LEPTON CMS 7.0.0
feel free to keep it strictly simple...
Loading...
Searching...
No Matches
lepton_admin.php
Go to the documentation of this file.
1<?php
2
3declare(strict_types=1);
4
27class LEPTON_admin extends LEPTON_core
28{
29
36 private LEPTON_database $database;
37
44 public array $header_storage = [
45 'css' => [],
46 'js' => [],
47 'html' => [],
48 'modules' => []
49 ];
50
57 private string $html_output_storage = "";
58
65 private bool $droplets_ok = false;
66
67 protected string $section_name = "";
68 protected string $section_permission = "";
69
75 public ?lib_twig_box $oTWIG = null;
76
81 public static $instance;
82
83 static private bool $bUserGotAdminRights = false;
84
95 public static function getInstance(): object
96 {
97 if (null === static::$instance)
98 {
99 $section_name = "Pages";
100 $section_permission = "start";
101 $auto_header = true;
102 $auto_auth = true;
103
104 switch( func_num_args() )
105 {
106 case 1:
107 $section_name = func_get_arg(0);
108 break;
109 case 2:
110 $section_name = func_get_arg(0);
111 $section_permission = func_get_arg(1);
112 break;
113 case 3:
114 $section_name = func_get_arg(0);
115 $section_permission = func_get_arg(1);
116 $auto_header = func_get_arg(2);
117 break;
118 case 4:
119 $section_name = func_get_arg(0);
120 $section_permission = func_get_arg(1);
121 $auto_header = func_get_arg(2);
122 $auto_auth = func_get_arg(3);
123 break;
124 default:
125 // nothing
126 break;
127 }
128 static::$instance = new static($section_name, $section_permission, $auto_header, $auto_auth);
129 }
130 return static::$instance;
131 }
143 public function __construct(string $section_name = "Pages", string $section_permission = 'start', bool $auto_header = true, bool $auto_auth = true)
144 {
145 global $database, $MESSAGE, $section_id, $page_id;
146
147 parent::__construct();
148
149 static::$instance = $this;
150
151 $section_id = (isset ($_POST['section_id']) ? intval($_POST['section_id']) : 0);
152 if ($section_id == 0 )
153 {
154 $section_id = (isset ($_GET['section_id'])? intval($_GET['section_id']): 0);
155 }
156
157 $page_id = (isset ($_POST['page_id']) ? intval($_POST['page_id']) : 0);
158 if ($page_id == 0 )
159 {
160 $page_id = (isset ($_GET['page_id']) ? intval($_GET['page_id']) : 0);
161 }
162
166 if ($this->oTWIG === null)
167 {
168 $this->oTWIG = lib_twig_box::getInstance();
169 $this->oTWIG->loader->prependPath( THEME_PATH."/templates/", "theme" );
170 }
171
176 if(true === $auto_auth)
177 {
178 ob_start();
179 }
180
181 $this->database = LEPTON_database::getInstance();
182
183 // Specify the current applications name
184 $this->section_name = $section_name;
185 $this->section_permission = $section_permission;
186 // Authenticate the user for this application
187 if ($auto_auth === true)
188 {
189 // [a1] First check if the user is logged-in
190 if ($this->is_authenticated() === false)
191 {
192 header('Location:' . ADMIN_URL . '/login/index.php');
193 exit();
194 }
195
196 // [a2] Now check whether he has a valid token
197 if (!$this->checkLepToken())
198 {
199 $pin_set = $this->database->get_one("SELECT `pin_set` FROM `".TABLE_PREFIX."users` WHERE `user_id` = '".$_SESSION['USER_ID']."' ");
200 if ($pin_set == 2)
201 {
202 $this->database->simple_query("UPDATE `" . TABLE_PREFIX . "users` SET `pin_set` = 1 WHERE user_id = '" . $_SESSION['USER_ID'] . "' ");
203 }
204 unset($_SESSION['USER_ID']);
205 header('Location:' . ADMIN_URL . '/login/index.php');
206 exit();
207 }
208
209 // [a3] Now check if they are allowed in this section
210 if ($this->get_permission($section_permission) === false)
211 {
212 die($MESSAGE['ADMIN_INSUFFICIENT_PRIVILEGES']);
213 }
214 }
215
216 // Check if the backend language is also the selected language. If not, send headers again.
217 $user_language = [];
218 $this->database->execute_query(
219 "SELECT `language` FROM `" . TABLE_PREFIX . "users` WHERE `user_id` = '" . (int) $this->get_user_id() . "'",
220 true,
221 $user_language,
222 false
223 );
224 // prevent infinite loop if language file is not XX.php (e.g. DE_de.php)
225 $user_language = (!isset($user_language['language']))
226 ? ""
227 : substr($user_language['language'], 0,2)
228 ;
229
230 // obtain the admin folder (e.g. /admin)
231 $admin_folder = str_replace(LEPTON_PATH, '', ADMIN_PATH);
232 if ((LANGUAGE != $user_language) && file_exists(LEPTON_PATH . '/languages/' . $user_language . '.php') && strpos($_SERVER['SCRIPT_NAME'], $admin_folder . '/') !== false)
233 {
234 // check if page_id is set
235 $page_id_url = (isset($_GET['page_id'])) ? '&page_id=' . (int) $_GET['page_id'] : '';
236 $section_id_url = (isset($_GET['section_id'])) ? '&section_id=' . (int) $_GET['section_id'] : '';
237 if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != '') // check if there is an query-string
238 {
239 header('Location: ' . $_SERVER['SCRIPT_NAME'] . '?lang=' . $user_language . $page_id_url . $section_id_url . '&' . $_SERVER['QUERY_STRING']);
240 }
241 else
242 {
243 header('Location: ' . $_SERVER['SCRIPT_NAME'] . '?lang=' . $user_language . $page_id_url . $section_id_url);
244 }
245 exit();
246 }
247
248 // [a2.1] Auto header code
249 if ($auto_header === true)
250 {
251 $this->print_header();
252 }
253
254 // @ADD_cronjob 20230727, include cronjob file for external call
255 if(CRONJOB == 2 || CRONJOB == 3)
256 {
257 $_POST['ikey'] = LEPTON_cronjob::getInstance()->cj_key;
258 LEPTON_handle::include_files("/modules/cronjob.php");
259 }
260 }
261
269 public function get_permission(string $name, string $type = 'system'): bool
270 {
271 // [p.1] Append to permission type
272 $type .= '_permissions';
273 // [p.2] Check if we have a section to check for
274 if ($name === 'start')
275 {
276 return true;
277 }
278 else
279 {
280 if (true === self::userHasAdminRights())
281 {
282 return true;
283 }
284
285 $aTemp = match (strtolower($type))
286 {
287 "system_permissions" => ($this->get_session('SYSTEM_PERMISSIONS') ?? []),
288 "module_permissions" => ($this->get_session('MODULE_PERMISSIONS') ?? []),
289 "template_permissions" => ($this->get_session('TEMPLATE_PERMISSIONS') ?? []),
290 default => [],
291 };
292 return in_array($name, $aTemp);
293 }
294 }
295
302 public static function get_user_details(int $user_id): array
303 {
304 $user = [];
305 LEPTON_database::getInstance()->execute_query(
306 "SELECT `username`,`display_name` FROM `" . TABLE_PREFIX . "users` WHERE `user_id` = ".$user_id,
307 true,
308 $user,
309 false
310 );
311
312 if (empty($user))
313 {
314 $user['display_name'] = 'Unknown';
315 $user['username'] = 'unknown';
316 }
317 return $user;
318 }
319
327 public function get_page_details(int $page_id): array
328 {
329 $aResults = [];
330 $this->database->execute_query(
331 "SELECT * from " . TABLE_PREFIX . "pages WHERE page_id = ".$page_id,
332 true,
333 $aResults,
334 false
335 );
336
337 if (empty($aResults))
338 {
339 $this->print_header();
340 $this->print_error($GLOBALS['MESSAGE']['PAGES_NOT_FOUND']);
341 }
342 return $aResults;
343 }
344
355 public function get_page_permission(int|array $page, string $action = 'admin'): bool
356 {
357 if ($action != 'viewing')
358 {
359 $action = 'admin';
360 }
361
362 $action_groups = $action . '_groups';
363 $action_users = $action . '_users';
364 if (is_array($page))
365 {
366 $groups = $page[$action_groups];
367 $users = $page[$action_users];
368 }
369 else
370 {
371 $results = [];
372 $this->database->execute_query(
373 "SELECT ".$action_groups.",".$action_users." FROM " . TABLE_PREFIX . "pages WHERE page_id = ".$page ,
374 true,
375 $results,
376 false
377 );
378 $groups = explode(',', str_replace('_', '', $results[$action_groups]));
379 $users = explode(',', str_replace('_', '', $results[$action_users]));
380 }
381
382 $in_group = false;
383 foreach ($this->get_groups_id() as $cur_gid)
384 {
385 if (in_array($cur_gid, $groups))
386 {
387 $in_group = true;
388 }
389 }
390 if ((!$in_group) && !is_numeric(array_search($this->get_user_id(), $users)))
391 {
392 return false;
393 }
394 return true;
395 }
396
404 public function get_link_permission(string $title): bool
405 {
406 $title = strtolower(str_replace('_blank', '', $title));
407
408 // Set system permissions var
409 $system_permissions = $this->get_session('SYSTEM_PERMISSIONS');
410
411 if ($title === 'start')
412 {
413 return true;
414 }
415 else
416 {
417 // Return true if system perm = 1
418 return (is_numeric(array_search($title, $system_permissions)));
419 }
420 }
421
426 public function print_header(): void
427 {
428 LEPTON_handle::register("get_page_headers");
429 // Get vars from the language file
430 global $MENU;
431 global $MESSAGE;
432 global $TEXT;
433
434 // Get website title
435 $title = $this->database->get_one("SELECT `value` FROM `".TABLE_PREFIX."settings` WHERE `name`='website_title'");
436
437 $charset = (true === defined('DEFAULT_CHARSET')) ? DEFAULT_CHARSET : 'utf-8';
438
439 // Work out the URL for the 'View menu' link in the WB backend
440 // if the page_id is set, show this page otherwise show the root directory of WB
441 $view_url = LEPTON_URL;
442 if (isset($_GET['page_id']))
443 {
444 // Extract page link from the database
445 $result = $this->database->get_one("SELECT `link` FROM `" . TABLE_PREFIX . "pages` WHERE `page_id`= '" . (int) addslashes($_GET['page_id']) . "'");
446 if ($result != null)
447 {
448 $view_url .= PAGES_DIRECTORY . $result. PAGE_EXTENSION;
449 }
450 }
451
456 $backend_theme_version = "";
457 if (defined('DEFAULT_THEME'))
458 {
459 $backend_theme_version = $this->database->get_one("SELECT `version` from `" . TABLE_PREFIX . "addons` where `directory`='" . DEFAULT_THEME . "'");
460 }
461
462 $header_vars = [
463 'SECTION_NAME' => $MENU[strtoupper($this->section_name)],
464 'WEBSITE_TITLE' => $title,
465 'BACKEND_TITLE' => BACKEND_TITLE,
466 'TEXT_ADMINISTRATION' => $TEXT['ADMINISTRATION'],
467 'CURRENT_USER' => $MESSAGE['START_CURRENT_USER'],
468 'DISPLAY_NAME' => $this->get_display_name(),
469 'CHARSET' => $charset,
470 'LANGUAGE' => strtolower(LANGUAGE),
471 'LEPTON_VERSION' => LEPTON_VERSION,
472 'SUBVERSION' => SUBVERSION,
473 'LEPTON_URL' => LEPTON_URL,
474 'ADMIN_URL' => ADMIN_URL,
475 'THEME_URL' => THEME_URL,
476 'TITLE_START' => $MENU['START'],
477 'TITLE_VIEW' => $MENU['VIEW'],
478 'TITLE_HELP' => $MENU['HELP'],
479 'TITLE_LOGOUT' => $MENU['LOGOUT'],
480// additional marker links/text in semantic BE-header
481 'PAGES' => $MENU['PAGES'],
482 'MEDIA' => $MENU['MEDIA'],
483 'ADDONS' => $MENU['ADDONS'],
484 'PREFERENCES' => $MENU['PREFERENCES'],
485 'SETTINGS' => $MENU['SETTINGS'],
486 'ADMINTOOLS' => $MENU['ADMINTOOLS'],
487 'ACCESS' => $MENU['ACCESS'],
488// end additional marks
489 'URL_VIEW' => $view_url,
490 'URL_HELP' => ' https://lepton-cms.org/',
491 'BACKEND_MODULE_FILES' => get_page_headers('backend', false),
492 'THEME_VERSION' => $backend_theme_version,
493 'THEME_NAME' => DEFAULT_THEME,
494
495 // permissions
496 'p_pages' => $this->get_link_permission('pages'),
497 'p_media' => $this->get_link_permission('media'),
498 'p_addons' => $this->get_link_permission('addons'),
499 'p_preferences' => $this->getUserPermission('preferences'), // true, // Keep in mind: preferences are always 'shown' as managed from the login of the user.
500 'p_settings' => $this->get_link_permission('settings'),
501 'p_admintools' => $this->get_link_permission('admintools'),
502 'p_access' => $this->get_link_permission('access')
503 ];
504
505 echo $this->oTWIG->render(
506 '@theme/header.lte',
507 $header_vars
508 );
509 }
510
517 public function print_footer(): void
518 {
519 LEPTON_handle::register("get_page_footers");
520 $footer_vars = [
521 'BACKEND_BODY_MODULE_JS' => get_page_footers('backend'),
522 'LEPTON_URL' => LEPTON_URL,
523 'LEPTON_PATH' => LEPTON_PATH,
524 'ADMIN_URL' => ADMIN_URL,
525 'THEME_URL' => THEME_URL
526 ];
527
528 echo $this->oTWIG->render(
529 "@theme/footer.lte",
530 $footer_vars
531 );
532
541 $this->html_output_storage = ob_get_clean();
542 if (true === $this->droplets_ok)
543 {
544 evalDroplets($this->html_output_storage);
545 }
546
547 // CSRF protection - add tokens to internal links
548 if ($this->is_authenticated() )
549 {
550 LEPTON_core::getInstance()->getProtectedFunctions($this->html_output_storage, $this);
551 }
552
553 echo $this->html_output_storage;
554 }
555
564 public function print_success(string|array $message, string $redirect = 'index.php', bool $auto_footer = true): void
565 {
566 global $TEXT;
567 global $section_id;
568
569 LEPTON_abstract::saveLastEditSection();
570
571 if (true === is_array($message))
572 {
573 $message = implode("<br />", $message);
574 }
575
576 // add template variables
577 $page_vars = [
578 'NEXT' => $TEXT['NEXT'],
579 'BACK' => $TEXT['BACK'],
580 'MESSAGE' => $message,
581 'THEME_URL' => THEME_URL,
582 'REDIRECT' => $redirect,
583 'REDIRECT_TIMER' => REDIRECT_TIMER
584 ];
585
586 echo $this->oTWIG->render(
587 '@theme/success.lte',
588 $page_vars
589 );
590
591 if (true === $auto_footer)
592 {
593 $this->print_footer();
594 }
595 exit();
596 }
597
606 public function print_error(string|array $message, string $link = 'index.php', bool $auto_footer = true): void
607 {
608 global $TEXT;
609
610 LEPTON_abstract::saveLastEditSection();
611
612 if (true === is_array($message))
613 {
614 $message = implode("<br />", $message);
615 }
616
617 $page_vars = [
618 'MESSAGE' => $message,
619 'LINK' => $link,
620 'BACK' => $TEXT['BACK'],
621 'THEME_URL' => THEME_URL
622 ];
623
624 echo $this->oTWIG->render(
625 '@theme/error.lte',
626 $page_vars
627 );
628
629 if (true === $auto_footer && method_exists($this, "print_footer"))
630 {
631 $this->print_footer();
632 }
633 exit();
634 }
635
643 static public function getUserPermission(string $sPermissionName = "" ): bool
644 {
645 if (!isset($_SESSION['SYSTEM_PERMISSIONS']))
646 {
647 return false;
648 }
649 return (in_array($sPermissionName, $_SESSION['SYSTEM_PERMISSIONS']));
650 }
651
652 static public function userHasAdminRights()
653 {
654 if (self::$bUserGotAdminRights == false)
655 {
656 // Current user has admin rights?
657 $aUser = explode(",", ($_SESSION['GROUPS_ID'] ?? ""));
658 self::$bUserGotAdminRights = (in_array(1, $aUser));
659 }
660
661 return self::$bUserGotAdminRights;
662 }
663
667 public function getHeaderStorage(): array
668 {
669 return $this->header_storage;
670 }
671
672 public function resetObject()
673 {
674 static::$instance = null;
675 return self::getInstance();
676 }
677}
LEPTON_abstract\saveLastEditSection
static saveLastEditSection(int $iSectionID=0)
Definition lepton_abstract.php:346
LEPTON_admin
Definition lepton_admin.php:28
LEPTON_admin\get_permission
get_permission(string $name, string $type='system')
Definition lepton_admin.php:269
LEPTON_admin\$header_storage
array $header_storage
Definition lepton_admin.php:44
LEPTON_admin\__construct
__construct(string $section_name="Pages", string $section_permission='start', bool $auto_header=true, bool $auto_auth=true)
Definition lepton_admin.php:143
LEPTON_admin\$section_permission
string $section_permission
Definition lepton_admin.php:68
LEPTON_admin\print_error
print_error(string|array $message, string $link='index.php', bool $auto_footer=true)
Definition lepton_admin.php:606
LEPTON_admin\resetObject
resetObject()
Definition lepton_admin.php:672
LEPTON_admin\getUserPermission
static getUserPermission(string $sPermissionName="")
Definition lepton_admin.php:643
LEPTON_admin\get_page_permission
get_page_permission(int|array $page, string $action='admin')
Definition lepton_admin.php:355
LEPTON_admin\userHasAdminRights
static userHasAdminRights()
Definition lepton_admin.php:652
LEPTON_admin\get_link_permission
get_link_permission(string $title)
Definition lepton_admin.php:404
LEPTON_admin\print_header
print_header()
Definition lepton_admin.php:426
LEPTON_admin\get_user_details
static get_user_details(int $user_id)
Definition lepton_admin.php:302
LEPTON_admin\print_footer
print_footer()
Definition lepton_admin.php:517
LEPTON_admin\print_success
print_success(string|array $message, string $redirect='index.php', bool $auto_footer=true)
Definition lepton_admin.php:564
LEPTON_admin\getHeaderStorage
getHeaderStorage()
Definition lepton_admin.php:667
LEPTON_admin\$section_name
string $section_name
Definition lepton_admin.php:67
LEPTON_admin\getInstance
static getInstance()
Definition lepton_admin.php:95
LEPTON_admin\$instance
static $instance
Definition lepton_admin.php:81
LEPTON_admin\$oTWIG
lib_twig_box $oTWIG
Definition lepton_admin.php:75
LEPTON_admin\get_page_details
get_page_details(int $page_id)
Definition lepton_admin.php:327
LEPTON_cronjob\getInstance
static getInstance()
Definition lepton_cronjob.php:37
LEPTON_database
Definition lepton_database.php:25
LEPTON_database\getInstance
static getInstance(array &$settings=[])
Definition lepton_database.php:75
LEPTON_handle\include_files
static include_files(array|string $file_names=[], bool $interrupt=true)
Definition lepton_handle.php:464
LEPTON_handle\register
static register()
Definition lepton_handle.php:717
THEME_PATH
const THEME_PATH
Definition constants.php:157
$database
$database
Definition constants.php:52
get_page_footers
get_page_footers(string $for='frontend')
Definition function.get_page_footers.php:51
get_page_headers
get_page_headers(string $for='frontend', bool $print_output=true, bool $individual=false)
Definition function.get_page_headers.php:67