development/www/includes/edit_base.php

<?php declare(strict_types=1);
/********************************************************************
* AUTHOR: Clemens "Gullevek" Schwaighofer (www.gullevek.org)
* CREATED: 2003/06/10
* SHORT DESCRIPTION:
*	central include for all edit_pages
*	 - edit_groups.php
*	 - edit_languages.php
*	 - edit_pages.php
*	 - edit_schemes.php
*	 - edit_users.php
*	 - edit_visible_group.php
* HISTORY:
* 2005/06/30 (cs) remove color settings, they are in CSS File now
* 2005/06/22 (cs) moved load of config array into form class, set lang and lang is must set var for form class; removed the page name setting, moved it into the form class, remove all HTML from main page
* 2004/09/30 (cs) changed layout to fit default layout & changed LIBS, etc
* 2003-06-10: creation of this page
*********************************************************************/

$DEBUG_ALL = 1;
$PRINT_ALL = 1;
$DB_DEBUG = 1;

// TODO: only extract _POST data that is needed
extract($_POST, EXTR_SKIP);

ob_start();
require 'config.php';
// set session name here
$SET_SESSION_NAME = EDIT_SESSION_NAME;
// overrride debug flags
if (!DEBUG)	{
	$DEBUG_ALL = 0;
	$PRINT_ALL = 0;
	$DB_DEBUG = 0;
	$ECHO_ALL = 0;
}

// should be utf8
header("Content-type: text/html; charset=".DEFAULT_ENCODING);
ob_end_flush();
$login = new CoreLibs\ACL\Login(DB_CONFIG);

// create form class
$form = new CoreLibs\Output\Form\Generate(DB_CONFIG);
if ($form->mobile_phone) {
	echo "I am sorry, but this page cannot be viewed by a mobile phone";
	exit;
}
// smarty template engine (extended Translation version)
$smarty = new CoreLibs\Template\SmartyExtend();

// $form->debug('POST', $form->printAr($_POST));

if (TARGET == 'live' || TARGET == 'remote') {
	// login
	$login->debug_output_all = DEBUG ? 1 : 0;
	$login->echo_output_all = 0;
	$login->print_output_all = DEBUG ? 1 : 0;
	// form
	$form->debug_output_all = DEBUG ? 1 : 0;
	$form->echo_output_all = 0;
	$form->print_output_all = DEBUG ? 1 : 0;
}
// space for setting special debug flags
$login->debug_output_all = 1;
// set smarty arrays
$HEADER = array();
$DATA = array();
$DEBUG_DATA = array();
// set the template dir
// WARNING: this has a special check for the mailing tool layout (old layout)
if (defined('LAYOUT')) {
	$smarty->setTemplateDir(BASE.INCLUDES.TEMPLATES.CONTENT_PATH);
	$DATA['css'] = LAYOUT.CSS;
	$DATA['js'] = LAYOUT.JS;
} else {
	$smarty->setTemplateDir(TEMPLATES);
	$DATA['css'] = CSS;
	$DATA['js'] = JS;
}
// set table width
$table_width = '100%';

// define all needed smarty stuff for the general HTML/page building
$HEADER['CSS'] = CSS;
$HEADER['DEFAULT_ENCODING'] = DEFAULT_ENCODING;
$HEADER['STYLESHEET'] = isset($ADMIN_STYLESHEET) ? $ADMIN_STYLESHEET : ADMIN_STYLESHEET;

if ($form->my_page_name == 'edit_order') {
	// get is for "table_name" and "where" only
	$table_name = isset($_GET['table_name']) ? $_GET['table_name'] : '';
	// $where = isset($_GET['where']) ? $_GET['where'] : '';
	// order name is _always_ order_number for the edit interface

	// follwing arrays do exist here:
	// $position ... has the positions of the array(0..max), cause in a <select>
	//               I can't put an number into the array field, in this array,
	//               there are the POSITION stored, that should CHANGE there order (up/down)
	// $row_data_id ... has ALL ids from the sorting part
	// $row_data_order ... has ALL order positions from the soirting part
	if (!isset($position)) {
		$position = array();
	}
	$row_data_id = $_POST['row_data_id'];
	$original_id = $row_data_id;
	if (count($position)) {
		$row_data_order = $_POST['row_data_order'];

		// FIRST u have to put right sort, then read again ...
		// hast to be >0 or the first one is selected and then there is no move
		if (isset($up) && isset($position[0]) && $position[0] > 0) {
			for ($i = 0; $i < count($position); $i++) {
				// change position order
				// this gets temp, id before that, gets actual (moves one "down")
				// this gets the old before (moves one "up")
				// is done for every element in row
				// echo "A: ".$row_data_id[$position[$i]]." (".$row_data_order[$position[$i]].") -- ".$row_data_id[$position[$i]-1]." (".$row_data_order[$position[$i]-1].")<br>";
				$temp_id = $row_data_id[$position[$i]];
				$row_data_id[$position[$i]] = $row_data_id[$position[$i] - 1];
				$row_data_id[$position[$i] - 1] = $temp_id;
				// echo "A: ".$row_data_id[$position[$i]]." (".$row_data_order[$position[$i]].") -- ".$row_data_id[$position[$i]-1]." (".$row_data_order[$position[$i]-1].")<br>";
			} // for
		} // if up

		// the last position id from position array is not to be the count-1 of row_data_id array, or it is the last element
		if (isset($down) && ($position[count($position) - 1] != (count($row_data_id) - 1))) {
			for ($i = count($position) - 1; $i >= 0; $i --)	{
				// same as up, just up in other way, starts from bottom (last element) and moves "up"
				// element before actuel gets temp, this element, becomes element after this,
				// element after this, gets this
				$temp_id = $row_data_id[$position[$i] + 1];
				$row_data_id[$position[$i] + 1] = $row_data_id[$position[$i]];
				$row_data_id[$position[$i]] = $temp_id;
			} // for
		} // if down

		// write data ... (which has to be abstrackt ...)
		if ((isset($up) && $position[0] > 0) ||
			(isset($down) && ($position[count($position) - 1] != (count($row_data_id) - 1)))
		) {
			for ($i = 0; $i < count($row_data_id); $i ++) {
				$q = "UPDATE ".$table_name." SET order_number = ".$row_data_order[$i]." WHERE ".$table_name."_id = ".$row_data_id[$i];
				$q = $form->dbExec($q);
			} // for all article ids ...
		} // if write
	} // if there is something to move

	// get ...
	$q = "SELECT ".$table_name."_id, name, order_number FROM ".$table_name." ";
	if (!empty($where_string)) {
		$q .= "WHERE $where_string ";
	}
	$q .= "ORDER BY order_number";

	// init arrays
	$row_data = array();
	$options_id = array();
	$options_name = array();
	$options_selected = array();
	// DB read data for menu
	while ($res = $form->dbReturn($q)) {
		$row_data[] = array(
			"id" => $res[$table_name."_id"],
			"name" => $res["name"],
			"order" => $res["order_number"]
		);
	} // while read data ...

	// html title
	$HEADER['HTML_TITLE'] = $form->l->__('Edit Order');

	$messages = array();
	// error msg
	if (isset($error)) {
		if (!isset($msg)) {
			$msg = array();
		}
		$messages[] = array('msg' => $msg, 'class' => 'error', 'width' => '100%');
	}
	$DATA['form_error_msg'] = $messages;

	// all the row data
	for ($i = 0; $i < count($row_data); $i ++) {
		$options_id[] = $i;
		$options_name[] = $row_data[$i]['name'];
		// list of points to order
		for ($j = 0; $j < count($position); $j++) {
			// if matches, put into select array
			if ($original_id[$position[$j]] == $row_data[$i]['id']) {
				$options_selected[] = $i;
			}
		}
	}
	$DATA['options_id'] = $options_id;
	$DATA['options_name'] = $options_name;
	$DATA['options_selected'] = $options_selected;

	// hidden list for the data (id, order number)
	$row_data_id = array();
	$row_data_order = array();
	for ($i = 0; $i < count($row_data); $i++) {
		$row_data_id[] = $row_data[$i]['id'];
		$row_data_order[] = $row_data[$i]['order'];
	}
	$DATA['row_data_id'] = $row_data_id;
	$DATA['row_data_order'] = $row_data_order;

	// hidden names for the table & where string
	$DATA['table_name'] = $table_name;
	$DATA['where_string'] = isset($where_string) ? $where_string : '';

	$EDIT_TEMPLATE = 'edit_order.tpl';
} else {
	// load call only if id is set
	if (isset(${$form->archive_pk_name})) {
		$form->formProcedureLoad(${$form->archive_pk_name});
	}
	$form->formProcedureNew();
	$form->formProcedureSave();
	$form->formProcedureDelete();
	// delete call only if those two are set
	if (isset($element_list) && isset($remove_name)) {
		$form->formProcedureDeleteFromElementList($element_list, $remove_name);
	}

	$DATA['table_width'] = $table_width;

	$messages = array();
	// write out error / status messages
	$messages[] = $form->formPrintMsg();
	$DATA['form_error_msg'] = $messages;

	// MENU START
	// request some session vars
	if (!isset($HEADER_COLOR)) {
		$DATA['HEADER_COLOR'] = '#E0E2FF';
	} else {
		$DATA['HEADER_COLOR'] = $_SESSION['HEADER_COLOR'];
	}
	$DATA['USER_NAME'] = $_SESSION['USER_NAME'];
	$DATA['EUID'] = $_SESSION['EUID'];
	$DATA['GROUP_NAME'] = $_SESSION['GROUP_NAME'];
	$DATA['GROUP_LEVEL'] = $_SESSION['GROUP_ACL_LEVEL'];
	$PAGES = $_SESSION['PAGES'];

	//$form->debug('menu', $form->printAr($PAGES));

	// build nav from $PAGES ...
	if (!isset($PAGES) || !is_array($PAGES)) {
		$PAGES = array();
	}
	$menuarray = array();
	foreach ($PAGES as $PAGE_CUID => $PAGE_DATA) {
		if ($PAGE_DATA['menu'] && $PAGE_DATA['online']) {
			$menuarray[] = $PAGE_DATA;
		}
	}

	// split point for nav points
	$COUNT_NAV_POINTS = count($menuarray);
	$SPLIT_FACTOR = 3;
	$START_SPLIT_COUNT = 3;
	// WTF ?? I dunno what I am doing here ...
	for ($i = 9; $i < $COUNT_NAV_POINTS; $i += $START_SPLIT_COUNT) {
		if ($COUNT_NAV_POINTS > $i) {
			$SPLIT_FACTOR += 1;
		}
	}

	$position = 0;
	$menu_data = array();
	// for ($i = 1; $i <= count($menuarray); $i ++) {
	foreach ($menuarray as $i => $data) {
		// do that for new array
		$j = $i + 1;
		$menu_data[$i]['pagename'] = htmlentities($data['page_name']);
		$menu_data[$i]['filename'] =
			// prefix folder or host name
			(isset($data['hostname']) && $data['hostname'] ?
				$data['hostname'] :
				''
			).
			// filename
			$data['filename'].
			// query string
			(isset($data['query_string']) && $data['query_string'] ?
				$data['query_string'] :
				''
			);
		if ($j == 1 || !($i % $SPLIT_FACTOR)) {
			$menu_data[$i]['splitfactor_in'] = 1;
		} else {
			$menu_data[$i]['splitfactor_in'] = 0;
		}
		// on matching, we also need to check if we are in the same folder
		if ($data['filename'] == $form->getPageName() &&
			(!isset($data['hostname']) || (
				isset($data['hostname']) &&
					(!$data['hostname'] || strstr($data['hostname'], CONTENT_PATH) !== false)
			))
		) {
			$position = $j;
			$menu_data[$i]['position'] = 1;
			$menu_data[$i]['popup'] = 0;
		} else {
			// add query stuff
			// HAS TO DONE LATER ... set urlencode, etc ...
			// check if popup needed
			if (isset($data['popup']) && $data['popup'] == 1) {
				$menu_data[$i]['popup'] = 1;
				$menu_data[$i]['rand'] = uniqid((string)rand());
				$menu_data[$i]['width'] = $data['popup_x'];
				$menu_data[$i]['height'] = $data['popup_y'];
			} else {
				$menu_data[$i]['popup'] = 0;
			}
			$menu_data[$i]['position'] = 0;
		} // highlight or not
		if (!($j % $SPLIT_FACTOR) || (($j + 1) > count($menuarray))) {
			$menu_data[$i]['splitfactor_out'] = 1;
		} else {
			$menu_data[$i]['splitfactor_out'] = 0;
		}
	} // for
	// $form->debug('MENU ARRAY', $form->printAr($menu_data));
	$DATA['menu_data'] = $menu_data;
	$DATA['page_name'] = $menuarray[$position]['page_name'];
	$L_TITLE = $DATA['page_name'];
	// html title
	$HEADER['HTML_TITLE'] = $form->l->__($L_TITLE);
	// END MENU
	// LOAD AND NEW
	$DATA['load'] = $form->formCreateLoad();
	$DATA['new'] = $form->formCreateNew();
	// SHOW DATA PART
	if ($form->yes) {
		$DATA['form_yes'] = $form->yes;
		$DATA['form_my_page_name'] = $form->my_page_name;
		$DATA['filename_exist'] = 0;
		$DATA['drop_down_input'] = 0;
		$elements = array();
		// depending on the "getPageName()" I show different stuff
		switch ($form->my_page_name) {
			case 'edit_users':
				$elements[] = $form->formCreateElement('login_error_count');
				$elements[] = $form->formCreateElement('login_error_date_last');
				$elements[] = $form->formCreateElement('login_error_date_first');
				$elements[] = $form->formCreateElement('enabled');
				$elements[] = $form->formCreateElement('protected');
				$elements[] = $form->formCreateElement('username');
				$elements[] = $form->formCreateElement('password');
				$elements[] = $form->formCreateElement('password_change_interval');
				$elements[] = $form->formCreateElement('email');
				$elements[] = $form->formCreateElement('last_name');
				$elements[] = $form->formCreateElement('first_name');
				$elements[] = $form->formCreateElement('edit_group_id');
				$elements[] = $form->formCreateElement('edit_access_right_id');
				$elements[] = $form->formCreateElement('strict');
				$elements[] = $form->formCreateElement('locked');
				$elements[] = $form->formCreateElement('admin');
				$elements[] = $form->formCreateElement('debug');
				$elements[] = $form->formCreateElement('db_debug');
				$elements[] = $form->formCreateElement('edit_language_id');
				$elements[] = $form->formCreateElement('edit_scheme_id');
				$elements[] = $form->formCreateElementListTable('edit_access_user');
				$elements[] = $form->formCreateElement('additional_acl');
				break;
			case 'edit_schemes':
				$elements[] = $form->formCreateElement('enabled');
				$elements[] = $form->formCreateElement('name');
				$elements[] = $form->formCreateElement('header_color');
				$elements[] = $form->formCreateElement('template');
				break;
			case 'edit_pages':
				if (!isset($form->table_array['edit_page_id']['value'])) {
					$q = "DELETE FROM temp_files";
					$form->dbExec($q);
					// gets all files in the current dir and dirs given ending with .php
					$folders = array('../admin/', '../frontend/');
					$files = array('*.php');
					$search_glob = array();
					foreach ($folders as $folder) {
						// make sure this folder actually exists
						if (is_dir(ROOT.$folder)) {
							foreach ($files as $file) {
								$search_glob[] = $folder.$file;
							}
						}
					}
					$crap = exec('ls '.join(' ', $search_glob), $output, $status);
					// now get all that are NOT in de DB
					$q = "INSERT INTO temp_files (folder, filename) VALUES ";
					$t_q = '';
					foreach ($output as $output_file) {
						// split the ouput into folder and file
						// eg ../admin/test.php is ../admin/ and test.php
						preg_match("/([\.\/\w]+\/)+(\w+\.\w{1,})$/", $output_file, $matches);
						// if named config.php, skip
						if ($matches[2] != 'config.php') {
							if ($t_q) {
								$t_q .= ', ';
							}
							$t_q .= "('".$form->dbEscapeString($matches[1])."', '".$form->dbEscapeString($matches[2])."')";
						}
					}
					$form->dbExec($q.$t_q, 'NULL');
					$elements[] = $form->formCreateElement('filename');
				} else {
					// show file menu
					// just show name of file ...
					$DATA['filename_exist'] = 1;
					$DATA['filename'] = $form->table_array['filename']['value'];
				} // File Name View IF
				$elements[] = $form->formCreateElement('hostname');
				$elements[] = $form->formCreateElement('name');
				// $elements[] = $form->formCreateElement('tag');
				// $elements[] = $form->formCreateElement('min_acl');
				$elements[] = $form->formCreateElement('order_number');
				$elements[] = $form->formCreateElement('online');
				$elements[] = $form->formCreateElement('menu');
				$elements[] = $form->formCreateElementListTable('edit_query_string');
				$elements[] = $form->formCreateElement('content_alias_edit_page_id');
				$elements[] = $form->formCreateElementListTable('edit_page_content');
				$elements[] = $form->formCreateElement('popup');
				$elements[] = $form->formCreateElement('popup_x');
				$elements[] = $form->formCreateElement('popup_y');
				$elements[] = $form->formCreateElementReferenceTable('edit_visible_group');
				$elements[] = $form->formCreateElementReferenceTable('edit_menu_group');
				break;
			case 'edit_languages':
				$elements[] = $form->formCreateElement('enabled');
				$elements[] = $form->formCreateElement('short_name');
				$elements[] = $form->formCreateElement('long_name');
				$elements[] = $form->formCreateElement('iso_name');
				break;
			case 'edit_groups':
				$elements[] = $form->formCreateElement('enabled');
				$elements[] = $form->formCreateElement('name');
				$elements[] = $form->formCreateElement('edit_access_right_id');
				$elements[] = $form->formCreateElement('edit_scheme_id');
				$elements[] = $form->formCreateElementListTable('edit_page_access');
				$elements[] = $form->formCreateElement('additional_acl');
				break;
			case 'edit_visible_group':
				$elements[] = $form->formCreateElement('name');
				$elements[] = $form->formCreateElement('flag');
				break;
			case 'edit_menu_group':
				$elements[] = $form->formCreateElement('name');
				$elements[] = $form->formCreateElement('flag');
				$elements[] = $form->formCreateElement('order_number');
				break;
			case 'edit_access':
				$elements[] = $form->formCreateElement('name');
				$elements[] = $form->formCreateElement('enabled');
				$elements[] = $form->formCreateElement('protected');
				$elements[] = $form->formCreateElement('color');
				$elements[] = $form->formCreateElement('description');
				// add name/value list here
				$elements[] = $form->formCreateElementListTable('edit_access_data');
				$elements[] = $form->formCreateElement('additional_acl');
				break;
			default:
				print '[No valid page definition given]';
				break;
		}
		// $form->debug('edit', "Elements: <pre>".$form->printAr($elements));
		$DATA['elements'] = $elements;
		$DATA['hidden'] = $form->formCreateHiddenFields();
		$DATA['save_delete'] = $form->formCreateSaveDelete();
	} else {
		$DATA['form_yes'] = 0;
	}
	$EDIT_TEMPLATE = 'edit_body.tpl';
}

// debug data, if DEBUG flag is on, this data is print out
$DEBUG_DATA['DEBUG'] = isset($DEBUG_TMPL) ? $DEBUG_TMPL : '';

// create main data array
$CONTENT_DATA = array_merge($HEADER, $DATA, $DEBUG_DATA);
// data is 1:1 mapping (all vars, values, etc)
foreach ($CONTENT_DATA as $key => $value) {
	$smarty->assign($key, $value);
}
if (is_dir(BASE.TEMPLATES_C)) {
	$smarty->setCompileDir(BASE.TEMPLATES_C);
}
if (is_dir(BASE.CACHE)) {
	$smarty->setCacheDir(BASE.CACHE);
}
$smarty->display($EDIT_TEMPLATE, 'editAdmin_'.$smarty->lang, 'editAdmin_'.$smarty->lang);

// debug output
echo $login->printErrorMsg();
echo $form->printErrorMsg();

// __END__