/
ajax_connector.php
119 lines (91 loc) · 3.01 KB
/
ajax_connector.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
<?php
/**
* phpwcms content management system
*
* @author Oliver Georgi <og@phpwcms.org>
* @copyright Copyright (c) 2002-2021, Oliver Georgi
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.org
*
**/
// general wrapper for ajax based queries
$phpwcms = array('SESSION_START' => true);
require '../../include/config/conf.inc.php';
require '../inc_lib/default.inc.php';
require_once PHPWCMS_ROOT.'/include/inc_lib/helper.session.php';
require PHPWCMS_ROOT.'/include/inc_lib/dbcon.inc.php';
require PHPWCMS_ROOT.'/include/inc_lib/general.inc.php';
require PHPWCMS_ROOT.'/include/inc_lib/backend.functions.inc.php';
if(empty($_SESSION["wcs_user"])) {
headerRedirect('', 401);
die('Sorry, access forbidden');
}
if(isset($_POST['action'])) {
$action = isset($_POST['action']) ? $_POST['action'] : false;
$method = isset($_POST['method']) ? $_POST['method'] : 'json';
$value = isset($_POST['value']) ? clean_slweg($_POST['value'], 0, false) : '';
$jquery = false;
} elseif($_GET['action']) {
$action = isset($_GET['action']) ? $_GET['action'] : false;
$method = isset($_GET['method']) ? $_GET['method'] : 'json';
$value = isset($_GET['value']) ? clean_slweg($_GET['value'], 0, false) : '';
$jquery = true;
}
if(empty($value)) {
$action = 'empty';
}
// do charset conversions for value
if(PHPWCMS_CHARSET != 'utf-8') {
$value = @mb_convert_encoding( $value, PHPWCMS_CHARSET, 'utf-8' );
}
$data = array();
switch($action) {
case 'category':
$where = "cat_status=1 AND cat_type NOT IN('module_shop') AND ";
$where .= "cat_name LIKE '%" . _dbEscape( preg_replace('/[^\w\- ]/', '', $value), false ) . "%'";
$result = _dbGet('phpwcms_categories', 'cat_name', $where, 'cat_name', 'cat_name', 20);
if(isset($result[0])) {
if($jquery) {
$data = $result;
} else {
foreach($result as $value) {
$data[] = utf8_encode($value['cat_name']);
}
}
}
break;
case 'newstags':
$where = "cat_status=1 AND cat_type='news' AND ";
$where .= "cat_name LIKE '%" . _dbEscape( preg_replace('/[^\w\- ]/', '', $value), false ) . "%'";
$result = _dbGet('phpwcms_categories', 'cat_name', $where, 'cat_name', 'cat_name', 20);
if(isset($result[0])) {
if($jquery) {
$data = $result;
} else {
foreach($result as $value) {
$data[] = utf8_encode($value['cat_name']);
}
}
}
break;
case 'lang':
$data = is_array($phpwcms['allowed_lang']) && count($phpwcms['allowed_lang']) ? $phpwcms['allowed_lang'] : array($phpwcms['default_lang']);
sort($data);
break;
case 'flush_image_cache':
$files = returnFileListAsArray(PHPWCMS_ROOT.'/'.PHPWCMS_IMAGES, array('jpg', 'png', 'gif', 'svg'));
$data = array('file_count' => 0, 'status' => 'ok');
if(is_array($files)) {
$data['file_count'] = count($files);
foreach($files as $file) {
@unlink(PHPWCMS_ROOT.'/'.PHPWCMS_IMAGES.$file['filename']);
}
} else {
$data['status'] = '';
}
break;
}
if($method === 'json') {
header('Content-type: application/json');
echo json_encode($data);
}