1: <?php
  2: 
  3: // include the config file
  4: if(!isset($config)) {
  5:     require_once '../util/AlphaConfig.inc';
  6:     $config = AlphaConfig::getInstance();
  7: 
  8:     require_once $config->get('app.root').'alpha/util/AlphaAutoLoader.inc';
  9: }
 10: 
 11: /**
 12:  *
 13:  * Controller used to edit an existing article
 14:  *
 15:  * @package alpha::controller
 16:  * @since 1.0
 17:  * @author John Collins <dev@alphaframework.org>
 18:  * @version $Id: EditArticle.php 1795 2014-05-07 22:31:04Z alphadevx $
 19:  * @license http://www.opensource.org/licenses/bsd-license.php The BSD License
 20:  * @copyright Copyright (c) 2014, John Collins (founder of Alpha Framework).
 21:  * All rights reserved.
 22:  *
 23:  * <pre>
 24:  * Redistribution and use in source and binary forms, with or
 25:  * without modification, are permitted provided that the
 26:  * following conditions are met:
 27:  *
 28:  * * Redistributions of source code must retain the above
 29:  *   copyright notice, this list of conditions and the
 30:  *   following disclaimer.
 31:  * * Redistributions in binary form must reproduce the above
 32:  *   copyright notice, this list of conditions and the
 33:  *   following disclaimer in the documentation and/or other
 34:  *   materials provided with the distribution.
 35:  * * Neither the name of the Alpha Framework nor the names
 36:  *   of its contributors may be used to endorse or promote
 37:  *   products derived from this software without specific
 38:  *   prior written permission.
 39:  *
 40:  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
 41:  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
 42:  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 43:  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 44:  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
 45:  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 46:  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 47:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 48:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 49:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 50:  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 51:  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 52:  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 53:  * </pre>
 54:  *
 55:  */
 56: class EditArticle extends AlphaController implements AlphaControllerInterface {
 57:     /**
 58:      * The new article to be edited
 59:      *
 60:      * @var ArticleObject
 61:      * @since 1.0
 62:      */
 63:     protected $BO;
 64: 
 65:     /**
 66:      * Trace logger
 67:      *
 68:      * @var Logger
 69:      * @since 1.0
 70:      */
 71:     private static $logger = null;
 72: 
 73:     /**
 74:      * constructor to set up the object
 75:      *
 76:      * @since 1.0
 77:      */
 78:     public function __construct() {
 79:         self::$logger = new Logger('EditArticle');
 80:         self::$logger->debug('>>__construct()');
 81: 
 82:         global $config;
 83: 
 84:         // ensure that the super class constructor is called, indicating the rights group
 85:         parent::__construct('Standard');
 86: 
 87:         $this->BO = new ArticleObject();
 88: 
 89:         self::$logger->debug('<<__construct');
 90:     }
 91: 
 92:     /**
 93:      * Handle GET requests
 94:      *
 95:      * @param array $params
 96:      * @since 1.0
 97:      */
 98:     public function doGET($params) {
 99:         self::$logger->debug('>>doGET(params=['.var_export($params, true).'])');
100: 
101:         try{
102:             // load the business object (BO) definition
103:             if (isset($params['oid'])) {
104:                 if(!AlphaValidator::isInteger($params['oid']))
105:                     throw new IllegalArguementException('Article ID provided ['.$params['oid'].'] is not valid!');
106: 
107:                 $this->BO->load($params['oid']);
108: 
109:                 AlphaDAO::disconnect();
110: 
111:                 $BOView = AlphaView::getInstance($this->BO);
112: 
113:                 // set up the title and meta details
114:                 $this->setTitle($this->BO->get('title').' (editing)');
115:                 $this->setDescription('Page to edit '.$this->BO->get('title').'.');
116:                 $this->setKeywords('edit,article');
117: 
118:                 echo AlphaView::displayPageHead($this);
119: 
120:                 echo $BOView->editView();
121:             }else{
122:                 throw new IllegalArguementException('No valid article ID provided!');
123:             }
124:         }catch(IllegalArguementException $e) {
125:             self::$logger->error($e->getMessage());
126:         }catch(BONotFoundException $e) {
127:             self::$logger->warn($e->getMessage());
128:             echo AlphaView::displayErrorMessage('Failed to load the requested article from the database!');
129:         }
130: 
131:         echo AlphaView::renderDeleteForm();
132: 
133:         echo AlphaView::displayPageFoot($this);
134: 
135:         self::$logger->debug('<<doGET');
136:     }
137: 
138:     /**
139:      * Method to handle POST requests
140:      *
141:      * @param array $params
142:      * @since 1.0
143:      */
144:     public function doPOST($params) {
145:         self::$logger->debug('>>doPOST(params=['.var_export($params, true).'])');
146: 
147:         global $config;
148: 
149:         try {
150:             // check the hidden security fields before accepting the form POST data
151:             if(!$this->checkSecurityFields()) {
152:                 throw new SecurityException('This page cannot accept post data from remote servers!');
153:                 self::$logger->debug('<<doPOST');
154:             }
155: 
156:             if(isset($params['markdownTextBoxRows']) && $params['markdownTextBoxRows'] != '') {
157:                 $viewState = ViewState::getInstance();
158:                 $viewState->set('markdownTextBoxRows', $params['markdownTextBoxRows']);
159:             }
160: 
161:             if (isset($params['oid'])) {
162:                 if(!AlphaValidator::isInteger($params['oid']))
163:                     throw new IllegalArguementException('Article ID provided ['.$params['oid'].'] is not valid!');
164: 
165:                 $this->BO->load($params['oid']);
166: 
167:                 $BOView = AlphaView::getInstance($this->BO);
168: 
169:                 // set up the title and meta details
170:                 $this->setTitle($this->BO->get('title').' (editing)');
171:                 $this->setDescription('Page to edit '.$this->BO->get('title').'.');
172:                 $this->setKeywords('edit,article');
173: 
174:                 echo AlphaView::displayPageHead($this);
175: 
176:                 if (isset($params['saveBut'])) {
177: 
178:                     // populate the transient object from post data
179:                     $this->BO->populateFromPost();
180: 
181:                     try {
182:                         $success = $this->BO->save();
183:                         self::$logger->action('Article '.$this->BO->getID().' saved');
184:                         echo AlphaView::displayUpdateMessage('Article '.$this->BO->getID().' saved successfully.');
185:                     }catch (LockingException $e) {
186:                         $this->BO->reload();
187:                         echo AlphaView::displayErrorMessage($e->getMessage());
188:                     }
189: 
190:                     AlphaDAO::disconnect();
191:                     echo $BOView->editView();
192:                 }
193: 
194:                 if (!empty($params['deleteOID'])) {
195: 
196:                     $this->BO->load($params['deleteOID']);
197: 
198:                     try {
199:                         $this->BO->delete();
200:                         self::$logger->action('Article '.$params['deleteOID'].' deleted.');
201:                         AlphaDAO::disconnect();
202: 
203:                         echo AlphaView::displayUpdateMessage('Article '.$params['deleteOID'].' deleted successfully.');
204: 
205:                         echo '<center>';
206: 
207:                         $temp = new Button("document.location = '".FrontController::generateSecureURL('act=ListAll&bo='.get_class($this->BO))."'",
208:                             'Back to List','cancelBut');
209:                         echo $temp->render();
210: 
211:                         echo '</center>';
212:                     }catch(AlphaException $e) {
213:                         self::$logger->error($e->getTraceAsString());
214:                         echo AlphaView::displayErrorMessage('Error deleting the article, check the log!');
215:                     }
216:                 }
217: 
218:                 if(isset($params['uploadBut'])) {
219: 
220:                     // upload the file to the attachments directory
221:                     $success = move_uploaded_file($_FILES['userfile']['tmp_name'], $this->BO->getAttachmentsLocation().'/'.$_FILES['userfile']['name']);
222: 
223:                     if(!$success)
224:                         throw new AlphaException('Could not move the uploaded file ['.$_FILES['userfile']['name'].']');
225: 
226:                     // set read/write permissions on the file
227:                     $success = chmod($this->BO->getAttachmentsLocation().'/'.$_FILES['userfile']['name'], 0666);
228: 
229:                     if (!$success)
230:                         throw new AlphaException('Unable to set read/write permissions on the uploaded file ['.$this->BO->getAttachmentsLocation().'/'.$_FILES['userfile']['name'].'].');
231: 
232:                     if($success) {
233:                         echo AlphaView::displayUpdateMessage('File uploaded successfully.');
234:                         self::$logger->action('File '.$_FILES['userfile']['name'].' uploaded to '.$this->BO->getAttachmentsLocation().'/'.$_FILES['userfile']['name']);
235:                     }
236: 
237:                     $view = AlphaView::getInstance($this->BO);
238: 
239:                     echo $view->editView();
240:                 }
241: 
242:                 if (!empty($params['file_to_delete'])) {
243: 
244:                     $success = unlink($this->BO->getAttachmentsLocation().'/'.$params['file_to_delete']);
245: 
246:                     if(!$success)
247:                         throw new AlphaException('Could not delete the file ['.$params['file_to_delete'].']');
248: 
249:                     if($success) {
250:                         echo AlphaView::displayUpdateMessage($params['file_to_delete'].' deleted successfully.');
251:                         self::$logger->action('File '.$this->BO->getAttachmentsLocation().'/'.$params['file_to_delete'].' deleted');
252:                     }
253: 
254:                     $view = AlphaView::getInstance($this->BO);
255: 
256:                     echo $view->editView();
257:                 }
258:             }else{
259:                 throw new IllegalArguementException('No valid article ID provided!');
260:             }
261:         }catch(SecurityException $e) {
262:             echo AlphaView::displayErrorMessage($e->getMessage());
263:             self::$logger->warn($e->getMessage());
264:         }catch(IllegalArguementException $e) {
265:             echo AlphaView::displayErrorMessage($e->getMessage());
266:             self::$logger->error($e->getMessage());
267:         }catch(BONotFoundException $e) {
268:             self::$logger->warn($e->getMessage());
269:             echo AlphaView::displayErrorMessage('Failed to load the requested article from the database!');
270:         }catch(AlphaException $e) {
271:             echo AlphaView::displayErrorMessage($e->getMessage());
272:             self::$logger->error($e->getMessage());
273:         }
274: 
275:         echo AlphaView::renderDeleteForm();
276: 
277:         echo AlphaView::displayPageFoot($this);
278: 
279:         self::$logger->debug('<<doPOST');
280:     }
281: 
282:     /**
283:      * Renders the Javascript required in the header by markItUp!
284:      *
285:      * @return string
286:      * @since 1.0
287:      */
288:     public function during_displayPageHead_callback() {
289:         global $config;
290: 
291:         $fieldid = ($config->get('security.encrypt.http.fieldnames') ? 'text_field_'.base64_encode(AlphaSecurityUtils::encrypt('content')).'_0' : 'text_field_content_0');
292: 
293:         $html = '
294:             <script type="text/javascript">
295:             $(document).ready(function() {
296:                 $(\'[id="'.$fieldid.'"]\').pagedownBootstrap({
297:                     \'sanatize\': false
298:                 });
299:             });
300:             </script>';
301: 
302:         return $html;
303:     }
304: 
305:     /**
306:      * Use this callback to inject in the admin menu template fragment for admin users of
307:      * the backend only.
308:      *
309:      * @since 1.2
310:      */
311:     public function after_displayPageHead_callback() {
312:         $menu = '';
313: 
314:         if (isset($_SESSION['currentUser']) && AlphaDAO::isInstalled() && $_SESSION['currentUser']->inGroup('Admin') && mb_strpos($_SERVER['REQUEST_URI'], '/tk/') !== false) {
315:             $menu .= AlphaView::loadTemplateFragment('html', 'adminmenu.phtml', array());
316:         }
317: 
318:         return $menu;
319:     }
320: }
321: 
322: // now build the new controller
323: if(basename($_SERVER['PHP_SELF']) == 'EditArticle.php') {
324:     $controller = new EditArticle();
325: 
326:     if(!empty($_POST)) {
327:         $controller->doPOST($_REQUEST);
328:     }else{
329:         $controller->doGET($_GET);
330:     }
331: }
332: 
333: ?>