trunk/cp_skin_multi.php, HEAD - source code browser - Codewise Blogs

Source of trunk/cp_skin_multi.php at revision HEAD (05/07/2008 10:05:26, 16580 bytes, 410 lines, language: php) [download]:

1	<?php
2
3	/*
4	** Control Panel :: The Great Multi-Skin Editor (Behold!)
5	** for CodewiseBlog Multi-User
6	**
7	** by William R. Fraser <wrf@codewise.org>
8	** Copyright (c) 2005-2008 Codewise.org
9	*/
10
11	/*
12	** This file is part of CodewiseBlog
13	**
14	** CodewiseBlog is free software; you can redistribute it and/or modify
15	** it under the terms of the GNU General Public License as published by
16	** the Free Software Foundation; either version 2 of the License, or
17	** (at your option) any later version.
18	**
19	** CodewiseBlog is distributed in the hope that it will be useful,
20	** but WITHOUT ANY WARRANTY; without even the implied warranty of
21	** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22	** GNU General Public License for more details.
23	**
24	** You should have received a copy of the GNU General Public License
25	** along with CodewiseBlog; if not, write to the Free Software
26	** Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
27	*/
28
29	$current = "skin";
30
31	if(isset($_POST['skinid']))
32	{
33	// check to make sure the skin exists
34	$q = $db->issue_query("SELECT skinid FROM skins WHERE skinid = ".$db->prepare_value($_POST['skinid']));
35	if($db->num_rows[$q] != 1)
36	{
37	$body = skinvoodoo("error", "error", array("message" => "No such Skin ID."));
38	return;
39	}
40
41	// export skin as VoodooArchive XML file
42	if(isset($_POST['export']))
43	{
44	require("skin_exporter_xml.php");
45
46	// generate XML. Only export full skin if user is root.
47	$xml = skin_exporter_xml($_POST['skinid'], BLOGID == 1);
48
49	// grab name
50	$q = $db->issue_query("SELECT name FROM skins WHERE skinid = ".$db->prepare_value($_POST['skinid']));
51	$name = $db->fetch_var($q);
52
53	/* force 'Save As' dialog. Propose filename as [skin name].cwb.xml with
54	** non-windows-suitable characters and spaces replaced with
55	** underscores. */
56	header("Content-Type: text/xml");
57	header("Content-Disposition: attachment; filename=".str_replace(array(" ","/","?","<",">","\\",":","*","\|","\"","^"), "_", $name).".cwb.xml");
58	echo $xml;
59	exit;
60	}
61
62	if(isset($_POST['delete'])) {
63
64	if($_POST['skinid'] == "00000000000000000000000000000000")
65	{
66	$body = skinvoodoo("error", "error", array("message" => "You cannot delete the master skin."));
67	return;
68	}
69
70	$db->issue_query("SELECT blogid FROM skins WHERE skinid = ".$db->prepare_value($_POST['skinid']));
71	if($db->fetch_var == 1 && BLOGID != 1)
72	{
73	$body = skinvoodoo("error", "error", array("message" => "You cannot delete a built-in skin."));
74	return;
75	}
76
77	/* for users, don't actually delete, just disown (to blogid 0).
78	** Only root can actually delete. */
79	if(BLOGID != 1)
80	{
81	$name = $db->fetch_var($db->issue_query("SELECT name FROM skins WHERE skinid = ".$db->prepare_value($_POST['skinid'])));
82	$db->update("skins", array("blogid" => 0, "name" => $name . " (deleted by ".BLOGID.")"), array("skinid" => $_POST['skinid']));
83	$body = "<p>Your skin has been deleted. If this is in error, copy down the Skin ID below and contact an administrator."
84	. "They can recover your skin.<br /><br />Skin ID: <b>{$_POST['skinid']}</b>";
85	} else {
86	$db->issue_query("DELETE FROM skins WHERE skinid = ".$db->prepare_value($_POST['skinid']));
87	$body = skinvoodoo("error", "notify", array("message" => "Skin {$_POST['skinid']} deleted."));
88	}
89
90	// if it's the current skin being deleted, switch to master
91	if(SKINID == $_POST['skinid'])
92	$db->update("blogs", array("skinid" => DEFAULT_SKINID), array("blogid" => BLOGID));
93
94	} else {
95
96	$owner = $db->fetch_var($db->issue_query("SELECT blogid FROM skins WHERE skinid = ".$db->prepare_value($_POST['skinid'])));
97
98	/*
99	IF:
100	not owner
101	and not root
102	and not just USEing a builtin skin
103
104	or copying
105
106	copy skin
107	*/
108	if($owner != BLOGID
109	&& BLOGID != 1
110	&& !(isset($_POST['use']) && $owner == 1 )
111	\|\| isset($_POST['copy']))
112	{
113	// pull skin from DB
114	$q = $db->issue_query("SELECT * FROM skins WHERE skinid = ".$db->prepare_value($_POST['skinid']));
115	$skin = $db->fetch_row($q, 0, L1SQL_ASSOC);
116
117	// change ownership
118	$skin['blogid'] = BLOGID;
119
120	do {
121	// generate a new skinid
122	$skin['skinid'] = md5(uniqid(mt_rand(), TRUE));
123	// make sure the skinid isn't a dupe (unlikely, but possible)
124	} while($db->num_rows[ $db->issue_query("SELECT skinid FROM skins WHERE skinid = '".$skin['skinid']."'") ] > 0);
125
126	// copying the master skin is a special case
127	if($_POST['skinid'] == "00000000000000000000000000000000")
128	{
129	$new_skin = array();
130	foreach($skin as $section => $contents)
131	{
132	switch($section)
133	{
134	/* Since the master is owned by root, the check below
135	** to eliminate duplicates doesn't work. This gets
136	** around that. */
137	case "name": $contents .= " [copy]";
138	break;
139
140	// these fields stay the same
141	case "skinid":
142	case "blogid":
143	case "description": break;
144
145	/* All the sections should be NULL so that the editor
146	** properly indicates that you're using the master skin
147	** for all sections, instead of just copying the text
148	** over, which would make the editor think every section
149	** was changed. */
150	default: $contents = NULL;
151	}
152
153	$new_skin[$section] = $contents;
154	}
155	$skin = $new_skin;
156	} elseif($owner == 1) {
157	/* copying builtin skins don't need all the above modifications,
158	** just appending [copy] to the end is enough */
159	$skin['name'] .= " [copy]";
160	}
161
162	// make sure no two skins with the same owner have the same name
163	while( $db->num_rows[ $ff = $db->issue_query("SELECT * FROM skins WHERE blogid = '".BLOGID."' AND name = ".$db->prepare_value($skin['name'])) ] > 0)
164	{
165	$skin['name'] .= " [copy]";
166	}
167
168	// add skin to DB
169	$db->insert("skins", $skin);
170
171	// Edit the copy
172	$_POST['skinid'] = $skin['skinid'];
173
174	/* if the user did not explicitly request this, tell them about the
175	** copy procedure */
176	if(!isset($_POST['copy']))
177	$GLOBALS['NOTIFY'] .= "You cannot edit someone else's skin, so a copy has been made.<br />";
178	}
179
180	if(isset($_POST['save_skin']))
181	{
182	// description changes the title and possibly the owner too
183	if($_POST['section'] == "description")
184	{
185	$db->update("skins", array("name" => $_POST['skin_name']), array("skinid" => $_POST['skinid']));
186
187	// root can change the owner too
188	if(BLOGID == 1)
189	$db->update("skins", array("blogid" => $_POST['skin_owner']), array("skinid" => $_POST['skinid']));
190	}
191	$db->update("skins", array($_POST['section'] => $_POST['section_content']), array("skinid" => $_POST['skinid']));
192
193	$GLOBALS['NOTIFY'] .= "Skin saved";
194	} elseif(isset($_POST['revert'])) {
195	$db->update("skins", array($_POST['section'] => NULL), array("skinid" => $_POST['skinid']));
196	$GLOBALS['NOTIFY'] .= "Reverted section to master skin.<br />";
197	}
198
199	if(isset($_POST['use']))
200	{
201	$db->update("blogs", array("skinid" => $_POST['skinid']), array("blogid" => BLOGID));
202
203	$body = skinvoodoo("error", "notify", array("message" => "Now using the selected skin."));
204	return;
205	}
206
207	// get the section edit box to redisplay after resizing or saving or reverting
208	if(isset($_POST['resize']) \|\| isset($_POST['save_skin']) \|\| isset($_POST['revert']))
209	$_POST['section_sel'] = $_POST['section'];
210
211	// bring up the description and title by default
212	if(!isset($_POST['section_sel']))
213	$_POST['section_sel'] = "description";
214
215	// generate the list of sections
216	$q = $db->issue_query("DESCRIBE skins");
217	$desc = $db->fetch_all($q, L1SQL_ASSOC);
218
219	$sectionlist = "";
220	foreach($desc as $col)
221	{
222	/* for non-root users, don't display the controlpanel and
223	** registration sections. */
224	if(BLOGID != 1)
225	{
226	if(strpos($col['Field'], "controlpanel") === 0
227	\|\| $col['Field'] == "register")
228	{
229	continue;
230	}
231	}
232
233	switch($col['Field'])
234	{
235	case "skinid": // skinid gets displayed at the top of every section's page
236	case "blogid": // <- these don't get an entry in the section list, but instead
237	case "name": // <- get lumped together on the with the 'description' section.
238	continue;
239	case $_POST['section_sel']:
240	$sectionlist .= skinvoodoo("controlpanel_skin_multi", "sectionlist_current", array("section" => $col['Field']));
241	break;
242	default:
243	$sectionlist .= skinvoodoo("controlpanel_skin_multi", "sectionlist_entry", array("section" => $col['Field']));
244	break;
245	}
246	}
247
248	// get the section from DB
249	$q = $db->issue_query("SELECT ".$db->prepare_value($_POST['section_sel'], FALSE)." FROM skins WHERE skinid = ".$db->prepare_value($_POST['skinid']));
250	$skin = $db->fetch_var($q);
251	if($skin === NULL)
252	{
253	$using_master = TRUE;
254	$q = $db->issue_query("SELECT ".$db->prepare_value($_POST['section_sel'], FALSE)." FROM skins WHERE skinid = '00000000000000000000000000000000'");
255	$skin = $db->fetch_var($q);
256	} else {
257	$using_master = FALSE;
258	}
259
260	/* in the master skin, the section is always the master, not when it is
261	** NULL like for other skins */
262	if($_POST['skinid'] == "00000000000000000000000000000000")
263	$using_master = TRUE;
264
265	// for the description, show the title edit field as well
266	if($_POST['section_sel'] == "description")
267	{
268	$name = $db->fetch_var($db->issue_query("SELECT name FROM skins WHERE skinid = ".$db->prepare_value($_POST['skinid'])));
269	$content = skinvoodoo("controlpanel_skin_multi", "skin_name", array("name" => $name));
270
271	// root can change the owner too
272	if(BLOGID == 1)
273	$content .= skinvoodoo("controlpanel_skin_multi", "skin_owner", array("owner" => $owner));
274	} else {
275	$content = "";
276	}
277
278	$content .= skinvoodoo("controlpanel_skin_multi", "section_edit", array(
279	"section_name" => $_POST['section_sel'],
280	"using_master" => $using_master,
281	"autoresize" => HTTP.BASE_DOMAIN.INSTALLED_PATH."/cwb/autoresize.js",
282	"rows" => $_POST['rows'] ? $_POST['rows'] : 30,
283	"cols" => $_POST['cols'] ? $_POST['cols'] : 80,
284	"skinid" => $_POST['skinid'],
285	"section_content" => str_replace(
286	array("%{", "\${" ),
287	array("%{", "&#x0024{" ),
288	htmlspecialchars($skin)),
289	));
290
291	/* <iframe> containing the local variable reference, scrolled to the
292	** appropriate section */
293	$documentation = "<iframe src=\"http://"
294	. DEFAULT_SUBDOMAIN . BASE_DOMAIN . INSTALLED_PATH
295	. "doc/voodoo/localvars.html#{$_POST['section_sel']}\" height=\"100%\" width=\"300\" /></iframe>";
296
297	$body = skinvoodoo("controlpanel_skin_multi", "", array(
298	"posturl" => INDEX_URL . "?controlpanel:skin",
299	"sectionlist" => $sectionlist,
300	"varlist" => $documentation,
301	"content" => $content,
302	"skinid" => $_POST['skinid'],
303	"section_name" => isset($_POST['section_sel'])
304	? $_POST['section_sel']
305	: FALSE,
306	));
307
308	}
309
310	// Import uploaded VoodooArchive XML file
311	} elseif(isset($_POST['import'])) {
312
313	require("skin_importer_xml.php");
314
315	if(!is_uploaded_file($_FILES['xmlfile']['tmp_name']))
316	{
317	$body = skinvoodoo("error", "error", array("message" => "Bogus upload file"));
318	return;
319	}
320
321	$xml = file_get_contents($_FILES['xmlfile']['tmp_name']);
322	unlink($_FILES['xmlfile']['tmp_name']);
323
324	if(!preg_match("/[a-f0-9]{32}/", $ret = skin_importer_xml($xml)))
325	{
326	$body = skinvoodoo("error", "error", array("message" => "Skin import failed: ".htmlspecialchars($ret)));
327	return;
328	} else {
329	//$body = "<b>Skin import successful.</b><br />New skin id: $ret";
330	$body = skinvoodoo("controlpanel_skin_multi", "import_successful", array(
331	"posturl" => INDEX_URL . "?controlpanel:skin",
332	"newskinid" => $ret,
333	));
334
335	return;
336	}
337
338	} else {
339
340	if(BLOGID != 1)
341	{
342	/* get the skinid and name of all the builtin skins (those owned by
343	** root) */
344	$q = $db->issue_query("SELECT skinid, name FROM skins WHERE blogid = '1'");
345	$root_skins = $db->fetch_all($q, L1SQL_ASSOC);
346
347	// get the skinid and name of all the skins owned by the user
348	$q = $db->issue_query("SELECT skinid, name FROM skins WHERE blogid = '".BLOGID."'");
349	$user_skins = $db->fetch_all($q, L1SQL_ASSOC);
350
351	// separator
352	$skinids .= skinvoodoo(
353	"controlpanel_skin_multi",
354	"saved_skinids_separator",
355	array("text" => "Built-In Skins:")
356	);
357
358	foreach($root_skins as $skin)
359	{
360	if(SKINID == $skin['skinid'])
361	$skinids .= skinvoodoo("controlpanel_skin_multi", "saved_skinids_current", array("skinid" => $skin['skinid'], "name" => $skin['name']));
362	else
363	$skinids .= skinvoodoo("controlpanel_skin_multi", "saved_skinids_entry", array("skinid" => $skin['skinid'], "name" => $skin['name']));
364	}
365
366	// separator
367	$skinids .= skinvoodoo("controlpanel_skin_multi", "saved_skinids_separator", array("text" => "Your Skins:"));
368
369	foreach($user_skins as $skin)
370	{
371	if(SKINID == $skin['skinid'])
372	$skinids .= skinvoodoo("controlpanel_skin_multi", "saved_skinids_current", array("skinid" => $skin['skinid'], "name" => $skin['name']));
373	else
374	$skinids .= skinvoodoo("controlpanel_skin_multi", "saved_skinids_entry", array("skinid" => $skin['skinid'], "name" => $skin['name']));
375	}
376
377	} else {
378	// get the skins from BLOGID 1 (builtin skins)
379	$q = $db->issue_query("SELECT skinid, name FROM skins WHERE blogid = '1'");
380	$builtin_skins = $db->fetch_all($q, L1SQL_ASSOC);
381
382	// get the skins from BLOGID 0 (disowned skins)
383	$q = $db->issue_query("SELECT skinid, name FROM skins WHERE blogid = '0'");
384	$disowned_skins = $db->fetch_all($q, L1SQL_ASSOC);
385
386	$skinids .= skinvoodoo("controlpanel_skin_multi", "saved_skinids_separator", array("text" => "Built-In Skins:"));
387
388	foreach($builtin_skins as $skin)
389	{
390	$skinids .= skinvoodoo("controlpanel_skin_multi", "saved_skinids_entry", array("skinid" => $skin['skinid'], "name" => $skin['name']));
391	}
392
393	$skinids .= skinvoodoo("controlpanel_skin_multi", "saved_skinids_separator", array("text" => "Disowned Skins:"));
394
395	foreach($disowned_skins as $skin)
396	{
397	$skinids .= skinvoodoo("controlpanel_skin_multi", "saved_skinids_entry", array("skinid" => $skin['skinid'], "name" => $skin['name']));
398	}
399	}
400
401	$body = skinvoodoo("controlpanel_skin_multi", "skin_select", array(
402	"posturl" => INDEX_URL . "?controlpanel:skin",
403	"saved_skinids" => $skinids,
404	"max_file_size" => str_replace("M", "000000", str_replace("K", "000", ini_get("upload_max_filesize"))),
405	));
406
407	}
408
409	?>
410