3 // Reminder: always indent with 4 spaces (no tabs).
4 // +---------------------------------------------------------------------------+
5 // | Static Pages Plugin 1.6 |
6 // +---------------------------------------------------------------------------+
7 // | services.inc.php |
9 // | This file implements the services provided by the 'Static Pages' plugin. |
10 // +---------------------------------------------------------------------------+
11 // | Copyright (C) 2000-2009 by the following authors: |
13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
14 // | Tom Willett - twillett AT users DOT sourceforge DOT net |
15 // | Blaine Lang - langmail AT sympatico DOT ca |
16 // | Dirk Haun - dirk AT haun-online DOT de |
17 // | Ramnath R Iyer - rri AT silentyak DOT com |
18 // +---------------------------------------------------------------------------+
20 // | This program is free software; you can redistribute it and/or |
21 // | modify it under the terms of the GNU General Public License |
22 // | as published by the Free Software Foundation; either version 2 |
23 // | of the License, or (at your option) any later version. |
25 // | This program is distributed in the hope that it will be useful, |
26 // | but WITHOUT ANY WARRANTY; without even the implied warranty of |
27 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
28 // | GNU General Public License for more details. |
30 // | You should have received a copy of the GNU General Public License |
31 // | along with this program; if not, write to the Free Software Foundation, |
32 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
34 // +---------------------------------------------------------------------------+
37 * Functions related to the webservices and the internal plugin API
39 * @package StaticPages
42 if (strpos(strtolower($_SERVER['PHP_SELF']), 'services.inc.php') !== false) {
43 die('This file can not be used on its own.');
47 * Max. length of the ID for a static page.
48 * This must be kept in sync with the actual size of 'sp_id' in the db.
50 define('STATICPAGE_MAX_ID_LENGTH', 40);
53 * Submit static page. The page is updated if it exists, or a new one is created
55 * @param array args Contains all the data provided by the client
56 * @param string &output OUTPUT parameter containing the returned text
57 * @param string &svc_msg OUTPUT parameter containing any service messages
58 * @return int Response code as defined in lib-plugins.php
60 function service_submit_staticpages($args, &$output, &$svc_msg)
62 global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC,
63 $LANG_LOGIN, $_GROUPS, $_SP_CONF;
65 if (version_compare(PHP_VERSION, '5.0.0', '>=') &&
66 (! $_CONF['disable_webservices'])) {
67 require_once $_CONF['path_system'] . '/lib-webservices.php';
72 if (!SEC_hasRights('staticpages.edit')) {
73 $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
74 $output .= COM_startBlock($LANG_STATIC['access_denied'], '',
75 COM_getBlockTemplate('_msg_block', 'header'));
76 $output .= $LANG_STATIC['access_denied_msg'];
77 $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
78 $output .= COM_siteFooter();
80 return PLG_RET_AUTH_FAILED;
85 foreach ($args as $k => $v) {
90 foreach ($v as $k1 => $v1) {
91 echo " $k1 => $v1\r\n";
98 if (isset($args['gl_edit'])) {
99 $gl_edit = $args['gl_edit'];
102 // This is EDIT mode, so there should be an sp_old_id
103 if (empty($args['sp_old_id'])) {
104 if (!empty($args['id'])) {
105 $args['sp_old_id'] = $args['id'];
107 return PLG_RET_ERROR;
110 if (empty($args['sp_id'])) {
111 $args['sp_id'] = $args['sp_old_id'];
115 if (empty($args['sp_id']) && !empty($args['id'])) {
116 $args['sp_id'] = $args['id'];
120 if (!isset($args['sp_uid'])) {
121 $args['sp_uid'] = $_USER['uid'];
124 if (empty($args['sp_title']) && !empty($args['title'])) {
125 $args['sp_title'] = $args['title'];
128 if (empty($args['sp_content']) && !empty($args['content'])) {
129 $args['sp_content'] = $args['content'];
132 if (isset($args['category']) && is_array($args['category']) &&
133 !empty($args['category'][0])) {
134 $args['sp_tid'] = $args['category'][0];
137 if (!isset($args['owner_id'])) {
138 $args['owner_id'] = $_USER['uid'];
141 if (empty($args['group_id'])) {
142 $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
145 $args['sp_id'] = COM_sanitizeID($args['sp_id']);
147 if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
149 if (isset($args['slug'])) {
150 $slug = $args['slug'];
152 if (function_exists('WS_makeId')) {
153 $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
155 $args['sp_id'] = COM_makeSid();
160 // Apply filters to the parameters passed by the webservice
161 if ($args['gl_svc']) {
162 $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format',
164 $par_num = array('sp_uid', 'sp_hits', 'owner_id', 'group_id',
165 'sp_where', 'sp_php', 'commentcode');
167 foreach ($par_str as $str) {
168 if (isset($args[$str])) {
169 $args[$str] = COM_applyBasicFilter($args[$str]);
175 foreach ($par_num as $num) {
176 if (isset($args[$num])) {
177 $args[$num] = COM_applyBasicFilter($args[$num], true);
184 // START: Staticpages defaults
186 if(empty($args['sp_format'])) {
187 $args['sp_format'] = 'allblocks';
190 if (empty($args['sp_tid'])) {
191 $args['sp_tid'] = 'all';
194 if (($args['sp_where'] < 0) || ($args['sp_where'] > 3)) {
195 $args['sp_where'] = 0;
198 if (($args['sp_php'] < 0) || ($args['sp_php'] > 2)) {
202 if (($args['commentcode'] < -1) || ($args['commentcode'] > 1)) {
203 $args['commentcode'] = $_CONF['comment_code'];
206 if ($args['gl_svc']) {
208 if (!isset($args['perm_owner'])) {
209 $args['perm_owner'] = $_SP_CONF['default_permissions'][0];
211 $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
213 if (!isset($args['perm_group'])) {
214 $args['perm_group'] = $_SP_CONF['default_permissions'][1];
216 $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
218 if (!isset($args['perm_members'])) {
219 $args['perm_members'] = $_SP_CONF['default_permissions'][2];
221 $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
223 if (!isset($args['perm_anon'])) {
224 $args['perm_anon'] = $_SP_CONF['default_permissions'][3];
226 $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
229 if (!isset($args['sp_onmenu'])) {
230 $args['sp_onmenu'] = '';
231 } else if (($args['sp_onmenu'] == 'on') && empty($args['sp_label'])) {
232 $svc_msg['error_desc'] = 'Menu label missing';
233 return PLG_RET_ERROR;
236 if (empty($args['sp_content'])) {
237 $svc_msg['error_desc'] = 'No content';
238 return PLG_RET_ERROR;
241 if (empty($args['sp_inblock']) && ($_SP_CONF['in_block'] == '1')) {
242 $args['sp_inblock'] = 'on';
245 if (empty($args['sp_centerblock'])) {
246 $args['sp_centerblock'] = '';
250 // END: Staticpages defaults
252 $sp_id = $args['sp_id'];
253 $sp_uid = $args['sp_uid'];
254 $sp_title = $args['sp_title'];
255 $sp_content = $args['sp_content'];
256 $sp_hits = $args['sp_hits'];
257 $sp_format = $args['sp_format'];
258 $sp_onmenu = $args['sp_onmenu'];
260 if (!empty($args['sp_label'])) {
261 $sp_label = $args['sp_label'];
263 $meta_description = $args['meta_description'];
264 $meta_keywords = $args['meta_keywords'];
265 $commentcode = $args['commentcode'];
266 $owner_id = $args['owner_id'];
267 $group_id = $args['group_id'];
268 $perm_owner = $args['perm_owner'];
269 $perm_group = $args['perm_group'];
270 $perm_members = $args['perm_members'];
271 $perm_anon = $args['perm_anon'];
272 $sp_php = $args['sp_php'];
274 if (!empty($args['sp_nf'])) {
275 $sp_nf = $args['sp_nf'];
277 $sp_old_id = $args['sp_old_id'];
278 $sp_centerblock = $args['sp_centerblock'];
280 if (!empty($args['sp_help'])) {
281 $sp_help = $args['sp_help'];
283 $sp_tid = $args['sp_tid'];
284 $sp_where = $args['sp_where'];
285 $sp_inblock = $args['sp_inblock'];
286 $postmode = $args['postmode'];
288 if ($gl_edit && !empty($args['gl_etag'])) {
289 // First load the original staticpage to check if it has been modified
292 $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
294 if ($r == PLG_RET_OK) {
295 if ($args['gl_etag'] != $o['updated']) {
296 $svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
297 return PLG_RET_PRECONDITION_FAILED;
300 $svc_msg['error_desc'] = 'The requested staticpage no longer exists';
301 return PLG_RET_ERROR;
305 // Check for unique page ID
306 $duplicate_id = false;
307 $delete_old_page = false;
308 if (DB_count ($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
309 if ($sp_id != $sp_old_id) {
310 $duplicate_id = true;
312 } elseif (!empty ($sp_old_id)) {
313 if ($sp_id != $sp_old_id) {
314 $delete_old_page = true;
319 $output .= COM_siteHeader ('menu', $LANG_STATIC['staticpageeditor']);
320 $output .= COM_errorLog ($LANG_STATIC['duplicate_id'], 2);
321 if (!$args['gl_svc']) {
322 $output .= staticpageeditor ($sp_id);
324 $output .= COM_siteFooter ();
325 $svc_msg['error_desc'] = 'Duplicate ID';
326 return PLG_RET_ERROR;
327 } elseif (!empty ($sp_title) && !empty ($sp_content)) {
328 if (empty ($sp_hits)) {
332 if ($sp_onmenu == 'on') {
337 if ($sp_nf == 'on') {
342 if ($sp_centerblock == 'on') {
347 if ($sp_inblock == 'on') {
354 if ($_SP_CONF['censor'] == 1) {
355 $sp_content = COM_checkWords ($sp_content);
356 $sp_title = COM_checkWords ($sp_title);
358 if ($_SP_CONF['filter_html'] == 1) {
359 $sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
361 $sp_title = strip_tags ($sp_title);
362 $sp_label = strip_tags ($sp_label);
364 $meta_description = strip_tags ($meta_description);
365 $meta_keywords = strip_tags ($meta_keywords);
367 $sp_content = addslashes ($sp_content);
368 $sp_title = addslashes ($sp_title);
369 $sp_label = addslashes ($sp_label);
370 $meta_description = addslashes ($meta_description);
371 $meta_keywords = addslashes ($meta_keywords);
373 // If user does not have php edit perms, then set php flag to 0.
374 if (($_SP_CONF['allow_php'] != 1) || !SEC_hasRights ('staticpages.PHP')) {
378 // make sure there's only one "entire page" static page per topic
379 if (($sp_centerblock == 1) && ($sp_where == 0)) {
380 $sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE sp_centerblock = 1 AND sp_where = 0 AND sp_tid = '$sp_tid'";
382 // if we're in a multi-language setup, we need to allow one "entire
383 // page" centerblock for 'all' or 'none' per language
384 if ((!empty($_CONF['languages']) &&
385 !empty($_CONF['language_files'])) &&
386 (($sp_tid == 'all') || ($sp_tid == 'none'))) {
387 $ids = explode('_', $sp_id);
388 if (count($ids) > 1) {
389 $lang_id = array_pop($ids);
391 $sql .= " AND sp_id LIKE '%\\_$lang_id'";
398 $formats = array ('allblocks', 'blankpage', 'leftblocks', 'noblocks');
399 if (!in_array ($sp_format, $formats)) {
400 $sp_format = 'allblocks';
403 if (!$args['gl_svc']) {
404 list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon);
407 DB_save ($_TABLES['staticpage'], 'sp_id,sp_uid,sp_title,sp_content,sp_date,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,meta_description,meta_keywords,owner_id,group_id,'
408 .'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode',
409 "'$sp_id',$sp_uid,'$sp_title','$sp_content',NOW(),$sp_hits,'$sp_format',$sp_onmenu,'$sp_label','$commentcode','$meta_description','$meta_keywords',$owner_id,$group_id,"
410 ."$perm_owner,$perm_group,$perm_members,$perm_anon,'$sp_php','$sp_nf',$sp_centerblock,'$sp_help','$sp_tid',$sp_where,"
411 ."'$sp_inblock','$postmode'");
413 if ($delete_old_page && !empty ($sp_old_id)) {
414 DB_delete ($_TABLES['staticpage'], 'sp_id', $sp_old_id);
417 if (empty($sp_old_id) || ($sp_id == $sp_old_id)) {
418 PLG_itemSaved($sp_id, 'staticpages');
420 DB_change($_TABLES['comments'], 'sid', addslashes($sp_id),
421 array('sid', 'type'),
422 array(addslashes($sp_old_id), 'staticpages'));
423 PLG_itemSaved($sp_id, 'staticpages', $sp_old_id);
426 $url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page='
428 $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url,
431 $svc_msg['id'] = $sp_id;
434 $output .= COM_siteHeader ('menu', $LANG_STATIC['staticpageeditor']);
435 $output .= COM_errorLog ($LANG_STATIC['no_title_or_content'], 2);
436 if (!$args['gl_svc']) {
437 $output .= staticpageeditor ($sp_id);
439 $output .= COM_siteFooter ();
440 return PLG_RET_ERROR;
445 * Delete an existing static page
447 * @param array args Contains all the data provided by the client
448 * @param string &output OUTPUT parameter containing the returned text
449 * @param string &svc_msg OUTPUT parameter containing any service messages
450 * @return int Response code as defined in lib-plugins.php
452 function service_delete_staticpages($args, &$output, &$svc_msg)
454 global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC,
457 $output = COM_refresh($_CONF['site_admin_url']
458 . '/plugins/staticpages/index.php?msg=20');
460 if (empty($args['sp_id']) && !empty($args['id']))
461 $args['sp_id'] = $args['id'];
463 // Apply filters to the parameters passed by the webservice
465 if ($args['gl_svc']) {
466 $args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
467 $args['mode'] = COM_applyBasicFilter($args['mode']);
470 $sp_id = $args['sp_id'];
472 if (!SEC_hasRights ('staticpages.delete')) {
473 $output = COM_siteHeader ('menu', $LANG_STATIC['access_denied']);
474 $output .= COM_startBlock ($LANG_STATIC['access_denied'], '',
475 COM_getBlockTemplate ('_msg_block', 'header'));
476 $output .= $LANG_STATIC['access_denied_msg'];
477 $output .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
478 $output .= COM_siteFooter ();
479 if ($_USER['uid'] > 1) {
480 return PLG_RET_PERMISSION_DENIED;
482 return PLG_RET_AUTH_FAILED;
486 DB_delete($_TABLES['staticpage'], 'sp_id', $sp_id);
487 DB_delete($_TABLES['comments'], array('sid', 'type'),
488 array($sp_id, 'staticpages'));
490 PLG_itemDeleted($sp_id, 'staticpages');
496 * Get an existing static page
498 * @param array args Contains all the data provided by the client
499 * @param string &output OUTPUT parameter containing the returned text
500 * @param string &svc_msg OUTPUT parameter containing any service messages
501 * @return int Response code as defined in lib-plugins.php
503 function service_get_staticpages($args, &$output, &$svc_msg)
505 global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_SP_CONF;
509 $svc_msg['output_fields'] = array(
524 if (empty($args['sp_id']) && !empty($args['id'])) {
525 $args['sp_id'] = $args['id'];
528 if ($args['gl_svc']) {
529 if (isset($args['sp_id'])) {
530 $args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
532 if (isset($args['mode'])) {
533 $args['mode'] = COM_applyBasicFilter($args['mode']);
536 if (empty($args['sp_id'])) {
537 $svc_msg['gl_feed'] = true;
539 $svc_msg['gl_feed'] = false;
542 $svc_msg['gl_feed'] = false;
545 if (!$svc_msg['gl_feed']) {
547 if (isset($args['sp_id'])) {
548 $page = $args['sp_id'];
551 if (isset($args['mode'])) {
552 $mode = $args['mode'];
560 $perms = SP_getPerms ();
561 if (!empty ($perms)) {
562 $perms = ' AND ' . $perms;
565 $sql['mysql'] = "SELECT sp_title,sp_content,sp_hits,sp_date,sp_format,"
566 . "commentcode,meta_description,meta_keywords,owner_id,"
567 . "group_id,perm_owner,perm_group,"
568 . "perm_members,perm_anon,sp_tid,sp_help,sp_php,"
569 . "sp_inblock FROM {$_TABLES['staticpage']} "
570 . "WHERE (sp_id = '$page')" . $perms;
571 $sql['mssql'] = "SELECT sp_title,"
572 . "CAST(sp_content AS text) AS sp_content,sp_hits,"
573 . "sp_date,sp_format,commentcode,"
574 . "CAST(meta_description AS text) AS meta_description,"
575 . "CAST(meta_keywords AS text) AS meta_keywords,"
576 . "owner_id,group_id,perm_owner,perm_group,perm_members,"
577 . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock "
578 . "FROM {$_TABLES['staticpage']} WHERE (sp_id = '$page')"
580 $result = DB_query ($sql);
581 $count = DB_numRows ($result);
583 if ($count == 0 || $count > 1) {
588 $output = DB_fetchArray ($result, false);
590 // WE ASSUME $output doesn't have any confidential fields
592 } else { // an error occured (page not found, access denied, ...)
596 $failflg = DB_getItem ($_TABLES['staticpage'], 'sp_nf', "sp_id='$page'");
599 if ($mode !== 'autotag') {
600 $output = COM_siteHeader ('menu');
602 $output .= COM_startBlock ($LANG_LOGIN[1], '',
603 COM_getBlockTemplate ('_msg_block', 'header'));
604 $login = new Template ($_CONF['path_layout'] . 'submit');
605 $login->set_file (array ('login' => 'submitloginrequired.thtml'));
606 $login->set_var ('login_message', $LANG_LOGIN[2]);
607 $login->set_var ('site_url', $_CONF['site_url']);
608 $login->set_var ('lang_login', $LANG_LOGIN[3]);
609 $login->set_var ('lang_newuser', $LANG_LOGIN[4]);
610 $login->parse ('output', 'login');
611 $output .= $login->finish ($login->get_var ('output'));
612 $output .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
613 if ($mode !== 'autotag') {
614 $output .= COM_siteFooter (true);
617 if ($mode !== 'autotag') {
618 $output = COM_siteHeader ('menu');
620 $output .= COM_startBlock ($LANG_ACCESS['accessdenied'], '',
621 COM_getBlockTemplate ('_msg_block', 'header'));
622 $output .= $LANG_STATIC['deny_msg'];
623 $output .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
624 if ($mode !== 'autotag') {
625 $output .= COM_siteFooter (true);
629 return PLG_RET_ERROR;
632 if ($args['gl_svc']) {
633 // This date format is PHP 5 only,
634 // but only the web-service uses the value
635 $output['published'] = date('c', strtotime($output['sp_date']));
636 $output['updated'] = date('c', strtotime($output['sp_date']));
637 $output['id'] = $page;
638 $output['title'] = $output['sp_title'];
639 $output['category'] = array($output['sp_tid']);
640 $output['content'] = $output['sp_content'];
641 $output['content_type'] = 'html';
643 $owner_data = SESS_getUserDataFromId($output['owner_id']);
645 $output['author_name'] = $owner_data['username'];
647 $output['link_edit'] = $page;
653 if (isset($args['mode'])) {
654 $mode = $args['mode'];
657 $perms = SP_getPerms();
658 if (!empty ($perms)) {
659 $perms = ' WHERE ' . $perms;
663 if (isset($args['offset'])) {
664 $offset = COM_applyBasicFilter($args['offset'], true);
666 $max_items = $_SP_CONF['atom_max_items'] + 1;
668 $limit = " LIMIT $offset, $max_items";
669 $order = " ORDER BY sp_date DESC";
671 $sql['mysql'] = "SELECT sp_id,sp_title,sp_content,sp_hits,sp_date,sp_format,meta_description,meta_keywords,owner_id,"
672 ."group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php,"
673 ."sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
674 $sql['mssql'] = "SELECT sp_id,sp_title,CAST(sp_content AS text) AS sp_content,sp_hits,"
675 ."sp_date,sp_format,CAST(meta_description AS text) AS meta_description,CAST(meta_keywords AS text) AS meta_keywords,owner_id,group_id,perm_owner,perm_group,perm_members,"
676 ."perm_anon,sp_tid,sp_help,sp_php,sp_inblock FROM {$_TABLES['staticpage']}"
677 . $perms . $order . $limit;
678 $result = DB_query ($sql);
681 while (($output_item = DB_fetchArray ($result, false)) !== false) {
682 // WE ASSUME $output doesn't have any confidential fields
685 if ($count == $max_items) {
686 $svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
690 if($args['gl_svc']) {
691 // This date format is PHP 5 only, but only the web-service uses the value
692 $output_item['published'] = date('c', strtotime($output_item['sp_date']));
693 $output_item['updated'] = date('c', strtotime($output_item['sp_date']));
694 $output_item['id'] = $output_item['sp_id'];
695 $output_item['title'] = $output_item['sp_title'];
696 $output_item['category'] = array($output_item['sp_tid']);
697 $output_item['content'] = $output_item['sp_content'];
698 $output_item['content_type'] = 'html';
700 $owner_data = SESS_getUserDataFromId($output_item['owner_id']);
702 $output_item['author_name'] = $owner_data['username'];
704 $output[] = $output_item;
712 * Get all the topics available
714 * @param array args Contains all the data provided by the client
715 * @param string &output OUTPUT parameter containing the returned text
716 * @return int Response code as defined in lib-plugins.php
718 function service_getTopicList_staticpages($args, &$output, &$svc_msg)
720 //$output = COM_topicArray('tid');