source: extensions/AdditionalPages/additional_page.php @ 9327

Last change on this file since 9327 was 9323, checked in by patdenice, 13 years ago

Use another $conf parameter to avoid conflicts.
Add htmlspecialchars in admin page.
File size: 3.1 KB
Line 
1<?php
2
3if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
4
5global $template, $user;
6
7$identifier = $page['ap_homepage'] ? $conf['AP']['homepage'] : $tokens[1];
8
9if (function_exists('get_extended_desc'))
10  add_event_handler('AP_render_content', 'get_extended_desc');
11
12// Retrieve page data
13$query = 'SELECT id, title , content, users, groups, level, permalink, standalone
14FROM ' . ADD_PAGES_TABLE . '
15';
16$query .= is_numeric($identifier) ?
17  'WHERE id = '.$identifier.';' :
18  'WHERE permalink = "'.$identifier.'";';
19
20$row = pwg_db_fetch_assoc(pwg_query($query));
21
22// Page not found
23if (empty($row))
24{
25  if ($page['ap_homepage']) return;
26  page_not_found('Requested page does not exist');
27}
28
29// Redirect with permalink if exist
30if (is_numeric($identifier) and !empty($row['permalink']) and !$page['ap_homepage'])
31{
32  redirect(make_index_url().'/page/' . $row['permalink']);
33}
34
35// Access controls
36if (!is_admin() or (!is_admin() xor $page['ap_homepage']))
37{
38  // authorized level
39  if ($user['level'] < $row['level'])
40  {
41    page_forbidden(l10n('You are not authorized to access the requested page'));
42  }
43
44  // authorized users
45  if (isset($row['users']))
46  {
47    $authorized_users = explode(',', $row['users']);
48    if (!in_array($user['status'], $authorized_users))
49    {
50      if ($page['ap_homepage']) return;
51      page_forbidden(l10n('You are not authorized to access the requested page'));
52    }
53  }
54
55  // authorized groups
56  if (!empty($row['groups']))
57  {
58    $query = 'SELECT group_id
59FROM ' . USER_GROUP_TABLE . '
60WHERE user_id = ' . $user['id'] . '
61  AND group_id IN (' . $row['groups'] . ')
62;';
63    $groups = array_from_query($query, 'group_id');
64    if (empty($groups))
65    {
66      if ($page['ap_homepage']) return;
67      page_forbidden(l10n('You are not authorized to access the requested page'));
68    }
69  }
70}
71
72// Display standalone page
73if ($row['standalone'] == 'true')
74{
75  echo $row['content'];
76  exit;
77}
78
79// Page initilization
80$page['section'] = 'additional_page';
81
82$page['additional_page'] = array(
83  'id' => $row['id'],
84  'permalink' => @$row['permalink'],
85  'title' => trigger_event('AP_render_content', $row['title']),
86  'content' => trigger_event('AP_render_content', $row['content']),
87);
88
89add_event_handler('loc_end_index', 'ap_set_index');
90
91function ap_set_index()
92{
93  global $template, $page, $conf;
94
95  $template->assign(array(
96    'TITLE' => $page['additional_page']['title'],
97    'PLUGIN_INDEX_CONTENT_BEGIN' => $page['additional_page']['content'],
98    )
99  );
100
101  if ($conf['AP']['show_home'] and !$page['ap_homepage'])
102  {
103    $template->assign('PLUGIN_INDEX_ACTIONS' , '
104      <li><a href="'.make_index_url().'" title="' . l10n('return to homepage') . '">
105        <img src="' . $template->get_themeconf('icon_dir') . '/home.png" class="button" alt="' . l10n('home') . '"/></a>
106      </li>');
107  }
108  if (is_admin())
109  {
110    $template->assign('U_EDIT', PHPWG_ROOT_PATH.'admin.php?page=plugin&amp;section='.AP_DIR.'%2Fadmin%2Fadmin.php&amp;tab=edit_page&amp;edit='.$page['additional_page']['id'].'&amp;redirect=true');
111  }
112  $template->clear_assign(array('U_MODE_POSTED', 'U_MODE_CREATED'));
113}
114
115?>
Note: See TracBrowser for help on using the repository browser.