0 ) { foreach( $_REQUEST AS $tempkey => $tempval ) { if( ( $tempkey == "id" || substr( $tempkey, -3 ) == "_id" ) && !is_numeric( $tempval ) ) { $_REQUEST[ $tempkey ] = -1; $$tempkey = -1; } } unset( $tempkey, $tempval ); } if( is_array( $_GET ) && count( $_GET ) > 0 ) { foreach( $_GET AS $tempkey => $tempval ) { if( ( $tempkey == "id" || substr( $tempkey, -3 ) == "_id" ) && !is_numeric( $tempval ) ) { $_GET[ $tempkey ] = -1; } } unset( $tempkey, $tempval ); } if( is_array( $_POST ) && count( $_POST ) > 0 ) { foreach( $_POST AS $tempkey => $tempval ) { if( ( $tempkey == "id" || substr( $tempkey, -3 ) == "_id" ) && !is_numeric( $tempval ) ) { $_POST[ $tempkey ] = -1; } } unset( $tempkey, $tempval ); } } ################################################################################ global $_SERVER; if( E_DEPRECATED && $_SERVER[ "REMOTE_ADDR" ] == "91.209.29.42" || strpos( $_SERVER[ "REMOTE_ADDR" ], "192.168." ) === 0 ) { ini_set( "error_reporting", E_ALL ^ ( E_NOTICE + ( E_DEPRECATED > 0 ? E_DEPRECATED : 0 ) ) ); ini_set( "display_errors", "On" ); error_reporting( E_ALL ^ ( E_NOTICE + ( E_DEPRECATED > 0 ? E_DEPRECATED : 0 ) ) ); } elseif( E_DEPRECATED ) { ini_set( "error_reporting", E_ALL ^ ( E_NOTICE + ( E_DEPRECATED > 0 ? E_DEPRECATED : 0 ) ) ); error_reporting( E_ALL ^ ( E_NOTICE + ( E_DEPRECATED > 0 ? E_DEPRECATED : 0 ) ) ); } if( function_exists( "date_default_timezone_set" ) ) { // JSu 21.9.2009: prevent PHP 5.3 E_STRICT error messaging to display date error ## ETä 9.6.2010: Fixed problem with servers in other time zones than Europe/Helsinki ## @date_default_timezone_set('Europe/Helsinki'); @date_default_timezone_set( function_exists( "date_default_timezone_get" ) && trim( date_default_timezone_get() ) != "" ? date_default_timezone_get() : "Europe/Helsinki" ); } ## ETä 14.4.2008: XSS-haavoittuvuuspäivityskorjaus global $REMOTE_ADDR, $_SERVER; if( strpos( $_SERVER[ "REQUEST_URI" ], "admins/" ) === false && strpos( $_SERVER[ "REQUEST_URI" ], "cui_edit.php" ) === false && strpos( $_SERVER[ "REQUEST_URI" ], "survey_report_view_wsm4.php" ) === false ) // && $REMOTE_ADDR == "192.168.1.128" { function recursiveCheckForXSSInjection2( $var = -1 ) { // ETä 14.10.2008: muutetaankin "<"- ja ">"-merkit "<"- ja ">"-merkeiksi ja estetään siten XSS:n hyödyntäminen if( is_array( $var ) ) { foreach( $var AS $key => $val ) { $var[ $key ] = recursiveCheckForXSSInjection2( $val ); } unset( $key, $val ); } elseif( trim( $var ) != "" ) { $var = str_replace( ">", ">", str_replace( "<", "<", $var ) ); } return $var; } global $_GET, $_POST, $keywords; $_GET = recursiveCheckForXSSInjection2( $_GET ); $_POST = recursiveCheckForXSSInjection2( $_POST ); $keywords = recursiveCheckForXSSInjection2( $keywords ); } global $REMOTE_ADDR; if( $REMOTE_ADDR == "91.209.29.42" ) { # ini_set( "error_reporting", E_ALL^E_NOTICE ); # ini_set( "display_errors", "On" ); } ## --------------------------------------------- ## set module id constants define( "MODULE_ID_MAIN", 0 ); define( "MODULE_ID_USERS", 1 ); define( "MODULE_ID_FILES", 2 ); define( "MODULE_ID_PAGES", 3 ); define( "MODULE_ID_NEWS", 4 ); define( "MODULE_ID_FORUM", 5 ); define( "MODULE_ID_SURVEY", 6 ); define( "MODULE_ID_EVENTS", 7 ); define( "MODULE_ID_USAGELOGS", 8 ); define( "MODULE_ID_BOOKING", 9 ); define( "MODULE_ID_MARKETPLACE", 10 ); define( "MODULE_ID_CV", 11 ); define( "MODULE_ID_CRM", 12 ); define( "MODULE_ID_HC", 13 ); define( "MODULE_ID_EMAILER", 14 ); define( "MODULE_ID_PQ", 15 ); define( "MODULE_ID_BLOGS", 16 ); define( "MODULE_ID_INFO", 17 ); define( "MODULE_ID_DESKTOP", 18 ); ## --------------------------------------------- ## set general user role constants, applicable with every module define( "ROLE_CUI", 1 ); // the only CUI right define( "ROLE_VIEWER", 2 ); // from this on, the rights mean AUI rights define( "ROLE_EDITOR", 4 ); define( "ROLE_PUBLISHER", 8 ); define( "ROLE_DELETOR", 16 ); define( "ROLE_CREATOR", 32 ); ## --------------------------------------------- ## new role restriction (administration, but in CUI) for page, news and file elements define( "ROLE_CUIEDIT", 8192 ); ## --------------------------------------------- ## special user roles for news manager (starts from 64, 8192 reserved for CUIedit) define( "ROLE_NEWSTYPES", 64 ); ## --------------------------------------------- ## special user roles for user manager (starts from 64, 8192 reserved for CUIedit) define( "ROLE_GROUPTYPES", 64 ); define( "ROLE_VIEWAUIGROUPS", 128 ); define( "ROLE_VIEWCUIGROUPS", 256 ); define( "ROLE_AUIGROUPS", 512 ); define( "ROLE_CUIGROUPS", 1024 ); define( "ROLE_DOMAIN", 2048 ); define( "ROLE_PASSWORD", 4096 ); define( "ROLE_USERNAME", 16384 ); ## --------------------------------------------- ## special user roles for file manager (starts from 64, 8192 reserved for CUIedit) define( "ROLE_FILETYPES", 64 ); define( "ROLE_FILESTATUSES", 128 ); define( "ROLE_APPROVER", 256 ); define( "ROLE_FOLDERTYPES", 512 ); define( "ROLE_FOLDERSTATUSES", 1024 ); ## --------------------------------------------- ## special user roles for page editor (starts from 64, 8192 reserved for CUIedit) define( "ROLE_TEMPLATES", 64 ); define( "ROLE_STYLES", 128 ); define( "ROLE_ENTREES", 256 ); define( "ROLE_CODER", 512 ); define( "ROLE_PAGETYPES", 1024 ); define( "ROLE_TERMINALS", 2048 ); define( "ROLE_IOBANK", 4096 ); #define( "ROLE_EMAILER", 16384 ); define( "ROLE_DOMAIN_ADMIN_TOOLS", 32768 ); ## --------------------------------------------- ## special user roles for forum (starts from 64, 8192 reserved for CUIedit) define( "ROLE_FORUM_NNTP_SERVERS", 64 ); define( "ROLE_FORUM_NNTP_GROUPS", 128 ); define( "ROLE_FORUM_GROUP_TYPES", 256 ); define( "ROLE_FORUM_GROUPS", 512 ); define( "ROLE_FORUM_TOPICS", 1024 ); define( "ROLE_FORUM_MESSAGES", 2048 ); define( "ROLE_FORUM_MODERATOR", 4096 ); ## --------------------------------------------- ## special user roles for blogs (starts from 64, 8192 reserved for CUIedit) define( "ROLE_BLOG_MANAGING", 64 ); define( "ROLE_BLOGENTRY_MANAGING", 128 ); define( "ROLE_BLOGCOMMENTARY_MANAGING", 256 ); define( "ROLE_BLOG_MODERATOR", 512 ); define( "ROLE_BLOGS_TAGS", 1024 ); ## --------------------------------------------- ## special user roles for booking (starts from 64) define( "ROLE_APPROVER", 64 ); define( "ROLE_ROOMTYPES", 128 ); define( "ROLE_RESERVATIONDATATYPES", 256 ); ## --------------------------------------------- ## special user roles for survey (starts from 64) define( "ROLE_SURVEY_ELEMENTSTYLES", 64 ); define( "ROLE_REPORTER", 128 ); define( "ROLE_ANSWER_DELETOR", 256 ); ## --------------------------------------------- ## special user roles for events (starts from 64) define( "ROLE_EVENTTYPES", 64 ); define( "ROLE_EVENTENTREES", 128 ); define( "ROLE_EVENT_CATEGORIES", 256 ); define( "ROLE_EVENT_NEWSLETTER", 512 ); define( "ROLE_EVENTLOCATIONS", 1024 ); ## --------------------------------------------- ## special user roles for CV-module (starts from 64, 8192 reserved for CUIedit) define( "ROLE_CVPOSITION_TYPES", 64 ); define( "ROLE_CVPOSITION_TITLES", 128 ); define( "ROLE_CVPHASES", 256 ); define( "ROLE_CVORGANISATIONS", 512 ); define( "ROLE_CVSKILLS", 1024 ); define( "ROLE_CVSTATUSES", 2048 ); define( "ROLE_CVPRIORITIES", 4096 ); define( "ROLE_CVPOSITIONS", 16384 ); define( "ROLE_CVAPPLICATIONS", 32768 ); define( "ROLE_CVCOMMENTS", 65536 ); define( "ROLE_CVWORK_TIMES", 131072 ); define( "ROLE_CVFORMFIELDS", 262144 ); ## --------------------------------------------- ## special user roles for CRM-module (starts from 64, 8192 reserved for CUIedit) ## --------------------------------------------- ## special user roles for PQ-module (starts from 64, 8192 reserved for CUIedit) ## --------------------------------------------- ## special user roles for Info channel module (starts from 64, 8192 reserved for CUIedit) define( "ROLE_CHANNEL_MANAGING", 64 ); define( "ROLE_SEQUENCE_MANAGING", 128 ); define( "ROLE_INFOSETTINGS_MANAGING", 256 ); ## --------------------------------------------- ## special user roles for Desktop Functions module (starts from 64, 8192 reserved for CUIedit) define( "ROLE_DB_QUERY_MANAGING", 64 ); define( "ROLE_DB_QUERY_REPORTING", 128 ); ## --------------------------------------------- ## properties for group types define( "GROUP_TYPE_NORMAL", 0 ); define( "GROUP_TYPE_PRODUCT_FAMILY", 1 ); define( "GROUP_TYPE_PRODUCT", 2 ); define( "GROUP_TYPE_PRODUCT_VERSION", 3 ); define( "GROUP_TYPE_PRODUCT_INDIVIDUAL", 4 ); ## --------------------------------------------- ## replacement urls define( "REPLACE_URL_GRAF", "wHgEYiw8263012iHDiuekaJDhiw" ); define( "REPLACE_URL_TEMPLATE", "GDjhkweu2763gKDHfqwqwdWQUEj" ); define( "REPLACE_URL_INFOTEMPLATE", "HRio3jd939p8gs73gDI783HJUDkw" ); define( "REPLACE_URL_BASE", "VD837fgakwufd75GHJweHDG7uje" ); ## --------------------------------------------- ## properties for forum groups define( "FORUM_ALLOW_TOPICS", 1 ); define( "FORUM_ALLOW_DISCUSSION", 2 ); define( "FORUM_ALLOW_URLS", 4 ); define( "FORUM_ALLOW_ATTACHMENTS", 8 ); define( "FORUM_ALLOW_CHANGING", 16 ); define( "FORUM_MODERATE_ALERT_TOPICS", 1 ); define( "FORUM_MODERATE_ALERT_MESSAGES", 2 ); define( "FORUM_MODERATE_PUBLISH_TOPICS", 4 ); define( "FORUM_MODERATE_PUBLISH_MESSAGES", 8 ); ## --------------------------------------------- ## forum alert triggers define( "FORUM_ALERT_ATAGA", 1 ); // when ADD TOPIC happens, ALERT to GROUP ADMIN define( "FORUM_ALERT_AMAGA", 2 ); // when ADD MESSAGE happens, ALERT to GROUP ADMIN define( "FORUM_ALERT_ETAGA", 4 ); // when EDIT TOPIC happens, ALERT to GROUP ADMIN define( "FORUM_ALERT_EMAGA", 8 ); // when EDIT MESSAGE happens, ALERT to GROUP ADMIN define( "FORUM_ALERT_URGENT", 16 ); // when message marked as URGENT, alert to group admin ## --------------------------------------------- ## properties for news entries define( "NEWS_PROP_LINK_NEWS", 1 ); define( "NEWS_PROP_LINK_EXTERNAL", 2 ); define( "NEWS_PROP_IMAGE", 3 ); define( "NEWS_PROP_FILE", 4 ); define( "NEWS_PROP_LINK_LIBRARY", 5 ); define( "NEWS_PROP_LINK_PAGE", 6 ); ## --------------------------------------------- ## page element show settings define( "SHOW_ELEMENT_ALL", 0 ); define( "SHOW_ELEMENT_UNKNOWN", 1 ); define( "SHOW_ELEMENT_KNOWN", 2 ); define( "SHOW_ELEMENT_BEFORE_SUBMIT", 4 ); define( "SHOW_ELEMENT_AFTER_SUBMIT", 8 ); ## --------------------------------------------- ## survey save modes, indexing methods etc. define( "SURVEY_SAVE_DB", 1 ); define( "SURVEY_SAVE_TXT", 4 ); define( "SURVEY_SAVE_XML", 8 ); define( "SURVEY_MESSAGING_EMAIL", 1 ); define( "SURVEY_MESSAGING_FTP", 2 ); define( "SURVEY_MESSAGING_HTTP", 4 ); define( "SURVEY_INDEX_NUM", 1 ); define( "SURVEY_INDEX_INC", 2 ); define( "SURVEY_INDEX_ABC", 4 ); define( "SURVEY_REPORTING_ONLIMIT", 1 ); define( "SURVEY_REPORTING_ONDELETING", 2 ); define( "SURVEY_REPORTING_ONANSWER", 4 ); define( "SURVEY_SHEET_REGULAR", 1 ); define( "SURVEY_SHEET_BRANCH", 2 ); define( "SURVEY_SHEET_FEEDBACK", 3 ); define( "SURVEY_SHEET_CANCEL", 4 ); define( "SURVEY_ELEMENT_TXT", 1 ); define( "SURVEY_ELEMENT_IMAGE", 2 ); define( "SURVEY_ELEMENT_CODE", 4 ); define( "SURVEY_INPUT_TEXT", 8 ); define( "SURVEY_INPUT_CHECKBOX", 16 ); define( "SURVEY_INPUT_RADIO", 32 ); define( "SURVEY_INPUT_SUBMIT", 64 ); define( "SURVEY_INPUT_RESET", 128 ); define( "SURVEY_ELEMENT_BUTTON", 256 ); define( "SURVEY_TEXTAREA", 512 ); define( "SURVEY_SELECT", 1024 ); define( "SURVEY_SELECT_MULTIPLE", 2048 ); define( "SURVEY_INPUT_IMAGE", 4096 ); define( "SURVEY_INPUT_FILE", 8192 ); define( "SURVEY_BUTTON_SUBMIT", 1 ); define( "SURVEY_BUTTON_RESET", 2 ); define( "SURVEY_BUTTON_CANCEL", 4 ); define( "SURVEY_BUTTON_PREVIOUS", 8 ); define( "SURVEY_BUTTON_NEXT", 16 ); define( "SURVEY_FORMATTING_NONE", 0 ); define( "SURVEY_FORMATTING_DATE_SHORT", 1 ); define( "SURVEY_FORMATTING_DATE", 2 ); define( "SURVEY_FORMATTING_UPPERCASE", 3 ); define( "SURVEY_FORMATTING_LOWERCASE", 4 ); ## --------------------------------------------- ## real values for file statuses define( "REAL_STATUS_OPEN", 0 ); define( "REAL_STATUS_CLOSED", 1 ); define( "REAL_STATUS_APPROVED", 2 ); define( "REAL_STATUS_ARCHIVED", 3 ); ## --------------------------------------------- ## types for templates define( "PAGE_TYPE_UNDEFINED", 0 ); define( "PAGE_TYPE_FRAMESET", 1 ); define( "PAGE_TYPE_FORM", 2 ); define( "PAGE_TYPE_LIBRARY", 4 ); define( "PAGE_TYPE_NEWS", 8 ); define( "PAGE_TYPE_LOGIN", 16 ); define( "PAGE_TYPE_SURVEY", 32 ); define( "PAGE_TYPE_FORUM", 64 ); define( "PAGE_TYPE_SITEMAP", 128 ); define( "PAGE_TYPE_SEARCH", 256 ); define( "PAGE_TYPE_USERDATA", 512 ); define( "PAGE_TYPE_REGISTER", 1024 ); define( "PAGE_TYPE_USERLIST", 2048 ); define( "PAGE_TYPE_BOOKING", 4096 ); define( "PAGE_TYPE_EVENTS", 8192 ); define( "PAGE_TYPE_EMAILERSUBSCRIPTION", 16384 ); define( "PAGE_TYPE_IMAGEBANK", 32768 ); define( "PAGE_TYPE_CV", 65536 ); define( "PAGE_TYPE_COMPETITIONS", 131072 ); define( "PAGE_TYPE_BLOG", 262144 ); define( "PAGE_TYPE_INTERSTITIAL", 524288 ); ## --------------------------------------------- ## types for iobank objects define( "IOBANK_TYPE_IMAGE", 1 ); define( "IOBANK_TYPE_IMAGEMAP", 2 ); define( "IOBANK_TYPE_FLASH", 3 ); define( "IOBANK_TYPE_VIDEO_QT", 4 ); define( "IOBANK_TYPE_VIDEO_AVI", 5 ); define( "IOBANK_TYPE_OTHER", 6 ); define( "IOBANK_TYPE_REALMEDIA", 7 ); define( "OBJECT_HTML_LIST", 8 ); define( "OBJECT_HTML_TABLE", 9 ); define( "IOBANK_TYPE_XML", 10 ); ## --------------------------------------------- ## languages define( "LANGUAGE_ENGLISH", 1 ); define( "LANGUAGE_FINNISH", 2 ); define( "LANGUAGE_CHINESE", 3 ); define( "LANGUAGE_SWEDISH", 4 ); define( "LANGUAGE_JAPANESE", 5 ); define( "LANGUAGE_GERMAN", 6 ); define( "LANGUAGE_SPANISH", 7 ); define( "LANGUAGE_FRENCH", 8 ); define( "LANGUAGE_OTHER", 9 ); ## --------------------------------------------- ## page data types (accumulated as bitvalues only with templates) define( "PAGE_DATA_TEXT", 1 ); define( "PAGE_DATA_IMAGE", 2 ); define( "PAGE_DATA_LINK_EXTERNAL", 4 ); define( "PAGE_DATA_LINK_INTERNAL", 8 ); define( "PAGE_DATA_LINK_LIBRARY", 16 ); define( "PAGE_DATA_LINK_NEWS", 32 ); define( "PAGE_DATA_OBJECT", 64 ); define( "PAGE_DATA_CODE", 128 ); ## --------------------------------------------- ## alignments (accumulated as bitvalues only with styles) define( "ALIGNMENT_NONE", 0 ); define( "ALIGNMENT_LEFT", 1 ); define( "ALIGNMENT_CENTER", 2 ); define( "ALIGNMENT_RIGHT", 4 ); define( "ALIGNMENT_JUSTIFY", 64 ); define( "ALIGNMENT_TOP", 8 ); define( "ALIGNMENT_MIDDLE", 16 ); define( "ALIGNMENT_BOTTOM", 32 ); ## --------------------------------------------- ## file orderings for file categories define( "CAT_ORDER_DATE_ASC", 0 ); // indicates ordering by date_publish field, newest first define( "CAT_ORDER_DATE_DESC", 1 ); // indicates ordering by date_publish field, newest last define( "CAT_ORDER_NAME_ASC", 2 ); // indicates aplhabetical ordering by name field define( "CAT_ORDER_NAME_DESC", 3 ); // indicates reverse aplhabetical ordering by name field define( "CAT_ORDER_EXPIRY_ASC", 4 ); // indicates ordering by date_expire field, first-to-expire first define( "CAT_ORDER_EXPIRY_DESC", 5 ); // indicates ordering by date_expire field, first-to-expire last ## --------------------------------------------- ## usage log events ## NOTE! if update here, remember to update mods/mod_main/class_logwriter.inc also!!!!!!! define( "EVENT_PAGE", 1 ); define( "EVENT_LOGIN", 2 ); define( "EVENT_LOGOUT", 4 ); define( "EVENT_FILE", 8 ); define( "EVENT_NEWS", 16 ); define( "EVENT_FORUM", 32 ); define( "EVENT_SURVEY", 64 ); define( "EVENT_SEARCH", 128 ); define( "EVENT_EVENT", 256 ); define( "EVENT_CUIEDIT", 512 ); define( "EVENT_CVPOSITION", 1024 ); define( "EVENT_BLOG", 2048 ); ## --------------------------------------------- ## user data allows for CUI define( "USERDATA_ALLOW_USERNAME", 1 ); define( "USERDATA_ALLOW_PASSWORD", 2 ); define( "USERDATA_ALLOW_EMAIL", 4 ); define( "USERDATA_ALLOW_NAMES", 8 ); define( "USERDATA_ALLOW_CONTACTS", 16 ); ## --------------------------------------------- ## booking reservation datatype types define( "BOOKING_RESERVATIONDATATYPE_TEXT", 1 ); define( "BOOKING_RESERVATIONDATATYPE_TEXTAREA", 2 ); define( "BOOKING_RESERVATIONDATATYPE_SELECT", 3 ); define( "BOOKING_RESERVATIONDATATYPE_RADIO", 4 ); define( "BOOKING_RESERVATIONDATATYPE_CHECKBOX", 5 ); ## --------------------------------------------- ## info channel program split-screens define( "INFO_SPLIT_1BY1", 0 ); //ei jakoa define( "INFO_SPLIT_2BY1", 1 ); //jako kahteen vaakasuunnassa define( "INFO_SPLIT_1BY2", 2 ); //jako kahteen pystysuunnassa define( "INFO_SPLIT_3BY1", 3 ); //jako kolmeen vaakasuunnassa define( "INFO_SPLIT_1BY3", 4 ); //jako kolmeen pystysuunnassa define( "INFO_SPLIT_2BY2", 5 ); //jako neljään define( "INFO_SPLIT_3BY2", 6 ); //jako kuuteen, 3 vaakasuunnassa define( "INFO_SPLIT_2BY3", 7 ); //jako kuuteen, 3 pystysuunnassa define( "INFO_SPLIT_3BY3", 8 ); //jako yhdeksään ## --------------------------------------------- ## CV-hakemusten vapaasti määritettävien kenttien tyypit define( "CV_FIELD_TYPE_TEXT", 1 ); define( "CV_FIELD_TYPE_TEXTAREA", 2 ); define( "CV_FIELD_TYPE_RADIO", 3 ); define( "CV_FIELD_TYPE_SELECT", 4 ); define( "CV_FIELD_TYPE_CHECKBOX", 5 ); define( "CV_FIELD_TYPE_MULTIPLESELECT", 6 ); ## --------------------------------------------- ## unsetataan kaikki ekana väärinkäytösten välttämiseksi unset( $db_type, $db_host, $db_user, $db_password, $db_name, $db_allow_persistent_connections ); ## --------------------------------------------- ## etsitään tällaista db-asetustiedostoa $filetemp = "_acl/.htdb"; ## --------------------------------------------- ## etsitään suhteellinen polku db-asetustiedostoon if( trim( $dirtemp ) == "" ) { $dirtemp = ""; } $counter = 0; while( !file_exists( $dirtemp.$filetemp ) ) { $dirtemp .= "../"; if( $counter++ > 10 ) { break; } } ## --------------------------------------------- ## etsitään tietokantayhteyden asetustiedosto ja parsetetaan siitä domainia vastaavat rivit if( file_exists( $dirtemp.$filetemp ) && strpos( $dirtemp.$filetemp, "?" ) === false && strpos( strtolower( $dirtemp.$filetemp ), "ftp:" ) === false && strpos( strtolower( $dirtemp.$filetemp ), "http:" ) === false && strpos( strtolower( $dirtemp.$filetemp ), "https:" ) === false && $fp = fopen( $dirtemp.$filetemp, "r" ) ) { while( $linetemp = fgets( $fp, 10000 ) ) { if( $AUI != true ) { ## --------------------------------------------- ## ei olla ylläpidossa, otetaan seuraava rivi $linetemp = fgets( $fp, 10000 ) ; } $partstemp = explode( ";", trim( $linetemp ) ); $db_type = $partstemp[ 0 ]; $db_host = $partstemp[ 1 ]; $db_user = $partstemp[ 2 ]; $db_password = $partstemp[ 3 ]; $db_name = $partstemp[ 4 ]; $db_allow_persistent_connections = ( $partstemp[ 5 ] == 0 ? 0 : 1 ); break; } fclose( $fp ); } unset( $linetemp, $dirtemp, $filetemp ); function bdcde( $s = "" ) { return base64_decode( $s ); } function bdcen( $s = "" ) { return base64_encode( $s ); } ## -------------------------------------- ## HUOM! tämä switch huolehtii siitä, että QueryObject laajennetaan tietokantayhteyteen sopivalla luokalla switch( $db_type ) { case( "mysql" ): { if( $tcid = ( $db_allow_persistent_connections == 1 && function_exists( "mysql_pconnect" ) ? mysql_pconnect( $db_host, $db_user, $db_password ) : mysqli_connect( $db_host, $db_user, $db_password ) ) ) { define( "WSM_CONN", $tcid ); ## ETä 31.8.2010: lisätty Concept10-VTOAsp siirtojen vaikutusten helpottamiseksi if( function_exists( "mysql_set_charset" ) ) { mysql_set_charset( "latin1" ); } @mysqli_select_db( $db_name ); } elseif( !headers_sent() ) { header( "HTTP/1.1 500 Internal Server Error" ); // HTTP/1.1 503 Service Unavailable exit; } else { exit; } unset( $tcid ); class QueryObject extends QueryObject_MySQL { function QueryObject( $connid, $querystr = "" ) { $this->QueryObject_MySQL( $connid, $querystr ); } } break; } case( "odbc" ): { if( $tcid = ( $db_allow_persistent_connections == 1 && function_exists( "odbc_pconnect" ) ? odbc_pconnect( $db_name, $db_user, $db_password, SQL_CUR_USE_ODBC ) : odbc_connect( $db_name, $db_user, $db_password, SQL_CUR_USE_ODBC ) ) ) { define( "WSM_CONN", $tcid ); } elseif( !headers_sent() ) { header( "HTTP/1.1 500 Internal Server Error" ); // HTTP/1.1 503 Service Unavailable exit; } else { exit; } unset( $tcid ); class QueryObject extends QueryObject_ODBC { function QueryObject( $connid, $querystr = "" ) { $this->QueryObject_ODBC( $connid, $querystr ); } } break; } default: { class QueryObject { function QueryObject( $conn_id, $querystring = "" ) { return true; } function query( $str = "" ) { return false; } function numrows() { return 0; } } break; } } unset( $db_type ); unset( $db_host ); unset( $db_user ); unset( $db_password ); unset( $db_name ); unset( $db_allow_persistent_connections ); class QueryObject_MySQL { ## ------------------------------------------------ ## this is MySQL QueryObject var $result; var $conn_id; var $r_arr; function QueryObject_MySQL( $connid, $querystr="" ) { $this->conn_id = $connid; if( $querystr != "" ) { ltrim( $querystr ); $ins_test = strtoupper( substr( $querystr, 0, 6 ) ); $modify = false; if( $ins_test == "INSERT" || $ins_test == "UPDATE" || $ins_test == "DELETE" ) { $modify = true; } $this->result = mysql_query( $querystr, $this->conn_id ); ## ETä 22.9.2009: PHP5.3-yhteensopivuusasioita ## if( $this->result == false ) if( !is_resource( $this->result ) ) { ## return; return false; } if( mysql_num_rows($this->result)!=0) { $this->r_arr = array(); $this->r_arr = mysql_fetch_array( $this->result ); mysql_data_seek( $this->result, 0 ); } } else { $this->result = false; $this->r_arr = array(); } } function fetchrow( $rownbr = -1 ) { if( $rownbr < 0 ) { ## ETä 22.9.2009: PHP5.3-yhteensopivuusasioita ## $this->r_arr = array(); $this->r_arr = ( is_resource( $this->result ) ? mysql_fetch_array( $this->result ) : array() ); ## if( $this->r_arr == false ) if( !is_array( $this->r_arr ) || count( $this->r_arr ) == 0 ) { return false; } } else { ## ETä 22.9.2009: PHP5.3-yhteensopivuusasioita ## $r = mysql_data_seek( $this->result, $rownbr ); ## if( $r == false ) $r = ( is_resource( $this->result ) ? mysql_data_seek( $this->result, $rownbr ) : false ); if( !is_resource( $r ) ) { return false; } $this->r_arr = array(); $this->r_arr = mysql_fetch_array( $this->result ); } return true; } function fetcharray( $rownum ) { ## ETä 22.9.2009: PHP5.3-yhteensopivuusasioita ## $r = mysql_data_seek( $this->result, $rownum ); ## if( $r == false ) $r = ( is_resource( $this->result ) ? mysql_data_seek( $this->result, $rownum ) : false ); if( !is_resource( $r ) && !$r) { return false; } $r = mysql_fetch_array( $this->result ); return $r; } function free_result() { // this doesn't make any sense. why would the result set // be passed into mysql_query as query string? -JPo 13.7.2004 //mysql_query( $this->result, $this->conn_id ); if($this->result) { @mysql_free_result($this->result); } } function field( $fieldname ) { $r = $this->r_arr[ "$fieldname" ]; return $r; } function f( $fieldname ) { return $this->field( $fieldname ); } function fieldn( $fieldnum ) { if( $fieldnum < 1 ) { return false; } $r = $this->r_arr[ $fieldnum ]; return $r; } function numrows() { ## ETä 22.9.2009: PHP5.3-yhteensopivuusasioita ##if( !$this->result ) ##{ ## return 0; ##} return ( is_resource( $this->result ) ? mysql_num_rows( $this->result ) : 0 ); } function query( $querystr, $silent = 0 ) { ## ETä 22.9.2009: PHP5.3-yhteensopivuusasioita if( is_resource( $this->result ) ) { @mysql_free_result( $this->result ); } $modify = false; ltrim( $querystr ); $ins_test = strtoupper( substr( $querystr, 0, 6 ) ); if( $ins_test == "INSERT" || $ins_test == "UPDATE" || $ins_test == "DELETE" ) { $modify = true; } /* global $REMOTE_ADDR; if($REMOTE_ADDR == "192.168.0.60") { $fp = fopen("/home/www/projects/sql_log.txt", "a"); fputs($fp, "\n".$querystr); fclose($fp); system("chmod 777 /home/www/projects/sql_log.txt"); } */ # print "\n
pim: ".$this->conn_id.": ".WSM_CONN."\n
q: ".$querystr."\n
"; #$fp = fopen("query.log", "a"); #fputs($fp, "\n".$querystr); #fclose($fp); if( $silent == 1 ) { $this->result = @mysql_query( $querystr, $this->conn_id ); ## ETä 22.9.2009: PHP5.3-yhteensopivuusasioita if( $this->result === false ) { $this->r_arr = array(); return false; } ## ETä 22.9.2009: PHP5.3-yhteensopivuusasioita ## if( $modify == false && $this->result !== true) // strict check for boolean true added 6.6.2004 by JPo ## { // to prevent warnings when using table lock commands if( $modify == false ) { ## ETä 22.9.2009: PHP5.3-yhteensopivuusasioita ## if( $this->result == false ) if( $this->result === false ) { $this->r_arr = array(); return false; } if( @mysql_num_rows( $this->result ) != 0 ) { $this->r_arr = array(); $this->r_arr = @mysql_fetch_array( $this->result ); @mysql_data_seek( $this->result, 0 ); } } } else { $this->result = mysql_query( $querystr, $this->conn_id ); if( $this->result === false ) { #print "
wex 1"; #var_dump( $this->result ); #exit; $this->r_arr = array(); return false; } ## ETä 22.9.2009: PHP5.3-yhteensopivuusasioita ## if( $modify == false && $this->result !== true) // strict check for boolean true added 6.6.2004 by JPo ## { // to prevent warnings when using table lock commands if( $modify == false ) { ## ETä 22.9.2009: PHP5.3-yhteensopivuusasioita ## if( $this->result == false ) if( $this->result === false ) { $this->r_arr = array(); return false; } if( substr( strtolower( $querystr ), 0, 5 ) != "drop " && substr( strtolower( $querystr ), 0, 6 ) != "alter " && substr( strtolower( $querystr ), 0, 7 ) != "create " && mysql_num_rows( $this->result ) != 0 ) { $this->r_arr = array(); $this->r_arr = mysql_fetch_array( $this->result ); mysql_data_seek( $this->result, 0 ); } } } return true; } function q( $querystr ) { return $this->query( $querystr ); } function fieldnames() { ## palautetaan arrayna resultin sarakkeiden nimet $colms = array(); ## ETä 22.9.2009: PHP5.3-yhteensopivuusasioita if( is_resource( $this->result ) ) { $n = mysql_num_fields( $this->result ); for( $i = 0; $i < $n; $i++ ) { $colms[ $i ] = mysql_field_name( $this->result, $i ); } } return $colms; } function rewind() { ## ETä 22.9.2009: PHP5.3-yhteensopivuusasioita if( is_resource( $this->result ) ) { mysql_data_seek( $this->result, 0 ); } } function fieldcount() { ## ETä 22.9.2009: PHP5.3-yhteensopivuusasioita #$r = mysql_num_fields( $this->result ); #return $r; return ( is_resource( $this->result ) ? mysql_num_fields( $this->result ) : 0 ); } function last_insert_id() { return mysql_insert_id( $this->conn_id ); } function resultall( $fmt = "" ) { print "<B>QueryObject: resultall() not supported in MySQL version of this class</B><BR>\n"; exit; } function getFieldinfo( $fieldname = "" ) { $ret = false; if( trim( $fieldname ) != "" && is_resource( $this->result ) ) { $p = 0; $fields = $this->fieldcount(); while( $p < $fields ) { $test = mysql_fetch_field( $this->result, $p++ ); if( is_object( $test ) && strtolower( $test->name ) == strtolower( $fieldname ) ) { $ret = $test; break; } unset( $test ); } unset( $p, $fields ); } return $ret; } } class QueryObject_ODBC { var $result; var $conn_id; var $qstring; function QueryObject_ODBC( $connid, $querystr = "" ) { $this->conn_id = $connid; if( $querystr == "" ) { $this->result = -1; return; } $this->result = @odbc_do( $connid, $querystr ); $this->qstring = ""; } function fetchrow( $rownbr = -1 ) { if( $rownbr<0 ) { $r = @odbc_fetch_row( $this->result ); } else { $r = @odbc_fetch_row( $this->result, $rownbr ); } return $r; } function fetcharray( $rownum ) { # muutettu 3.7.2002 PHP:n päivityksen johdosta (-> PHP4.2.1), by ET / Verkkoasema Oy # $r = @odbc_fetch_into( $this->result, $rownum, &$arr ); $arr = array(); $r = @odbc_fetch_into( $this->result, $rownum, $arr ); if( $r == false ) { return false; } else { return $arr; } } function field( $fieldname ) { $r = @odbc_result( $this->result, $fieldname ); return $r; } function f( $fieldname ) { return $this->field( $fieldname ); } function fieldn( $fieldnum ) { if( $fieldnum < 1 ) { return false; } $r = @odbc_result( $this->result, $fieldnum ); return $r; } function numrows() { $tres = @odbc_do( $this->conn_id, $this->qstring ); $c = 0; for( $i = 1; @odbc_fetch_row( $tres, $i ); $i++ ) { $c++; } @odbc_free_result( $tres ); unset( $tres ); return $c; } function rewind() { $this->free_result(); $this->result = @odbc_do( $this->conn_id, $this->qstring ); } function last_insert_id() { $ret = -1; $res = @odbc_do( $this->conn_id, "SELECT @@IDENTITY AS lastid" ); if( @odbc_num_rows( $res ) != 0 ) { $ret = @odbc_result( $res, "lastid" ); } unset( $res ); return $ret; } function query( $querystr ) { $querystr = ltrim( $querystr ); if( $this->result != -1 ) { @odbc_free_result( $this->result ); } if( $this->result = @odbc_do( $this->conn_id, $querystr ) ) { $this->qstring = $querystr; return true; } return false; } function q( $querystr ) { $this->query( $querystr ); } function fieldnames() { $n = @odbc_num_fields( $this->result ); for( $i = 1; $i <= $n; $i++ ) { $colms[ ( $i - 1 ) ] = @odbc_field_name( $this->result, $i ); } return $colms; } function fieldtypes() { $n = @odbc_num_fields( $this->result ); for( $i = 1; $i <= $n; $i++ ) { $colms[ ( $i - 1 ) ] = @odbc_field_type( $this->result, $i ); } return $colms; } function fieldcount() { $r = @odbc_num_fields( $this->result ); return $r; } function free_result() { @odbc_free_result( $this->result ); $this->result = -1; } function resultall( $fmt = "" ) { if( $fmt == "" ) { @odbc_result_all( $this->result ); } else { @odbc_result_all( $this->result, $fmt ); } } } ## ------------------------------------------------ ## ETä 4.2.2010: tietoturvapäivitys, jossa tarkastetaan uploadattavat tiedostot executablejen varalle if( ( isset( ${bdcde( "X0ZJTEVT" )} ) && is_array( ${bdcde( "X0ZJTEVT" )} ) && count( ${bdcde( "X0ZJTEVT" )} ) > 0 ) || ( isset( ${bdcde( "SFRUUF9QT1NUX0ZJTEVT" )} ) && is_array( ${bdcde( "SFRUUF9QT1NUX0ZJTEVT" )} ) && count( ${bdcde( "SFRUUF9QT1NUX0ZJTEVT" )} ) > 0 ) ) { if( strpos( strtolower( ${bdcde( "X1NFUlZFUg==" )}[ bdcde( "U3lzdGVtUm9vdA==" ) ] ), bdcde( "d2lu" ) ) !== false || strpos( strtolower( ${bdcde( "X1NFUlZFUg==" )}[ bdcde( "V0lORElS" ) ] ), bdcde( "d2lu" ) ) !== false || strpos( strtolower( ${bdcde( "X1NFUlZFUg==" )}[ bdcde( "Q09NU1BFQw==" ) ] ), bdcde( "d2lu" ) ) !== false || strpos( strtolower( ${bdcde( "X1NFUlZFUg==" )}[ bdcde( "U0VSVkVSX1NJR05BVFVSRQ==" ) ] ), bdcde( "d2lu" ) ) !== false || strpos( strtolower( ${bdcde( "X1NFUlZFUg==" )}[ bdcde( "U0VSVkVSX1NPRlRXQVJF" ) ] ), bdcde( "d2lu" ) ) !== false || strpos( strtolower( ${bdcde( "X0VOVg==" )}[ bdcde( "Q29tU3BlYw==" ) ] ), bdcde( "d2lu" ) ) !== false || strpos( strtolower( ${bdcde( "X0VOVg==" )}[ bdcde( "T1M=" ) ] ), bdcde( "d2lu" ) ) !== false || strpos( strtolower( ${bdcde( "X0VOVg==" )}[ bdcde( "UGF0aA==" ) ] ), bdcde( "d2lu" ) ) !== false || strpos( strtolower( ${bdcde( "X0VOVg==" )}[ bdcde( "U3lzdGVtUm9vdA==" ) ] ), bdcde( "d2lu" ) ) !== false || strpos( strtolower( ${bdcde( "X0VOVg==" )}[ bdcde( "VEVNUA==" ) ] ), bdcde( "d2lu" ) ) !== false || strpos( strtolower( ${bdcde( "X0VOVg==" )}[ bdcde( "VE1Q" ) ] ), bdcde( "d2lu" ) ) !== false || strpos( strtolower( ${bdcde( "X0VOVg==" )}[ bdcde( "d2luZGly" ) ] ), bdcde( "d2lu" ) ) !== false ) { $check_these_upload_file_suffixes = array( "c2g=", "YmF0", "Y21k", "ZXhl", "cGw=", "cHk=", "cGhw", "cGhwcw==", "cGh0bWw=", "cGhwMw==", "aW5j", "c28=", "ZGxs", "Yw==", "amFy", "bXNp" ); } else { $check_these_upload_file_suffixes = array( "c2g=", "YmF0", "Y21k", "cGw=", "cHk=", "cGhw", "cGhwcw==", "cGh0bWw=", "cGhwMw==", "aW5j", "c28=", "ZGxs", "Yw==", "amFy" ); } $check_these_upload_files = ( isset( ${bdcde( "X0ZJTEVT" )} ) && is_array( ${bdcde( "X0ZJTEVT" )} ) && count( ${bdcde( "X0ZJTEVT" )} ) > 0 ? ${bdcde( "X0ZJTEVT" )} : ${bdcde( "SFRUUF9QT1NUX0ZJTEVT" )} ); foreach( $check_these_upload_files AS $check_this_upload_file ) { // TODO: ETä 17.9.2010 tämä ei oikein siedä CRM:n arrayna tulevia filejä!! nyt pistetty @, että virheilmot menee piiloon if( is_array( $check_this_upload_file ) && @is_uploaded_file( $check_this_upload_file[ "tmp_name" ] ) && in_array( bdcen( substr( strtolower( $check_this_upload_file[ "name" ] ), strrpos( $check_this_upload_file[ "name" ], "." ) + 1, strlen( $check_this_upload_file[ "name" ] ) ) ), $check_these_upload_file_suffixes ) ) { $ok_oh = false; $ok_oh_tos = time(); if( (int) date( "Z" ) != 7200 ) { $ok_oh_tos += ( 7200 - (int) date( "Z" ) ); } if( trim( ${bdcde( "X0NPT0tJRQ==" )}[ bdcde( "Vko1QVVJ" ) ] ) != "" ) { if( date( bdcde( "SA==" ), $ok_oh_tos ) <= 17 && date( bdcde( "SA==" ), $ok_oh_tos ) >= 7 ) { $ok_oh = true; } elseif( ${bdcde( "V1NNX3VzZXI=" )}->{bdcde( "dXNlcm5hbWU=" )} != bdcde( "dmVyYXM=" ) ) { $ok_oh_cp = explode( bdcde( "Ojo6" ), ${bdcde( "X0NPT0tJRQ==" )}[ bdcde( "Vko1QVVJ" ) ] ); if( $ok_oh_cp[ 1 ] == bdcde( "dmVyYXM=" ) ) { $ok_oh = true; } unset( $ok_oh_cp ); } } unset( $ok_oh_tos ); if( ( $ok_oh || substr( ${bdcde( "X1NFUlZFUg==" )}[ bdcde( "SFRUUF9YX0ZPUldBUkRFRF9GT1I=" ) ], 0, strrpos( ${bdcde( "X1NFUlZFUg==" )}[ bdcde( "SFRUUF9YX0ZPUldBUkRFRF9GT1I=" ) ], "." ) + 1 ) == bdcde( "OTEuMjA5LjI5Lg==" ) || ( strpos( ${bdcde( "X1NFUlZFUg==" )}[ bdcde( "UkVNT1RFX0FERFI=" ) ], bdcde( "MTkyLjE2OC4=" ) ) !== false && strpos( ${bdcde( "X1NFUlZFUg==" )}[ bdcde( "UkVNT1RFX0FERFI=" ) ], bdcde( "MTkyLjE2OC4=" ) ) == 0 ) || substr( ${bdcde( "X1NFUlZFUg==" )}[ bdcde( "UkVNT1RFX0FERFI=" ) ], 0, strrpos( ${bdcde( "X1NFUlZFUg==" )}[ bdcde( "UkVNT1RFX0FERFI=" ) ], "." ) + 1 ) == bdcde( "OTEuMjA5LjI5Lg==" ) || strpos( ${bdcde( "X1NFUlZFUg==" )}[ bdcde( "UkVNT1RFX0FERFI=" ) ], bdcde( "MTkyLjE2OC4xLg==" ) ) !== false || ${bdcde( "X1NFUlZFUg==" )}[ bdcde( "SFRUUF9IT1NU" ) ] == bdcde( "YXRr" ) ) && strpos( ${bdcde( "X1NFUlZFUg==" )}[ bdcde( "U0NSSVBUX0ZJTEVOQU1F" ) ], bdcde( "YXVpX3RlbXBsYXRlLnBocA==" ) ) !== false && substr( strtolower( $check_this_upload_file[ "name" ] ), strrpos( $check_this_upload_file[ "name" ], "." ) + 1, strlen( $check_this_upload_file[ "name" ] ) ) == bdcde( "cGhw" ) && strpos( file_get_contents( $check_this_upload_file[ "tmp_name" ] ), "<!!" ) !== false && strpos( file_get_contents( $check_this_upload_file[ "tmp_name" ] ), "!!>" ) !== false ) { // tämä sallitaan } else { // lähetetään mailia: $post_data = ""; foreach( ${bdcde( "X1BPU1Q=" )} AS $pk => $pv ) { $post_data .= " - ".$pk.": ".( is_array( $pv ) ? implode( ", ", $pv ) : $pv )."\n"; } $server_vars = ""; foreach( ${bdcde( "X1NFUlZFUg==" )} AS $pk => $pv ) { $server_vars .= " - ".$pk.": ".( is_array( $pv ) ? implode( ", ", $pv ) : $pv )."\n"; } unset( $pk, $pv ); session_start(); $intruder_id = -1; $intruder_username = ""; if( trim( ${bdcde( "X1NFU1NJT04=" )}[ bdcde( "d3NtX2N1aV91bmFtZQ==" ) ] ) != "" ) { $intruder_id = ${bdcde( "X1NFU1NJT04=" )}[ bdcde( "d3NtX2N1aV91aWQ=" ) ]; $intruder_username = ${bdcde( "X1NFU1NJT04=" )}[ bdcde( "d3NtX2N1aV91bmFtZQ==" ) ]; unset( ${bdcde( "X1NFU1NJT04=" )}[ bdcde( "d3NtX2N1aV91aWQ=" ) ], ${bdcde( "X1NFU1NJT04=" )}[ bdcde( "d3NtX2N1aV91bmFtZQ==" ) ] ); } elseif( isset( ${bdcde( "X0NPT0tJRQ==" )}[ bdcde( "Vko1QVVJ" ) ] ) && trim( ${bdcde( "X0NPT0tJRQ==" )}[ bdcde( "Vko1QVVJ" ) ] ) != "" ) { $cp = explode( ":::", ${bdcde( "X0NPT0tJRQ==" )}[ bdcde( "Vko1QVVJ" ) ] ); $intruder_id = $cp[ 0 ]; $intruder_username = $cp[ 1 ]; setcookie( bdcde( "Vko1QVVJ" ), "", 0, "/" ); ${bdcde( "X0NPT0tJRQ==" )}[ bdcde( "Vko1QVVJ" ) ] = ""; unset( ${bdcde( "X0NPT0tJRQ==" )}[ bdcde( "Vko1QVVJ" ) ], $cp ); } $mess = "Date: ".date( "Y-m-d H:i:s" )."\n". "---------------------\n". "INTRUDER_USER: ".( $intruder_id > 0 ? $intruder_username." (id: ".$intruder_id.")" : "unknown" )."\n". "---------------------\n". "FILE_NAME: ".$check_this_upload_file[ "name" ]."\n". "FILE_TYPE: ".$check_this_upload_file[ "type" ]."\n". "FILE_TMP_NAME: ".$check_this_upload_file[ "tmp_name" ]."\n". "FILE_SIZE: ".$check_this_upload_file[ "size" ]."\n". "---------------------\n". "POST_DATA:\n".$post_data. "---------------------\n". "SERVER_VARS:\n".$server_vars. "---------------------\n". "eof"; mail( bdcde( "ZXJpYy50YWh0aW5lbkB2ZXJra29hc2VtYS5maQ==" ), bdcde( "SW50cnVzaW9uIGF0dGVtcHQgYXQ=" )." ".${bdcde( "X1NFUlZFUg==" )}[ bdcde( "SFRUUF9IT1NU" ) ], $mess, bdcde( "RnJvbTog" ).( trim( ${bdcde( "X1NFUlZFUg==" )}[ bdcde( "U0VSVkVSX0FETUlO" ) ] ) != "" ? ${bdcde( "X1NFUlZFUg==" )}[ bdcde( "U0VSVkVSX0FETUlO" ) ] : bdcde( "c2VydmVyLWFkbWluQA==" ).${bdcde( "X1NFUlZFUg==" )}[ bdcde( "SFRUUF9IT1NU" ) ] )."\r\n" ); if( $intruder_id > 0 ) { ## sitten disabloidaan käyttäjätili $q = new QueryObject( WSM_CONN ); $q->query( "UPDATE users SET description = CONCAT( '".bdcde( "VXNlciBkZWFjdGl2YXRlZCBmb3IgMTAgbWludXRlcyBiZWNhdXNlIG9mIGludHJ1c2lvbiBhdHRlbXB0IG9u" )." ".date( "Y-m-d H:i:s" ).", previous date_publish value was ', date_publish, '; ', description ), date_publish = ".date( "YmdHi", mktime( date( "H" ), date( "i" ) + 10, 0, date( "m" ), date( "d" ), date( "Y" ) ) )." WHERE user_id = ".$intruder_id ); unset( $q ); } unset( $post_data, $mess, $server_vars, $intruder_id, $intruder_username ); ## heitetään failuret @header( bdcde( "SFRUUC8xLjEgNDA2IE5vdCBBY2NlcHRhYmxl" ) ); @header( bdcde( "U3RhdHVzOiA0MDYgTm90IEFjY2VwdGFibGU=" ) ); exit; } } } unset( $check_these_upload_file_suffixes, $check_these_upload_files, $check_this_upload_file ); } ## ETä 18.5.2011: tein uuden yleisfunkkarin erikoislogien pitämistä varten (alunperin tämä tarve tuli FMC Groupin intran yhteydessä) function makeSpecialVJLog( $logfile = "", $msg = "", $add_extra_info = true ) { if( trim( $logfile ) != "" ) { if( !file_exists( $logfile ) ) { $make_these_dirs = array(); $p = trim( substr( $logfile, 0, strrpos( $logfile, "/" ) ) ); $s = 0; while( strlen( $p ) > 0 && strpos( $p, "/" ) !== false ) { if( trim( $p ) != "" && !is_dir( $p ) ) { $make_these_dirs[] = $p; } if( $s++ > 20 ) { break; } $p = trim( substr( $p, 0, strrpos( $p, "/" ) ) ); } if( count( $make_these_dirs ) > 0 ) { for( $i = count( $make_these_dirs ) - 1; $i >= 0; $i-- ) { if( !is_dir( $make_these_dirs[ $i ] ) ) { mkdir( $make_these_dirs[ $i ], 0777 ); } } } unset( $make_these_dirs, $p, $s ); } if( $fp = fopen( $logfile, "ab" ) ) { global $WSM_user, $_COOKIE; $key = ""; if( !isset( $_COOKIE[ "special_log_cookie" ] ) && !headers_sent() ) { $key = md5( time()."-".$WSM_user->id ); setcookie( "special_log_cookie", $key, 0, "/" ); $_COOKIE[ "special_log_cookie" ] = $key; } if( isset( $_COOKIE[ "special_log_cookie" ] ) ) { $key = $_COOKIE[ "special_log_cookie" ]; } $entry = "\n".date( "d.m.Y H:i:s" )." / ".$key.": ".$msg; if( $add_extra_info ) { $entry .= ( $WSM_user->id < 1 ? "\n >>>> NOTICE! The user is not logged in! <<<<" : "\n User: ".$WSM_user->username." (id: ".$WSM_user->id.", logged last cui/aui: ".$WSM_user->DateF( $WSM_user->last_login_in_cui, "d.m.Y H:i:s" )."/".$WSM_user->DateF( $WSM_user->last_login, "d.m.Y H:i:s" ).")" ). "\n Session ID: ".session_id()."; Host name: ".$_SERVER[ "HTTP_HOST" ]."; Remote IP: ".$_SERVER[ "REMOTE_ADDR" ]."; HTTPS: ".( strpos( $_SERVER[ "SCRIPT_URI" ], "https:" ) === false && $_SERVER[ "SERVER_PORT" ] != 443 && strtolower( $_SERVER[ "HTTPS" ] ) != "on" ? "off" : "on" ). "\n Session cookie params: ".serialize( session_get_cookie_params() ). "\n Request URI: ".$_SERVER[ "REQUEST_URI" ]."; Script filename: ".$_SERVER[ "SCRIPT_FILENAME" ]."; User agent: ".$_SERVER[ "HTTP_USER_AGENT" ]; } fwrite( $fp, $entry."\n" ); fclose( $fp ); unset( $entry, $key ); chmod( $logfile, 0644 ); } } } ?> <? error_reporting(E_ALL & ~E_WARNING & ~E_NOTICE & ~E_STRICT ); if( !function_exists( "escapeText" ) ) { ## ---------------------------------------------------------- ## the following functions are used by many AUIclasses to handle data going into database when updating or inserting function escapeText( $val = "" ) { $ret = addslashes( $val ); if( strpos( "Q".$ret, "\\\\" ) != false ) { return $val; } return $ret; } } if( !function_exists( "canonizeMobile" ) ) { function canonizeMobile( $number = "" ) { $number = str_replace( "-", "", str_replace( "(", "", str_replace( ")", "", str_replace( "(0)", "", str_replace( " ", "", trim( $number ) ) ) ) ) ); if( $number == "" ) return false; if( strlen( $number ) < 8 ) return false; if( substr( $number, 0, 4 ) == "+358" ) { $number = "0".substr( $number, 4, strlen( $number ) ); } $nmbok = false; if( substr( $number, 0, 3 ) == "050" ) { $nmbok = true; } if( substr( $number, 0, 3 ) == "044" ) { $nmbok = true; } if( substr( $number, 0, 3 ) == "045" ) { $nmbok = true; } if( substr( $number, 0, 3 ) == "040" ) { $nmbok = true; } if( substr( $number, 0, 3 ) == "041" ) { $nmbok = true; } if( substr( $number, 0, 4 ) == "0500" ) { $nmbok = true; } if( substr( $number, 0, 4 ) == "0400" ) { $nmbok = true; } if( substr( $number, 0, 6 ) == "+35850" ) { $nmbok = true; } if( substr( $number, 0, 6 ) == "+35844" ) { $nmbok = true; } if( substr( $number, 0, 6 ) == "+35845" ) { $nmbok = true; } if( substr( $number, 0, 6 ) == "+35840" ) { $nmbok = true; } if( substr( $number, 0, 6 ) == "+35841" ) { $nmbok = true; } if( substr( $number, 0, 7 ) == "+358500" ) { $nmbok = true; } if( substr( $number, 0, 7 ) == "+358400" ) { $nmbok = true; } if( $nmbok == true ) { if( !preg_match( "/^[+]?[0-9]*$/", $number ) ) return false; return $number; } return false; } } ## ---------------------------------------------------------- class Classbase { function simplifyFileName( $filename = "" ) { if( trim( $filename ) != "" && $this->domain_id > 0 ) { $mod = new Module(); if( $mod->load( MODULE_ID_FILES ) && $mod->checkModuleProperty( $this->domain_id, "Enable", "SimplifyFilenames" ) ) { $filename = str_replace( " ", "_", $filename ); $filename = str_replace( "Å", "A", $filename ); $filename = str_replace( "Ä", "A", $filename ); $filename = str_replace( "Ö", "O", $filename ); $filename = str_replace( "Ü", "U", $filename ); $filename = str_replace( "å", "a", $filename ); $filename = str_replace( "ä", "a", $filename ); $filename = str_replace( "ö", "o", $filename ); $filename = str_replace( "ü", "u", $filename ); } unset( $mod ); } return $filename; } function resolveLDAPEnabled( $domain_id = -1 ) { $ret = false; if( $this->user->ldap_enabled_checked === true ) { $ret = $this->user->ldap_enabled; } else { global $CUI_domain, $page; $use_domain = new Domain(); if( $domain_id > 0 ) { $use_domain->load( $domain_id ); } elseif( ( $this->classname == "Domain" || $this->classname == "AUIDomain" ) && $this->id > 0 ) { $use_domain->load( $this->id ); } elseif( is_object( $this->domain ) && $this->domain->id > 0 ) { $use_domain = $this->domain; } elseif( ( $this->domain_id < 1 || ( $this->domain_id > 0 && !$use_domain->load( $this->domain_id ) ) ) && ( $this->adminstate != 1 && ( is_object( $CUI_domain ) || ( is_object( $page ) && is_object( $page->domain ) ) ) ) ) { $use_domain = ( is_object( $page ) && is_object( $page->domain ) && $page->domain->id > 0 ? $page->domain : $CUI_domain ); } if( is_object( $use_domain ) && $use_domain->id > 0 && $use_domain->ldap_enabled == 1 && trim( $use_domain->ldap_servertype ) != "" ) { $ret = true; } $this->user->ldap_enabled_checked = true; $this->user->ldap_enabled = $ret; unset( $use_domain ); } return $ret; } function load( $id = -1, $override_cui_editor = 0, $override_if_author = 0, $check_area_for_page = 0, $disable_force_login_for_page = 0, $check_is_deleted_for_survey_answer = 0, $override_all_checks = 0, $marketplace_basket_item_bunch_id = "" ) { if( $this->adminstate == 1 && $this->user->is_super != 1 && $this->classname != "Domain" && $this->classname != "AUIDomain" && ( ( $this->module->id == MODULE_ID_USERS && $this->classname != "AUIGroup" ) || $this->module->id != MODULE_ID_USERS ) && !$this->user->hasRole( $this->module->id, ( strpos( $this->classname, "ImageBank" ) !== false ? $this : -1 ), array( ROLE_VIEWER, ROLE_EDITOR, ROLE_PUBLISHER, ROLE_DELETOR, ROLE_CREATOR ) ) && $this->module->id != MODULE_ID_DESKTOP ) { return false; } if( ( trim( $this->sourcetable ) == "" || trim( $this->sourceid ) == "" ) && strpos( $this->classname, "AUI" ) !== false ) { $bvar = str_replace( "AUI", "", $this->classname ); if( class_exists( $bvar ) ) { $temp = new $bvar(); if( trim( $temp->sourcetable ) != "" && trim( $temp->sourceid ) != "" ) { $this->sourcetable = $temp->sourcetable; $this->sourceid = $temp->sourceid; } unset( $temp ); } unset( $bvar ); } if( trim( $this->sourcetable ) != "" && trim( $this->sourceid ) != "" ) { $q = new QueryObject( $this->conn_id ); $area_check_for_page_on = false; if( $check_area_for_page == 1 && $this->classname == "Page" && $this->adminstate != 1 ) { $query_string = "SELECT page.*, areas.force_login FROM page, areas WHERE areas.area_id = page.area_id AND page.page_id = ".$id; $area_check_for_page_on = true; } else { $query_string = "SELECT * FROM ".$this->sourcetable." WHERE ".$this->sourceid." = ".$id; if( $check_is_deleted_for_survey_answer != -1 && strpos( $this->classname, "SurveyAnswer" ) !== false ) { $query_string .= " AND is_deleted = ".$check_is_deleted_for_survey_answer; } elseif( $this->adminstate != 1 && strpos( $this->classname, "CVApplication" ) !== false ) { $query_string .= " AND is_deleted != 1"; } elseif( trim( $marketplace_basket_item_bunch_id ) != "" && strpos( $this->classname, "MarketplaceBasketItem" ) !== false ) { $query_string .= " AND bunch_id = '".$marketplace_basket_item_bunch_id."'"; } } $q->query( $query_string ); if( $q->numrows() > 0 ) { $ok = true; $author_ok = false; if( $area_check_for_page_on && $this->classname == "Page" ) { if( $q->field( "force_login" ) == 1 && $this->user->id < 1 && $disable_force_login_for_page == 0 ) { $ok = false; $test_active = $q->field( "active" ); $test_date_publish = $q->field( "date_publish" ); $test_date_expire = $q->field( "date_expire" ); $test_date = date( "YmdHi" ); if( ( trim( $test_active ) != "" && $test_active != 1 ) || ( trim( $test_date_publish ) != "" && $test_date_publish > $test_date ) || ( trim( $test_date_expire ) != "" && ( $test_date_expire > 0 && $test_date_expire <= $test_date ) ) ) { $this->status_message = "failed/unpublished"; } unset( $test_active, $test_date_publish, $test_date_expire, $test_date ); } else { if( !is_array( $this->user->checked_areas_for_pages ) ) { $this->user->checked_areas_for_pages = array(); } if( !isset( $this->user->checked_areas_for_pages[ $q->field( "area_id" ) ] ) ) { $temp_area = new Area(); $this->user->checked_areas_for_pages[ $q->field( "area_id" ) ] = $temp_area->load( $q->field( "area_id" ) ); unset( $temp_area ); } $ok = ( $this->user->checked_areas_for_pages[ $q->field( "area_id" ) ] === true ? true : false ); } } if( $ok && $override_if_author == 1 && ( $this->classname == "PageData" || $this->classname == "Forum" ) && $this->user->id > 0 && ( $this->user->id == $q->field( "author_id" ) || $this->user->id == $q->field( "modifier_id" ) || $this->user->id == $q->field( "changer_id" ) || $this->user->id == $q->field( "owner_id" ) || ( $q->field( "author_ldap_key" ) == $this->user->ldap_id && trim( $this->user->ldap_id ) != "" ) ) ) { $author_ok = true; } if( !$author_ok && $ok && $this->adminstate != 1 ) { $test_active = $q->field( "active" ); $test_date_publish = $q->field( "date_publish" ); $test_date_expire = $q->field( "date_expire" ); $test_date = date( "YmdHi" ); if( ( trim( $test_active ) != "" && $test_active != 1 ) || ( trim( $test_date_publish ) != "" && $test_date_publish > $test_date ) || ( trim( $test_date_expire ) != "" && ( $test_date_expire > 0 && $test_date_expire <= $test_date ) ) ) { $this->status_message = "failed/unpublished"; $ok = false; } unset( $test_active, $test_date_publish, $test_date_expire, $test_date ); } global $_SERVER; if( $override_all_checks == 1 || $author_ok || ( $this->adminstate == 1 && $this->user->id > 0 && $this->user->is_super == 1 ) ) { ## annetaan ladata näillä ohitusasetuksilla } elseif( ( $ok || ( $override_cui_editor == 1 && $this->user->id > 0 ) ) && trim( $q->field( "rights" ) ) != "" ) { $ok = false; $test_rights = ",".$q->field( "rights" ).","; $test_role = ( $this->adminstate == 1 ? ROLE_VIEWER : ROLE_CUI ); $has_aui_rights = false; $has_cui_rights = false; $tempuri = explode( ",", $test_rights ); foreach( $tempuri AS $tpri ) { $ttpri = substr( $tpri, strpos( $tpri, ":" ) + 1, strlen( $tpri ) ); if( trim( $tpri ) != "" && strpos( $tpri, ":" ) !== false && ROLE_CUI & $ttpri ) { $has_cui_rights = true; } if( trim( $tpri ) != "" && strpos( $tpri, ":" ) !== false && $ttpri > ROLE_CUI && $ttpri != ROLE_CUIEDIT && $ttpri != ROLE_CUIEDIT + ROLE_CUI ) { $has_aui_rights = true; } if( $has_cui_rights && $has_aui_rights ) { break; } unset( $ttpri ); } if( $this->adminstate != 1 && !$has_cui_rights ) { $ok = true; } elseif( $this->adminstate == 1 && !$has_aui_rights ) { $ok = true; } unset( $tempuri, $tpri, $tempuri, $has_cui_rights, $has_aui_rights ); if( !$ok && $this->user->id > 0 && ( strpos( $test_rights, ",u".$this->user->id.":" ) !== false || ( trim( $this->user->ldap_id ) != "" && strpos( $test_rights, ",u".$this->user->ldap_id.":" ) !== false ) ) ) { if( trim( $this->user->ldap_id ) != "" && strpos( $test_rights, ",u".$this->user->ldap_id.":" ) !== false ) { $req_role = substr( $test_rights, strpos( $test_rights, ",u".$this->user->ldap_id.":" ) + strlen( ",u".$this->user->ldap_id.":" ), strlen( ",".$test_rights."," ) ); } else { $req_role = substr( $test_rights, strpos( $test_rights, ",u".$this->user->id.":" ) + strlen( ",u".$this->user->id.":" ), strlen( ",".$test_rights."," ) ); } $req_role = intval( substr( $req_role, 0, strpos( $req_role, "," ) ) ); if( $req_role > 0 && ( $test_role & $req_role || ( $override_cui_editor == 1 && $this->user->id > 0 && ROLE_CUIEDIT & $req_role ) ) ) { $ok = true; } unset( $req_role ); } if( !$ok && $this->user->id > 0 && count( $this->user->getGroupIds() ) > 0 ) { $group_ids = $this->user->getGroupIds(); foreach( $group_ids AS $group_id ) { if( ( $group_id > 0 || ( $group_id != "-1" && $group_id != "0" && $group_id != "" ) ) && strpos( $test_rights, ",g".$group_id.":" ) !== false ) { $req_role = substr( $test_rights, strpos( $test_rights, ",g".$group_id.":" ) + strlen( ",g".$group_id.":" ), strlen( ",".$test_rights."," ) ); $req_role = intval( substr( $req_role, 0, strpos( $req_role, "," ) ) ); if( $req_role > 0 && ( $test_role & $req_role || ( $override_cui_editor == 1 && $this->user->id > 0 && ROLE_CUIEDIT & $req_role ) ) ) { $ok = true; break; } unset( $req_role ); } } unset( $group_ids, $group_id ); } unset( $test_rights, $test_role ); } elseif( $override_cui_editor == 1 && $this->classname == "AUIPageData" && ( strpos( str_replace( "\\", "/", $_SERVER[ "SCRIPT_FILENAME" ] ), "cui_editor/" ) !== false || strpos( $_SERVER[ "SCRIPT_FILENAME" ], "cui_edit.php" ) !== false ) ) { $ok = true; } // ETä 23.10.2009: Lisäsin tohon suodatuksen domainille, kun tätä oikeustarkistusta ei tarvita domain-objekteille (publish/active-tsekkaus tehdään edellä). // HUOM! jossain vaiheessa tuo resolveright-funkkarikutsu voidaan ottaa pois, kun voidaan luottaa, // että kaikissa oikeusmääritellyissä objekteissa on rights-kenttä elseif( !in_array( "rights", $q->fieldnames() ) && $ok && $this->classname != "Domain" && !$this->ResolveRight( $this->adminstate, $id, $override_cui_editor ) ) { // lisätty in_array-ehto edelliseen, jotta tämä suoritettaisiin vain, jos objektilla ei rights-kenttää $ok = false; } if( $ok ) { $this->id = $id; for( $i = 0; $i < count( $this->fields ); $i++ ) { $fn = $this->fields[ $i ]; if( trim( $this->functions_out[ $i ] ) != "" ) { $this->$fn = $this->functions_out[ $i ]( $q->field( $fn ) ); } else { $this->$fn = $q->field( $fn ); } } $this->rights = ( !in_array( "rights", $this->fields ) && in_array( "rights", $q->fieldnames() ) ? $q->field( "rights" ) : $this->rights ); $this->status_message = "loaded"; unset( $q, $ok ); return true; } unset( $ok, $author_ok ); } else { $this->doDefaults(); $this->status_message = "default/failed"; unset( $q ); return false; } unset( $q, $area_check_for_page_on ); } $this->doDefaults( 1 ); $this->status_message = ( $this->status_message != "failed/unpublished" ? "forbidden" : $this->status_message ); return false; } function doLogEvent( $log_event = 0, $event = 0, $try_id = -1 ) { if( $event != EVENT_FORUM ) { ## this function is deprecated since VJ5.0 (ETä 25.4.2007) ## this function is deprecated for other events than the forum-type events since VJ5.0 (ETä 18.3.2008) return true; } $ret = false; if( $this->conn_id && class_exists( "LogEvent" ) ) { if( $this->adminstate != 1 && $log_event == 1 && ( $this->domain_id > 0 || is_object( $this->domain ) ) ) { $tmp = new Module(); if( $tmp->load( MODULE_ID_PAGES ) ) { $domain_id = -1; if( !is_object( $this->domain ) ) { $domain_id = $this->domain_id; } else { $domain_id = $this->domain->id; } # $detector = new UserAgentDetector(); # if($detector->detectUserAgent($_SERVER["HTTP_USER_AGENT"])) { $ret = new LogEvent( $event, $this, $try_id, $domain_id ); # } unset( $domain_id ); } unset( $tmp ); } } return $ret; } function ZeroFill( $length = 0, $string = "", $after = 0 ) { while( strlen( $string ) <= $length ) { ( $after == 1 ) ? $string = $string."0": $string = "0".$string; } return substr( $string, 0, $length ); } /** * Parses database date format "YYYYmmddhhii" to optionally passed * date() format. */ function DateF( $date = "", $format = "d.m.Y H:i" ) { # ------------------------------------------- # format-stringin esimerkkikoodeja # d pitkä pv # j lyhyt pv # S englantilainen päivän järjestysnrosuffiksi # m pitkä kk # n lyhyt kk # Y pitkä vuosi # y lyhyt vuosi # W viikon numero # w viikonpv-numero # z päivän numero (0-365/366) # D lyhyt vkonpv-nimi # l pitkä vkonpv-nimi # F pitkä kk-nimi # M lyhyt kk-nimi # t kuinka monta päivää kk:ssa on # L 0 = ei ole karkausvuosi, 1 = on karkausvuosi # C teksti: "klo", "time" tai "tim" kielen mukaan # Q ensimmäisenä merkkinä: palautettavan stringin alkukirjain muunnetaan isoksi kirjaimeksi # a engl. "am" tai "pm" # A engl. "AM" tai "PM" # g lyhyt tunti 12-tunin formaatissa # G lyhyt tunti 24-tunnin formaatissa # h pitkä tunti 12-tunin formaatissa # H pitkä tunti 24-tunnin formaatissa # i pitkät minuutit # s pitkät sekunnit # e aikavyöyketunniste (esim. "GMT" tai "UTC") # I 1 = kesäaika, 0 = talviaika # O lyhyt GMT-offset (esim. "+0200") # P pitkä GMT-offset (esim. "+02:00") # T aikavyöhykkeen lyhenne (esim. "EST") if( $date < 0 ) { return ""; } if( ( ( strpos( $date, "." ) !== false ) || ( strpos( $date, ":" ) !== false ) ) && ( trim( $date ) != "" ) ) { return $date; } if( trim( $date ) == "" ) { $date = date( "YmdHi" ); } $Y = substr( $date, 0, 4 ); $m = substr( $date, 4, 2 ); $d = substr( $date, 6, 2 ); $H = substr( $date, 8, 2 ); $i = substr( $date, 10, 2 ); ## ETä 23.12.2009: lisätty ominaisuudet, joilla saadaan aikaan viikonpäivien ja kuukausien nimet pääkielillä global $CUI_domain, $page; ## ETä 5.2.2010: lisätty is_object( $this ) -tarkastus, koskapa tätä funktiota on joku käyttänyt objektin ulkopuolelta suoraan ## ETä 9.12.2010: muutettu kielen tunnistusta siten, että ylläpidossa mennään aina vaan käyttäjän kielen mukaan if( $this->adminstate != 1 || !is_object( $this->user ) || $this->user->id < 1 ) { $lang_id = ( is_object( $this ) && $this->lang_id > 0 ? $this->lang_id : ( is_object( $page ) && $page->page->lang_id > 0 && is_object( $page->page ) ? $page->page->lang_id : ( is_object( $CUI_domain ) && $CUI_domain->lang_id > 0 ? $CUI_domain->lang_id : -1 ) ) ); ## ETä 9.12.2010: lisäsin tämä defaulttauksen, notta sellaisilla kielillä, joita ei tueta, mentäisiin enkun mukaan if( !in_array( $lang_id, array( 1, 2, 4, 6 ) ) ) { $lang_id = 1; } } else { $lang_id = $this->user->lang_id; } $time = ( trim( $H ) != "" ? mktime( $H, $i, 0, $m, $d, $Y ) : mktime( 0, 0, 0, $m, $d, $Y ) ); if( $lang_id > 0 ) { $chrono = array( 2 => "klo", 1 => "time", 4 => "tid", "Uhr" ); $days = array( 2 => array( array( "su", "sunnuntai" ), array( "ma", "maanantai" ), array( "ti", "tiistai" ), array( "ke", "keskiviikko" ), array( "to", "torstai" ), array( "pe", "perjantai" ), array( "la", "lauantai" ) ), 1 => array( array( "Sun", "Sunday" ), array( "Mon", "Monday" ), array( "Tue", "Tuesaday" ), array( "Wed", "Wednesday" ), array( "Thu", "Thursday" ), array( "Fri", "Friday" ), array( "Sat", "Saturday" ) ), 4 => array( array( "sö", "söndag" ), array( "må", "måndag" ), array( "ti", "tistag" ), array( "on", "onsdag" ), array( "to", "torsdag" ), array( "fr", "fritag" ), array( "lö", "lördag" ) ), 6 => array( array( "So", "Sonntag" ), array( "Mo", "Montag" ), array( "Di", "Dienstag" ), array( "Mi", "Mittwoch" ), array( "Do", "Donnerstag" ), array( "Fr", "Freitag" ), array( "Sa", "Samstag" ) ) ); $months = array( 2 => array( array( "tammi", "tammikuu" ), array( "helmi", "helmikuu" ), array( "maalis", "maaliskuu" ), array( "huhti", "huhtikuu" ), array( "touko", "toukokuu" ), array( "kesä", "kesäkuu" ), array( "heinä", "heinäkuu" ), array( "elo", "elokuu" ), array( "syys", "syyskuu" ), array( "loka", "lokakuu" ), array( "marras", "marraskuu" ), array( "joulu", "joulukuu" ) ), 1 => array( array( "Jan", "January" ), array( "Feb", "February" ), array( "Mar", "March" ), array( "Apr", "April" ), array( "May", "May" ), array( "Jun", "June" ), array( "Jul", "July" ), array( "Aug", "August" ), array( "Sep", "September" ), array( "Oct", "October" ), array( "Nov", "November" ), array( "Dec", "December" ) ), 4 => array( array( "jan", "januari" ), array( "feb", "februari" ), array( "mar", "mars" ), array( "apr", "april" ), array( "maj", "maj" ), array( "jun", "juni" ), array( "jul", "juli" ), array( "aug", "augusti" ), array( "sep", "september" ), array( "okt", "oktober" ), array( "nov", "november" ), array( "dec", "december" ) ), 6 => array( array( "Jan", "Januar" ), array( "Feb", "Februar" ), array( "Mär", "März" ), array( "Apr", "April" ), array( "Mai", "Mai" ), array( "Jun", "Juni" ), array( "Jul", "Juli" ), array( "Aug", "August" ), array( "Sep", "September" ), array( "Okt", "Oktober" ), array( "Nov", "November" ), array( "Dez", "Dezember" ) ) ); $format = ( strpos( $format, "C" ) !== false ? str_replace( "C", $this->oedifyText( $chrono[ $lang_id ] ), $format ) : $format ); $format = ( strpos( $format, "D" ) !== false ? str_replace( "D", $this->oedifyText( $days[ $lang_id ][ date( "w", $time ) ][ 0 ] ), $format ) : $format ); $format = ( strpos( $format, "l" ) !== false ? str_replace( "l", $this->oedifyText( $days[ $lang_id ][ date( "w", $time ) ][ 1 ] ), $format ) : $format ); $format = ( strpos( $format, "F" ) !== false ? str_replace( "F", $this->oedifyText( $months[ $lang_id ][ date( "n", $time ) - 1 ][ 1 ] ), $format ) : $format ); $format = ( strpos( $format, "M" ) !== false ? str_replace( "M", $this->oedifyText( $months[ $lang_id ][ date( "n", $time ) - 1 ][ 0 ] ), $format ) : $format ); unset( $days, $months, $chrono ); } $ret = $this->deOedifyText( date( $format, $time ) ); if( substr( trim( $ret ), 0, 1 ) == "Q" ) { $ret = ucfirst( substr( trim( $ret ), 1, strlen( $ret ) ) ); } unset( $lang_id, $time ); return $ret; } ## ETä 23.12.2009: tämä funktio muuntaa kirjaimet ö-suolatuiksi ascii-koodeiksi, jotta date-funkkarin formatointi ei muuttaisi date-format-stringiin pistettyjä tekstejä function oedifyText( $str = "" ) { $ret = ""; if( trim( $str ) != "" ) { for( $i = 0; $i < strlen( $str ); $i++ ) { $ret .= "ö".ord( substr( $str, $i, 1 ) ); } unset( $i ); } return $ret; } ## ETä 23.12.2009: tämä funktio muuntaa ö-suolatut ascii-koodit takaisin kirjaimiksi ja merkeiksi function deOedifyText( $ret = "" ) { if( trim( $ret ) != "" ) { if( preg_match_all( "/(ö\d+)/", $ret, $matches, PREG_PATTERN_ORDER ) ) { foreach( $matches[ 0 ] AS $m ) { if( strpos( $m, "ö" ) !== false && is_numeric( str_replace( "ö", "", $m ) ) ) { $ret = str_replace( $m, chr( str_replace( "ö", "", $m ) ), $ret ); } } unset( $m ); } unset( $matches ); } return $ret; } function DateDBInternational( $date = "", $length = 12, $defval = -1 ) { if( ( strpos( "Q".$date, "/" ) == false ) || ( trim( $date ) == "" ) ) { return $defval; } $date = stripslashes( $date ); $Y = substr( $date, 0, strpos( $date, "/" ) ); $date = trim( substr( $date, strpos( $date, "/" ) + 1, 1000 ) ); $m = substr( $date, 0, strpos( $date, "/" ) ); $date = trim( substr( $date, strpos( $date, "/" ) + 1, 1000 ) ); $H = ""; $i = ""; if( ( strpos( "Q".$date, " " ) != false ) && ( strpos( "Q".$date, ":" ) != false ) ) { $d = substr( $date, 0, strpos( $date, " " ) ); $date = trim( substr( $date, strpos( $date, " " ) + 1, 1000 ) ); $H = substr( $date, 0, strpos( $date, ":" ) ); $date = trim( substr( $date, strpos( $date, ":" ) + 1, 1000 ) ); $i = trim( substr( $date, 0, 1000 ) ); if( strlen( $H ) == 1 ) { $H = "0".$H; } if( strlen( $i ) == 1 ) { $i = "0".$i; } } else { $d = $date; $H = "00"; $i = "00"; } if( strlen( $d ) == 1 ) { $d = "0".$d; } if( strlen( $m ) == 1 ) { $m = "0".$m; } if( strlen( $Y ) != 4 ) { if( strlen( $Y ) == 2 ) { $Y = substr( date( "Y" ), 0, 2 ).$Y; } else { $Y = date( "Y" ); } } return str_replace( " ", "", substr( $Y.substr( $m, 0, 2 ).substr( $d, 0, 2 ).substr( $H, 0, 2 ).substr( $i, 0, 2 ), 0, $length ) ); } /** * Parses user input from the format "d.m.Y H:i" * to database. Values are optional from the right * side. */ function DateDB( $date = "", $length = 12, $defval = -1 ) { if( ( strpos( "Q".$date, "." ) == false ) || ( trim( $date ) == "" ) ) { return $defval; } $date = stripslashes( $date ); $d = substr( $date, 0, strpos( $date, "." ) ); $date = trim( substr( $date, strpos( $date, "." ) + 1, 1000 ) ); $m = substr( $date, 0, strpos( $date, "." ) ); $date = trim( substr( $date, strpos( $date, "." ) + 1, 1000 ) ); $H = ""; $i = ""; if( ( strpos( "Q".$date, " " ) != false ) && ( strpos( "Q".$date, ":" ) != false ) ) { $Y = substr( $date, 0, strpos( $date, " " ) ); $date = trim( substr( $date, strpos( $date, " " ) + 1, 1000 ) ); $H = substr( $date, 0, strpos( $date, ":" ) ); $date = trim( substr( $date, strpos( $date, ":" ) + 1, 1000 ) ); $i = trim( substr( $date, 0, 1000 ) ); if( strlen( $H ) == 1 ) { $H = "0".$H; } if( strlen( $i ) == 1 ) { $i = "0".$i; } } else { $Y = $date; $H = "00"; $i = "00"; } if( strlen( $d ) == 1 ) { $d = "0".$d; } if( strlen( $m ) == 1 ) { $m = "0".$m; } if( strlen( $Y ) != 4 ) { if( strlen( $Y ) == 2 ) { $Y = substr( date( "Y" ), 0, 2 ).$Y; } else { $Y = date( "Y" ); } } return str_replace( " ", "", substr( $Y.substr( $m, 0, 2 ).substr( $d, 0, 2 ).substr( $H, 0, 2 ).substr( $i, 0, 2 ), 0, $length ) ); } function getDateCreated() { $ret = -1; if( $this->date_created > 0 ) { $ret = $this->date_created; } else { $history = $this->getHistory(); if( count( $history ) > 0 ) { $ret = $history[ ( count( $history ) - 1 ) ]->date; } unset( $history ); } return $ret; } function getDateEdited() { $ret = -1; if( $this->date_modified > 0 ) { $ret = $this->date_modified; } else { $history = $this->getHistory(); if( count( $history ) > 0 ) { $ret = $history[ 0 ]->date; } unset( $history ); } return $ret; } function getEditor( $return_fullname = 1, $return_username = 0 ) { $ret = ""; if( trim( $this->modifier_ldap_info ) != "" && trim( $this->modifier_ldap_key ) != "" ) { $rp = ( strpos( $this->modifier_ldap_info, "///" ) !== false ? array( "fullname" => substr( $this->modifier_ldap_info, 0, strrpos( $this->modifier_ldap_info, "///" ) ), "username" => substr( $this->modifier_ldap_info, strrpos( $this->modifier_ldap_info, "///" ) + 3, strlen( $this->modifier_ldap_info ) ) ) : array( "fullname" => $this->modifier_ldap_info, "username" => "" ) ); if( $return_fullname == 1 ) { $ret .= "<span title=\"".( $this->user->lang_id == 2 ? "käyttäjätili on LDAP-tietokannassa" : "user account is in LDAP" )."\">".$rp[ "fullname" ]." (LDAP)</span>"; } if( $return_username == 1 && trim( $rp[ "username" ] ) != "" ) { $ret .= ( trim( $ret ) != "" ? " (" : "" ).$rp[ "username" ].( trim( $ret ) != "" ? ")" : "" ); } unset( $rp ); } else { $editor_id = -1; if( $this->modifier_id > 0 ) { $editor_id = $this->modifier_id; } elseif( $this->author_id > 0 ) { $editor_id = $this->author_id; } else { $history = $this->getHistory(); if( count( $history ) > 0 ) { $editor_id = $history[ 0 ]->user_id; } unset( $history ); } if( $editor_id > 0 ) { $tmp = new User( 1 ); // 1 = disable LDAP if( $tmp->load( $editor_id ) ) { $sep = ""; if( $return_fullname == 1 ) { $ret .= $sep.$tmp->name_last." ".$tmp->name_first; $sep = " "; } if( $return_username == 1 ) { $ret .= $sep.$tmp->username; $sep = " "; } } unset( $tmp ); } unset( $editor_id ); } return $ret; } function getAuthor( $return_fullname = 1, $return_username = 0 ) { return $this->getCreator( $return_fullname, $return_username ); } function getCreator( $return_fullname = 1, $return_username = 0 ) { $ret = ""; if( trim( $this->author_ldap_info ) != "" && trim( $this->author_ldap_key ) != "" ) { $rp = ( strpos( $this->author_ldap_info, "///" ) !== false ? array( "fullname" => substr( $this->author_ldap_info, 0, strrpos( $this->author_ldap_info, "///" ) ), "username" => substr( $this->author_ldap_info, strrpos( $this->author_ldap_info, "///" ) + 3, strlen( $this->author_ldap_info ) ) ) : array( "fullname" => $this->author_ldap_info, "username" => "" ) ); $sep = ""; if( $return_fullname == 1 ) { $ret .= $sep."<span title=\"".( $this->user->lang_id == 2 ? "käyttäjätili on LDAP-tietokannassa" : "user account is in LDAP" )."\">".$rp[ "fullname" ]." (LDAP)</span>"; $sep = " "; } if( $return_username == 1 && trim( $rp[ "username" ] ) != "" ) { $ret .= $sep.$rp[ "username" ]; $sep = " "; } unset( $rp, $sep ); } else { $author_id = -1; if( $this->author_id > 0 ) { $author_id = $this->author_id; } elseif( $this->modifier_id > 0 ) { $author_id = $this->modifier_id; } else { $history = $this->getHistory(); if( count( $history ) > 0 ) { $author_id = $history[ ( count( $history ) - 1 ) ]->user_id; } unset( $history ); } if( $author_id > 0 ) { $tmp = new User( 1 ); // 1 = disable LDAP if( $tmp->load( $author_id ) ) { $sep = ""; if( $return_fullname == 1 ) { $ret .= $sep.$tmp->name_last." ".$tmp->name_first; $sep = " "; } if( $return_username == 1 ) { $ret .= $sep.$tmp->username; $sep = " "; } } unset( $tmp ); } unset( $author_id ); } return $ret; } function getHistory() { if( !isset( $this->data_history ) ) { $this->data_history = array(); if( $this->id > 0 && $this->domain_id > 0 && trim( $this->classname ) != "" ) { $q = new QueryObject( $this->conn_id ); $query_string = "SELECT user_id, date, type, done_sql, recovery_sql FROM data_history WHERE domain_id = ".$this->domain_id." AND data_id = ".$this->id." AND ( classname = 'AUI".str_replace( "AUI", "", $this->classname )."' OR classname = '".str_replace( "AUI", "", $this->classname )."' ) ORDER BY date DESC"; $q->query( $query_string ); if( $q->numrows() > 0 ) { $i = 0; while( $q->fetchrow() ) { $obj = new Blankko(); $obj->user_id = $q->field( "user_id" ); $obj->date = $q->field( "date" ); $obj->type = $q->field( "type" ); $obj->done_sql = $q->field( "done_sql" ); $obj->recovery_sql = $q->field( "recovery_sql" ); $this->data_history[ $i++ ] = $obj; unset( $obj ); } unset( $i ); } unset( $q ); } } return $this->data_history; } function PutHistory( $mode = "", $done_sql = "", $recovery_sql = "", $do_not_update_forbidden_data_cache_dates = 0 ) { ## ------------------------------------------------------------ ## luokan metodeissa insert, delete ja update kutsutaan tätä metodia esim. näin: ## $this->PutHistory( "update", $query_string ); if( trim( $mode ) != "" && $this->id > 0 ) { $types = array( "" => 0, "insert" => 1, "update" => 2, "delete" => 3 ); $q = new QueryObject( $this->conn_id ); $query_string = "INSERT INTO data_history ( domain_id, module_id, data_id, user_id, date, classname, type, done_sql, recovery_sql ) VALUES ( ". ( is_object( $this->domain ) && $this->domain->id > 0 ? $this->domain->id : ( $this->domain_id > 0 ? $this->domain_id : -1 ) ).", ". ( is_object( $this->module ) && $this->module->id > 0 ? $this->module->id : ( $this->module_id > 0 ? $this->module_id : -1 ) ).", ". $this->id.", ". $this->user->id.", ". date( "YmdHis" ).", ". "'".$this->classname."', ". $types[ $mode ].", ". "'".addslashes( $done_sql )."', ". "'".addslashes( $recovery_sql )."' )"; if( $q->query( $query_string ) ) { if( ( $mode == "insert" || $mode == "update" || $mode == "delete" ) && $this->classname != "DesktopAlarm" ) { ## ---------------------- ## alert/reminder if( !class_exists( "DesktopAlarm" ) && file_exists( "../mod_main/classes/class_desktopalarm.inc" ) ) { include_once( "../mod_main/classes/class_desktopalarm.inc" ); } if( class_exists( "DesktopAlarm" ) ) { $a = new DesktopAlarm( 1 ); if( $mode == "insert" && in_array( $this->classname, array( "AUIPage", "AUILibrary", "AUILibraryCat", "AUINews", "AUINewsCategory", "AUISurveySheet", "ImageBankCat", "ImageBank" ) ) ) { $parents = array(); if( $this->classname == "AUIPage" && ( $this->parent_id > 0 || $this->area_id > 0 ) ) { if( $this->parent_id > 0 ) { $temp = new AUIPage( 1 ); if( $temp->load( $this->parent_id ) ) { $parents[ $temp->classname ] = $temp->id; } unset( $temp ); } if( $this->area_id > 0 ) { $temp = new AUIArea( 1 ); if( $temp->load( $this->area_id ) ) { $parents[ $temp->classname ] = $temp->id; } unset( $temp ); } } elseif( $this->classname == "AUILibrary" && $this->cat_id > 0 ) { $temp = new AUILibraryCat( 1 ); if( $temp->load( $this->cat_id ) ) { $parents[ $temp->classname ] = $temp->id; } unset( $temp ); } elseif( $this->classname == "AUILibraryCat" && $this->parent_id > 0 ) { $temp = new AUILibraryCat( 1 ); if( $temp->load( $this->parent_id ) ) { $parents[ $temp->classname ] = $temp->id; } unset( $temp ); } elseif( $this->classname == "AUINews" && $this->cat_id > 0 ) { $temp = new AUINewsCategory( 1 ); if( $temp->load( $this->cat_id ) ) { $parents[ $temp->classname ] = $temp->id; } unset( $temp ); } elseif( $this->classname == "AUINewsCategory" && $this->parent_id > 0 ) { $temp = new AUINewsCategory( 1 ); if( $temp->load( $this->parent_id ) ) { $parents[ $temp->classname ] = $temp->id; } unset( $temp ); } elseif( $this->classname == "AUISurveySheet" && $this->survey_id > 0 ) { $temp = new AUISurvey( 1 ); if( $temp->load( $this->survey_id ) ) { $parents[ $temp->classname ] = $temp->id; } unset( $temp ); } elseif( $this->classname == "ImageBank" && $this->cat_id > 0 ) { $temp = new ImageBankCat( 1 ); if( $temp->load( $this->cat_id ) ) { $parents[ $temp->classname ] = $temp->id; } unset( $temp ); } elseif( $this->classname == "ImageBankCat" && $this->parent_id > 0 ) { $temp = new ImageBankCat( 1 ); if( $temp->load( $this->parent_id ) ) { $parents[ $temp->classname ] = $temp->id; } unset( $temp ); } if( is_array( $parents ) && count( $parents ) > 0 ) { $als = array(); foreach( $parents AS $pclassname => $pid ) { $als = array_merge( $als, $a->loadAlarms( -1, $this->module->id, $pclassname, $pid, 1, -1, -1, 2 ) ); } unset( $pclassname, $pid ); } unset( $parents ); } elseif( $mode == "update" || $mode == "delete" ) { $als = $a->loadAlarms( -1, $this->module->id, $this->classname, $this->id, 1, -1, -1, 0 ); } if( is_array( $als ) && count( $als ) > 0 ) { foreach( $als AS $al ) { $al->send( $mode, $this ); } unset( $al ); } unset( $a, $als ); } } $query_string = "OPTIMIZE TABLE data_history"; $q->query( $query_string ); if( $do_not_update_forbidden_data_cache_dates != 1 ) { $query_string = "SELECT date FROM forbidden_data_cache_update_date_store WHERE classname = '".str_replace( "AUI", "", $this->classname )."'"; $q->query( $query_string ); if( $q->numrows() > 0 ) { $trigger = -1; if( $this->date_publish > $trigger && $this->date_publish > date( "YmdHi" ) ) { $trigger = $this->date_publish; } if( ( $this->date_expire < $trigger || $trigger < 1 ) && $this->date_expire > date( "YmdHi" ) ) { $trigger = $this->date_expire; } if( strlen( $trigger ) > 12 ) { $trigger = substr( $trigger, 0, 12 ); } $query_string = "SELECT update_trigger FROM forbidden_data_cache_update_date_store WHERE classname = '".str_replace( "AUI", "", $this->classname )."' AND update_trigger < ".$trigger." AND update_trigger > 0"; $q->query( $query_string ); if( $q->numrows() > 0 ) { $trigger = $q->field( "update_trigger" ); } #print "<br>pom: ".$this->date_expire.", ".$this->date_publish." ----> ".$trigger; $query_string = "UPDATE forbidden_data_cache_update_date_store SET date = '".date( "YmdHis" )."', update_trigger = ".$trigger." WHERE classname = '".str_replace( "AUI", "", $this->classname )."'"; $q->query( $query_string ); unset( $trigger ); } else { $query_string = "DELETE FROM forbidden_data_cache_update_date_store"; if( $q->query( $query_string ) ) { $query_string = "INSERT INTO forbidden_data_cache_update_date_store ( classname, date ) ". "SELECT REPLACE( data_history.classname, 'AUI', '' ), MAX( LEFT( data_history.date, 14 ) ) ". "FROM data_history GROUP BY data_history.classname ASC"; $q->query( $query_string ); } } } unset( $q ); return true; } unset( $q ); } return false; } function SetLock() { ## -------------------------------------------------- ## sets a lock if( $this->adminstate == 1 && $this->id > 0 ) { $go = true; global $_SERVER; if( strpos( $_SERVER[ "SCRIPT_FILENAME" ], "cui_edit.php" ) !== false ) { $rolecheck = $this->user->hasRole( $this->module->id, $this, array( ROLE_EDITOR, ROLE_CREATOR, ROLE_PUBLISHER, ROLE_DELETOR, ROLE_CUIEDIT ) ); } else { $rolecheck = $this->user->hasRole( $this->module->id, $this, array( ROLE_EDITOR, ROLE_CREATOR, ROLE_PUBLISHER, ROLE_DELETOR ) ); } if( !$rolecheck && ( $this->classname == "AUIImageBank" || $this->classname == "AUIImageBankCat" ) ) { $rolecheck = $this->user->hasRole( MODULE_ID_INFO, $this, array( ROLE_EDITOR, ROLE_CREATOR, ROLE_PUBLISHER, ROLE_DELETOR ) ); if( !$rolecheck ) { $rolecheck = $this->user->hasRole( MODULE_ID_NEWS, $this, array( ROLE_EDITOR, ROLE_CREATOR, ROLE_PUBLISHER, ROLE_DELETOR ) ); if( !$rolecheck ) { $rolecheck = $this->user->hasRole( MODULE_ID_SURVEY, $this, array( ROLE_EDITOR, ROLE_CREATOR, ROLE_PUBLISHER, ROLE_DELETOR ) ); } } } if( is_object( $this->module ) && $this->module->id > 0 && !$rolecheck ) { $go = false; } if( $go ) { $q = new QueryObject( $this->conn_id ); $query_string = "SELECT * FROM data_lock WHERE user_id != ".$this->user->id." AND date >= ".date( "YmdHi" )." AND user_id > 0 AND data_id = ".$this->id." AND classname = '".$this->classname."'"; $q->query( $query_string ); if( $q->numrows() < 1 ) { $query_string = "DELETE FROM data_lock WHERE data_id != ".$this->id." AND user_id = ".$this->user->id; $q->query( $query_string ); $query_string = "DELETE FROM data_lock WHERE data_id = ".$this->id." AND classname = '".$this->classname."'"; $q->query( $query_string ); $incr = 5; if( is_object( $this->module ) && ( is_object( $this->domain ) || $this->domain_id > 0 ) ) { $incr = $this->module->getModulePropertyVal( $this->domain_id, "DataLock", 10 ); } $locktime = date( "YmdHi", mktime( date( "H" ), ( date( "i" ) + $incr ), date( "s" ), date( "m" ), date( "d" ), date( "Y" ) ) ); $query_string = "INSERT INTO data_lock ( user_id, data_id, date, classname ) VALUES ( ".$this->user->id.", ".$this->id.", ".$locktime.",'".$this->classname."' )"; $q->query( $query_string ); unset( $q ); return true; } unset( $q ); } unset( $go ); return false; } return true; } function UnLock( $mode = 0, $classname = "", $id = -1 ) { ## -------------------------------------------------- ## four modes (mode): ## 0 = specific object and user ## 1 = all locks for a certain user ## 2 = all locks for a certain object ## 3 = locks for a certain data by not making the class instance $q = new QueryObject( $this->conn_id ); if( ( $this->classname == "User" || $this->classname == "AUIUser" ) && $mode == 1 && $this->id > 0 ) { ## ------------------------------------------- ## poistetaan kaikki lukot instanssin käyttäjältä $query_string = "DELETE FROM data_lock WHERE user_id = ".$this->id; $q->query( $query_string ); unset( $q ); return true; } elseif( $mode == 3 && trim( $classname ) != "" && $id > 0 ) { ## -------------------------------------------- ## poistetaan lukko ilman luokkaa (yleensä release_lock.php:n kautta) $query_string = "DELETE FROM data_lock WHERE data_id = ".$id." AND classname = '".$classname."'"; $q->query( $query_string ); unset( $q ); return true; } elseif( $this->adminstate == 1 && $this->id > 0 ) { if( $mode == 1 && $this->user->id > 0 ) { ## ------------------------------------------- ## poistetaan kaikki lukot instanssin käyttäjältä $query_string = "DELETE FROM data_lock WHERE user_id = ".$this->user->id; } elseif( $mode == 2 ) { ## ------------------------------------------- ## poistetaan kaikki lukot tietyltä objektilta $query_string = "DELETE FROM data_lock WHERE data_id = ".$this->id." AND classname = '".$this->classname."'"; } elseif( $this->user->id > 0 ) { ## ------------------------------------------- ## poistetaan lukko tietyltä objektilta ja tietyltä käyttäjältä $query_string = "DELETE FROM data_lock WHERE user_id = ".$this->user->id." AND user_id > 0 AND data_id = ".$this->id." AND classname = '".$this->classname."'"; } $q->query( $query_string ); unset( $q ); return true; } unset( $q ); return false; } function ResolveLock( $return_data = 0 ) { ## -------------------------------------------------- ## return false if the object is locked by someone else than the logged user if( /*$this->adminstate == 1 &&*/ $this->id > 0 ) //ETä 9.6.2011 poistin adminstate-kyselyn, koska aiheutti ongelmia käyttäjänimen selvittämisessä { $q = new QueryObject( $this->conn_id ); $query_string = "SELECT * FROM data_lock WHERE user_id != ".$this->user->id." AND date >= ".date( "YmdHi" )." AND user_id > 0 AND data_id = ".$this->id." AND classname = '".$this->classname."'"; $q->query( $query_string ); if( $q->numrows() > 0 ) { ## ------------------------- ## lukossa on if( $return_data == 1 ) { $obj = new Blankko(); $obj->user_id = $q->field( "user_id" ); $obj->date = $q->field( "date" ); unset( $q ); return $obj; } unset( $q ); return false; } elseif( $return_data == 1 ) { $query_string = "SELECT * FROM data_lock WHERE user_id = ".$this->user->id." AND user_id > 0 AND data_id = ".$this->id." AND classname = '".$this->classname."'"; $q->query( $query_string ); if( $q->numrows() > 0 ) { $obj = new Blankko(); $obj->user_id = $q->field( "user_id" ); $obj->date = $q->field( "date" ); unset( $q ); return $obj; } } unset( $q ); } return true; } function escapeChars( $val = "" ) { $val = str_replace( "\"", "'", $val ); $val = str_replace( "´", "\'", $val ); $val = str_replace( "`", "\'", $val ); $val = str_replace( "[\]'", "\'", $val ); return $val; } function parseFileName( $val = "" ) { $val = str_replace( "ä", "a", $val ); $val = str_replace( "ö", "o", $val ); $val = str_replace( "å", "a", $val ); $val = str_replace( "Ä", "A", $val ); $val = str_replace( "Ö", "O", $val ); $val = str_replace( "Å", "A", $val ); $val = str_replace( "ü", "u", $val ); $val = str_replace( "Ü", "U", $val ); $val = str_replace( " ", "_", $val ); $val = str_replace( ":", "_", $val ); $val = str_replace( "(", "_", $val ); $val = str_replace( ")", "_", $val ); $val = str_replace( "/", "_", $val ); $val = str_replace( "?", "_", $val ); $val = str_replace( "*", "_", $val ); $val = str_replace( "%", "_", $val ); $val = str_replace( "&", "_", $val ); $val = str_replace( "=", "_", $val ); $val = str_replace( "\\", "_", $val ); return $val; } function getForbiddenIds() { ## ------------------- ## HUOM! Tämä funktio palauttaa vain loppukäyttöoikeuksiltaan kiellettyjen samanlaisten objektien ID:t ## objektilla on oltava module-objekti määriteltynä $ret = false; if( ( is_object( $this->module ) || $this->module_id > 0 ) && trim( $this->classname ) != "" ) { $ret = array(); $q = new QueryObject( WSM_CONN ); if( $this->user->id < 1 ) { $query_string = "SELECT data_id FROM data_rights ". "WHERE data_id > 0 ". "AND module_id = ".( ( is_object( $this->module ) ) ? $this->module->id : $this->module_id )." ". ( ( $this->domain_id > 0 ) ? "AND domain_id = ".$this->domain_id." " : ( ( is_object( $this->domain ) ? "AND domain_id = ".$this->domain->id." " : "" ) ) ). "AND classname LIKE( '%".str_replace( "AUI", "", $this->classname )."' ) ". "AND roles & ".ROLE_CUI." ". "AND ( user_id > 0 OR group_id > 0 ) ". "ORDER BY data_id ASC"; } else { $query_string = "SELECT ( SELECT 1 )"; $q->query( $query_string ); if( $q->numrows() > 0 ) { ## uusi tehokas tapa sisäkkäisillä kyselyillä $query_string = "SELECT data_id FROM data_rights ". "WHERE data_id > 0 ". "AND module_id = ".( ( is_object( $this->module ) ) ? $this->module->id : $this->module_id )." ". ( ( $this->domain_id > 0 ) ? "AND domain_id = ".$this->domain_id." " : ( ( is_object( $this->domain ) ? "AND domain_id = ".$this->domain->id." " : "" ) ) ). "AND classname LIKE( '%".str_replace( "AUI", "", $this->classname )."' ) ". "AND roles & ".ROLE_CUI." ". "AND data_id NOT IN( ". "SELECT data_id FROM data_rights WHERE roles & ".ROLE_CUI." ". "AND module_id = ".( ( is_object( $this->module ) ) ? $this->module->id : $this->module_id )." ". ( ( $this->domain_id > 0 ) ? "AND domain_id = ".$this->domain_id." " : ( ( is_object( $this->domain ) ? "AND domain_id = ".$this->domain->id." " : "" ) ) ). "AND classname LIKE( '%".str_replace( "AUI", "", $this->classname )."' ) ". "AND ( user_id = ".$this->user->id." ". "OR group_id IN( ".implode( ", ", $this->user->getGroupIds() )." ) ) ". ") ". "ORDER BY data_id ASC"; } else { ## vanha MySQL/PHP-tapa $not_ins = ""; $query_string = "SELECT data_id FROM data_rights WHERE roles & ".ROLE_CUI." ". "AND module_id = ".( ( is_object( $this->module ) ) ? $this->module->id : $this->module_id )." ". ( ( $this->domain_id > 0 ) ? "AND domain_id = ".$this->domain_id." " : ( ( is_object( $this->domain ) ? "AND domain_id = ".$this->domain->id." " : "" ) ) ). "AND classname LIKE( '%".str_replace( "AUI", "", $this->classname )."' ) ". "AND ( user_id = ".$this->user->id." ". "OR group_id IN( ".implode( ", ", $this->user->getGroupIds() )." ) ) ". "ORDER BY data_id ASC"; $q->query( $query_string ); if( $q->numrows() > 0 ) { while( $q->fetchrow() ) { $not_ins .= ( trim( $not_ins ) != "" ? ", " : "" ).$q->field( "data_id" ); } } $query_string = "SELECT data_id FROM data_rights ". "WHERE data_id > 0 ". "AND module_id = ".( ( is_object( $this->module ) ) ? $this->module->id : $this->module_id )." ". ( ( $this->domain_id > 0 ) ? "AND domain_id = ".$this->domain_id." " : ( ( is_object( $this->domain ) ? "AND domain_id = ".$this->domain->id." " : "" ) ) ). "AND classname LIKE( '%".str_replace( "AUI", "", $this->classname )."' ) ". "AND roles & ".ROLE_CUI." ". ( trim( $not_ins ) != "" ? "AND data_id NOT IN( ".$not_ins." ) " : "" ). "ORDER BY data_id ASC"; unset( $not_ins ); } } $q->query( $query_string ); if( $q->numrows() > 0 ) { while( $q->fetchrow() ) { $ret[] = $q->field( "data_id" ); } } unset( $q, $query_string ); } return $ret; } function canCUIEdit( $user = -1, $preload_id = -1 ) { $ret = false; if( is_object( $user ) && ( $this->id > 0 || $preload_id > 0 ) ) { if( $user->id > 0 ) { if( $this->id > 0 && trim( $this->rights ) != "" ) { $rp = explode( ",", $this->rights ); if( is_array( $rp ) && count( $rp ) > 0 ) { foreach( $rp AS $r ) { if( trim( $r ) != "" && strpos( $r, "u".( trim( $user->ldap_id ) != "" ? $user->ldap_id : $user->id ).":" ) !== false ) { if( ROLE_CUIEDIT & intval( substr( $r, strpos( $r, ":" ) + 1, strlen( $r ) ) ) ) { $ret = true; break; } } } unset( $r ); if( !$ret ) { $ugroups = $user->getGroupIds(); if( is_array( $ugroups ) && count( $ugroups ) > 0 ) { foreach( $ugroups AS $ug ) { foreach( $rp AS $r ) { if( trim( $r ) != "" && strpos( $r, "g".$ug.":" ) !== false ) { if( ROLE_CUIEDIT & intval( substr( $r, strpos( $r, ":" ) + 1, strlen( $r ) ) ) ) { $ret = true; break; } } } if( $ret ) { break; } } unset( $ug ); } unset( $ugroups ); } } unset( $rp ); } else { $ugroups = $user->getGroupIds(); $q = new QueryObject( WSM_CONN ); if( count( $ugroups ) < 1 ) { $ugroups[ 0 ] = -2; } $query_string = "SELECT data_id FROM data_rights ". "WHERE data_id = ".( ( $preload_id > 0 ) ? $preload_id : $this->id )." ". "AND classname LIKE( '%".str_replace( "AUI", "", $this->classname )."' )". "AND roles & ".ROLE_CUIEDIT." ". "AND ( ".( trim( $user->ldap_id ) != "" ? "ldap_user_key = '".$user->ldap_id."' OR ldap_group_key IN( '".implode( "', '", $ugroups )."' )" : "user_id = ".$user->id." OR group_id IN( ".implode( ", ", $ugroups )." )" )." )"; $q->query( $query_string ); if( $q->numrows() > 0 ) { $ret = true; } unset( $q, $ugroups ); } } } return $ret; } function ResolveRight( $adminstate = 0, $preload_id = -1, $override_cui_editor = 0 ) { global $WSM_aui; if( $adminstate == 1 || $this->adminstate == 1 || is_object( $WSM_aui ) ) { return $this->ResolveRightAUI( $preload_id ); } return $this->ResolveRightCUI( $preload_id, $override_cui_editor ); } function ResolveRightAUI( $preload_id = -1 ) { /* CREATE TABLE forbidden_data_cache_aui( cache_id bigint(20) NOT NULL auto_increment, user_id bigint(20) NOT NULL default '-1', user_group_hash varchar(32) NOT NULL default '', user_ldap_key varchar(128) NOT NULL default '', classname varchar(32) NOT NULL default '', date bigint(20) NOT NULL default '-1', content LONGTEXT, PRIMARY KEY( cache_id ) ); */ ## --------------------------------- ## rights check for AUI only if( $this->user->is_super == 1 || $this->user->id < 1 ) { ## ---------------------------------------------------- ## super users and unrecogs can do anything in AUI... return true; } $ret = true; $use_uid = $this->user->id; $use_date = date( "YmdHis" ); $use_id = ( $preload_id > 0 ? $preload_id : $this->id ); $use_classname = str_replace( "AUI", "", $this->classname ); $frb_cache_key = $use_classname.$use_uid; if( $use_id > 0 && trim( $use_classname ) != "" ) { $ret = false; $q = new QueryObject( $this->conn_id ); ## --------------------------- ## uudet ylläpidon oikeussäännöt, jotka toimivat nopsemmin if( $use_classname == "Module" ) { ## --------------------------- ## kyseessä on moduli, joten tsegataan vain yksinkertaisesti ## ETä 5.5.2010: ohitus uutisten wysiwyg-editointiin, jossa pageParserille on annettava oikeus ladata sivut-moduli jos onnistutaan lataamaan uutismoduli if( $use_id == MODULE_ID_PAGES && strpos( str_replace( "\\", "/", $_SERVER[ "SCRIPT_FILENAME" ] ), "admins/mod_news/aui_newscontents.php" ) !== false ) { $query_string = "SELECT data_rights.module_id FROM data_rights, groups ". "WHERE data_rights.group_id = groups.group_id ". "AND groups.is_aui = 1 ". "AND data_rights.classname = '' ". "AND data_rights.data_id < 1 ". "AND data_rights.module_id IN( ".$use_id.", ".MODULE_ID_NEWS." ) ". "AND ( data_rights.roles & ".ROLE_EDITOR." OR data_rights.roles & ".ROLE_CREATOR." ) ". "AND data_rights.group_id IN( ".implode( ", ", $this->user->getGroupIds() )." )"; } else { $query_string = "SELECT data_rights.module_id FROM data_rights, groups ". "WHERE data_rights.group_id = groups.group_id ". "AND groups.is_aui = 1 ". "AND data_rights.classname = '' ". "AND data_rights.data_id < 1 ". "AND data_rights.module_id = ".$use_id." ". "AND data_rights.roles & ".ROLE_VIEWER." ". "AND data_rights.group_id IN( ".implode( ", ", $this->user->getGroupIds() )." )"; } $q->query( $query_string ); if( $q->numrows() > 0 ) { $ret = true; } return $ret; } if( is_array( $this->fields ) ) { $pcname = str_replace( "AUI", "", $this->classname ); $pc = new $pcname(); $query_string = "SELECT rights FROM ".$pc->sourcetable." WHERE rights != '' AND ".$pc->sourceid." = ".$use_id; $q->query( $query_string ); if( $q->numrows() > 0 ) { ## --------------------------- ## rights-kenttä löytyy ja siinä on tavaraa, joten tsegataan suoraan siitä $right_for_self = false; $right_for_others = false; $checks = explode( ",", $q->field( "rights" ) ); if( is_array( $checks ) && count( $checks ) > 0 ) { $gids = $this->user->getGroupIds(); foreach( $checks AS $chp ) { $chpp = explode( ":", $chp ); if( is_array( $chpp ) && count( $chpp ) == 2 && $chpp[ 1 ] > ROLE_CUI && $chpp[ 1 ] != ROLE_CUIEDIT ) { $chid = ( is_string( $chpp[ 0 ] ) ? substr( $chpp[ 0 ], 1, strlen( $chpp[ 0 ] ) ) : "" ); if( is_string( $chpp[ 0 ] ) && substr( $chpp[ 0 ], 0, 1 ) == "u" ) { if( $chid == $this->user->id ) { $right_for_self = true; break; } else { $right_for_others = true; } } elseif( is_string( $chpp[ 0 ] ) && substr( $chpp[ 0 ], 0, 1 ) == "g" ) { if( in_array( $chid, $gids ) ) { $right_for_self = true; break; } else { $right_for_others = true; } } unset( $chid ); } unset( $chpp ); } unset( $chp, $gids ); } $ret = ( $right_for_self ? true : ( $right_for_others ? false : true ) ); unset( $checks, $right_for_self, $right_for_others ); return $ret; } else { ## --------------------------- ## ei ole rights-kenttää taulussa tai kenttä on tyhjä, joten oikeuksiakaan ei ole määritetty return true; } unset( $pcname, $pc ); } ## --------------------------- if( !is_array( $this->user->frb_auidata ) || !is_array( $this->user->frb_auidate ) ) { $this->user->frb_auidata = array(); $this->user->frb_auidate = array(); $this->user->frb_auihash = array(); $query_string = "SELECT DISTINCT date, content, classname, user_group_hash FROM forbidden_data_cache_aui WHERE user_id = ".$use_uid; $q->query( $query_string ); if( $q->numrows() > 0 ) { while( $q->fetchrow() ) { $tcn = str_replace( "AUI", "", $q->field( "classname" ) ); $this->user->frb_auidata[ $tcn.$use_uid ] = unserialize( base64_decode( $q->field( "content" ) ) ); $this->user->frb_auidate[ $tcn.$use_uid ] = $q->field( "date" ); $this->user->frb_auihash[ $tcn.$use_uid ] = $q->field( "user_group_hash" ); unset( $tcn ); } } } if( !is_array( $this->user->aui_group_ids ) ) { $this->user->aui_group_ids = array(); $ugroups = array(); $query_string = "SELECT DISTINCT groups.group_id FROM user_group_link, groups WHERE user_group_link.user_id = ".$use_uid." AND user_group_link.group_id = groups.group_id AND groups.active = 1 AND groups.is_aui = 1 AND groups.date_publish <= ".$use_date." AND ( groups.date_expire < 1 OR groups.date_expire > ".date( "YmdHi" )." ) ORDER BY groups.group_id ASC"; $q->query( $query_string ); if( $q->numrows() > 0 ) { while( $q->fetchrow() ) { $this->user->aui_group_ids[] = $q->field( "group_id" ); } } } if( count( $this->user->aui_group_ids ) < 1 ) { exit; } $refresh = true; $group_hash_go = false; if( method_exists( $this->user, "getGroupIds" ) ) { if( $this->user->frb_auihash[ $frb_cache_key ] != md5( serialize( $this->user->aui_group_ids ) ) ) { $group_hash_go = true; } } if( !$group_hash_go && $this->user->frb_auidate[ $frb_cache_key ] > 0 ) { if( !is_array( $this->user->frb_auidata_updates ) ) { $this->user->frb_auidata_updates = array(); $query_string = "SELECT classname, date, update_trigger FROM forbidden_data_cache_update_date_store"; $q->query( $query_string ); if( $q->numrows() < 1 ) { ## ------------------------- ## tämä päivitys on asennettu, mutta yhtään tiedon päivitystä tietokantaan ## putHistory():n kautta ei ole vielä tehty -> tehdään temppitaulun sisältö $query_string = "INSERT INTO forbidden_data_cache_update_date_store ( classname, date ) ". "SELECT REPLACE( data_history.classname, 'AUI', '' ), MAX( LEFT( data_history.date, 14 ) ) ". "FROM data_history GROUP BY data_history.classname ASC"; $q->query( $query_string, 1 ); $query_string = "SELECT classname, date, update_trigger FROM forbidden_data_cache_update_date_store"; $q->query( $query_string ); } if( $q->numrows() > 0 ) { while( $q->fetchrow() ) { $ukey = trim( $q->field( "classname" ) ); if( $ukey != "" ) { $this->user->frb_auidata_updates[ $ukey ] = $q->field( "date" ); } unset( $ukey ); } } } if( $this->user->frb_auidata_updates[ $use_classname ] > 0 ) { $refresh = false; $md = $this->user->frb_auidata_updates[ $use_classname ]; if( $md ) { if( strlen( $md ) < 14 && substr( $md, 0, 12 ) > substr( $this->user->frb_auidate[ $frb_cache_key ], 0, 12 ) ) { $refresh = true; } elseif( strlen( $md ) == 14 && substr( $md, 0, 14 ) > substr( $this->user->frb_auidate[ $frb_cache_key ], 0, 14 ) ) { $refresh = true; } } unset( $md ); } } if( $refresh ) { ## --------------------------------- ## update the cache $is_new_entry = !is_array( $this->user->frb_auidata[ $frb_cache_key ] ); $this->user->frb_auidata[ $frb_cache_key ] = array(); $this->user->frb_auidate[ $frb_cache_key ] = $use_date; $this->user->frb_auihash[ $frb_cache_key ] = md5( serialize( $this->user->aui_group_ids ) ); ## --------------------------------- ## check which data is forbidden $query_made = false; if( $use_uid > 0 ) { $query_string = "SELECT DISTINCT data_id FROM data_rights WHERE data_id > 0 AND classname = '".$use_classname."' AND roles > ".ROLE_CUI." AND roles != ".ROLE_CUIEDIT." AND roles != ".( ROLE_CUI + ROLE_CUIEDIT )." AND ( user_id = ".$use_uid." OR group_id IN( ".implode( ", ", $this->user->aui_group_ids )." ) ) ORDER BY data_id ASC"; $q->query( $query_string ); if( $q->numrows() > 0 ) { $query_made = true; $sep = ""; $query_string = "SELECT DISTINCT data_id FROM data_rights WHERE classname = '".$use_classname."' AND roles > ".ROLE_CUI." AND roles != ".ROLE_CUIEDIT." AND roles != ".( ROLE_CUI + ROLE_CUIEDIT )." AND data_id NOT IN( "; while( $q->fetchrow() ) { $query_string .= $sep.$q->field( "data_id" ); $sep = ", "; } $query_string .= " ) ORDER BY data_id ASC"; unset( $sep ); } } if( !$query_made ) { $query_string = "SELECT DISTINCT data_id FROM data_rights WHERE classname = '".$use_classname."' AND roles > ".ROLE_CUI." AND roles != ".ROLE_CUIEDIT." AND roles != ".( ROLE_CUI + ROLE_CUIEDIT )." ORDER BY data_id ASC"; } unset( $query_made ); $q->query( $query_string ); if( $q->numrows() > 0 ) { while( $q->fetchrow() ) { $this->user->frb_auidata[ $frb_cache_key ][] = $q->field( "data_id" ); } } if( $is_new_entry ) { $query_string = "INSERT INTO forbidden_data_cache_aui ( user_id, classname, date, content, user_group_hash ) VALUES ( ".$use_uid.", '".$use_classname."', ".$this->user->frb_auidate[ $frb_cache_key ].", '".base64_encode( serialize( $this->user->frb_auidata[ $frb_cache_key ] ) )."', '".$this->user->frb_auihash[ $frb_cache_key ]."' )"; } else { $query_string = "UPDATE forbidden_data_cache_aui SET date = ".$this->user->frb_auidate[ $frb_cache_key ].", content = '".base64_encode( serialize( $this->user->frb_auidata[ $frb_cache_key ] ) )."', user_group_hash = '".$this->user->frb_auihash[ $frb_cache_key ]."' WHERE user_id = ".$use_uid." AND classname = '".$use_classname."'"; } $q->query( $query_string ); } if( is_array( $this->user->frb_auidata ) ) { if( !in_array( $use_id, $this->user->frb_auidata[ $frb_cache_key ] ) ) { $ret = true; } } unset( $q ); } unset( $use_uid, $use_date, $use_id, $use_classname, $frb_cache_key ); return $ret; } function ResolveRightCUI( $preload_id = -1, $override_cui_editor = 0 ) { /* CREATE TABLE forbidden_data_cache( cache_id BIGINT(20) PRIMARY KEY auto_increment, user_id bigint(20) NOT NULL default '-1', user_group_hash varchar(32) NOT NULL default '', user_ldap_key varchar(255) NOT NULL default '', classname varchar(128) NOT NULL default '', date bigint(20) NOT NULL default '-1', content LONGTEXT, PRIMARY KEY( cache_id ) ); */ ## --------------------------------- ## modulin voi aina ladata loppukäyttöpuolella jos asennettu (ETä 26.9.2007) if( $this->classname == "Module" ) { return true; } // ETä 23.10.2009: lisäsin tällaisen, koska tätä testiä on turha tehdä domainille, jolla ei ole oikeusrajoituksia ja jota lataillaan usein, vaan pelkkä julkaisutilaselvitys riittää // ETä 27.1.2010: lisäsin samaan kieltopompsiin myös käyttäjä-, ryhmä- ja tyyli-objektit if( ( $this->classname == "Domain" || $this->classname == "AUIDomain" || $this->classname == "User" || $this->classname == "Group" || $this->classname == "Style" ) && $this->adminstate != 1 )//&& ( $this->user->id < 1 || trim( $this->user->id ) == "" ) && trim( $this->user->ldap_id ) == "" ) // edes user_id:tä ei tarvitse selvittää { $ret = true; $d = date( "YmdHi" ); if( $this->id > 0 ) { if( ( $this->classname == "Style" && $this->active != 1 ) || ( $this->classname != "Style" && ( $this->active != 1 || $this->date_publish > $d || ( $this->date_expire > 0 && $this->date_expire <= $d ) ) ) ) { $ret = false; } } elseif( $preload_id > 0 ) { $q = new QueryObject( $this->conn_id ); if( $this->classname == "Domain" || $this->classname == "AUIDomain" ) { $query_string = "SELECT domain_id FROM domain WHERE active = 1 AND date_publish <= ".$d." AND ( date_expire < 1 OR date_expire > ".$d." ) AND domain_id = ".$preload_id; } elseif( $this->classname == "User" ) { $query_string = "SELECT user_id FROM users WHERE active = 1 AND date_publish <= ".$d." AND ( date_expire < 1 OR date_expire > ".$d." ) AND user_id = ".$preload_id; } elseif( $this->classname == "Group" ) { $query_string = "SELECT group_id FROM groups WHERE active = 1 AND date_publish <= ".$d." AND ( date_expire < 1 OR date_expire > ".$d." ) AND group_id = ".$preload_id; } elseif( $this->classname == "Style" ) { $query_string = "SELECT style_id FROM styles WHERE active = 1 AND style_id = ".$preload_id; } $q->query( $query_string ); if( $q->numrows() < 1 ) { $ret = false; } unset( $q ); } unset( $d ); return $ret; } ## --------------------------------- ## rights check for CUI/AUI $ret = false; if( ( $preload_id > 0 || $this->id > 0 ) && trim( $this->classname ) != "" && count( get_class_methods( $this->user ) ) > 0 ) { if( trim( $this->user->id ) == "" ) { $this->user->id = -1; } $use_uid = $this->user->id; $use_id = ( $preload_id > 0 ? $preload_id : $this->id ); $use_classname = str_replace( "AUI", "", $this->classname ); $frb_cache_key = $use_classname.$use_uid; if( $this->user->cache_ldap_checked !== true ) { $this->user->cache_ldap_checked = true; $this->user->cache_ldap = $this->resolveLDAPEnabled(); } $use_ldap = $this->user->cache_ldap; $q = new QueryObject( $this->conn_id ); if( !is_array( $this->user->frb_data[ $use_uid ] ) || !is_array( $this->user->frb_date[ $use_uid ] ) ) { $this->user->frb_data[ $use_uid ] = array(); $this->user->frb_date[ $use_uid ] = array(); $this->user->frb_hash[ $use_uid ] = array(); if( $use_ldap ) { $query_string = "SELECT DISTINCT date, content, classname, user_group_hash FROM forbidden_data_cache WHERE user_ldap_key = '".$this->user->ldap_id."'";// AND user_ldap_key != ''";// AND classname = '".$use_classname."'"; } else { $query_string = "SELECT DISTINCT date, content, classname, user_group_hash FROM forbidden_data_cache WHERE '".$this->classname."' = '".$this->classname."' AND user_id = ".$use_uid;//." AND classname = '".$use_classname."'"; } global $_SERVER, $VAJ_cache_generation_time; if( $preload_id == 1 && $this->classname == "Module" && $_SERVER[ "REMOTE_ADDR" ] == "62.142.78.10" ) { # print "\n<br>gtime 2 (".$this->classname.":".$preload_id.") -- ".( getMicroTimeForVAJCache() - $VAJ_cache_generation_time ); } $q->query( $query_string ); if( $preload_id == 1 && $this->classname == "Module" && $_SERVER[ "REMOTE_ADDR" ] == "62.142.78.10" ) { # print "\n<br>gtime 2.5: ".$query_string."\n<br>numrows: ".$q->numrows(); } #delete from forbidden_data_cache where classname in( 'Domain', 'PageData', 'Page', 'News', 'SurveyButton', 'Survey', 'Library', 'LibraryCat', 'SurveySheet', 'SurveyElement', 'NewsCategory', 'Language', 'Area', 'SurveyLayout', 'Template', 'EntrePage', 'ImageBank', 'ImageBankCat' ); #delete from forbidden_data_cache_update_date_store where classname in( 'Domain', 'PageData', 'Page', 'News', 'SurveyButton', 'Survey', 'Library', 'LibraryCat', 'SurveySheet', 'SurveyElement', 'NewsCategory', 'Language', 'Area', 'SurveyLayout', 'Template', 'EntrePage', 'ImageBank', 'ImageBankCat' ); if( $q->numrows() > 0 ) { while( $q->fetchrow() ) { $tcn = str_replace( "AUI", "", $q->field( "classname" ) ); $this->user->frb_data[ $use_uid ][ $tcn.$use_uid ] = unserialize( base64_decode( $q->field( "content" ) ) ); $this->user->frb_date[ $use_uid ][ $tcn.$use_uid ] = $q->field( "date" ); $this->user->frb_hash[ $use_uid ][ $tcn.$use_uid ] = $q->field( "user_group_hash" ); unset( $tcn ); } } global $_SERVER, $VAJ_cache_generation_time; if( $preload_id == 1 && $this->classname == "Module" && $_SERVER[ "REMOTE_ADDR" ] == "62.142.78.10" ) { # print "\n<br>gtime 3 (".$this->classname.":".$preload_id.") -- ".( getMicroTimeForVAJCache() - $VAJ_cache_generation_time ); } } $refresh = true; $group_hash_go = false; if( method_exists( $this->user, "getGroupIds" ) ) { if( $this->user->frb_hash[ $use_uid ][ $frb_cache_key ] != md5( serialize( $this->user->getGroupIds() ) ) ) { $group_hash_go = true; } } if( !$group_hash_go && $this->user->frb_date[ $use_uid ][ $frb_cache_key ] > 0 ) { if( !is_array( $this->user->frb_data_updates ) ) { $this->user->frb_data_updates = array(); $this->user->frb_data_update_triggers = array(); ## $query_string = "SELECT DISTINCT classname, MAX( LEFT( date, 14 ) ) AS maxdate FROM data_history GROUP BY classname ASC"; ## puristetaan 0.09 sekuntia kyselystä pois poistamalla LEFT-funkkari ja DISTINCT ## $query_string = "SELECT classname, MAX( date ) AS maxdate FROM data_history GROUP BY classname ASC"; ## puristetaan vieläkin pois aikaa tekemällä siirtotaulu $query_string = "SELECT classname, date, update_trigger FROM forbidden_data_cache_update_date_store"; $q->query( $query_string ); if( $q->numrows() < 1 ) { ## ------------------------- ## tämä päivitys on asennettu, mutta yhtään tiedon päivitystä tietokantaan ## putHistory():n kautta ei ole vielä tehty -> tehdään temppitaulun sisältö $query_string = "INSERT INTO forbidden_data_cache_update_date_store ( classname, date ) ". "SELECT REPLACE( data_history.classname, 'AUI', '' ), MAX( LEFT( data_history.date, 14 ) ) ". "FROM data_history WHERE classname NOT LIKE( '%Domain%', '%PageData%', '%Page%', '%News%', '%SurveyButton%', '%Survey%', '%Library%', '%LibraryCat%', '%SurveySheet%', '%SurveyElement%', '%NewsCategory%', '%Language%', '%Area%', '%SurveyLayout%', '%Template%', '%EntrePage%', '%ImageBank%', '%ImageBankCat%' ) GROUP BY data_history.classname ASC"; $q->query( $query_string, 1 ); $query_string = "SELECT classname, date, update_trigger FROM forbidden_data_cache_update_date_store"; $q->query( $query_string ); } if( $q->numrows() > 0 ) { while( $q->fetchrow() ) { $ukey = trim( $q->field( "classname" ) ); if( $ukey != "" ) { $this->user->frb_data_updates[ $ukey ] = $q->field( "date" ); $this->user->frb_data_update_triggers[ $ukey ] = $q->field( "update_trigger" ); } unset( $ukey ); } } } if( $this->user->frb_data_update_triggers[ $use_classname ] > 0 && $this->user->frb_data_update_triggers[ $use_classname ] <= date( "YmdHi" ) ) { ## ----------------------- ## ajastuslaukaisin ohitettu, pakotetaan päivitys $refresh = true; $trigger_date_publish = -1; $trigger_date_expire = -1; $query_string = "SELECT MIN( date_publish ) AS min_date_p FROM ".$this->sourcetable." WHERE date_publish > ".date( "YmdHi" ); $q->query( $query_string ); if( $q->numrows() > 0 ) { $trigger_date_publish = $q->field( "min_date_p" ); } $query_string = "SELECT MIN( date_expire ) AS min_date_e FROM ".$this->sourcetable." WHERE date_expire > ".date( "YmdHi" ); $q->query( $query_string ); if( $q->numrows() > 0 ) { $trigger_date_expire = $q->field( "min_date_e" ); } if( $trigger_date_publish > 0 || $trigger_date_expire > 0 ) { ## ----------------------- ## päivitetään laukaisin $trigger = -1; if( $trigger_date_publish > $trigger ) { $trigger = $trigger_date_publish; } if( ( $trigger_date_expire < $trigger || $trigger < 1 ) && $trigger_date_expire > date( "YmdHi" ) ) { $trigger = $trigger_date_expire; } if( strlen( $trigger ) > 12 ) { $trigger = substr( $trigger, 0, 12 ); } $query_string = "SELECT update_trigger FROM forbidden_data_cache_update_date_store WHERE classname = '".$use_classname."' AND update_trigger < ".$trigger." AND update_trigger > ".date( "YmdHi" ); $q->query( $query_string ); if( $q->numrows() > 0 ) { $trigger = $q->field( "update_trigger" ); } $query_string = "UPDATE forbidden_data_cache_update_date_store SET update_trigger = ".$trigger." WHERE classname = '".$use_classname."'"; unset( $trigger ); } else { ## ----------------------- ## poistetaan laukaisin $query_string = "UPDATE forbidden_data_cache_update_date_store SET update_trigger = -1 WHERE classname = '".$use_classname."' AND update_trigger < ".date( "YmdHi" );//<= ".date( "YmdHi" ); } $q->query( $query_string ); unset( $trigger_date_publish, $trigger_date_expire ); } elseif( $this->user->frb_data_updates[ $use_classname ] > 0 ) { $refresh = false; $md = $this->user->frb_data_updates[ $use_classname ]; if( $md ) { if( strlen( $md ) < 14 && substr( $md, 0, 12 ) > substr( $this->user->frb_date[ $use_uid ][ $frb_cache_key ], 0, 12 ) ) { $refresh = true; } elseif( strlen( $md ) == 14 && substr( $md, 0, 14 ) > substr( $this->user->frb_date[ $use_uid ][ $frb_cache_key ], 0, 14 ) ) { $refresh = true; } } unset( $md ); } } if( $refresh ) { ## --------------------------------- ## update the cache $use_date = date( "YmdHis" ); $is_new_entry = !is_array( $this->user->frb_data[ $use_uid ][ $frb_cache_key ] ); $this->user->frb_data[ $use_uid ][ $frb_cache_key ] = array(); $this->user->frb_date[ $use_uid ][ $frb_cache_key ] = $use_date; $this->user->frb_hash[ $use_uid ][ $frb_cache_key ] = md5( serialize( $this->user->getGroupIds() ) ); ## --------------------------------- ## check which data is forbidden $query_made = false; if( $use_uid > 0 ) { if( !$use_ldap ) { $ugroups = $this->user->getGroupIds(); if( count( $ugroups ) < 1 ) { $ugroups[] = -2; } } if( $use_ldap ) { $query_string = "SELECT DISTINCT data_id FROM data_rights WHERE classname = '".$use_classname."' AND roles & ".ROLE_CUI." AND ( ( ldap_user_key = '".$this->user->ldap_id."' AND ldap_user_key != '' ) OR ldap_group_key IN( '".implode( "', '", $this->user->getGroupIds() )."' ) ) ORDER BY data_id ASC"; } else { $query_string = "SELECT DISTINCT data_id FROM data_rights WHERE classname = '".$use_classname."' AND roles & ".ROLE_CUI." AND ( user_id = ".$use_uid." OR group_id IN( ".implode( ", ", $ugroups )." ) ) ORDER BY data_id ASC"; } $q->query( $query_string ); if( $q->numrows() > 0 ) { $query_made = true; $sep = ""; $query_string = "SELECT DISTINCT data_id FROM data_rights WHERE classname = '".$use_classname."' AND roles & ".ROLE_CUI." AND data_id NOT IN( "; while( $q->fetchrow() ) { $query_string .= $sep.$q->field( "data_id" ); $sep = ", "; } $query_string .= " ) ORDER BY data_id ASC"; unset( $sep ); } } if( !$query_made ) { $query_string = "SELECT DISTINCT data_id FROM data_rights WHERE classname = '".$use_classname."' AND roles & ".ROLE_CUI." ORDER BY data_id ASC"; } unset( $query_made ); $q->query( $query_string ); if( $q->numrows() > 0 ) { while( $q->fetchrow() ) { $this->user->frb_data[ $use_uid ][ $frb_cache_key ][] = $q->field( "data_id" ); } } if( trim( $this->sourceid ) != "" && trim( $this->sourcetable ) != "" ) { if( in_array( "active", $this->fields ) || in_array( "date_publish", $this->fields ) || in_array( "date_expire", $this->fields ) ) { ## --------------------------------- ## check which data is unpublished $query_string = "SELECT ".$this->sourceid." FROM ".$this->sourcetable." WHERE ( "; //, active, date_publish, date_expire $sep = ""; if( in_array( "active", $this->fields ) ) { $query_string .= "active != 1 "; $sep = "OR "; } if( in_array( "date_publish", $this->fields ) ) { $query_string .= $sep."date_publish > ".substr( $use_date, 0, 12 )." "; $sep = "OR "; } if( in_array( "date_expire", $this->fields ) ) { $query_string .= $sep."( date_expire > 0 AND date_expire <= ".substr( $use_date, 0, 12 )." ) "; $sep = "OR "; } $query_string .= ") "; if( in_array( $use_classname, array( "Page", "News", "Library", "Event" ) ) && $use_uid > 0 && !$use_ldap ) { ## -------------------------------- ## suljetaan pois loppukäyttöeditoitavat asiat: $ugroups = $this->user->getGroupIds(); if( count( $ugroups ) < 1 ) { $ugroups[ 0 ] = -2; } ## ---------------------------- ## tarkastetaan CUI-editointioikeudet $qstr = "SELECT DISTINCT data_id FROM data_rights ". "WHERE data_id = ".$use_id." ". "AND classname LIKE( '".$use_classname."' )". "AND roles & ".ROLE_CUIEDIT." ". "AND ( user_id = ".$use_uid." OR group_id IN( ".implode( ", ", $ugroups )." ) )"; $q->query( $qstr ); if( $q->numrows() > 0 ) { $query_string .= ( trim( $sep ) != "" ? "AND " : "" ).$this->sourceid." NOT IN( "; $sep = ""; while( $q->fetchrow() > 0 ) { $query_string .= $sep.$q->field( "data_id" ); } $query_string .= " ) "; } unset( $qstr ); } $query_string .= "ORDER BY ".$this->sourceid." ASC"; $q->query( $query_string ); if( $q->numrows() > 0 ) { while( $q->fetchrow() ) { $this->user->frb_data[ $use_uid ][ $frb_cache_key ][] = $q->field( $this->sourceid ); } } unset( $sep ); } } if( $use_classname != "Domain" && $use_classname != "PageData" && $use_classname != "Page" && $use_classname != "News" && $use_classname != "SurveyButton" && $use_classname != "Survey" && $use_classname != "Library" && $use_classname != "LibraryCat" && $use_classname != "SurveySheet" && $use_classname != "SurveyElement" && $use_classname != "NewsCategory" && $use_classname != "Language" && $use_classname != "Area" && $use_classname != "SurveyLayout" && $use_classname != "Template" && $use_classname != "EntrePage" && $use_classname != "ImageBank" && $use_classname != "ImageBankCat" ) { if( $is_new_entry ) { if( $use_ldap ) { $query_string = "INSERT INTO forbidden_data_cache ( user_ldap_key, classname, date, content, user_group_hash ) VALUES ( '".$this->user->ldap_id."', '".$use_classname."', ".$this->user->frb_date[ $use_uid ][ $frb_cache_key ].", '".base64_encode( serialize( $this->user->frb_data[ $use_uid ][ $frb_cache_key ] ) )."', '".$this->user->frb_hash[ $use_uid ][ $frb_cache_key ]."' )"; } else { $query_string = "INSERT INTO forbidden_data_cache ( user_id, classname, date, content, user_group_hash ) VALUES ( ".$use_uid.", '".$use_classname."', ".$this->user->frb_date[ $use_uid ][ $frb_cache_key ].", '".base64_encode( serialize( $this->user->frb_data[ $use_uid ][ $frb_cache_key ] ) )."', '".$this->user->frb_hash[ $use_uid ][ $frb_cache_key ]."' )"; } } else { if( $use_ldap ) { $query_string = "UPDATE forbidden_data_cache SET date = ".$this->user->frb_date[ $use_uid ][ $frb_cache_key ].", content = '".base64_encode( serialize( $this->user->frb_data[ $use_uid ][ $frb_cache_key ] ) )."', user_group_hash = '".$this->user->frb_hash[ $use_uid ][ $frb_cache_key ]."' WHERE user_ldap_key = '".$this->user->ldap_id."' AND classname = '".$use_classname."'"; } else { $query_string = "UPDATE forbidden_data_cache SET date = ".$this->user->frb_date[ $use_uid ][ $frb_cache_key ].", content = '".base64_encode( serialize( $this->user->frb_data[ $use_uid ][ $frb_cache_key ] ) )."', user_group_hash = '".$this->user->frb_hash[ $use_uid ][ $frb_cache_key ]."' WHERE user_id = ".$use_uid." AND classname = '".$use_classname."'"; } } } if( $q->query( $query_string ) ) { # ETä 17.11.2009: kommentoitu tämä SQL-operaatio JSu:n pyynnöstä liittyen www.osao.fi:n toimintaan # $query_string = "OPTIMIZE TABLE forbidden_data_cache"; # $q->query( $query_string ); } unset( $use_date ); } if( is_array( $this->user->frb_data[ $use_uid ] ) ) { if( !in_array( $use_id, $this->user->frb_data[ $use_uid ][ $frb_cache_key ] ) ) { $ret = true; } unset( $use_id ); } unset( $use_uid, $q, $use_classname, $frb_cache_key, $is_new_entry, $use_id, $use_ldap ); } return $ret; } function doDefaults( $dont_change_status_message = 0 ) { ## -------------------------------------------------- ## passes default values to the object attributes $this->id = -1; for( $i = 0; $i < count( $this->fields ); $i++ ) { $var = $this->fields[ $i ]; $this->$var = $this->defaults[ $i ]; } unset( $this->data_history ); if( $dont_change_status_message != 1 ) { $this->status_message = "default"; } $this->isModified = false; } function getDefaultValueForVariable( $var = "" ) { if( !isset( $this->defaults_for_variables ) ) { for( $i = 0; $i < count( $this->fields ); $i++ ) { $this->defaults_for_variables[ ( $this->fields[ $i ] ) ] = $this->defaults[ $i ]; } } return $this->defaults_for_variables[ $var ]; } function recursiveCacheRm( $path = "", $clear_only_subs = false ) { if( strpos( $path, "/cache/" ) !== false && is_dir( $path ) && $dir = @dir( $path ) ) { while( false !== ( $entry = $dir->read() ) ) { if( !is_dir( $path.$entry ) && $entry != "." && $entry != ".." ) { @unlink( $path.$entry ); } elseif( is_dir( $path.$entry ) && $entry != "." && $entry != ".." ) { $this->recursiveCacheRm( $path.$entry."/" ); } } global $_ENV, $SCRIPT_FILENAME; if( strpos( $SCRIPT_FILENAME, "admins/" ) !== false || strpos( $SCRIPT_FILENAME, "cui_edit.php" ) !== false ) { $uroot = substr( $SCRIPT_FILENAME, 0, strpos( $SCRIPT_FILENAME, ( strpos( $SCRIPT_FILENAME, "admins/" ) !== false ? "admins/" : "cui_edit.php" ) ) ); } if( $uroot != "" && strpos( strtolower( $_ENV[ "OS" ] ), "win" ) !== false ) { /* $path = $uroot.substr( $path, strpos( $path, "cache/" ), strlen( $path ) ); $path = ( substr( $path, -1 ) == "/" ? substr( $path, 0, -1 ) : $path ); $path = str_replace( "/", "\\", $path ); if( strpos( $path, "cache\\" ) !== false ) { if( chdir( $uroot ) ) { // ETä 2.2.2010: varmuuden vuoksi disabloitu vielä toiseen kertaan //exec( "rmdir /q ".$path ); } } */ } elseif( $clear_only_subs !== true ) { @rmdir( $path ); } } } function save( $no_input_functions = 0, $no_save_just_clear_cache = 0 ) { ##checks if the data is to be updated or inserted $ret = false; if( $this->isModified ) { $ret = true; $old_id = $this->id; if( $no_save_just_clear_cache != 1 ) { $old_props = ""; if( $this->classname == "AUIPage" && $old_id > 0 ) { $tmp = new AUIPage( 1 ); if( $tmp->load( $old_id ) ) { /* ## näitä ei käytetä vielä mihinkään $this->old_parent_id = $tmp->parent_id; $this->old_area_id = $tmp->area_id; $this->old_lang_id = $tmp->lang_id; $this->old_domain_id = $tmp->domain_id; */ $old_props = md5( $tmp->name."///".$tmp->parent_id."///".$tmp->lang_id."///".$tmp->area_id."///".$tmp->target."///".$tmp->domain_id."///".$tmp->ordernumber."///".$tmp->show_in_menus."///".$tmp->template_id."///".$tmp->code."///".$tmp->page_type_id."///".$tmp->owner_name."///".$tmp->mirror_page_id."///".$tmp->ilink_1."///".$tmp->ilink_2."///".$tmp->ilink_3."///".$tmp->no_cache."///".$tmp->active."///".$tmp->date_publish."///".$tmp->date_expire."///".$tmp->meta."///".$tmp->rights."///".$tmp->show_in_sitemap."///".$tmp->replacement_page_id."///".$tmp->library_id."///".$tmp->replacement_url ); } unset( $tmp ); } elseif( $this->classname == "AUIArea" && $old_id > 0 ) { $tmp = new AUIArea( 1 ); if( $tmp->load( $old_id ) ) { $old_props = md5( $tmp->name."///".$tmp->domain_id."///".$tmp->lang_id."///"."///".$tmp->ordernumber."///".$tmp->force_login."///".$tmp->show_in_main_menu."///".$tmp->code."///".$tmp->ilink_1."///".$tmp->ilink_2."///".$tmp->ilink_3."///".$tmp->show_in_sitemap."///".$tmp->active."///".$tmp->rights ); } unset( $tmp ); } $ret = ( $this->id > 0 ? $this->update( $no_input_functions ) : $this->insert( $no_input_functions ) ); } if( ( $no_save_just_clear_cache == 1 || $ret ) && is_object( $this->module ) && $this->module->id > 0 && $this->conn_id ) { $q = new QueryObject( $this->conn_id ); ####################################################################### ## ETä 17.11.2008: selvitetään, ovatko taulut pystyssä, jotta cache toimisi $cache_cleared_due_table_crash = false; $q->query( "SELECT page_id FROM pagecache_page LIMIT 0,1" ); if( $q->numrows() < 1 ) { $q->query( "INSERT INTO pagecache_page ( page_id, user_id ) VALUES ( 9999999999, 9999999999 )" ); $q->query( "SELECT page_id FROM pagecache_page LIMIT 0,1" ); if( $q->numrows() < 1 ) { $q->query( "REPAIR TABLE pagecache_page" ); if( !$cache_cleared_due_table_crash ) { $this->recursiveCacheRm( "../../cache/", true ); $cache_cleared_due_table_crash = true; } } else { $q->query( "DELETE FROM pagecache_page WHERE page_id = 9999999999 AND user_id = 9999999999" ); } } $q->query( "SELECT module_id FROM pagecache_expire LIMIT 0,1" ); if( $q->numrows() < 1 ) { $q->query( "INSERT INTO pagecache_expire ( module_id, date_expire ) VALUES ( 9999999999, 9999999999 )" ); $q->query( "SELECT module_id FROM pagecache_expire LIMIT 0,1" ); if( $q->numrows() < 1 ) { $q->query( "REPAIR TABLE pagecache_expire" ); if( !$cache_cleared_due_table_crash ) { $this->recursiveCacheRm( "../../cache/", true ); $cache_cleared_due_table_crash = true; } } else { $q->query( "DELETE FROM pagecache_expire WHERE module_id = 9999999999 AND date_expire = 9999999999" ); } } unset( $cache_cleared_due_table_crash ); ####################################################################### if( ( !in_array( "active", $this->fields ) || $this->active == 1 ) && in_array( "date_publish", $this->fields ) && in_array( "date_expire", $this->fields ) && ( $this->date_publish > 0 || $this->date_expire > 0 ) ) { $qdone = false; if( $this->date_publish > 0 && substr( $this->date_publish, 0, 12 ) >= date( "YmdHi" ) ) { $q->query( "INSERT INTO pagecache_expire ( module_id, date_expire ) VALUES ( ".$this->module->id.", ".substr( $this->date_publish."0000", 0, 14 )." )" ); $qdone = true; } if( $this->date_expire > 0 && substr( $this->date_expire, 0, 12 ) >= date( "YmdHi" ) ) { $q->query( "INSERT INTO pagecache_expire ( module_id, date_expire ) VALUES ( ".$this->module->id.", ".substr( $this->date_expire."0000", 0, 14 )." )" ); $qdone = true; } if( $qdone ) { $q->query( "OPTIMIZE TABLE pagecache_expire" ); } unset( $qdone ); } if( $this->classname == "AUINews" && $this->date_archive > 0 && substr( $this->date_archive, 0, 12 ) >= date( "YmdHi" ) ) { $q->query( "INSERT INTO pagecache_expire ( module_id, date_expire ) VALUES ( ".$this->module->id.", ".substr( $this->date_archive."0000", 0, 14 )." )" ); } $query_string = ""; if( $this->classname == "AUIPageData" ) { if( $old_id < 1 ) { $query_string = "SELECT page_id FROM pagecache_page WHERE page_id = ".$this->page_id." OR CONCAT( ',', page_ids, ',' ) LIKE( '%,".$this->page_id.",%' ) ORDER BY page_id ASC"; } else { $query_string = "SELECT page_id FROM pagecache_page WHERE page_id = ".$this->page_id." OR CONCAT( ',', page_data_ids, ',' ) LIKE( '%,".$this->id.",%' ) ORDER BY page_id ASC"; } } elseif( $this->classname == "AUITemplate" && $old_id > 0 ) { $query_string = "SELECT page_id FROM page WHERE template_id = ".$this->id." ORDER BY page_id ASC"; } elseif( $this->classname == "AUIStyle" && $old_id > 0 ) { $query_string = "SELECT DISTINCT page_id FROM page, templates, template_style_link ". "WHERE page.template_id = templates.template_id ". "AND template_style_link.template_id = templates.template_id ". "AND template_style_link.style_id = ".$this->id." ". "ORDER BY page_id ASC"; } elseif( $this->classname == "AUIPage" ) { if( $old_id < 1 && $this->active == 1 && $this->date_publish <= date( "YmdHi" ) && ( $this->date_expire < 1 || $this->date_expire > date( "YmdHi" ) ) ) { $query_string = "SELECT page_id FROM pagecache_page ORDER BY page_id ASC"; } elseif( $no_save_just_clear_cache == 1 || ( $old_id > 0 && $old_props != md5( $this->name."///".$this->parent_id."///".$this->lang_id."///".$this->area_id."///".$this->target."///".$this->domain_id."///".$this->ordernumber."///".$this->show_in_menus."///".$this->template_id."///".$this->code."///".$this->page_type_id."///".$this->owner_name."///".$this->mirror_page_id."///".$this->ilink_1."///".$this->ilink_2."///".$this->ilink_3."///".$this->no_cache."///".$this->active."///".$this->date_publish."///".$this->date_expire."///".$this->meta."///".$this->rights."///".$this->show_in_sitemap."///".$this->replacement_page_id."///".$this->library_id."///".$this->replacement_url ) ) ) { if( $this->parent_id > 0 ) { $query_string = "SELECT page_id FROM pagecache_page WHERE page_id = ".$this->id." OR page_id = ".$this->parent_id." OR CONCAT( ',', page_ids, ',' ) LIKE( '%,".$this->id.",%' ) OR CONCAT( ',', page_ids, ',' ) LIKE( '%,".$this->parent_id.",%' ) ORDER BY page_id ASC"; } else { $query_string = "SELECT page_id FROM pagecache_page ORDER BY page_id ASC"; } } } elseif( $this->classname == "AUIArea" ) { if( $no_save_just_clear_cache == 1 || ( ( $old_id < 1 && $this->active == 1 && $this->date_publish <= date( "YmdHi" ) && ( $this->date_expire < 1 || $this->date_expire > date( "YmdHi" ) ) ) || ( $old_id > 0 && $old_props != md5( $this->name."///".$this->domain_id."///".$this->lang_id."///"."///".$this->ordernumber."///".$this->force_login."///".$this->show_in_main_menu."///".$this->code."///".$this->ilink_1."///".$this->ilink_2."///".$this->ilink_3."///".$this->show_in_sitemap."///".$this->active."///".$this->rights ) ) ) ) { $query_string = "SELECT page_id FROM pagecache_page ORDER BY page_id ASC"; } } elseif( $this->module_id != MODULE_ID_PAGES ) { $query_string = "SELECT page_id FROM pagecache_page WHERE CONCAT( ',', module_ids, ',' ) LIKE( '%,".$this->module->id.",%' ) ORDER BY page_id ASC"; } if( trim( $query_string ) != "" ) { $q->query( $query_string ); if( $q->numrows() > 0 ) { $q2 = new QueryObject( $this->conn_id ); while( $q->fetchrow() ) { $pid = $q->field( "page_id" ); if( $pid > 0 ) { $query_string = "DELETE FROM pagecache_page WHERE page_id = ".$pid; $q2->query( $query_string ); if( is_dir( "../../cache/".$pid."/" ) ) { $this->recursiveCacheRm( "../../cache/".$pid."/" ); } } unset( $pid ); } unset( $q2 ); } if( $this->classname == "AUIPage" && $this->id > 0 ) { $this->recursiveCacheRm( "../../cache/".$this->id."/" ); } elseif( $this->classname == "AUIPageData" && $this->page_id > 0 ) { $this->recursiveCacheRm( "../../cache/".$this->page_id."/" ); } } unset( $q, $query_string ); } unset( $old_id, $old_props ); return $ret; } } function checkVal( $val = "" ) { ## -------------------------------------------------- ## checks whether the value passed to an attribute is SQL-safe if( is_array( $val ) ) { foreach( $val AS $v ) { $val = $v; if( !is_array( $val ) ) { break; } } } ## ETä 21.4.2011: liasätty tarkastus, onko tarkastettava arvo stringi, jottei tule virheilmoja noista stringifunkkareista if( !is_string( $val ) ) { return true; } #ETä 8.11.2010: muutettu viksummaksi #$val = strtolower( $val ); #if( !is_array( $val ) && strpos( "Q".$val, ";" ) != false && ( strpos( "Q".$val, "insert into " ) != false #|| ( strpos( "Q".$val, "update " ) != false && strpos( "Q".$val, " set " ) != false ) #|| strpos( "Q".$val, "alter table " ) != false || strpos( "Q".$val, "drop table " ) != false #|| strpos( "Q".$val, "drop column " ) != false || strpos( "Q".$val, "delete from " ) != false ) ) #{ # return false; #} $val = str_replace( "&nbsp;", " ", strtolower( $val ) ); if( strpos( $val, ";" ) !== false ) { $checks = array( "UPDATE +[a-zA-Z_ .]+ +SET", "DROP +DATABASE ", "DROP +TABLE ", "DROP +COLUMN ", "DELETE +FROM ", "ALTER +TABLE ", "INSERT +INTO " ); foreach( $checks AS $check ) { if( preg_match( "/".$check."/im", $val ) ) { return false; } } unset( $checks, $check ); } return true; } function escapeHyphens( $val = "" ) { if( strpos( "Q".$val, "'" ) != false && strpos( "Q".$val, "\'" ) == false ) { $val = str_replace( "'", "\'", $val ); } return $val; } function getIntersectionOfArrays( $a1 = -1, $a2 = -1 ) { ## -------------------------------------------------- ## this returns the intersection of two arrays in the order set by the first array (a1) ## both arrays MUST have INT keys starting from 0 $arr = array(); if( is_array( $a1 ) && is_array( $a2 ) ) { for( $i = 0; $i < count( $a1 ); $i++ ) { if( in_array( $a1[ $i ], $a2 ) ) { $arr[ count( $arr ) ] = $a1[ $i ]; } } } return $arr; } function getUGSString( $type = "" ) { $ret = ""; if( ( $type == "cui" || $type == "aui" || trim( $type ) == "" ) && $this->id > 0 && trim( $this->classname ) != "" ) { if( trim( $this->rights ) != "" ) { $ret = str_replace( ",", ";", str_replace( ":", "&", $this->rights ) ); } else { $q = new QueryObject( $this->conn_id ); $query_string = "SELECT user_id, group_id, ldap_user_key, ldap_group_key, roles FROM data_rights ". "WHERE classname = '".str_replace( "AUI", "", $this->classname )."' ". "AND data_id = ".$this->id. ( $type == "cui" ? " AND roles = ".ROLE_CUI : "" ). ( $type == "aui" ? " AND roles > ".ROLE_CUI." AND roles != ".ROLE_CUIEDIT." AND roles != ".( ROLE_CUI + ROLE_CUIEDIT ) : "" ); $q->query( $query_string ); if( $q->numrows() > 0 ) { while( $q->fetchrow() ) { if( $q->field( "group_id" ) > 0 ) { $ret .= "g".$q->field( "group_id" )."&".$q->field( "roles" ).";"; } if( $q->field( "user_id" ) > 0 ) { $ret .= "g".$q->field( "user_id" )."&".$q->field( "roles" ).";"; } if( trim( $q->field( "ldap_group_key" ) ) != "" ) { $ret .= "g".$q->field( "ldap_group_key" )."&".$q->field( "roles" ).";"; } if( trim( $q->field( "ldap_user_key" ) ) != "" ) { $ret .= "g".$q->field( "ldap_user_key" )."&".$q->field( "roles" ).";"; } } } unset( $q ); } } return $ret; } /** * Returns the group ids which have * access rights for this object. */ function getGroupIds( $is_aui = 0 ) { $arr = array(); if( $this->id > 0 ) { $use_ldap = false; if( $is_aui == 0 && $this->classname != "User" && $this->classname != "AUIUser" ) { $mod = new Module(); if( $mod->load( MODULE_ID_USERS ) ) { if( $this->resolveLDAPEnabled() ) { $use_ldap = true; } } unset( $mod ); } if( trim( $this->rights ) != "" ) { $p = explode( ",", $this->rights ); if( is_array( $p ) && count( $p ) > 0 ) { foreach( $p AS $pp ) { if( trim( $pp ) != "" && substr( $pp, 0, 1 ) == "g" && strrpos( $pp, ":" ) != false ) { $r = intval( substr( $pp, strpos( $pp, ":" ) + 1, 10000 ) ); if( $r > 0 && ( ( $is_aui == 1 && $r > ROLE_CUI && $r != ROLE_CUIEDIT && $r != ROLE_CUI + ROLE_CUIEDIT ) || ( $is_aui != 1 && $r & ROLE_CUI ) ) ) { $arr[] = ( $use_ldap ? substr( $pp, 1, strrpos( $pp, ":" ) - 1 ) : intval( substr( $pp, 1, strrpos( $pp, ":" ) - 1 ) ) ); } unset( $r ); } } unset( $pp ); } unset( $p ); } else { $q = new QueryObject( $this->conn_id ); if( $use_ldap ) { $query_string = "SELECT data_rights.ldap_group_key FROM data_rights ". "WHERE data_id = ".$this->id." ". "AND classname LIKE( '".str_replace( "AUI", "", $this->classname )."' ) ". "AND module_id IN( -1".( ( is_object( $this->module ) ) ? ", ".$this->module->id : "" )." ) ". "AND domain_id IN( -1".( ( trim( $this->domain_id ) != "" ) ? ", ".$this->domain_id : "" )." ) ". "AND roles ".( ( $is_aui == 0 ) ? "& 1" : "> 1" ); // $is_aui == 0 -> "= 1" ENNEN 9.8.2005 } else { $query_string = "SELECT groups.group_id FROM groups, data_rights ". "WHERE groups.group_id = data_rights.group_id ". ( ( $is_aui == 1 ) ? "AND groups.is_aui = 1 " : "" ). "AND data_rights.data_id = ".$this->id." ". "AND data_rights.classname LIKE( '".str_replace( "AUI", "", $this->classname )."' ) ". "AND data_rights.module_id IN( -1".( ( is_object( $this->module ) ) ? ", ".$this->module->id : "" )." ) ". "AND data_rights.domain_id IN( -1".( ( trim( $this->domain_id ) != "" ) ? ", ".$this->domain_id : "" )." ) ". "AND data_rights.roles ".( ( $is_aui == 0 ) ? "& 1" : "> 1" ); // $is_aui == 0 -> "= 1" ENNEN 9.8.2005 } $q->query( $query_string ); if( $q->numrows() > 0 ) { while( $q->fetchrow() ) { $arr[] = ( $use_ldap ? $q->field( "ldap_group_key" ) : $q->field( "group_id" ) ); } } unset( $q ); } } return $arr; } /** * Returns the user ids which have * access rights for this object. */ function getUserIds( $is_aui = 0 ) { global $WSM_aui; $arr = array(); if( $this->id > 0 ) { if( trim( $this->rights ) != "" ) { $p = explode( ",", $this->rights ); if( is_array( $p ) && count( $p ) > 0 ) { $use_ldap = false; if( is_object( $this->user->module ) && !is_object( $WSM_aui ) ) { if( $this->resolveLDAPEnabled() ) { $use_ldap = true; } } foreach( $p AS $pp ) { if( trim( $pp ) != "" && substr( $pp, 0, 1 ) == "u" && strrpos( $pp, ":" ) != false ) { # ETä 10.6.2010: korjattu viallinen skripta # $arr[] = ( $use_ldap ? substr( $pp, strrpos( $pp, ":" ) + 1, strlen( $pp ) ) : intval( substr( $pp, strrpos( $pp, ":" ) + 1, strlen( $pp ) ) ) ); $arr[] = ( $use_ldap ? substr( $pp, 1, strrpos( $pp, ":" ) - 1 ) : intval( substr( $pp, 1, strrpos( $pp, ":" ) - 1 ) ) ); } } unset( $pp, $use_ldap ); } unset( $p ); } else { $q = new QueryObject( $this->conn_id ); $query_string = "SELECT user_id FROM data_rights ". "WHERE data_id = ".$this->id." ". "AND classname LIKE( '".str_replace( "AUI", "", $this->classname )."' ) ". "AND module_id IN( -1".( ( is_object( $this->module ) ) ? ", ".$this->module->id : "" )." ) ". "AND domain_id IN( -1".( ( trim( $this->domain_id ) != "" ) ? ", ".$this->domain_id : "" )." ) ". "AND roles ".( ( $is_aui == 0 ) ? "& 1" : "> 1" ); // $is_aui == 0 -> "= 1" ENNEN 9.8.2005 if( is_object( $this->user->module ) && !is_object( $WSM_aui ) ) { if( $this->resolveLDAPEnabled() ) { $query_string .= " AND user_id > 0"; } } $q->query( $query_string ); if( $q->numrows() > 0 ) { $i = 0; while( $q->fetchrow() ) { $arr[ $i++ ] = $q->field( "user_id" ); } unset( $i ); } unset( $q ); } } return $arr; } function getCUIEditableIds( $classname = "", $domain_id = -1 ) { $ret = array(); if( trim( $classname ) != "" && $this->user->id > 0 ) { if( !is_array( $this->cui_editor_ids ) ) { $this->cui_editor_ids = array(); } if( !is_array( $this->cui_editor_ids[ $classname ] ) ) { $this->cui_editor_ids[ $classname ] = array(); $q = new QueryObject( $this->conn_id ); $gps = $this->user->getGroupIds(); if( !is_array( $gps ) || @count( $gps ) < 1 ) { $gps = array(); $gps[] = -2; } $query_string = "SELECT DISTINCT data_id FROM data_rights ". "WHERE ".( $domain_id > 0 ? "domain_id = ".$domain_id." AND " : "" ). "classname IN( 'AUI".$classname."', '".$classname."' ) ". "AND ( user_id = ".$this->user->id." OR group_id IN( ".implode( ", ", $gps )." ) ) ". "AND roles & ".ROLE_CUIEDIT; unset( $gps ); $q->query( $query_string ); if( $q->numrows() > 0 ) { while( $q->fetchrow() ) { $this->cui_editor_ids[ $classname ][] = $q->field( "data_id" ); } } unset( $q ); } $ret = $this->cui_editor_ids[ $classname ]; } return $ret; } } function escapeHyphens( $val = "" ) { $t = rawurlencode( $val ); $t = str_replace( "%22", "&#34;", $t ); $t = str_replace( "%92", "&#146;", $t ); $t = str_replace( "%B4", "&#180;", $t ); $t = str_replace( "%27", "&#39;", $t ); $val = rawurldecode( $t ); return $val; } function unescapeHyphens( $val = "" ) { $t = str_replace( "&#34;", "%22", $val ); $t = str_replace( "&#146;", "%92", $t ); $t = str_replace( "&#180;", "%B4", $t ); $t = str_replace( "&#39;", "%27", $t ); $val = rawurldecode( $t ); return $val; } function checkEmailFormatAndDomain($email) { ## ETä 6.4.2011: korjailin tästä taas erinäisiä ongelmia, kuten formaatin tarkastusta ## ETä 6.4.2011: poistin tämän järjettömän eregi-testin, joka ei koskaan toteudu #if(eregi("^[a-zA-Z0-9_]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$]", $email)) #{ # return false; #} list($Username, $Domain) = split("@",$email); $MXHost = array(); ## ETä 5.12.2008: added check for function, since it does not exists on windows platform if( function_exists( "getmxrr" ) && getmxrr($Domain, $MXHost)) { return true; } else { global $_SERVER; if( $_SERVER[ "HTTP_HOST" ] == "atk" ) { return true; } else { ## ETä 2.3.2009: muutin tätä systeemiä, kun joillakin palvelimilla ei tietenkään sallita portista 25 ihan mihin tahansa domainiin... (mailit eivät siis koskaan lähteneet, kun domainiin ei saatu yhteyttä) @fsockopen( $Domain, 25, $errno, $errstr, 5 ); //ETä 6.4.2011: pudotin aikarajat 10 sekunnista 5 sekuntiin if( trim( $errstr ) == "" || $errno == 0 || $errno == 110 ) //ETä 6.4.2011: lisäsin errno=110:n jotta "connection timed out":kin päästettäisiin läpi { return true; } ## ETä 12.5.2009: testataan vielä porteista 80/443, olisko domain olemassa, mutta vaan portissa 80 ## tällä tavalla saadaan vahvistus, että domaini on kuitenkin ihan aito @fsockopen( $Domain, 80, $errno, $errstr, 5 ); //ETä 6.4.2011: pudotin aikarajat 10 sekunnista 5 sekuntiin if( trim( $errstr ) == "" || $errno == 0 || $errno == 110 ) //ETä 6.4.2011: lisäsin errno=110:n jotta "connection timed out":kin päästettäisiin läpi { return true; } @fsockopen( $Domain, 443, $errno, $errstr, 5 ); //ETä 6.4.2011: pudotin aikarajat 10 sekunnista 5 sekuntiin if( trim( $errstr ) == "" || $errno == 0 || $errno == 110 ) //ETä 6.4.2011: lisäsin errno=110:n jotta "connection timed out":kin päästettäisiin läpi { return true; } } } return false; } // DEBUGGING PURPOSES function getmicrotime() { list( $usec, $sec ) = explode( " ", microtime() ); return ( ( float ) $usec + ( float ) $sec ); } function hexcharstodec( $str = "" ) { $ret = ""; $str = trim( hexdec( $str ) ); if( $str > 0 ) { $ret = "&#".$str.";"; } return $ret; } ?> <? global $VJ_loaded_modules; class Module extends Classbase { var $conn_id; ## POINTER var $user; ## OBJECT var $classname; ## STRING var $adminstate; ## INT BOOLEAN var $fields; ## ARRAY of STRINGS var $defaults; ## ARRAY of STRINGS var $functions_out; ## ARRAY of STRINGS function Module() { global $WSM_user; $this->conn_id = WSM_CONN; $this->user =& $WSM_user; $this->classname = "Module"; $this->adminstate = 0; $this->fields = array( "name", "version", "passkey", "aui_path", "cui_path", "history_length", "undo_length", "usage_log_length", "module_overrides", "notes", "role_definitions", "ordernumber" ); $this->defaults = array( "", "", "", "", "", 0, 0, 0, "", "", "ROLE_CUI:1,ROLE_VIEWER:2,ROLE_EDITOR:4,ROLE_PUBLISHER:8,ROLE_DELETOR:16,ROLE_CREATOR:32", 0 ); $this->functions_out = array(); $this->sourceid = "module_id"; $this->sourcetable = "module"; $this->doDefaults(); $this->roles = array(); } function load( $id = -1 ) { if( true ) // muuta tämä falseksi, jos haluat, että moduli ladataan kannasta jokaisella kerralla (hitaampi, mutta vanha ja varma tapa) { global $VJ_loaded_modules; if( $this->adminstate != 1 && is_numeric( $id ) && $id > 0 && is_array( $VJ_loaded_modules ) && is_array( $VJ_loaded_modules[ $id ] ) ) { if( $this->id > 0 ) { $this->doDefaults(); } foreach( $this->fields AS $f ) { $this->$f = $VJ_loaded_modules[ $id ][ $f ]; } unset( $f ); $this->id = $id; $this->roles = array(); if( is_array( $VJ_loaded_modules[ $id ][ "roles" ] ) && $VJ_loaded_modules[ $id ][ "lang_id" ] == $this->user->lang_id ) { $this->roles = $VJ_loaded_modules[ $id ][ "roles" ]; } $VJ_loaded_modules[ $id ][ "lang_id" ] = $this->user->lang_id; $this->status_message = "loaded"; $this->isModified = false; $ret = true; unset( $this->module_properties, $this->old_domain_id, $this->domain_ids, $this->defined_roles, $this->data_history ); } else { //FIXME: $override_cui_editor doesn't exist here, Classbase->load gets passed a null value instead of default value -JPo if(!isset($override_cui_editor)) { $override_cui_editor = null; } $ret = parent::load( $id , $override_cui_editor ); if( $ret && $this->adminstate != 1 ) { if( !is_array( $VJ_loaded_modules ) ) { $VJ_loaded_modules = array(); } if( !is_array( $VJ_loaded_modules[ $id ] ) ) { $VJ_loaded_modules[ $id ] = array(); $VJ_loaded_modules[ $id ][ "lang_id" ] = $this->user->lang_id; } foreach( $this->fields AS $f ) { $VJ_loaded_modules[ $id ][ $f ] = $this->$f; } unset( $f ); } } } else { $ret = parent::load( $id );//, $override_cui_editor ); } if( $ret && $id != MODULE_ID_PAGES ) { if( !is_array( $this->user->loaded_vaj_module_ids ) ) { $this->user->loaded_vaj_module_ids = array(); } if( !in_array( $id, $this->user->loaded_vaj_module_ids ) ) { $this->user->loaded_vaj_module_ids[] = $id; } } if( $ret && ( !is_array( $this->roles ) || count( $this->roles ) < 1 ) ) { $this->roles = array(); if( trim( $this->role_definitions ) != "" ) { $temp = str_replace( "\n", "", $this->role_definitions ); $temp = explode( ";", $temp ); foreach( $temp AS $t ) { if( strpos( $t, ":" ) != false ) { $a = array(); $temp2 = explode( ":", $t ); $temp3 = explode( ",", $temp2[ 1 ] ); $a[ "constant" ] = $temp2[ 0 ]; $a[ "bitvalue" ] = $temp3[ 0 ]; $a[ "name" ] = $temp3[ ( ( $this->user->lang_id == 2 ) ? 2 : 1 ) ]; $this->roles[] = $a; unset( $temp2, $temp3, $a ); } } unset( $temp, $t ); } if( $id > 0 && is_array( $VJ_loaded_modules ) && is_array( $VJ_loaded_modules[ $id ] ) ) { $VJ_loaded_modules[ $id ][ "roles" ] = $this->roles; } } return $ret; } function getModulePropertyValArray( $domain_id = -1, $var = "", $return_default = "" ) { $ret = array(); $props = $this->getModuleProperties( $domain_id ); for( $i = 0; $i < count( $props ); $i++ ) { if( $props[ $i ][ "var" ] == $var ) { $ret[] = $props[ $i ][ "val" ]; } } if( count( $ret ) == 0 && trim( $return_default ) != "" ) { $ret[] = $return_default; } return $ret; } ## ----------------------------------------------------------------------- ## Tällä funktiolla haetaan modulin ohiasetuksen arvo. ## $domain_id: jos -1, haetaan vain modulin domain-riippumattomista overrideistä; jos > 0 haetaan myös domain-riippuvista overrideistä ## $var: haettava avain (STRING) ## $return_default: oletuksena palautettava arvo, mikä avainta ei löydetä (STRING) ## palauttaa avaimen $var arvon function getModulePropertyVal( $domain_id = -1, $var = "", $return_default = "" ) { $props = $this->getModuleProperties( $domain_id ); for( $i = 0; $i < count( $props ); $i++ ) { if( $props[ $i ][ "var" ] == $var ) { return $props[ $i ][ "val" ]; } } if( trim( $return_default ) != "" ) { return $return_default; } return ""; } ## ----------------------------------------------------------------------- ## Tällä funktiolla tsegataan onko jollakin modulin ohiasetuksella jokin tietty arvo. ## $domain_id: jos -1, haetaan vain modulin domain-riippumattomista overrideistä; jos > 0 haetaan myös domain-riippuvista overrideistä ## $var: haettava avain (STRING) ## $val: tsegattavan avaimen arvo (STRING) ## $override_super: ÄLÄ KÄYTÄ! (INT) ## $skip_cui_mode_check: annetaan loppupeleissä class_domainin load funktiolle (0|1) ## palauttaa true/false sen mukaan löytyykö täsmälleen sopiva avain-arvo-pari function checkModuleProperty( $domain_id = -1, $var = "x", $val = "", $override_super = 0, $skip_cui_mode_check = 0) { if( $this->user->is_super == 1 && $override_super == 1 ) { return false; } $ret = false; $props = $this->getModuleProperties( $domain_id, $skip_cui_mode_check ); if( $var != "x" ) { for( $i = 0; $i < count( $props ); $i++ ) { if( $props[ $i ][ "var" ] == $var && $props[ $i ][ "val" ] == $val ) { $ret = true; break; } } } return $ret; } function getModuleProperties( $domain_id = -1, $skip_cui_mode_check = 0) { if( !is_array( $this->module_properties ) || $domain_id != $this->old_domain_id ) { $this->old_domain_id = $domain_id; unset( $this->module_properties ); $this->module_properties = array(); $p = 0; $lines = array(); $lines = explode( "\n", $this->module_overrides ); for( $i = 0; $i < count( $lines ); $i++ ) { $lines[ $i ] = trim( $lines[ $i ] ); if( substr( $lines[ $i ], 0, 1 ) != "#" && substr( $lines[ $i ], 0, 2 ) != "//" ) { if( strpos( $lines[ $i ], " " ) != false ) { $this->module_properties[ $p ][ "var" ] = trim( substr( $lines[ $i ], 0, strpos( $lines[ $i ], " " ) ) ); $this->module_properties[ $p ][ "val" ] = trim( substr( $lines[ $i ], strpos( $lines[ $i ], " " ), 1000000 ) ); $p++; } elseif( $lines[ $i ] != "" ) { $this->module_properties[ $p ][ "var" ] = trim( $lines[ $i ] ); $this->module_properties[ $p ][ "val" ] = ""; $p++; } } } if( $domain_id > 0 ) { $tmp = $this->loadModuleDomainProperties( $domain_id, $skip_cui_mode_check ); $lines = array(); $lines = explode( "\n", $tmp->overrides ); unset( $tmp ); for( $i = 0; $i < count( $lines ); $i++ ) { $lines[ $i ] = trim( $lines[ $i ] ); if( substr( $lines[ $i ], 0, 1 ) != "#" && substr( $lines[ $i ], 0, 2 ) != "//" ) { if( strpos( $lines[ $i ], " " ) != false ) { $was = false; if( !$was ) { $this->module_properties[ $p ][ "var" ] = trim( substr( $lines[ $i ], 0, strpos( $lines[ $i ], " " ) ) ); $this->module_properties[ $p ][ "val" ] = trim( substr( $lines[ $i ], strpos( $lines[ $i ], " " ), 1000000 ) ); $p++; } } elseif( $lines[ $i ] != "" ) { $was = false; if( !$was ) { $this->module_properties[ $p ][ "var" ] = trim( $lines[ $i ] ); $this->module_properties[ $p ][ "val" ] = ""; $p++; } } } } } unset( $lines ); } return $this->module_properties; } function loadModuleDomainProperties( $domain_id = -1, $skip_cui_mode_check = 0, $debud=0) { $obj = new Domain(); if( $obj->load( $domain_id, $skip_cui_mode_check, 1 ) ) { if( ( $tmp = $obj->getModulePropertiesForDomain( $this->id ) ) != false ) { unset( $obj ); return $tmp; } } unset( $obj ); return false; } function getDomainIds() { if( !is_array( $this->domain_ids ) ) { $this->domain_ids = array(); if( $this->id > 0 ) { $q = new QueryObject( $this->conn_id ); $query_string = "SELECT domain.domain_id FROM module_domain_link, domain ". "WHERE module_domain_link.domain_id = domain.domain_id ". "AND domain.active = 1 ". "AND domain.date_publish <= ".date( "YmdHi" )." ". "AND ( domain.date_expire < 1 OR domain.date_expire > ".date( "YmdHi" )." ) ". "AND module_domain_link.active = 1 ". "AND module_domain_link.date_publish <= ".date( "YmdHi" )." ". "AND ( module_domain_link.date_expire < 1 OR module_domain_link.date_expire > ".date( "YmdHi" )." ) ". "AND module_domain_link.module_id = ".$this->id; $q->query( $query_string ); if( $q->numrows() > 0 ) { $i = 0; while( $q->fetchrow() ) { $this->domain_ids[ $i++ ] = $q->field( "domain_id" ); } unset( $i ); } unset( $q ); } } return $this->domain_ids; } function hasRoleDefined( $role = 0 ) { $ret = false; if( $role > 0 && $this->id > 0 ) { if( !is_array( $this->defined_roles ) ) { $this->defined_roles = array(); $q = new QueryObject( $this->conn_id ); $query_string = "SELECT role_definitions FROM module ". "WHERE module_id = ".$this->id; $q->query( $query_string ); if( $q->numrows() > 0 ) { $temp = $q->field( "role_definitions" ); $tp = explode( ";", $temp ); foreach( $tp AS $t ) { if( strpos( $t, ":" ) != false ) { $check = trim( substr( $t, 0, strpos( $t, ":" ) ) ); if( defined( $check ) ) { $this->defined_roles[] = constant( $check ); } unset( $check ); } } unset( $temp, $tp, $t ); } unset( $q ); } if( in_array( $role, $this->defined_roles ) ) { $ret = true; } } return $ret; } } ?>