Location: PHPKode > projects > ContentCMS > index.php
<?php
/* 
 * @package     ContentCMS
 * @author      Dan Goldsmith
 * @copyright   Dan Goldsmith 2012
 * @link        http://contentcms.d2g.org.uk/
 * @version     {SUBVERSION_BUILD_NUMBER}
 * 
 * @licence     MPL 2.0
 * 
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. 
 *
 * 
 * This page handles all the users submitted data.
 * This can be for either, setContentAdmin or setContent
 * It stores the users data and then redirects them back to the referer_url or the url in the posted varible return_url.
 * This keeps it loosely coupled to the admin interface meaning the plugin don't need to know where on the admin interface to submit.
 */

//Load the global Settings
require_once('global.inc.php');
session_start();

//Stupid Magic Quotes is on on My shared Hosting lets undo all it's hard work
if (get_magic_quotes_gpc()) 
{
    function stripslashes_deep($value)
    {
        $value = is_array($value) ?
                    array_map('stripslashes_deep', $value) :
                    stripslashes($value);

        return $value;
    }

    $_POST = array_map('stripslashes_deep', $_POST);
    $_GET = array_map('stripslashes_deep', $_GET);
    $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
    $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}

$isAdmin            = false; //Is this Admin COntent or User Content
$content_id         = null; //The content_id being saved etc.

content::setRedirectURL('../'); //Where to send the user after compleation (defulted to one directory down)

//We defult back to the page that sent the user here (Although this can't really be trusted) although it's better than just dumping the user down a directory.
if(isset($_SERVER) && is_array($_SERVER) && array_key_exists('HTTP_REFERER',$_SERVER))
{
    content::setRedirectURL($_SERVER['HTTP_REFERER']);
}

$static_data = content::getDataForContentUID();

if(array_key_exists('RETURN_URL', $static_data))
{
    content::setRedirectURL($static_data['RETURN_URL']);
}

if(array_key_exists('ADMIN', $static_data))
{
    $isAdmin = $static_data['ADMIN'];
}

if(array_key_exists('CONTENT_ID', $static_data))
{
    $content_id = $static_data['CONTENT_ID'];
}

if($content_id == null)
{
    //Lets get the content_id we're setting
    if(isset($_GET) && is_array($_GET) && array_key_exists('CONTENT_ID',$_GET))
    {
        $content_id = $_GET['CONTENT_ID'];
    }
    
    if((isset($_POST) && is_array($_POST) && array_key_exists('CONTENT_ID',$_POST)))
    {
        $content_id = $_POST['CONTENT_ID'];
    }
}

if(!is_array($_POST))
{
    $_POST = array();
}

//Content_type
if($content_id !== null)
{
    //If we have a content id to edit.
    if(content::isContent($content_id))
    {
        //We have valid content to update
        $content = new content($content_id);
        
        //If the plugin is not interactive then it has to post to admin
        if($isAdmin == false && $content->getPlugin() !== null)
        {            
            $global_settings = content::getPluginGlobalConfig($content->getPlugin());
            
            if(array_key_exists('Class_File', $global_settings))
            {
                if(is_file(CONTENT_PLUGIN_DIRECTORY . $content->getPlugin() . "/" . $global_settings['Class_File']))
                {
                    require_once(CONTENT_PLUGIN_DIRECTORY . $content->getPlugin() . "/" . $global_settings['Class_File']);
                }
            }
            
            $plugin_name = content::getPluginClassName($content->getPlugin());
            
            if(!in_array('interactive', class_implements($plugin_name,true)))
            {
                //If the plugin doesn't implement setContent it must be admin.
                $isAdmin = true;
            }            
        }

        
        //Does the user have access to update this content??
        if($isAdmin)
        {
            //Admin Mode Update
            if(defined('CONTENT_SECURITY_ADMIN_CONTENT_FUNCTION'))
            {
                //This has to be defined to allow updates
                //If the user has specifically decided to disbale security (They Need shooting but thats upto them)
                // Setting SECURITY_ADMIN_CONTENT_FUNCTION to True allows everyone to update.
                if(CONTENT_SECURITY_ADMIN_CONTENT_FUNCTION === true)
                {
                    //Warn the user they are doing somthing silly
                    trigger_error("Security Warning: Config.ini Insecurly Configured", E_USER_WARNING);
                    //Update Content
                    $content->setContentAdmin();
                }
                else
                {
                    //If the content of SECURITY_ADMIN_CONTENT_FUNCTION is a function
                    if(is_file(CONTENT_SECURITY_INCLUDE))
                    {
                        require_once(CONTENT_SECURITY_INCLUDE);
                    }
                    
                    if(is_callable(CONTENT_SECURITY_ADMIN_CONTENT_FUNCTION))
                    {
                        $tmp_function_name = CONTENT_SECURITY_ADMIN_CONTENT_FUNCTION;
                        if($tmp_function_name($content_id) === true)
                        {
                            $content->setContentAdmin();
                        }
                    }
                    else
                    {
                        throw new Exception("Security Function:" . CONTENT_SECURITY_ADMIN_CONTENT_FUNCTION . " is not callable");
                    }
                }
            }
            else
            {
                throw new Exception("SECURITY_ADMIN_CONTENT_FUNCTION Missing in config.ini");
            }
        }
        else
        {
            //User Mode Update
            //Admin Mode Update
            if(defined('CONTENT_SECURITY_CONTENT_FUNCTION'))
            {
                //This has to be defined to allow updates
                //If the user has specifically decided to disbale security (They Need shooting but thats upto them)
                // Setting SECURITY_ADMIN_CONTENT_FUNCTION to True allows everyone to update.
                if(CONTENT_SECURITY_CONTENT_FUNCTION === true)
                {
                    //You Might set this to true so anon users can update content i.e. post comments.
                    $content->setContent();
                }
                else
                {
                    //If the content of SECURITY_ADMIN_CONTENT_FUNCTION is a function
                    if(is_file(CONTENT_SECURITY_INCLUDE))
                    {
                        require_once(CONTENT_SECURITY_INCLUDE);
                    }
                                        
                    if(is_callable(CONTENT_SECURITY_CONTENT_FUNCTION))
                    {
                        if(CONTENT_SECURITY_CONTENT_FUNCTION($content_id) === true)
                        {
                            $content->setContent();
                        }
                    }
                    else
                    {
                        throw new Exception("Security Function:" . CONTENT_SECURITY_CONTENT_FUNCTION . " is not callable");
                    }
                }
            }
            else
            {
                throw new Exception("SECURITY_CONTENT_FUNCTION Missing in config.ini");
            }            
        }
        
    }
}

//Redirect the user
header('Location: ' . content::getRedirectURL()->getURL());

?>
Return current item: ContentCMS