Portions created by the Initial Developer are Copyright (C) 2008-2016 the Initial Developer. All Rights Reserved. Contributor(s): Mark J Crane */ include "root.php"; require_once "resources/require.php"; require_once "resources/check_auth.php"; if (permission_exists('menu_add') || permission_exists('menu_edit')) { //access granted } else { echo "access denied"; return; } //add multi-lingual support $language = new text; $text = $language->get(); //get the menu_uuid $menu_uuid = check_str($_REQUEST["id"]); $menu_item_uuid = check_str($_REQUEST['menu_item_uuid']); $group_uuid_name = check_str($_REQUEST['group_uuid_name']); $menu_item_group_uuid = check_str($_REQUEST['menu_item_group_uuid']); //delete the group from the menu item if ($_REQUEST["a"] == "delete" && permission_exists("menu_delete") && $menu_item_group_uuid != '') { //delete the group from the users $sql = "delete from v_menu_item_groups "; $sql .= "where menu_item_group_uuid = '".$menu_item_group_uuid."' "; $db->exec(check_sql($sql)); //redirect the browser messages::add($text['message-delete']); header("Location: menu_item_edit.php?id=".$menu_uuid."&menu_item_uuid=".$menu_item_uuid."&menu_uuid=".$menu_uuid); return; } //action add or update if (isset($_REQUEST["menu_item_uuid"])) { if (strlen($_REQUEST["menu_item_uuid"]) > 0) { $action = "update"; $menu_item_uuid = check_str($_REQUEST["menu_item_uuid"]); } else { $action = "add"; } } else { $action = "add"; } //clear the menu session so it will rebuild with the update $_SESSION["menu"] = ""; //get the HTTP POST variables and set them as PHP variables if (count($_POST) > 0) { $menu_uuid = check_str($_POST["menu_uuid"]); $menu_item_uuid = check_str($_POST["menu_item_uuid"]); $menu_item_title = check_str($_POST["menu_item_title"]); $menu_item_link = check_str($_POST["menu_item_link"]); $menu_item_category = check_str($_POST["menu_item_category"]); $menu_item_icon = check_str($_POST["menu_item_icon"]); $menu_item_description = check_str($_POST["menu_item_description"]); $menu_item_protected = check_str($_POST["menu_item_protected"]); //$menu_item_uuid = check_str($_POST["menu_item_uuid"]); $menu_item_parent_uuid = check_str($_POST["menu_item_parent_uuid"]); $menu_item_order = check_str($_POST["menu_item_order"]); } //when a HTTP POST is available then process it if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { if ($action == "update") { $menu_item_uuid = check_str($_POST["menu_item_uuid"]); } //check for all required data $msg = ''; if (strlen($menu_item_title) == 0) { $msg .= $text['message-required'].$text['label-title']."
\n"; } if (strlen($menu_item_category) == 0) { $msg .= $text['message-required'].$text['label-category']."
\n"; } //if (strlen($menu_item_link) == 0) { $msg .= $text['message-required'].$text['label-link']."
\n"; } if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) { require_once "resources/header.php"; require_once "resources/persist_form_var.php"; echo "

\n"; echo "

\n"; echo $msg."
"; echo "

\n"; persistformvar($_POST); echo "

\n"; require_once "resources/footer.php"; return; } //add or update the database if ($_POST["persistformvar"] != "true") { //get the language from the menu $sql = "SELECT menu_language FROM v_menus "; $sql .= "where menu_uuid = '$menu_uuid' "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); foreach ($result as &$row) { $menu_language = $row['menu_language']; } //get the highest menu item order if (strlen($menu_item_parent_uuid) == 0) { $sql = "SELECT menu_item_order FROM v_menu_items "; $sql .= "where menu_uuid = '$menu_uuid' "; $sql .= "and menu_item_parent_uuid is null "; $sql .= "order by menu_item_order desc "; $sql .= "limit 1 "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); foreach ($result as &$row) { $highest_menu_item_order = $row['menu_item_order']; } unset($prep_statement); } //add a menu item if ($action == "add" && permission_exists('menu_add')) { $menu_item_uuid = uuid(); $sql = "insert into v_menu_items "; $sql .= "("; $sql .= "menu_uuid, "; $sql .= "menu_item_title, "; $sql .= "menu_item_link, "; $sql .= "menu_item_category, "; $sql .= "menu_item_icon, "; $sql .= "menu_item_description, "; $sql .= "menu_item_protected, "; $sql .= "menu_item_uuid, "; $sql .= "menu_item_parent_uuid, "; if (strlen($menu_item_parent_uuid) == 0) { $sql .= "menu_item_order, "; } $sql .= "menu_item_add_user, "; $sql .= "menu_item_add_date "; $sql .= ")"; $sql .= "values "; $sql .= "("; $sql .= "'$menu_uuid', "; $sql .= "'$menu_item_title', "; $sql .= "'$menu_item_link', "; $sql .= "'$menu_item_category', "; $sql .= "'$menu_item_icon', "; $sql .= "'$menu_item_description', "; $sql .= "'$menu_item_protected', "; $sql .= "'".$menu_item_uuid."', "; if (strlen($menu_item_parent_uuid) == 0) { $sql .= "null, "; $sql .= "'".($highest_menu_item_order+1)."', "; } else { $sql .= "'$menu_item_parent_uuid', "; } $sql .= "'".$_SESSION["username"]."', "; $sql .= "now() "; $sql .= ")"; $db->exec(check_sql($sql)); unset($sql); } //update the menu item if ($action == "update" && permission_exists('menu_edit')) { $sql = "update v_menu_items set "; $sql .= "menu_item_title = '$menu_item_title', "; $sql .= "menu_item_link = '$menu_item_link', "; $sql .= "menu_item_category = '$menu_item_category', "; $sql .= "menu_item_icon = '$menu_item_icon', "; $sql .= "menu_item_description = '$menu_item_description', "; $sql .= "menu_item_protected = '$menu_item_protected', "; if (strlen($menu_item_parent_uuid) == 0) { $sql .= "menu_item_parent_uuid = null, "; if (strlen($menu_item_order) > 0) { $sql .= "menu_item_order = '$menu_item_order', "; } else { $sql .= "menu_item_order = '".($highest_menu_item_order+1)."', "; } } else { $sql .= "menu_item_parent_uuid = '$menu_item_parent_uuid', "; } $sql .= "menu_item_mod_user = '".$_SESSION["username"]."', "; $sql .= "menu_item_mod_date = now() "; $sql .= "where menu_uuid = '$menu_uuid' "; $sql .= "and menu_item_uuid = '$menu_item_uuid' "; $count = $db->exec(check_sql($sql)); } //add a group to the menu if ($_REQUEST["a"] != "delete" && strlen($group_uuid_name) > 0 && permission_exists('menu_add')) { $group_data = explode('|', $group_uuid_name); $group_uuid = $group_data[0]; $group_name = $group_data[1]; //add the group to the menu if (strlen($menu_item_uuid) > 0) { $menu_item_group_uuid = uuid(); $sql_insert = "insert into v_menu_item_groups "; $sql_insert .= "("; $sql_insert .= "menu_item_group_uuid, "; $sql_insert .= "menu_uuid, "; $sql_insert .= "menu_item_uuid, "; $sql_insert .= "group_name, "; $sql_insert .= "group_uuid "; $sql_insert .= ")"; $sql_insert .= "values "; $sql_insert .= "("; $sql_insert .= "'".$menu_item_group_uuid."', "; $sql_insert .= "'".$menu_uuid."', "; $sql_insert .= "'".$menu_item_uuid."', "; $sql_insert .= "'".$group_name."', "; $sql_insert .= "'".$group_uuid."' "; $sql_insert .= ")"; $db->exec($sql_insert); } } //add title to menu languages if ($_REQUEST["a"] != "delete" && strlen($menu_item_title) > 0 && permission_exists('menu_add')) { $sql = "select count(*) as num_rows from v_menu_languages "; $sql .= "where menu_item_uuid = '".$menu_item_uuid."' "; $sql .= "and menu_language = '$menu_language' "; $prep_statement = $db->prepare($sql); $prep_statement->execute(); $row = $prep_statement->fetch(PDO::FETCH_ASSOC); if ($row['num_rows'] == 0) { $sql_insert = "insert into v_menu_languages "; $sql_insert .= "("; $sql_insert .= "menu_language_uuid, "; $sql_insert .= "menu_uuid, "; $sql_insert .= "menu_item_uuid, "; $sql_insert .= "menu_language, "; $sql_insert .= "menu_item_title "; $sql_insert .= ")"; $sql_insert .= "values "; $sql_insert .= "("; $sql_insert .= "'".uuid()."', "; $sql_insert .= "'".$menu_uuid."', "; $sql_insert .= "'".$menu_item_uuid."', "; $sql_insert .= "'".$menu_language."', "; $sql_insert .= "'".$menu_item_title."' "; $sql_insert .= ")"; $db->exec($sql_insert); } else { $sql = "update v_menu_languages set "; $sql .= "menu_item_title = '$menu_item_title' "; $sql .= "where menu_uuid = '$menu_uuid' "; $sql .= "and menu_item_uuid = '$menu_item_uuid' "; $sql .= "and menu_language = '$menu_language' "; $count = $db->exec(check_sql($sql)); } } //set response message if ($action == "add") { messages::add($text['message-add']); } if ($action == "update") { messages::add($text['message-update']); } //redirect the user if ($_REQUEST['submit'] == $text['button-add']) { header("Location: menu_item_edit.php?id=".$menu_uuid."&menu_item_uuid=".$menu_item_uuid."&menu_uuid=".$menu_uuid); } else { header("Location: menu_edit.php?id=".$menu_uuid); } return; } //if ($_POST["persistformvar"] != "true") } //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) //pre-populate the form if (count($_GET)>0 && $_POST["persistformvar"] != "true") { $menu_item_uuid = $_GET["menu_item_uuid"]; $sql = "select * from v_menu_items "; $sql .= "where menu_uuid = '$menu_uuid' "; $sql .= "and menu_item_uuid = '$menu_item_uuid' "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); foreach ($result as &$row) { $menu_item_title = $row["menu_item_title"]; $menu_item_link = $row["menu_item_link"]; $menu_item_category = $row["menu_item_category"]; $menu_item_icon = $row["menu_item_icon"]; $menu_item_description = $row["menu_item_description"]; $menu_item_protected = $row["menu_item_protected"]; $menu_item_parent_uuid = $row["menu_item_parent_uuid"]; $menu_item_order = $row["menu_item_order"]; $menu_item_add_user = $row["menu_item_add_user"]; $menu_item_add_date = $row["menu_item_add_date"]; //$menu_item_del_user = $row["menu_item_del_user"]; //$menu_item_del_date = $row["menu_item_del_date"]; $menu_item_mod_user = $row["menu_item_mod_user"]; $menu_item_mod_date = $row["menu_item_mod_date"]; } } //get the the menu items $sql = "SELECT * FROM v_menu_items "; $sql .= "where menu_uuid = '$menu_uuid' "; $sql .= "order by menu_item_title asc "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $menu_items = $prep_statement->fetchAll(PDO::FETCH_NAMED); //get the assigned groups $sql = "select "; $sql .= " mig.*, g.domain_uuid as group_domain_uuid "; $sql .= "from "; $sql .= " v_menu_item_groups as mig, "; $sql .= " v_groups as g "; $sql .= "where "; $sql .= " mig.group_uuid = g.group_uuid "; $sql .= " and mig.menu_uuid = :menu_uuid "; $sql .= " and mig.menu_item_uuid = :menu_item_uuid "; $sql .= "order by "; $sql .= " g.domain_uuid desc, "; $sql .= " g.group_name asc "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->bindParam(':menu_uuid', $menu_uuid); $prep_statement->bindParam(':menu_item_uuid', $menu_item_uuid); $prep_statement->execute(); $menu_item_groups = $prep_statement->fetchAll(PDO::FETCH_NAMED); unset($sql, $prep_statement); //set the assigned_groups array foreach($menu_item_groups as $field) { if (strlen($field['group_name']) > 0) { $assigned_groups[] = $field['group_uuid']; } } //get the groups $sql = "select * from v_groups "; if (sizeof($assigned_groups) > 0) { $sql .= "where group_uuid not in ('".implode("','",$assigned_groups)."') "; } $sql .= "order by domain_uuid desc, group_name asc "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $groups = $prep_statement->fetchAll(PDO::FETCH_NAMED); unset($sql, $prep_statement); //include the header require_once "resources/header.php"; if ($action == "update") { $document['title'] = $text['title-menu_item-edit']; } if ($action == "add") { $document['title'] = $text['title-menu_item-add']; } echo "

\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo "\n"; echo "\n"; echo "\n"; echo "\n"; if ($action == "update") { if ($menu_item_parent_uuid == "") { echo " "; echo " "; echo " "; echo " "; } } echo " "; echo " "; echo " "; echo " "; if (permission_exists('menu_add') || permission_exists('menu_edit')) { echo " \n"; echo " "; echo " "; } echo "

\n"; echo " \n"; if ($action == "update") { echo " ".$text['header-menu_item-edit']."\n"; } if ($action == "add") { echo " ".$text['header-menu_item-add']."\n"; } echo " \n"; echo "

"; echo " "; echo " \n"; echo "

"; echo "

".$text['label-title']."

".$text['label-link']."

".$text['label-category']."

"; echo " "; echo "

".$text['label-icon']."

"; if (file_exists($_SERVER["PROJECT_ROOT"].'/resources/bootstrap/glyphicons.json')) { $tmp_array = json_decode(file_get_contents($_SERVER["PROJECT_ROOT"].'/resources/bootstrap/glyphicons.json'), true); if (is_array($tmp_array['icons']) && sizeof($tmp_array['icons']) > 0) { // rebuild and sort array foreach ($tmp_array['icons'] as $i => $glyphicon) { $tmp_string = str_replace('glyphicon-', '', $glyphicon['id']); $tmp_string = str_replace('-', ' ', $tmp_string); $tmp_string = ucwords($tmp_string); $glyphicons[$glyphicon['id']] = $tmp_string; } asort($glyphicons, SORT_STRING); echo "\n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo "

\n"; echo " \n"; echo "

\n"; echo " "; echo "

\n"; echo ""; } } else { echo " "; } echo "

".$text['label-parent_menu']."

"; echo ""; unset($sql, $result); echo "

".$text['label-groups']."

"; if (is_array($menu_item_groups)) { echo "\n"; foreach($menu_item_groups as $field) { if (strlen($field['group_name']) > 0) { echo "\n"; echo " \n"; if (permission_exists('group_member_delete') || if_group("superadmin")) { echo " "; } echo "\n"; } } echo "

"; echo $field['group_name'].(($field['group_domain_uuid'] != '') ? "@".$_SESSION['domains'][$field['group_domain_uuid']]['domain_name'] : null); echo "

"; echo "".$v_link_label_delete.""; echo "

\n"; } if (is_array($groups)) { echo "
\n"; echo ""; echo "\n"; } echo "

\n"; echo " ".$text['label-protected']."\n"; echo "

\n"; echo "
\n"; echo $text['description-protected']."
\n"; echo "\n"; echo "

".$text['label-menu_order']."

".$text['label-description']."

\n"; echo " "; echo " "; echo " \n"; echo " "; echo " "; echo "

"; echo "

"; if ($action == "update") { echo " "; } echo " "; echo " "; echo "
"; echo " \n"; echo "

"; echo "

"; echo "

"; echo "

"; //include the footer require_once "resources/footer.php"; ?>