function run() { global $SITE, $DB, $Templates; $_POST->setType('vis', 'any', true); $_POST->setType('def', 'string', true); $_REQUEST->setType('upd', 'any'); $properties = $DB->setset->asArray(false, false, false, false, 'property'); if ($_POST['def']) { $vis = $_POST['vis']; $def = $_POST['def']; foreach ($properties as $property) { $property = $property['property']; Settings::changeSetting($property, false, false, $vis[$property]); $SITE->settings[$property] = $def[$property]; } redirect(url(array('upd' => 1), true)); } if ($_REQUEST['upd']) { Flash::create(__('Settings updated'), 'confirmation'); } __autoload('Form'); $TRs = array(); $settings_types = array(__('Administrator-specified'), __('User level, pre-specified'), __('User level, self-specified'), __('User- or group level, pre-specified'), __('User- or group level , self-specified'), __('Group level, pre-specified'), __('Group level, self-specified')); foreach ($properties as $property) { $TRs[] = new Tablerow(Settings::name($property['property']), new Select(false, 'vis[' . $property['property'] . ']', $settings_types, $property['visible']), Settings::display($property['type'], false, 'def[' . $property['property'] . ']', $SITE->settings[$property['property']], $property['description'], $property['set'])); } $form = new Form('sitesettings'); $this->setContent('header', __('Default user settings')); $this->setContent('main', $form->collection(new Table(new Tableheader(__('Property'), __('Type'), __('Property default')), $TRs))); $Templates->admin->render(); }
/** * In this function, most actions of the module are carried out and the page generation is started, distibuted and rendered. * @return void * @see solidbase/lib/Page#run() */ function run() { global $Templates, $USER, $CONFIG, $Controller, $DB; if (!$this->may($USER, READ | EDIT)) { errorPage('401'); return false; } /** * User input types */ $_REQUEST->setType('order', 'numeric', true); $_REQUEST->setType('expand', 'bool'); $_REQUEST->setType('del', 'numeric'); if ($_REQUEST['del']) { if ($Controller->{$_REQUEST['del']} && $Controller->{$_REQUEST['del']}->delete()) { Flash::create(__('Newsitem removed'), 'confirmation'); } } /** * Here, the page request and permissions decide what should be shown to the user */ $this->setContent('header', __('News')); $this->setContent('main', $this->mainView()); $Templates->admin->render(); }
function run() { global $Templates, $CONFIG, $DB, $Controller; $_REQUEST->setType('flash', 'any'); if ($_REQUEST->valid('flash')) { Flash::create($_REQUEST['flash'] . '_flash_1', $_REQUEST['flash']); } $_REQUEST->setType('addToConfig', 'any'); if ($_REQUEST->valid('addToConfig')) { $CONFIG->Frontpage->setType('NewsItems', 'text'); $CONFIG->Frontpage->setDescription('NewsItems', 'Number of news items displayed'); $CONFIG->Frontpage->NewsItems = 5; } $content = ''; $newsNum = $CONFIG->Frontpage->NewsItems; if (!is_numeric($newsNum) || $newsNum < 1 || $newsNum > 30) { $newsNum = 5; } $newsNum = 3; /* Retrive news objects */ if ($newsNum > 0) { $newsObj = Flow::retrieve('News', $newsNum, false, false, false, 0, true); } /* <<< New flowing design >>> */ foreach ($newsObj as $news) { $content .= $news->display('new'); } $mlForm = new Form('mailListForm'); $ml = $mlForm->quick(null, __('Send'), new Input('Email', 'mlmail')); $r = '<div id="intro"> <div class="lcol"><img src="' . $Templates->current->webdir . 'images/intro/IMG_0817.jpg" width="400" alt="Lihkoren" /></div> <div class="rcol"><p>Linköpings Studentsångarförening Lihkören är en manskör som verkar vid Linköpings universitet, under ledning av director musices Hans Lundgren. Kören bildades 1972 av studenter vid dåvarande Linköpings Högskola. Lihkören uttalas som det smakar. Kören framför främst nordisk och europeisk musik, delvis från den traditionella manskörsrepertoaren men även nyskriven musik. Glimten i ögat och den goda kontakten med publiken präglar konserterna.<br>Väl mött.</p></div> <img src="' . $Templates->current->webdir . 'images/rand_top.png" alt="pagesplit" class="pagesplit" /> </div> <div id="fbottom"> <div class="lcol"> <div class="lbox coming"><h1 class="icn-hdr"><span class="icn icn-coming"></span>' . __('Kommande händelser') . '</h1> <p>Kommande händelser i kalendern.</p> </div> <div class="lbox maillist"><h1 class="icn-hdr"><span class="icn icn-mail"></span>' . __('Nyhetsbrev') . '</h1> <p class="pre">Vill du få information om kommande konserter och andra arrangemang med Lihkören?</p> ' . $ml . ' <p>Du kommer då att få ett e-brev som du måste svara på för att bekräfta att du vill att informationen ska skickas till dig</p> </div> </div> <div class="rbox news"><h1 class="icn-hdr"><span class="icn icn-news"></span>' . __('Nyheter') . '</h1>' . $content . '<a href="/flowView?q=News">' . __('View all news') . '</a></div> </div>'; /* dump($Templates->current->webdir); */ $this->setContent('main', $r); $Templates->render(); }
function saveChanges() { $_REQUEST->setType('oldname', 'string'); $_REQUEST->setType('newname', 'string'); if ($_REQUEST['oldname'] && $_REQUEST['newname']) { if ($obj = $Controller->{$_REQUEST['oldname']}('MenuSection')) { if ($DB->aliases->exists(array('alias' => $_REQUEST['newname'], 'id!' => $obj->ID))) { Flash::create(__('Alias already in use')); } else { $obj->resetAlias($_REQUEST['newname']); $obj->template = $_REQUEST['template']; Flash::create(__('Section edited'), 'confirmation'); } } } }
/** * Contains actions and page view handling * @return void * @see solidbase/lib/Page#run() */ function run() { global $Templates, $USER, $DB, $CONFIG; /** * User input types */ $_REQUEST->setType('conf', 'string', true); if (!$this->may($USER, ANYTHING)) { errorPage(401); } if ($this->may($USER, EDIT)) { if ($_REQUEST['conf']) { $r = $DB->config->get(null, null, null, 'section,property'); while ($c = Database::fetchAssoc($r)) { $val = @$_REQUEST['conf'][$c['section']][$c['property']]; switch ($c['type']) { case 'CSV': $val = @explode(',', $val); case 'password': if ($c['type'] == 'password' && $val == '********') { continue 2; } case 'select': case 'set': case 'text': if ($val === false) { continue; } $CONFIG->{$c['section']}->{$c['property']} = $val; break; case 'check': $CONFIG->{$c['section']}->{$c['property']} = (int) isset($val); break; } } Log::write('Configuration changed', 2); Flash::create(__('The configuration was updated'), 'confirmation'); } } $this->setContent('header', 'Edit configuration'); $this->setContent('main', $this->viewAll()); $Templates->admin->render(); }
function run() { global $DB, $Templates; if (!$this->mayI(READ)) { errorPage(401); } $_REQUEST->setType('delsd', 'string'); $_REQUEST->setType('editsd', 'string'); $_POST->setType('sdname', 'string'); $_POST->setType('sdassoc', 'string'); if ($_POST['sdname']) { if ($_REQUEST['editsd']) { if ($DB->subdomains->update(array('subdomain' => $_POST['sdname'], 'assoc' => $_POST['sdassoc']), array('subdomain' => $_REQUEST['editsd']))) { Flash::create(__('Subdomain updated'), 'confirmation'); } else { Flash::create(__('Subdomain in use'), 'warning'); } } else { if ($DB->subdomains->insert(array('subdomain' => $_POST['sdname'], 'assoc' => $_POST['sdassoc']))) { Flash::create(__('New subdomain inserted'), 'confirmation'); } else { Flash::create(__('Subdomain in use'), 'warning'); } } } elseif ($_REQUEST['delsd'] && $this->mayI(EDIT)) { $DB->subdomains->delete(array('subdomain' => $_REQUEST['delsd'])); } $r = $DB->subdomains->get(false, false, false, 'subdomain'); $tablerows = array(); while (false !== ($subdomain = Database::fetchAssoc($r))) { $tablerows[] = new Tablerow($subdomain['subdomain'], $subdomain['assoc'], icon('small/delete', __('Delete subdomain'), url(array('delsd' => $subdomain['subdomain']), 'id')) . icon('small/pencil', __('Edit subdomain'), url(array('editsd' => $subdomain['subdomain']), 'id'))); } if ($_REQUEST['editsd']) { $sd = $DB->subdomains->getRow(array('subdomain' => $_REQUEST['editsd'])); $form = new Form('editSubdomain'); } else { $sd = false; $form = new Form('newSubdomain'); } $this->setContent('main', (!empty($tablerows) ? new Table(new Tableheader(__('Subdomain'), __('Associated with..'), __('Actions')), $tablerows) : '') . $form->set($_REQUEST['editsd'] ? new Hidden('editsd', $_REQUEST['editsd']) : null, new input(__('Subdomain'), 'sdname', @$sd['subdomain']), new input(__('Associate with'), 'sdassoc', @$sd['assoc'], false, __('ID or alias to associate with the subdomain')))); $Templates->render(); }
function saveChanges() { $_POST->setType('etitle', 'string'); $_POST->setType('etxt', 'string'); $_POST->setType('estart', 'any'); $_POST->setType('eend', 'any'); if (!$_POST['etitle']) { Flash::create(__('Please enter a title')); return; } if (!$_POST['etxt']) { Flash::create(__('Please enter a text')); return; } $this->that->Name = $_POST['etitle']; $this->that->Image = $_POST['eimg']; $this->that->setActive(Short::parseDateAndTime('estart'), Short::parseDateAndTime('eend', false)); $this->that->saveContent(array('Text' => $_POST['etxt'])); $Controller->forceReload($this->that); Flash::create(__('Your data was saved'), 'confirmation'); }
private function tryImportLDAP($username, $password) { global $CONFIG, $DB, $Controller; $ldapconn = ldap_connect($CONFIG->LDAP->bindurl); if (!(strstr($username, '*') === false)) { //Don't search for wildcards Flash::create(__('Ajabaja!'), 'warning'); return false; } if ($ldapconn) { // Bind (log in) to LDAP server if (ldap_bind($ldapconn, $CONFIG->LDAP->binddn, $CONFIG->LDAP->bindpw)) { //echo "LDAP bind successful...<br />\n"; $unameattr = $CONFIG->LDAP->unameattr; if (@empty($unameattr)) { $unameattr = 'cn'; } $storeattrs = $CONFIG->LDAP->storeattrs; if (@empty($storeattrs)) { // Not configured properly return false; } $filter = '(' . $unameattr . '=' . $username . ')'; $search = ldap_search($ldapconn, $CONFIG->LDAP->basedn, $filter, $storeattrs, 0, 1); // The last parameter is to limit search to 1 result returned if ($search) { // Found user $entry = @ldap_first_entry($ldapconn, $search); // Get DN from search result $dn = @ldap_get_dn($ldapconn, $entry); if (!$dn) { return false; } //echo 'Found ' . $dn . "\n"; // LiU programregistrering // FIXME: $CONFIG $filterattr = 'liuStudentProgramCode'; // Y-programregistrering // FIXME: $CONFIG $filterregexp = '/^[6t]cyy[yi]-[1-9]-[vh]t20[01][0-9]$/'; $attrs = @ldap_get_attributes($ldapconn, $entry); $user_ok = false; $userdata = array(); for ($i = 0; $i < $attrs['count']; $i++) { $attr_name = $attrs[$i]; for ($j = 0; $j < $attrs[$attr_name]['count']; $j++) { if ($attr_name == $filterattr) { if (preg_match($filterregexp, $attrs[$attr_name][$j])) { // User is okay to log in even though admin hasn't imported them from LDAP $user_ok = true; } } if (isset($userdata[$attr_name])) { if ($this->compareLDAP($attr_name, $userdata[$attr_name], $attrs[$attr_name][$j]) < 0) { $userdata[$attr_name] = $attrs[$attr_name][$j]; } } else { $userdata[$attr_name] = $attrs[$attr_name][$j]; } } } if (!$user_ok) { // User does not match the regexp, won't be allowed to log in. return false; } if (!array_key_exists($unameattr, $userdata) || !$userdata[$unameattr]) { dump($userdata); Flash::create(__('No username attribute value for: ') . $dn . ' unameattr: ' . $unameattr, 'warning'); return false; } // Don't unbind. /* http://php.net/manual/en/function.ldap-unbind.php * kmenard at wpi dot edu * 29-Nov-2001 07:47 * ldap_unbind kills the link descriptor. So, if you want to rebind * as another user, just bind again; don't unbind. * Otherwise, you'll have to open up a new connection. */ // Try to bind as the user account // @ to not print a big error message if the user entered the wrong password if (@ldap_bind($ldapconn, $dn, $password)) { regenerateSession(true); //echo 'Login successful'; $username = $userdata[$unameattr]; if ($DB->users->exists(array('username' => $username))) { // This can actually happen through a race condition if the same user tries to log in twice in parallel. Flash::create(__('BUG: Username already in use, try logging in again: ') . $username, 'warning'); return false; } Flash::create(__('Adding user: '******'confirmation'); if ($user = $Controller->newObj('User')) { $user->username = $username; $user->passwordhash = 'LDAP'; Log::write('Imported user \'' . $username . '\' (id=' . $user->ID . ') from LDAP through autoimport', 20); foreach ($userdata as $attr => $value) { if ($attr == $unameattr || $attr == 'userPassword') { continue; } $user->userinfo = array($attr => $value); } $user->userinfo = array('dn' => $dn); } else { Flash::create(__('Solidbase is broken! (unable to instantiate class User)'), 'warning'); return false; } $_SESSION['uid'] = $user->ID; $_SESSION['username'] = $username; $_SESSION['upwd'] = 'LDAP'; $_SESSION['loggedIn'] = time(); $_SESSION['lastLogin'] = time(); return $_SESSION['uid']; } else { //echo 'Login failed'; Flash::create(__('Wrong username or password'), 'warning'); return false; } } } else { //echo "LDAP bind failed..."; return false; } } else { // This will only happen if the ldap extension is broken // because OpenLDAP-2.x.x doesn't connect until the ldap_bind() call return false; } }
/** * In this function, most actions of the module are carried out and the page generation is started, distibuted and rendered. * @return void * @see solidbase/lib/Page#run() */ function run() { global $Templates, $USER, $CONFIG, $Controller, $DB; if (!$this->may($USER, READ | EDIT)) { errorPage('401'); return false; } /** * User input types */ $_REQUEST->setType('asave', 'any'); $_REQUEST->setType('view', 'string'); $_REQUEST->setType('edit', array('numeric', '#new#')); $_REQUEST->setType('del', 'numeric'); $_REQUEST->setType('lang', 'string'); $_POST->setType('atitle', 'string'); $_POST->setType('apubd', 'string'); $_POST->setType('apubt', 'string'); $_POST->setType('atxt', 'any'); $_POST->setType('apre', 'any'); if ($_REQUEST['del']) { if ($Controller->{$_REQUEST['del']} && $Controller->{$_REQUEST['del']}->delete()) { Flash::create(__('Article removed'), 'confirmation'); } } /** * Save newsitem */ do { $item = false; if ($_REQUEST['edit'] && $_REQUEST['asave']) { if (is_numeric($_REQUEST['edit'])) { $item = new Article($_REQUEST['edit'], $_REQUEST['lang']); if (!$item || !is_a($item, 'Article') || !$item->mayI(EDIT)) { Flash::create(__('Invalid article'), 'warning'); break; } } if (!$_POST['atitle']) { Flash::create(__('Please enter a title')); break; } if (!$_POST['atxt']) { Flash::create(__('Please enter a text')); break; } if ($_REQUEST['edit'] === 'new') { $item = $Controller->newObj('Article', $_REQUEST['lang']); $_REQUEST['edit'] = $item->ID; } if ($item) { $item->Name = $_POST['atitle']; $item->Publish = strtotime($_POST['apubd'] . ', ' . $_POST['apubt']); $item->saveContent(array('Preamble' => $_POST['apre'], 'Text' => $_POST['atxt'])); Flash::create(__('Your data was saved'), 'confirmation'); $_REQUEST->clear('edit'); $_POST->clear('atitle', 'apubd', 'apubt', 'atxt', 'apre'); } else { Flash::create(__('Unexpected error'), 'warning'); break; } } } while (false); /** * Here, the page request and permissions decide what should be shown to the user */ if (is_numeric($_REQUEST['edit'])) { $this->editView($_REQUEST['edit'], $_REQUEST['lang']); } else { $this->content = array('header' => __('Articles'), 'main' => $this->mainView()); } $Templates->admin->render(); }
function run() { global $Templates, $USER, $Controller, $DB, $CONFIG; if (!$this->may($USER, ANYTHING)) { errorPage('401'); } /** * Company input types */ $_REQUEST->setType('edit', array('numeric', '#^new$#')); $_REQUEST->setType('newCompanySubm', 'any'); $_REQUEST->setType('updCompanySubm', 'any'); $_REQUEST->setType('delCompany', 'numeric'); $_REQUEST->setType('compid', 'numeric'); $_REQUEST->setType('name', 'string'); $_REQUEST->setType('logo', 'string'); $_REQUEST->setType('url', 'string'); $_REQUEST->setType('redirect', 'any'); $_REQUEST->setType('weight', 'numeric'); $_REQUEST->setType('type', '#^(main|sub)$#'); $_REQUEST->setType('madd', 'numeric'); /** * Add a new company */ if ($this->may($USER, EDIT) && $_REQUEST['newCompanySubm']) { if (!$DB->companies->exists(array('name' => $_REQUEST['name'])) && $_REQUEST->nonempty('name')) { $comp = $Controller->newObj('Company'); $DB->companies->insert(array('id' => $comp->ID)); $comp->Name = $_REQUEST['name']; $comp->logo = $_REQUEST['logo']; $comp->URL = $_REQUEST['url']; if (isset($_REQUEST['redirect'])) { $comp->redirect = 1; } else { $comp->redirect = 0; } $comp->weight = $_REQUEST['weight']; $comp->type = $_REQUEST['type']; Flash::create(__('New company was registered'), 'confirmation'); /* Log::write('New company created'); */ } else { Flash::create(__('A Company with that name already exists'), 'warning'); } } elseif ($this->may($USER, EDIT) && $_REQUEST['updCompanySubm'] && $Controller->{$_REQUEST['compid']}('Company') !== false) { $comp = $Controller->{$_REQUEST['compid']}(OVERRIDE); if ($_REQUEST->valid('name')) { $comp->Name = $_REQUEST['name']; if ($_REQUEST->valid('logo')) { $comp->logo = $_REQUEST['logo']; if ($_REQUEST->valid('url')) { $comp->URL = $_REQUEST['url']; if ($_REQUEST->valid('weight')) { $comp->weight = $_REQUEST['weight']; if ($_REQUEST->valid('type')) { $comp->type = $_REQUEST['type']; if (isset($_REQUEST['redirect'])) { $comp->redirect = 1; } else { $comp->redirect = 0; } /* Log::write('Company('.$comp->name.') was updated'); */ Flash::create(__('Company was updated'), 'confirmation'); } else { Flash::create(__('Company type invalid'), 'warning'); } } else { Flash::create(__('Company weight must not be empty'), 'warning'); } } else { Flash::create(__('Company URL must not be empty'), 'warning'); } } else { Flash::create(__('Company logo must not be empty'), 'warning'); } } else { Flash::create(__('Company name must not be empty'), 'warning'); } } elseif ($_REQUEST['madd']) { if ($Controller->menuEditor->mayI(EDIT) && ($obj = $Controller->{$_REQUEST['madd']}('Company'))) { $obj->move('last'); redirect(url(array('id' => 'menuEditor', 'status' => 'ok'), false, false)); } } elseif ($_REQUEST->numeric('delCompany')) { if ($Controller->{$_REQUEST['delCompany']}(DELETE) && $Controller->{$_REQUEST['delCompany']}->delete()) { /* Log::write('Company was deleted'); */ Flash::create(__('Company was deleted')); } } /** * Display page */ if ($_REQUEST->valid('edit')) { $this->content = array('header' => $_REQUEST['edit'] == 'new' ? __('New company') : __('Edit company'), 'main' => $this->companyForm($_REQUEST['edit'])); } else { $this->content = array('header' => $this->Name, 'main' => $this->displayCompanies()); } $Templates->admin->render(); }
function saveFormData() { global $DB, $Controller, $USER; if (!$this->mayI(READ) || !$this->isActive('form')) { return false; } $_POST->setType('uform', 'string', true); if (!$_POST['uform']) { return false; } /* * Is there a limit to consider? */ if ($this->_Limit > 0) { if ($this->PostCount >= $this->_Limit) { Flash::create(__('Submissions has reached the limit'), 'warning'); return false; } } $r = $DB->formfields->get(array('id' => $this->ID)); $okay = array(); while (false !== ($field = Database::fetchAssoc($r))) { if (isset($_POST['uform'][$field['field_id']]) || in_array($field['type'], array('Checkbox', 'pCheckbox'))) { $value = ''; $Possible_Values = array_map('trim', explode(',', $field['value'])); if (in_array($field['type'], array('select', 'mselect', 'Radio')) || in_array($field['type'], array('Checkbox', 'pCheckbox')) && count($Possible_Values) > 1) { $key_hash = array_map('md5', $Possible_Values); $Possible_Values = array_combine($key_hash, $Possible_Values); $Legitimate_Values = array(); $fv = (array) $_POST['uform'][$field['field_id']]; foreach ($fv as $fd) { if (isset($Possible_Values[$fd])) { $Legitimate_Values[] = $Possible_Values[$fd]; } } $value = join(', ', $Legitimate_Values); } elseif (in_array($field['type'], array('pCheckbox', 'Checkbox'))) { $value = isset($_POST['uform'][$field['field_id']]); } elseif (!is_array($_POST['uform'][$field['field_id']])) { $value = $_POST['uform'][$field['field_id']]; } else { continue; } $okay['field_id'][] = $field['field_id']; $okay['value'][] = $value; } } if (!empty($okay)) { $duplicate = array(); foreach ($okay['field_id'] as $i => $fieldname) { $duplicate[] = "`field_id`='" . $fieldname . "' AND `value`='" . $okay['value'][$i] . "'"; } $okay['id'] = $this->ID; $okay['post_id'] = uniqid(); $okay['field_id'][] = 'poster'; $okay['value'][] = $USER->ID; if ($DB->getCell("SELECT MAX(`c`) FROM (SELECT COUNT(*) as `c` FROM (\n (SELECT `post_id` FROM `formdata` WHERE `id`='" . $this->ID . "' AND (`field_id`='poster' AND `value`='" . $DB->escape($USER->ID) . "')) as `t1`)\n LEFT JOIN formdata USING(`post_id`) WHERE ((" . implode(") OR (", $duplicate) . "))\nGROUP BY `post_id`) as `t2`") == count($duplicate)) { Flash::create(__('Duplicate submission')); } else { $okay['field_id'][] = 'posted'; $okay['value'][] = time(); $okay['field_id'][] = 'poster:ip'; $okay['value'][] = $_SERVER['REMOTE_ADDR']; $okay['field_id'][] = 'language'; $okay['value'][] = $this->loadedLanguage; $DB->formdata->insertMultiple($okay); Flash::create(__('We have received your submission'), 'confirmation'); ++$this->_PostCount; } } }
/** * (non-PHPdoc) * @see lib/Page#run() */ function run() { global $DB, $USER, $Controller, $Templates, $CONFIG; /** * User input types */ $_REQUEST->setType('del', 'numeric'); $_REQUEST->setType('fname', 'string'); $_REQUEST->setType('action', 'string'); $_REQUEST->setType('popup', 'string'); $_REQUEST->setType('filter', 'string'); $_REQUEST->setType('referrer', 'string'); $_REQUEST->addType('edit', 'numeric'); if ($_REQUEST['del'] && ($v = $Controller->{$_REQUEST['del']}(DELETE))) { $pid = @$this->Dir->ID; $v->delete(); Flash::create(__('The file/directory was deleted')); } $groups = $USER->groupIds; array_walk($groups, create_function('$id', 'Files::userDir($id);')); $r = ''; if ($Controller->{ADMIN_GROUP}(OVERRIDE)->isMember($USER)) { $objs = array($Controller->fileRoot); } else { $privilegeIDS = array_merge((array) $USER->ID, $USER->groupIds); $objs = array_merge($Controller->getClass('Folder', ANYTHING, false, false), $Controller->get($DB->{'spine,privileges'}->asList(array('spine.class' => 'File'), 'spine.id'), ANYTHING, false, false)); } $Folders = $Files = array(); foreach ($objs as $obj) { $p = $obj; while ($p = $p->Dir) { if (!$p->may($USER, READ)) { break; } elseif (isset($objs[$p->ID])) { continue 2; } } if (is_a($obj, 'Folder')) { if (!in_array($obj->filename, $this->ignore)) { $Folders[$obj->filename] = $obj; } } elseif (is_a($obj, 'File')) { $Files[$obj->filename] = $obj; } } if ($_REQUEST['popup']) { Head::add("function select(id) {try{window.opener.fileCallback(id,'{$_REQUEST['popup']}');} catch(err) {}window.close();}", 'js-raw'); } ksort($Folders); foreach ($Folders as $Folder) { $r .= $Folder->genHTML(); } if (!empty($Files)) { ksort($Files); Head::add($CONFIG->UI->jQuery_theme . '/jquery-ui-*', 'css-lib'); $r .= '<div class="ui-helper-reset ui-helper-clearfix ui-widget-header ui-corner-all"><span class="fixed-width">'; $r .= __('Files'); $r .= '</span></div>'; $r .= '<ul class="filetree">'; $i = 0; foreach ($Files as $cur) { if (!$cur->may($USER, READ)) { continue; } if ($_REQUEST['filter']) { switch ($_REQUEST['filter']) { case 'images': case 'documents': if (!in_array(strtolower($cur->extension), $CONFIG->extensions->{$_REQUEST['filter']})) { continue 2; } break; default: if (!stristr($cur->basename, $_REQUEST['filter'])) { continue 2; } } } $r .= '<li class="' . ($i % 2 ? 'odd' : 'even') . ' file ext_' . $cur->extension . '"><span class="fixed-width">'; if ($_REQUEST['popup']) { $r .= '<a href="javascript: select(' . $cur->ID . ');">'; } $r .= $cur->basename; if ($_REQUEST['popup']) { $r .= '</a>'; } $r .= '</span><div class="tools">' . ($cur->mayI(EDIT_PRIVILEGES) ? icon('small/key', __('Edit permissions'), url(array('id' => 'PermissionEditor', 'edit' => $cur->ID, 'referrer' => $this->ID), array('popup', 'filter'))) : '') . ($cur->mayI(EDIT) ? icon('small/door_in', __('Move'), url(array('id' => $cur->ID, 'referrer' => $this->ID), array('popup', 'filter'))) : '') . ($cur->mayI(DELETE) ? icon('small/delete', __('Delete'), url(array('del' => $cur->ID), array('id', 'popup', 'filter'))) : '') . icon('large/down-16', __('Download'), url(array('id' => $cur->ID, 'action' => 'download'), array('popup', 'filter'))) . '</div></li>'; $i++; } $r .= '</ul>'; } $this->setContent('header', __('Files and directories')); $this->setContent('main', $r); $t = 'admin'; if ($_REQUEST['popup']) { $t = 'popup'; } $Templates->{$t}->render(); }
/** * Display the page for managing installations * @see lib/Page#run() */ function run() { global $USER, $CONFIG, $Templates, $SITE, $Controller; if (!$this->may($USER, READ)) { return; } $_REQUEST->setType('place', 'numeric'); $_REQUEST->setType('parent', 'numeric'); $_REQUEST->setType('reinstall', 'string'); $_REQUEST->setType('new', 'string'); if ($this->mayI(EDIT)) { if ($_REQUEST['reinstall']) { $this->reinstall($_REQUEST['reinstall']); Flash::create($_REQUEST['reinstall'] . ' ' . __('was reinstalled')); } elseif ($_REQUEST['new']) { $class = $_REQUEST['new']; if (validInclude($class) && ($class == 'MenuItem' || @is_subclass_of($class, 'MenuItem')) && $Controller->menuEditor->mayI(EDIT)) { $obj = $Controller->newObj($class); $obj->move($_REQUEST['place'] ? $_REQUEST['place'] : 'last', $_REQUEST['parent']); Flash::queue(__('New') . ' ' . $class . ' ' . __('installed')); redirect(url(array('id' => 'menuEditor'))); } unset($class); } } $installed = $CONFIG->base->installed; $dir = 'plugins'; $fullpath = ROOTDIR . DIRECTORY_SEPARATOR . $dir; $entries = readDirFilesRecursive($fullpath, true); natcasesort($entries); $i = 0; $c = array(); foreach ($entries as $entry) { if (substr($entry, -4) == '.php') { $class = substr($entry, false, -4); $methods = class_exists($class) ? get_class_methods($class) : array(); $c[] = '<span class="fixed-width">' . $class . '</span><div class="tools">' . ($this->may($USER, EDIT) && (@in_array('installable', $methods) && @in_array('install', $methods) && call_user_func(array($class, 'installable')) == $class) ? icon('small/arrow_refresh_small', __('Reinstall'), url(array('reinstall' => $class), array('id'))) : '') . (($class == 'MenuItem' || @is_subclass_of($class, 'MenuItem')) && $Controller->menuEditor->may($USER, EDIT) ? icon('small/add', __('Add new instance to menu'), url(array('new' => $class), array('id'))) : '') . '</div>'; } } $this->setContent('header', __('Installer')); $this->setContent('main', listify($c)); $Templates->admin->render(); }
function move($newRow, $newPlace) { global $DB; if (!is_numeric($newRow) || !is_numeric($newPlace)) { return false; } if ($this->row == $newRow && $this->place == $newPlace) { return true; } $size = $DB->pagelayout->getCell(array('id!' => $this->ID, 'pid' => $this->page, 'row' => $newRow), "SUM(`size`)"); if ($size + $this->size > $this->maxcols) { Flash::create('Can\'t perform move! The box won\'t fit'); return false; } $length = $DB->pagelayout->count(array('pid' => $this->page, 'row' => $newRow)); if ($newPlace > $length) { $newPlace = $length; } $tonext = $this->row == $newRow && $this->place !== false && $newPlace == $this->place + 1; $DB->pagelayout->update(array('!!place' => '(`pagelayout`.`place`+1)'), array('pid' => $this->page, 'place>' . ($tonext ? '' : '=') => $newPlace, 'row' => $newRow), false, false); $DB->pagelayout->update(array('row' => $newRow, 'place' => $newPlace + $tonext), array('id' => $this->ID), true); if ($this->place !== false) { $DB->pagelayout->update(array('!!place' => '(`pagelayout`.`place`-1)'), array('pid' => $this->page, 'place>' => $this->place, 'row' => $this->row), false, false); } $this->place = $newPlace; $this->row = $newRow; return true; }
function saveChanges() { $changes = false; $_REQUEST->setType('delgroup', 'string'); $_REQUEST->setType('editGroup', 'any'); /** * Deletion of a group */ if ($_REQUEST['delgroup']) { if ($this->that->mayI(DELETE)) { $g = $Controller->{$_REQUEST['delgroup']}; if (is_a($g, 'Group')) { $this->that->delete(); Flash::queue(__('The group was deleted and all privileges were removed')); redirect(url()); } } } $_POST->setType('presentation', 'any'); if ($_POST['presentation']) { $this->saveContent(array('presentation' => $_POST['presentation'])); } $_REQUEST->setType('rem', 'numeric'); $_REQUEST->setType('add', 'numeric'); if ($_REQUEST['add']) { if ($this->that->addMember($_REQUEST['add'])) { if ($_REQUEST['nGM']) { Flash::create(__('Group added as subgroup')); } else { Flash::create(__('User added to group'), 'confirmation'); } } else { Flash::create(__('Action failed'), 'warning'); } } elseif ($_REQUEST['rem']) { if ($this->that->removeMember($_REQUEST['rem'])) { Flash::create(__('User removed from group'), 'confirmation'); } else { Flash::create(__('User could not be removed from group'), 'warning'); } } if ($_REQUEST['group_action'] && $_REQUEST['gid']) { if ($_REQUEST['group_action'] == 'reset_members') { if ($rgroup = $Controller->{$_REQUEST['gid']}('Group')) { $rgroup->resetMembers(); Flash::create(__('Members removed'), 'confirmation'); } } elseif ($_REQUEST['group_action'] == 'copy_members') { if (($from_group = $Controller->{$_REQUEST['gid']}('Group')) && ($to_group = $Controller->{$_REQUEST['copy_to_group']}('Group'))) { $to_group->addMembers($from_group->MEMBERS); Flash::create(__('Members copied'), 'confirmation'); } } } $_POST->setType('gtype', 'string'); $_POST->setType('gimage', 'numeric'); $_POST->setType('dispmembers', 'bool'); if ($_POST['gtype']) { $this->that->GroupType = $_POST['gtype']; $this->that->DisplayMembers = $_POST['dispmembers']; $this->that->Image = $_POST['gimage']; } }
function saveChanges() { if (!is_a($this->that, 'User')) { return null; } /** * Delete user */ if ($_REQUEST->numeric('del') && $this->that->mayI(DELETE)) { $Controller->{$_REQUEST['del']}(OVERRIDE)->delete(); Flash::queue(__('User was deleted')); redirect(url()); } global $Controller, $DB; $_POST->setType('username', 'string'); $_POST->setType('password1', 'string'); $_POST->setType('password2', 'string'); $_POST->setType('volgroups', 'numeric', true); $changes = false; /** * Save the user */ if ($_POST['username'] && $_POST['username'] != $this->that->username) { if ($DB->users->exists(array('username' => $_POST['username'], 'id!' => $this->that->ID))) { Flash::create(__('Username is already in use'), 'warning'); return false; } else { $user->username = $_POST['username']; $changes = true; } } if ($_POST['password1']) { if ($_POST['password1'] === $_POST['password2']) { $user->password = $_POST['password1']; $changes = true; } else { Flash::create(__("The passwords don't match. Try again"), 'warning'); return false; } } $vgs = (array) $_POST['volgroups']; $volkeys = $DB->{'spine,metadata'}->asList(array('spine.class' => 'Group', 'metadata.field' => 'GroupType', 'metadata.value' => array('vol', 'volpre')), 'spine.id'); $volgroups = $Controller->get($volkeys, OVERRIDE); asort($volgroups); /** * Save group data */ foreach ($volgroups as $vg) { if (in_array($vg->ID, $vgs)) { if ($vg->addMember($this->that)) { $changes = true; } } else { if ($vg->removeMember($this->that)) { $changes = true; } } } $changes = UInfoFields::save($this->that->ID) || $changes; $Controller->forceReload($this->that); if ($changes) { Flash::create(__('Your changes were saved')); } return $changes; }
/** * In this function, most actions of the module are carried out * and the page generation is started, distibuted and rendered. * @return void * @see solidbase/lib/Page#run() */ function run() { global $Templates, $USER, $CONFIG, $Controller, $DB; if (!$this->may($USER, READ | EDIT)) { errorPage('401'); return false; } /** * User input types */ $_REQUEST->setType('esave', 'any'); $_REQUEST->setType('view', 'string'); $_REQUEST->setType('edit', array('numeric', '#new#')); $_REQUEST->setType('del', 'numeric'); $_REQUEST->setType('lang', 'string'); $_POST->setType('einscal', 'any'); $_POST->setType('etitle', 'string'); $_POST->setType('activated', 'any'); $_POST->setType('eimg', 'numeric'); $_POST->setType('etxt', 'any'); $_POST->setType('eupdate', 'any'); $_POST->setType('flows', 'string', true); if ($_REQUEST['del']) { if ($Controller->{$_REQUEST['del']} && $Controller->{$_REQUEST['del']}->delete()) { Flash::create(__('Item removed'), 'confirmation'); } } /** * Save item */ do { $start = $stop = 0; $item = false; if ($_REQUEST['edit'] && $_REQUEST['esave']) { if (is_numeric($_REQUEST['edit'])) { $item = new NewsItem($_REQUEST['edit'], $_REQUEST['lang']); if (!$item || !is_a($item, 'FlowItem') || !$item->mayI(EDIT)) { Flash::create(__('Invalid item'), 'warning'); break; } } //FIXME: Further validation? if ($_POST['einscal']) { if (($start = Short::parseDateAndTime('cstart')) === false) { Flash::create(__('Invalid starttime'), 'warning'); break; } if (($stop = Short::parseDateAndTime('cend')) === false) { $stop = $start += 3600; } } if (!$_POST['etitle']) { Flash::create(__('Please enter a title')); break; } if (!$_POST['etxt']) { Flash::create(__('Please enter a text')); break; } if ($_REQUEST['edit'] === 'new') { $item = $Controller->newObj('FlowItem', $_REQUEST['lang']); $_REQUEST['edit'] = $item->ID; } if ($item) { $item->Name = $_POST['etitle']; $item->Image = $_POST['eimg']; $item->setActive(Short::parseDateAndTime('estart'), Short::parseDateAndTime('eend')); $item->Activated = isset($_POST['activated']); $item->saveContent(array('Text' => $_POST['etxt'])); if ($_POST['einscal']) { if ($item->Cal) { Calendar::editEvent($item->Cal, $_POST['etitle'], $_POST['etxt'], false, $start, $stop); } else { $item->Cal = Calendar::newEvent($_POST['etitle'], $_POST['etxt'], false, $start, $stop, 'News'); } } if (!$_POST['eupdate']) { foreach ($_POST['flows'] as $flow) { Flow::touch($item->ID, $flow); } } $Controller->forceReload($item); Flash::create(__('Your data was saved'), 'confirmation'); $_REQUEST->clear('edit'); $_POST->clear('einscal', 'etitle', 'etxt', 'cstart', 'cend', 'estart', 'eend', 'flows'); } else { Flash::create(__('Unexpected error'), 'warning'); break; } } } while (false); /** * Here, the page request and permissions decide what should be shown to the user */ if (is_numeric($_REQUEST['edit'])) { $this->editView($_REQUEST['edit'], $_REQUEST['lang']); } else { $this->content = array('header' => __('Flows'), 'main' => $this->mainView()); } $Templates->admin->render(); }
/** * Saves the user data as information about the user * @param $id * @return unknown_type */ function save($id) { global $Controller, $USER, $CONFIG; $_REQUEST->setType('uinfo', 'string', true); $user = $Controller->{(string) $id}(OVERRIDE); if (!$user || !$user->mayI(EDIT)) { return false; } $info = $user->userinfo; $uinfoFields = @$CONFIG->userinfo->Fields; if (!is_array($uinfoFields)) { $uinfoFields = array(); } $validData = $info; foreach ($uinfoFields as $name => $uf) { if ($uf['type'] == 'file') { if (!isset($_FILES['uinfo']['name'][$name]) || $_FILES['uinfo']['error'][$name]) { continue; } $ext = end(explode('.', $_FILES['uinfo']['name'][$name])); } elseif (@$_REQUEST['uinfo'][$name] == false && @$_REQUEST['uinfo'][$name] !== '' && @$_REQUEST['uinfo'][$name] !== '0') { continue; } switch ($uf['type']) { case 'file': if ($uf['type'] == 'file') { if (!in_array($ext, $CONFIG->Files->filter)) { Flash::create(__('Invalid file type')); break; } if (!is_dir($path = self::rootDir() . '/UInfoFiles')) { mkdir($path, '0770'); } } $filename = $id . '_' . time() . '.' . $ext; if (isset($info[$name]) && is_numeric($info[$name]) && is_a($f = $Controller->{$info[$name]}, 'File')) { if ($_FILES['uinfo']['error'][$name] == UPLOAD_ERR_OK) { $f->delete(); } } $fpath = $path . '/' . $filename; if ($_FILES['uinfo']['error'][$name] !== UPLOAD_ERR_OK || !move_uploaded_file($_FILES['uinfo']['tmp_name'][$name], $fpath)) { Flash::create(__('There was a problem with the file upload'), 'warning'); continue; } else { $file = new File($fpath); } $validData[$name] = $file->ID; break; default: $validData[$name] = $_REQUEST['uinfo'][$name]; } } $user->userinfo = $validData; }
/** * Save a new comment * @return bool */ function save() { global $DB, $ID, $USER, $CURRENT, $CONFIG; $_POST->setType('commentbody', 'any'); $_POST->setType('author', 'string'); if ($USER->ID === NOBODY) { if ($CONFIG->comments->CAPTCHA_for_guests && !reCAPTCHA::verify()) { Flash::create(__('CAPTCHA verification failed'), 'warning'); return false; } $ctype = $CONFIG->comments->guest_comments; } else { $ctype = $CONFIG->comments->user_comments; } if ($ctype == 'none') { return false; } $DB->comments->insert(array('id' => $ID, 'comment' => $_POST['commentbody'], 'author' => $_POST['author'] && $USER->ID === NOBODY ? $_POST['author'] : $USER->ID, 'ip' => $_SERVER['REMOTE_ADDR'], 'authd_by' => $CURRENT->mayI(EDIT) ? $USER->ID : ($ctype == 'review' ? 0 : $USER->ID), 'created' => time())); $_POST->clear('commentbody', 'author'); return true; }
function run() { if (!$this->mayI(READ | EDIT)) { return false; } global $USER, $Controller, $DB, $Templates, $SITE; $_POST->setType('newMail', 'numeric'); $_POST->setType('from', 'numeric'); $_POST->setType('recipients', 'numeric', true); $_POST->setType('subject', 'string'); $_POST->setType('message', 'any'); $_POST->setType('personal', 'string'); $_POST->setType('sendd', 'string'); $_POST->setType('sendt', 'string'); $_REQUEST->setType('to', 'numeric'); $_REQUEST->setType('eedit', 'numeric'); $_REQUEST->setType('edelete', 'numeric'); $_POST->setType('save', 'string'); $_POST->setType('approve', 'string'); $_POST->setType('continue', 'string'); $_POST->setType('saveac', 'string'); $_POST->setType('bypass', 'any'); if ($_REQUEST['eedit']) { if ($_POST['save'] || $_POST['saveac']) { $msg = $DB->massmail->getRow(array('msg_id' => $_REQUEST['eedit'])); if ($msg && ($msg['author'] == $USER->ID || $this->mayI(EDIT))) { if ($_POST->valid('recipients', 'subject', 'message')) { $approved = $_POST['approve'] && $this->mayI(EDIT); $DB->massmail->update(array('author' => $USER->ID, '#!written' . ($_REQUEST['save'] ? '' : 'NO_INSERT') => 'UNIX_TIMESTAMP()', 'from' => $_POST['from'], 'recipients' => $_POST['recipients'], 'subject' => $_POST['subject'], 'message' => $_POST['message'], 'personal' => $_POST['personal'] ? 'yes' : 'no', 'approved' => $approved ? $USER->ID : '0', 'send' => strtotime($_POST['sendd'] . ' ' . $_POST['sendt']), 'override_membercheck' => $_POST['bypass'] && $Controller->{(string) ADMIN_GROUP}(OVERRIDE)->isMember($USER)), array('msg_id' => $msg['msg_id'])); if (!($_POST['personal'] || $approved || $Controller->{(string) ADMIN_GROUP}(OVERRIDE)->isMember($USER))) { new Notification(__('New email'), __('A new email has been queued on ') . url(array('id' => 'mailer')), $Controller->{ADMIN_GROUP}(OVERRIDE)); } $_POST->clear('newMail', 'from', 'recipients', 'subject', 'message', 'personal', 'send', 'bypass'); if ($_POST['save']) { Flash::create(__('Changes were saved'), 'confirmation'); } else { Flash::create(__('Email saved and queued for sending'), 'confirmation'); } $_POST->clear('from', 'recipients', 'subject', 'message', 'personal', 'send'); } else { Flash::create(__('Invalid email. Please try again'), 'warning'); } } } if (($_POST['saveac'] || $_POST['continue']) && $this->mayI(EDIT)) { if ($_POST['continue']) { $_POST->clear('from', 'recipients', 'subject', 'message', 'personal', 'send'); } $_REQUEST['eedit'] = $DB->massmail->getCell(array('approved' => '0', 'personal' => 'no', 'msg_id!' => $_REQUEST['eedit']), 'msg_id', 'written ASC'); } elseif ($_POST['save']) { $_REQUEST->clear('eedit'); } } elseif ($_REQUEST['edelete']) { $msg = $DB->massmail->getRow(array('msg_id' => $_REQUEST['edelete'])); if ($msg && ($msg['author'] == $USER->ID || $this->mayI(DELETE))) { $DB->massmail->delete(array('msg_id' => $msg['msg_id'])); Flash::create(__('Email deleted'), 'warning'); } unset($msg); } if ($_POST['newMail']) { if ($_POST->validNotEmpty('recipients', 'subject', 'message')) { $approved = $_POST['approve'] && $this->mayI(EDIT); $DB->massmail->insert(array('author' => $USER->ID, '#!written' => 'UNIX_TIMESTAMP()', 'from' => $_POST['from'], 'recipients' => $_POST['recipients'], 'subject' => $_POST['subject'], 'message' => $_POST['message'], 'personal' => $_POST['personal'] ? 'yes' : 'no', 'approved' => $approved ? $USER->ID : '0', 'send' => $_POST['send'] ? strtotime($_POST['send']) : time(), 'override_membercheck' => $_POST['bypass'] && $Controller->{(string) ADMIN_GROUP}(OVERRIDE)->isMember($USER))); if (!($_POST['personal'] || $approved || $Controller->{(string) ADMIN_GROUP}(OVERRIDE)->isMember($USER))) { new Notification(__('New email'), __('A new email has been queued on ') . url(array('id' => 'mailer')), $Controller->{ADMIN_GROUP}(OVERRIDE)); } $_POST->clear('newMail', 'from', 'recipients', 'subject', 'message', 'personal', 'send', 'bypass'); if ($this->mayI(EDIT)) { if ($_REQUEST['approve']) { Flash::create(__('Email saved and approved for sending'), 'confirmation'); } else { Flash::create(__('Email saved'), 'confirmation'); } } else { Flash::create(__('Email has been queued for approval'), 'confirmation'); } } else { Flash::create(__('Invalid email. Please try again'), 'warning'); } } $recipients = $Controller->get($DB->spine->asList(array('class' => 'Group'), 'id'), OVERRIDE); foreach ($recipients as &$name) { $name = $name->Name; } asort($recipients); if ($_REQUEST['eedit']) { $msg = $DB->massmail->getRow(array('msg_id' => $_REQUEST['eedit'])); } if ($_REQUEST['eedit'] && $msg && ($msg['author'] == $USER->ID || $this->mayI(EDIT))) { if ($msg['sent']) { $this->setContent('header', $msg['subject']); $r = '<div class="nav"><a href="' . url(null, 'id') . '">' . icon('small/arrow_left') . __('Back') . '</a></div>' . '<ul>' . '<li><span class="label">' . __('Author') . ': </span>' . $Controller->{$msg['author']}->link() . '</li>' . '<li><span class="label">' . __('From') . ': </span>' . ($msg['from'] ? $Controller->{$msg['from']} : __('Default')) . '</li>' . '<li><span class="label">' . __('Recipients') . ': </span>'; $recipients = $Controller->get($msg['recipients']); $recs = array(); foreach ($recipients as $re) { $recs[] = $re->link(); } $r .= join(', ', $recs) . '</li>' . '<li><span class="label">' . __('Sent') . ': </span>' . strftime('%e/%l, %R', $msg['sent']) . '</li>' . '<li><span class="label">' . __('Subject') . ': </span>' . $msg['subject'] . '</li>' . '<li><span class="label">' . __('Message') . ': </span><div class="message">' . $msg['message'] . '</div></li>' . '</ul>'; $this->setContent('main', $r); } else { $valid_senders = false; if ($Controller->{ADMIN_GROUP}(OVERRIDE)->isMember($USER)) { $g = $Controller->getClass('Group', OVERRIDE, false, false); } elseif ($msg['author'] != $USER->ID && ($author = $Controller->{$msg['author']}('User'))) { $g = $author->groups + $USER->groups; } else { $g = $USER->groups; } $valid_senders = array(); foreach ($g as $gr) { if ($gr->getEmail()) { $valid_senders[$gr->ID] = $gr->Name; } } asort($valid_senders); unset($valid_senders[EVERYBODY_GROUP]); unset($valid_senders[MEMBER_GROUP]); JS::loadjQuery(false); Head::add('$(function(){$(\'#recslide\').css("cursor", "pointer").toggle(function(){$(\'#recipients\').animate({height: 200}, 500)},function(){$(\'#recipients\').animate({height: 50}, 500)});});', 'js-raw'); $eform = new Form('editMail', url(null, 'id'), false); $this->setContent('header', __('Edit email: ') . $msg['subject']); $recip = @$msg['recipients'][0] ? $Controller->{$msg['recipients'][0]}(OVERRIDE, 'Page') : false; $this->setContent('main', '<div class="nav"><a href="' . url(null, 'id') . '">' . icon('small/arrow_left') . __('Back') . '</a></div>' . $eform->set(new Hidden('eedit', $_REQUEST['eedit']), $msg['approved'] && !$this->mayI(EDIT) ? __('This email has been approved for sending. If you edit it, the approval will be lost.') : null, new Select(__('From'), 'from', $valid_senders, $_POST['from'] ? $_POST['from'] : $msg['from'], false, __('Default')), is_a($recip, 'Group') ? new FormText(__('Recipients'), new Hidden('recipients[]', $msg['recipients']) . __('Posters on') . ': ' . $recip->link()) : new Select(__('Recipients'), 'recipients', $recipients, $_POST['recipients'] ? $_POST['recipients'] : $msg['recipients'], true, false, 'notempty'), new Input(__('Subject'), 'subject', $_POST['subject'] ? $_POST['subject'] : $msg['subject']), new HTMLField(__('Message'), 'message', $_POST['message'] ? $_POST['message'] : $msg['message']), new Li(new Datepicker(__('Send'), 'sendd', $_POST['sendd'] ? $_POST['sendd'] : date('Y-m-d', $msg['send'])), new Timepickr(false, 'sendt', $_POST['sendt'] ? $_POST['sendt'] : date('h:i', $msg['send']))), new Checkbox(__('Personal draft'), 'personal', ($_POST['personal'] ? $_POST['personal'] : $msg['personal']) === 'yes'), new Checkbox(__('Approve'), 'approve', $_POST['approve'] ? $_POST['approve'] > 0 : $msg['approved'] > 0), $Controller->{(string) ADMIN_GROUP}(OVERRIDE)->isMember($USER) ? new Checkbox(__('Bypass member check'), 'bypass', $_POST['bypass'] ? $_POST['bypass'] > 0 : $msg['override_membercheck'] > 0) : null, new Li(new Submit(__('Save'), 'save'), $this->mayI(EDIT) ? new Submit(__('Save and continue'), 'saveac') : null, $this->mayI(EDIT) ? new Submit(__('Continue'), 'continue') : null))); } } else { if ($Controller->{ADMIN_GROUP}(OVERRIDE)->isMember($USER)) { $g = $Controller->getClass('Group', OVERRIDE, false, false); } else { $g = $USER->groups; } $valid_senders = array(); foreach ($g as $gr) { if ($gr->getEmail()) { $valid_senders[$gr->ID] = $gr->Name; } } asort($valid_senders); unset($valid_senders[EVERYBODY_GROUP]); unset($valid_senders[MEMBER_GROUP]); JS::loadjQuery(false); $nform = new Form('newMail', url(null, array('id', 'to'))); $this->setContent('header', __('Email')); $o = $_REQUEST['to'] ? $Controller->{$_REQUEST['to']}(EDIT, 'Page') : false; $this->setContent('main', new Tabber('mail', new EmptyTab(__('New mail'), $nform->set($valid_senders ? new Select(__('From'), 'from', $valid_senders, $_POST['from'], false, __('Default')) : new Hidden('from', ""), $_REQUEST['to'] && $o ? new FormText(__('Recipients'), new Hidden('recipients[]', $_REQUEST['to']) . __('Posters on') . ': ' . $o->link()) : new Select(__('Recipients'), 'recipients', $recipients, $_POST['recipients'], true, false, 'notempty'), new Input(__('Subject'), 'subject', $_POST['subject'], 'required'), new HTMLField(__('Message'), 'message', $_POST['message']), new Li(new Datepicker(__('Send'), 'sendd', $_POST['sendd']), new Timepickr(false, 'sendt', $_POST['sendt'])), new Checkbox(__('Personal draft'), 'personal', $_POST['personal']), $Controller->{(string) ADMIN_GROUP}(OVERRIDE)->isMember($USER) ? new Checkbox(__('Bypass member check'), 'bypass', $_POST['bypass']) : null, $this->mayI(EDIT) ? new Checkbox(__('Approve'), 'approve', $_REQUEST['approve'] > 0) : null)), new Tab(__('Personal drafts'), $this->listEmails('personal')), new Tab(__('Manage emails'), $this->listEmails()), $this->mayI(EDIT) ? new Tab(__('Approve'), $this->listEmails('new')) : null)); } $Templates->render(); }
/** * Generates an overview over the permissions granted to a given user or group * @param integer $id ID of the user or group * @return string */ private function overview($id) { global $Controller, $DB, $USER; $a = $Controller->{$id}; if (is_a($a, 'User') || is_a($a, 'Group')) { if ($_REQUEST->valid('pdel')) { if ($Controller->{$_REQUEST['pdel']}->mayI(EDIT_PRIVILEGES)) { if ($DB->privileges->delete(array('id' => $_REQUEST['pdel'], 'beneficiary' => $id))) { Flash::create(__('Privilege deleted'), 'warning'); } } } elseif ($_POST['updatePrivileges'] && $_REQUEST['ovp']) { $priv = $DB->privileges->asList(array('benefittor' => $id), 'id'); foreach ($priv as $pid) { if ($o = $Controller->{(string) $pid}(EDIT_PRIVILEGES)) { $privileges = @$_POST['privileges'][$pid]; $access = 0; if (isset($privileges['read'])) { $access |= READ; } if (isset($privileges['edit'])) { $access |= EDIT; } if (isset($privileges['ep'])) { $access |= EDIT_PRIVILEGES; } if (isset($privileges['del'])) { $access |= DELETE; } if (isset($privileges['pub'])) { $access |= PUBLISH; } $DB->privileges->update(array('privileges' => $access), array('id' => $pid, 'beneficiary' => $id)); Flash::create(__('Privileges updated')); } } } $r = '<div class="nav"><a href="' . url(null, 'id') . '">' . icon('small/arrow_left') . __('Back to overview') . '</a>' . (is_a($a, 'Page') ? '<a href="' . url(array('id' => $a->ID)) . '">' . icon('small/arrow_left') . __('To page') . '</a>' : '') . '</div>'; $r .= '<form action="' . url(null, array('id', 'view')) . '" method="post">' . '<fieldset><legend>' . __('Permissions for') . ' ' . $a . '</legend><input type="hidden" name="ovp" value="1" />' . '<table cellpadding="0" cellspacing="0" border="0" class="privilegeList">' . '<thead>' . '<tr>' . '<th width="10">' . __('Delete') . '</th>' . '<th width="*">' . __('Resource') . '</th>' . '<th width="20">' . icon('small/eye', __('Read')) . '</th>' . '<th width="20">' . icon('small/page_edit', __('Edit')) . '</th>' . '<th width="20">' . icon('small/thumb_up', __('Publish')) . '</th>' . '<th width="20">' . icon('small/key', __('Edit privileges')) . '</th>' . '<th width="20">' . icon('small/delete', __('Delete')) . '</th>' . '</tr>' . '</thead>' . '<tbody>'; $m = $DB->privileges->get(array('beneficiary' => $id), 'id,privileges'); while ($row = Database::fetchAssoc($m)) { if ($obj = $Controller->{$row['id']}) { $r .= ' <tr> <td><a href="' . url(array('pdel' => $row['id']), array('id', 'edit', 'view')) . '">' . icon('small/delete') . '</a></td> <td>' . $obj . '</td> <td align="center"><input name="privileges[' . $row['id'] . '][read]" type="Checkbox" class="Checkbox"' . ($m['privileges'] & READ > 0 ? ' checked="checked"' : '') . ' /></td> <td align="center"><input name="privileges[' . $row['id'] . '][edit]" type="Checkbox" class="Checkbox"' . ($m['privileges'] & EDIT > 0 ? ' checked="checked"' : '') . ' /></td> <td align="center"><input name="privileges[' . $row['id'] . '][pub]" type="Checkbox" class="Checkbox"' . ($m['privileges'] & PUBLISH > 0 ? ' checked="checked"' : '') . ' /></td> <td align="center"><input name="privileges[' . $row['id'] . '][ep]" type="Checkbox" class="Checkbox"' . ($m['privileges'] & EDIT_PRIVILEGES > 0 ? ' checked="checked"' : '') . ' /></td> <td align="center"><input name="privileges[' . $row['id'] . '][del]" type="Checkbox" class="Checkbox"' . ($m['privileges'] & DELETE > 0 ? ' checked="checked"' : '') . ' /></td> </tr>'; } } $r .= ' </tbody> <tfoot> <tr> <td colspan="6"><input type="submit" name="updatePrivileges" value="' . __('Update') . '" /></td> </tr> </tfoot> </table></fieldset>'; $r .= '</form>'; return $r; } else { return __('No permission overview available'); } }
private function saveChanges() { global $Controller, $USER; $_REQUEST->setType('stpl', 'string'); $_REQUEST->setType('newName', 'string'); $_REQUEST->setType('page', 'numeric'); $_REQUEST->setType('where', '/below|child/'); $_REQUEST->setType('to', 'numeric'); $_REQUEST->setType('action', 'string'); /** * Delete menusection */ if ($_REQUEST['delete'] && $this->mayI(DELETE)) { $obj = $Controller->{$_REQUEST['delete']}; if ($DB->menu->exists(array('parent' => $_REQUEST['delete']))) { Flash::queue(__('Section not empty'), 'warning'); } else { if ($obj) { $obj->deleteFromMenu(); } Flash::queue(__('Menu item removed'), 'warning'); } } /** * Create a new section */ if ($_REQUEST['newName']) { if ($DB->aliases->exists(array('alias' => $_REQUEST['newName']))) { Flash::queue(__('Alias already in use')); } else { $obj = $Controller->newObj('MenuSection'); $obj->alias = $_REQUEST['newName']; $obj->template = $_REQUEST['stpl']; $obj->move('last', $_REQUEST['section'] ? $_REQUEST['section'] : 0); Flash::create(__('New section created'), 'confirmation'); } } /** * Create new page */ if ($_POST['action'] == 'newpage') { $newObj = $Controller->newObj('Page'); $newObj->Name = __('New page'); $_REQUEST['page'] = $newObj->ID; } /** * Move an item */ if ($_REQUEST['page'] && $_REQUEST['where'] && $_REQUEST['to']) { $obj = $Controller->{$_REQUEST['page']}; if ($obj) { $ruler = $this->getParent($obj); if ($ruler->mayI(EDIT)) { // May edit source parent $to = $Controller->{$_REQUEST['to']}; if ($_REQUEST['where'] == 'below') { $parent = $this->getParent($to); } else { $parent = $to; } if ($parent->mayI(EDIT)) { // May edit target if ($_REQUEST['where'] == 'below') { $obj->move($to->place() + 1, $parent); } else { $obj->move(0, $parent); } } } } } }
/** * Returns the ID which granted clearance to perform a booking * @param $from Starting time of booking * @param $duration How long the booking lasts * @param $who Who should be debited * @return int ID of the user, or 0 if not yet cleared and false if not allowed to book */ function getClearance($from, $duration, $who = false) { global $USER, $Controller, $DB; if (!$who) { $who = $USER; } if (!is_object($who)) { $who = $Controller->{(string) $who}; } if (!is_a($who, 'User') && !is_a($who, 'Group')) { return false; } if (is_a($who, 'User')) { $booking_timelimit = $who->settings['booking_timelimit']; if ($booking_timelimit == '') { $booking_timelimit = $Controller->{(string) MEMBER_GROUP}(OVERRIDE)->settings['booking_timelimit']; } } if ($booking_timelimit == 0) { Flash::create(__('Booking not allowed'), 'warning'); return false; } /* Is the user allowed to book this far in the future? */ if ($who->settings['booking_advance_limit']) { if ($from + $duration > time() + $who->settings['booking_advance_limit'] * 86400) { Flash::create(__('Booking to far'), 'warning'); return false; } } /* Has the user got any time left to use? */ if ($booking_timelimit > 0) { $total_booked_time = $DB->getCell("SELECT SUM( `duration` ) as `total_time` FROM `booking_bookings` WHERE (`booked_by` = '" . Database::escape($who->ID) . "' OR `booked_for` == '" . Database::escape($who->ID) . "') AND `starttime`+`duration` > UNIX_TIMESTAMP() GROUP BY `b_id`", 'total_time'); if ($total_booked_time + $duration > $booking_timelimit * 3600) { Flash::create(__('Not enough time left'), 'warning'); return false; } } if ($this->mayI(EDIT) || $who->settings['booking_confirmation']) { return $USER->ID; } else { return 0; } }
/** * Make sure the session hasn't been hijacked * @return bool * @todo Salt? */ function checkSession() { if (sha1(md5($_SERVER['REMOTE_ADDR'] . 'ahsh') . md5($_SERVER['HTTP_USER_AGENT'] . 'afke')) != @$_SESSION['fingerprint']) { Flash::create('Session check failed'); return false; } if (mt_rand(1, 20) == 1) { regenerateSession(); } return true; }
/** * Most actions of the module are here, along with the pageview logic * and template rendering */ function run() { global $Controller, $USER, $DB; /** * User input types */ $_REQUEST->setType('LinkEditorForm', 'any'); $_REQUEST->setType('save', 'any'); $_REQUEST->setType('status', 'string'); $_REQUEST->setType('target', 'string'); $_REQUEST->setType('title', 'string'); $_REQUEST->setType('desc', 'string'); $_REQUEST->setType('alias', 'string'); $_REQUEST->addType('lnedit', array('numeric', '#^new$#')); $_REQUEST->setType('parent', 'numeric'); if ($this->may($USER, READ)) { if (!$_REQUEST->valid('lnedit')) { $this->content = array('header' => __('An error has occurred'), 'main' => __('An error has occurred')); } else { if ($_REQUEST['lnedit'] !== 'new') { $link = $Controller->{$_REQUEST['lnedit']}(EDIT); if (get_class($link) !== 'Link') { return false; } } if ($_REQUEST['lnedit'] == 'new' && $Controller->menuEditor->mayI(EDIT) || $link->may($USER, EDIT)) { /** * Save changes */ if ($_REQUEST['save'] && $_REQUEST['LinkEditorForm']) { if ($_REQUEST->nonempty('title')) { if ($_REQUEST['lnedit'] === 'new') { $link = $Controller->newObj('Link'); } $link->Name = $_REQUEST['title']; $link->link = $_REQUEST['target']; $link->description = $_REQUEST['desc']; $link->resetAlias(array_map('trim', explode(',', $_REQUEST['alias']))); if ($_REQUEST['lnedit'] == 'new' || $_REQUEST['parent'] && $_REQUEST['place']) { $link->move($_REQUEST['place'] ? $_REQUEST['place'] : 'last', $_REQUEST['parent']); } Flash::create(__('Your changes have been saved'), 'confirmation'); if ($_REQUEST['lnedit'] == 'new') { redirect(url(array('id' => 'menuEditor', 'status' => 'ok', 'section' => $_REQUEST['parent']))); } } else { Flash::create(__('Title must not be empty'), 'warning'); } } /** * Pageview logic */ if ($_REQUEST['lnedit'] == 'new') { $this->content = array('header' => __('New link'), 'main' => $this->editor('new')); } else { $this->content = array('header' => __('Editing link') . ": " . $link, 'main' => $this->editor($link)); } } else { errorPage('401'); } } global $Templates; $Templates->admin->render(); } }
/** * Searches the LDAP directory for users matching the attr value pair and * inserts the results into the userimport table. */ protected function searchLDAP($attr, $value) { global $DB, $CONFIG; $ldapconn = ldap_connect($CONFIG->LDAP->bindurl); $storeattrs = $CONFIG->LDAP->storeattrs; $table = $DB->{self::$DBTable}; if ($ldapconn) { // Bind (log in) to LDAP server if (ldap_bind($ldapconn, $CONFIG->LDAP->binddn, $CONFIG->LDAP->bindpw)) { $filter = '(' . $attr . '=' . $value . ')'; //echo $filter; $search = ldap_search($ldapconn, $CONFIG->LDAP->basedn, $filter, $storeattrs, 0, $this->ldapMaxResults); if ($search) { $searchcount = ldap_count_entries($ldapconn, $search); //$result = ''; if ($searchcount > 0) { Flash::create('Found ' . $searchcount . ' results', 'confirmation'); // Found users $entry = ldap_first_entry($ldapconn, $search); do { // Get DN from search result $dn = ldap_get_dn($ldapconn, $entry); //$result .= $dn.":\n"; if (!$table->exists(array('dn~' => $dn))) { $insertvalues = array(); $attrs = ldap_get_attributes($ldapconn, $entry); for ($i = 0; $i < $attrs['count']; $i++) { $attr_name = $attrs[$i]; for ($j = 0; $j < $attrs[$attr_name]['count']; $j++) { //$result .= " $attr_name: ".$attrs[$attr_name][$j]."\n"; $insertvalues[] = array('dn' => $dn, 'attribute' => $attr_name, 'value' => $attrs[$attr_name][$j]); } } if ($table->insertMultipleRows($insertvalues, false, false, true)) { //Flash::create("Found: $dn\n", 'confirmation'); } else { Flash::create("Error inserting into userimport!!!\n dn: {$dn}\n", 'warning'); } } } while (($entry = ldap_next_entry($ldapconn, $entry)) !== false); //echo 'Found ' . $dn . "\n"; //Flash::create($result, 'confirmation'); } else { Flash::create('No results', 'warning'); } } else { Flash::create('Search error', 'warning'); } } else { //echo "LDAP bind failed..."; Flash::create('Bind failed', 'warning'); return false; } } else { // This will only happen if the ldap extension is broken // because OpenLDAP-2.x.x doesn't connect until the ldap_bind() call Flash::create('LDAP is broken, fix your PHP!', 'warning'); return false; } }