Просмотр файла vavok-1.5.3/adminpanel/procfiles.php

Размер файла: 9.11Kb
<?php 
// (c) vavok.net - Aleksandar Vranešević
// modified: 24.07.2020. 12:17:40
// todo: rewrite whole page

require_once"../include/startup.php";
require_once"../include/htmlbbparser.php";

if (!$users->is_reg() || (!$users->is_administrator() && !$users->check_permissions('pageedit', 'show'))) { redirect_to("../?isset=ap_noaccess"); }

// init page editor
$pageEditor = new Page;

$action = isset($_GET['action']) ? check($_GET['action']) : '';

if (isset($_GET['file'])) {
    $file = check($_GET['file']);

    // get page id we work with
    $page_id = $pageEditor->get_page_id("file='{$file}'");
} elseif (isset($_POST['file'])) {
    $file = check($_POST['file']);

    // get page id we work with
    $page_id = $pageEditor->get_page_id("file='{$file}'");
} else {
    $file = '';
}

$text_files = isset($_POST['text_files']) ? $_POST['text_files'] : ''; // keep data as received so html codes will be ok

$config_editfiles = 10;

if ($action == "editfile") {
    // get edit mode
    if (!empty($_SESSION['edmode'])) {
        $edmode = check($_SESSION['edmode']);
    } else {
        $edmode = 'columnist';
        $_SESSION['edmode'] = $edmode;
    } 

    if (!empty($file) && !empty($text_files)) {
        $page_info = $pageEditor->select_page($page_id, 'crtdby, published');

        if (!$users->check_permissions('pageedit', 'show') && !$users->is_administrator()) { redirect_to("index.php?isset=ap_noaccess"); } 

        if ($page_info['crtdby'] != $user_id && !$users->check_permissions('pageedit', 'edit') && (!$users->check_permissions('pageedit', 'editunpub') || $page_info['published'] != 1) && !$users->is_administrator()) {
            header("Location: index.php?isset=ap_noaccess");
            exit;
        }

        // bug when magic quotes are on and '\' sign
        // if magic quotes are on we don't want ' to become \'
        if (get_magic_quotes_gpc()) {
            // strip all slashes
            $text_files = stripslashes($text_files);
        } 

        $text_files = str_replace('{INBOX}', '<?php echo \'<a href="\' . BASEDIR . \'pages/inbox.php">\' . $lang_home[\'inbox\'] . \'</a>\'; ?>', $text_files);
        $text_files = str_replace('{INBOXMSGS}', '<?php echo \'(\' . $users->user_mail($user_id) . \')\'; ?>', $text_files);
        $text_files = str_replace('{LOGOUT}', '<?php echo \'<a href="\' . BASEDIR . \'pages/input.php?action=exit">Log out</a>\'; ?>', $text_files);

        $text_files = str_replace('{BASEDIR}', '<?php echo BASEDIR; ?>', $text_files);

        // update db data
        $pageEditor->update($page_id, $text_files);
    } 

    header("Location: files.php?action=edit&file=$file&isset=mp_editfiles");
    exit;
}

// update head tags on all pages
if ($action == 'editmainhead') {
    if (!$users->is_administrator(101)) {
        redirect_to("../?isset=ap_noaccess");
    } 

    // update header data
    file_put_contents("../used/headmeta.dat", $text_files);

    redirect_to("files.php?action=mainmeta&isset=mp_editfiles");
}

// update head tags on specific page
if ($action == "editheadtag") {

    // get default image link
    $image = !empty($_POST['image']) ? check($_POST['image']) : '';

    // update header tags
    if (!empty($file)) {

        // who created page
        $page_info = $pageEditor->select_page($page_id, 'crtdby');

        // check can user see page
        if (!$users->check_permissions('pageedit', 'show') && !$users->is_administrator()) { redirect_to("index.php?isset=ap_noaccess"); }

        // check can user edit page
        if (!$users->check_permissions('pageedit', 'edit') && !$users->is_administrator() && $page_info['crtdby'] != $user_id) { redirect_to("index.php?isset=ap_noaccess"); } 

        // update db data
        $data = array(
            'headt' => $text_files,
            'default_img' => $image
        );
        $pageEditor->head_data($page_id, $data);

        // redirect
        redirect_to("files.php?action=headtag&file=$file&isset=mp_editfiles");

    } 
    // fields must not be empty
    redirect_to("files.php?action=headtag&file=$file&isset=mp_noeditfiles");
}

// rename page
if ($action == "renamepg") {
    $pg = check($_POST['pg']); // new file name

    if (!empty($pg) && !empty($file)) {
        $page_info = $pageEditor->select_page($page_id, 'crtdby');

        if (!$users->check_permissions('pageedit', 'show') && !$users->is_administrator()) {
            header("Location: index.php?isset=ap_noaccess");
            exit;
        } 
        if (!$users->check_permissions('pageedit', 'edit') && !$users->is_administrator() && $page_info['crtdby'] != $user_id) {
            header("Location: index.php?isset=ap_noaccess");
            exit;
        } 

        // rename page
        $pageEditor->rename($pg, $page_id);

        header("Location: files.php?action=edit&file=$pg&isset=mp_editfiles");
        exit;
    } 
    header("Location: files.php?action=edit&file=$pg&isset=mp_noedit");
    exit;
}

if ($action == "addnew") {

    if (!$users->check_permissions('pageedit', 'insert') && !$users->is_administrator()) { redirect_to("index.php?isset=ap_noaccess"); }

    $newfile = isset($_POST['newfile']) ? check($_POST['newfile']) : '';
    $type = isset($_POST['type']) ? check($_POST['type']) : '';
    $page_structure = isset($_POST['page_structure']) ? check($_POST['page_structure']) : '';
    $allow_unicode = isset($_POST['allow_unicode']) ? true : false;

    // page title
    $page_title = $newfile;

    // page name in url
    if ($allow_unicode === false) {
        // remove unicode chars
        $newfile = trans($newfile);
    } else {
        $newfile = trans_unicode($newfile);
    }

    // if page structure is set
    if (!empty($page_structure)) {
        $type = $page_structure;
    }

    // page language
    if (isset($_POST['lang']) && !empty($_POST['lang'])) {

        $pagelang = check($_POST['lang']);

        $pagelang_file = '!.' . $pagelang . '!';

    } else {

        $pagelang = '';

    }

    if (!empty($newfile)) {
        // page filename
        $newfiles = $newfile . $pagelang_file . '.php';

        // check if page exists
        $includePageLang = !empty($pagelang) ? " AND lang='{$pagelang}'" : '';

        if ($pageEditor->page_exists('', "pname='{$newfile}'" . $includePageLang)) {
            redirect_to("files.php?action=new&isset=mp_pageexists");
        }

        // full page address
        if (!empty($page_structure)) {
            // user's custom page structure
            $page_url = website_home_address() . '/' . $page_structure . '/' . $newfile . '/';
        } elseif ($type == 'post') {
            // blog post
            $page_url = website_home_address() . '/blog/' . $newfile . '/';
        } else {
            // page
            $page_url = website_home_address() . '/page/' . $newfile . '/';
        }

        // insert db data
        $values = array(
        'pname' => $newfile,
        'lang' => $pagelang,
        'created' => time(),
        'lastupd' => time(),
        'lstupdby' => $user_id,
        'file' => $newfiles,
        'crtdby' => $user_id,
        'published' => '1',
        'pubdate' => '0',
        'tname' => $page_title,
        'headt' => '<meta property="og:title" content="' . $page_title . '" />'. "\r\n" . '<meta property="og:url" content="' . $page_url . '" />' . "\r\n" . '<link rel="canonical" href="' . $page_url . '" />',
        'type' => $type
        );

        // insert data
        $pageEditor->insert($values);

        // file successfully created
        redirect_to("files.php?action=edit&file=$newfiles&isset=mp_newfiles");

    } else {
        redirect_to("files.php?action=new&isset=mp_noyesfiles");
    }

}

if ($action == "del") {

    if (!$users->check_permissions('pageedit', 'del') && !$users->is_administrator()) {
        redirect_to("index.php?isset=ap_noaccess");
    }

    // delete page
    $pageEditor->delete($page_id);
 
    redirect_to("files.php?isset=mp_delfiles");
}

// publish page; page will be avaliable for visitors
if ($action == "publish") {
    if (!empty($page_id)) {

        if (!$users->check_permissions('pageedit', 'edit') && !$users->is_administrator()) {
            header("Location: index.php?isset=ap_noaccess");
            exit;
        }

        // update db data
        $pageEditor->visibility($page_id, 2);
    } 

    redirect_to("files.php?action=show&file=" . $file . "&isset=mp_editfiles");
}

// unpublish page
if ($action == "unpublish") {

    if (!empty($page_id)) {

        if (!$users->check_permissions('pageedit', 'edit') && !$users->is_administrator()) {
            header("Location: index.php?isset=ap_noaccess");
            exit;
        }

        // update db data
        $pageEditor->visibility($page_id, 1);
    } 

    redirect_to("files.php?action=show&file=" . $file . "&isset=mp_editfiles");
}

// update page language
if ($action == 'pagelang') {
    if (!$users->is_administrator()) { redirect_to("../?isset=ap_noaccess"); }

    $pageId = check($_GET['id']);
    $lang = check($_POST['lang']);

    // update database data
    $pageEditor->language($pageId, $lang);

    $pageData = $pageEditor->select_page($pageId);
    redirect_to("files.php?action=show&file=" . $pageData['pname'] . "!." . $lang . "!.php&isset=mp_editfiles");

} 

?>