(brak filtra)';
}
//print_r($table);
}
function renderSorting($table) {
global $cfg, $table_config, $table_fields, $db;
$res=mysqli_query($db, "SELECT * FROM customFields WHERE cfiTable='$table'");
$tabinfo=mysqli_fetch_assoc(mysqli_query($db, "SELECT * FROM tables WHERE tabName='".$table."'"));
//echo mysqli_error($db);
while($rek=mysqli_fetch_assoc($res)) {
if(!$rek['cfiArrayField'] && $rek['cfiType']!='array_fields') {
$table_fields[$tabinfo['tabPrefix'].'#'.$rek['cfiName']]['title']=$rek['cfiTitle@'.$cfg['admin']['language']];
}
}
$tc=_t($_SESSION['sorting'][$table]['field']);
if($table_fields[$_SESSION['sorting'][$table]['field']]['title']) {
$tc=$table_fields[$_SESSION['sorting'][$table]['field']]['title'];
}
echo '
';
echo '
';
}
function listDirectories($dir) {
global $cfg;
$ffs = scandir($dir);
//$ret='';
$ret.='
';
foreach($ffs as $ff){
if($ff != '.' && $ff != '..' && substr($ff,0,8)!='.thumbs_'){
if(is_dir($dir.'/'.$ff)) {
$ret.='- '.$ff.'';
if(is_dir($dir.'/'.$ff)) $ret.=listDirectories($dir.'/'.$ff);
$ret.='
';
}
}
}
$ret.='
';
return $ret;
}
//require_once('_backend/tokens.php');
//generateTokens(1);
require_once('_backend/auth.php');
if($_POST['extra_action']=='remove_files') {
perm_check_exit('file_manager', 'remove');
foreach($_POST['selected_files'] as $key=>$item) {
if($_POST['dir']=='/') $_POST['dir']='';
unlink($cfg['admin']['file_manager_path'].$_POST['dir'].'/'.$item);
}
}
if(!$_SESSION['edit_language']) {
foreach($cfg['languages'] as $key=>$item) {
if($item['default']) $_SESSION['edit_language']=$key;
}
}
if($_POST['action']=='set_filters') {
//print_R($_POST);
//exit;
$_SESSION['filters'][$_POST['table']]=$_POST['filter'];
}
if($_POST['action']=='set_edit_language') {
$_SESSION['edit_language']=$_POST['language'];
}
if($_POST['action']=='set_permissions') {
$perms=null;
foreach($_POST as $key=>$item) {
if(substr($key,0,5)=='perm_') {
//echo substr($key,5).'
';
$perms[substr($key,5)]=$_POST[$key];
}
}
mysqli_query($db, "UPDATE admins SET admPermissions='".json_encode($perms)."' WHERE admId='".$_POST['uid']."'");
}
// create array fields
if($_POST['action']=='new_record' || $_POST['action']=='update_record') {
foreach($_POST as $key=>$item) {
if($item=='@_REACTOR_ARRAY_FIELDS_@') {
$r=_mysqli_query($db, "SELECT * FROM customFields WHERE cfiArrayField='".substr($key,strlen(table2prefix($_POST['table']))+1)."'");
$afs=null;
while($rek=mysqli_fetch_assoc($r)) {
if($rek['cfiLanguage']) {
$lk=$_SESSION['edit_language'];
$afs[]=table2prefix($_POST['table']).'#'.$rek['cfiName'].'@'.$lk;
if($_POST[table2prefix($_POST['table']).'#'.$rek['cfiName'].'@'.$lk.'#label']) {
$afs[]=table2prefix($_POST['table']).'#'.$rek['cfiName'].'@'.$lk.'#label';
}
foreach($cfg['languages'] as $lk => $lang) {
if($lk!=$_SESSION['edit_language']) {
$afs[]=table2prefix($_POST['table']).'#'.$rek['cfiName'].'@'.$lk;
if($_POST[table2prefix($_POST['table']).'#'.$rek['cfiName'].'@'.$lk.'#label']) {
$afs[]=table2prefix($_POST['table']).'#'.$rek['cfiName'].'@'.$lk.'#label';
}
}
}
} else {
$afs[]=table2prefix($_POST['table']).'#'.$rek['cfiName'];
if($_POST[table2prefix($_POST['table']).'#'.$rek['cfiName'].'#label']) {
$afs[]=table2prefix($_POST['table']).'#'.$rek['cfiName'].'#label';
}
}
}
if(!$afs) {
$afs=explode(',', $_POST[$key.'#fields']);
foreach($afs as $k=>$it) {
if($_POST[$it.'#label']) $afs[]=$it.'#label';
}
unset( $_POST[$key.'#fields']);
}
$tab=null;
foreach((array)$_POST[$afs[0]] as $k=>$i) {
foreach($afs as $k2=>$val) {
if($_POST[$val][$k]) {
$tab[$k][$val]=$_POST[$val][$k];
} else {
$tab[$k][$val]='';
}
}
}
if($tab) {
//echo '
';
$_POST[$key]=addslashes(json_encode($tab));
// temporary disabled addslashes - fucking up the code;
//$_POST[$key]=(json_encode($tab));
} else {
$_POST[$key]=null;
}
foreach((array)$afs as $k2=>$val) {
unset($_POST[$val]);
}
}
}
}
if($_POST['action']=='new_record') {
$sql="INSERT INTO ".$_POST['table'].' (';
if($_POST['extra_action']=='create_table') {
$_POST['tabName']=$_POST['tabName'];
}
$vals='';
foreach($_POST as $key=>$item) {
if(!in_array($key,array('table', 'action', 'extra_action'))) {
$sql.='`'.$key.'`, ';
$vals.="'".$item."', ";
}
}
$sql=substr(substr($sql,0,-2).') VALUES ('.$vals,0,-2).')';
if($_POST['extra_action']=='create_table') {
$sql_tab="CREATE TABLE ".$_POST['tabName']." (".$_POST['tabPrefix']."Id INT NOT NULL AUTO_INCREMENT PRIMARY KEY";
if($_POST['tabCategories']) $sql_tab.=", ".$_POST['tabPrefix']."Categories TEXT";
if($_POST['tabStatuses']) $sql_tab.=", ".$_POST['tabPrefix']."Status VARCHAR(1)";
if($_POST['tabLanguages']) $sql_tab.=", ".$_POST['tabPrefix']."Languages TEXT";
$sql_tab.=")";
_mysqli_query($db, $sql_tab);
//exit;
//print_R($_POST);
//exit;
}
$alert[]=array('type'=>'success','message'=>'RecordSaved');
$_SESSION['backend_alert']=$alert;
if(_mysqli_query($db, $sql)) {
$mii=mysqli_insert_id($db);
if($_POST['extra_action']=='create_module_settings') {
//echo "INSERT INTO module_".$_POST['modModule']." (`".table2prefix('module_'.$_POST['modModule'])."Id`) VALUES ('".mysqli_insert_id($db)."')";
//exit;
_mysqli_query($db, "INSERT INTO module_".$_POST['modModule']." (`".table2prefix('module_'.$_POST['modModule'])."Id`) VALUES ('".mysqli_insert_id($db)."')");
}
if($_GET['tid']) $tid='&tid='.$_GET['tid'];
Header('Location: /'.$_url[0].'/'.$_url[1].'/edit?id='.$mii.$tid);
exit;
}
}
if($_POST['action']=='update_record') {
$_record_previous = mysqli_fetch_assoc(_mysqli_query($db, "SELECT * FROM ".$_POST['table']." WHERE ".table2prefix($_POST['table'])."Id = '".$_POST['id']."'"));
$sql="UPDATE ".$_POST['table'].' SET ';
$vals='';
foreach($_POST as $key=>$item) {
if(!in_array($key,array('table', 'action', 'id', 'extra_action'))) {
$sql.="`".$key."` = '".$item."', ";
}
}
$sql=substr($sql,0,-2).' WHERE '.table2prefix($_POST['table'])."Id = '".$_POST['id']."'";
//echo $sql;
//exit;
_mysqli_query($db, $sql);
$alert[]=array('type'=>'success','message'=>'RecordUpdated');
if($_POST['extra_action']=='update_table') {
$tprefix='';
//if(!$_record_previous['tabInternal']) $tprefix='table_';
if($_POST['tabName']!=$_record_previous['tabName']) {
_mysqli_query($db, "RENAME TABLE ".$tprefix.$_record_previous['tabName']." TO ".$tprefix.$_POST['tabName']);
_mysqli_query($db,"UPDATE grid SET griTable='".$tprefix.$_POST['tabName']."' WHERE griTable='".$tprefix.$_record_previous['tabName']."'");
_mysqli_query($db,"UPDATE customFields SET cfiTable='".$tprefix.$_POST['tabName']."' WHERE cfiTable='".$tprefix.$_record_previous['tabName']."'");
}
// no to jajca kurwa aby zmienić nazwy pol
if($_POST['tabPrefix']!=$_record_previous['tabPrefix']) {
// one pass prefix change0
$q = _mysqli_query($db, 'DESCRIBE '.$tprefix.$_POST['tabName']);
while($row = mysqli_fetch_array($q)) {
//print_r($row);
$nn=" ";
if($row['Null']=='NO') $nn=" NOT NULL ";
$s="ALTER TABLE ".$tprefix.$_POST['tabName']." CHANGE `".$row['Field']."` `".$_POST['tabPrefix'].substr($row['Field'],strlen($_record_previous['tabPrefix']))."` ".$row['Type'].$nn.$row['Extra'];
_mysqli_query($db,$s);
}
// one pass grid fields
$grid=mysqli_fetch_assoc(_mysqli_query($db,"SELECT * FROM grid WHERE griTable='".$tprefix.$_POST['tabName']."'"));
if($grid) {
$currentFields=json_decode($grid['griFields'],true);
$newFields=null;
foreach($currentFields as $key=>$item) {
$newFields[$_POST['tabPrefix'].substr($key,strlen($_record_previous['tabPrefix']))]=$item;
}
_mysqli_query($db,"UPDATE grid SET griFields='".json_encode($newFields)."' WHERE griTable='".$tprefix.$_POST['tabName']."'");
}
unset($_SESSION['sorting'][$tprefix.$_POST['tabName']]);
// Ride po customach niepotrzebny - realizowany bez prefixow
}
if($_record_previous['tabStatuses'] && !$_POST['tabStatuses']) {
_mysqli_query($db, "ALTER TABLE ".$tprefix.$_POST['tabName']." DROP ".$_POST['tabPrefix']."Status");
_mysqli_query($db, "UPDATE tables SET tabStatuses='0' WHERE tabName='".$tprefix.$_POST['tabName']."'");
}
if(!$_record_previous['tabStatuses'] && $_POST['tabStatuses']) {
_mysqli_query($db, "ALTER TABLE ".$tprefix.$_POST['tabName']." ADD ".$_POST['tabPrefix']."Status VARCHAR(1)");
_mysqli_query($db, "UPDATE tables SET tabStatuses='1' WHERE tabName='".$tprefix.$_POST['tabName']."'");
}
if($_record_previous['tabCategories'] && !$_POST['tabCategories']) {
_mysqli_query($db, "ALTER TABLE ".$tprefix.$_POST['tabName']." DROP ".$_POST['tabPrefix']."Categories");
_mysqli_query($db, "UPDATE tables SET tabCategories='0' WHERE tabName='".$tprefix.$_POST['tabName']."'");
}
if(!$_record_previous['tabCategories'] && $_POST['tabCategories']) {
_mysqli_query($db, "ALTER TABLE ".$tprefix.$_POST['tabName']." ADD ".$_POST['tabPrefix']."Categories TEXT");
_mysqli_query($db, "UPDATE tables SET tabCategories='1' WHERE tabName='".$tprefix.$_POST['tabName']."'");
}
if($_record_previous['tabLanguages'] && !$_POST['tabLanguages']) {
_mysqli_query($db, "ALTER TABLE ".$tprefix.$_POST['tabName']." DROP ".$_POST['tabPrefix']."Languages");
_mysqli_query($db, "UPDATE tables SET tabLanguages='0' WHERE tabName='".$tprefix.$_POST['tabName']."'");
}
if(!$_record_previous['tabLanguages'] && $_POST['tabLanguages']) {
_mysqli_query($db, "ALTER TABLE ".$tprefix.$_POST['tabName']." ADD ".$_POST['tabPrefix']."Languages TEXT");
_mysqli_query($db, "UPDATE tables SET tabLanguages='1' WHERE tabName='".$tprefix.$_POST['tabName']."'");
}
/*
if($_record_previous['tabStatuses'] && !$_POST['tabStatuses']) {
_mysqli_query($db, "ALTER TABLE ".$tprefix.$_POST['tabName']." DROP ".$_record_previous['tabPrefix']."Statuses");
}
if(!$_record_previous['tabStatuses'] && $_POST['tabStatuses']) {
_mysqli_query($db, "ALTER TABLE ".$tprefix.$_POST['tabName']." ADD ".$_POST['tabPrefix']."Statuses VARCHAR(1)");
}
*/
}
}
if($_POST['action']=='create_dir') {
mkdir ('media/'.substr($_POST['dir'],1).'/'.$_POST['dirName']);
//mkdir(substr($_POST['dir'],1).'/'.$_POST['dirName']);
}
if($_POST['action']=='remove_record') {
if($_POST['table']!='customFields') {
perm_check_exit($_POST['table'], 'remove');
}
//exit;
if($_POST['extra_action']=='remove_module_settings') {
$ms=mysqli_fetch_assoc(_mysqli_query($db, "SELECT * FROM modules WHERE modId='".$_POST['id']."'"));
_mysqli_query($db, "DELETE FROM module_".$ms['modModule']." WHERE ".table2prefix('module_'.$ms['modModule'])."Id='".$_POST['id']."'");
}
if($_POST['extra_action']=='remove_cfi') {
$cfi=mysqli_fetch_assoc(_mysqli_query($db, "SELECT * FROM customFields WHERE cfiId='".$_POST['id']."'"));
if(strtolower($cfi['cfiType'])!='tab') {
$grid=mysqli_fetch_assoc(_mysqli_query($db,"SELECT * FROM grid WHERE griTable='".$cfi['cfiTable']."'"));
$fields=json_decode($grid['griFields'],true);
unset($fields[table2prefix($cfi['cfiTable']).'#'.$cfi['cfiName']]);
//.'#'.$cfi['cfiName']);
//echo table2prefix($cfi['cfiTable']);
if($_SESSION['sorting'][$cfi['cfiTable']]['field']==table2prefix($cfi['cfiTable']).'#'.$cfi['cfiName']) {
unset($_SESSION['sorting'][$cfi['cfiTable']]);
}
_mysqli_query($db,"UPDATE grid SET griFields='".json_encode($fields)."' WHERE griTable='".$cfi['cfiTable']."'");
if($_SESSION['sorting'])
if($cfi['cfiLanguage']) {
foreach($cfg['languages'] as $key=>$item) {
_mysqli_query($db, "ALTER TABLE ".$cfi['cfiTable']." DROP COLUMN `".table2prefix($cfi['cfiTable']).'#'.$cfi['cfiName'].'@'.$key."`");
//echo "ALTER TABLE ".$cfi['cfiTable']." DROP COLUMN ".table2prefix($cfi['cfiTable']).'#'.$cfi['cfiName'].'@'.$key;
}
} else {
_mysqli_query($db, "ALTER TABLE ".$cfi['cfiTable']." DROP COLUMN `".table2prefix($cfi['cfiTable']).'#'.$cfi['cfiName']."`");
}
}
// regenerate sequence
_mysqli_query($db, "UPDATE customFields SET cfiSequence=cfiSequence-1 WHERE cfiSequence>'".$cfi['cfiSequence']."' AND cfiTable='".$cfi['cfiTable']."'");
}
if($_POST['extra_action']=='remove_table') {
$tab=mysqli_fetch_assoc(_mysqli_query($db, "SELECT * FROM tables WHERE tabId='".$_POST['id']."'"));
$tprefix='';
//if(!$tab['tabInternal']) $tprefix='table_';
_mysqli_query($db, "DROP TABLE ".$tprefix.$tab['tabName']);
_mysqli_query($db, "DELETE FROM grid WHERE griTable='".$tprefix.$tab['tabName']."'");
_mysqli_query($db, "DELETE FROM customFields WHERE cfiTable='".$tprefix.$tab['tabName']."'");
}
_mysqli_query($db, "DELETE FROM ".$_POST['table']." WHERE ".$_POST['idField']."='".$_POST['id']."'");
$_message=array("type"=>"success", "message"=>"Usunięto rekord");
}
if($_POST['action']=='set_sorting') {
$_SESSION['sorting'][$_POST['table']]=array(
'field'=>$_POST['field'],
'direction'=>$_POST['direction']
);
//print_r($_SESSION);
}
if($_POST['action']=='add_search') {
$_SESSION['search'][$_POST['table']][]=$_POST['phrase'];
}
if($_POST['action']=='remove_search') {
unset($_SESSION['search'][$_POST['table']][$_POST['phrase']]);
$_SESSION['search'][$_POST['table']]=array_values($_SESSION['search'][$_POST['table']]);
}
$_SESSION['admin']=mysqli_fetch_assoc(mysqli_query($db, "SELECT * FROM admins WHERE admId='".$_SESSION['admin']['admId']."'"));
$_SESSION['admin']['admPermissions']=json_decode($_SESSION['admin']['admPermissions'], true);
// rejestrowanie uprawnien
$_perm_table=null;
function perm_register($list, $item) {
global $_perm_table;
$_perm_table[$item]=$list;
//print_R($list);
}
// sprawdzanie uprawnien
function perm_check($item, $action) {
if(array_search($action, (array)$_SESSION['admin']['admPermissions'][$item])!==false) {
return true;
} else {
return false;
}
}
function perm_check_exit($item, $action) {
if(!perm_check($item, $action)) {
echo 'Brak uprawnień!';
exit;
}
}
function perm_display($item, $action) {
//echo $item.' '.$action;
if(!perm_check($item, $action)) {
return ' style="display: none;"';
} else {
return '';
}
}
// zaladowanie informacji o templatach ****************************************************************************************/
function get_templates() {
global $cfg;
$_templates=null;
if ($handle = opendir($_SERVER['DOCUMENT_ROOT'].'/themes/'.$cfg['theme'].'/templates')) {
/* This is the correct way to loop over the directory. */
while (false !== ($entry = readdir($handle))) {
if(!is_dir($_SERVER['DOCUMENT_ROOT'].'/themes/'.$cfg['theme'].'/templates/'.$entry)) {
$read=file_get_contents($_SERVER['DOCUMENT_ROOT'].'/themes/'.$cfg['theme'].'/templates/'.$entry);
$spl=explode('//@TITLE@', $read);
if(count($spl)>2) $title=$spl[1];
$file=array(
'filename'=>$entry,
'title'=>$spl[1]
);
//strtolower($file['pathinfo']['extension']).'
';
$_templates[$entry]=$file;
}
}
closedir($handle);
}
return $_templates;
}
// zaladowanie informacji o wszystkich dostepnych modulach *************************************************************************************************
// nie dla MACa - ssie palke
function get_modules_menu() {
global $cfg;
if ($handle = opendir('_modules')) {
while (false !== ($entry = readdir($handle))) {
if($entry!='.' && $entry!='..') {
$modpos=null;
if(file_exists('_modules/'.$entry.'/l18n/'.$cfg['admin']['language'].'.php')) {
$inp=file_get_contents('_modules/'.$entry.'/l18n/'.$cfg['admin']['language'].'.php');
//echo $inp;
//exit;
$spl=explode('//@_', $inp);
$spl=explode("\n", $spl[1]);
$tmp=explode("::", $spl[1]);
$modpos['title']=trim($tmp[1]);
if(trim($tmp[0])=='//@NOMENU') {
$modpos['nomenu']=true;
}
if(count($spl)>3) {
for($i=2; $i'.$title.'';
}
}
closedir($handle);
return $_modules_menu;
}
}
//print_r(get_modules_menu());
// echo $_POST['action'];
// zaladowanie kategorii - global redundancja z frontem - zrobić jedną funkcję dla obydwu cor'ów
$res=_mysqli_query($db, "SELECT catId, `catSlug@".$_SESSION['edit_language']."` AS catSlug, `catTitle@".$_SESSION['edit_language']."` AS catTitle, catTemplate, catRoot, catParent_catId, catSequence FROM categories ORDER BY catSequence");
$_categories=null;
$_category=0;
while($tmp = mysqli_fetch_assoc($res)) {
if($tmp['catRoot']) $_category=$tmp['catId'];
$_categories[$tmp['catId']]=$tmp;
}
foreach((array)$_categories as $key=>$category) {
$pid=$category['catParent_catId'];
$url_path='/'.$category['catSlug'];
while($pid!=0) {
$url_path='/'.$_categories[$pid]['catSlug'].$url_path;
$pid=$_categories[$pid]['catParent_catId'];
$pid=0;
}
$_categories[$key]['url_path']=$url_path;
}
$new = array();
foreach ((array)$_categories as $a){
$new[$a['catParent_catId']][] = $a;
}
function catTreeList($ct) {
$out = '';
return $out;
}
$_cat_tree = createTree($new, $new[0]); // changed
// koniec drzewa ***********************************************************************************
//print_r($_cat_tree);
if(!$_url[1]) $_url[1]='start';
if($_url[1]=='ajax') {
require_once('_backend/ajax.php');
if(!$_url[2]) {
echo 'ERROR'; exit;
}
$run_function = 'action_'.$_url[2];
if(!function_exists($run_function)) {
echo 'ERROR';
exit;
}
$run_function();
exit;
}
if($_url[1]=='script') {
//echo $_url[2];
// exit;
require_once('_backend/scripts/'.$_url[2]);
exit;
}
if(substr($_url[1],0,7)=='module_') {
$module=mysqli_fetch_assoc(_mysqli_query($db, "SELECT * FROM modules WHERE modName='".substr($_url[1], 7)."'"));
if(!module) {
echo '404';
exit;
}
$module_settings=mysqli_fetch_assoc(_mysqli_query($db, "SELECT * FROM module_".$module['modModule']." WHERE ".table2prefix('module_'.$module['modModule'])."Id='".$module['modId']."'"));
require_once('_modules/'.$module['modModule'].'/backend.php');
if(!$_url[2]) $action='index'; else $action=$_url[2];
$run_function = 'module_'.$action;
if(!function_exists($run_function)) {
echo '404';
exit;
}
$run_function();
exit;
}
if(substr($_url[1],0,5)=='tool_') {
if(!file_exists('_tools/'.substr($_url[1],5).'/'.substr($_url[1],5).'.php')) {
echo '404';
exit;
}
require_once('_tools/'.substr($_url[1],5).'/'.substr($_url[1],5).'.php');
if(!$_url[2]) $action='index'; else $action=$_url[2];
$run_function = 'action_'.$action;
if(!function_exists($run_function)) {
echo '404';
exit;
}
$run_function();
exit;
}
if(!file_exists('_backend/internals/'.$_url[1].'/'.$_url[1].'.php')) {
echo '404';
exit;
}
require_once('_backend/internals/'.$_url[1].'/'.$_url[1].'.php');
if(!$_url[2]) $action='index'; else $action=$_url[2];
$run_function = 'action_'.$action;
if(!function_exists($run_function)) {
echo '404';
exit;
}
$run_function();
?>