<?php


    # pagepost.php - Create or save a page


    #login
    include_once 'data_connect.php';
    include 'log.php';
    include 'en_code.php';


    # user rights- admins only
    if (get_account($_SESSION['userID'])['rights'] != 'administrator') {
        header('Location:panel.php');
        exit();
    }
    


    # class getpage - uniqueid, title, description, content, filename 
    class getpage {
    
        function __construct() {
            
            foreach ($_POST as $key => $val)
                $this->$key = $val;

            return true;
        }
    }

    

    # Create a page
    function pagepost() {
        
        
        $p = new getpage();
        
        $page = $p->uniqueid.'.xml';
        $pagexml = simplexml_object($page,'l','page');
        $xml_struc = '<?xml version="1.0" encoding="utf-8"?><savedpage><title>Saved Page</title><pageinfo></pageinfo></savedpage>';

        
        # filename check
        if ($p->filename != '') {


            $filename = str_replace(array('&','/',' ','$','+',',',':',';','=','?','@','<','>','#','%','{','}','|','^','~','[',']','`','\\','\'','"'),'',$p->filename);
            $filename = str_replace(array('\n','\r'),'',$filename);
            
                        
            
            # exclude these names
            $names = ['index',
                      'pagep'
                      ];

            if (in_array($filename,$names))
                $filename = '_'.$filename;
            
            
            
            # find out if the filename already exists
            $pages = glob('savedpages/*.xml');
            $cur = array_search('savedpages/'.$page,$pages);
            
            if ($cur !== false) 
                unset($pages[$cur]);
            
            foreach ($pages as $pg) {
                $file = simplexml_object(basename($pg),'l','page');
                if(!is_array($file)) {
                    $fname = $file->pageinfo->page->filename;
                    if ($filename == $fname) 
                        $filename = '_'.$fname;
                }
            }
        
            

            # if the filename has changed by the user, delete the old one and also delete the respective page
            if (!is_array($pagexml)) {
                $oldname = $pagexml->pageinfo->page->filename;
                if ($oldname != $filename && is_file('../'.$oldname.'.php'))
                    unlink('../'.$oldname.'.php');
            }
        }
        
        else
            $filename = !is_array($pagexml) ? $pagexml->pageinfo->page->filename : '_'.time();
        

        
        # create file and update log
        if ($pagexml == ['missingfile']) {
            
            touch('savedpages/'.$page);
            $sum = get_log()['pages'];
            $sum += 1;
            update_log('pages',$sum);
        }
        
        $title = remove_tags((string)$p->title);
        $description = str_replace(array("\n","\r"),'',(string)$p->description);
        

        if (is_array($pagexml))
            $saved = new simpleXMLElement($xml_struc);
        else
            $saved = simplexml_object($page,'e','page');

        $saved->pageinfo->page->filename = $filename;
        $saved->pageinfo->page->title = $title;
        $saved->pageinfo->page->description = $description;
        $saved->pageinfo->page->editor = $_SESSION['userID'];
        $saved->pageinfo->page->modified = time();
        
        file_put_contents('savedpages/'.$p->uniqueid.'.htm',str_replace(array('<?','?>'),'',$p->content));    
        
        # Save the page
        if ($saved->pageinfo->page->published != 'hidden') {
            $pagecontent ='<?php $pn = "'.$p->uniqueid.'"; if(!file_exists("pagep.php")) exit("Error loading content. Please come back later."); include "pagep.php" ?>';
            file_put_contents('../'.$filename.'.php',$pagecontent);
            $visit = '<a href="../'.$filename.'.php" target="_blank">Visit page</a>';
        }
        
        
        # save xml
        simplexml_object_save($page,$saved,'page');
        
        
        # different messages for published and unpublished
        $visit = isset($visit) ? $visit : '<span>Unpublished</span>';
        echo 'Page saved - '.date("H:i",time()).'&nbsp;-&nbsp;'.$visit;
        
        return true;
    }

        
    if (isset($_POST['uniqueid']))
        pagepost()

?>