+ welcome_message; ?> +
+diff --git a/modules/xerte/edit.php b/modules/xerte/edit.php index 35ad977922..f42d52df38 100644 --- a/modules/xerte/edit.php +++ b/modules/xerte/edit.php @@ -95,21 +95,11 @@ function hideunload(){ function bunload(){ - path = ""; - if($version_control){ + template = ""; - echo $row_edit['template_id'] . "-" . $row_username['username'] . "-" . $row_edit['template_name'] . "/"; - - }else{ - - echo $row_edit['template_id'] . "-" . $row_username['username'] . "-" . $row_edit['template_name'] . "/"; - - } - -?>"; - -window_reference.edit_window_close(path); +window_reference.edit_window_close(path,template); } diff --git a/preview.php b/preview.php index 69fa7ff399..8196c55c20 100644 --- a/preview.php +++ b/preview.php @@ -21,6 +21,7 @@ * Check the ID is numeric */ if(isset($_SESSION['toolkits_logon_id'])) { + if(is_numeric($_GET['template_id'])) { $safe_template_id = (int) $_GET['template_id']; @@ -34,11 +35,12 @@ $query_for_preview_content = str_replace("TEMPLATE_ID_TO_REPLACE", $safe_template_id, $query_for_preview_content_strip); - // get their username from the db which matches their login_id from the $_SESSION - $row_username = db_query_one("select username from {$xerte_toolkits_site->database_table_prefix}logindetails where login_id=?", array($_SESSION['toolkits_logon_id'])); - - $row = db_query_one($query_for_preview_content); + $row = db_query_one($query_for_preview_content); + // get their username from the db which matches their login_id from the $_SESSION + $row_username = db_query_one("select username from {$xerte_toolkits_site->database_table_prefix}logindetails where login_id=?", array($row['user_id'])); + + // is there a matching template? if(!empty($row)) { // if they're an admin or have rights to see the template, then show it. @@ -47,8 +49,17 @@ show_preview_code($row, $row_username); exit(0); } + } - } -} + + }else{ + + echo PREVIEW_RESOURCE_FAIL; + + } + +}else{ -echo PREVIEW_RESOURCE_FAIL; + echo PREVIEW_RESOURCE_FAIL; + +} diff --git a/switch.txt b/switch.txt index c41be8c806..88e56b6fe0 100644 --- a/switch.txt +++ b/switch.txt @@ -1,10 +1,9 @@ php_library_path . "login_library.php"; +include $xerte_toolkits_site->php_library_path . "login_library.php"; include $xerte_toolkits_site->php_library_path . "display_library.php"; +function show_page($extra,$xerte_toolkits_site){ + +?> + +
+ ++ welcome_message; ?> +
+
+
+ copyright; ?>
+
Please enter your username and password
"; - - $buffer .= login_page_format_bottom(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_bottom")); - - echo $buffer; + show_page("" . INDEX_USERNAME_AND_PASSWORD_EMPTY . "
",$xerte_toolkits_site); /* * Username left empty @@ -61,13 +163,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { }else if($_POST["login"]==""){ - $buffer = login_page_format_top(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_top")); - - $buffer .= "Please enter your username
"; - - $buffer .= login_page_format_bottom(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_bottom")); - - echo $buffer; + show_page("" . INDEX_USERNAME_EMPTY . "
",$xerte_toolkits_site); /* * Password left empty @@ -75,13 +171,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { }else if($_POST["password"]==""){ - $buffer = login_page_format_top(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_top")); - - $buffer .= "Please enter your password
"; - - $buffer .= login_page_format_bottom(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_bottom")); - - echo $buffer; + show_page("" . INDEX_PASSWORD_EMPTY . "
",$xerte_toolkits_site); /* * Password and username provided, so try to authenticate @@ -93,102 +183,314 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { * See if the submitted values are valid logins */ - $authenticated = false; + if(($_POST["login"]!="")&&($_POST["password"]!="")){ - function set_user_details($firstname, $surname){ + /* + * See if the submitted values are valid logins + */ - $_SESSION['toolkits_firstname'] = $firstname; - $_SESSION['toolkits_surname'] = $surname; + $authenticated = false; - } + function set_user_details($firstname, $surname){ - switch($_POST["login"]){ + $_SESSION['toolkits_firstname'] = $firstname; + $_SESSION['toolkits_surname'] = $surname; - case "pat": if($_POST["password"]=="patpassword"){ $authenticated = true; set_user_details("Pat","Blair");}; break; - case "john": if($_POST["password"]=="johnpassword"){ $authenticated = true; set_user_details("John","Obama"); }; break; - case "bob": if($_POST["password"]=="bobpassword"){ $authenticated = true; set_user_details("Bob","Putin"); }; break; - case "sarah": if($_POST["password"]=="sarahpassword"){ $authenticated = true; set_user_details("Sarah","Sarkozy"); }; break; - default: $authenticated = false; break; + } - } + switch($_POST["login"]){ - if($authenticated){ - - include $xerte_toolkits_site->php_library_path . "user_library.php"; + case "pat": if($_POST["password"]=="patpassword"){ $authenticated = true; set_user_details("Pat","Blair");}; break; + case "john": if($_POST["password"]=="johnpassword"){ $authenticated = true; set_user_details("John","Obama"); }; break; + case "bob": if($_POST["password"]=="bobpassword"){ $authenticated = true; set_user_details("Bob","Putin"); }; break; + case "sarah": if($_POST["password"]=="sarahpassword"){ $authenticated = true; set_user_details("Sarah","Sarkozy"); }; break; + default: $authenticated = false; break; - $mysql_id=database_connect("index.php database connect success","index.php database connect fail"); + } + + if($authenticated){ - $_SESSION['toolkits_logon_username'] = $_POST["login"]; + include $xerte_toolkits_site->php_library_path . "user_library.php"; - /* - * Check to see if this is a users' first time on the site - */ + $mysql_id=database_connect("index.php database connect success","index.php database connect fail"); - if(check_if_first_time($_SESSION['toolkits_logon_username'])){ + $_SESSION['toolkits_logon_username'] = $_POST["login"]; - /* - * create the user a new id - */ + /* + * Check to see if this is a users' first time on the site + */ - $_SESSION['toolkits_logon_id'] = create_user_id($_SESSION['toolkits_logon_username'], $_SESSION['toolkits_firstname'], $_SESSION['toolkits_surname']); + if(check_if_first_time($_SESSION['toolkits_logon_username'])){ - /* - * create a virtual root folder for this user - */ + /* + * create the user a new id + */ - create_a_virtual_root_folder(); + $_SESSION['toolkits_logon_id'] = create_user_id($_SESSION['toolkits_logon_username'], $_SESSION['toolkits_firstname'], $_SESSION['toolkits_surname']); - }else{ + /* + * create a virtual root folder for this user + */ - /* - * User exists so update the user settings - */ + create_a_virtual_root_folder(); - $_SESSION['toolkits_logon_id'] = get_user_id(); + }else{ - update_user_logon_time(); + /* + * User exists so update the user settings + */ - } + $_SESSION['toolkits_logon_id'] = get_user_id(); + + update_user_logon_time(); + + } - recycle_bin(); + recycle_bin(); + + } /* * Output the main page, including the user's and blank templates */ +?> + - echo file_get_contents($xerte_toolkits_site->website_code_path . "management_headers"); + + + ++ +
++
++
+
+
+ copyright; ?>
" . INDEX_SITE_ADMIN . "
",$xerte_toolkits_site); - $buffer .= "Sorry that password combination was not correct
"; + }else{ - $buffer .= login_page_format_bottom(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_bottom")); + /* + * login has failed + */ - echo $buffer; + show_page("" . INDEX_LOGON_FAIL . "
",$xerte_toolkits_site); + + } } @@ -196,6 +498,6 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { } -?> +?>