diff --git a/config.php b/config.php index 4c31f315c8..9eabe46ab4 100644 --- a/config.php +++ b/config.php @@ -1,14 +1,14 @@ -database_host, $xerte_toolkits_site->database_username, $xerte_toolkits_site->database_password); - - mysql_select_db($xerte_toolkits_site->database_name) or die($database_fail = true); - - $query = "select * from " . $xerte_toolkits_site->database_table_prefix . "sitedetails"; - - $query_response = mysql_query($query); - - $row = mysql_fetch_array($query_response); - - /** - * Access the database to get the variables - * @version 1.0 - * @author Patrick Lockley - * @copyright 2008,2009 University of Nottingham - */ - - /** - * Include any script that is used for configuration - */ - - if($row['integration_config_path']!=""){ - - require_once($row['integration_config_path']); - - } +// Change this to FALSE for production sites. +global $development; +$development = true; - /** - * Site variables - */ - - $xerte_toolkits_site->site_url = $row['site_url']; - $xerte_toolkits_site->apache = $row['apache']; - $xerte_toolkits_site->integration_config_path = $row['integration_config_path']; - $xerte_toolkits_site->admin_username = $row['admin_username']; - $xerte_toolkits_site->admin_password = $row['admin_password']; - $xerte_toolkits_site->mimetypes = explode(",",$row['mimetypes']); - - /** - * Site session variables - */ +ini_set('error_reporting', 0); +if($development) { + ini_set('error_reporting', E_ALL); +} - $xerte_toolkits_site->site_session_name = $row['site_session_name']; +if(!function_exists('_debug')) { + function _debug($string) { + global $development; + if(isset($development) && $development) { + file_put_contents('/tmp/debug.log', date('Y-m-d H:i:s ') . $string . "\n", FILE_APPEND); + } + } +} - /** - * Configure the look and feel for index.php page - */ +if(!isset($xerte_toolkits_site)){ - $xerte_toolkits_site->site_title = $row['site_title']; - $xerte_toolkits_site->name = $row['site_name']; - $xerte_toolkits_site->site_logo = $row['site_logo']; - $xerte_toolkits_site->organisational_logo = $row['organisational_logo']; - $xerte_toolkits_site->welcome_message = $row['welcome_message']; - $xerte_toolkits_site->demonstration_page = $xerte_toolkits_site->site_url . $row['demonstration_page']; - - $xerte_toolkits_site->site_text = $row['site_text']; - $xerte_toolkits_site->news_text = base64_decode($row['news_text']); - $xerte_toolkits_site->pod_one = base64_decode($row['pod_one']); - $xerte_toolkits_site->pod_two = base64_decode($row['pod_two']); - $xerte_toolkits_site->copyright = utf8_decode($row['copyright']); - - /** - * Configure the RSS Feed title - */ + + // create new generic object to hold all our config stuff in.... + $xerte_toolkits_site = new StdClass(); + + /** + * Access the database to get the variables + */ + if(!is_file(dirname(__FILE__) . '/database.php')) { + die("please run /setup"); + } + + require_once("database.php"); + require_once(dirname(__FILE__) . '/website_code/php/database_library.php'); + + $row = db_query_one("SELECT * FROM {$xerte_toolkits_site->database_table_prefix}sitedetails"); + /** + * Access the database to get the variables + * @version 1.0 + * @author Patrick Lockley + * @copyright 2008,2009 University of Nottingham + */ + + /** + * Include any script that is used for configuration + */ + + if($row['integration_config_path']!=""){ + + require_once($row['integration_config_path']); + + } + + /** + * Site variables + */ + + $xerte_toolkits_site->site_url = $row['site_url']; + $xerte_toolkits_site->apache = $row['apache']; + $xerte_toolkits_site->integration_config_path = $row['integration_config_path']; + $xerte_toolkits_site->admin_username = $row['admin_username']; + $xerte_toolkits_site->admin_password = $row['admin_password']; + $xerte_toolkits_site->mimetypes = explode(",",$row['mimetypes']); + + /** + * Site session variables + */ + + $xerte_toolkits_site->site_session_name = $row['site_session_name']; + + /** + * Configure the look and feel for index.php page + */ + + $xerte_toolkits_site->site_title = $row['site_title']; + $xerte_toolkits_site->name = $row['site_name']; + $xerte_toolkits_site->site_logo = $row['site_logo']; + $xerte_toolkits_site->organisational_logo = $row['organisational_logo']; + $xerte_toolkits_site->welcome_message = $row['welcome_message']; + $xerte_toolkits_site->demonstration_page = $xerte_toolkits_site->site_url . $row['demonstration_page']; + + $xerte_toolkits_site->site_text = $row['site_text']; + $xerte_toolkits_site->news_text = base64_decode($row['news_text']); + $xerte_toolkits_site->pod_one = base64_decode($row['pod_one']); + $xerte_toolkits_site->pod_two = base64_decode($row['pod_two']); + $xerte_toolkits_site->copyright = utf8_decode($row['copyright']); + + /** + * Configure the RSS Feed title + */ + + $xerte_toolkits_site->rss_title = $row['rss_title']; + $xerte_toolkits_site->synd_publisher = $row['synd_publisher']; + $xerte_toolkits_site->synd_rights = $row['synd_rights']; + $xerte_toolkits_site->synd_license = $row['synd_license']; + + /** + * Set up the string for the password protected play page + */ + + $xerte_toolkits_site->form_string = base64_decode($row['form_string']); + + /** + * Set up the string for the peer review page + */ + + $xerte_toolkits_site->peer_form_string = base64_decode($row['peer_form_string']); + + /** + * Site paths + */ + + $xerte_toolkits_site->module_path = $row['module_path']; + $xerte_toolkits_site->website_code_path = $row['website_code_path']; + $xerte_toolkits_site->users_file_area_short = $row['users_file_area_short']; + $xerte_toolkits_site->php_library_path = $row['php_library_path']; + $xerte_toolkits_site->root_file_path = $row['root_file_path']; + $xerte_toolkits_site->basic_template_path = $xerte_toolkits_site->root_file_path . $xerte_toolkits_site->module_path; + $xerte_toolkits_site->users_file_area_full = $xerte_toolkits_site->root_file_path . $xerte_toolkits_site->users_file_area_short; + $xerte_toolkits_site->import_path = $row['import_path']; + + /** + * SQL query string used by play,edit and preview pages + */ + + $xerte_toolkits_site->play_edit_preview_query = base64_decode($row['play_edit_preview_query']); + + /** + * Error handling settings + */ + + $xerte_toolkits_site->error_log_path = $xerte_toolkits_site->root_file_path . $row['error_log_path']; + $xerte_toolkits_site->email_error_list = $row['email_error_list']; + $xerte_toolkits_site->error_log_message= $row['error_log_message']; + $xerte_toolkits_site->error_email_message= $row['error_email_message']; + $xerte_toolkits_site->max_error_size= $row['max_error_size']; + + /** + * LDAP Settings + */ + + $xerte_toolkits_site->ldap_host = $row['ldap_host']; + $xerte_toolkits_site->ldap_port = $row['ldap_port']; + $xerte_toolkits_site->bind_pwd = $row['bind_pwd']; + $xerte_toolkits_site->basedn = $row['basedn']; + $xerte_toolkits_site->bind_dn = $row['bind_dn']; + $xerte_toolkits_site->LDAP_preference = $row['LDAP_preference']; + $xerte_toolkits_site->LDAP_filter = $row['LDAP_filter']; + + /** + * Xerte settings + */ + + $xerte_toolkits_site->flash_save_path = $row['flash_save_path']; + $xerte_toolkits_site->flash_upload_path = $row['flash_upload_path']; + $xerte_toolkits_site->flash_preview_check_path = $row['flash_preview_check_path']; + $xerte_toolkits_site->flash_flv_skin = $xerte_toolkits_site->site_url . $row['flash_flv_skin']; + + /** + * Email settings + */ + + $xerte_toolkits_site->site_email_account = $row['site_email_account']; + $xerte_toolkits_site->headers = $row['headers']; + $xerte_toolkits_site->email_to_add_to_username = $row['email_to_add_to_username']; + + /** + * RSS Proxy settings + */ + + $xerte_toolkits_site->proxy1 = $row['proxy1']; + $xerte_toolkits_site->port1 = $row['port1']; + + /** + * Set up the feedback list from the feedback page + */ + + $xerte_toolkits_site->feedback_list = $row['feedback_list']; + + /* Optional : + require_once("session_handler.php"); + + $session_handle = new toolkits_session_handler(); + + session_set_save_handler( + array($session_handle,'xerte_session_open'), + array($session_handle,'xerte_session_close'), + array($session_handle,'xerte_session_read'), + array($session_handle,'xerte_session_write'), + array($session_handle,'xerte_session_destroy'), + array($session_handle,'xerte_session_clean')); + */ - $xerte_toolkits_site->rss_title = $row['rss_title']; - $xerte_toolkits_site->synd_publisher = $row['synd_publisher']; - $xerte_toolkits_site->synd_rights = $row['synd_rights']; - $xerte_toolkits_site->synd_license = $row['synd_license']; - - /** - * Set up the string for the password protected play page - */ - - $xerte_toolkits_site->form_string = base64_decode($row['form_string']); - - /** - * Set up the string for the peer review page - */ - - $xerte_toolkits_site->peer_form_string = base64_decode($row['peer_form_string']); - - /** - * Site paths - */ - - $xerte_toolkits_site->module_path = $row['module_path']; - $xerte_toolkits_site->website_code_path = $row['website_code_path']; - $xerte_toolkits_site->users_file_area_short = $row['users_file_area_short']; - $xerte_toolkits_site->php_library_path = $row['php_library_path']; - $xerte_toolkits_site->root_file_path = $row['root_file_path']; - $xerte_toolkits_site->basic_template_path = $xerte_toolkits_site->root_file_path . $xerte_toolkits_site->module_path; - $xerte_toolkits_site->users_file_area_full = $xerte_toolkits_site->root_file_path . $xerte_toolkits_site->users_file_area_short; - $xerte_toolkits_site->import_path = $row['import_path']; - - /** - * SQL query string used by play,edit and preview pages - */ - - $xerte_toolkits_site->play_edit_preview_query = base64_decode($row['play_edit_preview_query']); - - /** - * Error handling settings - */ - - $xerte_toolkits_site->error_log_path = $xerte_toolkits_site->root_file_path . $row['error_log_path']; - $xerte_toolkits_site->email_error_list = $row['email_error_list']; - $xerte_toolkits_site->error_log_message= $row['error_log_message']; - $xerte_toolkits_site->error_email_message= $row['error_email_message']; - $xerte_toolkits_site->max_error_size= $row['max_error_size']; - - /** - * LDAP Settings - */ - - $xerte_toolkits_site->ldap_host = $row['ldap_host']; - $xerte_toolkits_site->ldap_port = $row['ldap_port']; - $xerte_toolkits_site->bind_pwd = $row['bind_pwd']; - $xerte_toolkits_site->basedn = $row['basedn']; - $xerte_toolkits_site->bind_dn = $row['bind_dn']; - $xerte_toolkits_site->LDAP_preference = $row['LDAP_preference']; - $xerte_toolkits_site->LDAP_filter = $row['LDAP_filter']; - - /** - * Xerte settings - */ - - $xerte_toolkits_site->flash_save_path = $row['flash_save_path']; - $xerte_toolkits_site->flash_upload_path = $row['flash_upload_path']; - $xerte_toolkits_site->flash_preview_check_path = $row['flash_preview_check_path']; - $xerte_toolkits_site->flash_flv_skin = $xerte_toolkits_site->site_url . $row['flash_flv_skin']; - - /** - * Email settings - */ - - $xerte_toolkits_site->site_email_account = $row['site_email_account']; - $xerte_toolkits_site->headers = $row['headers']; - $xerte_toolkits_site->email_to_add_to_username = $row['email_to_add_to_username']; - - /** - * RSS Proxy settings - */ + session_start(); - $xerte_toolkits_site->proxy1 = $row['proxy1']; - $xerte_toolkits_site->port1 = $row['port1']; - - /** - * Set up the feedback list from the feedback page - */ - - $xerte_toolkits_site->feedback_list = $row['feedback_list']; - - /*require_once("session_handler.php"); - - $session_handle = new toolkits_session_handler(); - - session_set_save_handler( array(&$session_handle,'xerte_session_open'), - array(&$session_handle,'xerte_session_close'), - array(&$session_handle,'xerte_session_read'), - array(&$session_handle,'xerte_session_write'), - array(&$session_handle,'xerte_session_destroy'), - array(&$session_handle,'xerte_session_clean'));*/ + $_SESSION['toolkits_language'] = "en-gb"; - session_start(); + $_SESSION['toolkits_sessionid'] = session_id(); + - $_SESSION['toolkits_language'] = "en-gb"; - - $_SESSION['toolkits_sessionid'] = session_id(); - } -?> \ No newline at end of file diff --git a/data.php b/data.php index 40bbc3206b..6d570ed8e5 100644 --- a/data.php +++ b/data.php @@ -1,138 +1,112 @@ -root_file_path . "languages/" . $_SESSION['toolkits_language'] . "/data.inc"; - - require $xerte_toolkits_site->php_library_path . "database_library.php"; - require $xerte_toolkits_site->php_library_path . "template_status.php"; - require $xerte_toolkits_site->php_library_path . "display_library.php"; - - /** - * connect to the database - */ - - $mysql_id=database_connect("data database connect successful","data database connect failed"); - - /** - * Check the template ID is a number - */ - - if(is_numeric(mysql_real_escape_string($_GET['template_id']))){ - - /** - * Run the standard query from config.php, excessive in this case, but suitable - */ +database_table_prefix . "additional_sharing where sharing_type=\"xml\" and template_id=\"" . mysql_real_escape_string($_GET['template_id']) . "\""; +require_once("config.php"); - $query_for_data_response = mysql_query($query_to_check_data); +require $xerte_toolkits_site->root_file_path . "languages/" . $_SESSION['toolkits_language'] . "/data.inc"; - /** - * Check to see if for this ID a data value is set in additional sharing. - */ +require $xerte_toolkits_site->php_library_path . "database_library.php"; +require $xerte_toolkits_site->php_library_path . "template_status.php"; +require $xerte_toolkits_site->php_library_path . "display_library.php"; - if(mysql_num_rows($query_for_data_response)!=0){ +/** + * Check the template ID is a number + */ - $row_data = mysql_fetch_array($query_for_data_response); +if(!isset($_GET['template_id']) || !is_numeric($_GET['template_id'])) { + dont_show_template(); + exit(0); +} - /** - * The extra value in this case is the hostname we have limited XML consumption too, and as such see it exists - */ - if($row_data['extra']!=""){ - - /** - * Compare to the host variables - */ +/** + * Run the standard query from config.php, excessive in this case, but suitable + */ - if(($row_data['extra']==$_SERVER['HTTP_REFERER'])||($row_data['extra']==$_SERVER['REMOTE_ADDR'])){ - - /** - * Fetch and return the XML - */ +$query_to_check_data = "select * from {$xerte_toolkits_site->database_table_prefix}additional_sharing where sharing_type=? AND template_id = ?"; - $query_for_preview_content = $xerte_toolkits_site->play_edit_preview_query; - - $query_for_preview_content_response = mysql_query($query_for_preview_content); - - $row = mysql_fetch_array($query_for_preview_content_response); - - $query_for_username = "select username from " . $xerte_toolkits_site->database_table_prefix . "logindetails where login_id=\"" . $row['user_id'] . "\""; - - $query_for_username_response = mysql_query($query_for_username); - - $row_username = mysql_fetch_array($query_for_username_response); - - $path = $xerte_toolkits_site->users_file_area_short . $row['template_id'] . "-" . $row_username['username'] . "-" . $row['template_name'] . "/"; - - echo str_replace("FileLocation + '", $xerte_toolkits_site->site_url . $path, file_get_contents($path . "data.xml")); +$query_for_data_response = db_query_one($query_to_check_data, array('xml', $_GET['template_id'])); +/** + * Check to see if for this ID a data value is set in additional sharing. + */ - }else{ +if(!empty($query_for_data_response)) { + + $row_data = $query_for_data_response; - dont_show_template(); + /** + * The extra value in this case is the hostname we have limited XML consumption too, and as such see it exists + */ - } + if($row_data['extra']!=""){ + /** + * Compare to the host variables + */ - }else{ - - /** - * Fetch and return the XML - */ + if(($row_data['extra']==$_SERVER['HTTP_REFERER'])||($row_data['extra']==$_SERVER['REMOTE_ADDR'])){ - $query_for_play_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query); - - $query_for_play_content = str_replace("TEMPLATE_ID_TO_REPLACE", mysql_real_escape_string($_GET['template_id']), $query_for_play_content_strip); + /** + * Fetch and return the XML + */ - $query_for_play_content_response = mysql_query($query_for_play_content); + $query_for_preview_content = $xerte_toolkits_site->play_edit_preview_query; - $row = mysql_fetch_array($query_for_play_content_response); - - $query_for_username = "select username from " . $xerte_toolkits_site->database_table_prefix . "logindetails where login_id=\"" . $row['user_id'] . "\""; - - $query_for_username_response = mysql_query($query_for_username); - - $row_username = mysql_fetch_array($query_for_username_response); - - $path = $xerte_toolkits_site->users_file_area_short . $row['template_id'] . "-" . $row_username['username'] . "-" . $row['template_name'] . "/"; + $query_for_preview_content_response = mysql_query($query_for_preview_content); - echo str_replace("FileLocation + '", $xerte_toolkits_site->site_url . $path, file_get_contents($path . "data.xml")); + $row = mysql_fetch_array($query_for_preview_content_response); + $query_for_username = "select username from {$xerte_toolkits_site->database_table_prefix}logindetails where login_id=?"; + $row_username = db_query_one($query_for_username, array($row['user_id'])); - } - + if(empty($row_username)) { + _debug("User deleted, but template remains?"); + } + else { + $path = $xerte_toolkits_site->users_file_area_short . $row['template_id'] . "-" . $row_username['username'] . "-" . $row['template_name'] . "/"; + echo str_replace("FileLocation + '", $xerte_toolkits_site->site_url . $path, file_get_contents($path . "data.xml")); + } + }else{ + dont_show_template(); + } - }else{ + }else{ - /*** - Display nothing - */ + /** + * Fetch and return the XML + */ - echo DATA_XMLFAIL; + $query_for_play_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query); - dont_show_template(); + $query_for_play_content = str_replace("TEMPLATE_ID_TO_REPLACE", mysql_real_escape_string($_GET['template_id']), $query_for_play_content_strip); - } + $row = db_query_one($query_for_play_content); - }else{ + $query_for_username = "select username from {$xerte_toolkits_site->database_table_prefix}logindetails where login_id=?"; - /** - * Display nothing - */ + $row_username = db_query_one($query_for_username, array($row['user_id'])); - dont_show_template(); - } + $path = $xerte_toolkits_site->users_file_area_short . $row['template_id'] . "-" . $row_username['username'] . "-" . $row['template_name'] . "/"; + echo str_replace("FileLocation + '", $xerte_toolkits_site->site_url . $path, file_get_contents($path . "data.xml")); + } +} +else{ + /*** + Display nothing + */ + echo DATA_XMLFAIL; -?> \ No newline at end of file + dont_show_template(); + +} diff --git a/data.xml b/data.xml deleted file mode 100644 index 317658b03a..0000000000 --- a/data.xml +++ /dev/null @@ -1 +0,0 @@ - <![CDATA[ELFIS Semester 2 Presentations]]> \ No newline at end of file diff --git a/drawing.php b/drawing.php index 559fd26407..204b7bee95 100644 --- a/drawing.php +++ b/drawing.php @@ -1,23 +1,27 @@ -"; +echo file_get_contents("modules/xerte/drawing_xerte_top"); - echo ""; +echo "so.addVariable(\"xmlvariable\", \"$string_for_flash_xml\");"; +echo "so.addVariable(\"rlovariable\", \"$string_for_flash_media\");"; +echo "so.addVariable(\"originalpathvariable\", \"$string_for_flash_xwd\");"; +echo "so.addVariable(\"template_id\", \"" . $row['template_id'] . "\");"; -?> \ No newline at end of file +echo "so.write(\"flashcontent\");"; +echo ""; + +echo ""; + +?> diff --git a/edit.php b/edit.php index 33f646ead4..a66c88831f 100644 --- a/edit.php +++ b/edit.php @@ -1,298 +1,283 @@ -php_library_path . "database_library.php"; - require $xerte_toolkits_site->php_library_path . "screen_size_library.php"; - require $xerte_toolkits_site->php_library_path . "template_status.php"; - require $xerte_toolkits_site->php_library_path . "display_library.php"; - require $xerte_toolkits_site->php_library_path . "user_library.php"; - - /** - * - * Function update_access_time - * This function updates the time a template was last edited - * @param array $row_edit = an array returned from a mysql query - * @return bool True or False if two params match - * @version 1.0 - * @author Patrick Lockley - */ - - function update_access_time($row_edit){ - - global $xerte_toolkits_site; - - mysql_query("UPDATE " . $xerte_toolkits_site->database_table_prefix . "templatedetails SET date_accessed=\"" . date('Y-m-d') . "\" WHERE template_id=" . $row_edit['template_id']); - - return true; - - } - - /* - * Connect to the database - */ - - $mysql_id = database_connect("Edit database connect successful","Edit database connect failed"); - - /* - * Check the template ID is numeric - */ - - if(is_numeric(mysql_real_escape_string($_GET['template_id']))){ - - /* - * Find out if this user has rights to the template - */ - - $safe_template_id = mysql_real_escape_string($_GET['template_id']); - - $query_for_edit_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query); - - $query_for_edit_content = str_replace("TEMPLATE_ID_TO_REPLACE", $safe_template_id, $query_for_edit_content_strip); - - $query_for_edit_content_response = mysql_query($query_for_edit_content); - - $row_edit = mysql_fetch_array($query_for_edit_content_response); - - if(has_rights_to_this_template($safe_template_id,$_SESSION['toolkits_logon_id'])){ - - /* - * Check if user is editor (could be read only) - */ - - if(is_user_an_editor($safe_template_id,$_SESSION['toolkits_logon_id'])){ - - /* - * Check for multiple editors - */ - - if(has_template_multiple_editors($safe_template_id)){ - - /* - * Check for lock file. A lock file is created to prevent more than one - */ - - if(file_exists($xerte_toolkits_site->users_file_area_full . $row_edit['template_id'] . "-" . $row_edit['username'] . "-" . $row_edit['template_name'] . "/lockfile.txt")){ - - /* - * Lock file exists, so open it up and see who created it - */ - - $lock_file_data = file_get_contents($xerte_toolkits_site->users_file_area_full . $row_edit['template_id'] . "-" . $row_edit['username'] . "-" . $row_edit['template_name'] . "/lockfile.txt"); - - $temp = explode("*",$lock_file_data); - - if(count($temp)==1){ - - $temp = explode(" ",$lock_file_data); - - } - - $lock_file_creator = $temp[0]; - - /* - * Check if lock file creator is current user, if so, continue into the code - */ - - if($lock_file_creator==$_SESSION['toolkits_logon_username']){ - - if(update_access_time($row_edit)){ - - /* - * Display the editor - */ - - require $xerte_toolkits_site->root_file_path . "modules/" . $row_edit['template_framework'] . "/edit.php"; - - output_editor_code($row_edit, $xerte_toolkits_site, "true", true); - - }else{ - - /* - * Show an error - */ - - error_show_template(); - - } - - }else{ - - if(isset($_POST['lockfile_clear'])){ - - /* - * Delete the lockfile - */ - - $file_handle = fopen($xerte_toolkits_site->users_file_area_full . $row_edit['template_id'] . "-" . $row_edit['username'] . "-" . $row_edit['template_name'] . "/lockfile.txt", 'w'); - - fwrite($file_handle, $_SESSION['toolkits_logon_username'] . "*"); - - fclose($file_handle); - - /* - * Update the time this template was last edited - */ - - if(update_access_time($row_edit)){ - - require $xerte_toolkits_site->root_file_path . "modules/" . $row_edit['template_framework'] . "/edit.php"; - - output_editor_code($row_edit, $xerte_toolkits_site, "true", true); - - }else{ - - error_show_template(); - - } - - }else{ - - /* - * Update the lock file. The lock file format is creator id*id that tried to access 1 id that tried to access 2 and so on - */ - - $new_lock_file = $lock_file_data . $_SESSION['toolkits_logon_username'] . " "; - - $file_handle = fopen($xerte_toolkits_site->users_file_area_full . $row_edit['template_id'] . "-" . $row_edit['username'] . "-" . $row_edit['template_name'] . "/lockfile.txt",'w'); - - fwrite($file_handle, $new_lock_file); - - fclose($file_handle); - - output_locked_file_code($lock_file_creator); - - } - - } - - }else{ - - /* - * No lock file, so create one - */ - - $file_handle = fopen($xerte_toolkits_site->users_file_area_full . $row_edit['template_id'] . "-" . $row_edit['username'] . "-" . $row_edit['template_name'] . "/lockfile.txt", 'w'); - - fwrite($file_handle, $_SESSION['toolkits_logon_username'] . "*"); - - fclose($file_handle); - - /* - * Update the time this template was last edited - */ - - if(update_access_time($row_edit)){ - - require $xerte_toolkits_site->root_file_path . "modules/" . $row_edit['template_framework'] . "/edit.php"; - - output_editor_code($row_edit, $xerte_toolkits_site, "true", true); - - }else{ - - error_show_template(); - - } - - } - - }else{ - - /* - * One editor (but shared) for this prohect, so continue without creating a lock file - */ - - $query = "UPDATE " . $xerte_toolkits_site->database_table_prefix . "templatedetails SET date_accessed= " . date('O-m-d') . " WHERE template_id=" . $row_edit['template_id']; - - if(update_access_time($row_edit)){ - - require $xerte_toolkits_site->root_file_path . "modules/" . $row_edit['template_framework'] . "/edit.php"; - - output_editor_code($row_edit, $xerte_toolkits_site, "true", false); - - }else{ - - error_show_template(); - - } - - } - - }else{ - - /* - * One editor (and no sharing) for this prohect, so continue without creating a lock file - */ - - if(update_access_time($row_edit)){ - - require $xerte_toolkits_site->root_file_path . "modules/" . $row_edit['template_framework'] . "/edit.php"; - - output_editor_code($row_edit, $xerte_toolkits_site, "false", false); - - }else{ - - error_show_template(); - - } - - - } - - }else if(is_user_admin()){ - - /* - * Is the current user an administrator - If so access here. - */ - - require $xerte_toolkits_site->root_file_path . "modules/" . $row_edit['template_framework'] . "/edit.php"; - - output_editor_code($row_edit, $xerte_toolkits_site, "false", false); - - }else{ - - /* - * Wiki mode - check to see if template allows anonymous editing. - */ - - $string_for_flash_xml = $xerte_toolkits_site->users_file_area_short . $row_edit['template_id'] . "-" . $row_username['username'] . "-" . $row_edit['template_name'] . "/data.xml"; - - $buffer = file_get_contents($string_for_flash_xml); - - if(strpos($buffer,"editable=true")==false){ - - /* - * Wiki mode not set - */ - - }else{ - - /* - * Wiki mode set - */ - - require $xerte_toolkits_site->root_file_path . "modules/" . $row_edit['template_framework'] . "/edit.php"; - - output_editor_code($row_edit, $xerte_toolkits_site, "true", false); - - } - - } - - }else{ - - require $xerte_toolkits_site->root_file_path . "modules/" . $row_edit['template_framework'] . "/edit.php"; - dont_show_template(); - - } - -?> \ No newline at end of file +php_library_path . "database_library.php"; +require $xerte_toolkits_site->php_library_path . "screen_size_library.php"; +require $xerte_toolkits_site->php_library_path . "template_status.php"; +require $xerte_toolkits_site->php_library_path . "display_library.php"; +require $xerte_toolkits_site->php_library_path . "user_library.php"; + +/** + * + * Function update_access_time + * This function updates the time a template was last edited + * @param array $row_edit = an array returned from a mysql query + * @return bool True or False if two params match + * @version 1.0 + * @author Patrick Lockley + */ + +function update_access_time($row_edit){ + + global $xerte_toolkits_site; + + return db_query("UPDATE {$xerte_toolkits_site->database_table_prefix}templatedetails SET date_accessed=? WHERE template_id = ?", array(date('Y-m-d'), $row_edit['template_id'])); + +} + + +/* + * Check the template ID is numeric + */ + +if(!isset($_GET['template_id']) || !is_numeric($_GET['template_id'])) { + _debug("Template id is not numeric. ->" . $_GET['template_id']); + require $xerte_toolkits_site->root_file_path . "modules/" . $row_edit['template_framework'] . "/edit.php"; + dont_show_template(); + exit(0); +} + +/* + * Find out if this user has rights to the template + */ + +$safe_template_id = (int) $_GET['template_id']; + +$query_for_edit_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query); + +$query_for_edit_content = str_replace("TEMPLATE_ID_TO_REPLACE", $safe_template_id, $query_for_edit_content_strip); + +$query_for_edit_content_response = mysql_query($query_for_edit_content); + +$row_edit = mysql_fetch_array($query_for_edit_content_response); + +if(has_rights_to_this_template($safe_template_id,$_SESSION['toolkits_logon_id'])){ + + /* + * Check if user is editor (could be read only) + */ + + if(is_user_an_editor($safe_template_id,$_SESSION['toolkits_logon_id'])){ + + /* + * Check for multiple editors + */ + + if(has_template_multiple_editors($safe_template_id)){ + + /* + * Check for lock file. A lock file is created to prevent more than one + */ + + if(file_exists($xerte_toolkits_site->users_file_area_full . $row_edit['template_id'] . "-" . $row_edit['username'] . "-" . $row_edit['template_name'] . "/lockfile.txt")){ + + /* + * Lock file exists, so open it up and see who created it + */ + + $lock_file_data = file_get_contents($xerte_toolkits_site->users_file_area_full . $row_edit['template_id'] . "-" . $row_edit['username'] . "-" . $row_edit['template_name'] . "/lockfile.txt"); + + $temp = explode("*",$lock_file_data); + + if(count($temp)==1){ + + $temp = explode(" ",$lock_file_data); + + } + + $lock_file_creator = $temp[0]; + + /* + * Check if lock file creator is current user, if so, continue into the code + */ + + if($lock_file_creator==$_SESSION['toolkits_logon_username']){ + + if(update_access_time($row_edit)){ + + /* + * Display the editor + */ + + require $xerte_toolkits_site->root_file_path . "modules/" . $row_edit['template_framework'] . "/edit.php"; + + output_editor_code($row_edit, $xerte_toolkits_site, "true", true); + + }else{ + + /* + * Show an error + */ + + error_show_template(); + + } + + }else{ + + if(isset($_POST['lockfile_clear'])){ + + /* + * Delete the lockfile + */ + + $file_handle = fopen($xerte_toolkits_site->users_file_area_full . $row_edit['template_id'] . "-" . $row_edit['username'] . "-" . $row_edit['template_name'] . "/lockfile.txt", 'w'); + + fwrite($file_handle, $_SESSION['toolkits_logon_username'] . "*"); + + fclose($file_handle); + + /* + * Update the time this template was last edited + */ + + if(update_access_time($row_edit)){ + + require $xerte_toolkits_site->root_file_path . "modules/" . $row_edit['template_framework'] . "/edit.php"; + + output_editor_code($row_edit, $xerte_toolkits_site, "true", true); + + }else{ + + error_show_template(); + + } + + }else{ + + /* + * Update the lock file. The lock file format is creator id*id that tried to access 1 id that tried to access 2 and so on + */ + + $new_lock_file = $lock_file_data . $_SESSION['toolkits_logon_username'] . " "; + + $file_handle = fopen($xerte_toolkits_site->users_file_area_full . $row_edit['template_id'] . "-" . $row_edit['username'] . "-" . $row_edit['template_name'] . "/lockfile.txt",'w'); + + fwrite($file_handle, $new_lock_file); + + fclose($file_handle); + + output_locked_file_code($lock_file_creator); + + } + + } + + }else{ + + /* + * No lock file, so create one + */ + + $file_handle = fopen($xerte_toolkits_site->users_file_area_full . $row_edit['template_id'] . "-" . $row_edit['username'] . "-" . $row_edit['template_name'] . "/lockfile.txt", 'w'); + + fwrite($file_handle, $_SESSION['toolkits_logon_username'] . "*"); + + fclose($file_handle); + + /* + * Update the time this template was last edited + */ + + if(update_access_time($row_edit)){ + + require $xerte_toolkits_site->root_file_path . "modules/" . $row_edit['template_framework'] . "/edit.php"; + + output_editor_code($row_edit, $xerte_toolkits_site, "true", true); + + }else{ + + error_show_template(); + + } + + } + + }else{ + + /* + * One editor (but shared) for this prohect, so continue without creating a lock file + */ + + if(update_access_time($row_edit)){ + require $xerte_toolkits_site->root_file_path . "modules/" . $row_edit['template_framework'] . "/edit.php"; + output_editor_code($row_edit, $xerte_toolkits_site, "true", false); + }else{ + error_show_template(); + + } + + } + + }else{ + + /* + * One editor (and no sharing) for this prohect, so continue without creating a lock file + */ + + if(update_access_time($row_edit)){ + _debug("editphp - no sharing etc"); + require $xerte_toolkits_site->root_file_path . "modules/" . $row_edit['template_framework'] . "/edit.php"; + + output_editor_code($row_edit, $xerte_toolkits_site, "false", false); + + }else{ + + error_show_template(); + + } + + + } + +}else if(is_user_admin()){ + + /* + * Is the current user an administrator - If so access here. + */ + + require $xerte_toolkits_site->root_file_path . "modules/" . $row_edit['template_framework'] . "/edit.php"; + + output_editor_code($row_edit, $xerte_toolkits_site, "false", false); + +}else{ + + /* + * Wiki mode - check to see if template allows anonymous editing. + */ + + $string_for_flash_xml = $xerte_toolkits_site->users_file_area_short . $row_edit['template_id'] . "-" . $row_username['username'] . "-" . $row_edit['template_name'] . "/data.xml"; + + $buffer = file_get_contents($string_for_flash_xml); + + if(strpos($buffer,"editable=true")==false){ + + /* + * Wiki mode not set + */ + + }else{ + + /* + * Wiki mode set + */ + + require $xerte_toolkits_site->root_file_path . "modules/" . $row_edit['template_framework'] . "/edit.php"; + + output_editor_code($row_edit, $xerte_toolkits_site, "true", false); + + } + +} + diff --git a/example.php b/example.php index 7b2b4e0a18..9488bce13f 100644 --- a/example.php +++ b/example.php @@ -1,88 +1,79 @@ -php_library_path . "database_library.php"; - require $xerte_toolkits_site->php_library_path . "screen_size_library.php"; - require $xerte_toolkits_site->php_library_path . "template_status.php"; - require $xerte_toolkits_site->php_library_path . "display_library.php"; +require_once("config.php"); - /* - * Check the template ID is numeric - */ +require $xerte_toolkits_site->php_library_path . "database_library.php"; +require $xerte_toolkits_site->php_library_path . "screen_size_library.php"; +require $xerte_toolkits_site->php_library_path . "template_status.php"; +require $xerte_toolkits_site->php_library_path . "display_library.php"; - if(is_numeric($_GET['template_id'])){ +/* + * Check the template ID is numeric + */ - $safe_template_id = mysql_real_escape_string($_GET['template_id']); - - $mysql_id=database_connect("Example.php database connect successful","Example.php database connect failed"); +if(!isset($_GET['template_id']) || !is_numeric($_GET['template_id'])) { + die("Invalid template_id provided"); +} - /* - * Do the standard query to get the ID and file paths - */ - $query_for_edit_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query); - - $query_for_edit_content = str_replace("TEMPLATE_ID_TO_REPLACE", $safe_template_id, $query_for_edit_content_strip); - - $query_for_edit_content_response = mysql_query($query_for_edit_content); - - $row = mysql_fetch_array($query_for_edit_content_response); - - /* - * Query to find out if this ID is an example - */ +$safe_template_id = (int) $_GET['template_id']; - $query_to_check_example ="select display_id from " . $xerte_toolkits_site->database_table_prefix . "originaltemplatesdetails where display_id=\"" . $safe_template_id . "\""; +/* + * Do the standard query to get the ID and file paths + */ - $query_for_example_response = mysql_query($query_to_check_example); +$query_for_edit_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query); - /* - * The num rows is 1 from this query then it is an ID - */ +$query_for_edit_content = str_replace("TEMPLATE_ID_TO_REPLACE", $safe_template_id, $query_for_edit_content_strip); - if(mysql_num_rows($query_for_example_response)==1){ +$row = db_query_one($query_for_edit_content); - /* - * Get the username - */ - - $query_for_username = "select username from " . $xerte_toolkits_site->database_table_prefix . "logindetails where login_id=\"" . $row['user_id'] . "\""; +/* + * Query to find out if this ID is an example + */ - $query_for_username_response = mysql_query($query_for_username); +$query_to_check_example ="select display_id from {$xerte_toolkits_site->database_table_prefix}originaltemplatesdetails where display_id=?"; - $row_username = mysql_fetch_array($query_for_username_response); - - /* - * Get the xml paths and display the HTML - */ +$query_for_example_response = db_query($query_to_check_example, array($safe_template_id)); - $string_for_flash_xml = $xerte_toolkits_site->users_file_area_short . $row['template_id'] . "-" . $row_username['username'] . "-" . $row['template_name'] . "/data.xml"; +/* + * The num rows is 1 from this query then it is an ID + */ - $string_for_flash = $xerte_toolkits_site->users_file_area_short . $row['template_id'] . "-" . $row_username['username'] . "-" . $row['template_name'] . "/"; +if(sizeof($query_for_example_response)==1){ - $dimension = split("~",get_template_screen_size($row['template_name'],$row['template_framework'])); + /* + * Get the username + */ - echo file_get_contents($xerte_toolkits_site->module_path . $row['template_framework'] . "/preview_" . $row['template_framework'] . "_top"); + $query_for_username = "select username from {$xerte_toolkits_site->database_table_prefix}logindetails where login_id=?"; + $row_username = db_query_one($query_for_username, array($row['user_id'])); - echo "myRLO = new rloObject('" . $dimension[0] . "','" . $dimension[1] . "','modules/" . $row['template_framework'] . "/parent_templates/" . $row['template_name'] ."/" . $row['template_name'] . ".rlt','$string_for_flash', '$string_for_flash_xml')"; + /* + * Get the xml paths and display the HTML + */ - echo ""; + $string_for_flash_xml = $xerte_toolkits_site->users_file_area_short . $row['template_id'] . "-" . $row_username['username'] . "-" . $row['template_name'] . "/data.xml"; - }else{ + $string_for_flash = $xerte_toolkits_site->users_file_area_short . $row['template_id'] . "-" . $row_username['username'] . "-" . $row['template_name'] . "/"; - dont_show_template(); + $dimension = split("~",get_template_screen_size($row['template_name'],$row['template_framework'])); - } + echo file_get_contents($xerte_toolkits_site->module_path . $row['template_framework'] . "/preview_" . $row['template_framework'] . "_top"); - } + echo "myRLO = new rloObject('" . $dimension[0] . "','" . $dimension[1] . "','modules/" . $row['template_framework'] . "/parent_templates/" . $row['template_name'] ."/" . $row['template_name'] . ".rlt','$string_for_flash', '$string_for_flash_xml')"; -?> \ No newline at end of file + echo ""; + +}else{ + dont_show_template(); +} diff --git a/index.php b/index.php index 0fa4f80fa1..47f1618957 100644 --- a/index.php +++ b/index.php @@ -278,14 +278,14 @@ function show_page($extra,$xerte_toolkits_site){ // JAVASCRIPT library for fixed variables\n // management of javascript is set up here\n // SITE SETTINGS\n"; - - echo "var site_url = \"" . $xerte_toolkits_site->site_url . "\";\n"; - - echo "var site_apache = \"" . $xerte_toolkits_site->apache . "\";\n"; - - echo "var properties_ajax_php_path = \"website_code/php/properties/\";\n var management_ajax_php_path = \"website_code/php/management/\";\n var ajax_php_path = \"website_code/php/\";\n"; - + echo " + diff --git a/languages/en-gb/rss.inc b/languages/en-gb/rss.inc index 1efbe08735..d4b4c7d12f 100644 --- a/languages/en-gb/rss.inc +++ b/languages/en-gb/rss.inc @@ -14,6 +14,7 @@ define("RSS_LANGUAGE","en-gb"); define("RSS_DB_FAIL","Sorry, the system cannot connect to the database at present. The mysql error is "); define("RSS_LO","'s Learning Objects"); + define("RSS_PLURAL", "'s"); define("RSS_FEED_DESC","A feed containing all of"); define("RSS_FEED_PUBLIC","'s public learning objects from the "); define("RSS_USER_LO","'s Learning Objects "); diff --git a/modules/xerte/edit.php b/modules/xerte/edit.php index 160ebdbfd7..0dd9dcb640 100644 --- a/modules/xerte/edit.php +++ b/modules/xerte/edit.php @@ -29,25 +29,25 @@ function output_editor_code($row_edit, $xerte_toolkits_site, $read_status, $vers require_once($xerte_toolkits_site->php_library_path . "database_library.php"); - database_connect("Edit xerte connect success","Edit xerte connect fail"); - - $query_for_username = "select username from " . $xerte_toolkits_site->database_table_prefix . "logindetails where login_id=\"" . $row_edit['user_id'] . "\""; - - $query_for_username_response = mysql_query($query_for_username); + + $row_username = db_query_one("select username from {$xerte_toolkits_site->database_table_prefix}logindetails where login_id=?" , array($row_edit['user_id'])); - $row_username = mysql_fetch_array($query_for_username_response); + if(empty($row_username)) { + die("Invalid user id ?"); + } /** * create the preview xml used for editing */ - if(!file_exists($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->users_file_area_short . $row_edit['template_id'] . "-" . $row_username['username'] . "-" . $row_edit['template_name'] . "/preview.xml")){ + $preview = $xerte_toolkits_site->root_file_path . $xerte_toolkits_site->users_file_area_short . $row_edit['template_id'] . "-" . $row_username['username'] . "-" . $row_edit['template_name'] . "/preview.xml"; + + $data = $xerte_toolkits_site->root_file_path . $xerte_toolkits_site->users_file_area_short . $row_edit['template_id'] . "-" . $row_username['username'] . "-" . $row_edit['template_name'] . "/data.xml"; - copy($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->users_file_area_short . $row_edit['template_id'] . "-" . $row_username['username'] . "-" . $row_edit['template_name'] . "/data.xml",$xerte_toolkits_site->root_file_path . $xerte_toolkits_site->users_file_area_short . $row_edit['template_id'] . "-" . $row_username['username'] . "-" . $row_edit['template_name'] . "/preview.xml"); - - chmod($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->users_file_area_short . $row_edit['template_id'] . "-" . $row_username['username'] . "-" . $row_edit['template_name'] . "/preview.xml",0777); - - } + if(!file_exists($preview) && file_exists($data)){ + copy($data, $preview); + chmod($preview, 0777); + } /** * set up the strings used in the flash vars @@ -59,12 +59,6 @@ function output_editor_code($row_edit, $xerte_toolkits_site, $read_status, $vers $string_for_flash_xwd = "modules/" . $row_edit['template_framework'] . "/parent_templates/" . $row_edit['template_name'] . "/"; - $query_for_template_name = "select " . $xerte_toolkits_site->database_table_prefix . "originaltemplatesdetails.template_name, " . $xerte_toolkits_site->database_table_prefix . "originaltemplatesdetails.template_framework from " . $xerte_toolkits_site->database_table_prefix . "originaltemplatesdetails, " . $xerte_toolkits_site->database_table_prefix . "templatedetails where " . $xerte_toolkits_site->database_table_prefix . "templatedetails.template_type_id = " . $xerte_toolkits_site->database_table_prefix . "originaltemplatesdetails.template_type_id AND template_id =\"" . $_GET['template_id'] . "\""; - - $query_name_response = mysql_query($query_for_template_name); - - $row_name = mysql_fetch_array($query_name_response); - /** * sort of the screen sies required for the preview window */ @@ -153,20 +147,35 @@ function receive_picture(url){ */ echo "so.addVariable(\"xmlvariable\", \"$string_for_flash_xml\");"; + echo "\n"; echo "so.addVariable(\"rlovariable\", \"$string_for_flash_media\");"; + echo "\n"; echo "so.addVariable(\"originalpathvariable\", \"$string_for_flash_xwd\");"; + echo "\n"; echo "so.addVariable(\"template_id\", \"" . $row_edit['template_id'] . "\");"; + echo "\n"; echo "so.addVariable(\"template_height\", \"" . $temp[1] . "\");"; + echo "\n"; echo "so.addVariable(\"template_width\", \"" . $temp[0] . "\");"; + echo "\n"; echo "so.addVariable(\"read_and_write\", \"" . $read_status . "\");"; + echo "\n"; echo "so.addVariable(\"savepath\", \"" . $xerte_toolkits_site->flash_save_path . "\");"; + echo "\n"; echo "so.addVariable(\"upload_path\", \"" . $xerte_toolkits_site->flash_upload_path . "\");"; + echo "\n"; echo "so.addVariable(\"preview_path\", \"" . $xerte_toolkits_site->flash_preview_check_path . "\");"; + echo "\n"; echo "so.addVariable(\"flv_skin\", \"" . $xerte_toolkits_site->flash_flv_skin . "\");"; + echo "\n"; echo "so.addVariable(\"site_url\", \"" . $xerte_toolkits_site->site_url . "\");"; + echo "\n"; echo "so.addVariable(\"apache\", \"" . $xerte_toolkits_site->apache . "\");"; + echo "\n"; echo "so.write(\"flashcontent\");"; + echo "\n"; echo ""; + echo "\n"; } diff --git a/modules/xerte/new_template.php b/modules/xerte/new_template.php index f29ef740e5..9588e34a70 100644 --- a/modules/xerte/new_template.php +++ b/modules/xerte/new_template.php @@ -12,163 +12,93 @@ $temp_dir_path=""; $temp_new_path=""; -/** -* -* Function create folder loop -* This function creates folders needed when creating a template -* @param string $foldername - the path to this folder -* @param number $looplevel - a number to make sure that we enter and leave each folder correctly -* @version 1.0 -* @author Patrick Lockley -*/ - - -function create_folder_loop($folder_name,$loop_level){ - - global $dir_path, $new_path, $temp_dir_path, $temp_new_path; - - while($f = readdir($folder_name)){ - - $full = $dir_path . "/" . $f; - - if(is_dir($full)){ - - if(($f==".")||($f=="..")){ - - }else{ - - $new_folder = opendir($full); - $temp_dir_path = $dir_path; - $temp_new_path = $new_path; - $new_path = $new_path . "/" . $f; - $dir_path=$full; - - if(@mkdir($new_path)){ - if(@chmod($new_path, 0777)){ - - create_folder_loop($new_folder,++$loop_level); - - }else{ - - receive_message($_SESSION['toolkits_logon_username'], "FILE_SYSTEM", "MAJOR", "Failed to set permissions on folder", "Failed to set correct rights on " . $new_path); - - return false; - } - }else{ - - receive_message($_SESSION['toolkits_logon_username'], "FILE_SYSTEM", "CRITICIAL", "Failed to create folder", "Failed to create folder " . $new_path); - - return false; - - } - - - } - - }else{ - - $file_dest_path = $new_path . "/" . $f; - if(@copy($full, $file_dest_path)){ - if(@chmod($file_dest_path, 0777)){ - - - }else{ - - receive_message($_SESSION['toolkits_logon_username'], "FILE_SYSTEM", "CRITICAL", "Failed to copy file", "Failed to copy file " . $full . " " . $file_dest_path); - return false; - - } - }else{ - - receive_message($_SESSION['toolkits_logon_username'], "FILE_SYSTEM", "MAJOR", "Failed to set rights on file", "Failed to set rights on file " . $full . " " . $file_dest_path); - - return false; - - } - - } - } - - $dir_path = $temp_dir_path; - $new_path = $temp_new_path; - - /** - * loop level is used to check for the recusion to make sure it has worked ok. A failure in this is not critical but is used in error reporting - */ - - $loop_level--; - - if($loop_level==-1){ - return true; - } - +// taken from php.net/manual/en/function.copy.php + +define('DS', DIRECTORY_SEPARATOR); // I always use this short form in my code. +function copy_r( $path, $dest ) +{ + if(preg_match('/\.svn/', $path)) { + _Debug("Skipping .svn dir ($path)"); + return true; + } + _debug("Copying $path to $dest, recursively... "); + + if( is_dir($path) ) + { + @mkdir( $dest ); + $objects = scandir($path); + if( sizeof($objects) > 0 ) + { + foreach( $objects as $file ) + { + if( $file == "." || $file == ".." ) + continue; + // go on + if( is_dir( $path.DS.$file ) ) + { + copy_r( $path.DS.$file, $dest.DS.$file ); + } + else + { + copy( $path.DS.$file, $dest.DS.$file ); + } + } + } + return true; + } + elseif( is_file($path) ) + { + return copy($path, $dest); + } + else + { + return false; + } } /** -* -* Function sort out paramaters -* This function creates folders needed when duplicating a template -* @param number $folder_name_id - the id of this template -* @param number $tutorial_id_from_post - the parent template name for the new tutorial -* @version 1.0 -* @author Patrick Lockley -*/ - - -function create_new_template($folder_name_id,$tutorial_id_from_post){ - - global $dir_path, $new_path, $temp_dir_path, $temp_new_path, $xerte_toolkits_site; - - $database_id=database_connect("file_library database connect success","file_library database connect fail"); - - $query_for_framework = "select template_framework from " . $xerte_toolkits_site->database_table_prefix . "originaltemplatesdetails where template_name =\"" . $tutorial_id_from_post . "\""; - - $query_for_framework_response = mysql_query($query_for_framework); - - $row_framework = mysql_fetch_array($query_for_framework_response); - - $dir_path = $xerte_toolkits_site->basic_template_path . $row_framework['template_framework'] . "/templates/" . $tutorial_id_from_post; - - /** - * Get the id of the folder we are looking to copy into - */ - - $new_path = $xerte_toolkits_site->users_file_area_full . $folder_name_id . "-" . $_SESSION['toolkits_logon_username'] . "-" . $tutorial_id_from_post; - - $path = $xerte_toolkits_site->users_file_area_full . $folder_name_id . "-" . $_SESSION['toolkits_logon_username'] . "-" . $tutorial_id_from_post; - - if(mkdir($path)){ - - if(@chmod($path,0777)){ - - $d = opendir($dir_path); - - if(create_folder_loop($d,-1)){ - - return true; - - }else{ - - return false; - - } - - }else{ - - receive_message($_SESSION['toolkits_logon_username'], "FILE_SYSTEM", "MAJOR", "Failed to set rights on parent folder for template", "Failed to set rights on parent folder " . $path); - - return false; - - - } - }else{ - - receive_message($_SESSION['toolkits_logon_username'], "FILE_SYSTEM", "CRITICAL", "Failed to create parent folder for template", "Failed to create parent folder " . $path); - - return false; - - } - + * + * Function sort out paramaters + * This function creates folders needed when duplicating a template + * @param number $folder_name_id - the id of this template + * @param number $tutorial_id_from_post - the parent template name for the new tutorial + * @version 1.0 + * @author Patrick Lockley + */ + + +function create_new_template($folder_name_id,$parent_template_name){ + + global $dir_path, $new_path, $temp_dir_path, $temp_new_path, $xerte_toolkits_site; + + + $row_framework = db_query_one("SELECT template_framework from {$xerte_toolkits_site->database_table_prefix}originaltemplatesdetails WHERE template_name = ?", array($parent_template_name)); + + + // I think this is wrong, currently looking like : /home/david/src/xerteonlinetoolkits/modules//templates/0 should presumably be home/david/src/xerteonlinetoolkits/modules/xerte/templates/Nottingham + $dir_path = $xerte_toolkits_site->basic_template_path . $row_framework['template_framework'] . "/templates/" . $parent_template_name; + + /** + * Get the id of the folder we are looking to copy into + */ + + _debug("Creating new template : $folder_name_id, $parent_template_name"); + $new_path = $xerte_toolkits_site->users_file_area_full . $folder_name_id . "-" . $_SESSION['toolkits_logon_username'] . "-" . $parent_template_name; + $path = $xerte_toolkits_site->users_file_area_full . $folder_name_id . "-" . $_SESSION['toolkits_logon_username'] . "-" . $parent_template_name; + + if(mkdir($path)){ + _debug("Created $path ok"); + if(@chmod($path,0777)){ + $ok = copy_r($dir_path, $path); + _debug("Copy_r returned " . print_r($ok, true)); + return $ok; + }else{ + _debug("Failed to set rights "); + receive_message($_SESSION['toolkits_logon_username'], "FILE_SYSTEM", "MAJOR", "Failed to set rights on parent folder for template", "Failed to set rights on parent folder " . $path); + return false; + } + }else{ + receive_message($_SESSION['toolkits_logon_username'], "FILE_SYSTEM", "CRITICAL", "Failed to create parent folder for template", "Failed to create parent folder " . $path); + return false; + } } - -?> \ No newline at end of file diff --git a/modules/xerte/peer.php b/modules/xerte/peer.php index c2b4ab0829..578c1072de 100644 --- a/modules/xerte/peer.php +++ b/modules/xerte/peer.php @@ -27,7 +27,7 @@ function show_template($row_play){ $string_for_flash = $xerte_toolkits_site->users_file_area_short . $row_play['template_id'] . "-" . $row_play['username'] . "-" . $row_play['template_name'] . "/"; - $dimension = split("~",get_template_screen_size($row_play['template_name'],$row_play['template_framework'])); + list($x, $y) = explode("~",get_template_screen_size($row_play['template_name'],$row_play['template_framework'])); ?> @@ -57,9 +57,11 @@ function enableTTS(){ * slightly modified xerte preview code to allow for flash vars */ - echo "myRLO = new rloObject('" . $dimension[0] . "','" . $dimension[1] . "','modules/" . $row_play['template_framework'] . "/parent_templates/" . $row_play['template_name'] . "/" . $row_play['template_name'] . ".rlt','$string_for_flash', '$string_for_flash_xml', '$xerte_toolkits_site->site_url')"; + echo "myRLO = new rloObject('" . $x . "','" . $y . "','modules/" . $row_play['template_framework'] . "/parent_templates/" . $row_play['template_name'] . "/" . $row_play['template_name'] . ".rlt','$string_for_flash', '$string_for_flash_xml', '$xerte_toolkits_site->site_url')"; echo ""; + + echo "

"; echo "

"; diff --git a/modules/xerte/play.php b/modules/xerte/play.php index ccc41bdd0c..b14d72e18e 100644 --- a/modules/xerte/play.php +++ b/modules/xerte/play.php @@ -14,7 +14,7 @@ function show_template($row_play){ $string_for_flash = $xerte_toolkits_site->users_file_area_short . $row_play['template_id'] . "-" . $row_play['username'] . "-" . $row_play['template_name'] . "/"; - $dimension = split("~",get_template_screen_size($row_play['template_name'],$row_play['template_framework'])); + list($x, $y) = explode("~",get_template_screen_size($row_play['template_name'],$row_play['template_framework'])); require $xerte_toolkits_site->root_file_path . "languages/" . $_SESSION['toolkits_language'] . "/modules/xerte/preview.inc"; @@ -85,9 +85,9 @@ function openWindow(params){ // slightly modified xerte preview code to allow for flash vars - echo "myRLO = new rloObject('" . $dimension[0] . "','" . $dimension[1] . "','modules/" . $row_play['template_framework'] . "/parent_templates/" . $row_play['template_name'] . "/" . $row_play['template_name'] . ".rlt','$string_for_flash', '$string_for_flash_xml', '$xerte_toolkits_site->site_url')"; + echo "myRLO = new rloObject('" . $x . "','" . $y . "','modules/" . $row_play['template_framework'] . "/parent_templates/" . $row_play['template_name'] . "/" . $row_play['template_name'] . ".rlt','$string_for_flash', '$string_for_flash_xml', '$xerte_toolkits_site->site_url')"; - echo ""; + echo "
"; } diff --git a/peer.php b/peer.php index 90ccc4502b..55ee7bde61 100644 --- a/peer.php +++ b/peer.php @@ -8,96 +8,88 @@ * @package */ - require("config.php"); + require_once("config.php"); require $xerte_toolkits_site->root_file_path . "languages/" . $_SESSION['toolkits_language'] . "/peer.inc"; require $xerte_toolkits_site->php_library_path . "login_library.php"; require $xerte_toolkits_site->php_library_path . "display_library.php"; require $xerte_toolkits_site->php_library_path . "database_library.php"; - - $mysql_id=database_connect("peer.php database connect success","peer.php database connect failure"); - - $query_for_security_content = "select * from " . $xerte_toolkits_site->database_table_prefix . "play_security_details"; - - $query_for_security_content_response = mysql_query($query_for_security_content); /** * Check the template ID is a number */ - $safe_template_id = mysql_real_escape_string($_GET['template_id']); - - if(is_numeric($safe_template_id)){ + if(empty($_GET['template_id']) || !is_numeric($_GET['template_id'])) { + die("Invalid template id"); + } - $query_to_check_peer = "select * from " . $xerte_toolkits_site->database_table_prefix . "additional_sharing where sharing_type=\"peer\" and template_id=\"" . $safe_template_id . "\""; + $template_id = (int) $_GET['template_id']; - $query_for_peer_response = mysql_query($query_to_check_peer); - - /** - * The number of rows being not equal to 0, indicates peer review has been set up. - */ + $query_to_check_peer = "select * from " . $xerte_toolkits_site->database_table_prefix . "additional_sharing where sharing_type=\"peer\" and template_id=\"" . $template_id . "\""; - if(mysql_num_rows($query_for_peer_response)!=0){ + $query_for_peer_response = db_query_one("SELECT * FROM {$xerte_toolkits_site->database_table_prefix}additional_sharing WHERE sharing_type = ? AND template_id = ?", array('peer', $template_id)); + /** + * The number of rows being not equal to 0, indicates peer review has been set up. + */ - /** - * Peer review needs a password, so check if anything has been posted - */ - - if($_SERVER['REQUEST_METHOD'] == 'POST') { - - /** - * Check the password againsr the value in the database - */ + if(!empty($query_for_peer_response)) { - $query_to_check_peer = "select * from " . $xerte_toolkits_site->database_table_prefix . "additional_sharing where sharing_type=\"peer\" and template_id=\"" . $safe_template_id . "\" and extra =\"" . $_POST['password'] . "\""; - - $query_for_peer_response = mysql_query($query_to_check_peer); - if(mysql_num_rows($query_for_peer_response)!=0){ - - /** - * Output the code - */ + /** + * Peer review needs a password, so check if anything has been posted + */ - require $xerte_toolkits_site->php_library_path . "screen_size_library.php"; + if($_SERVER['REQUEST_METHOD'] == 'POST') { + + /** + * Check the password againsr the value in the database + */ - $query_for_play_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query); + if($_POST['password'] == $query_for_peer_response['extra']) { - $query_for_play_content = str_replace("TEMPLATE_ID_TO_REPLACE", $safe_template_id, $query_for_play_content_strip); + /** + * Output the code + */ - $query_for_play_content_response = mysql_query($query_for_play_content); + require $xerte_toolkits_site->php_library_path . "screen_size_library.php"; - $row_play = mysql_fetch_array($query_for_play_content_response); + // should the $ really be escaped with \ ? + $query_for_play_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query); - require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/peer.php"; + $query_for_play_content = str_replace("TEMPLATE_ID_TO_REPLACE", $template_id, $query_for_play_content_strip); - show_template($row_play); + $row_play = db_query_one($query_for_play_content); - }else{ - - $buffer = $xerte_toolkits_site->peer_form_string . $temp[1] . "

" . PEER_LOGON_FAIL . ".

"; + require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/peer.php"; - echo $buffer; - - } + show_template($row_play); }else{ - /** - * Nothing posted so output the password string - */ + $buffer = $xerte_toolkits_site->peer_form_string . $temp[1] . "

" . PEER_LOGON_FAIL . ".

"; + + echo $buffer; - echo $xerte_toolkits_site->peer_form_string; + } - } }else{ + + /** + * Nothing posted so output the password string + */ - dont_show_template(); + echo $xerte_toolkits_site->peer_form_string; } + + }else{ + + dont_show_template(); - } + } + + ?> \ No newline at end of file diff --git a/play.php b/play.php index 65dde86d0b..cf9a8aaba8 100644 --- a/play.php +++ b/play.php @@ -132,7 +132,7 @@ function check_ip($ip_address, $security_settings){ * * Function check_security_type * This function checks database settings to see if non standard play security options have been met - * @param string $secrity_setting = the value taken from security_setting in play_security_details + * @param string $security_setting = the value taken from security_setting in play_security_details * @return bool True or False if two params match * @version 1.0 * @author Patrick Lockley @@ -169,220 +169,208 @@ function check_security_type($security_setting){ require $xerte_toolkits_site->php_library_path . "database_library.php"; require $xerte_toolkits_site->php_library_path . "template_library.php"; - $mysql_id=database_connect("Successful database connect for play queries","Failed database connect for play queries"); + if(!isset($_GET['template_id']) || !is_numeric($_GET['template_id'])) { - /* - * Check the template ID is numeric - */ + /* + * Was not numeric, so display error message + */ + echo file_get_contents($xerte_toolkits_site->website_code_path . "error_top") . " " . PLAY_RESOURCE_FAIL . "
"; + exit(0); + } - $safe_template_id = mysql_real_escape_string($_GET['template_id']); - - if(is_numeric($safe_template_id)){ + $safe_template_id = (int) $_GET['template_id']; - /* - * Check to see whether it is less than the highest ID we have created - */ + /* + * Check to see whether it is less than the highest ID we have created + */ - if(get_maximum_template_number()<$safe_template_id){ + if(get_maximum_template_number()<$safe_template_id){ - echo file_get_contents($xerte_toolkits_site->website_code_path . "error_top") . " " . PLAY_RESOURCE_FAIL . " "; - die(); + echo file_get_contents($xerte_toolkits_site->website_code_path . "error_top") . " " . PLAY_RESOURCE_FAIL . " "; + die(); - } + } - $query_for_security_content = "select * from " . $xerte_toolkits_site->database_table_prefix . "play_security_details"; + /* + * Take the query from site variable and alter it to suit this request + */ + $query_for_play_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query); - /* - * Take the query from site variable and alter it to suit this request - */ + $query_for_play_content = str_replace("TEMPLATE_ID_TO_REPLACE", $safe_template_id, $query_for_play_content_strip); - $query_for_security_content_response = mysql_query($query_for_security_content); + $query_for_play_content_response = mysql_query($query_for_play_content); - $query_for_play_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query); + $row_play = mysql_fetch_array($query_for_play_content_response); - $query_for_play_content = str_replace("TEMPLATE_ID_TO_REPLACE", $safe_template_id, $query_for_play_content_strip); + $query_to_find_out_if_in_recycle_bin = "select folder_name from " . $xerte_toolkits_site->database_table_prefix . "folderdetails where folder_id =\"" . $row_play['folder'] . "\""; - $query_for_play_content_response = mysql_query($query_for_play_content); + $query_for_recycle_bin_response = mysql_query($query_to_find_out_if_in_recycle_bin); - $row_play = mysql_fetch_array($query_for_play_content_response); + /* + * Is the file in the recycle bin? + */ - $query_to_find_out_if_in_recycle_bin = "select folder_name from " . $xerte_toolkits_site->database_table_prefix . "folderdetails where folder_id =\"" . $row_play['folder'] . "\""; + $row_recycle = db_query_one("SELECT folder_name FROM {$xerte_toolkits_site->database_table_prefix}folderdetails WHERE folder_id = ?", array($row_play['folder'])); + + if($row_recycle['folder_name']=="recyclebin"){ - $query_for_recycle_bin_response = mysql_query($query_to_find_out_if_in_recycle_bin); + echo file_get_contents($xerte_toolkits_site->website_code_path . "error_top") . " " . PLAY_RESOURCE_FAIL . " "; + exit(0); - $row_recycle = mysql_fetch_array($query_for_recycle_bin_response); + } - /* - * Is the file in the recycle bin? - */ + require $xerte_toolkits_site->php_library_path . "screen_size_library.php"; - if($row_recycle['folder_name']=="recyclebin"){ + /* + * Start to check the access_to_whom settings from templatedetails for this template + */ + + /* + * Private - so do nothing + */ - echo file_get_contents($xerte_toolkits_site->website_code_path . "error_top") . " " . PLAY_RESOURCE_FAIL . " "; - die(); + if($row_play['access_to_whom']=="Private"){ - } + require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php"; - require $xerte_toolkits_site->php_library_path . "screen_size_library.php"; + dont_show_template(); + }else if($row_play['access_to_whom']=="Public"){ + /* - * Start to check the access_to_whom settings from templatedetails for this template - */ - - /* - * Private - so do nothing + * Public - Increment the number of users and show the template */ - if($row_play['access_to_whom']=="Private"){ + db_query("UPDATE {$xerte_toolkits_site->database_table_prefix}templatedetails SET number_of_uses=number_of_uses+1 WHERE template_id=?", array($safe_template_id)); - require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php"; + require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php"; - dont_show_template(); + show_template($row_play); - }else if($row_play['access_to_whom']=="Public"){ + }else if($row_play['access_to_whom']=="Password"){ + + /* + * Password protected - Check if there has been a post + */ + + if($_SERVER['REQUEST_METHOD'] == 'POST') { /* - * Public - Increment the number of users and show the template + * Check the password */ - mysql_query("UPDATE " . $xerte_toolkits_site->database_table_prefix . "templatedetails SET number_of_uses=number_of_uses+1 WHERE template_id=" . $safe_template_id); - - require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php"; + $temp = password_username_check($_POST); - show_template($row_play); + if($temp[0]=="true"){ - }else if($row_play['access_to_whom']=="Password"){ - /* - * Password protected - Check if there has been a post + * Update uses and display the template */ - if($_SERVER['REQUEST_METHOD'] == 'POST') { - - /* - * Check the password - */ - - $temp = password_username_check($_POST); - - if($temp[0]=="true"){ + db_query("UPDATE {$xerte_toolkits_site->database_table_prefix}templatedetails SET number_of_uses=number_of_uses+1 WHERE template_id=?", array($safe_template_id)); - /* - * Update uses and display the template - */ - - mysql_query("UPDATE " . $xerte_toolkits_site->database_table_prefix . "templatedetails SET number_of_uses=number_of_uses+1 WHERE template_id=" . $safe_template_id); - - require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php"; - - show_template($row_play); - - }else{ - - /* - * Login failure - */ - - $buffer = $xerte_toolkits_site->form_string . $temp[1] . "

" . PLAY_LOGON_FAIL . ".

"; - - echo $buffer; + require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php"; - } - + show_template($row_play); }else{ - /* - * There has been no postage so echo the site variable to display the login string - */ + /* + * Login failure + */ - echo $xerte_toolkits_site->form_string; + $buffer = $xerte_toolkits_site->form_string . $temp[1] . "

" . PLAY_LOGON_FAIL . ".

"; - } - - }else if(substr($row_play['access_to_whom'],0,5)=="Other"){ + echo $buffer; + } + + + }else{ + /* - * The Other attribute has been set - so break the string down to obtain the host + * There has been no postage so echo the site variable to display the login string */ - $test_string=substr($row_play['access_to_whom'],6,strlen($row_play['access_to_whom'])); + echo $xerte_toolkits_site->form_string; - /* - * Can only check against this variable, if I can't find it (say pop ups) no choice but to fail - */ + } + + }else if(substr($row_play['access_to_whom'],0,5)=="Other"){ - if(strlen($_SERVER['HTTP_REFERER'])!=0){ + /* + * The Other attribute has been set - so break the string down to obtain the host + */ - if(strpos($_SERVER['HTTP_REFERER'],$test_string)==0){ + $test_string=substr($row_play['access_to_whom'],6,strlen($row_play['access_to_whom'])); - mysql_query("UPDATE " . $xerte_toolkits_site->database_table_prefix . "templatedetails SET number_of_uses=number_of_uses+1 WHERE template_id=" . $safe_template_id); - - require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php"; - - show_template($row_play); + /* + * Can only check against this variable, if I can't find it (say pop ups) no choice but to fail + */ - }else{ - - require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php"; + if(strlen($_SERVER['HTTP_REFERER'])!=0){ - dont_show_template(); - - } + if(strpos($_SERVER['HTTP_REFERER'],$test_string)==0){ + + db_query("UPDATE {$xerte_toolkits_site->database_table_prefix}templatedetails SET number_of_uses=number_of_uses+1 WHERE template_id=?", array($safe_template_id)); + + require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php"; + + show_template($row_play); }else{ + require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php"; + dont_show_template(); } + }else{ - }else if(mysql_num_rows($query_for_security_content_response)!=0){ - - /* - * A setting from play_security_details might be in use, as such, check to see if it is, and then loop through checking if one is valid. - */ - - $flag=false; + dont_show_template(); - while($row_security = mysql_fetch_array($query_for_security_content_response)){ + } - /* - * Check each setting to see if true - */ - if($row_play['access_to_whom']==$row_security['security_setting']){ + }else if (sizeof($query_for_security_content_response)>0) { - if(check_security_type($row_security['security_data'])){ + /* + * A setting from play_security_details might be in use, as such, check to see if it is, and then loop through checking if one is valid. + */ - require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php"; + $flag=false; - show_template($row_play); + foreach($query_for_security_content_response as $row_security) { - $flag=true; + /* + * Check each setting to see if true + */ - break; + if($row_play['access_to_whom']==$row_security['security_setting']){ - }else{ + if(check_security_type($row_security['security_data'])){ - $flag==false; + require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php"; - } + show_template($row_play); - } + $flag=true; - } + break; - if($flag==false){ + }else{ - require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php"; + $flag==false; - dont_show_template(); + } } - }else{ + } + + if($flag==false){ require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php"; @@ -390,17 +378,14 @@ function check_security_type($security_setting){ } - }else{ - - /* - * Was not numeric, so display error message - */ - echo file_get_contents($xerte_toolkits_site->website_code_path . "error_top") . " " . PLAY_RESOURCE_FAIL . " "; - die(); - - + require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php"; + + dont_show_template(); + } + + ?> \ No newline at end of file diff --git a/properties.php b/properties.php index 282e9df076..c06f5fd860 100644 --- a/properties.php +++ b/properties.php @@ -1,6 +1,6 @@ root_file_path . "languages/" . $_SESSION['toolkits_language'] . "/properties.inc"; ?> @@ -27,10 +27,10 @@ diff --git a/publishproperties.php b/publishproperties.php index 6c2eedfbf0..c82df5001a 100644 --- a/publishproperties.php +++ b/publishproperties.php @@ -1,6 +1,6 @@ root_file_path . "languages/" . $_SESSION['toolkits_language'] . "/publishproperties.inc"; ?> @@ -27,10 +27,10 @@ diff --git a/rss.php b/rss.php index 946b36623d..a83ae7985c 100644 --- a/rss.php +++ b/rss.php @@ -2,7 +2,7 @@ header("Content-Type: application/xml; charset=ISO-8859-1"); - require "config.php"; + require_once "config.php"; require $xerte_toolkits_site->root_file_path . "languages/" . $_SESSION['toolkits_language'] . "/rss.inc"; include $xerte_toolkits_site->php_library_path . "database_library.php"; @@ -31,111 +31,111 @@ function normal_date($string){ if(!isset($_GET['username'])){ - /* - * Change this to reflect site settings - */ - - echo "" . $xerte_toolkits_site->name . "" . $xerte_toolkits_site->site_url . "" . RSS_DESCRIPTION . " " . $xerte_toolkits_site->name . "" . RSS_LANGUAGE . "" . $xerte_toolkits_site->name . "" . $xerte_toolkits_site->site_url . "website_code/images/xerteLogo.jpg" . $xerte_toolkits_site->site_url . ""; - - }else{ - - if(!$database_id){ - - die(RSS_DB_FAIL . mysql_error() ); + /* + * Change this to reflect site settings + */ - } + echo " + {$xerte_toolkits_site->name} + {$xerte_toolkits_site->site_url} + " . RSS_DESCRIPTION . " " . $xerte_toolkits_site->name . " + " . RSS_LANGUAGE . " + {$xerte_toolkits_site->name} + {$xerte_toolkits_site->site_url}website_code/images/xerteLogo.jpg + {$xerte_toolkits_site->site_url}"; + - $temp_array = explode("_",mysql_real_escape_string($_GET['username'])); + }else{ - $query_created_by = "select login_id from " . $xerte_toolkits_site->database_table_prefix . "logindetails where (firstname=\"" . $temp_array[0] . "\" AND surname =\"" . $temp_array[1] . "\")"; + $temp_array = explode("_",$_GET['username']); - $query_create = mysql_query($query_created_by); + $query_created_by = "select login_id from {$xerte_toolkits_site->database_table_prefix}logindetails where (firstname=? AND surname = ?)"; + $rows = db_query($query_created_by, array($temp_array[0], $temp_array[1])); - if(mysql_num_rows($query_create)==0){ + if(sizeof($rows) == 0) { + header("HTTP/1.0 404 Not Found"); + exit(0); + }else{ + + $folder_string = 'public'; + if(isset($_GET['folder_name'])){ + $folder_string = " - " . _html_escape(str_replace("_", " ", $_GET['folder_name'])); + } + + echo " + " . _html_escape($temp_array[0]) . " " . _html_escape($temp_array[1]) . RSS_LO . " - " . {$xerte_toolkits_site->name} + {$xerte_toolkits_site->site_url} + " . RSS_FEED_DESC . _html_escape($temp_array[0]) . " " . _html_escape($temp_array[1]) . RSS_PLURAL . " {$folder_string} . " . RSS_FEED_PUBLIC . {$xerte_toolkits_site->name} + en-gb + + {$xerte_toolkits_site->rss_title} + {$xerte_toolkits_site->site_url}website_code/images/xerteLogo.jpg + {$xerte_toolkits_site->site_url}"; + $row_create = $rows[1]; + + } + } + + $params = array(); - header("HTTP/1.0 404 Not Found"); + if(!isset($_GET['username'])){ + $query = "select {$xerte_toolkits_site->database_table_prefix}templatedetails.template_id,creator_id,date_created,template_name,description + FROM {$xerte_toolkits_site->database_table_prefix}templatedetails, {$xerte_toolkits_site->database_table_prefix}templatesyndication + WHERE $query_modifier='true' AND {$xerte_toolkits_site->database_table_prefix}templatedetails.template_id = {$xerte_toolkits_site->database_table_prefix}templatesyndication.template_id"; }else{ - if(!isset($_GET['folder_name'])){ - - echo "" . $temp_array[0] . " " . $temp_array[1] . RSS_LO . " - " . $xerte_toolkits_site->name . "" . $xerte_toolkits_site->site_url . "" . RSS_FEED_DESC . $temp_array[0] . " " . $temp_array[1] . "'s public learning objects from the " . $xerte_toolkits_site->name . "en-gb" . $xerte_toolkits_site->rss_title . "" . $xerte_toolkits_site->site_url . "website_code/images/xerteLogo.jpg" . $xerte_toolkits_site->site_url . ""; - + $query = "select {$xerte_toolkits_site->database_table_prefix}templatedetails.template_id,creator_id,date_created,template_name,description + FROM {$xerte_toolkits_site->database_table_prefix}templatedetails, {$xerte_toolkits_site->database_table_prefix}templatesyndication + WHERE $query_modifier='true' AND creator_id=? AND {$xerte_toolkits_site->database_table_prefix}templatedetails.template_id = {$xerte_toolkits_site->database_table_prefix}templatesyndication.template_id"; + $params[] = $row_create['login_id']; }else{ + $row_folder = db_query_one("SELECT folder_id FROM {$xerte_toolkits_site->database_table_prefix}folderdetails WHERE folder_name = ?", array(str_replace("_", " ", $_GET['folder_name']))); - echo "" . $temp_array[0] . " " . $temp_array[1] . "'s Learning Objects - " . str_replace("_"," ",$_GET['folder_name']) . " - " . $xerte_toolkits_site->name . "" . $xerte_toolkits_site->site_url . "" . RSS_FEED_USER . $temp_array[0] . " " . $temp_array[1] . RSS_USER_LO . " - " . str_replace("_"," ",$_GET['folder_name']) . " " . RSS_FROM . $xerte_toolkits_site->name . RSS_SITE . "" . RSS_LANGUAGE . "" . $xerte_toolkits_site->rss_title . "" . $xerte_toolkits_site->site_url . "/website_code/images/xerteLogo.jpg" . $xerte_toolkits_site->site_url . ""; + if(empty($row_folder)) { + die("Invalid folder name"); + } + $query = "select * from {$xerte_toolkits_site->database_table_prefix}templaterights, {$xerte_toolkits_site->database_table_prefix}templatedetails, {$xerte_toolkits_site->database_table_prefix}templatesyndication + WHERE folder = ? + AND {$xerte_toolkits_site->database_table_prefix}templaterights.template_id = {$xerte_toolkits_site->database_table_prefix}templatedetails.template_id + AND {$xerte_toolkits_site->database_table_prefix}templatesyndication.template_id = {$xerte_toolkits_site->database_table_prefix}templaterights.template_id and rss = 'true'"; + $params[] = $row_folder['folder_id']; } - $row_create = mysql_fetch_array($query_create); - } + $rows = db_query($query, $params); - } - - - if(!isset($_GET['username'])){ - - $query = "select " . $xerte_toolkits_site->database_table_prefix . "templatedetails.template_id,creator_id,date_created,template_name,description from " . $xerte_toolkits_site->database_table_prefix . "templatedetails, " . $xerte_toolkits_site->database_table_prefix . "templatesyndication where " . $query_modifier . "=\"true\" and " . $xerte_toolkits_site->database_table_prefix . "templatedetails.template_id = " . $xerte_toolkits_site->database_table_prefix . "templatesyndication.template_id"; - - }else{ - - if(!isset($_GET['folder_name'])){ - - $query = "select " . $xerte_toolkits_site->database_table_prefix . "templatedetails.template_id,creator_id,date_created,template_name,description from " . $xerte_toolkits_site->database_table_prefix . "templatedetails, " . $xerte_toolkits_site->database_table_prefix . "templatesyndication where " . $query_modifier . "=\"true\" AND creator_id=\"" . $row_create['login_id'] . "\" and " . $xerte_toolkits_site->database_table_prefix . "templatedetails.template_id = " . $xerte_toolkits_site->database_table_prefix . "templatesyndication.template_id"; - - }else{ - - $query_folder = "select folder_id from " . $xerte_toolkits_site->database_table_prefix . "folderdetails where folder_name=\"" . str_replace("_", " ",mysql_real_escape_string($_GET['folder_name'])) . "\""; - - $query_folder_response = mysql_query($query_folder); - - $row_folder = mysql_fetch_array($query_folder_response); - - $query = "select * from " . $xerte_toolkits_site->database_table_prefix . "templaterights, " . $xerte_toolkits_site->database_table_prefix . "templatedetails, " . $xerte_toolkits_site->database_table_prefix . "templatesyndication where folder = \"" . $row_folder['folder_id'] . "\" and " . $xerte_toolkits_site->database_table_prefix . "templaterights.template_id = " . $xerte_toolkits_site->database_table_prefix . "templatedetails.template_id and " . $xerte_toolkits_site->database_table_prefix . "templatesyndication.template_id = " . $xerte_toolkits_site->database_table_prefix . "templaterights.template_id and rss = \"true\""; - - //$query = "select " . $xerte_toolkits_site->database_table_prefix . "templatedetails.template_id,creator_id,template_name,folder,description from " . $xerte_toolkits_site->database_table_prefix . "templatedetails," . $xerte_toolkits_site->database_table_prefix . "templaterights," . $xerte_toolkits_site->database_table_prefix . "templatesyndication where " . $query_modifier . "=\"true\" AND creator_id=\"" . $row_create['login_id'] . "\" and " . $xerte_toolkits_site->database_table_prefix . "templaterights.template_id = " . $xerte_toolkits_site->database_table_prefix . "templatedetails.template_id and folder_id=\"" . $row_folder['folder_id'] . "\""; - - } - - } - - $query_response = mysql_query($query); - - while($row = mysql_fetch_array($query_response)){ - - if(!isset($_GET['username'])){ - - $query_creator = "select firstname,surname from " . $xerte_toolkits_site->database_table_prefix . "logindetails where login_id=\"" . $row['creator_id'] . "\""; - - $query_creator_response = mysql_query($query_creator); - - $row_creator = mysql_fetch_array($query_creator_response); - - $user = $row_creator['firstname'] . " " . $row_creator['surname']; - - }else{ - - $user = $temp_array[0] . " " . $temp_array[1]; - - } - - if(isset($_GET['export'])){ - - echo "" . str_replace("_"," ",$row['template_name']) . "site_url . url_return("export", $row['template_id']) . "]]>
" . str_replace("_"," ",$row['template_name']) . RSS_DEVELOP . $user . "]]>" . date('D, d M Y', strtotime($row['date_created'])) . " 12:00:00 GMTsite_url . url_return("export", $row['template_id']) . "]]>"; + foreach($rows as $row) { + if(!isset($_GET['username'])){ + $row_creator = db_query_one("SELECT firstname,surname from {$xerte_toolkits_site->database_table_prefix}logindetails where login_id=?", array($row['creator_id'])); + $user = $row_creator['firstname'] . " " . $row_creator['surname']; }else{ - - echo "" . str_replace("_"," ",$row['template_name']) . "site_url . url_return("play", $row['template_id']) . "]]>
" . str_replace("_"," ",$row['template_name']) . RSS_DEVELOP . $user . "]]>" . date('D, d M Y', strtotime($row['date_created'])) . " 12:00:00 GMTsite_url . url_return("play", $row['template_id']) . "]]>"; - - + // revert back to $_GET['usenrame'] parsed value(s) + $user = $temp_array[0] . " " . $temp_array[1]; } + $action = 'play'; + if(isset($_GET['export'])){ + $action = 'export'; + } + echo " + " . str_replace("_"," ",$row['template_name']) . " + site_url . url_return($action, $row['template_id']) . "]]> +
" . str_replace("_"," ",$row['template_name']) . RSS_DEVELOP . $user . "]]> + " . date(DATE_RSS, strtotime($row['date_created'])) . " + site_url . url_return($action, $row['template_id']) . "]]> + \n"; } - echo ""; + echo " + + "; - mysql_close($database_id); + function _html_escape($string) { + return htmlentities($string, ENT_QUOTES, null, false); + } ?> \ No newline at end of file diff --git a/setup/database.txt b/setup/database.txt index ac0d1c8ff2..711973d860 100644 --- a/setup/database.txt +++ b/setup/database.txt @@ -1,35 +1,35 @@ -database_host = "DATABASE_HOST"; /* -* Username for database -*/ + * Username for database + */ $xerte_toolkits_site->database_username ="DATABASE_USERNAME"; /* -* Password for database -*/ + * Password for database + */ $xerte_toolkits_site->database_password ="DATABASE_PASSWORD"; /* -* Database name -*/ + * Database name + */ $xerte_toolkits_site->database_name ="DATABASE_NAME"; /* -* Database table prefix -*/ + * Database table prefix + */ $xerte_toolkits_site->database_table_prefix ="DATABASE_PREFIX"; -?> \ No newline at end of file diff --git a/switch.txt b/switch.txt index bfb608f0c3..274396dea4 100644 --- a/switch.txt +++ b/switch.txt @@ -1,218 +1,209 @@ -php_library_path . "login_library.php"; - //session_id($session_id); - //session_name($xerte_toolkits_site->site_session_name); - session_start(); +include $xerte_toolkits_site->php_library_path . "display_library.php"; - } +/** + * Check to see if anything has been posted to distinguish between log in attempts + */ - include $xerte_toolkits_site->php_library_path . "login_library.php"; +if((!isset($_POST["login"]))&&(!isset($_POST["password"]))){ - include $xerte_toolkits_site->php_library_path . "display_library.php"; + $buffer = login_page_format_top(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_top")); - /** - * Check to see if anything has been posted to distinguish between log in attempts - */ + $buffer .= $form_string; - if((!isset($_POST["login"]))&&(!isset($_POST["password"]))){ + $buffer .= login_page_format_bottom(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_bottom")); - $buffer = login_page_format_top(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_top")); + echo $buffer; - $buffer .= $form_string; +} - $buffer .= login_page_format_bottom(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_bottom")); +/* + * Some data has bee posted, interpret as attempt to login + */ - echo $buffer; +if ($_SERVER['REQUEST_METHOD'] == 'POST') { - } + /** + * Username and password left empty + */ - /* - * Some data has bee posted, interpret as attempt to login - */ + if(($_POST["login"]=="")&&($_POST["password"]=="")){ - if ($_SERVER['REQUEST_METHOD'] == 'POST') { - - /** - * Username and password left empty - */ + $buffer = login_page_format_top(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_top")); - if(($_POST["login"]=="")&&($_POST["password"]=="")){ - - $buffer = login_page_format_top(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_top")); + $buffer .= "

Please enter your username and password

"; - $buffer .= "

Please enter your username and password

"; + $buffer .= login_page_format_bottom(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_bottom")); - $buffer .= login_page_format_bottom(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_bottom")); + echo $buffer; - echo $buffer; + /* + * Username left empty + */ - /* - * Username left empty - */ - - }else if($_POST["login"]==""){ + }else if($_POST["login"]==""){ - $buffer = login_page_format_top(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_top")); + $buffer = login_page_format_top(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_top")); - $buffer .= "

Please enter your username

"; + $buffer .= "

Please enter your username

"; - $buffer .= login_page_format_bottom(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_bottom")); + $buffer .= login_page_format_bottom(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_bottom")); - echo $buffer; - - /* - * Password left empty - */ - - }else if($_POST["password"]==""){ - - $buffer = login_page_format_top(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_top")); + echo $buffer; - $buffer .= "

Please enter your password

"; + /* + * Password left empty + */ - $buffer .= login_page_format_bottom(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_bottom")); + }else if($_POST["password"]==""){ - echo $buffer; - - /* - * Password and username provided, so try to authenticate - */ - - }else if(($_POST["login"]!="")&&($_POST["password"]!="")){ - - /* - * See if the submitted values are valid logins - */ + $buffer = login_page_format_top(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_top")); - $authenticated = false; + $buffer .= "

Please enter your password

"; - function set_user_details($firstname, $surname){ + $buffer .= login_page_format_bottom(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_bottom")); - $_SESSION['toolkits_firstname'] = $firstname; - $_SESSION['toolkits_surname'] = $surname; + echo $buffer; - } + /* + * Password and username provided, so try to authenticate + */ - switch($_POST["login"]){ + }else if(($_POST["login"]!="")&&($_POST["password"]!="")){ - case "pat": if($_POST["password"]=="patpassword"){ $authenticated = true; set_user_details("Pat","Blair");}; break; - case "john": if($_POST["password"]=="johnpassword"){ $authenticated = true; set_user_details("John","Obama"); }; break; - case "bob": if($_POST["password"]=="bobpassword"){ $authenticated = true; set_user_details("Bob","Putin"); }; break; - case "sarah": if($_POST["password"]=="sarahpassword"){ $authenticated = true; set_user_details("Sarah","Sarkozy"); }; break; - default: $authenticated = false; break; + /* + * See if the submitted values are valid logins + */ - } + $authenticated = false; - if($authenticated){ - - /* - * Give the session its own session id - */ + function set_user_details($firstname, $surname){ - $_SESSION['toolkits_sessionid'] = $session_id; - + $_SESSION['toolkits_firstname'] = $firstname; + $_SESSION['toolkits_surname'] = $surname; - include $xerte_toolkits_site->php_library_path . "database_library.php"; + } - include $xerte_toolkits_site->php_library_path . "user_library.php"; + switch($_POST["login"]){ - $mysql_id=database_connect("index.php database connect success","index.php database connect fail"); + case "pat": if($_POST["password"]=="patpassword"){ $authenticated = true; set_user_details("Pat","Blair");}; break; + case "john": if($_POST["password"]=="johnpassword"){ $authenticated = true; set_user_details("John","Obama"); }; break; + case "bob": if($_POST["password"]=="bobpassword"){ $authenticated = true; set_user_details("Bob","Putin"); }; break; + case "sarah": if($_POST["password"]=="sarahpassword"){ $authenticated = true; set_user_details("Sarah","Sarkozy"); }; break; + default: $authenticated = false; break; - $_SESSION['toolkits_logon_username'] = $_POST["login"]; + } - /* - * Check to see if this is a users' first time on the site - */ + if($authenticated){ - if(check_if_first_time($_SESSION['toolkits_logon_username'])){ + /* + * Give the session its own session id + */ - /* - * create the user a new id - */ + $_SESSION['toolkits_sessionid'] = $session_id; - $_SESSION['toolkits_logon_id'] = create_user_id(); - /* - * create a virtual root folder for this user - */ + include $xerte_toolkits_site->php_library_path . "database_library.php"; - create_a_virtual_root_folder(); + include $xerte_toolkits_site->php_library_path . "user_library.php"; - }else{ - - /* - * User exists so update the user settings - */ + $mysql_id=database_connect("index.php database connect success","index.php database connect fail"); - $_SESSION['toolkits_logon_id'] = get_user_id(); + $_SESSION['toolkits_logon_username'] = $_POST["login"]; - update_user_logon_time(); - - } + /* + * Check to see if this is a users' first time on the site + */ - recycle_bin(); + if(check_if_first_time($_SESSION['toolkits_logon_username'])){ - /* - * Output the main page, including the user's and blank templates - */ - - echo file_get_contents($xerte_toolkits_site->website_code_path . "management_headers"); + /* + * create the user a new id + */ - echo "