public function actionSend($name = null)
{
if (defined('DISABLE_MESSAGING') && DISABLE_MESSAGING) {
throw new Lvc_Exception('Messaging disabled', 404);
}
$active_user = User::require_active_user();
$this->setLayoutVar('active_user', $active_user);
if (is_null($name)) {
throw new Lvc_Exception('Null username on send action');
}
if ($user = User::find(array('name' => $name))) {
if (!empty($this->post['submit'])) {
$subject = $this->post['subject'];
$body = $this->post['body'];
$result = Message::send($user, $subject, $body, $active_user);
if ($result['status']) {
Flash::set('success', $result['message']);
$this->redirect('/message/inbox');
die;
} else {
Flash::set('failure', $result['message']);
}
$this->setVar('subject', $subject);
$this->setVar('body', $body);
}
$this->setVar('to_user', $user);
} else {
throw new Lvc_Exception('User Not Found: ' . $name);
}
}
private function _add($template)
{
$data = $this->request->post();
$this->auto_render = FALSE;
if (empty($data['status'])) {
$data['status'] = Model_Email_Template::INACTIVE;
}
Flash::set('post_data', $data);
$template->values($data);
try {
if ($template->create()) {
Kohana::$log->add(Log::INFO, 'Template :template has been added by :user', array(':template' => HTML::anchor(Route::get('email_controllers')->uri(array('controller' => 'templates', 'action' => 'edit', 'id' => $template->id)), $template->subject)))->write();
Messages::success(__('Email template has been saved!'));
Observer::notify('email_templates_add', $template);
}
} catch (ORM_Validation_Exception $e) {
Messages::errors($e->errors('validation'));
$this->go_back();
}
// save and quit or save and continue editing?
if ($this->request->post('commit') !== NULL) {
$this->go(Route::get('email_controllers')->uri(array('controller' => 'templates')));
} else {
$this->go(Route::get('email_controllers')->uri(array('controller' => 'templates', 'action' => 'edit', 'id' => $template->id)));
}
}
private function _add(ORM $page)
{
$page_data = $this->request->post('page');
// Сохраняем полученые данные в сесиию
Flash::set('page::add::data', $page_data);
// Создаем новую страницу
try {
$page = $page->values($page_data)->create();
// Если есть права на управление ролями
if (ACL::check('page.permissions')) {
$page->save_permissions($this->request->post('page_permissions'));
}
Messages::success(__('Page has been saved!'));
Flash::clear('page::add::data');
} catch (ORM_Validation_Exception $e) {
Messages::errors($e->errors('validation'));
$this->go_back();
} catch (Kohana_Exception $e) {
Messages::errors(__('Something went wrong!'));
$this->go_back();
}
// save and quit or save and continue editing ?
if ($this->request->post('commit') !== NULL) {
$this->go();
} else {
$this->go(array('action' => 'edit', 'id' => $page->id));
}
}
public function update_event()
{
if (!isset($_POST['save'])) {
Flash::set('error', __('Could not update this event!'));
} else {
use_helper('Kses');
/* Prepare the data */
$data = $_POST['event'];
if (isset($data['id'])) {
$data['id'] = kses(trim($data['id']), array());
}
$event = new CalendarEvent();
if (isset($data['id'])) {
$event->id = $data['id'];
$event->created_by_id = $data['created_by_id'];
}
$event->title = $data['title'];
$event->date_from = $data['date_from'];
$event->date_to = $data['date_to'];
$event->description = $data['description'];
/* Check data and, if correct, save to DB */
if ($event->checkData() && $event->save()) {
if (isset($data['id'])) {
Flash::set('success', __('The event has been updated.'));
} else {
Flash::set('success', __('A new event has been created.'));
}
redirect(get_url('plugin/calendar/events'));
} else {
Flash::setNow('error', __('There are errors in the form.'));
$this->display(CALENDAR_VIEWS . '/update', array('event' => $event));
}
}
}
/**
* Saves the settings.
*/
private final function _save()
{
$data = $_POST['setting'];
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'setting')) {
Flash::set('error', __('Invalid CSRF token found!'));
Observer::notify('csrf_token_invalid', AuthUser::getUserName());
redirect(get_url('setting'));
}
} else {
Flash::set('error', __('No CSRF token found!'));
Observer::notify('csrf_token_not_found', AuthUser::getUserName());
redirect(get_url('setting'));
}
if (!isset($data['allow_html_title'])) {
$data['allow_html_title'] = 'off';
}
use_helper('Kses');
$allowed = array('img' => array('src' => array()), 'abbr' => array('title' => array()), 'acronym' => array('title' => array()), 'b' => array(), 'blockquote' => array('cite' => array()), 'br' => array(), 'code' => array(), 'em' => array(), 'i' => array(), 'p' => array(), 'strike' => array(), 'strong' => array());
$data['admin_title'] = kses(trim($data['admin_title']), $allowed);
Setting::saveFromData($data);
Flash::set('success', __('Settings have been saved!'));
redirect(get_url('setting'));
}
private function _add(ORM $user)
{
$data = $this->request->post('user');
$profile = $this->request->post('profile');
$user_roles = $this->request->post('user_roles');
$this->auto_render = FALSE;
if (empty($data['notice'])) {
$data['notice'] = 0;
}
Flash::set('users::add::data', $data);
try {
$user = $user->create_user($data, array('password', 'username', 'email'));
if (!empty($user_roles)) {
$user->update_related_ids('roles', explode(',', $user_roles));
}
$profile['user_id'] = $user->id;
$user->profile->values($profile)->create();
Messages::success(__('User has been added!'));
} catch (ORM_Validation_Exception $e) {
Messages::errors($e->errors('validation'));
$this->go_back();
}
if ($this->request->post('commit') !== NULL) {
$this->go();
} else {
$this->go(array('action' => 'edit', 'id' => $user->id));
}
}
public function create_user()
{
// If there are no users then let's create one.
$db = Database::get_instance();
$db->query('SELECT * FROM `users` LIMIT 1');
if ($db->has_rows() && !Auth::get_instance()->logged_in()) {
Flash::set('<p class="flash validation">Sorry but to create new users, you must be logged in.</p>');
Core_Helpers::redirect(WEB_ROOT . 'login/');
}
$validator = Error::instance();
if (isset($_POST['email'])) {
$validator->email($_POST['email'], 'email');
$validator->blank($_POST['username'], 'username');
$validator->blank($_POST['password'], 'password');
$validator->passwords($_POST['password'], $_POST['confirm_password'], 'confirm_password');
$user = new Users();
if ($user->select(array('username' => $_POST['username']))) {
$validator->add('username', 'The username <strong>' . htmlspecialchars($_POST['username']) . '</strong> is already taken.');
}
if ($validator->ok()) {
$user = new Users();
$user->load($_POST);
$user->level = 'admin';
$user->insert();
Flash::set('<p class="flash success">User created successfully.</p>');
Core_Helpers::redirect(WEB_ROOT . 'login/');
}
}
$this->data['error'] = $validator;
$this->load_template('create_user');
}
public function submit()
{
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// TODO validate data
if ($_POST['password'] !== $_POST['passwordrepeat']) {
Flash::set('error_message', 'Your passwords did not match!');
} elseif (!preg_match("#[0-9]+#", $_POST['password'])) {
// should contain at least 1 number
Flash::set('error_message', 'Your password should contain at least 1 number');
} elseif (!preg_match("#[A-Z]+#", $_POST['password'])) {
// should contain at least 1 capital letter
Flash::set('error_message', 'Your password should contain at least an uppercase letter');
} elseif (!preg_match("#[a-z]+#", $_POST['password'])) {
// should contain at least 1 lowercase letter
Flash::set('error_message', 'Your password should contain at least a lowercase letter');
} else {
// TODO submit data
Real_Estate::create(['name' => $_POST['name'], 'password' => create_hash($_POST['password']), 'address' => $_POST['address'], 'email' => $_POST['email'], 'phone' => $_POST['phone'], 'photo' => null]);
Flash::set('success_message', 'Your company account has been created!');
$this->redirect('/');
return;
}
$this->redirect('/realest/signup');
} else {
$this->send404();
}
}
public static function require_active_user()
{
if ($user = self::get_active_user()) {
if (defined('ADMIN_ONLY') && ADMIN_ONLY) {
if ($user->admin) {
return $user;
} else {
buffer_end_clean();
Flash::set('failure', SITE_NAME . ' is currently locked, you must be an admin to login.');
//throw new Lvc_Exception('Non admin ('.$user->name.') tried to login during lock.');
//$_SESSION['flash']['referrer'] = $_SERVER['REQUEST_URI'];
header('Location: /locked');
die;
}
} else {
return $user;
}
} else {
buffer_end_clean();
Flash::set('failure', 'You must first login.');
$_SESSION['flash']['referrer'] = $_SERVER['REQUEST_URI'];
header('Location: /user/login');
die;
}
}
function deactivate_plugin($plugin)
{
if (!AuthUser::hasPermission('administrator')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}
Plugin::deactivate($plugin);
}
/**
* Generate a Response for the 401 Exception.
*
* The user should be redirect to a login page.
*
* @return Response
*/
public function get_response()
{
Flash::set('protected_page', Context::instance()->get_page());
if (($page = Model_Page_Front::findByField('behavior_id', 'protected_page')) !== FALSE) {
return Request::factory($page->url)->execute();
}
throw new HTTP_Exception_401($this->message);
}
function _checkVersion()
{
if (CHECK_UPDATES) {
$v = file_get_contents('http://www.madebyfrog.com/version/');
if ($v > FROG_VERSION) {
Flash::set('error', __('<b>Information!</b> New Frog version available (v. <b>:version</b>)! Visit <a href="http://www.madebyfrog.com/">http://www.madebyfrog.com/</a> to upgrade your version!', array(':version' => $v)));
}
}
}
function dashboard_events_widget_uninstall()
{
$conn = Record::getConnection();
if ($conn->exec("DROP TABLE IF EXISTS " . TABLE_PREFIX . "dashboard_log") === false) {
Flash::set("error", __("Unable to drop table dashboard_log"));
redirect(get_url("setting"));
die;
}
}
/**
* Save the settings
*
* @todo Add a sanity check for input.
*/
function save()
{
$settings = $_POST['settings'];
$ret = Plugin::setAllSettings($settings, 'multi_lang');
if ($ret) {
Flash::set('success', __('The settings have been updated.'));
} else {
Flash::set('error', 'An error has occurred while trying to save the settings.');
}
redirect(get_url('plugin/multi_lang/settings'));
}
function save()
{
$options = $_POST['options'];
$ret = Plugin::setAllSettings($options, 'easysnippet');
if ($ret) {
Flash::set('success', __('The settings have been updated.'));
} else {
Flash::set('error', 'An error has occurred while trying to save the settings.');
}
redirect(get_url('plugin/easysnippet/settings'));
}
function save()
{
if (isset($_POST['settings'])) {
if (Plugin::setAllSettings($_POST['settings'], 'archive')) {
Flash::set('success', __('The settings have been saved.'));
} else {
Flash::set('error', __('An error occured trying to save the settings.'));
}
} else {
Flash::set('error', __('Could not save settings, no settings found.'));
}
redirect(get_url('plugin/archive/settings'));
}
/**
*
* @param type Model_Page_Front
*/
private function _render(Model_Page_Front $page)
{
View::set_global('page_object', $page);
View::set_global('page', $page);
$this->_ctx->set_page($page);
// If page needs login, redirect to login
if ($page->needs_login() == Model_Page::LOGIN_REQUIRED) {
Observer::notify('frontpage_login_required', $page);
if (!Auth::is_logged_in()) {
Flash::set('redirect', $page->url());
$this->redirect(Route::get('user')->uri(array('action' => 'login')));
}
}
Observer::notify('frontpage_found', $page);
$this->_ctx->set_crumbs($page);
$this->_ctx->build_crumbs();
// Если установлен статус 404, то выводим страницу 404
// Страницу 404 могут выкидывать также Виджеты
if (Request::current()->is_initial() and $this->response->status() == 404) {
$message = $this->_ctx->get('throw_message');
$this->_ctx = NULL;
if (!$message) {
$message = 'Page not found';
}
Model_Page_Front::not_found($message);
}
$html = (string) $page->render_layout();
// Если пользователь Администраторо или девелопер, в конец шаблона
// добавляем View 'system/blocks/toolbar', в котором можно добавлять
// собственный HTML, например панель администратора
if (Auth::is_logged_in() and Auth::has_permissions(array('administrator', 'developer'))) {
$inject_html = (string) View::factory('system/blocks/toolbar');
// Insert system HTML before closed tag body
$matches = preg_split('/(<\\/body>)/i', $html, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
if (count($matches) > 1) {
/* assemble the HTML output back with the iframe code in it */
$html = $matches[0] . $inject_html . $matches[1] . $matches[2];
}
}
// Если в наcтройках выключен режим отладки, то выключить etag кеширование
if (Config::get('site', 'debug') == Config::NO) {
$this->check_cache(sha1($html));
$this->response->headers('last-modified', date('r', strtotime($page->updated_on)));
}
$this->response->headers('Content-Type', $page->mime());
if (Config::get('global', 'x_powered_header') == Config::YES) {
$this->response->headers('X-Powered-CMS', CMS_NAME . '/' . CMS_VERSION);
}
$this->response->body($html);
}
function remove_404($id)
{
// find the user to delete
if ($error = Record::findByIdFrom('Redirector404s', $id)) {
if ($error->delete()) {
Flash::set('success', __('404 Error has been deleted!'));
} else {
Flash::set('error', __('There was a problem deleting this 404 error!'));
}
} else {
Flash::set('error', __('404 Error not found!'));
}
redirect(get_url('plugin/redirector/'));
}
public function action_index()
{
$page_id = $this->request->param('id');
$page = ORM::factory('page', (int) $page_id);
if (!$page->loaded()) {
Flash::set('error', __('Page not found!'));
throw new HTTP_Exception_404('Page not found');
}
$this->template->title = $page->title;
$this->breadcrumbs->add(__('Pages'), Route::get('backend')->uri(array('controller' => 'page')))->add($this->template->title);
$pages = ORM::factory('page')->where('parent_id', '=', (int) $page_id);
$pager = Pagination::factory(array('total_items' => $pages->reset(FALSE)->count_all()));
$this->template->content = View::factory('archive/index', array('items' => $pages->order_by('created_on', 'desc')->limit($pager->items_per_page)->offset($pager->offset)->find_all(), 'page' => $page, 'pager' => $pager));
}
function save()
{
if (isset($_POST['settings'])) {
$settings = $_POST['settings'];
foreach ($settings as $key => $value) {
$settings[$key] = mysql_escape_string($value);
}
$ret = Plugin::setAllSettings($settings, 'archive');
if ($ret) {
Flash::set('success', __('The settings have been saved.'));
} else {
Flash::set('error', 'An error occured trying to save the settings.');
}
} else {
Flash::set('error', 'Could not save settings, no settings found.');
}
redirect(get_url('plugin/archive/settings'));
}
private function _add(ORM $role)
{
$data = $this->request->post('role');
$this->auto_render = FALSE;
Flash::set('roles::add::data', $data);
try {
$role = $role->values($data)->create();
if (Acl::check('roles.change_permissions')) {
$role->set_permissions($data['permissions']);
}
Messages::success(__('Role has been added!'));
} catch (ORM_Validation_Exception $e) {
Messages::errors($e->errors('validation'));
$this->go_back();
}
// save and quit or save and continue editing?
if ($this->request->post('commit') !== NULL) {
$this->go();
} else {
$this->go(array('action' => 'edit', 'id' => $role->id));
}
}
public function on_page_load()
{
$this->_errors = array();
$this->_fetch_fields();
$next_url = $this->next_url;
if (Request::current()->is_ajax()) {
$json = array('status' => FALSE);
if (!empty($this->_errors)) {
$json['errors'] = $this->_errors;
$json['values'] = $this->_values;
} else {
if ($this->handle_email_type($this->_values)) {
$json = array('status' => TRUE);
}
}
Request::current()->headers('Content-type', 'application/json');
$this->_ctx->response()->body(json_encode($json));
} else {
$referrer = Request::current()->referrer();
if (!empty($this->_errors)) {
Flash::set('form_errors', $this->_errors);
Flash::set('form_values', $this->_values);
$query = URL::query(array('status' => 'error'), FALSE);
$next_url = $referrer;
} else {
if ($this->handle_email_type($this->_values)) {
$query = URL::query(array('status' => 'ok'), FALSE);
if (empty($next_url)) {
$next_url = $referrer;
}
} else {
$query = URL::query(array('status' => 'error'), FALSE);
$next_url = $referrer;
}
}
HTTP::redirect(preg_replace('/\\?.*/', '', $next_url) . $query, 302);
}
}
private function _add($job)
{
$data = $this->request->post();
$this->auto_render = FALSE;
Flash::set('post_data', $data);
$job->values($data);
try {
if ($job->create()) {
Kohana::$log->add(Log::INFO, 'Job :job has been added by :user', array(':job' => HTML::anchor(Route::get('backend')->uri(array('controller' => 'scheduler', 'action' => 'edit', 'id' => $job->id)), $job->name)))->write();
Flash::clear('post_data');
Messages::success(__('Job has been saved!'));
}
} catch (ORM_Validation_Exception $e) {
Messages::errors($e->errors('validation'));
$this->go_back();
}
// save and quit or save and continue editing?
if ($this->request->post('commit') !== NULL) {
$this->go(Route::get('backend')->uri(array('controller' => 'jobs')));
} else {
$this->go(Route::get('backend')->uri(array('controller' => 'jobs', 'action' => 'edit', 'id' => $job->id)));
}
}
private function _add()
{
$data = $this->request->post();
$snippet = new Model_File_Snippet($data['name']);
$snippet->content = $data['content'];
Flash::set('post_data', $snippet);
try {
$status = $snippet->save();
} catch (Validation_Exception $e) {
Messages::errors($e->errors('validation'));
$this->go_back();
}
Kohana::$log->add(Log::INFO, 'Snippet :name has been added by :user', array(':name' => $snippet->name))->write();
Messages::success(__('Snippet has been saved!'));
Observer::notify('snippet_after_add', $snippet);
Session::instance()->delete('post_data');
// save and quit or save and continue editing?
if ($this->request->post('commit') !== NULL) {
$this->go();
} else {
$this->go(array('action' => 'edit', 'id' => $snippet->name));
}
}
function save()
{
$settings = array();
$settings['funky_cache_by_default'] = $_POST['funky_cache_by_default'];
$settings['funky_cache_suffix'] = $_POST['funky_cache_suffix'];
$settings['funky_cache_folder'] = $_POST['funky_cache_folder'];
if (Plugin::setAllSettings($settings, 'funky_cache')) {
Flash::set('success', __('The cache settings have been updated.'));
$message = sprintf('The cache settings were updated by :username.');
Observer::notify('log_event', $message, 'funky_cache', 5);
} else {
Flash::set('error', 'The cache settings could not be updated due to an error.');
$message = sprintf('An attempt by :username to update the cache settings failed.');
Observer::notify('log_event', $message, 'funky_cache', 2);
}
redirect(get_url('plugin/funky_cache/settings'));
}
* This file is part of Wolf CMS. Wolf CMS is licensed under the GNU GPLv3 license.
* Please see license.txt for the full license text.
*/
/* Security measure */
if (!defined('IN_CMS')) {
exit;
}
/**
* The FileManager allows users to upload and manipulate files.
*
* Note - Mostly rewritten since Wolf CMS 0.6.0
*
* @package Plugins
* @subpackage file_manager
*
* @author Martijn van der Kleijn <*****@*****.**>
* @copyright Martijn van der Kleijn, 2008-2010
* @license http://www.gnu.org/licenses/gpl.html GPLv3 license
*
* @todo Starting from PHP 5.3, use FileInfo
*/
// check for settings
$settings = Plugin::getAllSettings('file_manager');
// merge settings
$settings = array('umask' => isset($settings['umask']) ? $settings['umask'] : '0022', 'dirmode' => isset($settings['dirmode']) ? $settings['dirmode'] : '0755', 'filemode' => isset($settings['filemode']) ? $settings['filemode'] : '0644', 'show_hidden' => isset($settings['show_hidden']) ? $settings['show_hidden'] : '0', 'show_backups' => isset($settings['show_backups']) ? $settings['show_backups'] : '1');
// flash message
if (Plugin::setAllSettings($settings, 'file_manager')) {
Flash::set('success', 'File Manager - ' . __('plugin settings initialized.'));
} else {
Flash::set('error', 'File Manager - ' . __('unable to store plugin settings!'));
}
<?php
defined('IN_CMS') || exit;
Flash::set('info', __('CKEditor plugin settings are stored in database.<br/>Click uninstall if you wish to delete them.'));
public function rename()
{
$data = $_POST['file'];
$data['current_name'] = str_replace('..', '', $data['current_name']);
$data['new_name'] = str_replace('..', '', $data['new_name']);
$path = substr($data['current_name'], 0, strrpos($data['current_name'], '/'));
$file = FILES_DIR . '/' . $data['current_name'];
if (file_exists($file)) {
if (!rename($file, FILES_DIR . '/' . $path . '/' . $data['new_name'])) {
Flash::set('error', __('Permission denied!'));
}
} else {
Flash::set('error', __('File or directory not found! ' . $file));
}
redirect(get_url('plugin/file_manager/browse/' . $path));
}
function delete_image($id)
{
$this->_checkPermission();
$paths = func_get_args();
$id = urldecode(join('/', $paths));
$about = Record::findByIdFrom('About', $id);
$file = FILES_DIR . '/about/' . $about->filename;
$filename = array_pop($paths);
$paths = join('/', $paths);
if (is_file($file)) {
if (!unlink($file)) {
Flash::set('error', __('Permission denied!'));
}
}
// find the about to delete
if ($about = Record::findByIdFrom('About', $id)) {
if ($about->update('About', array('filename' => '', 'source' => ''), 'id=' . $id)) {
Flash::set('success', __('This image has been deleted.'));
} else {
Flash::set('error', __('This image has not been deleted!'));
}
} else {
Flash::set('error', __('Image not found!'));
}
redirect(get_url('about/view/' . $id));
}
function save()
{
$approve = mysql_escape_string($_POST['autoapprove']);
$captcha = mysql_escape_string($_POST['captcha']);
$rowspage = mysql_escape_string($_POST['rowspage']);
$numlabel = mysql_escape_string($_POST['numlabel']);
$settings = array('auto_approve_comment' => $approve, 'use_captcha' => $captcha, 'rowspage' => $rowspage, 'numlabel' => $numlabel);
$ret = Plugin::setAllSettings($settings, 'comment');
if ($ret) {
Flash::set('success', __('The settings have been updated.'));
} else {
Flash::set('error', 'An error has occured.');
}
redirect(get_url('plugin/comment/settings'));
}
