {
- $nav = array();
- $q = sqlquery("SELECT id,nav_title as title,parent,external,new_window,template,publish_at,expire_at,path FROM bigtree_pages WHERE parent = '$parent' AND archived = 'on' ORDER BY nav_title asc");
- while ($nav_item = sqlfetch($q)) {
- $nav_item["external"] = str_replace("{wwwroot}",$GLOBALS["www_root"],$nav_item["external"]);
- $nav[] = $nav_item;
- }
- return $nav;
- }
-
- /*
- Function: getAutoModuleActions
- Return a list of module forms and views.
- Used by the API for reconstructing forms and views.
-
- Parameters:
- module - The module id to pull forms/views for.
-
- Returns:
- An array of module actions with "form" and "view" columns replaced with form and view data.
-
- See Also:
- <BigTreeAutoModule.getForm>
- <BigTreeAutoModule.getView>
- */
-
- function getAutoModuleActions($module) {
- $items = array();
- $id = mysql_real_escape_string($module);
- $q = sqlquery("SELECT * FROM bigtree_module_actions WHERE module = '$id' AND (form != 0 OR view != 0) AND in_nav = 'on' ORDER BY position DESC, id ASC");
- while ($f = sqlfetch($q)) {
- if ($f["form"]) {
- $f["form"] = BigTreeAutoModule::getForm($f["form"]);
- $f["type"] = "form";
- } elseif ($f["view"]) {
- $f["view"] = BigTreeAutoModule::getView($f["view"]);
- $f["type"] = "view";
- }
- $items[] = $f;
- }
- return $items;
- }
-
- /*
- Function: getBasicTemplates
- Returns a list of non-routed templates ordered by position.
-
- Returns:
- An array of template entries.
- */
- function getBasicTemplates() {
- $q = sqlquery("SELECT * FROM bigtree_templates WHERE level <= '".$this->Level."' ORDER BY position DESC, id ASC");
- $items = array();
- while ($f = sqlfetch($q)) {
- if (!$f["routed"]) {
- $items[] = $f;
- }
- }
- return $items;
- }
-
- /*
- Function: getCachedAccessLevel
- Returns the permission level for a given module and cached view entry.
-
- Parameters:
- module - The module id or entry to check access for.
- item - (optional) The item of the module to check access for.
- table - (optional) The group based table.
-
- Returns:
- The permission level for the given item or module (if item was not passed).
-
- See Also:
- <getAccessLevel>
- */
- // Since cached items don't use their normal columns...
- function getCachedAccessLevel($module,$item = array(),$table = "") {
- if ($this->Level > 0) {
- return "p";
- }
- $id = is_array($module) ? $module["id"] : $module;
- $perm = $this->Permissions["module"][$id];
- // If group based permissions aren't on or we're a publisher of this module it's an easy solution… or if we're not even using the table.
- if (!$item || !$module["gbp"]["enabled"] || $perm == "p" || $table != $module["gbp"]["table"]) {
- return $perm;
- }
- if (is_array($this->Permissions["module_gbp"][$id])) {
- $gv = $item["gbp_field"];
- $gp = $this->Permissions["module_gbp"][$id][$gv];
- if ($gp != "n") {
- return $gp;
- }
- }
- return $perm;
- }
-
- /*
- Function: getCachedFieldTypes
- Caches available field types and returns them.
-
- Returns:
- Array of three arrays of field types (template, module, and callout).
- */
-
- function getCachedFieldTypes() {
- // Used cached values if available, otherwise query the DB
- if (file_exists($GLOBALS["server_root"]."cache/form-field-types.btc")) {
- $types = json_decode(file_get_contents($GLOBALS["server_root"]."cache/form-field-types.btc"),true);
- } else {
- $types["module"] = array(
- "text" => "Text",
- "textarea" => "Text Area",
- "html" => "HTML Area",
- "upload" => "Upload",
- "list" => "List",
- "checkbox" => "Checkbox",
- "date" => "Date Picker",
- "time" => "Time Picker",
- "photo-gallery" => "Photo Gallery",
- "array" => "Array of Items",
- "route" => "Generated Route",
- "custom" => "Custom Function"
- );
-
- $types["template"] = array(
- "text" => "Text",
- "textarea" => "Text Area",
- "html" => "HTML Area",
- "upload" => "Upload",
- "list" => "List",
- "checkbox" => "Checkbox",
- "date" => "Date Picker",
- "time" => "Time Picker",
- "photo-gallery" => "Photo Gallery",
- "array" => "Array of Items",
- "custom" => "Custom Function"
- );
-
- $types["callout"] = array(
- "text" => "Text",
- "textarea" => "Text Area",
- "html" => "HTML Area",
- "upload" => "Upload",
- "list" => "List",
- "checkbox" => "Checkbox",
- "date" => "Date Picker",
- "time" => "Time Picker",
- "array" => "Array of Items",
- "custom" => "Custom Function"
- );
- $q = sqlquery("SELECT * FROM bigtree_field_types ORDER BY name");
- while ($f = sqlfetch($q)) {
- if ($f["pages"]) {
- $types["template"][$f["id"]] = $f["name"];
- }
- if ($f["modules"]) {
- $types["module"][$f["id"]] = $f["name"];
- }
- if ($f["callouts"]) {
- $types["callout"][$f["id"]] = $f["name"];
- }
- }
- file_put_contents($GLOBALS["server_root"]."cache/form-field-types.btc",json_encode($types));
- }
-
- return $types;
- }
-
- /*
- Function: getCallout
- Returns a callout entry.
-
- Parameters:
- id - The id of the callout.
-
- Returns:
- A callout entry from bigtree_callouts with resources decoded.
- */
-
- function getCallout($id) {
- $id = mysql_real_escape_string($id);
- $item = sqlfetch(sqlquery("SELECT * FROM bigtree_callouts WHERE id = '$id'"));
- $item["resources"] = json_decode($item["resources"],true);
- return $item;
- }
-
- /*
- Function: getCallouts
- Returns a list of callouts.
-
- Parameters:
- sort - The order to return the callouts. Defaults to positioned.
-
- Returns:
- An array of callout entries from bigtree_callouts.
- */
- function getCallouts($sort = "position DESC, id ASC") {
- $callouts = array();
- $q = sqlquery("SELECT * FROM bigtree_callouts ORDER BY $sort");
- while ($f = sqlfetch($q)) {
- $callouts[] = $f;
- }
- return $callouts;
- }
-
- /*
- Function: getChange
- Get a pending change.
-
- Parameters:
- id - The id of the pending change.
-
- Returns:
- A pending change entry from the bigtree_pending_changes table.
- */
- function getChange($id) {
- return sqlfetch(sqlquery("SELECT * FROM bigtree_pending_changes WHERE id = '$id'"));
- }
- /*
- Function: getChangeEditLink
- Returns a link to where the item involved in the pending change can be edited.
- Parameters:
- change - The ID of the change or the change array from the database.
- Returns:
- A string containing a link to the admin.
- */
- function getChangeEditLink($change) {
- if (!is_array($change)) {
- $change = sqlfetch(sqlquery("SELECT * FROM bigtree_pending_changes WHERE id = '$change'"));
- }
- if ($change["table"] == "bigtree_pages" && $change["item_id"]) {
- return $GLOBALS["admin_root"]."pages/edit/".$change["item_id"]."/";
- }
- if ($change["table"] == "bigtree_pages") {
- return $GLOBALS["admin_root"]."pages/edit/p".$change["id"]."/";
- }
- $modid = $change["module"];
- $module = sqlfetch(sqlquery("SELECT * FROM bigtree_modules WHERE id = '$modid'"));
- $form = sqlfetch(sqlquery("SELECT * FROM bigtree_module_forms WHERE `table` = '".$change["table"]."'"));
- $action = sqlfetch(sqlquery("SELECT * FROM bigtree_module_actions WHERE `form` = '".$form["id"]."' AND in_nav = ''"));
- if (!$change["item_id"]) {
- $change["item_id"] = "p".$change["id"];
- }
- if ($action) {
- return $GLOBALS["admin_root"].$module["route"]."/".$action["route"]."/".$change["item_id"]."/";
- } else {
- return $GLOBALS["admin_root"].$module["route"]."/edit/".$change["item_id"]."/";
- }
- }
-
- /*
- Function: getContentAlerts
- Gets a list of pages with content older than their Max Content Age that a user follows.
-
- Parameters:
- user - The user id to pull alerts for or a user entry.
-
- Returns:
- An array of arrays containing a page title, path, and id.
- */
-
- function getContentAlerts($user) {
- if (is_array($user)) {
- $user = $this->getUser($user["id"]);
- } else {
- $user = $this->getUser($user);
- }
-
- if (!is_array($user["alerts"])) {
- return false;
- }
-
- $alerts = array();
- // We're going to generate a list of pages the user cares about first to get their paths.
- $where = array();
- foreach ($user["alerts"] as $alert => $status) {
- $where[] = "id = '".mysql_real_escape_string($alert)."'";
- }
- if (!count($where)) {
- return false;
- }
- // If we care about the whole tree, skip the madness.
- if ($alerts[0] == "on") {
- $q = sqlquery("SELECT nav_title,id,path,updated_at,DATEDIFF('".date("Y-m-d")."',updated_at) AS current_age FROM bigtree_pages WHERE max_age > 0 AND DATEDIFF('".date("Y-m-d")."',updated_at) > max_age ORDER BY current_age DESC");
- } else {
- $paths = array();
- $q = sqlquery("SELECT path FROM bigtree_pages WHERE ".implode(" OR ",$where));
- while ($f = sqlfetch($q)) {
- $paths[] = "path = '".mysql_real_escape_string($f["path"])."' OR path LIKE '".mysql_real_escape_string($f["path"])."/%'";
- }
- // Find all the pages that are old that contain our paths
- $q = sqlquery("SELECT nav_title,id,path,updated_at,DATEDIFF('".date("Y-m-d")."',updated_at) AS current_age FROM bigtree_pages WHERE max_age > 0 AND (".implode(" OR ",$paths).") AND DATEDIFF('".date("Y-m-d")."',updated_at) > max_age ORDER BY current_age DESC");
- }
-
- while ($f = sqlfetch($q)) {
- $alerts[] = $f;
- }
-
- return $alerts;
- }
-
- /*
- Function: getFeeds
- Returns a list of feeds.
-
- Parameters:
- sort - The sort direction, defaults to name.
-
- Returns:
- An array of feed elements from bigtree_feeds sorted by name.
- */
-
- function getFeeds($sort = "name ASC") {
- $feeds = array();
- $q = sqlquery("SELECT * FROM bigtree_feeds ORDER BY $sort");
- while ($f = sqlfetch($q)) {
- $feeds[] = $f;
- }
- return $feeds;
- }
-
- /*
- Function: getFieldType
- Returns a field type.
-
- Parameters:
- id - The id of the file type.
-
- Returns:
- A field type entry with the "files" column decoded.
- */
-
- function getFieldType($id) {
- $id = mysql_real_escape_string($id);
- $item = sqlfetch(sqlquery("SELECT * FROM bigtree_field_types WHERE id = '$id'"));
- if (!$item) {
- return false;
- }
- return $item;
- }
-
- /*
- Function: getFieldTypes
- Returns a list of field types.
-
- Parameters:
- sort - The sort directon, defaults to name ASC.
-
- Returns:
- An array of entries from bigtree_field_types.
- */
- function getFieldTypes($sort = "name ASC") {
- $types = array();
- $q = sqlquery("SELECT * FROM bigtree_field_types ORDER BY $sort");
- while ($f = sqlfetch($q)) {
- $types[] = $f;
- }
- return $types;
- }
-
- /*
- Function: getFullNavigationPath
- Calculates the full navigation path for a given page ID.
-
- Parameters:
- id - The page ID to calculate the navigation path for.
-
- Returns:
- The navigation path (normally found in the "path" column in bigtree_pages).
- */
- function getFullNavigationPath($id, $path = array()) {
- global $cms;
-
- // We can change $GLOBALS["root_page"] to drive multiple sites from different branches of the Pages tree.
- $root_page = isset($GLOBALS["root_page"]) ? $_GLOBALS["root_page"] : 0;
-
- $f = sqlfetch(sqlquery("SELECT route,id,parent FROM bigtree_pages WHERE id = '$id'"));
- $path[] = $cms->urlify($f["route"]);
- if ($f["parent"] != $root_page && $f["parent"] != 0) {
- return $this->getFullNavigationPath($f["parent"],$path);
- }
- $path = implode("/",array_reverse($path));
- return $path;
- }
-
- /*
- Function: getHiddenNavigationByParent
- Returns an alphabetic list of navigation that is hidden under the given parent.
-
- Parameters:
- parent - The ID of the parent page
-
- Returns:
- An array of page entries.
- */
- function getHiddenNavigationByParent($parent) {
- $nav = array();
- $q = sqlquery("SELECT id,nav_title as title,parent,external,new_window,template,publish_at,expire_at,path FROM bigtree_pages WHERE parent = '$parent' AND in_nav = '' AND archived != 'on' ORDER BY nav_title asc");
- while ($nav_item = sqlfetch($q)) {
- $nav_item["external"] = str_replace("{wwwroot}",$GLOBALS["www_root"],$nav_item["external"]);
- $nav[] = $nav_item;
- }
- return $nav;
- }
-
- /*
- Function: getMessages
- Returns all a user's messages.
-
- Returns:
- An array containing "sent", "read", and "unread" keys that contain an array of messages each.
- */
-
- function getMessages() {
- $sent = array();
- $read = array();
- $unread = array();
- $q = sqlquery("SELECT bigtree_messages.*, bigtree_users.name AS sender_name FROM bigtree_messages JOIN bigtree_users ON bigtree_messages.sender = bigtree_users.id WHERE sender = '".$this->ID."' OR recipients LIKE '%|".$this->ID."|%' ORDER BY date DESC");
-
- while ($f = sqlfetch($q)) {
- // If we're the sender put it in the sent array.
- if ($f["sender"] == $this->ID) {
- $sent[] = $f;
- } else {
- // If we've been marked read, put it in the read array.
- if ($f["read_by"] && strpos("|".$this->ID."|",$f["read_by"]) !== false) {
- $read[] = $f;
- } else {
- $unread[] = $f;
- }
- }
- }
-
- return array("sent" => $sent, "read" => $read, "unread" => $unread);
- }
-
- /*
- Function: getMessage
- Returns a message from message center.
-
- Paramters:
- id - The id of the message.
-
- Returns:
- An entry from bigtree_messages.
- */
-
- function getMessage($id) {
- $message = sqlfetch(sqlquery("SELECT * FROM bigtree_messages WHERE id = '".mysql_real_escape_string($id)."'"));
- if ($message["sender"] != $this->ID && strpos("|".$this->ID."|",$message["recipients"]) === false) {
- $this->stop("This message was not sent by you, or to you.");
- }
- return $message;
- }
-
- /*
- Function: getModule
- Returns an entry from the bigtree_modules table.
-
- Parameters:
- id - The id of the module.
-
- Returns:
- A module entry with the "gbp" column decoded.
- */
- function getModule($id) {
- $id = mysql_real_escape_string($id);
- $module = sqlfetch(sqlquery("SELECT * FROM bigtree_modules WHERE id = '$id'"));
- if (!$module) {
- return false;
- }
- $module["gbp"] = json_decode($module["gbp"],true);
- return $module;
- }
-
- /*
- Function: getModuleAction
- Returns an entry from the bigtree_module_actions table.
-
- Parameters:
- id - The id of the action.
-
- Returns:
- A module action entry.
- */
- function getModuleAction($id) {
- $id = mysql_real_escape_string($id);
- return sqlfetch(sqlquery("SELECT * FROM bigtree_module_actions WHERE id = '$id'"));
- }
-
- /*
- Function: getModuleActionByRoute
- Returns an entry from the bigtree_module_actions table for the given module and route.
-
- Parameters:
- module - The module to lookup an action for.
- route - The route of the action.
-
- Returns:
- A module action entry.
- */
- function getModuleActionByRoute($module,$route) {
- $module = mysql_real_escape_string($module);
- $route = mysql_real_escape_string($route);
- return sqlfetch(sqlquery("SELECT * FROM bigtree_module_actions WHERE module = '$module' AND route = '$route'"));
- }
-
- /*
- Function: getModuleActionForForm
- Returns the related module action for an auto module form.
-
- Parameters:
- form - The id of a form or a form entry.
-
- Returns:
- A module action entry.
- */
- function getModuleActionForForm($form) {
- if (is_array($form)) {
- $form = mysql_real_escape_string($form["id"]);
- } else {
- $form = mysql_real_escape_string($form);
- }
- return sqlfetch(sqlquery("SELECT * FROM bigtree_module_actions WHERE form = '$form'"));
- }
-
- /*
- Function: getModuleActionForView
- Returns the related module action for an auto module view.
-
- Parameters:
- view - The id of a view or a view entry.
-
- Returns:
- A module action entry.
- */
- function getModuleActionForView($view) {
- if (is_array($form)) {
- $view = mysql_real_escape_string($view["id"]);
- } else {
- $view = mysql_real_escape_string($view);
- }
- return sqlfetch(sqlquery("SELECT * FROM bigtree_module_actions WHERE view = '$view'"));
- }
-
- /*
- Function: getModuleActions
- Returns a list of module actions in positioned order.
-
- Parameters:
- module - A module id or a module entry.
-
- Returns:
- An array of module action entries.
- */
- function getModuleActions($module) {
- if (is_array($module)) {
- $module = mysql_real_escape_string($module["id"]);
- } else {
- $module = mysql_real_escape_string($module);
- }
- $items = array();
- $q = sqlquery("SELECT * FROM bigtree_module_actions WHERE module = '$module' ORDER BY position DESC, id ASC");
- while ($f = sqlfetch($q)) {
- $items[] = $f;
- }
- return $items;
- }
-
- /*
- Function: getModuleByRoute
- Returns a module entry for the given route.
-
- Parameters:
- route - A module route.
-
- Returns:
- A module entry with the "gbp" column decoded or false if a module was not found.
- */
-
- function getModuleByRoute($route) {
- $route = mysql_real_escape_string($route);
- $module = sqlfetch(sqlquery("SELECT * FROM bigtree_modules WHERE route = '$route'"));
- if (!$module) {
- return false;
- }
- $module["gbp"] = json_decode($module["gbp"],true);
- return $module;
- }
-
- /*
- Function: getModuleForms
- Gets all module forms.
-
- Returns:
- An array of entries from bigtree_module_forms with "fields" decoded.
- */
-
- function getModuleForms() {
- $items = array();
- $q = sqlquery("SELECT * FROM bigtree_module_forms");
- while ($f = sqlfetch($q)) {
- $f["fields"] = json_decode($f["fields"],true);
- $items[] = $f;
- }
- return $items;
- }
-
- /*
- Function: getModuleGroup
- Returns a module group entry from the bigtree_module_groups table.
-
- Parameters:
- id - The id of the module group.
-
- Returns:
- A module group entry.
-
- See Also:
- <getModuleGroupByName>
- <getModuleGroupByRoute>
- */
-
- function getModuleGroup($id) {
- $id = mysql_real_escape_string($id);
- return sqlfetch(sqlquery("SELECT * FROM bigtree_module_groups WHERE id = '$id'"));
- }
-
- /*
- Function: getModuleGroupByName
- Returns a module group entry from the bigtree_module_groups table.
-
- Parameters:
- name - The name of the module group.
-
- Returns:
- A module group entry.
-
- See Also:
- <getModuleGroup>
- <getModuleGroupByRoute>
- */
-
- function getModuleGroupByName($name) {
- $name = mysql_real_escape_string(strtolower($name));
- return sqlfetch(sqlquery("SELECT * FROM bigtree_module_groups WHERE LOWER(name) = '$name'"));
- }
-
- /*
- Function: getModuleGroupByRoute
- Returns a module group entry from the bigtree_module_groups table.
-
- Parameters:
- route - The route of the module group.
-
- Returns:
- A module group entry.
-
- See Also:
- <getModuleGroup>
- <getModuleGroupByName>
- */
-
- function getModuleGroupByRoute($route) {
- $name = mysql_real_escape_string($route);
- return sqlfetch(sqlquery("SELECT * FROM bigtree_module_groups WHERE route = '$route'"));
- }
-
- /*
- Function: getModuleGroups
- Returns a list of module groups.
-
- Parameters:
- sort - Sort by (defaults to positioned)
-
- Returns:
- An array of module group entries from bigtree_module_groups.
- */
- function getModuleGroups($sort = "position DESC, id ASC") {
- $items = array();
- $q = sqlquery("SELECT * FROM bigtree_module_groups ORDER BY $sort");
- while ($f = sqlfetch($q)) {
- $items[$f["id"]] = $f;
- }
- return $items;
- }
-
- /*
- Function: getModuleNavigation
- Returns a list of module actions that are in navigation.
-
- Parameters:
- module - A module id or a module entry.
-
- Returns:
- An array of module actions from bigtree_module_actions.
- */
- function getModuleNavigation($module) {
- if (is_array($module)) {
- $module = mysql_real_escape_string($module["id"]);
- } else {
- $module = mysql_real_escape_string($module);
- }
- $items = array();
- $q = sqlquery("SELECT * FROM bigtree_module_actions WHERE module = '$module' AND in_nav = 'on' ORDER BY position DESC, id ASC");
- while ($f = sqlfetch($q)) {
- $items[] = $f;
- }
- return $items;
- }
-
- /*
- Function: getModulePackage
- Returns a module package with details decoded.
-
- Parameters:
- id - The id of the module package.
-
- Returns:
- A module package entry from bigtree_module_packages.
- */
- function getModulePackage($id) {
- $id = mysql_real_escape_string($id);
- $item = sqlfetch(sqlquery("SELECT * FROM bigtree_module_packages WHERE id = '$id'"));
- if (!$item) {
- return false;
- }
- $item["details"] = json_decode($item["details"],true);
- return $item;
- }
- /*
- Function: getModulePackages
- Returns a list of module packages.
-
- Parameters:
- sort - Sort order (defaults to alphabetical by name)
-
- Returns:
- An array of entries from bigtree_module_packages.
- */
- function getModulePackages($sort = "name ASC") {
- $packages = array();
- $q = sqlquery("SELECT * FROM bigtree_module_packages ORDER BY $sort");
- while ($f = sqlfetch($q)) {
- $packages[] = $f;
- }
- return $packages;
- }
-
- /*
- Function: getModules
- Returns a list of modules.
-
- Parameters:
- sort - The sort order (defaults to oldest first).
- auth - If set to true, only returns modules the logged in user has access to. Defaults to true.
-
- Returns:
- An array of entries from the bigtree_modules table with an additional "group_name" column for the group the module is in.
- */
- function getModules($sort = "id ASC",$auth = true) {
- $items = array();
- $q = sqlquery("SELECT bigtree_modules.*,bigtree_module_groups.name AS group_name FROM bigtree_modules LEFT JOIN bigtree_module_groups ON bigtree_modules.`group` = bigtree_module_groups.id ORDER BY $sort");
- while ($f = sqlfetch($q)) {
- if (!$auth || $this->checkAccess($f["id"])) {
- $items[$f["id"]] = $f;
- }
- }
- return $items;
- }
-
- /*
- Function: getModulesByGroup
- Returns a list of modules in a given group.
-
- Parameters:
- group - The group to return modules for.
- sort - The sort order (defaults to positioned)
- auth - If set to true, only returns modules the logged in user has access to. Defaults to true.
-
- Returns:
- An array of entries from the bigtree_modules table with an additional "group_name" column for the group the module is in.
- */
- function getModulesByGroup($group,$sort = "position DESC, id ASC",$auth = true) {
- if (is_array($group)) {
- $group = mysql_real_escape_string($group["id"]);
- } else {
- $group = mysql_real_escape_string($group);
- }
- $items = array();
- $q = sqlquery("SELECT * FROM bigtree_modules WHERE `group` = '$group' ORDER BY $sort");
- while ($f = sqlfetch($q)) {
- if ($this->checkAccess($f["id"]) || !$auth) {
- $items[$f["id"]] = $f;
- }
- }
- return $items;
- }
-
- /*
- Function: getNaturalNavigationByParent
- Returns a list of positioned navigation that is in navigation under the given parent.
- Does not return module navigation.
-
- Parameters:
- parent - The ID of the parent page
-
- Returns:
- An array of page entries.
- */
- function getNaturalNavigationByParent($parent,$levels = 1) {
- $nav = array();
- $q = sqlquery("SELECT id,nav_title as title,parent,external,new_window,template,publish_at,expire_at,path FROM bigtree_pages WHERE parent = '$parent' AND in_nav = 'on' AND archived != 'on' ORDER BY position DESC, id ASC");
- while ($nav_item = sqlfetch($q)) {
- $nav_item["external"] = str_replace("{wwwroot}",$GLOBALS["www_root"],$nav_item["external"]);
- if ($levels > 1) {
- $nav_item["children"] = $this->getNaturalNavigationByParent($f["id"],$levels - 1);
- }
- $nav[] = $nav_item;
- }
- return $nav;
- }
-
- /*
- Function: getPageAccessLevel
- Returns the access level for the logged in user to a given page.
-
- Parameters:
- page - The page id.
-
- Returns:
- "p" for publisher, "e" for editor, false for no access.
-
- See Also:
- <getPageAccessLevelForUser>
- */
- function getPageAccessLevel($page) {
- return $this->getPageAccessLevelByUser($page,$this->ID);
- }
-
- /*
- Function: getPageAccessLevel
- Returns the access level for the given user to a given page.
-
- Parameters:
- page - The page id.
- user - The user id.
-
- Returns:
- "p" for publisher, "e" for editor, false for no access.
-
- See Also:
- <getPageAccessLevel>
- */
- function getPageAccessLevelByUser($page,$user) {
- $u = $this->getUser($user);
- if ($u["level"] > 0) {
- return "p";
- }
- if (!is_numeric($page) && $page[0] == "p") {
- $f = sqlfetch(sqlquery("SELECT * FROM bigtree_pending_changes WHERE id = '".substr($page,1)."'"));
- if ($f["user"] == $user) {
- return "p";
- }
- $pdata = json_decode($f["changes"],true);
- return $this->getPageAccessLevelByUser($pdata["parent"],$user);
- }
- $pp = $this->Permissions["page"][$page];
- if ($pp == "n") {
- return false;
- }
- if ($pp && $pp != "i") {
- return $pp;
- }
- $parent = sqlfetch(sqlquery("SELECT parent FROM bigtree_pages WHERE id = '".mysql_real_escape_string($page)."'"),true);
- $pp = $u["permissions"]["page"][$parent];
- while ((!$pp || $pp == "i") && $parent) {
- $parent = sqlfetch(sqlquery("SELECT parent FROM bigtree_pages WHERE id = '$parent'"),true);
- $pp = $u["permissions"]["page"][$parent];
- }
- if (!$pp || $pp == "i" || $pp == "n") {
- return false;
- }
- return $pp;
- }
-
- /*
- Function: getPageAdminLinks
- Gets a list of pages that link back to the admin.
-
- Returns:
- An array of pages that link to the admin.
- */
-
- function getPageAdminLinks() {
- $pages = array();
- $q = sqlquery("SELECT * FROM bigtree_pages WHERE resources LIKE '%".$admin_root."%' OR resources LIKE '%".str_replace($www_root,"{wwwroot}",$admin_root)."%'");
- while ($f = sqlfetch($q)) {
- $pages[] = $f;
- }
- return $pages;
- }
-
- /*
- Function: getPageChanges
- Returns pending changes for a given page.
-
- Parameters:
- page - The page id.
-
- Returns:
- An entry from bigtree_pending_changes with changes decoded.
- */
-
- function getPageChanges($page) {
- $page = mysql_real_escape_string($page);
- $c = sqlfetch(sqlquery("SELECT * FROM bigtree_pending_changes WHERE `table` = 'bigtree_pages' AND item_id = '$page'"));
- if (!$c) {
- return false;
- }
- $c["changes"] = json_decode($c["changes"],true);
- return $c;
- }
-
- /*
- Function: getPageChildren
- Returns all non-archived children of a given page.
-
- Parameters:
- page - The page id to pull children for.
- sort - The way to sort results. Defaults to nav_title ASC.
-
- Returns:
- An array of pages.
- */
-
- function getPageChildren($page,$sort = "nav_title ASC") {
- $page = mysql_real_escape_string($page);
- $items = array();
- $q = sqlquery("SELECT * FROM bigtree_pages WHERE parent = '$page' AND archived != 'on' ORDER BY $sort");
- while ($f = sqlfetch($q)) {
- $items[] = $f;
- }
- return $items;
- }
-
- /*
- Function: getPageIds
- Returns all page ids in bigtree_pages.
-
- Returns:
- An array of page ids.
- */
-
- function getPageIds() {
- $ids = array();
- $q = sqlquery("SELECT id FROM bigtree_pages ORDER BY id ASC");
- while ($f = sqlfetch($q)) {
- $ids[] = $f["id"];
- }
- return $ids;
- }
-
- /*
- Function: getPageOfSettings
- Returns a page of settings.
-
- Parameters:
- page - The page to return.
- query - Optional query string to search against.
- sort - Sort order. Defaults to name ASC.
-
- Returns:
- An array of entries from bigtree_settings.
- If the setting is encrypted the value will be "[Encrypted Text]", otherwise it will be decoded.
- If the calling user is a developer, returns locked settings, otherwise they are left out.
- */
- function getPageOfSettings($page = 0,$query = "") {
- global $cms;
- // If we're querying...
- if ($query) {
- $qparts = explode(" ",$query);
- $qp = array();
- foreach ($qparts as $part) {
- $part = mysql_real_escape_string($part);
- $qp[] = "(name LIKE '%$part%' OR `value` LIKE '%$part%' OR description LIKE '%$part%')";
- }
- // If we're not a developer, leave out locked settings
- if ($this->Level < 2) {
- $q = sqlquery("SELECT * FROM bigtree_settings WHERE ".implode(" AND ",$qp)." AND locked != 'on' AND system != 'on' ORDER BY name LIMIT ".($page*$this->PerPage).",".$this->PerPage);
- // If we are a developer, show them.
- } else {
- $q = sqlquery("SELECT * FROM bigtree_settings WHERE ".implode(" AND ",$qp)." AND system != 'on' ORDER BY name LIMIT ".($page*$this->PerPage).",".$this->PerPage);
- }
- } else {
- // If we're not a developer, leave out locked settings
- if ($this->Level < 2) {
- $q = sqlquery("SELECT * FROM bigtree_settings WHERE locked != 'on' AND system != 'on' ORDER BY name LIMIT ".($page*$this->PerPage).",".$this->PerPage);
- // If we are a developer, show them.
- } else {
- $q = sqlquery("SELECT * FROM bigtree_settings WHERE system != 'on' ORDER BY name LIMIT ".($page*$this->PerPage).",".$this->PerPage);
- }
- }
-
- $items = array();
- while ($f = sqlfetch($q)) {
- foreach ($f as $key => $val) {
- $f[$key] = str_replace("{wwwroot}",$GLOBALS["www_root"],$val);
- }
- $f["value"] = json_decode($f["value"],true);
- if ($f["encrypted"] == "on") {
- $f["value"] = "[Encrypted Text]";
- }
- $items[] = $f;
- }
- return $items;
- }
-
- /*
- Function: getPageOfUsers
- Returns a page of users.
-
- Parameters:
- page - The page of users to return.
- query - Optional query string to search against.
- sort - Order to sort the results by. Defaults to name ASC.
-
- Returns:
- An array of entries from bigtree_users.
- */
- function getPageOfUsers($page = 0,$query = "",$sort = "name ASC") {
- // If we're searching.
- if ($query) {
- $qparts = explode(" ",$query);
- $qp = array();
- foreach ($qparts as $part) {
- $part = mysql_real_escape_string($part);
- $qp[] = "(name LIKE '%$part%' OR email LIKE '%$part%' OR company LIKE '%$part%')";
- }
- $q = sqlquery("SELECT * FROM bigtree_users WHERE ".implode(" AND ",$qp)." ORDER BY $sort LIMIT ".($page * $this->PerPage).",".$this->PerPage);
- // If we're grabbing anyone.
- } else {
- $q = sqlquery("SELECT * FROM bigtree_users ORDER BY $sort LIMIT ".($page * $this->PerPage).",".$this->PerPage);
- }
- $items = array();
- while ($f = sqlfetch($q)) {
- $items[] = $f;
- }
- return $items;
- }
-
- /*
- Function: getPageRevision
- Returns a version of a page from the bigtree_page_revisions table.
-
- Parameters:
- id - The id of the page version.
-
- Returns:
- A page version entry from the table.
- */
- function getPageRevision($id) {
- $id = mysql_real_escape_string($id);
- $item = sqlfetch(sqlquery("SELECT * FROM bigtree_page_revisions WHERE id = '$id'"));
- return $item;
- }
-
- /*
- Function: getPageRevisions
- Get all revisions for a page.
-
- Parameters:
- page - The page id to get revisions for.
-
- Returns:
- An array of "saved" revisions and "unsaved" revisions.
- */
-
- function getPageRevisions($page) {
- $page = mysql_real_escape_string($page);
-
- // Get all previous revisions, add them to the saved or unsaved list
- $unsaved = array();
- $saved = array();
- $q = sqlquery("SELECT bigtree_users.name, bigtree_page_revisions.saved, bigtree_page_revisions.saved_description, bigtree_page_revisions.updated_at, bigtree_page_revisions.id FROM bigtree_page_revisions JOIN bigtree_users ON bigtree_page_revisions.author = bigtree_users.id WHERE page = '$page' ORDER BY updated_at DESC");
- while ($f = sqlfetch($q)) {
- if ($f["saved"]) {
- $saved[] = $f;
- } else {
- $unsaved[] = $f;
- }
- }
-
- return array("saved" => $saved, "unsaved" => $unsaved);
- }
-
- /*
- Function: getPages
- Returns all pages from the database.
-
- Returns:
- Array of unmodified entries from bigtree_pages.
- */
-
- function getPages() {
- $items = array();
- $q = sqlquery("SELECT * FROM bigtree_pages ORDER BY id ASC");
- while ($f = sqlfetch($q)) {
- $items[] = $f;
- }
- return $items;
- }
-
- /*
- Function: getPageSEORating
- Returns the SEO rating for a page.
-
- Parameters:
- page - A page array.
- content - An array of resources.
-
- Returns:
- An array of SEO data.
- "score" reflects a score from 0 to 100 points.
- "recommendations" is an array of recommendations to improve SEO score.
- "color" is a color reflecting the SEO score.
-
- Score Parameters
- - Having a title - 5 points
- - Having a unique title - 5 points
- - Title does not exceed 72 characters and has at least 4 words - 5 points
- - Having a meta description - 5 points
- - Meta description that is less than 165 characters - 5 points
- - Having an h1 - 10 points
- - Having page content - 5 points
- - Having at least 300 words in your content - 15 points
- - Having links in your content - 5 points
- - Having external links in your content - 5 points
- - Having one link for every 120 words of content - 5 points
- - Readability Score - up to 20 points
- - Fresh content - up to 10 points
- */
-
- function getPageSEORating($page,$content) {
- global $cms;
- $template = $cms->getTemplate($page["template"]);
- $tsources = array();
- $h1_field = "";
- $body_fields = array();
- if (is_array($template)) {
- foreach ($template["resources"] as $item) {
- if ($item["seo_body"]) {
- $body_fields[] = $item["id"];
- }
- if ($item["seo_h1"]) {
- $h1_field = $item["id"];
- }
- $tsources[$item["id"]] = $item;
- }
- }
- if (!$h1_field && $tsources["page_header"]) {
- $h1_field = "page_header";
- }
- if (!count($body_fields) && $tsources["page_content"]) {
- $body_fields[] = "page_content";
- }
- $textStats = new TextStatistics;
- $recommendations = array();
- $score = 0;
- // Check if they have a page title.
- if ($page["title"]) {
- $score += 5;
- // They have a title, let's see if it's unique
- $q = sqlquery("SELECT * FROM bigtree_pages WHERE title = '".mysql_real_escape_string($page["title"])."' AND id != '".$page["page"]."'");
- if ($r == 0) {
- // They have a unique title
- $score += 5;
- } else {
- $recommendations[] = "Your page title should be unique. ".($r-1)." other page(s) have the same title.";
- }
- $words = $textStats->word_count($page["title"]);
- $length = mb_strlen($page["title"]);
- if ($words >= 4 && $length <= 72) {
- // Fits the bill!
- $score += 5;
- } else {
- $recommendations[] = "Your page title should be no more than 72 characters and should contain at least 4 words.";
- }
- } else {
- $recommendations[] = "You should enter a page title.";
- }
- // Check for meta description
- if ($page["meta_description"]) {
- $score += 5;
- // They have a meta description, let's see if it's no more than 165 characters.
- if (mb_strlen($page["meta_description"]) <= 165) {
- $score += 5;
- } else {
- $recommendations[] = "Your meta description should be no more than 165 characters. It is currently ".mb_strlen($page["meta_description"])." characters.";
- }
- } else {
- $recommendations[] = "You should enter a meta description.";
- }
- // Check for an H1
- if (!$h1_field || $content[$h1_field]) {
- $score += 10;
- } else {
- $recommendations[] = "You should enter a page header.";
- }
- // Check the content!
- if (!count($body_fields)) {
- // If this template doesn't for some reason have a seo body resource, give the benefit of the doubt.
- $score += 65;
- } else {
- $regular_text = "";
- $stripped_text = "";
- foreach ($body_fields as $field) {
- if (!is_array($content[$field])) {
- $regular_text .= $content[$field]." ";
- $stripped_text .= strip_tags($content[$field])." ";
- }
- }
- // Check to see if there is any content
- if ($stripped_text) {
- $score += 5;
- $words = $textStats->word_count($stripped_text);
- $readability = $textStats->flesch_kincaid_reading_ease($stripped_text);
- $number_of_links = substr_count($regular_text,"<a ");
- $number_of_external_links = substr_count($regular_text,'href="http://');
- // See if there are at least 300 words.
- if ($words >= 300) {
- $score += 15;
- } else {
- $recommendations[] = "You should enter at least 300 words of page content. You currently have ".$words." word(s).";
- }
- // See if we have any links
- if ($number_of_links) {
- $score += 5;
- // See if we have at least one link per 120 words.
- if (floor($words / 120) <= $number_of_links) {
- $score += 5;
- } else {
- $recommendations[] = "You should have at least one link for every 120 words of page content. You currently have $number_of_links link(s). You should have at least ".floor($words / 120).".";
- }
- // See if we have any external links.
- if ($number_of_external_links) {
- $score += 5;
- } else {
- $recommendations[] = "Having an external link helps build Page Rank.";
- }
- } else {
- $recommendations[] = "You should have at least one link in your content.";
- }
- // Check on our readability score.
- if ($readability >= 90) {
- $score += 20;
- } else {
- $read_score = round(($readability / 90),2);
- $recommendations[] = "Your readability score is ".($read_score*100)."%. Using shorter sentences and words with less syllables will make your site easier to read by search engines and users.";
- $score += ceil($read_score * 20);
- }
- } else {
- $recommendations[] = "You should enter page content.";
- }
- // Check page freshness
- $updated = strtotime($page["updated_at"]);
- $age = time()-$updated-(60*24*60*60);
- // See how much older it is than 2 months.
- if ($age > 0) {
- $age_score = 10 - floor(2 * ($age / (30*24*60*60)));
- if ($age_score < 0) {
- $age_score = 0;
- }
- $score += $age_score;
- $recommendations[] = "Your content is around ".ceil(2 + ($age / (30*24*60*60)))." months old. Updating your page more frequently will make it rank higher.";
- } else {
- $score += 10;
- }
- }
- $color = "#008000";
- if ($score <= 50) {
- $color = BigTree::colorMesh("#CCAC00","#FF0000",100-(100 * $score / 50));
- } elseif ($score <= 80) {
- $color = BigTree::colorMesh("#008000","#CCAC00",100-(100 * ($score-50) / 30));
- }
- return array("score" => $score, "recommendations" => $recommendations, "color" => $color);
- }
-
- /*
- Function: getPendingChange
- Returns a pending change from the bigtree_pending_changes table.
-
- Parameters:
- id - The id of the change.
-
- Returns:
- A entry from the table with the "changes" column decoded.
- */
- function getPendingChange($id) {
- $id = mysql_real_escape_string($id);
- $item = sqlfetch(sqlquery("SELECT * FROM bigtree_pending_changes WHERE id = '$id'"));
- if (!$item) {
- return false;
- }
- $item["changes"] = json_decode($item["changes"],true);
- return $item;
- }
-
- /*
- Function: getPendingChanges
- Returns a list of changes that the logged in user has access to publish.
- Parameters:
- user - The user id to retrieve changes for. Defaults to the logged in user.
- Returns:
- An array of changes sorted by most recent.
- */
- function getPendingChanges($user = false) {
- if (!$user) {
- $user = $this->getUser($this->ID);
- } else {
- $user = $this->getUser($user);
- }
- $changes = array();
- // Setup the default search array to just be pages
- $search = array("`module` = ''");
- // Add each module the user has publisher permissions to
- if (is_array($user["permissions"]["module"])) {
- foreach ($user["permissions"]["module"] as $module => $permission) {
- if ($permission == "p") {
- $search[] = "`module` = '$module'";
- }
- }
- }
-
- // Add module group based permissions as well
- if (is_array($user["permissions"]["module_gbp"])) {
- foreach ($user["permissions"]["module_gbp"] as $module => $groups) {
- foreach ($groups as $group => $permission) {
- if ($permission == "p") {
- $search[] = "`module` = '$module'";
- }
- }
- }
- }
- $q = sqlquery("SELECT * FROM bigtree_pending_changes WHERE ".implode(" OR ",$search)." ORDER BY date DESC");
-
- while ($f = sqlfetch($q)) {
- $ok = false;
-
- if (!$f["item_id"]) {
- $id = "p".$f["id"];
- } else {
- $id = $f["item_id"];
- }
-
- // If they're an admin, they've got it.
- if ($user["level"] > 0) {
- $ok = true;
- // Check permissions on a page if it's a page.
- } elseif ($f["table"] == "bigtree_pages") {
- $r = $this->getPageAccessLevel($id);
- // If we're a publisher, this is ours!
- if ($r == "p") {
- $ok = true;
- }
- } else {
- // Check our list of modules.
- if ($user["permissions"]["module"][$f["module"]] == "p") {
- $ok = true;
- } else {
- // Check our group based permissions
- $item = BigTreeAutoModule::getPendingItem($f["table"],$id);
- $level = $this->getAccessLevel($this->getModule($f["module"]),$item["item"],$f["table"]);
- if ($level == "p") {
- $ok = true;
- }
- }
- }
- // We're a publisher, get the info about the change and put it in the change list.
- if ($ok) {
- $mod = $this->getModule($f["module"]);
- $user = $this->getUser($f["user"]);
- $comments = unserialize($f["comments"]);
- if (!is_array($comments)) {
- $comments = array();
- }
- $f["mod"] = $mod;
- $f["user"] = $user;
- $f["comments"] = $comments;
- $changes[] = $f;
- }
- }
- return $changes;
- }
-
- /*
- Function: getPendingNavigationByParent
- Returns a list of pending pages under a given parent ordered by most recent.
-
- Parameters:
- parent - The ID of the parent page
- in_nav - "on" returns pages in navigation, "" returns hidden pages
-
- Returns:
- An array of pending page titles/ids.
- */
- function getPendingNavigationByParent($parent,$in_nav = "on") {
- $nav = array();
- $titles = array();
- $q = sqlquery("SELECT * FROM bigtree_pending_changes WHERE pending_page_parent = '$parent' AND `table` = 'bigtree_pages' AND type = 'NEW' ORDER BY date DESC");
- while ($f = sqlfetch($q)) {
- $page = json_decode($f["changes"],true);
- if ($page["in_nav"] == $in_nav) {
- $titles[] = $page["nav_title"];
- $page["bigtree_pending"] = true;
- $page["title"] = $page["nav_title"];
- $page["id"] = "p".$f["id"];
- $nav[] = $page;
- }
- }
- array_multisort($titles,$nav);
- return $nav;
- }
- /*
- Function: getPendingPage
- Returns a page from the database with all its pending changes applied.
- Parameters:
- id - The ID of the live page or the ID of a pending page with "p" preceding the ID.
- Returns:
- A decoded page array with pending changes applied and related tags.
- See Also:
- <BigTreeCMS.getPage>
- */
- function getPendingPage($id) {
- global $cms;
-
- // Get the live page.
- if (is_numeric($id)) {
- global $cms;
- $page = $cms->getPage($id);
- if (!$page) {
- return false;
- }
- $page["tags"] = $this->getTagsForPage($id);
- // Get pending changes for this page.
- $f = sqlfetch(sqlquery("SELECT * FROM bigtree_pending_changes WHERE `table` = 'bigtree_pages' AND item_id = '".$page["id"]."'"));
- } else {
- $page = array();
- // Get the page.
- $f = sqlfetch(sqlquery("SELECT * FROM bigtree_pending_changes WHERE `id` = '".mysql_real_escape_string(substr($id,1))."'"));
- if ($f) {
- $f["id"] = $id;
- } else {
- return false;
- }
- }
- // Sweep through pending changes and apply them to the page
- if ($f) {
- $page["updated_at"] = $f["date"];
- $changes = json_decode($f["changes"],true);
- foreach ($changes as $key => $val) {
- if ($key == "external") {
- $val = $cms->getInternalPageLink($val);
- }
- // Decode the changes' IPLs.
- if (is_array($val)) {
- $val = BigTree::untranslateArray($val);
- }
- $page[$key] = $val;
- }
- // Decode the tag changes, apply them back.
- $tags = array();
- $temp_tags = json_decode($f["tags_changes"],true);
- if (is_array($temp_tags)) {
- foreach ($temp_tags as $tag) {
- $tags[] = sqlfetch(sqlquery("SELECT * FROM bigtree_tags WHERE id = '$tag'"));
- }
- }
- $page["tags"] = $tags;
- // Say that changes exist
- $page["changes_applied"] = true;
- }
- return $page;
- }
-
- /*
- Function: getContentsOfResourceFolder
- Returns a list of resources and subfolders in a folder (based on user permissions).
- Parameters:
- folder - The id of a folder or a folder entry.
- sort - The column to sort the folder's files on (default: date DESC).
- Returns:
- An array of two arrays - folders and resources - that a user has access to.
- */
- function getContentsOfResourceFolder($folder, $sort = "date DESC") {
- if (is_array($folder)) {
- $folder = $folder["id"];
- }
- $folder = mysql_real_escape_string($folder);
- $folders = array();
- $resources = array();
- $q = sqlquery("SELECT * FROM bigtree_resource_folders WHERE parent = '$folder' ORDER BY name");
- while ($f = sqlfetch($q)) {
- if ($this->Level > 0 || $this->getResourceFolderPermission($f["id"]) != "n") {
- $folders[] = $f;
- }
- }
- $q = sqlquery("SELECT * FROM bigtree_resources WHERE folder = '$folder' ORDER BY $sort");
- while ($f = sqlfetch($q)) {
- $resources[] = $f;
- }
- return array("folders" => $folders, "resources" => $resources);
- }
-
- /*
- Function: getResourceByFile
- Returns a resource with the given file name.
-
- Parameters:
- file - The file name.
-
- Returns:
- An entry from bigtree_resources with file and thumbs decoded.
- */
-
- function getResourceByFile($file) {
- $item = sqlfetch(sqlquery("SELECT * FROM bigtree_resources WHERE file = '".mysql_real_escape_string($file)."'"));
- if (!$item) {
- return false;
- }
- $item["file"] = str_replace("{wwwroot}",$GLOBALS["www_root"],$item["file"]);
- $item["thumbs"] = json_decode($item["thumbs"],true);
- foreach ($item["thumbs"] as &$thumb) {
- $thumb = str_replace("{wwwroot}",$GLOBALS["www_root"],$thumb);
- }
- return $item;
- }
-
- /*
- Function: getResourceFolder
- Returns a resource folder.
-
- Parameters:
- id - The id of the folder.
-
- Returns:
- A resource folder entry.
- */
-
- function getResourceFolder($id) {
- $id = mysql_real_escape_string($id);
- return sqlfetch(sqlquery("SELECT * FROM bigtree_resource_folders WHERE id = '$id'"));
- }
- /*
- Function: getResourceFolderBreadcrumb
- Returns a breadcrumb of the given folder.
- Parameters:
- folder - The id of a folder or a folder entry.
- Returns:
- An array of arrays containing the name and id of folders above.
- */
- function getResourceFolderBreadcrumb($folder,$crumb = array()) {
- if (!is_array($folder)) {
- $folder = sqlfetch(sqlquery("SELECT * FROM bigtree_resource_folders WHERE id = '".mysql_real_escape_string($folder)."'"));
- }
- if ($folder) {
- $crumb[] = array("id" => $folder["id"], "name" => $folder["name"]);
- }
- if ($folder["parent"]) {
- return $this->getResourceFolderBreadcrumb($folder["parent"],$crumb);
- } else {
- $crumb[] = array("id" => 0, "name" => "Home");
- return array_reverse($crumb);
- }
- }
-
- /*
- Function: getResourceFolderChildren
- Returns the child folders of a resource folder.
-
- Parameters:
- id - The id of the parent folder.
-
- Returns:
- An array of resource folder entries.
- */
-
- function getResourceFolderChildren($id) {
- $items = array();
- $id = mysql_real_escape_string($id);
- $q = sqlquery("SELECT * FROM bigtree_resource_folders WHERE parent = '$id' ORDER BY name ASC");
- while ($f = sqlfetch($q)) {
- $items[] = $f;
- }
- return $items;
- }
- /*
- Function: getResourceFolderPermission
- Returns the permission level of the current user for the folder.
- Parameters:
- folder - The id of a folder or a folder entry.
- Returns:
- "p" if a user can create folders and upload files, "e" if the user can see/use files, "n" if a user can't access this folder.
- */
- function getResourceFolderPermission($folder) {
- // User is an admin or developer
- if ($this->Level > 0) {
- return "p";
- }
- // We're going to save the folder entry in case we need its parent later.
- if (is_array($folder)) {
- $id = $folder["id"];
- } else {
- $id = $folder;
- }
- $p = $this->Permissions["resources"][$id];
- // If p is already no, creator, or consumer we can just return it.
- if ($p && $p != "i") {
- return $p;
- } else {
- // If folder is 0, we're already at home and can't check a higher folder for permissions.
- if (!$folder) {
- return "e";
- }
- // If a folder entry wasn't passed in, we need it to find its parent.
- if (!is_array($folder)) {
- $folder = sqlfetch(sqlquery("SELECT parent FROM bigtree_resource_folders WHERE id = '".mysql_real_escape_string($id)."'"));
- }
- // If we couldn't find the folder anymore, just say they can consume.
- if (!$folder) {
- return "e";
- }
- // Return the parent's permissions
- return $this->getResourceFolderPermission($folder["parent"]);
- }
- }
-
- /*
- Function: getRoutedTemplates
- Returns a list of routed templates ordered by position.
-
- Returns:
- An array of template entries.
- */
- function getRoutedTemplates() {
- $q = sqlquery("SELECT * FROM bigtree_templates WHERE level <= '".$this->Level."' ORDER BY position DESC, id ASC");
- $items = array();
- while ($f = sqlfetch($q)) {
- if ($f["routed"]) {
- $items[] = $f;
- }
- }
- return $items;
- }
-
- /*
- Function: getSetting
- Returns a setting.
-
- Parameters:
- id - The id of the setting to return.
-
- Returns:
- A setting entry with its value properly decoded and decrypted.
- Returns false if the setting could not be found.
- */
- function getSetting($id) {
- global $config;
- $id = mysql_real_escape_string($id);
- $f = sqlfetch(sqlquery("SELECT * FROM bigtree_settings WHERE id = '$id'"));
- if (!$f) {
- return false;
- }
- foreach ($f as $key => $val) {
- $f[$key] = str_replace("{wwwroot}",$GLOBALS["www_root"],$val);
- }
- if ($f["encrypted"]) {
- $v = sqlfetch(sqlquery("SELECT AES_DECRYPT(`value`,'".mysql_real_escape_string($config["settings_key"])."') AS `value` FROM bigtree_settings WHERE id = '$id'"));
- $f["value"] = $v["value"];
- }
- $f["value"] = json_decode($f["value"],true);
- return $f;
- }
-
- /*
- Function: getSettings
- Returns a list of all settings.
- Checks for developer access.
-
- Parameters:
- sort - Order to return the settings. Defaults to name ASC.
-
- Returns:
- An array of entries from bigtree_settings.
- If the setting is encrypted the value will be "[Encrypted Text]", otherwise it will be decoded.
- If the calling user is a developer, returns locked settings, otherwise they are left out.
- */
- function getSettings($sort = "name ASC") {
- $items = array();
- if ($this->Level < 2) {
- $q = sqlquery("SELECT * FROM bigtree_settings WHERE locked != 'on' AND system != 'on' ORDER BY $sort");
- } else {
- $q = sqlquery("SELECT * FROM bigtree_settings WHERE system != 'on' ORDER BY $sort");
- }
- while ($f = sqlfetch($q)) {
- foreach ($f as $key => $val) {
- $f[$key] = str_replace("{wwwroot}",$GLOBALS["www_root"],$val);
- }
- $f["value"] = json_decode($f["value"],true);
- if ($f["encrypted"] == "on") {
- $f["value"] = "[Encrypted Text]";
- }
- $items[] = $f;
- }
- return $items;
- }
-
- /*
- Function: getSettingsPageCount
- Returns the number of pages of settings.
-
- Parameters:
- query - Optional string to query against.
-
- Returns:
- The number of pages of settings.
- */
- function getSettingsPageCount($query = "") {
- // If we're searching.
- if ($query) {
- $qparts = explode(" ",$query);
- $qp = array();
- foreach ($qparts as $part) {
- $part = mysql_real_escape_string($part);
- $qp[] = "(name LIKE '%$part%' OR value LIKE '%$part%' OR description LIKE '%$part%')";
- }
- // Administrator
- if ($this->Level < 2) {
- $q = sqlquery("SELECT id FROM bigtree_settings WHERE system != 'on' AND locked != 'on' AND ".implode(" AND ",$qp));
- // Developer
- } else {
- $q = sqlquery("SELECT id FROM bigtree_settings WHERE system != 'on' AND ".implode(" AND ",$qp));
- }
- } else {
- // Administrator
- if ($this->Level < 2) {
- $q = sqlquery("SELECT id FROM bigtree_settings WHERE system != 'on' AND locked != 'on'");
- // Developer
- } else {
- $q = sqlquery("SELECT id FROM bigtree_settings WHERE system != 'on'");
- }
- }
- $r = sqlrows($q);
- $pages = ceil($r / $this->PerPage);
- if ($pages == 0) {
- $pages = 1;
- }
- return $pages;
- }
-
- /*
- Function: getTag
- Returns a tag for the given id.
-
- Parameters:
- id - The id of the tag.
-
- Returns:
- A bigtree_tags entry.
- */
-
- function getTag($id) {
- $id = mysql_real_escape_string($id);
- return sqlfetch(sqlquery("SELECT * FROM bigtree_tags WHERE id = '$id'"));
- }
-
- /*
- Function: getTagsForPage
- Returns a list of tags a page is tagged with.
-
- Parameters:
- page - Either a page id or a page entry.
-
- Returns:
- An array of tags.
- */
- function getTagsForPage($page) {
- if (is_array($page)) {
- $page = mysql_real_escape_string($page["id"]);
- } else {
- $page = mysql_real_escape_string($page);
- }
-
- $tags = array();
- $q = sqlquery("SELECT bigtree_tags.* FROM bigtree_tags JOIN bigtree_tags_rel WHERE bigtree_tags_rel.tag = bigtree_tags.id AND bigtree_tags_rel.entry = '$page' AND bigtree_tags_rel.module = '0' ORDER BY bigtree_tags.tag");
- while ($f = sqlfetch($q)) {
- $tags[] = $f;
- }
- return $tags;
- }
-
- /*
- Function: getTemplates
- Returns a list of templates.
-
- Parameters:
- sort - Sort order, defaults to positioned.
-
- Returns:
- An array of template entries.
- */
- function getTemplates($sort = "position DESC, name ASC") {
- $items = array();
- $q = sqlquery("SELECT * FROM bigtree_templates ORDER BY $sort");
- while ($f = sqlfetch($q)) {
- $items[] = $f;
- }
- return $items;
- }
-
- /*
- Function: getUnreadMessageCount
- Returns the number of unread messages for the logged in user.
-
- Returns:
- The number of unread messages.
- */
-
- function getUnreadMessageCount() {
- return sqlrows(sqlquery("SELECT id FROM bigtree_messages WHERE recipients LIKE '%|".$this->ID."|%' AND read_by NOT LIKE '%|".$this->ID."|%'"));
- }
-
- /*
- Function: getUser
- Gets a user's decoded information.
-
- Parameters:
- id - The id of the user to return.
-
- Returns:
- A user entry from bigtree_users with permissions and alerts decoded.
- */
-
- function getUser($id) {
- $id = mysql_real_escape_string($id);
- $item = sqlfetch(sqlquery("SELECT * FROM bigtree_users WHERE id = '$id'"));
- if ($item["level"] > 0) {
- $permissions = array();
- $q = sqlquery("SELECT * FROM bigtree_modules");
- while ($f = sqlfetch($q)) {
- $permissions["module"][$f["id"]] = "p";
- }
- $item["permissions"] = $permissions;
- } else {
- $item["permissions"] = json_decode($item["permissions"],true);
- }
- $item["alerts"] = json_decode($item["alerts"],true);
- return $item;
- }
-
- /*
- Function: getUserByEmail
- Gets a user entry for a given email.
-
- Parameters:
- email - The email to find.
-
- Returns:
- A user entry from bigtree_users.
- */
-
- function getUserByEmail($email) {
- $email = mysql_real_escape_string($email);
- return sqlfetch(sqlquery("SELECT * FROM bigtree_users WHERE email = '$email'"));
- }
-
- /*
- Function: getUserByHash
- Gets a user entry for a change password hash.
-
- Parameters:
- hash - The hash to find.
-
- Returns:
- A user entry from bigtree_users.
- */
-
- function getUserByHash($hash) {
- $hash = mysql_real_escape_string($hash);
- return sqlfetch(sqlquery("SELECT * FROM bigtree_users WHERE change_password_hash = '$hash'"));
- }
-
- /*
- Function: getUsers
- Returns a list of all users.
-
- Parameters:
- sort - Order to sort the list. Defaults to name ASC.
-
- Returns:
- An array of entries from bigtree_users.
- The keys of the array are the ids of the user.
- */
- function getUsers($sort = "name ASC") {
- $items = array();
- $q = sqlquery("SELECT * FROM bigtree_users ORDER BY $sort");
- while ($f = sqlfetch($q)) {
- $items[$f["id"]] = $f;
- }
- return $items;
- }
-
- /*
- Function: getUsersPageCount
- Returns the number of pages of users.
-
- Parameters:
- query - Optional query string to search against.
-
- Returns:
- The number of pages of results.
- */
- function getUsersPageCount($query = "") {
- // If we're searching.
- if ($query) {
- $qparts = explode(" ",$query);
- $qp = array();
- foreach ($qparts as $part) {
- $part = mysql_real_escape_string($part);
- $qp[] = "(name LIKE '%$part%' OR email LIKE '%$part%' OR company LIKE '%$part%')";
- }
- $q = sqlquery("SELECT id FROM bigtree_users WHERE ".implode(" AND ",$qp));
- // If we're showing all.
- } else {
- $q = sqlquery("SELECT id FROM bigtree_users");
- }
- $r = sqlrows($q);
- $pages = ceil($r / $this->PerPage);
- if ($pages == 0) {
- $pages = 1;
- }
-
- return $pages;
- }
-
- /*
- Function: growl
- Sets up a growl session for the next page reload.
-
- Parameters:
- title - The section message for the growl.
- message - The description of what happened.
- type - The icon to draw.
- */
- function growl($title,$message,$type = "success") {
- $_SESSION["bigtree"]["flash"] = array("message" => $message, "title" => $title, "type" => $type);
- }
-
- /*
- Function: htmlClean
- Removes things that shouldn't be in the <body> of an HTML document from a string.
-
- Parameters:
- html - A string of HTML
-
- Returns:
- A clean string of HTML for echoing in <body>
- */
- function htmlClean($html) {
- return str_replace("<br></br>","<br />",strip_tags($html,"<a><abbr><address><area><article><aside><audio><b><base><bdo><blockquote><body><br><button><canvas><caption><cite><code><col><colgroup><command><datalist><dd><del><details><dfn><div><dl><dt><em><emded><fieldset><figcaption><figure><footer><form><h1><h2><h3><h4><h5><h6><header><hgroup><hr><i><iframe><img><input><ins><keygen><kbd><label><legend><li><link><map><mark><menu><meter><nav><noscript><object><ol><optgroup><option><output><p><param><pre><progress><q><rp><rt><ruby><s><samp><script><section><select><small><source><span><strong><style><sub><summary><sup><table><tbody><td><textarea><tfoot><th><thead><time><title><tr><ul><var><video><wbr>"));
- }
-
- /*
- Function: ignore404
- Ignores a 404 error.
- Checks permissions.
-
- Parameters:
- id - The id of the reported 404.
- */
-
- function ignore404($id) {
- $this->requireLevel(1);
- $id = mysql_real_escape_string($id);
- sqlquery("UPDATE bigtree_404s SET ignored = 'on' WHERE id = '$id'");
- }
-
- /*
- Function: iplExists
- Determines whether an internal page link still exists or not.
-
- Parameters:
- ipl - An internal page link
-
- Returns:
- True if it is still a valid link, otherwise false.
- */
- function iplExists($ipl) {
- global $cms;
- $ipl = explode("//",$ipl);
-
- // See if the page it references still exists.
- $nav_id = $ipl[1];
- if (!sqlrows(sqlquery("SELECT id FROM bigtree_pages WHERE id = '$nav_id'"))) {
- return false;
- }
-
- // Decode the commands attached to the page
- $commands = json_decode(base64_decode($ipl[2]),true);
- // If there are no commands, we're good.
- if (!isset($commands[0]) || !$commands[0]) {
- return true;
- }
- // If it's a hash tag link, we're also good.
- if (substr($commands[0],0,1) == "#") {
- return true;
- }
- // Get template for the navigation id to see if it's a routed template
- $t = sqlfetch(sqlquery("SELECT bigtree_templates.routed FROM bigtree_templates JOIN bigtree_pages ON bigtree_templates.id = bigtree_pages.template WHERE bigtree_pages.id = '$nav_id'"));
- // If we're a routed template, we're good.
- if ($t["routed"]) {
- return true;
- }
-
- // We may have been on a page, but there's extra routes that don't go anywhere or do anything so it's a 404.
- return false;
- }
-
- /*
- Function: lockCheck
- Checks if a lock exists.
- If a lock exists and it's currently active, stops page execution and shows the lock page.
- If a lock is yours, refreshes the lock.
- If there is no lock, creates one for you.
-
- Parameters:
- table - The table to check.
- id - The id of the entry to check.
- include - The lock page to include (relative to /core/ or /custom/)
- force - Whether to force through the lock or not.
- in_admin - Whether to call stop()
-
- Returns:
- Your lock id.
- */
-
- function lockCheck($table,$id,$include,$force = false,$in_admin = true) {
- global $www_root,$admin_root,$admin;
- $table = mysql_real_escape_string($table);
- $id = mysql_real_escape_string($id);
-
- $f = sqlfetch(sqlquery("SELECT * FROM bigtree_locks WHERE `table` = '$table' AND item_id = '$id'"));
- if ($f && $f["user"] != $this->ID && strtotime($f["last_accessed"]) > (time()-300) && !$force) {
- include BigTree::path($include);
- if ($in_admin) {
- $this->stop();
- }
- return false;
- }
-
- if ($f) {
- sqlquery("UPDATE bigtree_locks SET last_accessed = NOW(), user = '".$this->ID."' WHERE id = '".$f["id"]."'");
- return $f["id"];
- } else {
- sqlquery("INSERT INTO bigtree_locks (`table`,`item_id`,`user`,`title`) VALUES ('$table','$id','".$this->ID."','Page')");
- return sqlid();
- }
- }
-
- /*
- Function: login
- Attempts to login a user to the CMS.
-
- Parameters:
- email - The email address of the user.
- password - The password of the user.
- stay_logged_in - Whether to set a cookie to keep the user logged in.
-
- Returns:
- false if login failed, otherwise redirects back to the page the person requested.
- */
- function login($email,$password,$stay_logged_in = false) {
- global $path;
- $f = sqlfetch(sqlquery("SELECT * FROM bigtree_users WHERE email = '".mysql_real_escape_string($email)."'"));
- $phpass = new PasswordHash($config["password_depth"], TRUE);
- $ok = $phpass->CheckPassword($password,$f["password"]);
- if ($ok) {
- if ($stay_logged_in) {
- setcookie('bigtree[email]',$f["email"],time()+31*60*60*24,str_replace($GLOBALS["domain"],"",$GLOBALS["www_root"]));
- setcookie('bigtree[password]',$f["password"],time()+31*60*60*24,str_replace($GLOBALS["domain"],"",$GLOBALS["www_root"]));
- }
- $_SESSION["bigtree"]["id"] = $f["id"];
- $_SESSION["bigtree"]["email"] = $f["email"];
- $_SESSION["bigtree"]["level"] = $f["level"];
- $_SESSION["bigtree"]["name"] = $f["name"];
- $_SESSION["bigtree"]["permissions"] = json_decode($f["permissions"],true);
- if ($path[1] == "login") {
- header("Location: ".$GLOBALS["admin_root"]);
- } else {
- header("Location: ".$GLOBALS["domain"].$_SERVER["REQUEST_URI"]);
- }
- die();
- } else {
- return false;
- }
- }
-
- /*
- Function: logout
- Logs out of the CMS.
- Destroys the user's session and unsets the login cookies, then sends the user back to the login page.
- */
- function logout() {
- setcookie("bigtree[email]","",time()-3600,str_replace($GLOBALS["domain"],"",$GLOBALS["www_root"]));
- setcookie("bigtree[password]","",time()-3600,str_replace($GLOBALS["domain"],"",$GLOBALS["www_root"]));
- unset($_SESSION["bigtree"]);
- header("Location: ".$GLOBALS["admin_root"]);
- die();
- }
-
- /*
- Function: makeIPL
- Creates an internal page link out of a URL.
-
- Paramters:
- url - A URL
-
- Returns:
- An internal page link (if possible) or just the same URL (if it's not internal).
- */
- function makeIPL($url) {
- global $cms;
- $command = explode("/",rtrim(str_replace($GLOBALS["www_root"],"",$url),"/"));
- list($navid,$commands) = $cms->getNavId($command);
- if (!$navid) {
- return str_replace(array($GLOBALS["www_root"],$GLOBALS["resource_root"]),"{wwwroot}",$url);
- }
- return "ipl://".$navid."//".base64_encode(json_encode($commands));
- }
-
- /*
- Function: markMessageRead
- Marks a message as read by the currently logged in user.
-
- Parameters:
- id - The message id.
- */
-
- function markMessageRead($id) {
- $message = $this->getMessage($id);
- if (!$message) {
- return false;
- }
- $read_by = str_replace("|".$this->ID."|","",$message["read_by"])."|".$this->ID."|";
- sqlquery("UPDATE bigtree_messages SET read_by = '".mysql_real_escape_string($read_by)."' WHERE id = '".$message["id"]."'");
- return true;
- }
-
- /*
- Function: moduleActionExists
- Checks to see if an action exists for a given route and module.
-
- Parameters:
- module - The module to check.
- route - The route of the action to check.
-
- Returns:
- true if an action exists, otherwise false.
- */
- function moduleActionExists($module,$route) {
- $module = mysql_real_escape_string($module);
- $route = mysql_real_escape_string($route);
- $f = sqlfetch(sqlquery("SELECT id FROM bigtree_module_actions WHERE module = '$module' AND route = '$route'"));
- if ($f) {
- return true;
- }
- return false;
- }
-
- /*
- Function: pingSearchEngines
- Sends the latest sitemap.xml out to search engine ping services if enabled in settings.
- */
- function pingSearchEngines() {
- global $cms;
- if ($cms->getSetting("ping-search-engines") == "on") {
- $google = file_get_contents("http://www.google.com/webmasters/tools/ping?sitemap=".urlencode($GLOBALS["www_root"]."sitemap.xml"));
- $ask = file_get_contents("http://submissions.ask.com/ping?sitemap=".urlencode($GLOBALS["www_root"]."sitemap.xml"));
- $yahoo = file_get_contents("http://search.yahooapis.com/SiteExplorerService/V1/ping?sitemap=".urlencode($GLOBALS["www_root"]."sitemap.xml"));
- $bing = file_get_contents("http://www.bing.com/webmaster/ping.aspx?siteMap=".urlencode($GLOBALS["www_root"]."sitemap.xml"));
- }
- }
-
- /*
- Function: refreshLock
- Refreshes a lock.
-
- Paramters:
- id - The id of the lock.
- */
-
- function refreshLock($id) {
- $id = mysql_real_escape_string($id);
- sqlquery("UPDATE bigtree_locks SET last_accessed = NOW() WHERE id = '$id' AND user = '".$this->ID."'");
- }
-
- /*
- Function: requireAccess
- Checks the logged in user's access to a given module.
- Throws a permission denied page and stops page execution if the user doesn't have access.
-
- Parameters:
- module - The id of the module to check access to.
-
- Returns:
- The permission level of the logged in user.
- */
- function requireAccess($module) {
- global $cms,$admin_root,$css,$js,$site;
- if ($this->Level > 0)
- return "p";
- if (!isset($this->Permissions[$module]) || $this->Permissions[$module] == "") {
- ob_clean();
- include BigTree::path("admin/pages/_denied.php");
- $content = ob_get_clean();
- include BigTree::path("admin/layouts/default.php");
- die();
- }
- return $this->Permissions[$module];
- }
-
- /*
- Function: requireLevel
- Requires the logged in user to have a certain access level to continue.
- Throws a permission denied page and stops page execution if the user doesn't have access.
-
- Parameters:
- level - An access level (0 being normal user, 1 being administrator, 2 being developer)
- */
- function requireLevel($level) {
- global $admin,$cms,$admin_root,$css,$js,$site;
- if (!isset($this->Level) || $this->Level < $level) {
- ob_clean();
- include BigTree::path("admin/pages/_denied.php");
- $content = ob_get_clean();
- include BigTree::path("admin/layouts/default.php");
- die();
- }
- }
-
- /*
- Function: requirePublisher
- Checks the logged in user's access to a given module to make sure they are a publisher.
- Throws a permission denied page and stops page execution if the user doesn't have access.
-
- Parameters:
- module - The id of the module to check access to.
-
- Returns:
- The permission level of the logged in user.
- */
- function requirePublisher($module) {
- global $cms,$admin_root,$css,$js,$site;
- if ($this->Level > 0)
- return true;
- if ($this->Permissions[$module] != "p") {
- ob_clean();
- include BigTree::path("admin/pages/_denied.php");
- $content = ob_get_clean();
- include BigTree::path("admin/layouts/default.php");
- die();
- }
- return true;
- }
-
- /*
- Function: saveCurrentPageRevision
- Saves the currently published page as a revision.
-
- Parameters:
- page - The page id.
- description - The revision description.
-
- Returns:
- The new revision id.
- */
-
- function saveCurrentPageRevision($page,$description) {
- $page = mysql_real_escape_string($page);
- $description = mysql_real_escape_string($description);
-
- // Get the current page.
- $current = sqlfetch(sqlquery("SELECT * FROM bigtree_pages WHERE id = '$page'"));
- foreach ($current as $key => $val) {
- $$key = mysql_real_escape_string($val);
- }
-
- // Copy it to the saved versions
- sqlquery("INSERT INTO bigtree_page_revisions (`page`,`title`,`meta_keywords`,`meta_description`,`template`,`external`,`new_window`,`resources`,`callouts`,`author`,`updated_at`,`saved`,`saved_description`) VALUES ('$page','$title','$meta_keywords','$meta_description','$template','$external','$new_window','$resources','$callouts','$last_edited_by','$updated_at','on','$description')");
-
- return sqlid();
- }
-
- /*
- Function: search404s
- Searches 404s, returns results.
-
- Parameters:
- type - The type of results (301, 404, or ignored).
- query - The search query.
-
- Returns:
- An array of entries from bigtree_404s.
- */
-
- function search404s($type,$query = "") {
- $items = array();
-
- if ($query) {
- $s = mysql_real_escape_string($query);
- if ($type == "301") {
- $q = sqlquery("SELECT * FROM bigtree_404s WHERE ignored = '' AND (broken_url LIKE '%$s%' OR redirect_url LIKE '%$s%') AND redirect_url != '' ORDER BY requests DESC LIMIT 50");
- } elseif ($type == "ignored") {
- $q = sqlquery("SELECT * FROM bigtree_404s WHERE ignored != '' AND (broken_url LIKE '%$s%' OR redirect_url LIKE '%$s%') ORDER BY requests DESC LIMIT 50");
- } else {
- $q = sqlquery("SELECT * FROM bigtree_404s WHERE ignored = '' AND broken_url LIKE '%$s%' AND redirect_url = '' ORDER BY requests DESC LIMIT 50");
- }
- } else {
- if ($type == "301") {
- $q = sqlquery("SELECT * FROM bigtree_404s WHERE ignored = '' AND redirect_url != '' ORDER BY requests DESC LIMIT 50");
- } elseif ($type == "ignored") {
- $q = sqlquery("SELECT * FROM bigtree_404s WHERE ignored != '' ORDER BY requests DESC LIMIT 50");
- } else {
- $q = sqlquery("SELECT * FROM bigtree_404s WHERE ignored = '' AND redirect_url = '' ORDER BY requests DESC LIMIT 50");
- }
- }
-
- while ($f = sqlfetch($q)) {
- $items[] = $f;
- }
-
- return $items;
- }
-
- /*
- Function: searchPages
- Searches for pages.
-
- Parameters:
- query - Query string to search against.
- fields - Fields to search.
- max - Maximum number of results to return.
-
- Returns:
- An array of pages.
- */
-
- function searchPages($query,$fields = array("nav_title"),$max = 10) {
- $results = array();
- $terms = explode(" ",$query);
-
- foreach ($terms as $term) {
- $term = mysql_real_escape_string(strtolower($term));
- $or_parts = array();
- foreach ($fields as $field) {
- $or_parts[] = "LOWER(`$field`) LIKE '%$term%'";
- }
- $qpart[] = "(".implode(" OR ",$or_parts).")";
- }
-
- $q = sqlquery("SELECT * FROM bigtree_pages WHERE ".implode(" AND ",$qpart)." ORDER BY nav_title LIMIT $max");
- while ($f = sqlfetch($q)) {
- $results[] = $f;
- }
- return $results;
- }
-
- /*
- Function: searchResources
- Returns a list of folders and files that match the given query string.
- Parameters:
- query - A string of text to search folders' and files' names to.
- sort - The column to sort the files on (default: date DESC).
- Returns:
- An array of two arrays - folders and files - with permission levels.
- */
- function searchResources($query, $sort = "date DESC") {
- $query = mysql_real_escape_string($query);
- $folders = array();
- $resources = array();
- $permission_cache = array();
- $q = sqlquery("SELECT * FROM bigtree_resource_folders WHERE name LIKE '%$query%' ORDER BY name");
- while ($f = sqlfetch($q)) {
- $f["permission"] = $this->getResourceFolderPermission($f);
- // We're going to cache the folder permissions so we don't have to fetch them a bunch of times if many files have the same folder.
- $permission_cache[$f["id"]] = $f["permission"];
- $folders[] = $f;
- }
- $q = sqlquery("SELECT * FROM bigtree_resources WHERE name LIKE '%$query%' ORDER BY $sort");
- while ($f = sqlfetch($q)) {
- // If we've already got the permission cahced, use it. Otherwise, fetch it and cache it.
- if ($permission_cache[$f["folder"]]) {
- $f["permission"] = $permission_cache[$f["folder"]];
- } else {
- $f["permission"] = $this->getResourceFolderPermission($f["folder"]);
- $permission_cache[$f["folder"]] = $f["permission"];
- }
- $resources[] = $f;
- }
- return array("folders" => $folders, "resources" => $resources);
- }
-
- /*
- Function: searchTags
- Finds existing tags that are similar.
-
- Parameters:
- tag - A tag to find similar tags for.
-
- Returns:
- An array of up to 8 similar tags.
- */
-
- function searchTags($tag) {
- $tags = array();
- $meta = metaphone($tag);
- $close_tags = array();
- $dist = array();
- $q = sqlquery("SELECT * FROM bigtree_tags");
- while ($f = sqlfetch($q)) {
- $distance = levenshtein($f["metaphone"],$meta);
- if ($distance < 2) {
- $tags[] = $f["tag"];
- $dist[] = $distance;
- }
- }
-
- array_multisort($dist,SORT_ASC,$tags);
-
- if (count($tags) > 8) {
- $tags = array_slice($tags,0,8);
- }
-
- return $tags;
- }
-
- /*
- Function: set404Redirect
- Sets the redirect address for a 404.
- Checks permissions.
-
- Parameters:
- id - The id of the 404.
- url - The redirect URL.
- */
-
- function set404Redirect($id,$url) {
- $this->requireLevel(1);
- $id = mysql_real_escape_string($id);
- $url = mysql_real_escape_string($url);
- sqlquery("UPDATE bigtree_404s SET redirect_url = '$url' WHERE id = '$id'");
- }
-
- /*
- Function: setCalloutPosition
- Sets the position of a callout.
-
- Parameters:
- id - The id of the callout.
- position - The position to set.
- */
-
- function setCalloutPosition($id,$position) {
- $id = mysql_real_escape_string($id);
- $position = mysql_real_escape_string($position);
- sqlquery("UPDATE bigtree_callouts SET position = '$position' WHERE id = '$id'");
- }
-
- /*
- Function: setModuleActionPosition
- Sets the position of a module action.
-
- Parameters:
- id - The id of the module action.
- position - The position to set.
- */
-
- function setModuleActionPosition($id,$position) {
- $id = mysql_real_escape_string($id);
- $position = mysql_real_escape_string($position);
- sqlquery("UPDATE bigtree_module_actions SET position = '$position' WHERE id = '$id'");
- }
-
- /*
- Function: setModuleGroupPosition
- Sets the position of a module group.
-
- Parameters:
- id - The id of the module group.
- position - The position to set.
- */
-
- function setModuleGroupPosition($id,$position) {
- $id = mysql_real_escape_string($id);
- $position = mysql_real_escape_string($position);
- sqlquery("UPDATE bigtree_module_groups SET position = '$position' WHERE id = '$id'");
- }
-
- /*
- Function: setModulePosition
- Sets the position of a module.
-
- Parameters:
- id - The id of the module.
- position - The position to set.
- */
-
- function setModulePosition($id,$position) {
- $id = mysql_real_escape_string($id);
- $position = mysql_real_escape_string($position);
- sqlquery("UPDATE bigtree_modules SET position = '$position' WHERE id = '$id'");
- }
-
- /*
- Function: setPagePosition
- Sets the position of a page.
-
- Parameters:
- id - The id of the page.
- position - The position to set.
- */
-
- function setPagePosition($id,$position) {
- $id = mysql_real_escape_string($id);
- $position = mysql_real_escape_string($position);
- sqlquery("UPDATE bigtree_pages SET position = '$position' WHERE id = '$id'");
- }
-
- /*
- Function: setPasswordHashForUser
- Creates a change password hash for a user.
-
- Parameters:
- user - A user entry.
-
- Returns:
- A change password hash.
- */
-
- function setPasswordHashForUser($user) {
- $hash = md5(microtime().$user["password"]);
- sqlquery("UPDATE bigtree_users SET change_password_hash = '$hash' WHERE id = '".$user["id"]."'");
- }
-
- /*
- Function: setTemplatePosition
- Sets the position of a template.
-
- Parameters:
- id - The id of the template.
- position - The position to set.
- */
-
- function setTemplatePosition($id,$position) {
- $id = mysql_real_escape_string($id);
- $position = mysql_real_escape_string($position);
- sqlquery("UPDATE bigtree_templates SET position = '$position' WHERE id = '$id'");
- }
-
- /*
- Function: settingExists
- Determines whether a setting exists for a given id.
-
- Parameters:
- id - The setting id to check for.
-
- Returns:
- 1 if the setting exists, otherwise 0.
- */
- function settingExists($id) {
- return sqlrows(sqlquery("SELECT id FROM bigtree_settings WHERE id = '".mysql_real_escape_string($id)."'"));
- }
-
- /*
- Function: stop
- Stops processing of the Admin area and shows a message in the default layout.
-
- Parameters:
- message - Content to show (error, permission denied, etc)
- */
- function stop($message = "") {
- global $cms,$admin,$www_root,$admin_root,$site,$breadcrumb;
- echo $message;
- $content = ob_get_clean();
- include BigTree::path("admin/layouts/default.php");
- die();
- }
-
- /*
- Function: submitPageChange
- Adds a pending change to the bigtree_pending_changes table for the page.
- Determines what has changed and only stores the changed fields.
- Does not check permissions.
-
- Parameters:
- page - The page id or pending page id (prefixed with a "p")
- changes - An array of changes
- */
- function submitPageChange($page,$changes) {
- global $cms;
-
- if ($page[0] == "p") {
- // It's still pending...
- $existing_page = array();
- $pending = true;
- $type = "NEW";
- } else {
- // It's an existing page
- $pending = false;
- $existing_page = $cms->getPage($page);
- $type = "EDIT";
- }
- $template = $existing_page["template"];
- if (!$pending) {
- $existing_pending_change = sqlfetch(sqlquery("SELECT * FROM bigtree_pending_changes WHERE `table` = 'bigtree_pages' AND item_id = '$page'"));
- } else {
- $existing_pending_change = sqlfetch(sqlquery("SELECT * FROM bigtree_pending_changes WHERE id = '".substr($page,1)."'"));
- }
-
- // Save tags separately
- $tags = mysql_real_escape_string(json_encode($changes["_tags"]));
- unset($changes["_tags"]);
- // If there's already a change in the queue, update it with this latest info.
- if ($existing_pending_change) {
- $comments = json_decode($f["comments"],true);
- if ($existing_pending_change["user"] == $this->ID) {
- $comments[] = array(
- "user" => "BigTree",
- "date" => date("F j, Y @ g:ia"),
- "comment" => "A new revision has been made."
- );
- } else {
- $user = $this->getUser($this->ID);
- $comments[] = array(
- "user" => "BigTree",
- "date" => date("F j, Y @ g:ia"),
- "comment" => "A new revision has been made. Owner switched to ".$user["name"]."."
- );
- }
-
- // If this is a pending change, just replace all the changes
- if ($pending) {
- $changes = mysql_real_escape_string(json_encode($changes));
- // Otherwise, we need to check what's changed.
- } else {
- $original_changes = json_decode($existing_pending_change["changes"],true);
- if (isset($original_changes["template"])) {
- $template = $original_changes["template"];
- }
- if (isset($changes["external"])) {
- $changes["external"] = $this->makeIPL($changes["external"]);
- }
- foreach ($changes as $key => $val) {
- if ($val != $existing_page[$key] && isset($existing_page[$key])) {
- $original_changes[$key] = $val;
- }
- }
- $changes = mysql_real_escape_string(json_encode($original_changes));
- }
- $comments = mysql_real_escape_string(json_encode($comments));
- sqlquery("UPDATE bigtree_pending_changes SET comments = '$comments', changes = '$changes', tags_changes = '$tags', date = NOW(), user = '".$this->ID."', type = '$type' WHERE id = '".$existing_pending_change["id"]."'");
-
- $this->track("bigtree_pages",$page,"updated-draft");
- // We're submitting a change to a presently published page with no pending changes.
- } else {
- $original_changes = array();
- foreach ($changes as $key => $val) {
- if ($key == "external") {
- $val = $this->makeIPL($val);
- }
- if (isset($existing_page[$key]) && $val != $existing_page[$key]) {
- $original_changes[$key] = $val;
- }
- }
- $changes = mysql_real_escape_string(json_encode($original_changes));
- if ($type == "DELETE") {
- sqlquery("INSERT INTO bigtree_pending_changes (`user`,`date`,`table`,`item_id`,`changes`,`type`,`title`) VALUES ('".$this->ID."',NOW(),'bigtree_pages','$page','$changes','DELETE','Page Deletion Pending')");
- } else {
- sqlquery("INSERT INTO bigtree_pending_changes (`user`,`date`,`table`,`item_id`,`changes`,`tags_changes`,`type`,`title`) VALUES ('".$this->ID."',NOW(),'bigtree_pages','$page','$changes','$tags','EDIT','Page Change Pending')");
- }
- $this->track("bigtree_pages",$page,"saved-draft");
- }
- return sqlid();
- }
-
- /*
- Function: track
- Logs a user's actions to the audit trail table.
-
- Parameters:
- table - The table affected by the user.
- entry - The primary key of the entry affected by the user.
- type - The action taken by the user (delete, edit, create, etc.)
- */
- function track($table,$entry,$type) {
- $table = mysql_real_escape_string($table);
- $entry = mysql_real_escape_string($entry);
- $type = mysql_real_escape_string($type);
- sqlquery("INSERT INTO bigtree_audit_trail (`table`,`user`,`entry`,`date`,`type`) VALUES ('$table','".$this->ID."','$entry',NOW(),'$type')");
- }
-
- /*
- Function: unarchivePage
- Unarchives a page and all its children that inherited archived status.
- Checks permissions.
-
- Parameters:
- page - The page id or page entry.
-
- Returns:
- true if successful. false if permission was denied.
- */
- function unarchivePage($page) {
- global $cms;
-
- if (is_array($page)) {
- $page = mysql_real_escape_string($page["id"]);
- } else {
- $page = mysql_real_escape_string($page);
- }
- $access = $this->getPageAccessLevel($page);
- if ($access == "p" && $this->canModifyChildren($cms->getPage($page))) {
- sqlquery("UPDATE bigtree_pages SET archived = '' WHERE id = '$page'");
- $this->track("bigtree_pages",$page,"unarchived");
- $this->unarchivePageChildren($page);
- return true;
- }
- return false;
- }
-
- /*
- Function: unarchivePageChildren
- Unarchives a page's children that have the archived_inherited status.
- Does not checks permissions.
-
- Parameters:
- id - The parent page id.
- */
- function unarchivePageChildren($id) {
- $q = sqlquery("SELECT * FROM bigtree_pages WHERE parent = '$id'");
- while ($f = sqlfetch($q)) {
- if ($f["archived_inherited"]) {
- sqlquery("UPDATE bigtree_pages SET archived = '', archived_inherited = '' WHERE id = '".$f["id"]."'");
- $this->track("bigtree_pages",$f["id"],"unarchived");
- $this->archivePageChildren($f["id"]);
- }
- }
- }
-
- /*
- Function: ungrowl
- Destroys the growl session.
- */
- function ungrowl() {
- unset($_SESSION["bigtree"]["flash"]);
- }
-
- /*
- Function: urlExists
- Attempts to connect to a URL using cURL.
-
- Parameters:
- url - The URL to connect to.
-
- Returns:
- true if it can connect, false if connection failed.
- */
- function urlExists($url) {
- $handle = curl_init($url);
- if ($handle === false) {
- return false;
- }
- curl_setopt($handle, CURLOPT_HEADER, false);
- curl_setopt($handle, CURLOPT_FAILONERROR, true);
- // Request as Firefox so that servers don't reject us for not having headers.
- curl_setopt($handle, CURLOPT_HTTPHEADER, Array("User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15") );
- curl_setopt($handle, CURLOPT_NOBODY, true);
- curl_setopt($handle, CURLOPT_RETURNTRANSFER, false);
- $connectable = curl_exec($handle);
- curl_close($handle);
- return $connectable;
- }
-
- /*
- Function: unCache
- Removes the cached copy of a given page.
-
- Parameters:
- page - Either a page id or a page entry.
- */
- function unCache($page) {
- global $cms;
- if (is_array($page)) {
- $file = $GLOBALS["server_root"]."cache/".base64_encode($page["path"]."/");
- } else {
- $file = $GLOBALS["server_root"]."cache/".base64_encode(str_replace($GLOBALS["www_root"],"",$cms->getLink($page)));
- }
- if (file_exists($file)) {
- @unlink($file);
- }
- }
-
- /*
- Function: unignore404
- Unignores a 404.
- Checks permissions.
-
- Parameters:
- id - The id of the 404.
- */
-
- function unignore404($id) {
- $this->requireLevel(1);
- $id = mysql_real_escape_string($id);
- sqlquery("UPDATE bigtree_404s SET ignored = '' WHERE id = '$id'");
- }
-
- /*
- Function: unlock
- Removes a lock from a table entry.
-
- Parameters:
- table - The table the entry is in.
- id - The id of the entry.
- */
-
- function unlock($table,$id) {
- sqlquery("DELETE FROM bigtree_locks WHERE `table` = '".mysql_real_escape_string($table)."' AND item_id = '".mysql_real_escape_string($id)."'");
- }
-
- /*
- Function: updateCallout
- Updates a callout.
-
- Parameters:
- id - The id of the callout to update.
- name - The name.
- description - The description.
- level - The access level (0 for all users, 1 for administrators, 2 for developers)
- resources - An array of resources.
- */
-
- function updateCallout($id,$name,$description,$level,$resources) {
- $r = array();
- foreach ($resources as $resource) {
- if ($resource["id"] && $resource["id"] != "type") {
- $options = json_decode($resource["options"],true);
- foreach ($options as $key => $val) {
- if ($key != "name" && $key != "id" && $key != "type")
- $resource[$key] = $val;
- }
- $resource["id"] = htmlspecialchars($resource["id"]);
- $resource["name"] = htmlspecialchars($resource["name"]);
- $resource["subtitle"] = htmlspecialchars($resource["subtitle"]);
- unset($resource["options"]);
- $r[] = $resource;
- }
- }
-
- $id = mysql_real_escape_string($id);
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $description = mysql_real_escape_string(htmlspecialchars($description));
- $level = mysql_real_escape_string($level);
- $resources = mysql_real_escape_string(json_encode($r));
-
- sqlquery("UPDATE bigtree_callouts SET resources = '$resources', name = '$name', description = '$description', level = '$level' WHERE id = '$id'");
- }
-
- /*
- Function: updateChildPagePaths
- Updates the paths for pages who are descendants of a given page to reflect the page's new route.
- Also sets route history if the page has changed paths.
-
- Parameters:
- page - The page id.
- */
- function updateChildPagePaths($page) {
- global $cms;
-
- $page = mysql_real_escape_string($page);
- $q = sqlquery("SELECT * FROM bigtree_pages WHERE parent = '$page'");
- while ($f = sqlfetch($q)) {
- $oldpath = $f["path"];
- $path = $this->getFullNavigationPath($f["id"]);
- if ($oldpath != $path) {
- sqlquery("DELETE FROM bigtree_route_history WHERE old_route = '$path' OR old_route = '$oldpath'");
- sqlquery("INSERT INTO bigtree_route_history (`old_route`,`new_route`) VALUES ('$oldpath','$path')");
- sqlquery("UPDATE bigtree_pages SET path = '$path' WHERE id = '".$f["id"]."'");
- $this->updateChildPagePaths($f["id"]);
- }
- }
- }
-
- /*
- Function: updateFeed
- Updates a feed.
-
- Parameters:
- id - The id of the feed to update.
- name - The name.
- description - The description.
- table - The data table.
- type - The feed type.
- options - The feed type options.
- fields - The fields.
- */
-
- function updateFeed($id,$name,$description,$table,$type,$options,$fields) {
- $options = json_decode($options,true);
- foreach ($options as &$option) {
- $option = str_replace($www_root,"{wwwroot}",$option);
- }
-
- // Fix stuff up for the db.
- $id = mysql_real_escape_string($id);
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $description = mysql_real_escape_string(htmlspecialchars($description));
- $table = mysql_real_escape_string($table);
- $type = mysql_real_escape_string($type);
- $options = mysql_real_escape_string(json_encode($options));
- $fields = mysql_real_escape_string(json_encode($fields));
-
- sqlquery("UPDATE bigtree_feeds SET name = '$name', description = '$description', `table` = '$table', type = '$type', fields = '$fields', options = '$options' WHERE id = '$id'");
- }
-
- /*
- Function: updateFieldType
- Updates a field type.
-
- Parameters:
- id - The id of the field type.
- name - The name.
- pages - Whether it can be used as a page resource or not ("on" is yes)
- modules - Whether it can be used as a module resource or not ("on" is yes)
- callouts - Whether it can be used as a callout resource or not ("on" is yes)
- */
-
- function updateFieldType($id,$name,$pages,$modules,$callouts) {
- $id = mysql_real_escape_string($id);
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $pages = mysql_real_escape_string($pages);
- $modules = mysql_real_escape_string($modules);
- $callouts = mysql_real_escape_string($callouts);
-
- sqlquery("UPDATE bigtree_field_types SET name = '$name', pages = '$pages', modules = '$modules', callouts = '$callouts' WHERE id = '$id'");
- }
-
- /*
- Function: updateModule
- Updates a module.
-
- Parameters:
- id - The id of the module to update.
- name - The name of the module.
- group - The group for the module.
- class - The module class to create.
- permissions - The group-based permissions.
- */
-
- function updateModule($id,$name,$group,$class,$permissions) {
- $id = mysql_real_escape_string($id);
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $group = mysql_real_escape_string($group);
- $class = mysql_real_escape_string($class);
- $permissions = mysql_real_escape_string(json_encode($permissions));
- sqlquery("UPDATE bigtree_modules SET name = '$name', `group` = '$group', class = '$class', `gbp` = '$permissions' WHERE id = '$id'");
-
- // Remove cached class list.
- unlink($GLOBALS["server_root"]."cache/module-class-list.btc");
- }
-
- /*
- Function: updateModuleAction
- Updates a module action.
-
- Parameters:
- id - The id of the module action to update.
- name - The name of the action.
- route - The action route.
- in_nav - Whether the action is in the navigation.
- icon - The icon class for the action.
- */
-
- function updateModuleAction($id,$name,$route,$in_nav,$icon) {
- $id = mysql_real_escape_string($id);
- $route = mysql_real_escape_string(htmlspecialchars($route));
- $in_nav = mysql_real_escape_string($in_nav);
- $icon = mysql_real_escape_string($icon);
- $name = mysql_real_escape_string(htmlspecialchars($name));
-
- $item = $this->getModuleAction($id);
- $oroute = $route;
- $x = 2;
- while ($f = sqlfetch(sqlquery("SELECT * FROM bigtree_module_actions WHERE module = '".$item["module"]."' AND route = '$route' AND id != '$id'"))) {
- $route = $oroute."-".$x;
- $x++;
- }
-
- sqlquery("UPDATE bigtree_module_actions SET name = '$name', route = '$route', class = '$icon', in_nav = '$in_nav' WHERE id = '$id'");
- }
-
- /*
- Function: updateModuleForm
- Updates a module form.
-
- Parameters:
- id - The id of the form.
- title - The title of the form.
- table - The table for the form data.
- fields - The form fields.
- javascript - Optional Javascript file to include in the form.
- css - Optional CSS file to include in the form.
- callback - Optional callback function to run after the form processes.
- default_position - Default position for entries to the form (if the view is positioned).
- suffix - Optional add/edit suffix for the form.
- */
-
- function updateModuleForm($id,$title,$table,$fields,$javascript = "",$css = "",$callback = "",$default_position = "",$suffix = "") {
- $id = mysql_real_escape_string($id);
- $title = mysql_real_escape_string(htmlspecialchars($title));
- $table = mysql_real_escape_string($table);
- $fields = mysql_real_escape_string(json_encode($fields));
- $javascript - mysql_real_escape_string(htmlspecialchars($javascript));
- $css - mysql_real_escape_string(htmlspecialchars($css));
- $callback - mysql_real_escape_string($callback);
- $default_position - mysql_real_escape_string($default_position);
-
- sqlquery("UPDATE bigtree_module_forms SET title = '$title', `table` = '$table', fields = '$fields', javascript = '$javascript', css = '$css', callback = '$callback', default_position = '$default_position' WHERE id = '$id'");
-
- $oroute = str_replace(array("add-","edit-","add","edit"),"",$action["route"]);
- if ($suffix != $oroute) {
- sqlquery("UPDATE bigtree_module_actions SET route = 'add-$suffix' WHERE module = '".$action["module"]."' AND route = 'add-$oroute'");
- sqlquery("UPDATE bigtree_module_actions SET route = 'edit-$suffix' WHERE module = '".$action["module"]."' AND route = 'edit-$oroute'");
- }
- }
-
- /*
- Function: updateModuleGroup
- Updates a module group's name.
-
- Parameters:
- id - The id of the module group to update.
- name - The name of the module group.
- */
-
- function updateModuleGroup($id,$name,$in_nav) {
- global $cms;
-
- $id = mysql_real_escape_string($id);
- $name = mysql_real_escape_string(htmlspecialchars($name));
-
- // Get a unique route
- $x = 2;
- $route = $cms->urlify($name);
- $oroute = $route;
- $q = sqlquery("SELECT * FROM bigtree_module_groups WHERE route = '" . mysql_real_escape_string($route) . "'");
- while ($g = sqlfetch($q)) {
- if ($g["id"] != $id) {
- $route = $oroute."-".$x;
- $x++;
- }
- }
-
- // Just to be safe
- $route = mysql_real_escape_string($route);
-
- sqlquery("UPDATE bigtree_module_groups SET name = '$name', route = '$route', in_nav = '$in_nav' WHERE id = '$id'");
- }
-
- /*
- Function: updateModuleView
- Updates a module view.
-
- Parameters:
- id - The view id.
- title - View title.
- description - Description.
- table - Data table.
- type - View type.
- options - View options array.
- fields - Field array.
- actions - Actions array.
- suffix - Add/Edit suffix.
- uncached - Don't cache the view.
- preview_url - Optional preview URL.
-
- Returns:
- The id for view.
- */
-
- function updateModuleView($id,$title,$description,$table,$type,$options,$fields,$actions,$suffix,$uncached = "",$preview_url = "") {
- $id = mysql_real_escape_string($id);
- $title = mysql_real_escape_string(htmlspecialchars($title));
- $description = mysql_real_escape_string(htmlspecialchars($description));
- $table = mysql_real_escape_string($table);
- $type = mysql_real_escape_string($type);
- $options = mysql_real_escape_string(json_encode($options));
- $fields = mysql_real_escape_string(json_encode($fields));
- $actions = mysql_real_escape_string(json_encode($actions));
- $suffix = mysql_real_escape_string($suffix);
- $uncached = mysql_real_escape_string($uncached);
- $preview_url = mysql_real_escape_string(htmlspecialchars($preview_url));
-
- sqlquery("UPDATE bigtree_module_views SET title = '$title', description = '$description', `table` = '$table', type = '$type', options = '$options', fields = '$fields', actions = '$actions', suffix = '$suffix', uncached = '$uncached', preview_url = '$preview_url' WHERE id = '$id'");
- }
-
- /*
- Function: updateModuleViewFields
- Updates the fields for a module view.
-
- Paramters:
- view - The view id.
- fields - A fields array.
- */
-
- function updateModuleViewFields($view,$fields) {
- $view = mysql_real_escape_string($view);
- $fields = mysql_real_escape_string(json_encode($fields));
- sqlquery("UPDATE bigtree_module_views SET `fields` = '$fields' WHERE id = '$view'");
- }
-
- /*
- Function: updatePage
- Updates a page.
- Does not check permissions.
-
- Paramters:
- page - The page id to update.
- data - The page data to update with.
- */
- function updatePage($page,$data) {
- global $cms;
- $page = mysql_real_escape_string($page);
- // Save the existing copy as a draft, remove drafts for this page that are one month old or older.
- sqlquery("DELETE FROM bigtree_page_revisions WHERE page = '$page' AND updated_at < '".date("Y-m-d",strtotime("-31 days"))."' AND saved != 'on'");
- // Get the current copy
- $current = sqlfetch(sqlquery("SELECT * FROM bigtree_pages WHERE id = '$page'"));
- foreach ($current as $key => $val) {
- $$key = mysql_real_escape_string($val);
- }
- // Copy it to the saved versions
- sqlquery("INSERT INTO bigtree_page_revisions (`page`,`title`,`meta_keywords`,`meta_description`,`template`,`external`,`new_window`,`resources`,`callouts`,`author`,`updated_at`) VALUES ('$page','$title','$meta_keywords','$meta_description','$template','$external','$new_window','$resources','$callouts','$last_edited_by','$updated_at')");
- // Remove this page from the cache
- $this->unCache($page);
- // Set local variables in a clean fashion that prevents _SESSION exploitation. Also, don't let them somehow overwrite $page and $current.
- foreach ($data as $key => $val) {
- if (substr($key,0,1) != "_" && $key != "current" && $key != "page") {
- if (is_array($val)) {
- $$key = mysql_real_escape_string(json_encode($val));
- } else {
- $$key = mysql_real_escape_string($val);
- }
- }
- }
- $in_nav = mysql_real_escape_string($data["in_nav"]);
- $redirect_lower = mysql_real_escape_string($data["redirect_lower"]);
- // Make an ipl:// or {wwwroot}'d version of the URL
- if ($external) {
- $external = $this->makeIPL($external);
- }
- // If somehow we didn't provide a parent page (like, say, the user didn't have the right to change it) then pull the one from before. Actually, this might be exploitable… look into it later.
- if (!isset($data["parent"])) {
- $parent = $current["parent"];
- }
- // Create a route if we don't have one, otherwise, make sure the one they provided doesn't suck.
- $route = $data["route"];
- if (!$route) {
- $route = $cms->urlify($data["nav_title"]);
- } else {
- $route = $cms->urlify($route);
- }
- // Get a unique route
- $oroute = $route;
- $x = 2;
- // Reserved paths.
- if ($parent == 0) {
- while (file_exists($GLOBALS["server_root"]."site/".$route."/")) {
- $route = $oroute."-".$x;
- $x++;
- }
- }
- // Existing pages.
- $f = sqlfetch(sqlquery("SELECT id FROM bigtree_pages WHERE `route` = '$route' AND parent = '$parent' AND id != '$page'"));
- while ($f) {
- $route = $oroute."-".$x;
- $f = sqlfetch(sqlquery("SELECT id FROM bigtree_pages WHERE `route` = '$route' AND parent = '$parent' AND id != '$page'"));
- $x++;
- }
- // We have no idea how this affects the nav, just wipe it all.
- if ($current["nav_title"] != $nav_title || $current["route"] != $route || $current["in_nav"] != $in_nav || $current["parent"] != $parent) {
- $this->clearCache();
- }
- // Make sure we set the publish date to NULL if it wasn't provided or we'll have a page that got published at 0000-00-00
- if ($publish_at) {
- $publish_at = "'".date("Y-m-d",strtotime($publish_at))."'";
- } else {
- $publish_at = "NULL";
- }
- // Same goes for the expiration date.
- if ($expire_at) {
- $expire_at = "'".date("Y-m-d",strtotime($expire_at))."'";
- } else {
- $expire_at = "NULL";
- }
- // Set the full path, saves DB access time on the front end.
- if ($parent) {
- $path = $this->getFullNavigationPath($parent)."/".$route;
- } else {
- $path = $route;
- }
- // htmlspecialchars stuff so that it doesn't need to be re-encoded when echo'd on the front end.
- $title = htmlspecialchars($title);
- $nav_title = htmlspecialchars($nav_title);
- $meta_description = htmlspecialchars($meta_description);
- $meta_keywords = htmlspecialchars($meta_keywords);
- $external = htmlspecialchars($external);
- // Update the database
- sqlquery("UPDATE bigtree_pages SET `parent` = '$parent', `nav_title` = '$nav_title', `route` = '$route', `path` = '$path', `in_nav` = '$in_nav', `title` = '$title', `template` = '$template', `external` = '$external', `new_window` = '$new_window', `resources` = '$resources', `callouts` = '$callouts', `meta_keywords` = '$meta_keywords', `meta_description` = '$meta_description', `last_edited_by` = '".$this->ID."', updated_at = NOW(), publish_at = $publish_at, expire_at = $expire_at, max_age = '$max_age' WHERE id = '$page'");
- // Remove any pending drafts
- sqlquery("DELETE FROM bigtree_pending_changes WHERE `table` = 'bigtree_pages' AND item_id = '$page'");
- // Remove old paths from the redirect list
- sqlquery("DELETE FROM bigtree_route_history WHERE old_route = '$path' OR old_route = '".$current["path"]."'");
- // Create an automatic redirect from the old path to the new one.
- if ($current["path"] != $path) {
- sqlquery("INSERT INTO bigtree_route_history (`old_route`,`new_route`) VALUES ('$oldpath','$newpath')");
- // Update all child page routes, ping those engines, clean those caches
- $this->updateChildPagePaths($page);
- $this->pingSearchEngines();
- $this->clearCache();
- }
- // Handle tags
- sqlquery("DELETE FROM bigtree_tags_rel WHERE module = '0' AND entry = '$page'");
- if (is_array($data["_tags"])) {
- foreach ($data["_tags"] as $tag) {
- sqlquery("INSERT INTO bigtree_tags_rel (`module`,`entry`,`tag`) VALUES ('0','$page','$tag')");
- }
- }
-
- // Audit trail.
- $this->track("bigtree_pages",$page,"updated");
- return $page;
- }
-
- /*
- Function: updatePageParent
- Changes a page's parent.
- Checks permissions.
-
- Parameters:
- page - The page to update.
- parent - The parent to switch to.
- */
-
- function updatePageParent($page,$parent) {
- $page = mysql_real_escape_string($page);
- $parent = mysql_real_escape_string($parent);
-
- if ($this->Level < 1) {
- $this->stop("You are not allowed to move pages.");
- }
-
- sqlquery("UPDATE bigtree_pages SET parent = '$parent' WHERE id = '$page'");
- $path = $this->getFullNavigationPath($page);
- sqlquery("UPDATE bigtree_pages SET path = '".mysql_real_escape_string($path)."' WHERE id = '$page'");
- $this->updateChildPagePaths($page);
- }
-
- /*
- Function: updatePageRevision
- Updates a page revision to save it as a favorite.
- Checks permissions.
-
- Parameters:
- id - The page revision id.
- description - Saved description.
- */
-
- function updatePageRevision($id,$description) {
- // Get the version, check if the user has access to the page the version refers to.
- $revision = $this->getPageRevision($id);
- $access = $this->getPageAccessLevel($revision["page"]);
- if ($access != "p") {
- $this->stop("You must be a publisher to manage revisions.");
- }
-
- // Save the version's description and saved status
- $description = mysql_real_escape_string(htmlspecialchars($description));
- sqlquery("UPDATE bigtree_page_revisions SET saved = 'on', saved_description = '$description' WHERE id = '".$revision["id"]."'");
- }
-
- /*
- Function: updatePendingChange
- Updated a pending change.
-
- Parameters:
- id - The id of the pending change.
- changes - The changes to the fields in the entry.
- mtm_changes - Many to Many changes.
- tags_changes - Tags changes.
- */
-
- function updatePendingChange($id,$changes,$mtm_changes = array(),$tags_changes = array()) {
- $id = mysql_real_escape_string($id);
- $changes = mysql_real_escape_string(json_encode($changes));
- $mtm_changes = mysql_real_escape_string(json_encode($mtm_changes));
- $tags_changes = mysql_real_escape_string(json_encode($tags_changes));
-
- sqlquery("UPDATE bigtree_pending_changes SET changes = '$changes', mtm_changes = '$mtm_changes', tags_changes = '$tags_changes', date = NOW(), author = '".$this->ID."' WHERE id = '$id'");
- }
- /*
- Function: updateProfile
- Updates a user's name, company, digest setting, and (optionally) password.
- Parameters:
- data - Array containing name / company / daily_digest / password.
- */
- function updateProfile($data) {
- global $config;
- foreach ($data as $key => $val) {
- if (substr($key,0,1) != "_" && !is_array($val)) {
- $$key = mysql_real_escape_string($val);
- }
- }
- $id = mysql_real_escape_string($this->ID);
- if ($data["password"]) {
- $phpass = new PasswordHash($config["password_depth"], TRUE);
- $password = mysql_real_escape_string($phpass->HashPassword($data["password"]));
- sqlquery("UPDATE bigtree_users SET `password` = '$password', `name` = '$name', `company` = '$company', `daily_digest` = '$daily_digest' WHERE id = '$id'");
- } else {
- sqlquery("UPDATE bigtree_users SET `name` = '$name', `company` = '$company', `daily_digest` = '$daily_digest' WHERE id = '$id'");
- }
- }
-
- /*
- Function: updateResource
- Updates a resource.
-
- Parameters:
- id - The id of the resource.
- name - The name of the resource.
- */
-
- function updateResource($id,$name) {
- $id = mysql_real_escape_string($id);
- $name = mysql_real_escape_string(htmlspecialchars($title));
- sqlquery("UPDATE bigtree_resources SET name = '$name' WHERE id = '$id'");
- }
-
- /*
- Function: updateSetting
- Updates a setting.
-
- Parameters:
- old_id - The current id of the setting to update.
- data - The new data for the setting ("id", "type", "name", "description", "locked", "encrypted")
-
- Returns:
- true if successful, false if a setting exists for the new id already.
- */
- function updateSetting($old_id,$data) {
- global $config;
-
- // Get the existing setting information.
- $existing = $this->getSetting($old_id);
- $old_id = mysql_real_escape_string($old_id);
-
- // Globalize the data and clean it up.
- foreach ($data as $key => $val) {
- if (substr($key,0,1) != "_" && !is_array($val)) {
- $$key = mysql_real_escape_string(htmlspecialchars($val));
- }
- }
-
- // We don't want this encoded since it's a WYSIWYG field.
- $description = mysql_real_escape_string($data["description"]);
-
- // See if we have an id collision with the new id.
- if ($old_id != $id && $this->settingExists($id)) {
- return false;
- }
-
- sqlquery("UPDATE bigtree_settings SET id = '$id', type = '$type', name = '$name', description = '$description', locked = '$locked', encrypted = '$encrypted' WHERE id = '$old_id'");
- // If encryption status has changed, update the value
- if ($existing["encrypted"] && !$encrypted) {
- sqlquery("UPDATE bigtree_settings SET value = AES_DECRYPT(value,'".mysql_real_escape_string($config["settings_key"])."') WHERE id = '$id'");
- }
- if (!$existing["encrypted"] && $encrypted) {
- sqlquery("UPDATE bigtree_settings SET value = AES_ENCRYPT(value,'".mysql_real_escape_string($config["settings_key"])."') WHERE id = '$id'");
- }
-
- // Audit trail.
- $this->track("bigtree_settings",$id,"updated");
- return true;
- }
-
- /*
- Function: updateSettingValue
- Updates the value of a setting.
-
- Paramters:
- id - The id of the setting to update.
- value - A value to set (can be a string or array).
- */
- function updateSettingValue($id,$value) {
- global $config;
- $item = $this->getSetting($id);
- $id = mysql_real_escape_string($id);
- $value = mysql_real_escape_string(json_encode($value));
- if ($item["encrypted"]) {
- sqlquery("UPDATE bigtree_settings SET `value` = AES_ENCRYPT('$value','".mysql_real_escape_string($config["settings_key"])."') WHERE id = '$id'");
- } else {
- sqlquery("UPDATE bigtree_settings SET `value` = '$value' WHERE id = '$id'");
- }
-
- // Audit trail
- $this->track("bigtree_settings",$id,"updated-value");
- }
-
- /*
- Function: updateTemplate
- Updates a template.
-
- Paremeters:
- id - The id of the template to update.
- name - Name
- description - Description
- level - Access level (0 for everyone, 1 for administrators, 2 for developers)
- module - Related module id
- image - Image
- callouts_enabled - "on" for yes
- resources - An array of resources
- */
-
- function updateTemplate($id,$name,$description,$level,$module,$image,$callouts_enabled,$resources) {
- $clean_resources = array();
- foreach ($resources as $resource) {
- if ($resource["id"]) {
- $options = json_decode($resource["options"],true);
- foreach ($options as $key => $val) {
- if ($key != "title" && $key != "id" && $key != "subtitle" && $key != "type") {
- $resource[$key] = $val;
- }
- }
-
- $resource["id"] = htmlspecialchars($resource["id"]);
- $resource["title"] = htmlspecialchars($resource["title"]);
- $resource["subtitle"] = htmlspecialchars($resource["subtitle"]);
- unset($resource["options"]);
- $clean_resources[] = $resource;
- }
- }
-
- $id = mysql_real_escape_string($id);
- $name = mysql_real_escape_string(htmlspecialchars($name));
- $description = mysql_real_escape_string(htmlspecialchars($description));
- $module = mysql_real_escape_string($module);
- $resources = mysql_real_escape_string(json_encode($clean_resources));
- $image = mysql_real_escape_string($image);
- $level = mysql_real_escape_string($level);
- $callouts_enabled = mysql_real_escape_string($callouts_enabled);
-
- sqlquery("UPDATE bigtree_templates SET resources = '$resources', image = '$image', name = '$name', module = '$module', description = '$description', level = '$level', callouts_enabled = '$callouts_enabled' WHERE id = '$id'");
- }
- /*
- Function: updateUser
- Updates a user.
- Parameters:
- id - The user's "id"
- data - A key/value array containing email, name, company, level, permissions, alerts, daily_digest, and (optionally) password.
- Returns:
- True if successful. False if the logged in user doesn't have permission to change the user or there was an email collision.
- */
- function updateUser($id,$data) {
- global $config;
- $id = mysql_real_escape_string($id);
- // See if there's an email collission
- $r = sqlrows(sqlquery("SELECT * FROM bigtree_users WHERE email = '".mysql_real_escape_string($data["email"])."' AND id != '$id'"));
- if ($r) {
- return false;
- }
- // If this person has higher access levels than the person trying to update them, fail.
- $current = $this->getUser($id);
- if ($current["level"] > $this->Level) {
- return false;
- }
- // If we didn't pass in a level because we're editing ourselves, use the current one.
- if (!$level || $this->ID == $current["id"]) {
- $level = $current["level"];
- }
- foreach ($data as $key => $val) {
- if (substr($key,0,1) != "_" && !is_array($val)) {
- $$key = mysql_real_escape_string($val);
- }
- }
- $permissions = mysql_real_escape_string(json_encode($data["permissions"]));
- $alerts = mysql_real_escape_string(json_encode($data["alerts"]));
- if ($data["password"]) {
- $phpass = new PasswordHash($config["password_depth"], TRUE);
- $password = mysql_real_escape_string($phpass->HashPassword($data["password"]));
- sqlquery("UPDATE bigtree_users SET `email` = '$email', `password` = '$password', `name` = '$name', `company` = '$company', `level` = '$level', `permissions` = '$permissions', `alerts` = '$alerts', `daily_digest` = '$daily_digest' WHERE id = '$id'");
- } else {
- sqlquery("UPDATE bigtree_users SET `email` = '$email', `name` = '$name', `company` = '$company', `level` = '$level', `permissions` = '$permissions', `alerts` = '$alerts', `daily_digest` = '$daily_digest' WHERE id = '$id'");
- }
- $this->track("bigtree_users",$id,"updated");
- return true;
- }
-
- /*
- Function: updateUserPassword
- Updates a user's password.
-
- Parameters:
- id - The user's id.
- password - The new password.
- */
-
- function updateUserPassword($id,$password) {
- global $config;
-
- $id = mysql_real_escape_string($id);
- $phpass = new PasswordHash($config["password_depth"], TRUE);
- $password = mysql_real_escape_string($phpass->HashPassword($password));
- sqlquery("UPDATE bigtree_users SET password = '$password' WHERE id = '$id'");
- }
- }
- ?>