/** * This method edits an existing semester or creates a new semester. * * @param mixed $id Id of the semester or null to create a semester. */ public function edit_action($id = null) { $this->semester = new Semester($id); PageLayout::setTitle($this->semester->isNew() ? _('Semester anlegen') : _('Semester bearbeiten')); if (Request::isPost()) { CSRFProtection::verifyUnsafeRequest(); // Extract values $this->semester->name = Request::get('name'); $this->semester->description = Request::get('description'); $this->semester->semester_token = Request::get('token'); $this->semester->beginn = $this->getTimeStamp('beginn'); $this->semester->ende = $this->getTimeStamp('ende', '23:59:59'); $this->semester->vorles_beginn = $this->getTimeStamp('vorles_beginn'); $this->semester->vorles_ende = $this->getTimeStamp('vorles_ende', '23:59:59'); // Validate $errors = $this->validateSemester($this->semester); // If valid, try to store the semester if (empty($errors) && $this->semester->isDirty() && !$this->semester->store()) { $errors[] = _('Fehler bei der Speicherung Ihrer Daten. Bitte überprüfen Sie Ihre Angaben.'); } // Output potential errors or show success message and relocate if (count($errors) === 1) { $error = reset($errors); PageLayout::postMessage(MessageBox::error($error)); } elseif (!empty($errors)) { $message = _('Ihre eingegebenen Daten sind ungültig.'); PageLayout::postMessage(MessageBox::error($message, $errors)); } else { $message = _('Das Semester wurde erfolgreich gespeichert.'); PageLayout::postMessage(MessageBox::success($message)); $this->relocate('admin/semester'); } $this->errors = $errors; } }
/** * This method edits existing holidays or creates new holidays * * @param mixed $id Id of the holiday or null to create one */ public function edit_action($id = null) { $this->holiday = new SemesterHoliday($id); PageLayout::setTitle($this->holiday->isNew() ? _('Ferien anlegen') : _('Ferien bearbeiten')); if (Request::isPost()) { CSRFProtection::verifyUnsafeRequest(); $this->holiday->name = Request::get('name'); $this->holiday->description = Request::get('description'); $this->holiday->beginn = $this->getTimeStamp('beginn'); $this->holiday->ende = $this->getTimeStamp('ende', '23:59:59'); $errors = array(); if (!$this->holiday->name) { $errors[] = _('Bitte geben Sie einen Namen ein.'); } if (!$this->holiday->beginn) { $errors[] = _('Bitte geben Sie einen Ferienbeginn ein.'); } if (!$this->holiday->ende) { $errors[] = _('Bitte geben Sie ein Ferienende ein.'); } if ($this->holiday->beginn > $this->holiday->ende) { $errors[] = _('Das Ferienende liegt vor dem Beginn.'); } if (!empty($errors)) { PageLayout::postMessage(MessageBox::error(_('Ihre eingegebenen Daten sind ungültig.'), $errors)); } elseif ($this->holiday->isDirty() && !$this->holiday->store()) { PageLayout::postMessage(MessageBox::error(_('Die Ferien konnten nicht gespeichert werden.'))); } else { PageLayout::postMessage(MessageBox::success(_('Die Ferien wurden erfolgreich gespeichert.'))); $this->relocate('admin/holidays'); } } }
public function delete_action($plugin_id) { $this->marketplugin = MarketPlugin::find($plugin_id); if (Request::submitted('delete') && $this->marketplugin->isWritable()) { CSRFProtection::verifyUnsafeRequest(); $this->marketplugin->delete(); $this->redirect('myplugins/overview'); } }
/** * Edits or creates a page. * * @param mixed $id Id of the page to edit; a new page will be created if * this parameter is omitted. */ public function edit_action($id = null) { if (Request::submitted('submit')) { CSRFProtection::verifyUnsafeRequest(); $scm = new StudipScmEntry($id); $scm->tab_name = Request::get('tab_name_template') ?: Request::get('tab_name'); $scm->content = Studip\Markup::purifyHtml(Request::get('content')); $scm->user_id = $GLOBALS['user']->id; $scm->range_id = $GLOBALS['SessSemName'][1]; if ($scm->isNew()) { $temp = StudipScmEntry::findByRange_id($GLOBALS['SessSemName'][1], 'ORDER BY position ASC'); $scms = SimpleORMapCollection::createFromArray($temp); $max = max($scms->pluck('position')); $scm->position = $max + 1; } if ($scm->store() !== false) { $message = MessageBox::success(_('Die Änderungen wurden übernommen.')); PageLayout::postMessage($message); } $this->redirect('course/scm/' . $scm->id); } $this->scm = new StudipScmEntry($id); $this->set_title(_('Informationsseite bearbeiten') . ': ' . $this->scm->tab_name); Navigation::activateItem('/course/scm/' . $this->scm->id); }
/** * Does the current rule allow the given user to register as participant * in the given course? Here, a given password (via the getInput method) is * compared to the stored encrypted one. * * @param String userId * @param String courseId * @return Boolean */ public function ruleApplies($userId, $courseId) { $errors = array(); if ($this->checkTimeFrame()) { if (Request::get('pwarule_password') === null) { $errors[] = _('Die Eingabe eines Passwortes ist erforderlich.'); } else { CSRFProtection::verifyUnsafeRequest(); $pwcheck = $this->hasher->CheckPassword(Request::get('pwarule_password'), $this->getPassword()); //migrated passwords $pwcheck_m = $this->hasher->CheckPassword(md5(Request::get('pwarule_password')), $this->getPassword()); if (!($pwcheck || $pwcheck_m)) { $errors[] = $this->getMessage(); } } } return $errors; }
/** * Saves the given user list to database. * * @param String $userlistId user list to save */ public function save_action($userlistId = '') { CSRFProtection::verifyUnsafeRequest(); $userlist = new AdmissionUserList($userlistId); $userlist->setName(Request::get('name'))->setFactor(Request::float('factor'))->setUsers(Request::getArray('users'))->setOwnerId($GLOBALS['user']->id); if ($userlist->store()) { PageLayout::postSuccess(_('Die Personenliste wurde gespeichert.')); } else { PageLayout::postError(_('Die Personenliste konnte nicht gespeichert werden.')); } $this->redirect('admission/userlist'); }
/** * Saves the given rule. * * @param String $ruleType The class name of the configured rule. * @param String $ruleId ID of the rule to save, or empty if this is a new rule. */ public function save_action($ruleType, $ruleId = '') { CSRFProtection::verifyUnsafeRequest(); $rules = AdmissionRule::getAvailableAdmissionRules(); $this->rule = new $ruleType($ruleId); $requestData = Request::getInstance(); // Check for start and end date and parse the String values to timestamps. if ($requestData['start_date']) { $parsed = date_parse($requestData['start_date']); $timestamp = mktime($parsed['hour'], $parsed['minute'], 0, $parsed['month'], $parsed['day'], $parsed['year']); $requestData['start_time'] = $timestamp; } if ($requestData['end_date']) { $parsed = date_parse($requestData['end_date']); $timestamp = mktime($parsed['hour'], $parsed['minute'], 0, $parsed['month'], $parsed['day'], $parsed['year']); $requestData['end_time'] = $timestamp; } $this->rule->setAllData($requestData); }
/** * handle common tasks for the romm request form * (set properties, searching etc.) */ public static function process_form($request, $admission_turnout = null) { if (Request::submitted('room_request_form')) { CSRFProtection::verifyUnsafeRequest(); if (Request::submitted('send_room')) { $request->setResourceId(Request::option('select_room')); } else { $request->setResourceId(Request::option('selected_room')); } if (Request::submitted('reset_resource_id')) { $request->setResourceId(''); } if (Request::submitted('reset_room_type')) { $request->setCategoryId(''); } if (Request::get('comment') !== null) { $request->setComment(Request::get('comment')); } if (Request::get('reply_recipients') !== null) { $request->reply_recipients = Request::get('reply_recipients'); } if (!Request::submitted('reset_room_type')) { $request->setCategoryId(Request::option('select_room_type')); } //Property Requests if ($request->getCategoryId()) { $request_property_val = Request::getArray('request_property_val'); foreach ($request->getAvailableProperties() as $prop) { if ($prop["system"] == 2) { //it's the property for the seat/room-size! if (Request::get('seats_are_admission_turnout') && $admission_turnout) { $request->setPropertyState($prop['property_id'], $admission_turnout); } else { if (!Request::submitted('send_room_type')) { $request->setPropertyState($prop['property_id'], abs($request_property_val[$prop['property_id']])); } } } else { $request->setPropertyState($prop['property_id'], $request_property_val[$prop['property_id']]); } } } if (Request::get('search_exp_room') && Request::submitted('search_room') || Request::submitted('search_properties')) { $tmp_search_result = $request->searchRoomsToRequest(Request::get('search_exp_room'), Request::submitted('search_properties')); $search_by_properties = Request::submitted('search_properties'); $search_result = array(); if (count($tmp_search_result)) { $timestamps = $events = array(); foreach ($request->getAffectedDates() as $date) { if (!isset($date->room_assignment)) { $timestamps[] = $date->date; $timestamps[] = $date->end_time; $event = new AssignEvent($date->id, $date->date, $date->end_time, null, null, ''); $events[$event->getId()] = $event; } } $check_result = array(); if (count($events)) { $checker = new CheckMultipleOverlaps(); $checker->setTimeRange(min($timestamps), max($timestamps)); foreach (array_keys($tmp_search_result) as $room) { $checker->addResource($room); } $checker->checkOverlap($events, $check_result, "assign_id"); } foreach ($tmp_search_result as $room_id => $name) { if (isset($check_result[$room_id])) { $details = $check_result[$room_id]; if (count($details) >= round(count($events) * Config::get()->RESOURCES_ALLOW_SINGLE_ASSIGN_PERCENTAGE / 100)) { $overlap_status = 'status-red'; } elseif (count($details)) { $overlap_status = 'status-yellow'; } } else { $overlap_status = 'status-green'; } $search_result[$room_id] = array('name' => $name, 'overlap_status' => $overlap_status); } } } } return compact('search_result', 'search_by_properties', 'request', 'admission_turnout'); }
function test_action() { if (Request::submitted('ok')) { CSRFProtection::verifyUnsafeRequest(); $test_api_key = trim(Request::get("test_api_key")); $test_method = trim(Request::get("test_method")); $test_ip = trim(Request::get("test_ip")); if ($test_api_key && $test_method && $test_ip) { if (WebserviceAccessRule::checkAccess($test_api_key, $test_method, $test_ip)) { PageLayout::postMessage(MessageBox::success(_("Zugriff erlaubt."))); } else { PageLayout::postMessage(MessageBox::error(_("Zugriff verboten."))); } } } }
/** * Prioritize courses. */ function claim_action() { CSRFProtection::verifyUnsafeRequest(); $user_id = $GLOBALS['user']->id; $courseset = CourseSet::getSetForCourse($this->course_id); if ($courseset->isSeatDistributionEnabled() && !count($courseset->checkAdmission($user_id, $this->course_id))) { if ($limit = $courseset->getAdmissionRule('LimitedAdmission')) { $admission_user_limit = Request::int('admission_user_limit'); if ($admission_user_limit && $admission_user_limit <= $limit->getMaxNumber()) { $limit->setCustomMaxNumber($user_id, $admission_user_limit); } $admission_prio = Request::getArray('admission_prio'); $max_prio = max($admission_prio); $admission_prio = array_map(function ($a) use(&$max_prio) { return $a > 0 ? $a : ++$max_prio; }, $admission_prio); if (count(array_unique($admission_prio)) != count(Request::getArray('admission_prio'))) { PageLayout::postMessage(MessageBox::info(_("Sie dürfen jede Priorität nur einmal auswählen. Überprüfen Sie bitte Ihre Auswahl!"))); } $old_prio_count = AdmissionPriority::unsetAllPrioritiesForUser($courseset->getId(), $user_id); if ($order_up = key(Request::getArray('admission_prio_order_up'))) { $prio_to_move = $admission_prio[$order_up]; $change_with = array_search($prio_to_move - 1, $admission_prio); $admission_prio[$order_up] = $prio_to_move - 1; $admission_prio[$change_with] = $prio_to_move; } if ($order_down = key(Request::getArray('admission_prio_order_down'))) { $prio_to_move = $admission_prio[$order_down]; $change_with = array_search($prio_to_move + 1, $admission_prio); $admission_prio[$order_down] = $prio_to_move + 1; $admission_prio[$change_with] = $prio_to_move; } if ($delete = key(Request::getArray('admission_prio_delete'))) { unset($admission_prio[$delete]); $changed = 1; $admission_prio = array_map(function ($a) { static $c = 1; return $c++; }, $admission_prio); } foreach ($admission_prio as $course_id => $p) { $changed += AdmissionPriority::setPriority($courseset->getId(), $user_id, $course_id, $p); } if ($changed || $old_prio_count && !count($admission_prio)) { if (count(AdmissionPriority::getPrioritiesByUser($courseset->getId(), $user_id))) { PageLayout::postMessage(MessageBox::success(_("Ihre Priorisierung wurde gespeichert."))); } else { PageLayout::postMessage(MessageBox::success(_("Ihre Anmeldung zur Platzvergabe wurde zurückgezogen."))); } } } else { if (Request::int('courseset_claimed')) { if (AdmissionPriority::setPriority($courseset->getId(), $user_id, $this->course_id, 1)) { PageLayout::postMessage(MessageBox::success(_("Ihre Anmeldung zur Platzvergabe wurde gespeichert."))); } } else { if (AdmissionPriority::unsetPriority($courseset->getId(), $user_id, $this->course_id)) { PageLayout::postMessage(MessageBox::success(_("Ihre Anmeldung zur Platzvergabe wurde zurückgezogen."))); } } } } $this->redirect($this->url_for('/apply/' . $this->course_id)); }
/** * Configure settings for several courses at once. * * @param String $set_id course set ID to fetch courses from * @param String $csv export course members to file */ public function configure_courses_action($set_id, $csv = null) { if (Request::isXhr()) { $this->response->add_header('X-Title', _('Ausgewählte Veranstaltungen konfigurieren')); } $courseset = new CourseSet($set_id); $this->set_id = $courseset->getId(); $this->courses = Course::findMany($courseset->getCourses(), "ORDER BY VeranstaltungsNummer, Name"); $this->applications = AdmissionPriority::getPrioritiesStats($courseset->getId()); $distinct_members = array(); $multi_members = array(); foreach ($this->courses as $course) { $all_members = $course->members->findBy('status', words('user autor'))->pluck('user_id'); $all_members = array_merge($all_members, $course->admission_applicants->findBy('status', words('accepted awaiting'))->pluck('user_id')); $all_members = array_unique($all_members); foreach ($all_members as $one) { $multi_members[$one]++; } $distinct_members = array_unique(array_merge($distinct_members, $all_members)); } $multi_members = array_filter($multi_members, function ($a) { return $a > 1; }); $this->count_distinct_members = count($distinct_members); $this->count_multi_members = count($multi_members); if ($csv == 'csv') { $captions = array(_("Nummer"), _("Name"), _("versteckt"), _("Zeiten"), _("Dozenten"), _("max. Teilnehmer"), _("Teilnehmer aktuell"), _("Anzahl Anmeldungen"), _("Anzahl Anmeldungen Prio 1"), _("Warteliste"), _("max. Anzahl Warteliste"), _("vorläufige Anmeldung"), _("verbindliche Anmeldung")); $data = array(); foreach ($this->courses as $course) { $row = array(); $row[] = $course->veranstaltungsnummer; $row[] = $course->name; $row[] = $course->visible ? _("nein") : _("ja"); $row[] = join('; ', $course->cycles->toString()); $row[] = join(', ', $course->members->findBy('status', 'dozent')->orderBy('position')->pluck('Nachname')); $row[] = $course->admission_turnout; $row[] = $course->getNumParticipants(); $row[] = $this->applications[$course->id]['c']; $row[] = $this->applications[$course->id]['h']; $row[] = $course->admission_disable_waitlist ? _("nein") : _("ja"); $row[] = $course->admission_waitlist_max > 0 ? $course->admission_waitlist_max : ''; $row[] = $course->admission_prelim ? _("ja") : _("nein"); $row[] = $course->admission_binding ? _("ja") : _("nein"); $data[] = $row; } $tmpname = md5(uniqid('tmp')); if (array_to_csv($data, $GLOBALS['TMP_PATH'] . '/' . $tmpname, $captions)) { $this->redirect(GetDownloadLink($tmpname, 'Veranstaltungen_' . $courseset->getName() . '.csv', 4, 'force')); return; } } if (in_array($csv, words('download_all_members download_multi_members'))) { $liste = array(); $multi_members = $all_participants = array(); foreach ($this->courses as $course) { $participants = $course->members->findBy('status', words('user autor'))->toGroupedArray('user_id', words('username vorname nachname email status')); $participants += $course->admission_applicants->findBy('status', words('accepted awaiting'))->toGroupedArray('user_id', words('username vorname nachname email status')); $all_participants += $participants; foreach (array_keys($participants) as $one) { $multi_members[$one][] = $course->name . ($course->veranstaltungsnummer ? '|' . $course->veranstaltungsnummer : ''); } foreach ($participants as $user_id => $part) { $liste[] = array($part['username'], $part['vorname'], $part['nachname'], $part['email'], $course->name . ($course->veranstaltungsnummer ? '|' . $course->veranstaltungsnummer : ''), $part['status']); } } if ($csv == 'download_all_members') { $captions = array(_("Username"), _("Vorname"), _("Nachname"), _("Email"), _("Veranstaltung"), _("Status")); if (count($liste)) { $tmpname = md5(uniqid('tmp')); if (array_to_csv($liste, $GLOBALS['TMP_PATH'] . '/' . $tmpname, $captions)) { $this->redirect(GetDownloadLink($tmpname, 'Gesamtteilnehmerliste_' . $courseset->getName() . '.csv', 4, 'force')); return; } } } else { $liste = array(); $multi_members = array_filter($multi_members, function ($a) { return count($a) > 1; }); $c = 0; $max_count = array(); foreach ($multi_members as $user_id => $courses) { $member = $all_participants[$user_id]; $liste[$c] = array($member['username'], $member['vorname'], $member['nachname'], $member['email']); foreach ($courses as $one) { $liste[$c][] = $one; } $max_count[] = count($courses); $c++; } $captions = array(_("Nutzername"), _("Vorname"), _("Nachname"), _("Email")); foreach (range(1, max($max_count)) as $num) { $captions[] = _("Veranstaltung") . ' ' . $num; } if (count($liste)) { $tmpname = md5(uniqid('tmp')); if (array_to_csv($liste, $GLOBALS['TMP_PATH'] . '/' . $tmpname, $captions)) { $this->redirect(GetDownloadLink($tmpname, 'Mehrfachanmeldungen_' . $courseset->getName() . '.csv', 4, 'force')); return; } } } } if (Request::submitted('configure_courses_save')) { CSRFProtection::verifyUnsafeRequest(); $admission_turnouts = Request::intArray('configure_courses_turnout'); $admission_waitlists = Request::intArray('configure_courses_disable_waitlist'); $admission_waitlists_max = Request::intArray('configure_courses_waitlist_max'); $admission_bindings = Request::intArray('configure_courses_binding'); $admission_prelims = Request::intArray('configure_courses_prelim'); $hidden = Request::intArray('configure_courses_hidden'); $ok = 0; foreach ($this->courses as $course) { if ($GLOBALS['perm']->have_studip_perm('admin', $course->id)) { $do_update_admission = $course->admission_turnout < $admission_turnouts[$course->id]; $course->admission_turnout = $admission_turnouts[$course->id]; $course->admission_disable_waitlist = isset($admission_waitlists[$course->id]) ? 0 : 1; $course->admission_waitlist_max = $course->admission_disable_waitlist ? 0 : $admission_waitlists_max[$course->id]; $course->admission_binding = @$admission_bindings[$course->id] ?: 0; $course->admission_prelim = @$admission_prelims[$course->id] ?: 0; $course->visible = @$hidden[$course->id] ? 0 : 1; $ok += $course->store(); if ($do_update_admission) { update_admission($course->id); } } } if ($ok) { PageLayout::postMessage(MessageBox::success(_("Die zugeordneten Veranstaltungen wurden konfiguriert."))); } $this->redirect($this->url_for('admission/courseset/configure/' . $courseset->getId())); return; } }
/** * TODO documentation */ public static function verifyWritePermission($permission) { self::verifyPostRequest(); \CSRFProtection::verifyUnsafeRequest(); self::verifyStudipPermission($permission); }
function instant_course_set_action() { $this->response->add_header('X-Title', _('Neue Anmelderegel')); list($type, $another_type) = explode('_', Request::option('type')); list($rule_id, $another_rule_id) = explode('_', Request::option('rule_id')); $rule_types = AdmissionRule::getAvailableAdmissionRules(true); if (isset($rule_types[$type])) { $rule = new $type($rule_id); if (isset($rule_types[$another_type])) { $another_rule = new $another_type($another_rule_id); } $course_set = CourseSet::getSetForRule($rule_id) ?: new CourseSet(); if (Request::isPost() && Request::submitted('save') || $rule instanceof LockedAdmission) { if ($rule instanceof LockedAdmission) { $course_set_id = CourseSet::getGlobalLockedAdmissionSetId(); CourseSet::addCourseToSet($course_set_id, $this->course_id); PageLayout::postMessage(MessageBox::success(_("Die Veranstaltung wurde gesperrt."))); $this->redirect($this->url_for('/index')); return; } else { CSRFProtection::verifyUnsafeRequest(); $rule->setAllData(Request::getInstance()); $errors = $rule->validate(Request::getInstance()); if ($another_rule) { $another_rule->setAllData(Request::getInstance()); $errors = array_merge($errors, $another_rule->validate(Request::getInstance())); } if (!strlen(trim(Request::get('instant_course_set_name')))) { $errors[] = _("Bitte geben Sie einen Namen für die Anmelderegel ein!"); } else { $course_set->setName(trim(Request::get('instant_course_set_name'))); } if (count($errors)) { PageLayout::postMessage(MessageBox::error(_("Speichern fehlgeschlagen"), array_map('htmlready', $errors))); } else { $rule->store(); $course_set->setPrivate(true); $course_set->addAdmissionRule($rule); $course_set->setAlgorithm(new RandomAlgorithm()); //TODO $course_set->setCourses(array($this->course_id)); if ($another_rule) { $course_set->addAdmissionRule($another_rule); } $course_set->store(); PageLayout::postMessage(MessageBox::success(_("Die Anmelderegel wurde erzeugt und der Veranstaltung zugewiesen."))); $this->redirect($this->url_for('/index')); return; } } } if (!$course_set->getId()) { $course_set->setName($rule->getName() . ': ' . $this->course->name); } $this->rule_template = $rule->getTemplate(); $this->type = $type; $this->rule_id = $rule_id; if ($another_rule) { $this->type = $this->type . '_' . $another_type; $this->rule_id = $this->rule_id . '_' . $another_rule->getId(); $this->rule_template = $this->rule_template . $another_rule->getTemplate(); } $this->course_set_name = $course_set->getName(); } else { throw new Trails_Exception(400); } }
/** * set the lock rule * * @return void */ public function set_lock_rule_action() { CSRFProtection::verifyUnsafeRequest(); if (!$GLOBALS['perm']->have_studip_perm('admin', $GLOBALS['SessionSeminar'])) { throw new AccessDeniedException(); } $course = Course::findCurrent(); if ($course) { $rule_id = Request::get('lock_sem') != 'none' ? Request::get('lock_sem') : null; $course->lock_rule = $rule_id; if ($course->store()) { if (!is_null($rule_id)) { $lock_rule = LockRule::find($rule_id); $msg = sprintf(_('Die Sperrebene %s wurde erfolgreich übernommen!'), $lock_rule->name); } else { $msg = _('Die Sperrebene wurde erfolgreich zurückgesetzt!'); } PageLayout::postMessage(MessageBox::success($msg)); } } $this->relocate($this->url_for('/index')); }
/** * Updates the activation status of user's homepage plugins. */ public function update_action() { CSRFProtection::verifyUnsafeRequest(); $manager = PluginManager::getInstance(); $modules = Request::optionArray('modules'); $success = null; // Plugins foreach ($this->plugins as $plugin) { // Check local activation status. $id = $plugin->getPluginId(); $state_before = $manager->isPluginActivatedForUser($id, $this->user_id); $state_after = in_array($id, $modules); if ($state_before !== $state_after) { $updated = $manager->setPluginActivated($id, $this->user_id, $state_after, 'user'); $success = $success || $updated; } } if ($success === true) { $message = MessageBox::success(_('Ihre Änderungen wurden gespeichert.')); } elseif ($success === false) { $message = MessageBox::error(_('Ihre Änderungen konnten nicht gespeichert werden.')); } if ($message) { PageLayout::postMessage($message); } $this->redirect($this->url_for('profilemodules/index', array('username' => $this->username))); }
public function delete_tag_action() { CSRFProtection::verifyUnsafeRequest(); DbManager::get()->execute("DELETE FROM message_tags WHERE user_id=? AND tag LIKE ?", array($GLOBALS['user']->id, Request::get('tag'))); PageLayout::postMessage(MessageBox::success(_('Schlagwort gelöscht!'))); $this->redirect($this->url_for('messages/overview')); }
/** * Editview: Change user-parameter for one user (value) * * @param String $user_id */ public function edit_user_config_action($user_id) { PageLayout::setTitle(_('Konfigurationsparameter editieren')); $field = Request::get('id'); if (Request::isPost()) { CSRFProtection::verifyUnsafeRequest(); $value = Request::get('value'); if ($this->validateInput($field, $value)) { UserConfig::get($user_id)->store($field, $value); $message = sprintf(_('Der Konfigurationseintrag: %s wurde erfolgreich geändert!'), $field); PageLayout::postMessage(MessageBox::success($message)); $this->redirect('admin/configuration/user_configuration?user_id=' . $user_id); } } $this->config = ConfigurationModel::showUserConfiguration($user_id, $field); $this->user_id = $user_id; $this->field = $field; $this->value = $this->flash['value'] ?: null; }
/** * Installs a new admission rule. */ public function install_action() { CSRFProtection::verifyUnsafeRequest(); try { if ($this->flash['upload_file']) { $uploadFile = $this->flash['upload_file']; } else { $uploadFile = $_FILES['upload_file']['tmp_name']; } $ruleAdmin = new RuleAdministrationModel(); $ruleAdmin->install($uploadFile); $this->flash['success'] = _('Die Anmelderegel wurde erfolgreich installiert.'); if (isset($uploadFile)) { unlink($uploadFile); } $this->redirect('admission/ruleadministration'); } catch (Exception $e) { $this->flash['error'] = $e->getMessage(); $this->redirect('admission/ruleadministration'); } }
public function edit_automaticupdate_action($plugin_id = null) { $this->plugin = $plugin_id ? PluginManager::getInstance()->getPluginInfoById($plugin_id) : array(); if (Request::isPost()) { CSRFProtection::verifyUnsafeRequest(); $this->check_ticket(); if (!$plugin_id) { $plugin_id = $this->plugin_admin->installPluginFromURL(Request::get("automatic_update_url")); $this->plugin = PluginManager::getInstance()->getPluginInfoById($plugin_id); } $token = $this->plugin['automatic_update_secret'] ?: md5(uniqid()); $statement = DBManager::get()->prepare("\n UPDATE plugins\n SET automatic_update_url = :url,\n automatic_update_secret = :secret\n WHERE pluginid = :id\n "); $statement->execute(array('id' => $plugin_id, 'url' => Request::get("automatic_update_url"), 'secret' => Request::get("use_security_token") ? $token : null)); PageLayout::postMessage(MessageBox::success(_("Daten gespeichert."))); if (Request::get("use_security_token")) { PageLayout::postMessage(MessageBox::info(_("Unten können Sie den Security Token jetzt heraus kopieren."))); } $this->redirect("admin/plugin/edit_automaticupdate/" . $plugin_id); } if (Request::isXhr()) { $this->set_layout(null); if ($plugin_id) { $this->response->add_header('X-Title', sprintf(_("Automatisches Update für %s"), $this->plugin['name'])); } else { $this->response->add_header('X-Title', _("Plugin von URL installieren")); } $this->set_content_type('text/html;charset=windows-1252'); } }
/** * */ public function remove_plugin_action($role_id, $plugin_id) { CSRFProtection::verifyUnsafeRequest(); $role = self::getRole($role_id); $ids = $this->getPlugins($role_id, $plugin_id); foreach ($ids as $id) { RolePersistence::deleteAssignedPluginRoles($id, array($role_id)); } $template = ngettext('Einem Plugin wurde die Rolle entzogen.', '%u Plugins wurde die Rolle entzogen.', count($ids)); $message = sprintf($template, count($ids)); PageLayout::postMessage(MessageBox::success($message)); $this->redirect('admin/role/show_role/' . $role_id); }
function handle_form_data() { CSRFProtection::verifyUnsafeRequest(); $this->lock_rule->name = Request::get('lockdata_name'); $this->lock_rule->description = Request::get('lockdata_description'); $this->lock_rule->permission = Request::option('lockdata_permission'); $this->lock_rule->attributes = Request::intArray('lockdata_attributes'); if (!$this->lock_rule->name) { $this->msg['error'][] = _('Bitte geben Sie einen Namen für die Sperrebene an!'); return false; } return $this->lock_rule->store(); }
/** * Action which is used for handling all submits for no-JavaScript * users: * * searching, * * adding a person, * * removing a person, * * selcting a quickfilter, * * aborting, * * saving. * * This needs to be done in one single action to provider a similar * usability for no-JavaScript users as for JavaScript users. */ public function no_js_form_action() { if (!empty($_POST)) { CSRFProtection::verifyUnsafeRequest(); } $this->name = Request::get("name"); $mp = MultiPersonSearch::load($this->name); $this->selectableUsers = array(); $this->selectedUsers = array(); $this->search = Request::get("freesearch"); $this->additionHTML = $mp->getAdditionHTML(); $previousSelectableUsers = unserialize(studip_utf8decode(Request::get('search_persons_selectable_hidden'))); $previousSelectedUsers = unserialize(studip_utf8decode(Request::get('search_persons_selected_hidden'))); // restore quickfilter $this->quickfilterIDs = $mp->getQuickfilterIds(); foreach ($this->quickfilterIDs as $title => $array) { $this->quickfilter[] = $title; } // abort if (Request::submitted('abort')) { $this->redirect($_SESSION['multipersonsearch'][$this->name]['pageURL']); } elseif (Request::submitted('submit_search')) { // evaluate search $this->selectedUsers = User::findMany($previousSelectedUsers); $searchterm = Request::get('freesearch'); $searchObject = $mp->getSearchObject(); $result = array_map(function ($r) { return $r['user_id']; }, $searchObject->getResults($searchterm, array(), 50)); $this->selectableUsers = User::findMany($result); // remove already selected users foreach ($this->selectableUsers as $key => $user) { if (in_array($user->id, $previousSelectedUsers) || in_array($user->id, $mp->getDefaultSelectedUsersIDs())) { unset($this->selectableUsers[$key]); $this->alreadyMemberUsers[$key] = $user; } } } elseif (Request::submitted('submit_search_preset')) { $this->selectedUsers = User::findMany($previousSelectedUsers); $this->selectableUsers = User::findMany($this->quickfilterIDs[Request::get('search_preset')]); // remove already selected users foreach ($this->selectableUsers as $key => $user) { if (in_array($user->id, $previousSelectedUsers) || in_array($user->id, $mp->getDefaultSelectedUsersIDs())) { unset($this->selectableUsers[$key]); } } } elseif (Request::submitted('search_persons_add')) { // add users foreach (Request::optionArray('search_persons_selectable') as $userID) { if (($key = array_search($userID, $previousSelectableUsers)) !== false) { unset($previousSelectableUsers[$key]); } $previousSelectedUsers[] = $userID; } $this->selectedUsers = User::findMany($previousSelectedUsers); $this->selectableUsers = User::findMany($previousSelectableUsers); } elseif (Request::submitted('search_persons_remove')) { // remove users foreach (Request::optionArray('search_persons_selected') as $userID) { if (($key = array_search($userID, $previousSelectedUsers)) !== false) { unset($previousSelectedUsers[$key]); } $previousSelectableUsers[] = $userID; } $this->selectedUsers = User::findMany($previousSelectedUsers); $this->selectableUsers = User::findMany($previousSelectableUsers); } elseif (Request::submitted('save')) { // find added users $addedUsers = array(); $defaultSelectedUsersIDs = $searchObject = $mp->getDefaultSelectedUsersIDs(); foreach ($previousSelectedUsers as $selected) { if (!in_array($selected, $defaultSelectedUsersIDs)) { $addedUsers[] = $selected; } } // find removed users $removedUsers = array(); foreach ($defaultSelectedUsersIDs as $default) { if (!in_array($default, $previousSelectedUsers)) { $removedUsers[] = $default; } } $_SESSION['multipersonsearch'][$this->name]['selected'] = $previousSelectedUsers; $_SESSION['multipersonsearch'][$this->name]['added'] = $addedUsers; $_SESSION['multipersonsearch'][$this->name]['removed'] = $removedUsers; // redirect to action which handles the form data $this->redirect($mp->getExecuteURL()); } else { // get selected and selectable users from SESSION $this->defaultSelectableUsersIDs = $mp->getDefaultSelectableUsersIDs(); $this->defaultSelectedUsersIDs = $mp->getDefaultSelectedUsersIDs(); $this->selectableUsers = User::findMany($this->defaultSelectableUsersIDs); $this->selectedUsers = array(); } // save selected/selectable users in hidden form fields $this->selectableUsers = new SimpleCollection($this->selectableUsers); $this->selectableUsers->orderBy("nachname asc, vorname asc"); $this->selectableUsersHidden = $this->selectableUsers->pluck('id'); $this->selectedUsers = new SimpleCollection($this->selectedUsers); $this->selectedUsers->orderBy("nachname asc, vorname asc"); $this->selectedUsersHidden = $this->selectedUsers->pluck('id'); $this->selectableUsers->orderBy('nachname, vorname'); $this->selectedUsers->orderBy('nachname, vorname'); // set layout data $this->set_layout($GLOBALS['template_factory']->open('layouts/base')); $this->title = $mp->getTitle(); $this->description = $mp->getDescription(); $this->pageURL = $mp->getPageURL(); if ($mp->getNavigationItem() != "") { Navigation::activateItem($mp->getNavigationItem()); } }
function testUnsafeXHRWithToken() { $_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XmlHttpRequest'; $_POST['security_token'] = $this->token; CSRFProtection::verifyUnsafeRequest(); }
if ($rechte && Request::submitted('delete_selected')) { $download_ids = Request::optionArray('download_ids'); if (count($download_ids) > 0) { $files_to_delete = array_map(function($f) {return htmlReady(StudipDocument::find($f)->filename) . '<input type="hidden" name="download_ids[]" value="' . $f . '">';}, $download_ids); $template = $template_factory->open('usermanagement/question_form.php'); $template->set_attribute('question', _('Möchten Sie die ausgewählten Dateien wirklich löschen?')); $template->set_attribute('elements', array('<ul><li>' . join('</li><li>', $files_to_delete) . '</li></ul>')); $template->set_attribute('approvalbutton', Button::createAccept(_('JA!'), 'delete')); $template->set_attribute('disapprovalbutton', Button::createCancel(_('NEIN!'))); $template->set_attribute('action', URLHelper::getLink()); $question = $template->render(); } } if ($rechte && Request::submitted('delete') && count(Request::optionArray('download_ids'))) { CSRFProtection::verifyUnsafeRequest(); $deleted = 0; foreach (Request::optionArray('download_ids') as $one) { $deleted += delete_document($one); } if ($deleted) { $msg .= "msg§" . sprintf(_("Es wurden %s Dateien gelöscht."), $deleted) . '§'; } } /////////////////////////////////////////////////////////// //Ajax-Funktionen /////////////////////////////////////////////////////////// if ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
/** * updates studygroups with respect to the corresponding form data * * @param string id of a studygroup * * @return void */ function update_action($id) { global $perm; // if we are permitted to edit the studygroup get some data... if ($perm->have_studip_perm('dozent', $id)) { $errors = array(); $admin = $perm->have_studip_perm('admin', $id); $founders = StudygroupModel::getFounders($id); $sem = new Seminar($id); $sem_class = $GLOBALS['SEM_CLASS'][$GLOBALS['SEM_TYPE'][$sem->status]['class']]; CSRFProtection::verifyUnsafeRequest(); if (Request::get('abort_deactivate')) { // let's do nothing and go back to the studygroup return $this->redirect('course/studygroup/edit/' . $id); } else { if (Request::get('really_deactivate')) { $modules = Request::optionArray('deactivate_modules'); $plugins = Request::optionArray('deactivate_plugins'); // really deactive modules // 1. Modules if (is_array($modules)) { $mods = new Modules(); $admin_mods = new AdminModules(); $bitmask = $sem->modules; foreach ($modules as $key) { $module_name = $sem_class->getSlotModule($key); if ($module_name && ($sem_class->isModuleMandatory($module_name) || !$sem_class->isModuleAllowed($module_name))) { continue; } $mods->clearBit($bitmask, $mods->registered_modules[$key]["id"]); $methodDeactivate = "module" . ucfirst($key) . "Deactivate"; if (method_exists($admin_mods, $methodDeactivate)) { $admin_mods->{$methodDeactivate}($sem->id); $studip_module = $sem_class->getModule($key); if (is_a($studip_module, "StandardPlugin")) { PluginManager::getInstance()->setPluginActivated($studip_module->getPluginId(), $id, false); } } } $sem->modules = $bitmask; $sem->store(); } // 2. Plugins if (is_array($plugins)) { $plugin_manager = PluginManager::getInstance(); $available_plugins = StudygroupModel::getInstalledPlugins(); foreach ($plugins as $class) { $plugin = $plugin_manager->getPlugin($class); // Deaktiviere Plugin if ($available_plugins[$class] && !$sem_class->isModuleMandatory($class) && !$sem_class->isSlotModule($class)) { $plugin_manager->setPluginActivated($plugin->getPluginId(), $id, false); } } } // Success message $this->flash['success'] .= _("Inhaltselement(e) erfolgreich deaktiviert."); return $this->redirect('course/studygroup/edit/' . $id); } else { if (Request::submitted('replace_founder')) { // retrieve old founder $old_dozent = current(StudygroupModel::getFounder($id)); // remove old founder StudygroupModel::promote_user($old_dozent['uname'], $id, 'tutor'); // add new founder $new_founder = Request::option('choose_founder'); StudygroupModel::promote_user(get_username($new_founder), $id, 'dozent'); //checks } else { // test whether we have a group name... if (!Request::get('groupname')) { $errors[] = _("Bitte Gruppennamen angeben"); //... if so, test if this is not taken by another group } else { $query = "SELECT 1 FROM seminare WHERE name = ? AND Seminar_id != ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array(Request::get('groupname'), $id)); if ($statement->fetchColumn()) { $errors[] = _("Eine Veranstaltung/Studiengruppe mit diesem Namen existiert bereits. Bitte wählen Sie einen anderen Namen"); } } if (count($errors)) { $this->flash['errors'] = $errors; $this->flash['edit'] = true; // Everything seems fine, let's update the studygroup } else { $sem->name = Request::get('groupname'); // seminar-class quotes itself $sem->description = Request::get('groupdescription'); // seminar-class quotes itself $sem->read_level = 1; $sem->write_level = 1; $sem->visible = 1; if (Request::get('groupaccess') == 'all') { $sem->admission_prelim = 0; } else { $sem->admission_prelim = 1; if (Config::get()->STUDYGROUPS_INVISIBLE_ALLOWED && Request::get('groupaccess') == 'invisible') { $sem->visible = 0; } $sem->admission_prelim_txt = _("Die ModeratorInnen der Studiengruppe können Ihren Aufnahmewunsch bestätigen oder ablehnen. Erst nach Bestätigung erhalten Sie vollen Zugriff auf die Gruppe."); } // get the current bitmask $mods = new Modules(); $admin_mods = new AdminModules(); $bitmask = $sem->modules; // de-/activate modules $available_modules = StudygroupModel::getInstalledModules(); $orig_modules = $mods->getLocalModules($sem->id, "sem"); $active_plugins = Request::getArray("groupplugin"); $deactivate_modules = array(); foreach (array_keys($available_modules) as $key) { $module_name = $sem_class->getSlotModule($key); if (!$module_name || $module_name && ($sem_class->isModuleMandatory($module_name) || !$sem_class->isModuleAllowed($module_name))) { continue; } if (!$module_name) { $module_name = $key; } if ($active_plugins[$module_name]) { // activate modules $mods->setBit($bitmask, $mods->registered_modules[$key]["id"]); if (!$orig_modules[$key]) { $methodActivate = "module" . ucfirst($key) . "Activate"; if (method_exists($admin_mods, $methodActivate)) { $admin_mods->{$methodActivate}($sem->id); $studip_module = $sem_class->getModule($key); if (is_a($studip_module, "StandardPlugin")) { PluginManager::getInstance()->setPluginActivated($studip_module->getPluginId(), $id, true); } } } } else { // prepare for deactivation // (user will have to confirm) if ($orig_modules[$key]) { $deactivate_modules[] = $key; } } } $this->flash['deactivate_modules'] = $deactivate_modules; $sem->modules = $bitmask; $sem->store(); // de-/activate plugins $available_plugins = StudygroupModel::getInstalledPlugins(); $plugin_manager = PluginManager::getInstance(); $deactivate_plugins = array(); foreach ($available_plugins as $key => $name) { $plugin = $plugin_manager->getPlugin($key); $plugin_id = $plugin->getPluginId(); if ($active_plugins[$key] && $name && $sem_class->isModuleAllowed($key)) { $plugin_manager->setPluginActivated($plugin_id, $id, true); } else { if ($plugin_manager->isPluginActivated($plugin_id, $id) && !$sem_class->isSlotModule($key)) { $deactivate_plugins[$plugin_id] = $key; } } } $this->flash['deactivate_plugins'] = $deactivate_plugins; } } } } } if (!$this->flash['errors'] && !$deactivate_modules && !$deactivate_plugins) { // Everything seems fine $this->flash['success'] = _("Die Änderungen wurden erfolgreich übernommen."); } // let's go to the studygroup $this->redirect('course/studygroup/edit/' . $id); }
/** * Deletes an institute * @param String $i_id Institute id */ public function delete_action($i_id) { CSRFProtection::verifyUnsafeRequest(); // Missing parameter if (!Request::get('i_kill')) { return $this->redirect('institute/basicdata/index/' . $i_id); } // Invalid ticket if (!check_ticket(Request::option('studipticket'))) { PageLayout::postMessage(MessageBox::error(_('Ihr Ticket ist abgelaufen. Versuchen Sie die letzte Aktion erneut.'))); return $this->redirect('institute/basicdata/index/' . $i_id); } // User may not delete this institue if (!$GLOBALS['perm']->have_perm('root') && !($GLOBALS['perm']->is_fak_admin() && get_config('INST_FAK_ADMIN_PERMS') === 'all')) { PageLayout::postMessage(MessageBox::error(_('Sie haben nicht die Berechtigung Fakultäten zu löschen!'))); return $this->redirect('institute/basicdata/index/' . $i_id); } $institute = Institute::find($i_id); if ($institute === null) { throw new Exception('Invalid institute id'); } // Institut in use? if (count($institute->home_courses)) { PageLayout::postMessage(MessageBox::error(_('Diese Einrichtung kann nicht gelöscht werden, da noch Veranstaltungen an dieser Einrichtung existieren!'))); return $this->redirect('institute/basicdata/index/' . $i_id); } // Institute has sub institutes? if (count($institute->sub_institutes)) { PageLayout::postMessage(MessageBox::error(_('Diese Einrichtung kann nicht gelöscht werden, da sie den Status Fakultät hat und noch andere Einrichtungen zugeordnet sind!'))); return $this->redirect('institute/basicdata/index/' . $i_id); } // Is the user allowed to delete faculties? if ($institute->is_fak && !$GLOBALS['perm']->have_perm('root')) { PageLayout::postMessage(MessageBox::error(_('Sie haben nicht die Berechtigung Fakultäten zu löschen!'))); return $this->redirect('institute/basicdata/index/' . $i_id); } // Save users, name and number of courses $user_ids = $institute->members->pluck('user_id'); $i_name = $institute->name; $i_courses = count($institute->courses); // Delete that institute if (!$institute->delete()) { PageLayout::postMessage(MessageBox::error(_('Die Einrichtung konnte nicht gelöscht werden.'))); } else { $details = array(); // logging - put institute's name in info - it's no longer derivable from id afterwards log_event('INST_DEL', $i_id, NULL, $i_name); // set a suitable default institute for each user foreach ($user_ids as $user_id) { log_event('INST_USER_DEL', $i_id, $user_id); checkExternDefaultForUser($user_id); } if (count($user_ids)) { $details[] = sprintf(_('%u Mitarbeiter gelöscht.'), count($user_ids)); } // Report number of formerly associated courses if ($i_courses) { $details[] = sprintf(_('%u Beteiligungen an Veranstaltungen gelöscht'), $i_courses); } // delete literatur $del_lit = StudipLitList::DeleteListsByRange($i_id); if ($del_lit) { $details[] = sprintf(_('%u Literaturlisten gelöscht.'), $del_lit['list']); } // delete news-links StudipNews::DeleteNewsRanges($i_id); //delete entry in news_rss_range StudipNews::UnsetRssId($i_id); //updating range_tree $query = "UPDATE range_tree SET name = ?, studip_object = '', studip_object_id = '' WHERE studip_object_id = ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array(_('(in Stud.IP gelöscht)'), $i_id)); if (($db_ar = $statement->rowCount()) > 0) { $details[] = sprintf(_('%u Bereiche im Einrichtungsbaum angepasst.'), $db_ar); } // Statusgruppen entfernen if ($db_ar = DeleteAllStatusgruppen($i_id) > 0) { $details[] = sprintf(_('%s Funktionen/Gruppen gelöscht.'), $db_ar); } //kill the datafields DataFieldEntry::removeAll($i_id); //kill all wiki-pages $removed_wiki_pages = 0; foreach (array('', '_links', '_locks') as $area) { $query = "DELETE FROM wiki{$area} WHERE range_id = ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array($i_id)); $removed_wiki_pages += $statement->rowCount(); } if ($removed_wiki_pages > 0) { $details[] = sprintf(_('%u Wikiseiten gelöscht.')); } // kill all the ressources that are assigned to the Veranstaltung (and all the linked or subordinated stuff!) if (get_config('RESOURCES_ENABLE')) { $killAssign = new DeleteResourcesUser($i_id); $killAssign->delete(); } // delete all configuration files for the "extern modules" if (get_config('EXTERN_ENABLE')) { $counts = ExternConfig::DeleteAllConfigurations($i_id); if ($counts) { $details[] = sprintf(_('%u Konfigurationsdateien für externe Seiten gelöscht.'), $counts); } } // delete all contents in forum-modules foreach (PluginEngine::getPlugins('ForumModule') as $plugin) { $plugin->deleteContents($i_id); // delete content irrespective of plugin-activation in the seminar if ($plugin->isActivated($i_id)) { // only show a message, if the plugin is activated, to not confuse the user $details[] = sprintf(_('Einträge in %s gelöscht.'), $plugin->getPluginName()); } } // Delete assigned documents $db_ar = delete_all_documents($i_id); if ($db_ar > 0) { $details[] = sprintf(_('%u Dokumente gelöscht.'), $db_ar); } //kill the object_user_vists for this institut object_kill_visits(null, $i_id); // Report success with details $message = sprintf(_('Die Einrichtung "%s" wurde gelöscht!'), $i_name); PageLayout::postMessage(MessageBox::success($message, $details)); } $this->redirect('institute/basicdata/index?cid='); }
/** * Deletes the given entry from step registry. * @param $id ID of the entry to delete */ public function delete_action($id) { CSRFProtection::verifyUnsafeRequest(); if (Request::submitted('delete')) { $step = CourseWizardStepRegistry::find($id); if ($step) { $name = $step->name; if (CourseWizardStepRegistry::unregisterStep($id)) { PageLayout::postMessage(MessageBox::success(sprintf(_('Der Schritt "%s" wurde gelöscht.'), $name))); } else { PageLayout::postMessage(MessageBox::error(sprintf(_('Der Schritt %s konnte nicht gelöscht werden.'), $name))); } } } $this->redirect($this->url_for('admin/coursewizardsteps')); }
/** * Cancel the subscription of a selected user or group of users * @param String $cmd * @param String $status * @param String $user_id * @throws AccessDeniedException */ public function cancel_subscription_action($cmd, $status, $user_id = null) { if (!$this->is_tutor) { throw new AccessDeniedException('Sie sind nicht berechtigt, auf diesen Teil des Systems zuzugreifen'); } if (!Request::submitted('no')) { if (Request::submitted('yes')) { CSRFProtection::verifyUnsafeRequest(); $users = Request::getArray('users'); if (!empty($users)) { if (in_array($status, words('accepted awaiting claiming'))) { $msgs = $this->members->cancelAdmissionSubscription($users, $status); } else { $msgs = $this->members->cancelSubscription($users); } // deleted authors if (!empty($msgs)) { if (count($msgs) <= 5) { PageLayout::postMessage(MessageBox::success(sprintf(_("%s %s wurde aus der Veranstaltung ausgetragen."), htmlReady($this->status_groups[$status]), htmlReady(join(', ', $msgs))))); } else { PageLayout::postMessage(MessageBox::success(sprintf(_("%u %s wurden aus der Veranstaltung entfernt."), count($msgs), htmlReady($this->status_groups[$status])))); } } } else { PageLayout::postMessage(MessageBox::error(sprintf(_('Sie haben keine %s zum Austragen ausgewählt')), $this->status_groups[$status])); } } else { if ($cmd == "singleuser") { $users = array($user_id); } else { // create a usable array foreach ($this->flash['users'] as $user => $val) { if ($val) { $users[] = $user; } } } $this->flash['status'] = $status; $this->flash['delete'] = $users; } } $this->redirect('course/members/index'); }
public function propose_usage_action($plugin_id) { $this->plugin = new MarketPlugin($plugin_id); // Submit propose usage if (Request::submitted('propose')) { CSRFProtection::verifyUnsafeRequest(); MarketPluginUsage::create(array('plugin_id' => $plugin_id, 'user_id' => User::findCurrent()->id, 'name' => Request::get('used_at'))); $this->redirect('presenting/details/' . $plugin_id); } $this->most_used = DBManager::get()->fetchFirst('SELECT name FROM pluginmarket_plugin_usages WHERE user_id = ? AND name NOT IN (SELECT name FROM pluginmarket_plugin_usages WHERE plugin_id = ?) GROUP BY name ORDER BY count(*)', array(User::findCurrent()->id, $plugin_id)); }
function stop_action($id) { CSRFProtection::verifyUnsafeRequest(); $ok = $this->question->stop(); if ($ok) { $this->response->set_status(204); $this->render_nothing(); } else { throw new Trails_Exception(400, "Could not stop"); } }