Blocks by Module 2013 - need help :)

Posted: Mon Oct 28, 2013 3:33 am

I compiled and zip all files in order to make it available for others.

Download Link
[ Only registered users can see links on this board! Get registered or login! ]

Site Admin Joined: Aug 22, 2007 Posts: 1772

draxx wrote:

If this your way of saying you want me to buy you lunch for fixing this much needed module I am very happy to do so! Smile

What is your paypal?

No, what that meant! I meant that I will not rewrite it myself in the near future in this direction. I just wanted to help the old code to write safe and clean. Always easy to get from one to the other but I have my own project, which cost me a lot of time. If someone else wants to write it, he now has a reasonable basis. But I will not stop you from thinking about donating something. Smile

On my media-page you can find a donation button. There should be no solicitation - more of a hint. Such individual adjustments to cost a lot of time to put it up to write for free. Maybe someone can find the time or do you even supplemented the script.

misterstereus wrote:

This is my fix for your file

This is again the old outdated and unsecure code. There are a lot of issues (security and validation). Without to recode it, i would never use it in this way - not recommended!

Involved Joined: Nov 19, 2003 Posts: 282

misterstereus wrote:

This is my fix for your file

neralex wrote:

This is again the old outdated and unsecure code. There are a lot of issues (security and validation). Without to recode it, i would never use it in this way - not recommended!

Yes but his code works completely!

You say that what I want from the module is not possible. Yet his code does it. I say your transported code only needs a slight adjustment to completely function as intended also but I can't see what that is.

It is has to do with the update of the block weight. When you edit block weight your code updates the weight of a block in all the titles - it should only update the weight of the block in the title being edited.

His code works perfectly and I think it is only a small change in your code for it to work perfectly too .... but I am too stupid to figure it out Smile

Posted: Mon Oct 28, 2013 12:43 pm

I have never written, that is not possible but i believe you don't have understand it, what i mean. I don't want start from scratch to fix all his security and validation issues... sorry! You are free to use and/or rewrite all of them. But its your risk to use his code. It could be a good start to expand your own experiences with PHP.

Posted: Mon Oct 28, 2013 12:57 pm

neralex wrote:

I don't start from scratch to fix all his security and validation issues... sorry! You are free to use and/or rewrite all of them. But its your risk to use his code. It could be a good start to expand your own experiences with PHP.

Please don't misunderstand. I think you made a perfect port!!

You see the original file does this as well. I think it is a problem with the update of php or something like that.

So your port was perfect! Wink

It's okay I will ask misterstereus to fix your version of this function as he apparently already knows the answer since he fixed his. Thanks again for all your help in this regard.

Posted: Mon Oct 28, 2013 1:39 pm

You can use my gile becouse it is an admin file and not important validate not see users or spyders

Posted: Mon Oct 28, 2013 3:19 pm

misterstereus, you have security issues in your file - you should really protect your queries! No query is escaped, where is it needed, no numeric checks, etc. Its possible to manipulate it and you should add everytime csrf-checks if you are sending variables via GET and POST through functions to store data in the database! You are typing a very unsecure and outdated way in PHP. Not only if its an admin-file, then is it automaticly secure!

Validation have nothing to with users and spiders. Its a clear code standard and if you have a validated theme, like all themes in RN, then it should also have a validated code in the admin-areas. All other ways looks very ugly and later with HTML5 you get a lot of more validation issues.

I can only repeat it again, try to go new ways instead to hold on your old thinking. Smile

Posted: Mon Oct 28, 2013 6:03 pm

Quote:

You can use my gile becouse it is an admin file and not important validate not see users or spyders

First of all, I would like to tell you some things and ask you some questions:

If you do not care about validation or security as it looks like u don't..how is possible you are running RavenNuke ( one of the most secure and validate CMS I ever found) I fought for years testing blocks, modules, addons, mods which were having problems all the time and unfortunately some few people care.

I just visited your site and you have 153 warning errors like this example.

line 403 column 239 - Warning: <img> dropping value "0" for repeated attribute "border"

Code:

<img  width="80px" src="modules/Catalogo/images/products/thumbnails/386.png"border="0" /></a></td>

line 278 column 157 - Warning: missing </a> before <center>

Explain to me why do we need to use your file? In my opinion I suggest to not use your file in a production site.

About neralex:

I've been in discussion with him many times for different things but I am not blind to undertand how precisely he always does everytime he converted an old module, blocks, themes, addon, etc...His website loads in seconds, it is really fast and W3C Standard Validated.

The way neralex is bringing or showing the files should be the way RaveNuke(CMS) builds his own future and we should be more openmind in trying to do the same. Why do we need to get stuck in the past with old unsecure stuff?

If we need to put some money on the table to be motivated to make new modules, blocks, addons, new themes or fix or convert old stuff I do want to participate and I do agree with neralex's opinion.

I understand we are in a difficult time right now but if we all together just give a little money it becomes a lot.

Example: I need to convert Multiheadlines module for RavenNuke is has to be secure and validated.

I can put $5( I know it is not so much but if everybody contribute then it is not so much and then we can have more new cool stuff instead of fighting all time. In my eyes I don't see any progress because of the fact some people do not want to follow the most efficient way, others do not have the time, no motivation, tired of working hours and hours.)

Very Happy

Let's be happy because I am trying to learn from many of you even I am a pain in the ass sometimes. I just want to see cool stuff.

This addon should be in the next version of RavenNuke if it is possible. It is really cool but I don't think anybody want to see his site hacked right?

Sorry for the long text

Posted: Mon Oct 28, 2013 6:21 pm

I have fixed Narelex's file myself by comparing the difference between misterstereus two versions and identifying the changes.

It only needed changed 2 lines of code with 1 variable. It now works as intended.

Thanks again to everyone who contributed to this effort. I am always thrilled to see the many come together.

For me I tend to agree with misterstereus as in this case only the admin can access the code presented. If a hacker has taken over the admin panel of your site to open the blocks by module manager then improper code in that file is the least of your worries!

However the control panel made by misterstereus does not allow you to select multiple modules at once to add a single block. You must do it one by one. It is this reason I prefer the Neralex version because it does allow this.

For those who care here is the working Neralex version:

Code:




<?php


/**


* @package: RN Admin Module - WB_BlocksManager


* @version: 1.0


* @file: blocks_manager.php


* @copyright: WB_BlocksManager v0.2 (c) 2003 Paulo Ferreira http://www.phpnuke-belgique.org


* @modifications: Easy Position Change, Block Position by Module, Multi Add/Remove of Selected Blocks


* @modifications: (c) 2004 James Johnston http://www.phpnuke-belgique.org


* @Updated for PHPNuke 7.4: (c) 2004 spcdata http://www.nextnet.se


* @Updated for RavenNuke(tm) v25x: (c) 2013 by neralex - http://www.media.soefm.de


* @license: http://opensource.org/licenses/gpl-license.php GNU Public License


*/


 


if (!defined('ADMIN_FILE')) {die('Illegal File Access');}


if (!defined('PHP_EOL')) define('PHP_EOL', strtoupper(substr(PHP_OS,0,3) == 'WIN') ? "\r\n" : "\n");


 


$centerblocks_only_for_home = 0; # set to 0 to have the option every time


 


if (is_mod_admin('admin')) {


 


if (!isset($op)) $op = '';


if (!isset($wb_name)) $wb_name = '';


if (!isset($bidrep)) $bidrep = '';


 


switch($op) {


case 'BlocksManager':


BlocksManager($wb_name);


break;


case 'BlocksManager_Add':


csrf_check();


BlocksManager_Add($bida, $title, $wb_name);


break;


case 'BlocksManager_Remove':


csrf_check();


BlocksManager_Remove($bidr, $title, $wb_name);


break;


case 'BlocksManager_BlockPosition':


csrf_check();


BlocksManager_BlockPosition($bid, $title, $position);


break;


case 'BlocksManager_FixWeight':


csrf_check();


BlocksManager_FixWeight($wb_name);


break;


case 'BlocksManager_BlockOrder':


csrf_check();


BlocksManager_BlockOrder($weightrep, $weight, $bidrep, $bidori, $title);


break;


 


}


 


} else {


echo 'Access Denied';


}


die();


 


/*********************************************************/


/* Blocks_Manager Functions */


/*********************************************************/


 


function BlocksManager($wb_name) {


global $admin_file, $prefix, $db, $currentlang, $multilingual, $centerblocks_only_for_home;


$table = $db->sql_fetchrow($db->sql_query('SHOW TABLES LIKE \'' . $prefix . '_blocks_manager\''));


if (isset($table['0'])) {


$blma_css = '<style type="text/css">' . PHP_EOL


. '.noborder {border:none;}' . PHP_EOL


. '.valign_top {vertical-align:top;}' . PHP_EOL


. '.valign_bottom {vertical-align:bottom;}' . PHP_EOL


. '.valign_middle {vertical-align:middle;}' . PHP_EOL


. '.blma_maintable {border-top:1px solid; border-bottom:1px solid; width:100%; border-spacing:0px;}' . PHP_EOL


. '.blma_maintable td:first-child {border-left:1px solid;}' . PHP_EOL


. '.blma_maintable td {padding:0; border-top:1px solid; border-top:1px solid; border-right:1px solid; display:table-cell; vertical-align:middle; text-align:center; padding:2px 0 2px 0;}' . PHP_EOL


. '.blma_maintable img {border:none;}' . PHP_EOL


. '.blma_maintable tr:first-child {font-weight:bold;border-bottom:1px solid;}' . PHP_EOL


. '.blma_maintable tr:first-child td {border-top:none;}' . PHP_EOL


. '.blma_addnewtable {border:none; border-spacing:0px; width:80%;}' . PHP_EOL


. '.blma_addnewtable td {display:table-cell; text-align:center;}' . PHP_EOL


. '</style>' . PHP_EOL;


addCSSToHead($blma_css, 'inline');


include_once 'header.php';


GraphicAdmin();


OpenTable();


echo '<div class="text-center thick">' , _BLOCKMGR_BLOCKSADMIN_MANAGER , '</div>' , PHP_EOL;


CloseTable();


echo '<br />' , PHP_EOL;


OpenTable();


$wb_url = $admin_file . '.php?op=BlocksManager&amp;wb_name=';


# added query to catch the current main-module (HOME)


$row2 = $db->sql_fetchrow($db->sql_query('SELECT `main_module` FROM `' . $prefix . '_main`'));


$main_module = $row2['main_module'];


$result = $db->sql_query('SELECT `mid`, `title`, `custom_title`, `active`, `view`, `inmenu` FROM `' . $prefix . '_modules` WHERE `active` = 1 ORDER BY `title` ASC');


echo '<div class="text-center">' , PHP_EOL;


if ($db->sql_numrows($result) > 0) {


echo '<form action="' , $admin_file , '.php" method="post">' , PHP_EOL


, _BLOCKMGR_MODULEDROP , '&nbsp;' , PHP_EOL


, '<select name="wb_name" size="1" onchange="top.location.href=this.options[this.selectedIndex].value">' , PHP_EOL;


while (list($mid, $title, $custom_title, $active, $view, $inmenu) = $db->sql_fetchrow($result)) {


echo '<option value="' , $wb_url , $title , '"' , ($wb_name == $title ? ' selected="selected"' : '') , '>' , $title , '</option>' , PHP_EOL;


if ($wb_name == '') {


$wb_name = $title;


}


} # end of while


echo '</select>' , PHP_EOL


, '</form>' , PHP_EOL


, '</div>' , PHP_EOL


, '<br />' , PHP_EOL;


} else {


echo 'No active modules found!' , PHP_EOL


, '</div>' , PHP_EOL;


CloseTable();


include_once 'footer.php';


exit;   


}   


echo '<table class="blma_maintable">' , PHP_EOL


, '<tr>' , PHP_EOL


, '<td>' , _TITLE , '</td>' , PHP_EOL


, '<td colspan="2">' , _POSITION , '</td>' , PHP_EOL


, '<td colspan="2">' , _WEIGHT , '</td>' , PHP_EOL


, '<td>' , _TYPE , '</td>' , PHP_EOL


, '<td>' , _STATUS , '</td>' , PHP_EOL


, '<td>' , _VIEW , '</td>' , PHP_EOL;


if ($multilingual == 1) {


echo '<td>' , _LANGUAGE , '</td>' , PHP_EOL;


}


#echo '<td>' , _FUNCTIONS , '</td>' , PHP_EOL;


echo '</tr>' , PHP_EOL;   


$i = 0;


$sql = 'SELECT b.`bid`, b.`bkey`, b.`title`, b.`url`, m.`bposition`, m.`weight`, b.`active`, b.`blanguage`, b.`blockfile`, b.`view` FROM `' . $prefix . '_blocks` b, `' . $prefix . '_blocks_manager` m WHERE b.`bid` = m.`bid` AND m.`title` = \'' . $db->sql_escape_string($wb_name) . '\' ORDER BY m.`bposition`, m.`weight` ASC';


$result1 = $db->sql_query($sql);


if ($db->sql_numrows($result1) > 0) {


while (list($bid, $bkey, $title, $url, $bposition, $weight, $active, $blanguage, $blockfile, $view) = $db->sql_fetchrow($result1)) {


$weight1 = $weight - 1;


$weight3 = $weight + 1;


$res = $db->sql_query('SELECT `bid` FROM `' . $prefix . '_blocks_manager` WHERE `title` = \'' . $db->sql_escape_string($wb_name) . '\' AND `weight` = \'' . $weight1 . '\' AND `bposition` = \'' . $bposition . '\'');


list($bid1) = $db->sql_fetchrow($res);


$con1 = $bid1;


$res2 = $db->sql_query('SELECT `bid` FROM `' . $prefix . '_blocks_manager` WHERE `title` = \'' . $db->sql_escape_string($wb_name) . '\' AND `weight` = \'' . $weight3 . '\' AND `bposition` = \'' . $bposition . '\'');


list($bid2) = $db->sql_fetchrow($res2);


$con2 = $bid2;


 


echo '<tr>' , PHP_EOL


, '<td>' , $title , '</td>' , PHP_EOL;


if ($bposition == 'l') {


$bposition = _LEFT . '</td>' . PHP_EOL


. '<td>' . PHP_EOL


. '<a class="rn_csrf" href="' . $admin_file . '.php?op=BlocksManager_BlockPosition&amp;bid=' . $bid . '&amp;title=' . $wb_name . '&amp;position=r">'


. '<img src="images/center_l.gif" alt="' . _RIGHTBLOCK . '" title="' . _RIGHTBLOCK . '" />'


. '</a>' . PHP_EOL;


if (($centerblocks_only_for_home == 1 && $wb_name == $main_module) || $centerblocks_only_for_home == 0) {


$bposition .= '<a class="rn_csrf" href="' . $admin_file . '.php?op=BlocksManager_BlockPosition&amp;bid=' . $bid . '&amp;title=' . $wb_name . '&amp;position=c">'


. '<img src="images/up.gif" alt="' . _CENTERUP . '" title="' . _CENTERUP . '" />'


. '</a>' . PHP_EOL


. '<a class="rn_csrf" href="' . $admin_file . '.php?op=BlocksManager_BlockPosition&amp;bid=' . $bid . '&amp;title=' . $wb_name . '&amp;position=d">'


. '<img src="images/down.gif" alt="' . _CENTERDOWN . '" title="' . _CENTERDOWN . '" />'


. '</a>' . PHP_EOL;


}


} elseif ($bposition == 'r') {


$bposition = _RIGHT . '</td>' . PHP_EOL


. '<td>' . PHP_EOL


. '<a class="rn_csrf" href="' . $admin_file . '.php?op=BlocksManager_BlockPosition&amp;bid=' . $bid . '&amp;title=' . $wb_name . '&amp;position=l">'


. '<img src="images/center_r.gif" alt="' . _LEFTBLOCK . '" title="' . _LEFTBLOCK . '" />'


. '</a>' . PHP_EOL;


if (($centerblocks_only_for_home == 1 && $wb_name == $main_module) || $centerblocks_only_for_home == 0) {


$bposition .= '<a class="rn_csrf" href="' . $admin_file . '.php?op=BlocksManager_BlockPosition&amp;bid=' . $bid . '&amp;title=' . $wb_name . '&amp;position=c">'


. '<img src="images/up.gif" alt="' . _CENTERUP . '" title="' . _CENTERUP . '" />'


. '</a>' . PHP_EOL


. '<a class="rn_csrf" href="' . $admin_file . '.php?op=BlocksManager_BlockPosition&amp;bid=' . $bid . '&amp;title=' . $wb_name . '&amp;position=d">'


. '<img src="images/down.gif" alt="' . _CENTERDOWN . '" title="' . _CENTERDOWN . '" />'


. '</a>' . PHP_EOL;


}


} elseif ($bposition == 'c') {


$bposition = _CENTERUP . '</td>' . PHP_EOL


. '<td>' . PHP_EOL


. '<a class="rn_csrf" href="' . $admin_file . '.php?op=BlocksManager_BlockPosition&amp;bid=' . $bid . '&amp;title=' . $wb_name . '&amp;position=l">'


. '<img src="images/center_r.gif" alt="' . _LEFTBLOCK . '" title="' . _LEFTBLOCK . '" />'


. '</a>' . PHP_EOL


. '<a class="rn_csrf" href="' . $admin_file . '.php?op=BlocksManager_BlockPosition&amp;bid=' . $bid . '&amp;title=' . $wb_name . '&amp;position=r">'


. '<img src="images/center_l.gif" alt="' . _RIGHTBLOCK . '" title="' . _RIGHTBLOCK . '" />'


. '</a>' . PHP_EOL;


if (($centerblocks_only_for_home == 1 && $wb_name == $main_module) || $centerblocks_only_for_home == 0) {


$bposition .= '<a class="rn_csrf" href="' . $admin_file . '.php?op=BlocksManager_BlockPosition&amp;bid=' . $bid . '&amp;title=' . $wb_name . '&amp;position=d">'


. '<img src="images/down.gif" alt="' . _CENTERDOWN . '" title="' . _CENTERDOWN . '" />'


. '</a>' . PHP_EOL;


}


} elseif ($bposition == 'd') {


$bposition = _CENTERDOWN . '</td>' . PHP_EOL


. '<td>' . PHP_EOL


. '<a class="rn_csrf" href="' . $admin_file . '.php?op=BlocksManager_BlockPosition&amp;bid=' . $bid . '&amp;title=' . $wb_name . '&amp;position=l">'


. '<img src="images/center_r.gif" alt="' . _LEFTBLOCK . '" title="' . _LEFTBLOCK . '" />'


. '</a>' . PHP_EOL


. '<a class="rn_csrf" href="' . $admin_file . '.php?op=BlocksManager_BlockPosition&amp;bid=' . $bid . '&amp;title=' . $wb_name . '&amp;position=r">'


. '<img src="images/center_l.gif" alt="' . _RIGHTBLOCK . '" title="' . _RIGHTBLOCK . '" />'


. '</a>' . PHP_EOL;


if (($centerblocks_only_for_home == 1 && $wb_name == $main_module) || $centerblocks_only_for_home == 0) {


$bposition .= '<a class="rn_csrf" href="' . $admin_file . '.php?op=BlocksManager_BlockPosition&amp;bid=' . $bid . '&amp;title=' . $wb_name . '&amp;position=c">'


. '<img src="images/up.gif" alt="' . _CENTERUP . '" title="' . _CENTERUP . '" />'


. '</a>' . PHP_EOL;


}


}


echo '<td>' , $bposition , '</td>' , PHP_EOL


, '<td>' , $weight , '</td>' , PHP_EOL


, '<td>' , PHP_EOL   


, '<a class="rn_csrf" href="' , $admin_file , '.php?op=BlocksManager_BlockOrder&amp;weight=' , $weight , '&amp;bidori=' , $bid , '&amp;weightrep=' , $weight1 , ($con1 != '' ? '&amp;bidrep=' . $con1 : '') , '&amp;title=' , $wb_name , '"><img src="images/up.gif" alt="' , _BLOCKUP , '" title="' , _BLOCKUP , '" /></a>' , PHP_EOL


, '<a class="rn_csrf" href="' , $admin_file , '.php?op=BlocksManager_BlockOrder&amp;weight=' , $weight , '&amp;bidori=' , $bid , '&amp;weightrep=' , $weight3 , ($con2 != '' ? '&amp;bidrep=' . $con2 : '') , '&amp;title=' , $wb_name , '"><img src="images/down.gif" alt="' , _BLOCKDOWN , '" title="' , _BLOCKDOWN , '" /></a>' , PHP_EOL


, '</td>' , PHP_EOL;   


if ($bkey == '') {


if ($url == '') {


$type = 'HTML';


} elseif ($url != '') {


$type = 'RSS/RDF';


}


if ($blockfile != '') {


$type = _BLOCKFILE2;


}


} elseif ($bkey != '') {


$type = _BLOCKSYSTEM;


}


echo '<td>' , $type , '</td>' , PHP_EOL;


$block_act = $active;


if ($active == 1) {


$active = _ACTIVE;


$change = _DEACTIVATE;


} elseif ($active == '0') {


$active = '<em>' . _INACTIVE . '</em>';


$change = _ACTIVATE;


}


echo '<td>' , $active , '</td>' , PHP_EOL;


if ($view == '0') {


$who_view = _MVALL;


} elseif ($view == 1) {


$who_view = _MVUSERS;


} elseif ($view == 2) {


$who_view = _MVADMIN;


} elseif ($view == 3) {


$who_view = _MVANON;


}


echo '<td>' , $who_view , '</td>' , PHP_EOL;


if ($multilingual == 1) {


if ($blanguage == '') {


$blanguage = _ALL;


} else {


$blanguage = ucfirst($blanguage);


}


echo '<td>' , $blanguage , '</td>' , PHP_EOL;


}   


/*echo '<td>';


if ($bkey == '') {


echo '<a href="' , $admin_file , '.php?op=BlocksManager_Delete&amp;bid=' , $bid , '&amp;title=' , $wb_name , '">' , _DELETE , '</a>';


} elseif ($bkey != '') {


echo _DELETE;


}


echo '</td>' , PHP_EOL; */


echo '</tr>' , PHP_EOL;


$wb_tabblocks[$i] = $bid;


$i++;


} # end of while


} else {


echo '<tr>' , PHP_EOL


, '<td colspan="' , ($multilingual == 1 ? '9' : '8') , '">' , _BLOCKMGR_NOENTRIES , '</td>' , PHP_EOL


, '</tr>' , PHP_EOL;


}


echo '</table>' , PHP_EOL


, '<br />' , PHP_EOL


, '<div class="text-center">[ <a class="rn_csrf" href="' , $admin_file , '.php?op=BlocksManager_FixWeight&amp;wb_name=' , $wb_name , '">' , _FIXBLOCKS , '</a> ]</div>' , PHP_EOL


, '<br />' , PHP_EOL;


CloseTable();


echo '<br />' , PHP_EOL;


OpenTable();


echo '<div class="text-center thick">' , _BLOCKMGR_ADDNEWBLOCK_MANAGER , '</div>' , PHP_EOL


, '<br />' , PHP_EOL


, '<form name="BM_EDIT" action="' , $admin_file , '.php" method="post">' , PHP_EOL


, '<table class="blma_addnewtable centered">' , PHP_EOL


, '<tr>' , PHP_EOL


# List all inactive Blocks for selected module


, '<td class="valign_top">' , PHP_EOL


, '<span class="thick">' , _BLOCKMGR_ACTIVE_BLOCKS , '</span><br />' , PHP_EOL;


$result = $db->sql_query('SELECT `bid`, `title` FROM `' . $prefix . '_blocks` ORDER BY `title` ASC');


if ($db->sql_numrows($result) > 0) {


echo '<select name="bida[]" size="10" multiple="multiple">' , PHP_EOL;


while (list($bid, $title) = $db->sql_fetchrow($result)) {


$ii = 0;


$wb_affiche = 1;


while ($ii < $i) {


if ($wb_tabblocks[$ii] == $bid) {


$wb_affiche = 0;


}


$ii++;


} # end of while


if ($wb_affiche == 1) {


echo '<option value="' , $bid , '">' , $title , '</option>' , PHP_EOL;


}


}


echo '</select>' , PHP_EOL


, '<br /><br />' , PHP_EOL


, '<input type="submit" value="' , _BLOCKMGR_ADD_BLOCK , '" onclick="document.BM_EDIT.op.value=\'BlocksManager_Add\';" />' , PHP_EOL;


} else {


echo _BLOCKMGR_NOENTRIES , PHP_EOL;


}


echo '</td>' , PHP_EOL


# List all active Modules


, '<td class="valign_top">' , PHP_EOL


, '<span class="thick">' , _BLOCKMGR_MODULES , '</span><br />' , PHP_EOL;


$result = $db->sql_query('SELECT `mid`, `title`, `custom_title`, `active`, `view`, `inmenu` FROM `' . $prefix . '_modules` WHERE `active` = 1 ORDER BY `title` ASC');


if ($db->sql_numrows($result) > 0) {


echo '<select name="title[]" size="10" multiple="multiple">' , PHP_EOL;


while (list($mid, $title, $custom_title, $active, $view, $inmenu) = $db->sql_fetchrow($result)) {


echo '<option value="' , $title , '"' , ($wb_name == $title ? ' selected="selected"' : '') , '>' , $title , '</option>' , PHP_EOL;


if ($wb_name == '') {


$wb_name = $title;


}


} # end of while


echo '</select>' , PHP_EOL


, '<br />' , PHP_EOL;


} else {


echo _BLOCKMGR_NOENTRIES , PHP_EOL;


}


echo '</td>' , PHP_EOL


# List all active Blocks for selected module


, '<td class="valign_top">' , PHP_EOL


, '<span class="thick">' , _BLOCKMGR_INACTIVE_BLOCKS , '</span><br />' , PHP_EOL;


$result = $db->sql_query('SELECT b.`bid`, b.`title` FROM `' . $prefix . '_blocks` b, `' . $prefix . '_blocks_manager` m WHERE b.`bid` = m.`bid` AND m.`title` = \'' . $db->sql_escape_string($wb_name) . '\' ORDER BY `title` ASC');


if ($db->sql_numrows($result) > 0) {


echo '<select name="bidr[]" size="10" multiple="multiple">' , PHP_EOL;


while (list($bid, $title) = $db->sql_fetchrow($result)) {


echo '<option value="' , $bid , '">' , $title , '</option>' , PHP_EOL;


} # end of while


echo '</select>' , PHP_EOL


, '<br />' , PHP_EOL


, '<input type="submit" value="' , _BLOCKMGR_REMOVE_BLOCK , '" onclick="document.BM_EDIT.op.value=\'BlocksManager_Remove\';" />' , PHP_EOL;


} else {


echo _BLOCKMGR_NOENTRIES , PHP_EOL;


}


echo '</td>' , PHP_EOL


, '</tr>' , PHP_EOL


, '</table>' , PHP_EOL


, '<br />' , PHP_EOL


, '<input type="hidden" name="wb_name" value="' , $wb_name , '" />' , PHP_EOL


, '<input type="hidden" name="op" value="BlocksManager_Add" />' , PHP_EOL


, '</form>' , PHP_EOL;


CloseTable();


include_once 'footer.php';


} else {


$visit_table = $db->sql_fetchrow($db->sql_query('SHOW TABLES LIKE \'' . $prefix . '_blocks_manager\''));


if (!isset($visit_table['0'])) {   


include_once 'header.php';


GraphicAdmin();


OpenTable();


echo '<div class="text-center">' , PHP_EOL;


$createtable = 'CREATE TABLE IF NOT EXISTS `' . $prefix . '_blocks_manager` (


`bid` int(10) NOT NULL DEFAULT \'0\',


`title` varchar(255) NOT NULL DEFAULT \'0\',


`bposition` char(1) NOT NULL DEFAULT \'\',


`weight` int(10) NOT NULL DEFAULT \'1\',


KEY title (`title`)


) ENGINE=MyISAM ;';


$qry = $db->sql_query($createtable);


if ($qry) {


echo 'create blocks manager db-table = done!<br />' , PHP_EOL;


} else {


echo 'create blocks manager db-table = failed!<br />' , PHP_EOL;


}


echo '<br /><a href="' , $admin_file , '.php?op=BlocksManager">Lets go!</a><br />' , PHP_EOL


, '</div>' , PHP_EOL;


CloseTable();


include_once 'footer.php';


}


}


}


 


function BlocksManager_Add($bid, $title, $wb_name) {


global $prefix, $db, $admin_file;


if ($wb_name != '') {


foreach ($title as $tKey => $tValue) {


if ($tValue != '') {


foreach ($bid as $bKey => $bValue) {


if (is_numeric($bValue)) {


$result = $db->sql_query('SELECT `bid`, `bposition`, `weight`, `title` FROM `' . $prefix . '_blocks` WHERE `bid` = \'' . $bValue . '\'');


list($bid, $bposition, $weight, $block_title) = $db->sql_fetchrow($result);


if ($bid != '') {


$tValue = $db->sql_escape_string(htmlspecialchars_decode(check_html($tValue, 'nohtml'), ENT_QUOTES));


$db->sql_query('INSERT INTO `' . $prefix . '_blocks_manager` VALUES (\'' . $bValue . '\', \'' . $tValue . '\', \'' . $bposition . '\', \'' . $weight . '\')');


}


}


}


}


}


Header('Location: ' . $admin_file . '.php?op=BlocksManager&wb_name=' . $wb_name); exit;


} else {


Header('Location: ' . $admin_file . '.php'); exit;


}


}


 


function BlocksManager_Remove($bid, $title, $wb_name) {


global $prefix, $db, $admin_file;


if ($wb_name != '') {


foreach ($title as $tKey => $tValue) {


if ($tValue != '') {


foreach ($bid as $bKey => $bValue) {


if (is_numeric($bValue)) {


$db->sql_query('DELETE FROM `' . $prefix . '_blocks_manager` WHERE `bid` = \'' . $bValue . '\' AND `title` = \'' . $db->sql_escape_string($tValue) . '\'');


}


}


}


}


Header('Location: ' . $admin_file . '.php?op=BlocksManager&wb_name=' . $wb_name); exit;


} else {


Header('Location: ' . $admin_file . '.php'); exit;


}


}


 


function BlocksManager_FixWeight($wb_name) {


global $prefix, $db, $admin_file;


if ($wb_name != '') {


$leftpos = 'l';


$rightpos = 'r';


$centeruppos = 'c';


$centerdnpos = 'd';


# Fix Left Block Weights


$result = $db->sql_query('SELECT `bid`, `title` FROM `' . $prefix . '_blocks_manager` WHERE `title` = \'' . $db->sql_escape_string($wb_name) . '\' AND `bposition` = \'' . $db->sql_escape_string($leftpos) . '\' ORDER BY `weight` ASC');


if ($db->sql_numrows($result) > 0) {


$weight = 0;


while (list($bid, $title) = $db->sql_fetchrow($result)) {


$weight++;


$db->sql_query('UPDATE `' . $prefix . '_blocks_manager` SET `weight` = \'' . $weight . '\' WHERE `title` = \'' . $db->sql_escape_string($wb_name) . '\' AND `bid` = \'' . $bid . '\'');


} # end of while


}   


# Fix Right Block Weights


$result = $db->sql_query('SELECT `bid` FROM `' . $prefix . '_blocks_manager` WHERE `title` = \'' . $db->sql_escape_string($wb_name) . '\' AND `bposition` = \'' . $db->sql_escape_string($rightpos) . '\' ORDER BY `weight` ASC');


if ($db->sql_numrows($result) > 0) {


$weight = 0;


while (list($bid) = $db->sql_fetchrow($result)) {


$weight++;


$db->sql_query('UPDATE `' . $prefix . '_blocks_manager` SET `weight` = \'' . $weight . '\' WHERE `title` = \'' . $db->sql_escape_string($wb_name) . '\' AND `bid` = \'' . $bid . '\'');


} # end of while


}   


# Fix Center Up Block Weights


$result = $db->sql_query('SELECT `bid` FROM `' . $prefix . '_blocks_manager` WHERE `title` = \'' . $db->sql_escape_string($wb_name) . '\' AND `bposition` = \'' . $db->sql_escape_string($centeruppos) . '\' ORDER BY `weight` ASC');


if ($db->sql_numrows($result) > 0) {


$weight = 0;


while (list($bid) = $db->sql_fetchrow($result)) {


$weight++;


$db->sql_query('UPDATE `' . $prefix . '_blocks_manager` SET `weight` = \'' . $weight . '\' WHERE `title` = \'' . $db->sql_escape_string($wb_name) . '\' AND `bid` = \'' . $bid . '\'');


} # end of while


}   


# Fix Center Down Block Weights


$result = $db->sql_query('SELECT `bid` FROM `' . $prefix . '_blocks_manager` WHERE `title` = \'' . $db->sql_escape_string($wb_name) . '\' AND `bposition` = \'' . $db->sql_escape_string($centerdnpos) . '\' ORDER BY `weight` ASC');


if ($db->sql_numrows($result) > 0) {


$weight = 0;


while (list($bid) = $db->sql_fetchrow($result)) {


$weight++;


$db->sql_query('UPDATE `' . $prefix . '_blocks_manager` SET `weight` = \'' . $weight . '\' WHERE `title` = \'' . $db->sql_escape_string($wb_name) . '\' AND `bid` = \'' . $bid . '\'');


} # end of while


}


Header('Location: ' . $admin_file . '.php?op=BlocksManager&wb_name=' . $wb_name); exit;


} else {


Header('Location: ' . $admin_file . '.php'); exit;


}


}


 


function BlocksManager_BlockPosition($bid, $title, $position) {


global $prefix, $db, $admin_file;


if (is_numeric($bid) && ($position == 'l' || $position == 'r' || $position == 'c' || $position == 'd') && $title != '') {


$title = $db->sql_escape_string(htmlspecialchars_decode(check_html($title, 'nohtml'), ENT_QUOTES));


$db->sql_query('UPDATE `' . $prefix . '_blocks_manager` SET `bposition` = \'' . $db->sql_escape_string($position) . '\' WHERE `bid` = \'' . $bid . '\' AND `title` = \'' . $title . '\'');


Header('Location: ' . $admin_file . '.php?op=BlocksManager&wb_name=' . $title); exit;


} else {


Header('Location: ' . $admin_file . '.php'); exit;


}


}


 


function BlocksManager_BlockOrder($weightrep, $weight, $bidrep, $bidori, $title) {


global $prefix, $db, $admin_file;


if (is_numeric($weightrep) && is_numeric($weight) && is_numeric($bidori) && $title != '') {


if (is_numeric($bidrep)) {


$result = $db->sql_query('UPDATE `' . $prefix . '_blocks_manager` SET `weight` = \'' . $weight . '\' WHERE `bid` = \'' . $bidrep . '\' AND `title` = \'' . $title . '\'');


}


$result2 = $db->sql_query('UPDATE `' . $prefix . '_blocks_manager` SET `weight` = \'' . $weightrep . '\' WHERE `bid` = \'' . $bidori . '\' AND `title` = \'' . $title . '\'');


Header('Location: ' . $admin_file . '.php?op=BlocksManager&wb_name=' . $title); exit;


} else {


Header('Location: ' . $admin_file . '.php'); exit;


}


}

This project can now be considered complete for RN 2.51

I always appreciate that there is a new version 2.6 on the horizon. There is always a new version on the horizon. It was around the year 2006 I stopped waiting for new versions to do things. For me and the new version well ... I will most likely begin to install it around the time that RN 3.0 is being released! I'm slow like that. Laughing

LOL!

Thanks again to everyone.

Posted: Mon Oct 28, 2013 7:36 pm

draxx, I think u did the right thing and we should do the same instead of waisting time in unecessary discussions. I am gonna update the addon as well.

This is the part which was missing some variables.

Code:

function BlocksManager_BlockOrder($weightrep, $weight, $bidrep, $bidori, $title) {


    global $prefix, $db, $admin_file;


   if (is_numeric($weightrep) && is_numeric($weight) && is_numeric($bidori) && $title != '') {


      if (is_numeric($bidrep)) {


         $result = $db->sql_query('UPDATE `' . $prefix . '_blocks_manager` SET `weight` = \'' . $weight . '\' WHERE `bid` = \'' . $bidrep . '\' AND `title` = \'' . $title . '\'');


      }


      $result2 = $db->sql_query('UPDATE `' . $prefix . '_blocks_manager` SET `weight` = \'' . $weightrep . '\' WHERE `bid` = \'' . $bidori . '\' AND `title` = \'' . $title . '\'');


        Header('Location: ' . $admin_file . '.php?op=BlocksManager&wb_name=' . $title); exit;


   } else {


      Header('Location: ' . $admin_file . '.php'); exit;


   }


}

The modification was actually in these lines to be more specific and there isn't any problem in using neralex's convertion

Code:

$result = $db->sql_query('UPDATE `' . $prefix . '_blocks_manager` SET `weight` = \'' . $weight . '\' WHERE `bid` = \'' . $bidrep . '\' AND `title` = \'' . $title . '\'');

Code:

$result2 = $db->sql_query('UPDATE `' . $prefix . '_blocks_manager` SET `weight` = \'' . $weightrep . '\' WHERE `bid` = \'' . $bidori . '\' AND `title` = \'' . $title . '\'');

Posted: Mon Oct 28, 2013 7:48 pm

hicuxunicorniobestbuildpc wrote:

This addon should be in the next version of RavenNuke if it is possible.

Actually it is, I think.
You will be able to display different blocks depending on which module is being viewed and which theme is selected provided you use one of the default HTML5 mobile ready themes that will be included.

Posted: Thu Nov 21, 2013 1:28 am

I saw that from another post.

The only thing I did not like about what I've heard about the feature in the new version is that while the appearance of a block in a module will be optional the sort order of the blocks will be fixed. There needs to be the freedom to place things on the page where-ever you want them. Or at least in different order in a column ... just a imho Smile

Posted: Thu Nov 21, 2013 4:01 am

That may happen further down the road but it's highly unlikely for the first release of RavenCMS.
I'm hoping however that once it is released, we can gather feedback from our user base to help prioritise enhancements.

Posted: Thu Nov 21, 2013 1:07 pm

With this new blocks by module addon in 2.51 I have discovered that my site has 102 blocks that appear on various pages.

Can you imagine a home page with 102 blocks? Very Happy

hahaha

Posted: Thu Nov 21, 2013 1:23 pm

I could certainly imagine my mySQL server groaning under the weight lol.