-
Notifications
You must be signed in to change notification settings - Fork 3
/
preview_site.php
65 lines (45 loc) · 2.11 KB
/
preview_site.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
<?php
/**
*
* preview page, brings up a preview page for the editor to see their changes
*
* @author Patrick Lockley
* @version 1.0
* @copyright Copyright (c) 2008,2009 University of Nottingham
* @package
*/
require_once(dirname(__FILE__) . "/config.php");
_load_language_file("/preview.inc");
require $xerte_toolkits_site->php_library_path . "screen_size_library.php";
require $xerte_toolkits_site->php_library_path . "template_status.php";
require $xerte_toolkits_site->php_library_path . "user_library.php";
/*
* Check the ID is numeric
*/
if(isset($_SESSION['toolkits_logon_id'])) {
if(is_numeric($_GET['template_id'])) {
$safe_template_id = (int) $_GET['template_id'];
// Need to run a proper string replace on any embedded instances of '$xerte_toolkits_site->database_table_prefix' so it's actually expanded.
$query_for_preview_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query);
/*
* Standard query
*/
$query_for_preview_content = str_replace("TEMPLATE_ID_TO_REPLACE", $safe_template_id, $query_for_preview_content_strip);
$row = db_query_one($query_for_preview_content);
// get their username from the db which matches their login_id from the $_SESSION
$row_username = db_query_one("select username from {$xerte_toolkits_site->database_table_prefix}logindetails where login_id=?", array($row['user_id']));
// is there a matching template?
if(!empty($row)) {
// if they're an admin or have rights to see the template, then show it.
if(is_user_admin() || has_rights_to_this_template($row['template_id'], $_SESSION['toolkits_logon_id'])){
require $xerte_toolkits_site->root_file_path . "modules/" . $row['template_framework'] . "/preview_site.php";
show_preview_code($row, $row_username);
exit(0);
}
}
}else{
echo PREVIEW_RESOURCE_FAIL;;
}
}else{
echo PREVIEW_RESOURCE_FAIL;
}