$res = $this->override ('blog/post');
if ($res) { echo $res; return; }
$page->id = 'blog';
$page->layout = Appconf::blog ('Blog', 'post_layout');
require_once ('apps/blog/lib/Filters.php');
$p = new blog\Post ($this->params[0]);
// post not found
if ($p->error) {
return $this->error (404, __ ('Post not found'), '<p>' . __ ('Hmm, we can\'t seem to find the post you wanted at the moment.') . '</p>');
}
if ($p->published === 'no' && ! User::require_acl ('admin', 'blog')) {
return $this->error (404, __ ('Post not found'), '<p>' . __ ('Hmm, we can\'t seem to find the post you wanted at the moment.') . '</p>');
}
// published if it was scheduled and it's time
if ($p->published === 'que') {
if ($p->ts <= gmdate ('Y-m-d H:i:s')) {
$p->published = 'yes';
$p->put ();
Versions::add ($p);
} else {
return $this->error (404, __ ('Post not found'), '<p>' . __ ('Hmm, we can\'t seem to find the post you wanted at the moment.') . '</p>');
}
}
$page->title = $p->title;
if ($b->error) {
if ($fallback_id) {
$lock = new Lock('Block', $fallback_id);
$b = new Block($fallback_id);
$b->new_id = $id;
}
if ($b->error) {
if (User::require_acl('admin', 'admin/edit', 'blocks')) {
$fallback_id = $id;
echo $tpl->render('blocks/editable', (object) array('id' => $fallback_id, 'locked' => false, 'title' => false));
}
return;
}
}
// permissions
if ($b->access !== 'public') {
if (!User::require_login()) {
return;
}
if (!User::access($b->access)) {
return;
}
}
if ($b->show_title == 'yes') {
printf('<' . $level . '>%s</' . $level . '>', $b->title);
}
$b->locked = $lock->exists();
if (User::require_acl('admin', 'admin/edit', 'blocks')) {
echo $tpl->render('blocks/editable', $b);
}
echo $tpl->run_includes($b->body);
$p = new blog\Post();
$posts = $p->latest($page->limit, $page->offset);
$page->count = $p->query()->where('published', 'yes')->count();
$page->last = $page->offset + count($posts);
$page->more = $page->count > $page->last ? true : false;
$page->next = $page->num + 2;
$footer = Appconf::blog('Blog', 'post_footer');
$footer_stripped = strip_tags($footer);
$footer = $footer && !empty($footer_stripped) ? $tpl->run_includes($footer) : false;
if (!is_array($posts) || count($posts) === 0) {
echo '<p>' . __('No posts yet... :(') . '</p>';
if (User::require_acl('admin', 'blog', 'admin/add')) {
echo '<p class="hide-in-preview"><a href="/blog/add">' . __('Add Blog Post') . '</a></p>';
}
} else {
if (User::require_acl('admin', 'blog', 'admin/add')) {
echo '<p class="hide-in-preview"><a href="/blog/add">' . __('Add Blog Post') . '</a></p>';
}
if (Appconf::blog('Blog', 'post_format') === 'markdown') {
require_once 'apps/blog/lib/markdown.php';
}
foreach ($posts as $_post) {
$post = $_post->orig();
$post->url = '/blog/post/' . $post->id . '/';
$post->fullurl = $post->url . URLify::filter($post->title);
$post->tag_list = strlen($post->tags) > 0 ? explode(',', $post->tags) : array();
$post->social_buttons = Appconf::blog('Social Buttons');
if (Appconf::blog('Blog', 'post_format') === 'html') {
$post->body = $tpl->run_includes($post->body);
} else {
$post->body = $tpl->run_includes(Markdown($post->body));
}
} else {
$data['photo'] = null;
}
}
$data['photo'] = Image::for_key($data['key'], $data['photo']);
if ((!isset($data['link']) || !$data['link'] || $data['link'] === '') && $data['photo'] !== null) {
$photo = preg_replace('|^/files/|', '', $data['photo']);
$data['link'] = FileManager::prop($photo, 'link');
}
if ($data['photo']) {
$data['src'] = '/' . Image::resize($data['photo'], $data['width'], $data['height'], 'cover', 'ext');
} elseif (isset($data['default'])) {
if (preg_match('/^https?:\\/\\//', $data['default'])) {
$data['src'] = $data['default'];
} else {
$data['src'] = '/' . Image::resize(ltrim($data['default'], '/'), $data['width'], $data['height'], 'cover', 'ext');
}
} else {
$data['src'] = 'http://placehold.it/' . $data['width'] . 'x' . $data['height'];
}
if (!$this->internal) {
header('Content-Type: application/json');
echo json_encode(array('success' => true, 'data' => $data));
return;
}
if (User::is_valid() && User::require_acl('admin', 'filemanager')) {
echo $this->run('filemanager/util/browser');
$page->add_script('/apps/filemanager/js/jquery.photoswitcher.js');
}
echo $tpl->render('filemanager/photo', $data);
<?php
/**
* User add form.
*/
$page->layout = 'admin';
$this->require_acl('admin', 'user');
$f = new Form('post', 'user/add');
$f->verify_csrf = false;
if ($f->submit()) {
if (!User::require_acl('user/edit_roles')) {
$_POST['type'] = Appconf::user('User', 'default_role');
}
$_POST['password'] = User::encrypt_pass($_POST['password']);
$now = gmdate('Y-m-d H:i:s');
$_POST['expires'] = $now;
$_POST['signed_up'] = $now;
$_POST['updated'] = $now;
$_POST['userdata'] = json_encode(array());
unset($_POST['verify_pass']);
unset($_POST['_states']);
unset($_POST['_countries']);
$u = new User($_POST);
$u->put();
Versions::add($u);
if (!$u->error) {
$this->add_notification(__('Member added.'));
$this->hook('user/add', $_POST);
$this->redirect('/user/admin');
}
$page->title = __('An Error Occurred');
* - set_value: The selector of an input field to update with the
* chosen file link.
* - thumbs: Whether to show thumbnails instead of file names.
* Note: also automatically sets allowed list to jpeg, png, and
* gif formats so you don't have to set allowed explicitly.
* - title: A custom title for the dialog window.
*/
echo $this->run ('admin/util/modal');
$page->add_style ('/apps/filemanager/css/filebrowser.css');
$page->add_script (
sprintf (
'<script>var filemanager_path = "%s", filemanager_upload = %d;</script>',
conf('Paths','filemanager_path'),
(int) User::require_acl ('admin', 'filemanager')
)
);
$page->add_script ('/apps/filemanager/js/jquery.filedrop.js');
$page->add_script ('/apps/filemanager/js/filemanager.js');
$page->add_script ('/apps/filemanager/js/jquery.filebrowser.js');
$page->add_script (
sprintf (
'<script>var filebrowser_max_filesize = %s;</script>',
(int) ini_get ('upload_max_filesize')
)
);
$page->add_script (
I18n::export (
array (
'Choose a file',
$page->layout = 'admin';
if (!$this->params[0]) {
$this->redirect('/polls/admin');
}
if (!$this->params[0]) {
$this->add_notification("Error: Must provide id parameter.");
isset($_GET['vote']) ? $this->redirect('/polls/votes/') : $this->redirect('/polls/admin');
}
if (isset($_GET['vote']) && User::require_acl('polls/votes')) {
$item = polls\Votes::get($this->params[0]);
$user = User::get($item->user_id)->name;
$poll = $item->poll()->title;
if (!$item->remove()) {
@error_log('Error: polls/delete/' . $this->params[0] . '?vote - ' . $item->error);
$this->add_notification('Error: Unable to delete user\'s vote(s).');
} else {
$this->add_notification("Success: Removed vote from '{$poll}' for '{$user}'.");
}
} else {
if (User::require_acl('poll')) {
$item = polls\Poll::get($this->params[0]);
$old = $item->title;
if (!$item->remove()) {
@error_log('Error: polls/delete/' . $this->params[0] . ' - ' . $item->error);
$this->add_notification('Error: Unable to delete poll.');
} else {
$this->add_notification("Success: Removed '{$old}'");
}
}
}
$this->redirect('/polls/admin');
}
if (!User::access($wp->access)) {
return $this->error(403, __('Access denied'), '<p>' . __('You do not have enough access privileges for this operation.') . '</p>');
}
}
// set the page properties
$page->id = $id;
$page->title = $wp->title;
$page->_menu_title = $wp->menu_title;
$page->_window_title = $wp->window_title;
$page->description = $wp->description;
$page->keywords = $wp->keywords;
$page->layout = $wp->layout;
$page->head = $wp->head;
$page->access = $wp->access;
$page->extra = (object) $wp->extra;
// show admin edit buttons
if (User::require_acl('admin', 'admin/pages', 'admin/edit')) {
$lock = new Lock('Webpage', $id);
$page->locked = $lock->exists();
echo $this->run('admin/editable', $page);
}
// execute any embedded includes
$out = $tpl->run_includes($wp->body);
if ($out === $wp->body) {
// no includes, cacheable.
$page->body = $out;
$cache->set('_admin_page_' . $id, serialize($page));
}
// output the page body
echo $out;
/**
* Require the user to have access to one or more resources. Accepts
* any number of parameters, which should be resource names. If any
* resource fails, it will redirect to either the member login screen
* at `/user/login`, or the `/admin` login screen if the `admin`
* resource is included in the list.
*
* Usage:
*
* $this->require_acl ('admin', 'admin/edit');
*/
public function require_acl($resource)
{
$args = func_get_args();
$redirect = in_array('admin', $args) ? '/admin' : '/user/login';
foreach ($args as $resource) {
if (!User::require_acl($resource)) {
$this->redirect($redirect . '?redirect=' . urlencode($_SERVER['REQUEST_URI']));
}
}
}
<?php
if (!User::require_admin()) {
$this->redirect('/user/login');
}
if (!User::require_acl('polls')) {
$this->redirect($_COOKIE['elefant_last_page']);
}
if (!User::require_acl('poll/votes') || !$this->params[0]) {
$this->redirect('/polls/admin');
}
$page->layout = 'admin';
require_once 'apps/polls/lib/Functions.php';
$limit = 25;
$num = is_numeric($_GET['page']) ? $_GET['page'] : 0;
$offset = $num * $limit;
$items = polls\Votes::query()->where('poll_id', $this->params[0])->order('ts', 'desc')->fetch($limit, $offset);
$data = array('limit' => $limit, 'total' => polls\Votes::query()->where('poll_id', $this->params[0])->count(), 'items' => $items, 'count' => count($items), 'url' => '/polls/votes/' . $this->params[0] . '?page=%d');
$page->add_style('/apps/polls/css/polls.css');
echo View::render('polls/votes', $data);
<?php
/**
* Background save handler for `Save & Keep Editing` form options.
*/
$page->layout = false;
header('Content-Type: application/json');
if (!User::require_acl('admin') || !User::require_acl('designer')) {
$res = new StdClass();
$res->success = false;
$res->error = 'Authorization required.';
echo json_encode($res);
return;
}
$error = false;
if (!preg_match('/^(css|layouts|layouts\\/[a-z0-9 _-]+|layouts\\/[a-z0-9 _-]+\\/[a-z0-9 _-]+)\\/[a-z0-9 _-]+\\.(html|css)$/i', $_GET['file'])) {
$res = new StdClass();
$res->success = false;
$res->error = 'Invalid file path';
echo json_encode($res);
return;
}
if (!@file_put_contents($_GET['file'], $_POST['body'])) {
$error = 'Saving file failed';
} else {
try {
@chmod($_GET['file'], 0666);
} catch (Exception $e) {
}
}
$res = new StdClass();
<?php
/**
* Provides the underlying API for the drag and drop capabilities
* in the navigation editor.
*/
$page->layout = false;
header('Content-Type: application/json');
if (!User::require_acl('admin', 'navigation')) {
$res = new StdClass();
$res->success = false;
$res->error = 'Authorization required.';
header('WWW-Authenticate: Basic realm="Navigation"');
header('HTTP/1.0 401 Unauthorized');
echo json_encode($res);
return;
}
$error = false;
$out = null;
$nav = new Navigation();
switch ($this->params[0]) {
case 'update':
$tree = $_POST['tree'];
if (empty($tree)) {
$tree = array();
}
require_once 'apps/navigation/lib/Functions.php';
if ($nav->update($tree) && $nav->save()) {
$out = array('msg' => sprintf('Nav json has been updated'));
} else {
$error = $nav->error;
if (count($tools) === 0 && admin\Toolbar::$autofill === false) {
$tools = admin\Toolbar::apps($this);
$is_apps = true;
} else {
if (admin\Toolbar::$autofill) {
// Extend the tools list with any unused app resources.
$apps = admin\Toolbar::apps($this);
foreach ($tools as $column => $group) {
// filter out resources that are already in use
$apps = array_diff_key($apps, $group);
}
if (count($apps)) {
$i = 0;
$j = 2;
$column = admin\Toolbar::$autofill;
$tools[$column] = array();
foreach ($apps as $handler => $app) {
if (++$i > 7) {
$i = 0;
$column = admin\Toolbar::$autofill . ' (' . $j++ . ')';
$tools[$column] = array();
}
$tools[$column][$handler] = $apps[$handler];
}
}
}
$is_apps = false;
}
$editable = User::require_acl('admin/toolbar');
$out = array('name' => Product::name(), 'logo' => Product::logo_toolbar(), 'is_apps' => $is_apps || count($tools) === 0 && !$editable, 'links' => $tpl->render('admin/head/links', array('user' => User::val('name'), 'tools' => $tools, 'is_apps' => $is_apps, 'editable' => $editable)));
echo json_encode($out);
* ### 2. Use the $.filebrowser() function to open the dialog window:
*
* $.filebrowser ({
* allowed: ['jpg', 'jpeg', 'png', 'gif'],
* set_value: '#field-id',
* title: 'Choose an image',
* thumbs: true,
* callback: function (file) {
* console.log ('You chose: ' + file);
* }
* });
*
* Options:
*
* - `allowed` - An array of allowed file extensions.
* - `callback` - A function to call with the chosen file link.
* - `set_value` - The selector of an input field to update with the
* chosen file link.
* - `thumbs` - Whether to show thumbnails instead of file names.
* Note: also automatically sets allowed list to jpeg, png, and
* gif formats so you don't have to set allowed explicitly.
* - `title` - A custom title for the dialog window.
*/
echo $this->run('admin/util/modal');
$page->add_style('/apps/filemanager/css/filebrowser.css');
$page->add_script(sprintf('<script>var filemanager_path = "%s", filemanager_upload = %d;</script>', conf('Paths', 'filemanager_path'), (int) User::require_acl('admin', 'filemanager')));
$page->add_script('/apps/filemanager/js/jquery.filedrop.js');
$page->add_script('/apps/filemanager/js/filemanager.js');
$page->add_script('/apps/filemanager/js/jquery.filebrowser.js');
$page->add_script(sprintf('<script>var filebrowser_max_filesize = %s;</script>', (int) ini_get('upload_max_filesize')));
$page->add_script(I18n::export(array('Choose a file', 'New file', 'Please upload one of the following file types', 'Your browser does not support drag and drop file uploads.', 'Please upload fewer files at a time.', 'The following file is too large to upload', 'Uploading...', 'Select')));
/**
* Verify that the user is authorized to access one or more resources.
* If the user is not logged in, it will also return false.
*/
public function require_acl($resource)
{
$args = func_get_args();
foreach ($args as $resource) {
if (!User::require_acl($resource)) {
return false;
}
}
return true;
}
<?php
/**
* Upload handler for the filemanager/util/browser dialog.
*/
$page->layout = false;
if (!User::require_acl('admin') || !User::require_acl('filemanager')) {
echo json_encode(array('success' => false, 'error' => __('Must be logged in to upload')));
return;
}
$root = getcwd() . '/' . conf('Paths', 'filemanager_path') . '/';
if (!FileManager::verify_folder($_POST['path'], $root)) {
echo json_encode(array('success' => false, 'error' => __('Invalid path')));
return;
}
if (!isset($_FILES['file'])) {
echo json_encode(array('success' => false, 'error' => __('No file uploaded or file too large.')));
return;
}
if (isset($_FILES['file']['error']) && $_FILES['file']['error'] > 0) {
$errors = array(1 => __('File size is too large.'), 2 => __('File size is too large.'), 3 => __('The file was only partially uploaded.'), 4 => __('No file was uploaded.'), 6 => __('Missing a temporary folder, check your PHP setup.'), 7 => __('Failed to write the file to disk.'), 8 => __('A PHP extension stopped the file upload.'));
echo json_encode(array('success' => false, 'error' => $errors[$_FILES['file']['error']]));
return;
}
if (preg_match('/\\.php$/i', $_FILES['file']['name'])) {
echo json_encode(array('success' => false, 'error' => __('Cannot upload PHP files due to security.')));
return;
}
// some browsers may urlencode the file name
$_FILES['file']['name'] = urldecode($_FILES['file']['name']);
if (@file_exists($root . $_POST['path'] . '/' . $_FILES['file']['name'])) {
<?php
/**
* Provides the JSON API for the admin file manager/browser.
*/
if (strpos($_SERVER['REQUEST_URI'], '/filemanager/api/ls') === 0) {
// do nothing
} elseif (strpos($_SERVER['REQUEST_URI'], '/filemanager/api/dirs') === 0) {
// do nothing
} elseif (!User::require_acl('admin', 'filemanager')) {
echo $this->restful_error(__('Forbidden'), 403);
return;
}
$this->restful(new filemanager\API());