include.con_editcontent.php:
Code: Alles auswählen
<?php
/******************************************
* File : include.con_editcontent.php
* Project : Contenido
* Descr : Include for editing the
* content in an article
*
* Author : Jan Lengowski
*
* Created : 00.00.0000
* Modified : 15.04.2003
*
* © four for business AG
******************************************/
$edit = "true";
$db2 = new DB_Contenido;
$scripts = "";
if ( isset($idcat) ) {
if( $action == 20 || $action == 10 ) {
if( $data != "" ) {
$data = explode("||", substr($data, 0, -2));
foreach($data as $value){
$value = explode("|", $value);
if ( $value[3] == "%$%EMPTY%$%" ){
$value[3] = "";
} else {
$value[3] = str_replace("%$%SEPERATOR%$%", "|", $value[3]);
}
conSaveContentEntry($value[0], "CMS_".$value[1], $value[2], $value[3]);
//echo "conSaveContentEntry({$value[0]}, CMS_{$value[1]}, {$value[2]}, value)<br>\n";
}
// restore orginal values
$data = $_REQUEST['data'];
$value = $_REQUEST['value'];
conGenerateCodeForArtInAllCategories($idart);
}
}
if ( $action == 10 ){
header("Location: ".$cfg["path"]["contenido_fullhtml"].$cfg["path"]["includes"]."include.backendedit.php?type=$type&typenr=$typenr&client=$client&lang=$lang&idcat=$idcat&idart=$idart&idartlang=$idartlang&contenido=$contenido&lang=$lang");
} else {
$markSubItem = markSubMenuItem(3, true);
$scripts .= <<<EOD
<script language="javascript">
// searches the classname in the td above or the tr above
function getCellClass(element) {
var el = document.getElementById(element);
var cell = el.offsetParent;
// if there is a classname in the td return the classname
if ( cell.className != '' ) {
return cell.className;
}
// set a flag in this td
if ( cell.id == '' ) {
cell.id = 'yes';
var flg = 'yes'
} else {
var flg = cell.id;
}
//else go to the tagname table above and search dowen for the tr tags
while (el.tagName != 'TABLE') {
el = el.offsetParent;
}
var elements = el.getElementsByTagName('TR');
//go thrue all tr tags
for (var row in elements) {
if (isNaN(elements[row])) {
var cells = elements[row].getElementsByTagName('TD');
for (var id in cells) {
if(isNaN(cells[id])){
// check if the flg(td cell) is in this tr if true return the calssname
if (cells[id].id==flg&&elements[row].className != '') {
return elements[row].className;
}
}
}
}
}
return false;
}
function setcontent(idartlang, act) {
if (document.all) {
document.getElementsByTagName = function (str) {
if (str=="*")
return document.all;
else
return document.all.tags(str);
}
}
var a = document.getElementsByTagName("*");
var str = '';
var aId = '';
// loop through all elements
for (var i=0; i < a.length; i++) {
aId = a[i].id;
if (aId != '' && typeof aId == 'string') {
var aIdPrefix = aId.substr(0,4);
// search for the id which containes HTML
if (aIdPrefix == 'HTML') {
// check if its an 'contentEditable' Field
if (a[i].isContentEditable == true) {
// split the idname in data
var data = aId.split("_");
// data[0] is the fieldname * needed
// data[1] is the idtype
// data[2] is the typeid * needed
// read out the content
var aContent = prepareString(a[i].innerHTML);
// build the string which will be send
str += buildDataEntry(idartlang , data[0] , data[2] , aContent);
}
}
}
}
// set the string
document.forms.editcontent.data.value = str + document.forms.editcontent.data.value;
// set the action string
if ( act != 0 ) {
document.forms.editcontent.action = act;
}
// if there are 3 arguments, the className has to be seached
if(arguments.length > 2){
//search the class of the above element
var classname = getCellClass(arguments[2]);
if ( classname ) {
document.forms.editcontent.con_class.value = classname;
}
}
// submit the form
document.forms.editcontent.submit();
}
function prepareString(aContent) {
if ( aContent == " " || aContent == "" ) {
aContent = "%$%EMPTY%$%";
} else {
// if there is an | in the text set a replacement chr because we use it later as isolator
while( aContent.search(/\|/) != -1 ) {
aContent = aContent.replace(/\|/,"%$%SEPERATOR%$%");
}
}
return aContent;
}
function buildDataEntry(idartlang, type, typeid, value) {
return idartlang +'|'+ type +'|'+ typeid +'|'+ value +'||';
}
function addDataEntry(idartlang, type, typeid, value) {
document.forms.editcontent.data.value = (buildDataEntry(idartlang, type, typeid, prepareString(value) ) );
setcontent(idartlang,'0');
}
</script>
EOD;
$scripts .= '<script src="'.$cfg["path"]["contenido_fullhtml"].'external/mozile/mozileLoader.js" type="text/javascript"></script>';
$contentform = "<form name=\"editcontent\" method=\"post\" action=\"".$sess->url("front_content.php?area=con_editcontent&idart=$idart&idcat=$idcat&lang=$lang&action=20")."\">\n";
$contentform .= "<input type=\"hidden\" name=\"changeview\" value=\"edit\">\n";
$contentform .= "<input type=\"hidden\" name=\"data\" value=\"\">\n";
$contentform .= "<input type=\"hidden\" name=\"con_class\" value=\"\">\n";
$contentform .= "</form>";
#
# extract IDCATART
#
$sql = "SELECT
idcatart
FROM
".$cfg["tab"]["cat_art"]."
WHERE
idcat = '".$idcat."' AND
idart = '".$idart."'";
$db->query($sql);
$db->next_record();
$idcatart = $db->f("idcatart");
#
# Article is not configured,
# if not check if the category
# is configured. It neither the
# article or the category is
# configured, no code will be
# created and an error occurs.
#
$sql = "SELECT
a.idtplcfg AS idtplcfg
FROM
".$cfg["tab"]["art_lang"]." AS a,
".$cfg["tab"]["art"]." AS b
WHERE
a.idart = '".$idart."' AND
a.idlang = '".$lang."' AND
b.idart = a.idart AND
b.idclient = '".$client."'";
$db->query($sql);
$db->next_record();
if ( $db->f("idtplcfg") != 0 ) {
#
# Article is configured
#
$idtplcfg = $db->f("idtplcfg");
$a_c = array();
$sql2 = "SELECT
*
FROM
".$cfg["tab"]["container_conf"]."
WHERE
idtplcfg = '".$idtplcfg."'
ORDER BY
number ASC";
$db2->query($sql2);
while ( $db2->next_record() ) {
$a_c[$db2->f("number")] = $db2->f("container");
}
} else {
#
# Check whether category is
# configured.
#
$sql = "SELECT
a.idtplcfg AS idtplcfg
FROM
".$cfg["tab"]["cat_lang"]." AS a,
".$cfg["tab"]["cat"]." AS b
WHERE
a.idcat = '".$idcat."' AND
a.idlang = '".$lang."' AND
b.idcat = a.idcat AND
b.idclient = '".$client."'";
$db->query($sql);
$db->next_record();
if ( $db->f("idtplcfg") != 0 ) {
#
# Category is configured,
# extract varstring
#
$idtplcfg = $db->f("idtplcfg");
$a_c = array();
$sql2 = "SELECT
*
FROM
".$cfg["tab"]["container_conf"]."
WHERE
idtplcfg = '".$idtplcfg."'
ORDER BY
number ASC";
$db2->query($sql2);
while ( $db2->next_record() ) {
$a_c[$db2->f("number")] = $db2->f("container");
}
} else {
#
# Article nor Category
# is configured. Creation of
# Code is not possible. Write
# Errormsg to DB.
#
include_once ($cfg["path"]["contenido"].$cfg["path"]["classes"]."class.notification.php");
include_once ($cfg["path"]["contenido"].$cfg["path"]["classes"]."class.table.php");
if ( !is_object($notification) ) {
$notification = new Contenido_Notification;
}
$sql = "SELECT title FROM ".$cfg["tab"]["art_lang"]." WHERE idartlang = '".$idartlang."'";
$db->query($sql);
$db->next_record();
$art_name = $db->f("title");
$cat_name = "";
conCreateLocationString($idcat, " / ", $cat_name);
$sql = "SELECT name FROM ".$cfg["tab"]["lang"]." WHERE idlang = '".$lang."'";
$db->query($sql);
$db->next_record();
$lang_name = $db->f("name");
$sql = "SELECT name FROM ".$cfg["tab"]["clients"]." WHERE idclient = '".$client."'";
$db->query($sql);
$db->next_record();
$client_name = $db->f("name");
$noti_html = '<table cellspacing="0" cellpadding="2" border="0">
<tr class="text_medium">
<td colspan="2">
<b>'.i18n("No template assigned to the category<br>and/or the article").'</b><br><br>
'.i18n("The code for the following article<br>couldnt be generated:").'
<br><br>
</td>
</tr>
<tr class="text_medium">
<td >'.i18n("Article").':</td>
<td><b>'.$art_name.'</b></td>
</tr>
<tr class="text_medium">
<td >'.i18n("Category").':</td>
<td><b>'.$cat_name.'</b></td>
</tr>
<tr class="text_medium">
<td>'.i18n("Language").':</td>
<td><b>'.$lang_name.'</b></td>
</tr>
<tr class="text_medium">
<td>'.i18n("Client").':</td>
<td><b>'.$client_name.'</b></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</table>';
$code = '
<html>
<head>
<title>Error</title>
<link rel="stylesheet" type="text/css" href="'.$cfg["path"]["contenido_fullhtml"].$cfg["path"]["styles"].'contenido.css"></link>
</head>
<body style="margin: 10px">'.$notification->returnNotification("error", $noti_html).'</body>
</html>';
$sql = "SELECT * FROM ".$cfg["tab"]["code"]." WHERE idcatart='".$idcatart."' AND idlang='".$lang."'";
$db->query($sql);
if ($db->next_record()) {
$sql = "UPDATE ".$cfg["tab"]["code"]." SET code='".$code."', idlang='".$lang."', idclient='".$client."' WHERE idcatart='".$idcatart."' AND idlang='".$lang."'";
$db->query($sql);
} else {
$sql = "INSERT INTO ".$cfg["tab"]["code"]." (idcode, idcatart, code, idlang, idclient) VALUES ('".$db->nextid($cfg["tab"]["code"])."', '".$idcatart."', '".$code."', '".$lang."', '".$client."')";
$db->query($sql);
}
echo $code;
}
}
#
# Get IDLAY and IDMOD array
#
$sql = "SELECT
a.idlay AS idlay,
a.idtpl AS idtpl
FROM
".$cfg["tab"]["tpl"]." AS a,
".$cfg["tab"]["tpl_conf"]." AS b
WHERE
b.idtplcfg = '".$idtplcfg."' AND
b.idtpl = a.idtpl";
$db->query($sql);
$db->next_record();
$idlay = $db->f("idlay");
$idtpl = $db->f("idtpl");
#
# List of used modules
#
$sql = "SELECT
number,
idmod
FROM
".$cfg["tab"]["container"]."
WHERE
idtpl = '".$idtpl."'
ORDER BY
number ASC";
$db->query($sql);
while ( $db->next_record() ) {
$a_d[$db->f("number")] = $db->f("idmod");
}
#
# Get code from Layout
#
$sql = "SELECT * FROM ".$cfg["tab"]["lay"]." WHERE idlay = '".$idlay."'";
$db->query($sql);
$db->next_record();
$code = $db->f("code");
$code = AddSlashes($code);
#
# Create code for all containers
#
if ($idlay) {
tplPreparseLayout($idlay);
$tmp_returnstring = tplBrowseLayoutForContainers($idlay);
$a_container = explode("&", $tmp_returnstring);
foreach ($a_container as $key=>$value) {
$CiCMS_VALUE = "";
$sql = "SELECT * FROM ".$cfg["tab"]["mod"]." WHERE idmod='".$a_d[$value]."'";
$db->query($sql);
$db->next_record();
if (is_numeric($a_d[$value]))
{
$thisModule = '<?php $cCurrentModule = '.((int)$a_d[$value]).'; ?>';
$thisContainer = '<?php $cCurrentContainer = '.((int)$value).'; ?>';
}
$output = $thisModule . $thisContainer . $db->f("output");
$output = AddSlashes($output);
$template = $db->f("template");
if (array_key_exists($value, $a_c))
{
$a_c[$value] = preg_replace("/(&\$)/","", $a_c[$value]);
$tmp1 = preg_split("/&/", $a_c[$value]);
} else {
$tmp1 = array();
}
$varstring = array();
foreach ($tmp1 as $key1=>$value1) {
$tmp2 = explode("=", $value1);
foreach ($tmp2 as $key2 => $value2) {
$varstring["$tmp2[0]"] = $tmp2[1];
}
}
$CiCMS_Var = '$C'.$value.'CMS_VALUE';
$CiCMS_VALUE = '';
foreach ($varstring as $key3=>$value3){
$tmp = urldecode($value3);
$tmp = str_replace("\'", "'", $tmp);
$CiCMS_VALUE .= $CiCMS_Var.'['.$key3.']="'.$tmp.'"; ';
$output = str_replace("\$CMS_VALUE[$key3]", $tmp, $output);
$output = str_replace("CMS_VALUE[$key3]", $tmp, $output);
}
$output = str_replace("CMS_VALUE", $CiCMS_Var, $output);
$output = str_replace("\$".$CiCMS_Var, $CiCMS_Var, $output);
$output = eregi_replace("(CMS_VALUE\[)([0-9]*)(\])", "", $output);
/* Long syntax with closing tag */
$code = preg_replace("/<container( +)id=\\\\\"$value\\\\\"(.*)>(.*)<\/container>/i", "CMS_CONTAINER[$value]", $code);
/* Short syntax */
$code = preg_replace("/<container( +)id=\\\\\"$value\\\\\"(.*)\/>/i", "CMS_CONTAINER[$value]", $code);
$code = str_ireplace("CMS_CONTAINER[$value]", "<?php $CiCMS_VALUE ?>\r\n".$output, $code);
}
}
#
# Find out what kind of CMS_... Vars are in use
#
$sql = "SELECT
*
FROM
".$cfg["tab"]["content"]." AS A,
".$cfg["tab"]["art_lang"]." AS B,
".$cfg["tab"]["type"]." AS C
WHERE
A.idtype = C.idtype AND
A.idartlang = B.idartlang AND
B.idart = '".$idart."' AND
B.idlang = '".$lang."'";
$db->query($sql);
while ( $db->next_record() ) {
$a_content[$db->f("type")][$db->f("typeid")] = $db->f("value");
}
$sql = "SELECT idartlang FROM ".$cfg["tab"]["art_lang"]." WHERE idart='".$idart."' AND idlang='".$lang."'";
$db->query($sql);
$db->next_record();
$idartlang = $db->f("idartlang");
#
# Replace all CMS_TAGS[]
#
$sql = "SELECT idtype, type, code FROM ".$cfg["tab"]["type"];
$db->query($sql);
while ( $db->next_record() )
{
$tmp = preg_match_all("/(".$db->f("type")."\[+\d+\])/i", $code, $match);
$a_[strtolower($db->f("type"))] = $match[0];
$success = array_walk($a_[strtolower($db->f("type"))], 'extractNumber');
$search = array();
$replacements = array();
foreach ($a_[strtolower($db->f("type"))] as $val)
{
eval ($db->f("code"));
$search[$val] = $db->f("type") ."[$val]";
$replacements[$val] = $tmp;
}
$code = str_ireplace($search, $replacements, $code);
}
unset($tmp);
/* output the code */
$code = stripslashes($code);
$code = str_ireplace_once("</head>", "$markSubItem $scripts\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=$encoding[$lang]\"></head>", $code);
$code = str_ireplace_once_reverse("</body>", "$contentform</body>", $code);
if ($cfg["debug"]["codeoutput"])
{
echo "<textarea>".htmlspecialchars($code)."</textarea>";
}
$code = str_ireplace_once("<head>", "<head>\n".'<base href="'.$cfgClient[$client]["path"]["htmlpath"].'">', $code);
chdir($cfgClient[$client]["path"]["frontend"]);
eval("?>\n".$code."\n<?php\n");
}
}
page_close();
?>
backendedit/front_content.php:
Code: Alles auswählen
<?php
/******************************************
* File : front_content.php
* Project : Contenido
* Descr : Contenido Frontend
*
* Author : Olaf Niemann,
* Jan Lengowski
*
* Created : 21.01.2003
* Modified : 21.01.2003
*
* © four for business AG
******************************************/
include_once ("../../includes/startup.php");
cInclude("includes", "functions.general.php");
rereadClients();
include_once ($cfgClient[$client]["path"]["frontend"]."config.php");
chdir($cfgClient[$client]["path"]["frontend"]);
cInclude("includes", "functions.general.php");
cInclude("includes", "functions.i18n.php");
cInclude("includes", "functions.con.php");
cInclude("includes", "functions.con2.php");
cInclude("includes", "functions.api.php");
cInclude("includes", "functions.pathresolver.php");
cInclude("classes", "class.user.php");
if ($cfg["use_pseudocron"] == true)
{
/* Include cronjob-Emulator */
$oldpwd = getcwd();
chdir($cfg["path"]["contenido"].$cfg["path"]["cronjobs"]);
cInclude("includes", "pseudo-cron.inc.php");
chdir($oldpwd);
}
if ($contenido)
{
//Backend
page_open(array ('sess' => 'Contenido_Session', 'auth' => 'Contenido_Challenge_Crypt_Auth', 'perm' => 'Contenido_Perm'));
i18nInit($cfg["path"]["contenido"].$cfg["path"]["locale"], $belang);
}
else
{
//Frontend
page_open(array ('sess' => 'Contenido_Frontend_Session', 'auth' => 'Contenido_Frontend_Challenge_Crypt_Auth', 'perm' => 'Contenido_Perm'));
}
$db = new DB_Contenido;
$sess->register("cfgClient");
$sess->register("errsite_idcat");
$sess->register("errsite_idart");
$sess->register("encoding");
if ($cfgClient["set"] != "set")
{
rereadClients();
}
$sql = "SELECT
idlang,
encoding
FROM
".$cfg["tab"]["lang"];
$db->query($sql);
while ($db->next_record())
{
$encoding[$db->f("idlang")] = $db->f("encoding");
}
if (is_numeric($tmpchangelang) && $tmpchangelang > 0)
{
$savedlang = $lang;
$lang = $tmpchangelang;
}
// Change client
if (isset($changeclient)){
$client = $changeclient;
unset($lang);
unset($load_lang);
}
// Change language
if (isset($changelang)) $lang = $changelang;
// Initialize client
if (!isset($client)) {
//load_client defined in frontend/config.php
$client = $load_client;
}
// Initialize language
if (!isset($lang)) {
//if there is an entry load_lang in frontend/config.php use it, else use the first language of this client
if(isset($load_lang)){
//load_client is set in frontend/config.php
$lang = $load_lang;
}else{
$sql = "SELECT
B.idlang
FROM
".$cfg["tab"]["clients_lang"]." AS A,
".$cfg["tab"]["lang"]." AS B
WHERE
A.idclient='$client' AND
A.idlang = B.idlang
LIMIT
0,1";
$db->query($sql);
$db->next_record();
$lang = $db->f("idlang");
}
}
if (!$sess->is_registered("lang") ) $sess->register("lang");
if (!$sess->is_registered("client") ) $sess->register("client");
if (isset ($username))
{
$auth->login_if(true);
}
header("Content-Type: text/html; charset={$encoding[$lang]}");
if (isset ($logout))
{
$auth->logout(true);
$auth->unauth(true);
$auth->auth["uname"] = "nobody";
}
if (file_exists("config.local.php"))
{
@ include ("config.local.php");
}
/* If the path variable was passed, try to resolve it */
if (isset ($path))
{
/* Which resolve method is configured? */
if ($cfg["urlpathresolve"] == true)
{
$idcat = prResolvePathViaURLNames($path);
}
else
{
$idcat = prResolvePathViaCategoryNames($path);
}
}
// Fehlerseite
$errsite = "Location: front_content.php?client=$client&idcat=".$errsite_idcat[$client]."&idart=".$errsite_idart[$client]."&lang=$lang&error=1";
if ($idart && !$idcat && !$idcatart)
{
/* Try to fetch the first idcat */
$sql = "SELECT idcat FROM ".$cfg["tab"]["cat_art"]." WHERE idart='$idart'";
$db->query($sql);
if ($db->next_record())
{
$idcat = $db->f("idcat");
}
}
/* Initialize variables */
unset ($code);
unset ($markscript);
if (!$idcatart)
{
if (!$idart)
{
if (!$idcat)
{
if ($cfg["is_start_compatible"] == true)
{
$sql = "SELECT
idart,
B.idcat
FROM
".$cfg["tab"]["cat_art"]." AS A,
".$cfg["tab"]["cat_tree"]." AS B,
".$cfg["tab"]["cat"]." AS C
WHERE
A.idcat=B.idcat AND
B.idcat=C.idcat AND
is_start='1' AND
idclient='$client'
ORDER BY
idtree ASC";
}
else
{
$sql = "SELECT
A.idart,
B.idcat
FROM
".$cfg["tab"]["cat_art"]." AS A,
".$cfg["tab"]["cat_tree"]." AS B,
".$cfg["tab"]["cat"]." AS C,
".$cfg["tab"]["cat_lang"]." AS D,
".$cfg["tab"]["art_lang"]." AS E
WHERE
A.idcat=B.idcat AND
B.idcat=C.idcat AND
D.startidartlang = E.idartlang AND
D.idlang='$lang' AND
E.idart=A.idart AND
E.idlang='$lang' AND
idclient='$client'
ORDER BY
idtree ASC";
}
$db->query($sql);
if ($db->next_record())
{
$idart = $db->f("idart");
$idcat = $db->f("idcat");
}
else
{
if ($contenido)
die(i18n("No start article for this category"));
else
{
if ($error == 1)
{
echo "Fatal error: Could not display error page. Error to display was: 'No start article in this category'";
}
else
{
header($errsite);
}
}
}
}
else
{
$idart = -1;
if ($cfg["is_start_compatible"] == true)
{
$sql = "SELECT idart FROM ".$cfg["tab"]["cat_art"]." WHERE idcat='".$idcat."' AND is_start='1'";
$db->query($sql);
if ($db->next_record())
{
$idart = $db->f("idart");
}
}
else
{
$sql = "SELECT startidartlang FROM ".$cfg["tab"]["cat_lang"]." WHERE idcat='".$idcat."' AND idlang='$lang'";
$db->query($sql);
if ($db->next_record())
{
if ($db->f("startidartlang") != 0)
{
$sql = "SELECT idart FROM ".$cfg["tab"]["art_lang"]." WHERE idartlang='".$db->f("startidartlang")."'";
$db->query($sql);
$db->next_record();
$idart = $db->f("idart");
}
}
}
if ($idart != -1)
{
}
else
{
//im backend richtige Fehlermeldung
if ($contenido)
die(i18n("No start article for this category"));
else
{
if ($error == 1)
{
echo "Fatal error: Could not display error page. Error to display was: 'No start article in this category'";
}
else
{
header($errsite);
}
}
}
}
}
}
else
{
$sql = "SELECT idcat, idart FROM ".$cfg["tab"]["cat_art"]." WHERE idcatart='".$idcatart."'";
$db->query($sql);
$db->next_record();
$idcat = $db->f("idcat");
$idart = $db->f("idart");
}
/* Get idcatart */
if (0 != $idart && 0 != $idcat)
{
$sql = "SELECT idcatart FROM ".$cfg["tab"]["cat_art"]." WHERE idart = '".$idart."' AND idcat = '".$idcat."'";
$db->query($sql);
$db->next_record();
$idcatart = $db->f("idcatart");
}
$idartlang = getArtLang($idart, $lang);
if ($idartlang === false)
{
header($errsite);
}
/* If user hast contenido-
backend rights. */
if ($contenido)
{
cInclude("classes", 'class.inuse.php');
cInclude("classes", 'class.user.php');
cInclude("classes", 'class.table.php');
cInclude("classes", 'class.notification.php');
$perm->load_permissions();
/* Change mode edit / view */
if (isset ($changeview))
{
$sess->register("view");
$view = $changeview;
}
$col = new InUseCollection;
if ($overrideid != "" && $overridetype != "")
{
$col->removeItemMarks($overridetype, $overrideid);
}
/* Remove all own marks */
$col->removeSessionMarks($sess->id);
/* If the override flag is set, override a specific InUseItem */
list ($inUse, $message) = $col->checkAndMark("article", $idartlang, true, i18n("Article is in use by %s (%s)"), true, "front_content.php?changeview=edit&action=con_editart&idartlang=$idartlang&type=$type&typenr=$typenr&idart=$idart&idcat=$idcat&idcatart=$idcatlang&client=$client&lang=$lang");
if ($inUse == true)
{
$disabled = 'disabled="disabled"';
echo $message;
}
$sql = "SELECT locked FROM ".$cfg["tab"]["art_lang"]." WHERE idart='".$idart."' AND idlang = '".$lang."'";
$db->query($sql);
$db->next_record();
$locked = $db->f("locked");
if ($locked == 1)
{
$inUse = true;
$disabled = 'disabled="disabled"';
}
/* Check if the user
has permission to edit
articles in this category */
if ($perm->have_perm_area_action_item("con_editcontent", "con_editart", $idcat) && $inUse == false)
{
/* Create buttons for editing */
$edit_preview = '<table cellspacing="0" cellpadding="4" border="0">';
if ($view == "edit")
{
$edit_preview = ' <tr>
<td width="18">
<a title="Preview" style="font-family: Verdana; font-size: 10px; color: #000000; text-decoration: none" href="'.$sess->url("front_content.php?changeview=prev&idcat=$idcat&idart=$idart").'"><img src="'.$cfg["path"]["contenido_fullhtml"].$cfg["path"]["images"].'but_preview.gif" alt="Preview" title="Preview" border="0"></a>
</td>
<td width="18">
<a title="Preview" style="font-family: Verdana; font-size: 10px; color: #000000; text-decoration: none" href="'.$sess->url("front_content.php?changeview=prev&idcat=$idcat&idart=$idart").'">Preview</a>
</td>
</tr>';
}
else
{
$edit_preview = ' <tr>
<td width="18">
<a title="Preview" style="font-family: Verdana; font-size: 10px; color: #000000; text-decoration: none" href="'.$sess->url("front_content.php?changeview=edit&idcat=$idcat&idart=$idart").'"><img src="'.$cfg["path"]["contenido_fullhtml"].$cfg["path"]["images"].'but_edit.gif" alt="Preview" title="Preview" border="0"></a>
</td>
<td width="18">
<a title="Preview" style="font-family: Verdana; font-size: 10px; color: #000000; text-decoration: none" href="'.$sess->url("front_content.php?changeview=edit&idcat=$idcat&idart=$idart").'">Edit</a>
</td>
</tr>';
}
/* Display articles */
if ($cfg["is_start_compatible"] == true)
{
$sql = "SELECT idart,is_start FROM ".$cfg["tab"]["cat_art"]." WHERE idcat='".$idcat."' ORDER BY idart";
$db->query($sql);
}
else
{
$sql = "SELECT idart FROM ".$cfg["tab"]["cat_art"]." WHERE idcat='".$idcat."' ORDER BY idart";
$db->query($sql);
}
$a = 1;
$edit_preview .= '<tr><td colspan="2"><table cellspacing="0" cellpadding="2" border="0"></tr><td style="font-family: verdana; font-size:10; color:#000000; text-decoration:none">Articles in category:<br>';
while ($db->next_record() && ($db->affected_rows() != 1))
{
$class = "font-family:'Verdana'; font-size:10; color:#000000; text-decoration: underline; font-weight:normal";
if (!isset ($idart))
{
if (isStartArticle(getArtLang($idart, $lang), $idcat, $lang))
{
$class = "font-family: verdana; font-size:10; color:#000000; text-decoration: underline ;font-weight:bold";
}
}
else
{
if ($idart == $db->f("idart"))
{
$class = "font-family: verdana; font-size:10; color:#000000; text-decoration: underline; font-weight:bold";
}
}
$edit_preview .= "<a style=\"$class\" href=\"".$sess->url("front_content.php?idart=".$db->f("idart")."&idcat=$idcat")."\">$a</a> ";
$a ++;
}
$edit_preview .= '</td></tr></table></td></tr></table>';
}
} // end if $contenido
/* If mode is 'edit' and user has permissoion
edit articles in this idcat */
if ($inUse == false && $view == "edit" && ($perm->have_perm_area_action_item("con_editcontent", "con_editart", $idcat)))
{
cInclude("includes", "functions.tpl.php");
cInclude("includes", "functions.con.php");
include ($cfg["path"]["contenido"].$cfg["path"]["includes"]."include.con_editcontent.php");
}
else
{
/* Mark submenuitem 'Preview' */
if ($contenido)
{
$markscript = markSubMenuItem(4, true);
}
unset($edit); // disable editmode
/* 'mode' is preview or article displayed
in the front-end */
$sql = "SELECT
createcode
FROM
".$cfg["tab"]["cat_art"]."
WHERE
idcat = '".$idcat."' AND
idart = '".$idart."'";
$db->query($sql);
$db->next_record();
/* Check if code is expired,
create new code if needed */
if ($db->f("createcode") == 0 && $force == 0)
{
$sql = "SELECT code FROM ".$cfg["tab"]["code"]." WHERE idcatart = '".$idcatart."' AND idlang = '".$lang."'";
$db->query($sql);
if ($db->num_rows() == 0)
{
/* Include here for performance reasons */
cInclude("includes", "functions.tpl.php");
conGenerateCode($idcat, $idart, $lang, $client);
$sql = "SELECT code FROM ".$cfg["tab"]["code"]." WHERE idcatart = '".$idcatart."' AND idlang = '".$lang."'";
$db->query($sql);
}
if ($db->next_record())
{
$code = stripslashes($db->f("code"));
}
else
{
if ($contenido)
$code = "echo \"No code available.\";";
else
{
if ($error == 1)
{
echo "Fatal error: Could not display error page. Error to display was: 'No code available'";
}
else
{
header($errsite);
}
}
}
}
else
{
$sql = "DELETE FROM ".$cfg["tab"]["code"]." WHERE idcatart = '".$idcatart."'";
$db->query($sql);
// echo "creating code for idcat:$idcat, idart:$idart, lang:$lang, client:$client<br><br>";
cInclude("includes", "functions.con.php");
cInclude("includes", "functions.tpl.php");
cInclude("includes", "functions.mod.php");
conGenerateCode($idcat, $idart, $lang, $client);
$sql = "SELECT code FROM ".$cfg["tab"]["code"]." WHERE idcatart = '".$idcatart."' AND idlang = '".$lang."'";
$db->query($sql);
$db->next_record();
$code = stripslashes($db->f("code"));
}
/* Add mark Script to code */
$code = preg_replace("/<\/head>/i", "$markscript\n</head>", $code);
/* Check if category is public */
$sql = "SELECT public FROM ".$cfg["tab"]["cat_lang"]." WHERE idcat='".$idcat."' AND idlang='".$lang."'";
$db->query($sql);
$db->next_record();
$public = $db->f("public");
if ($public == 0)
{
if ($auth->auth["uid"] == "nobody")
{
$sql = "SELECT user_id, value FROM ".$cfg["tab"]["user_prop"]." WHERE type='frontend' and name='allowed_ip'";
$db->query($sql);
while ($db->next_record())
{
$user_id = $db->f("user_id");
$range = urldecode($db->f("value"));
$slash = strpos($range, "/");
if ($slash == false)
{
$netmask = "255.255.255.255";
$network = $range;
}
else
{
$network = substr($range, 0, $slash);
$netmask = substr($range, $slash +1, strlen($range) - $slash -1);
}
if (IP_match($network, $netmask, $_SERVER["REMOTE_ADDR"]))
{
$sql = "SELECT idright
FROM ".$cfg["tab"]["rights"]." AS A,
".$cfg["tab"]["actions"]." AS B,
".$cfg["tab"]["area"]." AS C
WHERE B.name = 'front_allow' AND C.name = 'str' AND A.user_id = '".$user_id."' AND A.idcat = '$idcat'
AND A.idarea = C.idarea AND B.idaction = A.idaction";
$db2 = new DB_Contenido;
$db2->query($sql);
if ($db2->num_rows() > 0)
{
$auth->auth["uid"] = $user_id;
$validated = 1;
}
}
}
if ($validated != 1)
{
$allow = false;
$iterator = $_cecRegistry->getIterator("Contenido.Frontend.CategoryAccess");
while ($chainEntry = $iterator->next())
{
$value = $chainEntry->execute($lang, $idcat, $auth->auth["uid"]);
if ($value === true)
{
$allow = true;
break;
}
}
$auth->login_if(!$allow);
}
}
else
{
$allow = false;
$iterator = $_cecRegistry->getIterator("Contenido.Frontend.CategoryAccess");
while ($chainEntry = $iterator->next())
{
$value = $chainEntry->execute($lang, $idcat, $auth->auth["uid"]);
if ($value === true)
{
$allow = true;
break;
}
}
if (!$allow)
{
header($errsite);
}
}
}
/* Sanity: If the stat table doesn't contain an entry, create one */
$sql = "SELECT idcatart FROM ".$cfg["tab"]["stat"]." WHERE idcatart = '$idcatart' AND idlang='$lang'";
$db->query($sql);
if ($db->next_record())
{
/* Update the statistics. */
$sql = "UPDATE ".$cfg["tab"]["stat"]." SET visited = visited + 1 WHERE idcatart = '".$idcatart."' AND idclient = '$client' AND idlang = '".$lang."'";
$db->query($sql);
}
else
{
/* Insert new record */
$next = $db->nextid($cfg["tab"]["stat"]);
$sql = "INSERT INTO ".$cfg["tab"]["stat"]." (visited, idcatart, idlang, idstat, idclient) VALUES ('1', '$idcatart', '$lang', '$next', '$client')";
$db->query($sql);
}
/* Check for redirect.
Properties for the redirect are
choosen in the article properties */
if ($cfg["is_start_compatible"] == true)
{
$sql = "SELECT is_start FROM ".$cfg["tab"]["cat_art"]." WHERE idcatart='".$idcatart."'";
$db->query($sql);
$db->next_record();
$isstart = $db->f("is_start");
}
else
{
$sql = "SELECT startidartlang FROM ".$cfg["tab"]["cat_lang"]." WHERE idcat='$idcat' AND idlang = '$lang'";
$db->query($sql);
$db->next_record();
if ($db->f("idartlang") == $idartlang)
{
$isstart = 1;
}
else
{
$isstart = 0;
}
}
$sql = "SELECT timemgmt FROM ".$cfg["tab"]["art_lang"]." WHERE idart='".$idart."' AND idlang = '".$lang."'";
$db->query($sql);
$db->next_record();
if (($db->f("timemgmt") == "1") && ($isstart != 1))
{
$sql = "SELECT online, redirect, redirect_url FROM ".$cfg["tab"]["art_lang"]." WHERE idart='".$idart."' AND idlang = '".$lang."' AND NOW() > datestart AND NOW() < dateend";
}
else
{
$sql = "SELECT online, redirect, redirect_url FROM ".$cfg["tab"]["art_lang"]." WHERE idart='".$idart."' AND idlang = '".$lang."'";
}
$db->query($sql);
$db->next_record();
$online = $db->f("online");
$redirect = $db->f("redirect");
$redirect_url = $db->f("redirect_url");
@ eval ("\$"."redirect_url = \"$redirect_url\";"); // transform variables
$is_XHTML = getEffectiveSetting('generator', 'xhtml', false);
if ($is_XHTML == true) {
$baseCode = '<base href="'.$cfgClient[$client]["path"]["htmlpath"].'" />';
} else {
$baseCode = '<base href="'.$cfgClient[$client]["path"]["htmlpath"].'">';
}
$code = str_ireplace_once("<head>", "<head>\n".$baseCode, $code);
if ($online)
{
if ($redirect == '1' && $redirect_url != '')
{
page_close();
header("Location: $redirect_url");
exit;
}
else
{
if ($cfg["debug"]["codeoutput"])
{
echo "<textarea>".htmlspecialchars($code)."</textarea>";
}
eval ("?>\n".$code."\n<?php\n");
}
}
else
{
if ($contenido)
{
eval ("?>\n".$code."\n<?php\n");
}
else
{
if ($error == 1)
{
echo "Fatal error: Could not display error page. Error to display was: 'No contenido session variable set. Probable error cause: Start article in this category is not set on-line.'";
}
else
{
header($errsite);
}
}
}
}
if (file_exists("config.after.php"))
{
@ include ("config.after.php");
}
function IP_match($network, $mask, $ip)
{
bcscale(3);
$ip_long = ip2long($ip);
$mask_long = ip2long($network);
#
# Convert mask to divider
#
if (ereg("^[0-9]+$", $mask))
{
/// 212.50.13.0/27 style mask (Cisco style)
$divider = bcpow(2, (32 - $mask));
}
else
{
/// 212.50.13.0/255.255.255.0 style mask
$xmask = ip2long($mask);
if ($xmask < 0)
$xmask = bcadd(bcpow(2, 32), $xmask);
$divider = bcsub(bcpow(2, 32), $xmask);
}
#
# Test is IP within specified mask
#
if (floor(bcdiv($ip_long, $divider)) == floor(bcdiv($mask_long, $divider)))
{
# match - this IP is within specified mask
return true;
}
else
{
# fail - this IP is NOT within specified mask
return false;
}
}
if (isset ($savedlang))
{
$lang = $savedlang;
}
page_close();
?>
"Es wird keine Handlung geben, keine Geschichte mit ihrer Versprechung auf einen Anfang und ihrer Hoffnung auf ein Ende." (Andrzej Stasiuk)
