Location: PHPKode > projects > Template Parser Engine > index.php
<?
/*
index.php CMS-Sytem
Copyright (C) 2004 Thomas Meinusch

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc.,\ 59 Temple Place, Suite 330, Boston, MA
02111-1307, USA.


/********************************
 *  CREATED BY Thomas Meinusch  *
 *       www.meinsoft.de        *
 ********************************/

// SESSION Einstellungen
//session_cache_limiter('public');

$starttime=usedtime();

#  set_time_limit(60);
#  ini_set()
session_cache_expire(300); // Zeit in min
// Platz für Fehlermeldungen
$ERROR=array();
$ERROR["desc"]=array();
$ERROR["nomber"]=array();

$DBopt=array("SYNCTABLE", "INSERT", "UPDATE", "COPY", "DELETE", "TRANSACTION", "SET", "UNSET","LOGIN");

if(isset($CharList)) unset($CharList);
if(isset($HexList)) unset($HexList);

function usedtime(){
	$time = explode( " ", microtime());
	return (double)$time[0]+(double)$time[1];
}

function getPath($param){
	global $PATH;
	if(isset($param) && isset($PATH[$param])){
		$el=$PATH[$param];
	}else{
		$el=reset($PATH);  // erste Element
	}

	// PATH["name"]["path"] oder PATH["name"]
	if(is_array($el)){
		return $el["path"];
	}else{
		return $el;
	}
}

function save_file($filename, $content, $mode="w+", $mask=0666){
	if($datei=fopen($filename, $mode)){
		fseek($datei,0);
		fwrite($datei, $content);
		fclose($datei);
		chmod($filename, $mask);
	}
}

function setDB(){
	global $host, $database, $user, $pass, $handle;
	$DB = new DB;
	$DB->connect($host, $database, $user, $pass, $handle);
	return $DB;
}

# <input type="hidden" name="LOGIN" value="tab1|select|update|where">
function login(){
	global $ERROR;
	global $DB;
	global $config;

	// Soll eingeloggt werden???
	if(!isset($_POST["LOGIN"])) return;
	$blnOK=false;
	// Alle Tabellen durchgehen!
	foreach(explode(";",$_POST["LOGIN"]) as $tab){
		$tab=str_replace("\\'","'", $tab);
		$sqlopt=explode("|",$tab);
		
		// Sollen Daten überprüft werden?
		if($sqlopt[1]){
			$where=$DB->createWhereClause(explode(",",$sqlopt[3]), $_POST, true);
			$sql=$DB->createSelectSQL($sqlopt[0], $sqlopt[1], $where);
			$res=$DB->query($sql);
			if($DB->errno) $ERRNO[]=$DB->errno;
			$row=$DB->fetch_array($res);

			// wenn alles OK, dann: in Datenbank einloggen
			if($row && !$DB->errno){
				$blnOK=true;
				$_SESSION[$config]["LOGINDATA"]=$row;
				$_SESSION[$config]["LOGINGROUP"]=$sqlopt[0];
				if($sqlopt[2]){
					// table, values, nq, set="", keys=""
#					foreach($DB->makeUpdateSQL($sqlopt[0], $_SESSION[$config]["LOGINDATA"], "",$sqlopt[2]) as $x) echo "$x<br>\n";
					$DBfld= $DB->updateData(stdVars($DB->makeUpdateSQL($sqlopt[0], $_SESSION[$config]["LOGINDATA"], "",$sqlopt[2])));
				}
			}
		}else{
			if($blnOK && !$DB->errno && $sqlopt[3]){
				// table, values, nq, set="", keys=""
				$DBfld= $DB->updateData(stdVars($DB->makeUpdateSQL($sqlopt[0], $_REQUEST, $sqlopt[2], explode(",", $sqlopt[3]))));
			}
		}
		if($DB->errno) return;
	}
}

##################################################################################

# Begine Session
session_start ();
$handle=session_id();

$confpath=".";
$thisfolder=".";

# Templateinformationen
if (!is_array($_SESSION["TEMPLATE"])) $_SESSION["TEMPLATE"]=array();
if (isset($_REQUEST["CONFIG"])) $_SESSION["TEMPLATE"]["CONFIG"]=$_REQUEST["CONFIG"];
	
if(file_exists("clients.php")){
	if($_REQUEST["CONFIG"]) $_SESSION["CONFIG"]=$_REQUEST["CONFIG"];
	if(!isset($_SESSION["CONFIG"])) $_SESSION["CONFIG"]="SYSTEM";
	$config=$_SESSION["CONFIG"];
	include("clients.php");
	if(array_key_exists($config,$CONF)) $confpath=$CONF[$config];
}

# Lade die konfigurationsdaten:
include("./$confpath/config.php");

// Verzeichnis wählen: REQUEST/SESSION/PATH
$dir=$_REQUEST["dir"];
if (isset($PATH[$dir])){
	$_SESSION["TEMPLATE"]["dir"]=$dir;
}else{
	if(isset($_SESSION["TEMPLATE"]["dir"])){
		$dir=$_SESSION["TEMPLATE"]["dir"];
	}else{
		$dir=key($PATH);
	}
	$_SESSION["TEMPLATE"]["dir"]=$_REQUEST["dir"]=$dir;
}

$thisfolder=getPath($dir);

// Template bestimmen: REQUEST/SESSION/PATH
$src=$_REQUEST["src"];
if(is_file("$thisfolder/$src")){
	$_SESSION["TEMPLATE"]["src"]=$src;
}else{
	$src=$_SESSION["TEMPLATE"]["src"];
	if(!is_file("$thisfolder/$src")){
		$src=$_SESSION["TEMPLATE"]["src"]=$_REQUEST["src"]=$PATH[$dir]["file"];
	}
}

$_REQUEST["dir"]=$dir;
$_REQUEST["src"]=$src;
$thisfile="$thisfolder/$src";

include("cls/clsMySQL.php");
include("stdvars.php");


// Passwort Verschlüsselung
if(isset($_POST['SHA1'])){
	foreach(explode(";",$_POST['SHA1']) as $key){
		if(is_array($_POST[$key])){
			for($i=0;$i<sizeof($_POST[$key]);$i++){
				$_POST[$key][$i]=sha1($_POST[$key][$i]);
			}
		}else{
			$_POST[$key]=sha1($_POST[$key]);
		}
	}
}


/**
Datenbankzugriff erforderlich?
*/
foreach($DBopt as $opt){
	if(isset($_POST[$opt])){
//if(isset($_POST["INSERT"]) || isset($_POST["UPDATE"]) || isset($_POST["COPY"]) || isset($_POST["DELETE"]) || isset($_POST["LOGIN"])){
		$DB=setDB();
		$DB->query("BEGIN");
		break;
	}
}

/**
Datenbankzugriff schreibzugriff gestattet?
*/
$urlfrom=$_SERVER["HTTP_REFERER"];
if(!$urlfrom) $urlfrom=getenv("HTTP_REFERER");

$urlto=$_SERVER["SERVER_NAME"];
if(!$urlto) $urlto=getenv("SERVER_NAME");

$url = parse_url($urlfrom);
//if((strtolower($url["host"])==strtolower($urlto))){
if(true){
	// FILE UPLOAD
	# type="file" name="DBFIELD" value=""
	# name="DBFIELD_folder" value="PATH"
	
	while($upfile=each($_FILES)){
		$upload=$upfile["value"];
		$_REQUEST[$upfile["key"]]=$upload["name"];
		$uppath=$_REQUEST[$upfile["key"]."_folder"];
		if (file_exists($uppath)){
			if (preg_match("/([a-z0-9_-]*\.?[a-z0-9_-])*\.[a-z]{3,4}$/i",$upload["name"]) && $upload["size"]>0){
				move_uploaded_file($upload["tmp_name"], $uppath."/".$upload["name"]);
				$_REQUEST[$upfile["key"]."_folder"]=$uppath;
				$_REQUEST[$upfile["key"]."_size"]=$upload["size"];
				$_REQUEST[$upfile["key"]."_type"]=$upload["type"];
			}else{
				$ERROR["nomber"][]="TPE1";
				$ERROR["desc"][]="FEHLER beim UPLOAD von ".$upload["name"]." nach ".$uppath."!";
			}
		}else{
			$ERROR["nomber"][]="TPE2";
			$ERROR["desc"][]="FEHLER kein Pfad angegeben!";
		}
	}
	
	# DB Schreibzugriff
	/**
	name="INSERT" value="tab1"
	INSERT INTO tab1 ...
	
	name="UPDATE" value="tab1|felder1|where1"
	UPDATE tab1 SET felder WHERE where
	
	name="COPY" value="tab1=tab2,tab3|const1=x,const2,const3=y,...|where"
	INSERT INTO tab1 (CONST,FELDER)
	SELECT CONST as CONST,FELDER FROM tab2 WHERE where;
	
	name="DELETE" value="tab1|where"
	DELETE FROM tab1 WHERE where
	*/

	// Felder die nicht gequotet werden sollen
	if(isset($_POST["NOQUOTE"])){
		if(is_array($_POST["NOQUOTE"])){
			$nq=$_POST["NOQUOTE"];
		}else{
			$nq=explode(";",$_POST["nq"]);
		}
	}else{
		$nq="";
	}

	// SQL_OR Name
	// Name[] x
	// Name=x OR Name=y
	if(isset($_POST["SQL_OR"])){
		$sql="";
		$field=$_POST["SQL_OR"];
		foreach($_REQUEST[$field] as $bed){
			if($sql) $sql.=" or ";
			$sql.="$field=".$bed;
		}
		$_REQUEST[$field."_or"]="( $sql )";
	}
	
	// Datenbank Steuerbefehle
	/**
	Verarbeite alle Steuerbefehle
	INSERT - Datensatz anlegen
	UPDATE - Datensatz ändern
	COPY - Daten klonen
	DELETE - Datensatz löschen
	SET - REQUEST-Variable Global setzen
	UNSET - Globale REQUEST-Variable wieder löschen
	*/
	foreach($DBopt as $opt){
		if(isset($_POST[$opt])){
			$befline=$_POST[$opt];
			for($i=0;$i<count($befline);$i++){
				if(is_array($befline)){
					$bef=trim($befline[$i]);
				}else{
					$bef=trim($befline);
				}	
				foreach(explode(";",$bef) as $tab){
					if ($tab){
						$tab=trim(str_replace("\\'","'", $tab));
						$sqlopt=explode("|",$tab);
						foreach(array_keys($sqlopt) as $key){
							$sqlopt[$key]=trim($sqlopt[$key]);
						}	
						switch($opt){
							case "INSERT":
								$dbinfo=$DB->createInsertSQL($tab, $_REQUEST, $nq);
								$DBfld= $DB->insertData($dbinfo["sql"]);
								if(is_array($DBfld)) $DBfld=$DBfld[count($DBfld)-1];
								$_REQUEST[$dbinfo["primary_key"]]=$DBfld;
								break;
							case "UPDATE":
								// table, values, nq, set="", keys=""
								$DBfld= $DB->updateData($DB->makeUpdateSQL($sqlopt[0], $_REQUEST, $nq, $sqlopt[1], $sqlopt[2]));
								break;
							case "COPY":
								$tx=explode("=",$sqlopt[0]);
								$DBfld=$DB->updateData($DB->createCopySQL($tx[1],$tx[0], $sqlopt[1], $_REQUEST, $sqlopt[2]));
								break;
							case "DELETE":
								$DBfld= $DB->deleteData($DB->createDeleteSQL($sqlopt[0], $_REQUEST, $sqlopt[1]));
								break;
							case "SYNCTABLE":
								$DBfld= $DB->syncTable($sqlopt[0], $_REQUEST, $nq);
								$_REQUEST[$DBfld["primary_key"]]=$DBfld["id"];
								break;
							case "SET":
								if(!isset($_SESSION["SET"]) || !is_array($_SESSION["SET"])){
									$_SESSION["SET"]=array();
								}	
								$_SESSION["SET"][$tab]=$_REQUEST[$tab];
								break;
							case "UNSET":
								unset($_SESSION["SET"][$tab]);
								break;
						}
					}
				}
			}
		}
	}
}

/**
LOGOUT oder LOGIN?
*/
$filename = $_REQUEST["src"];
// Prüfe ob eingeloggt:
if (isset($_SESSION[$config]["LOGINGROUP"])){
	// Soll ausgeloggt werden???
	if(isset($_REQUEST["LOGOUT"])){
		unset($_SESSION[$config]["LOGINDATA"]);
		unset($_SESSION[$config]["LOGINGROUP"]);
	}
}else{
	// Soll eingeloggt werden???
	if(isset($_POST["LOGIN"])){
		login();

		// Hat es geklappt?
		if(!isset($_SESSION[$config]["LOGINGROUP"])){
			$ERROR["nomber"][]="TPE2";
			$ERROR["desc"][]="LOGIN gescheitert!";
			$src=$_REQUEST["LOGINFailure"];
		}
	}
}	

// Transaktionen abschliessen
/**
Falls Fehler beim Datenbankzugriff aufgetretten sind
werden die Spurren der Manipulation hier wieder entfernt
*/
if(is_object($DB)){
	if($DB->message){
		$ERROR[]=$DB->message;
		$DB->query("ROLLBACK");
		$DB->message="";
	}else{
		$DB->query("COMMIT");
	}
}

// Zugriffsrechte setzen
$logingroup="DENIED";
if(isset($_SESSION[$config]["LOGINGROUP"])) $logingroup=$_SESSION[$config]["LOGINGROUP"];

session_write_close();

include("cls/clsTemplate.php");
$template = new Template($PATH, $dir, $src, true);

if($template->CONTENT){
	$ERROR["nomber"][]="TPE001";
	$ERROR["desc"][]="Test";
	$_REQUEST["ERROR"]=$ERROR;

	// Tags verarbeiten
	include("cls/clsTags.php");
	include("tags.php");
	$template->CONTENT=Template2Source($template->CONTENT);

}else{
	$template->CONTENT="$dir $src nicht gefunden";
}


// Daten komprimieren
/*
$template->CONTENT=preg_replace("/\t/","",$template->CONTENT);
while(strpos($template->CONTENT,"\n\n")){
	$template->CONTENT=preg_replace("/\n\n/","\n",$template->CONTENT);
}
*/
if(is_object($DB)) $DB->close();

#echo usedtime()-$starttime."<br>";
// Ausgabe
print str_replace("[!pagetime]", usedtime()-$starttime,$template->CONTENT);
?>
Return current item: Template Parser Engine