/**
* Example:
* {securityutil_checkpermission component='Users::' instance='.*' level='ACCESS_ADMIN' assign='auth'}
*
* true/false will be returned.
*
* This file is a plugin for Zikula_View, the Zikula implementation of Smarty
* @param array $params All attributes passed to this function from the template
* @param object $smarty Reference to the Smarty object
* @return boolean authorized?
*/
function smarty_function_securityutil_checkpermission($params, $smarty)
{
LogUtil::log(__f('Warning! Template plugin {%1$s} is deprecated, please use {%2$s} instead.', array('securityutil_checkpermission', 'checkpermission')), E_USER_DEPRECATED);
if (!isset($params['component'])) {
$smarty->trigger_error(__f('Error! in %1$s: the %2$s parameter must be specified.', array('securityutil_checkpermission', 'component')));
return false;
}
if (!isset($params['instance'])) {
$smarty->trigger_error(__f('Error! in %1$s: the %2$s parameter must be specified.', array('securityutil_checkpermission', 'instance')));
return false;
}
if (!isset($params['level'])) {
$smarty->trigger_error(__f('Error! in %1$s: the %2$s parameter must be specified.', array('securityutil_checkpermission', 'level')));
return false;
}
$result = SecurityUtil::checkPermission($params['component'], $params['instance'], constant($params['level']));
if (isset($params['assign'])) {
$smarty->assign($params['assign'], $result);
} else {
return $result;
}
}
/**
* User category selector.
*
* Available parameters:
* - btnText: If set, the results are assigned to the corresponding variable instead of printed out
* - cid: category ID
*
* Example
* {selector_user_category cid="1" assign="category"}
*
* @param array $params All attributes passed to this function from the template.
* @param Zikula_View $view Reference to the Zikula_View object.
*
* @return string HTML code of the selector.
*/
function smarty_function_selector_user_category($params, Zikula_View $view)
{
$field = isset($params['field']) ? $params['field'] : 'id';
$selectedValue = isset($params['selectedValue']) ? $params['selectedValue'] : 0;
$defaultValue = isset($params['defaultValue']) ? $params['defaultValue'] : 0;
$defaultText = isset($params['defaultText']) ? $params['defaultText'] : '';
$lang = isset($params['lang']) ? $params['lang'] : ZLanguage::getLanguageCode();
$name = isset($params['name']) ? $params['name'] : 'defautlselectorname';
$recurse = isset($params['recurse']) ? $params['recurse'] : true;
$relative = isset($params['relative']) ? $params['relative'] : true;
$includeRoot = isset($params['includeRoot']) ? $params['includeRoot'] : false;
$includeLeaf = isset($params['includeLeaf']) ? $params['includeLeaf'] : true;
$all = isset($params['all']) ? $params['all'] : false;
$displayPath = isset($params['displayPath']) ? $params['displayPath'] : false;
$attributes = isset($params['attributes']) ? $params['attributes'] : null;
$assign = isset($params['assign']) ? $params['assign'] : null;
$editLink = isset($params['editLink']) ? $params['editLink'] : true;
$submit = isset($params['submit']) ? $params['submit'] : false;
$multipleSize = isset($params['multipleSize']) ? $params['multipleSize'] : 1;
$doReplaceRootCat = false;
$userCats = ModUtil::apiFunc('ZikulaCategoriesModule', 'user', 'getusercategories', array('returnCategory' => 1, 'relative' => $relative));
$html = CategoryUtil::getSelector_Categories($userCats, $field, $selectedValue, $name, $defaultValue, $defaultText, $submit, $displayPath, $doReplaceRootCat, $multipleSize);
if ($editLink && $allowUserEdit && UserUtil::isLoggedIn() && SecurityUtil::checkPermission('ZikulaCategoriesModule::', "{$category['id']}::", ACCESS_EDIT)) {
$url = ModUtil::url('ZikulaCategoriesModule', 'user', 'edituser');
$html .= " <a href=\"{$url}\">" . __('Edit sub-categories') . '</a>';
}
if ($assign) {
$view->assign($assign, $html);
} else {
return $html;
}
}
/**
* Example:
* {secauthaction comp="Stories::" inst=".*" level="ACCESS_ADMIN" assign="auth"}
*
* true/false will be returned.
*
* This file is a plugin for Zikula_View, the Zikula implementation of Smarty
* @param array $params All attributes passed to this function from the template
* @param object &$smarty Reference to the Smarty object
* @return boolean authorized?
*/
function smarty_function_secauthaction($params, &$smarty)
{
LogUtil::log(__f('Warning! Template plugin {%1$s} is deprecated, please use {%2$s} instead.', array('secauthaction', 'checkpermission')), E_USER_DEPRECATED);
$assign = isset($params['assign']) ? $params['assign'] : null;
$comp = isset($params['comp']) ? $params['comp'] : null;
$inst = isset($params['inst']) ? $params['inst'] : null;
$level = isset($params['level']) ? $params['level'] : null;
if (!$comp) {
$smarty->trigger_error(__f('Error! in %1$s: the %2$s parameter must be specified.', array('smarty_function_secauthaction', 'comp')));
return false;
}
if (!$inst) {
$smarty->trigger_error(__f('Error! in %1$s: the %2$s parameter must be specified.', array('smarty_function_secauthaction', 'inst')));
return false;
}
if (!$level) {
$smarty->trigger_error(__f('Error! in %1$s: the %2$s parameter must be specified.', array('smarty_function_secauthaction', 'level')));
return false;
}
$result = SecurityUtil::checkPermission($comp, $inst, constant($level));
if ($assign) {
$smarty->assign($assign, $result);
} else {
return $result;
}
}
/**
* Desinstal·lació del mòdul Cataleg
*
* @return bool true si ha anat tot bé, false en qualsevol altre cas.
*/
public function uninstall()
{
if (!SecurityUtil::checkPermission('Cataleg::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
// Esborrar taules del mòdul
if (!DBUtil::dropTable('cataleg')||
!DBUtil::dropTable('cataleg_eixos')||
!DBUtil::dropTable('cataleg_prioritats')||
!DBUtil::dropTable('cataleg_unitatsImplicades')||
!DBUtil::dropTable('cataleg_subprioritats')||
!DBUtil::dropTable('cataleg_activitats')||
!DBUtil::dropTable('cataleg_activitatsZona')||
!DBUtil::dropTable('cataleg_unitats')||
!DBUtil::dropTable('cataleg_responsables')||
!DBUtil::dropTable('cataleg_contactes')||
!DBUtil::dropTable('cataleg_auxiliar')||
!DBUtil::dropTable('cataleg_centresActivitat')||
!DBUtil::dropTable('cataleg_centres')||
!DBUtil::dropTable('cataleg_gestioActivitatDefaults')||
!DBUtil::dropTable('cataleg_importTaules')||
!DBUtil::dropTable('cataleg_importAssign')||
!DBUtil::dropTable('cataleg_gtafEntities')||
!DBUtil::dropTable('cataleg_gtafGroups')
)
return false;
//Esborrar variables del mòdul
$this->delVars();
// unregister hook handlers
HookUtil::unregisterSubscriberBundles($this->version->getHookSubscriberBundles());
return true;
}
function mediashare_mediahandlerapi_scanMediaHandlers()
{
// Check access
if (!SecurityUtil::checkPermission('mediashare::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
$dom = ZLanguage::getModuleDomain('mediashare');
// Clear existing handler table
if (!DBUtil::truncateTable('mediashare_mediahandlers')) {
return LogUtil::registerError(__f('Error in %1$s: %2$s.', array('mediahandlerapi.scanMediaHandlers', __f("Could not clear the '%s' table.", 'mediahandlers', $dom)), $dom));
}
// Scan for handlers APIs
$files = FileUtil::getFiles('modules/mediashare', false, true, 'php', 'f');
foreach ($files as $file) {
if (preg_match('/^pnmedia_([-a-zA-Z0-9_]+)api.php$/', $file, $matches)) {
$handlerName = $matches[1];
$handlerApi = "media_{$handlerName}";
// Force load - it is used during pninit
pnModAPILoad('mediashare', $handlerApi, true);
if (!($handler = pnModAPIFunc('mediashare', $handlerApi, 'buildHandler'))) {
return false;
}
$fileTypes = $handler->getMediaTypes();
foreach ($fileTypes as $fileType) {
$fileType['handler'] = $handlerName;
$fileType['title'] = $handler->getTitle();
if (!pnModAPIFunc('mediashare', 'mediahandler', 'addMediaHandler', $fileType)) {
return false;
}
}
}
}
return true;
}
/**
* get available Admin panel links
*
* @return array Array of admin links
*/
public function getlinks()
{
$links = array();
if (SecurityUtil::checkPermission($this->name . '::', '::', ACCESS_READ)) {
$links[] = array('url' => ModUtil::url($this->name, 'user', 'main'), 'text' => $this->__('Frontend'), 'title' => $this->__('Switch to user area.'), 'class' => 'z-icon-es-home');
}
if (SecurityUtil::checkPermission($this->name . '::', '::', ACCESS_ADMIN)) {
$links[] = array('url' => ModUtil::url($this->name, 'admin', 'view', array('ot' => 'category')), 'text' => $this->__('Categories'), 'title' => $this->__('Category list'));
}
if (SecurityUtil::checkPermission($this->name . '::', '::', ACCESS_ADMIN)) {
$links[] = array('url' => ModUtil::url($this->name, 'admin', 'view', array('ot' => 'forum')), 'text' => $this->__('Forums'), 'title' => $this->__('Forum list'));
}
if (SecurityUtil::checkPermission($this->name . '::', '::', ACCESS_ADMIN)) {
$links[] = array('url' => ModUtil::url($this->name, 'admin', 'view', array('ot' => 'posting')), 'text' => $this->__('Postings'), 'title' => $this->__('Posting list'));
}
if (SecurityUtil::checkPermission($this->name . '::', '::', ACCESS_ADMIN)) {
$links[] = array('url' => ModUtil::url($this->name, 'admin', 'view', array('ot' => 'abo')), 'text' => $this->__('Abos'), 'title' => $this->__('Abo list'));
}
if (SecurityUtil::checkPermission($this->name . '::', '::', ACCESS_ADMIN)) {
$links[] = array('url' => ModUtil::url($this->name, 'admin', 'view', array('ot' => 'user')), 'text' => $this->__('Users'), 'title' => $this->__('User list'));
}
if (SecurityUtil::checkPermission($this->name . '::', '::', ACCESS_ADMIN)) {
$links[] = array('url' => ModUtil::url($this->name, 'admin', 'view', array('ot' => 'rank')), 'text' => $this->__('Ranks'), 'title' => $this->__('Rank list'));
}
if (SecurityUtil::checkPermission($this->name . '::', '::', ACCESS_ADMIN)) {
$links[] = array('url' => ModUtil::url($this->name, 'admin', 'config'), 'text' => $this->__('Configuration'), 'title' => $this->__('Manage settings for this application'));
}
return $links;
}
public function initialize(Zikula_Form_View $view)
{
if (!SecurityUtil::checkPermission('Content::', '::', ACCESS_ADMIN)) {
throw new Zikula_Exception_Forbidden(LogUtil::getErrorMsgPermission());
}
$catoptions = array( array('text' => $this->__('Use 2 category levels (1st level single, 2nd level multi selection)'), 'value' => '1'),
array('text' => $this->__('Use 2 category levels (both single selection)'), 'value' => '2'),
array('text' => $this->__('Use 1 category level'), 'value' => '3'),
array('text' => $this->__("Don't use Categories at all"), 'value' => '4') );
$this->view->assign('catoptions', $catoptions);
$this->view->assign('categoryusage', 1);
$activeoptions = array( array('text' => $this->__('New pages will be active and available in the menu'), 'value' => '1'),
array('text' => $this->__('New pages will be inactive and available in the menu'), 'value' => '2'),
array('text' => $this->__('New pages will be active and not available in the menu'), 'value' => '3'),
array('text' => $this->__('New pages will be inactive and not available in the menu'), 'value' => '4') );
$this->view->assign('activeoptions', $activeoptions);
$pageinfolocationoptions = array( array('text' => $this->__('Top of the page, left of the page title'), 'value' => 'top'),
array('text' => $this->__('Bottom of the page'), 'value' => 'bottom') );
$this->view->assign('pageinfolocationoptions', $pageinfolocationoptions);
// Assign all module vars
$this->view->assign('config', ModUtil::getVar('Content'));
return true;
}
function mediashare_sourcesapi_scanSources()
{
// Check access
if (!SecurityUtil::checkPermission('mediashare::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
$dom = ZLanguage::getModuleDomain('mediashare');
// Clear existing sources table
if (!DBUtil::truncateTable('mediashare_sources')) {
return LogUtil::registerError(__f('Error in %1$s: %2$s.', array('sourcesapi.scanSources', __f("Could not clear the '%s' table.", 'sources', $dom)), $dom));
}
// Scan for sources APIs
$files = FileUtil::getFiles('modules/mediashare', false, true, 'php', 'f');
foreach ($files as $file) {
if (preg_match('/^pnsource_([-a-zA-Z0-9_]+)api.php$/', $file, $matches)) {
$sourceName = $matches[1];
$sourceApi = "source_{$sourceName}";
// Force load - it is used during pninit
pnModAPILoad('mediashare', $sourceApi, true);
if (!($title = pnModAPIFunc('mediashare', $sourceApi, 'getTitle'))) {
return false;
}
if (!pnModAPIFunc('mediashare', 'sources', 'addSource', array('title' => $title, 'name' => $sourceName))) {
return false;
}
}
}
return true;
}
/**
* This function sets active/inactive status.
*
* @param eid
*
* @return mixed true or Ajax error
*/
public function setstatus()
{
$this->checkAjaxToken();
$this->throwForbiddenUnless(SecurityUtil::checkPermission('Ephemerides::', '::', ACCESS_ADMIN));
$eid = $this->request->request->get('eid', 0);
$status = $this->request->request->get('status', 0);
$alert = '';
if ($eid == 0) {
$alert .= $this->__('No ID passed.');
} else {
$item = array('eid' => $eid, 'status' => $status);
$res = DBUtil::updateObject($item, 'ephem', '', 'eid');
if (!$res) {
$alert .= $item['eid'] . ', ' . $this->__f('Could not change item, ID %s.', DataUtil::formatForDisplay($eid));
if ($item['status']) {
$item['status'] = 0;
} else {
$item['status'] = 1;
}
}
}
// get current status to return
$item = ModUtil::apiFunc($this->name, 'user', 'get', array('eid' => $eid));
if (!$item) {
$alert .= $this->__f('Could not get data, ID %s.', DataUtil::formatForDisplay($eid));
}
return new Zikula_Response_Ajax(array('eid' => $eid, 'status' => $item['status'], 'alert' => $alert));
}
/**
* Create or edit record.
*
* @return string|boolean Output.
*/
public function edit()
{
if (!SecurityUtil::checkPermission('ExampleDoctrine::', '::', ACCESS_ADD)) {
return LogUtil::registerPermissionError(ModUtil::url('ExampleDoctrine', 'user', 'index'));
}
$id = $this->request->query->getInt('id');
if ($id) {
// load user with id
$user = $this->entityManager->find('ExampleDoctrine_Entity_User', $id);
if (!$user) {
return LogUtil::registerError($this->__f('User with id %s not found', $id));
}
} else {
$user = new ExampleDoctrine_Entity_User();
}
/* @var $form Symfony\Component\Form\Form */
$form = $this->serviceManager->getService('symfony.formfactory')->create(new ExampleDoctrine_Form_UserType(), $user);
if ($this->request->getMethod() == 'POST') {
$form->bindRequest($this->request);
if ($form->isValid()) {
$data = $form->getData();
$this->entityManager->persist($data);
$this->entityManager->flush();
return $this->redirect(ModUtil::url('ExampleDoctrine', 'user', 'view'));
}
}
return $this->view->assign('form', $form->createView())->fetch('exampledoctrine_user_edit.tpl');
}
/**
* display block
*
* @param array $blockinfo a blockinfo structure
* @return output the rendered bock
*/
public function display($blockinfo)
{
// Security check
if (!SecurityUtil::checkPermission('Searchblock::', "{$blockinfo['title']}::", ACCESS_READ)) {
return;
}
// Get current content
$vars = BlockUtil::varsFromContent($blockinfo['content']);
// set some defaults
if (!isset($vars['displaySearchBtn'])) {
$vars['displaySearchBtn'] = 0;
}
if (!isset($vars['active'])) {
$vars['active'] = array();
}
// assign the block vars array
$this->view->assign('vars', $vars);
// set a title if one isn't present
if (empty($blockinfo['title'])) {
$blockinfo['title'] = __('Search');
}
// return the rendered block
$blockinfo['content'] = $this->view->fetch('search_block_search.tpl');
return BlockUtil::themeBlock($blockinfo);
}
public function initialize(Zikula_Form_View $view)
{
if (!SecurityUtil::checkPermission('Content::', '::', ACCESS_ADMIN)) {
throw new Zikula_Exception_Forbidden(LogUtil::getErrorMsgPermission());
}
$catoptions = array(array('text' => $this->__('Use 2 category levels (1st level single, 2nd level multi selection)'), 'value' => '1'), array('text' => $this->__('Use 2 category levels (both single selection)'), 'value' => '2'), array('text' => $this->__('Use 1 category level'), 'value' => '3'), array('text' => $this->__("Don't use Categories at all"), 'value' => '4'));
$this->view->assign('catoptions', $catoptions);
$this->view->assign('categoryusage', 1);
$activeoptions = array(array('text' => $this->__('New pages will be active and available in the menu'), 'value' => '1'), array('text' => $this->__('New pages will be inactive and available in the menu'), 'value' => '2'), array('text' => $this->__('New pages will be active and not available in the menu'), 'value' => '3'), array('text' => $this->__('New pages will be inactive and not available in the menu'), 'value' => '4'));
$this->view->assign('activeoptions', $activeoptions);
$pageinfolocationoptions = array(array('text' => $this->__('Top of the page, left of the page title'), 'value' => 'top'), array('text' => $this->__('Bottom of the page'), 'value' => 'bottom'));
$this->view->assign('pageinfolocationoptions', $pageinfolocationoptions);
// get all module variables
$modvars = ModUtil::getVar('Content');
// Prepare list of layout options that are displayed for new pages
$layoutdisplayoptions = array();
$layoutDisplaySelection = array();
foreach ($modvars['layoutDisplay'] as $layout) {
$layoutdisplayoptions[] = array('text' => $layout['description'], 'value' => $layout['name']);
if ($layout['display']) {
$layoutDisplaySelection[] = $layout['name'];
}
}
$this->view->assign('layoutdisplayoptions', $layoutdisplayoptions);
$this->view->assign('layoutDisplaySelection', $layoutDisplaySelection);
// Assign all module vars
$this->view->assign('config', $modvars);
return true;
}
public function getContent($args)
{
switch ($args['pluginid']) {
case 1:
//$uid = $args['uid'];
// Get matching news stories published since last newsletter
// No selection on categories made !!
$items = ModUtil::apiFunc('News', 'user', 'getall',
array('numitems' => $this->getVar('itemsperpage'),
'status' => 0,
'from' => DateUtil::getDatetime($args['last']),
'filterbydate' => true));
if ($items != false) {
if ($args['contenttype'] == 't') {
$counter = 0;
$output.="\n";
foreach ($items as $item) {
$counter++;
$output .= $counter . '. ' . $item['title'] . " (" . $this->__f('by %1$s on %2$s', array($item['contributor'], DateUtil::formatDatetime($item['from'], 'datebrief'))) . ")\n";
}
} else {
$render = Zikula_View::getInstance('News');
$render->assign('readperm', SecurityUtil::checkPermission('News::', "::", ACCESS_READ));
$render->assign('articles', $items);
$output = $render->fetch('mailz/listarticles.tpl');
}
} else {
$output = $this->__f('No News publisher articles since last newsletter on %s.', DateUtil::formatDatetime($args['last'], 'datebrief')) . "\n";
}
return $output;
}
return '';
}
/**
* Display block.
*
* @param array $blockinfo Blockinfo structure.
*
* @return output Rendered block.
*/
public function display($blockinfo)
{
if (!SecurityUtil::checkPermission('PendingContent::', "{$blockinfo['title']}::", ACCESS_OVERVIEW)) {
return;
}
// trigger event
$event = new Zikula_Event('get.pending_content', new Zikula_Collection_Container('pending_content'));
$pendingCollection = EventUtil::getManager()->notify($event)->getSubject();
$content = array();
// process results
foreach ($pendingCollection as $collection) {
$module = $collection->getName();
foreach ($collection as $item) {
$link = ModUtil::url($module, $item->getController(), $item->getMethod(), $item->getArgs());
$content[] = array('description' => $item->getDescription(), 'link' => $link, 'number' => $item->getNumber());
}
}
if (!empty($content)) {
$this->view->assign('content', $content);
$blockinfo['content'] = $this->view->fetch('blocks_block_pendingcontent.tpl');
} else {
$blockinfo['content'] = '';
}
return BlockUtil::themeBlock($blockinfo);
}
private function authenticate($column, $loginstr, $password)
{
$fromTable = $this->_websoccer->getConfig('db_prefix') . '_user';
// get user data
$columns = 'id, passwort, passwort_neu, passwort_salt';
$wherePart = $column . ' = \'%s\' AND status = 1';
$parameter = $loginstr;
$result = $this->_db->querySelect($columns, $fromTable, $wherePart, $parameter);
$userdata = $result->fetch_array();
$result->free();
// user does not exist
if (!$userdata['id']) {
return FALSE;
}
// check password
$inputPassword = SecurityUtil::hashPassword($password, $userdata['passwort_salt']);
if ($inputPassword != $userdata['passwort'] && $inputPassword != $userdata['passwort_neu']) {
return FALSE;
}
// update password after a generated one
if ($userdata['passwort_neu'] == $inputPassword) {
$columns = array('passwort' => $inputPassword, 'passwort_neu_angefordert' => 0, 'passwort_neu' => '');
$whereCondition = 'id = %d';
$parameter = $userdata['id'];
$this->_db->queryUpdate($columns, $fromTable, $whereCondition, $parameter);
}
return $userdata['id'];
}
/**
* Dispatch a module view request.
*
* @return mixed
*/
public function dispatch()
{
if (!SecurityUtil::checkPermission('Extensions::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
// Get input.
$moduleName = $this->request->getGet()->filter('_module', null, FILTER_SANITIZE_STRING);
$pluginName = $this->request->getGet()->filter('_plugin', null, FILTER_SANITIZE_STRING);
$action = $this->request->getGet()->filter('_action', null, FILTER_SANITIZE_STRING);
// Load plugins.
if (!$moduleName) {
$type = 'SystemPlugin';
PluginUtil::loadAllSystemPlugins();
} else {
$type = 'ModulePlugin';
PluginUtil::loadAllModulePlugins();
}
if ($moduleName) {
$serviceId = PluginUtil::getServiceId("{$type}_{$moduleName}_{$pluginName}_Plugin");
} else {
$serviceId = PluginUtil::getServiceId("{$type}_{$pluginName}_Plugin");
}
$this->throwNotFoundUnless($this->serviceManager->hasService($serviceId));
$this->plugin = $this->serviceManager->getService($serviceId);
// Sanity checks.
$this->throwNotFoundUnless($this->plugin->isInstalled(), __f('Plugin "%s" is not installed', $this->plugin->getMetaDisplayName()));
$this->throwForbiddenUnless($this->plugin instanceof Zikula_Plugin_ConfigurableInterface, __f('Plugin "%s" is not configurable', $this->plugin->getMetaDisplayName()));
$this->pluginController = $this->plugin->getConfigurationController();
$this->throwNotFoundUnless($this->pluginController->getReflection()->hasMethod($action));
return $this->pluginController->{$action}();
}
/**
* editsmilies
*
*
*/
public function editsmilies()
{
if (!SecurityUtil::checkPermission('BBSmile::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError(System::getHomepageUrl());
}
$submit = $this->getPassedValue('submit', null, 'POST');
if (!$submit) {
$smilies = $this->getVar('smilie_array');
$this->view->assign('smilies', $smilies);
return $this->view->fetch('admin/editsmiles.tpl');
}
// submit is set
$this->checkCsrfToken();
// Get input
$keys = $this->getPassedValue('key', array(), 'POST');
$shorts = $this->getPassedValue('short', array(), 'POST');
$imgsrcs = $this->getPassedValue('imgsrc', array(), 'POST');
$alts = $this->getPassedValue('alt', array(), 'POST');
$aliases = $this->getPassedValue('alias', array(), 'POST');
$types = $this->getPassedValue('smilietype', array(), 'POST');
$active = $this->getPassedValue('active', array(), 'POST');
$smilies = array();
// Create an array with the input and deaktivate all smilies
for ($i = 0; $i < sizeof($keys); $i++) {
$smilies[$keys[$i]] = array('type' => $types[$i], 'short' => $shorts[$i], 'imgsrc' => $imgsrcs[$i], 'alt' => $alts[$i], 'alias' => $aliases[$i], 'active' => 0);
}
// And now set the active flag for all selected smilies
for ($i = 0; $i < sizeof($active); $i++) {
$smilies[$active[$i]]['active'] = 1;
}
$this->setVar('smilie_array', $smilies);
LogUtil::registerStatus($this->__('The edited smilies have been saved.'));
$this->redirect(ModUtil::url('BBSmile', 'admin', 'main'));
}
/**
* Toggleblock.
*
* This function toggles active/inactive.
*
* @param bid int id of block to toggle.
*
* @return mixed true or Ajax error
*/
public function toggleblock()
{
$this->checkAjaxToken();
$this->throwForbiddenUnless(SecurityUtil::checkPermission('Blocks::', '::', ACCESS_ADMIN));
$bid = $this->request->request->get('bid', -1);
if ($bid == -1) {
throw new Zikula_Exception_Fatal($this->__('No block ID passed.'));
}
// read the block information
$blockinfo = BlockUtil::getBlockInfo($bid);
if ($blockinfo == false) {
throw new Zikula_Exception_Fatal($this->__f('Error! Could not retrieve block information for block ID %s.', DataUtil::formatForDisplay($bid)));
}
if ($blockinfo['active'] == 1) {
ModUtil::apiFunc('Blocks', 'admin', 'deactivate', array('bid' => $bid));
} else {
ModUtil::apiFunc('Blocks', 'admin', 'activate', array('bid' => $bid));
}
return new Zikula_Response_Ajax(array('bid' => $bid));
}
/**
* Display block
*/
public function display($blockinfo)
{
if (!SecurityUtil::checkPermission('Zgoodies:marqueeblock:', "{$blockinfo['bid']}::", ACCESS_OVERVIEW)) {
return;
}
if (!ModUtil::available('Zgoodies')) {
return;
}
$vars = BlockUtil::varsFromContent($blockinfo['content']);
$lang = ZLanguage::getLanguageCode();
// block title
if (isset($vars['block_title'][$lang]) && !empty($vars['block_title'][$lang])) {
$blockinfo['title'] = $vars['block_title'][$lang];
}
// marquee content
if (isset($vars['marquee_content'][$lang]) && !empty($vars['marquee_content'][$lang])) {
$vars['marquee_content_lang'] = $vars['marquee_content'][$lang];
}
if (!isset($vars['marquee_content'])) {
$vars['marquee_content_lang'] = '';
}
$this->view->assign('vars', $vars);
$this->view->assign('bid', $blockinfo['bid']);
$blockinfo['content'] = $this->view->fetch('blocks/' . $vars['block_template']);
if (isset($vars['block_wrap']) && !$vars['block_wrap']) {
if (empty($blockinfo['title'])) {
return $blockinfo['content'];
} else {
return '<h4>' . DataUtil::formatForDisplayHTML($blockinfo['title']) . '</h4>' . "\n" . $blockinfo['content'];
}
}
return BlockUtil::themeBlock($blockinfo);
}
/**
* Render and display the specified legal document, or redirect to the specified custom URL if it exists.
*
* If a custom URL for the legal document exists, as specified by the module variable identified by $customUrlKey, then
* this function will redirect the user to that URL.
*
* If no custom URL exists, then this function will render and return the appropriate template for the legal document, as
* specified by $documentName. If the legal document
*
* @param string $documentName The "name" of the document, as specified by the names of the user and text template
* files in the format 'legal_user_documentname.tpl' and 'legal_text_documentname.tpl'.
* @param string $accessInstanceKey The string used in the instance_right part of the permission access key for this document.
* @param string $activeFlagKey The string used to name the module variable that indicates whether this legal document is
* active or not; typically this is a constant from {@link Legal_Constant}, such as
* {@link Legal_Constant::MODVAR_LEGALNOTICE_ACTIVE}.
* @param string $customUrlKey The string used to name the module variable that contains a custom static URL for the
* legal document; typically this is a constant from {@link Legal_Constant}, such as
* {@link Legal_Constant::MODVAR_TERMS_URL}.
*
* @return string HTML output string
*
* @throws Zikula_Exception_Forbidden Thrown if the user does not have the appropriate access level for the function.
*/
private function renderDocument($documentName, $accessInstanceKey, $activeFlagKey, $customUrlKey)
{
// Security check
if (!SecurityUtil::checkPermission($this->name . '::' . $accessInstanceKey, '::', ACCESS_OVERVIEW)) {
throw new Zikula_Exception_Forbidden();
}
if (!$this->getVar($activeFlagKey)) {
return $this->view->fetch('legal_user_policynotactive.tpl');
} else {
$customUrl = $this->getVar($customUrlKey, '');
if (empty($customUrl)) {
// work out the template path
$template = "legal_user_{$documentName}.tpl";
// get the current users language
$languageCode = ZLanguage::transformFS(ZLanguage::getLanguageCode());
if (!$this->view->template_exists("{$languageCode}/legal_text_{$documentName}.tpl")) {
$languageCode = 'en';
}
return $this->view->assign('languageCode', $languageCode)
->fetch($template);
} else {
$this->redirect($customUrl);
}
}
}
public function search(){
// Check permission
$this->throwForbiddenUnless(SecurityUtil::checkPermission('Llicencies::', '::', ACCESS_READ));
//path to zk jquery lib
$js = new JCSSUtil;
$scripts = $js->scriptsMap();
$jquery = $scripts['jquery']['path'];
// Omplim les llistes desplegables del fromulari
$cursos = ModUtil::apiFunc('Llicencies', 'user', 'getYears');
$temes = ModUtil::apiFunc('Llicencies', 'user', 'getTopicList');
$subtemes = ModUtil::apiFunc('Llicencies', 'user', 'getSubtopicList');
$tipus = ModUtil::apiFunc('Llicencies', 'user', 'getTypeList');
$view = Zikula_View::getInstance($this->name);
$view->assign('jquery' , $jquery);
$view->assign('cursos' , $cursos);
$view->assign('temes' , $temes);
$view->assign('subtemes', $subtemes);
$view->assign('tipus' , $tipus);
$view->assign('admin' , false);
// Carreagr el formulari per a fer la cerca de llicències d'estudi
return $this->view->display('Llicencies_main.tpl');
}
function delete()
{
// security check
if (!SecurityUtil::checkPermission('AddressBook::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
$ot = FormUtil::getPassedValue('ot', 'categories', 'GETPOST');
$id = (int) FormUtil::getPassedValue('id', 0, 'GETPOST');
$url = ModUtil::url('AddressBook', 'admin', 'view', array('ot' => $ot));
$class = 'AddressBook_DBObject_' . ucfirst($ot);
if (!class_exists($class)) {
return z_exit(__f('Error! Unable to load class [%s]', $ot));
}
$object = new $class();
$data = $object->get($id);
if (!$data) {
LogUtil::registerError(__f('%1$s with ID of %2$s doesn\'\\t seem to exist', array($ot, $id)));
return System::redirect($url);
}
$object->delete();
if ($ot == "customfield") {
$sql = "ALTER TABLE addressbook_address DROP adr_custom_" . $id;
try {
DBUtil::executeSQL($sql, -1, -1, true, true);
} catch (Exception $e) {
}
}
LogUtil::registerStatus($this->__('Done! Item deleted.'));
return System::redirect($url);
}
/**
* Constructor.
*
* @param integer $objectId Identifier of treated object.
* @param integer $areaId Name of hook area.
* @param string $module Name of the owning module.
* @param string $urlString **deprecated**
* @param Zikula_ModUrl $urlObject Object carrying url arguments.
*/
function __construct($objectId, $areaId, $module, $urlString = null, Zikula_ModUrl $urlObject = null)
{
// call base constructor to store arguments in member vars
parent::__construct($objectId, $areaId, $module, $urlString, $urlObject);
// derive object type from url object
$urlArgs = $urlObject->getArgs();
$objectType = isset($urlArgs['ot']) ? $urlArgs['ot'] : 'review';
$component = $module . ':' . ucwords($objectType) . ':';
$perm = SecurityUtil::checkPermission($component, $objectId . '::', ACCESS_READ);
if (!$perm) {
return;
}
$entityClass = $module . '_Entity_' . ucwords($objectType);
$serviceManager = ServiceUtil::getManager();
$entityManager = $serviceManager->getService('doctrine.entitymanager');
$repository = $entityManager->getRepository($entityClass);
$useJoins = false;
/** TODO support composite identifiers properly at this point */
$entity = $repository->selectById($objectId, $useJoins);
if ($entity === false || !is_array($entity) && !is_object($entity)) {
return;
}
$this->setObjectTitle($entity->getTitleFromDisplayPattern());
$dateFieldName = $repository->getStartDateFieldName();
if ($dateFieldName != '') {
$this->setObjectDate($entity[$dateFieldName]);
} else {
$this->setObjectDate('');
}
if (method_exists($entity, 'getCreatedUserId')) {
$this->setObjectAuthor(UserUtil::getVar('uname', $entity['createdUserId']));
} else {
$this->setObjectAuthor('');
}
}
/**
* display items for a day
*
* @param $args array Arguments array.
*
* @return string html string
*/
public function display($args)
{
$eid = FormUtil::getPassedValue('eid', isset($args['eid']) ? $args['eid'] : null, 'REQUEST');
$objectid = FormUtil::getPassedValue('objectid', isset($args['objectid']) ? $args['objectid'] : null, 'REQUEST');
if (!empty($objectid)) {
$eid = $objectid;
}
if (!isset($args['eid']) and !empty($eid)) {
$args['eid'] = $eid;
}
// Chek permissions
$this->throwForbiddenUnless(SecurityUtil::checkPermission('Ephemerides::', '::', ACCESS_READ), LogUtil::getErrorMsgPermission());
// check if the contents are cached.
$template = 'ephemerides_user_display.tpl';
if ($this->view->is_cached($template)) {
return $this->view->fetch($template);
}
// get items
if (isset($args['eid']) and $args['eid'] > 0) {
$items = ModUtil::apiFunc($this->name, 'user', 'getall', $args);
} else {
$items = ModUtil::apiFunc($this->name, 'user', 'gettoday', $args);
}
$this->view->assign('items', $items);
return $this->view->fetch($template);
}
function smarty_function_iwqvuserassignmentactionmenulinks($params, &$smarty) {
$dom = ZLanguage::getModuleDomain('IWqv');
// set some defaults
if (!isset($params['start'])) {
$params['start'] = '[';
}
if (!isset($params['end'])) {
$params['end'] = ']';
}
if (!isset($params['separator'])) {
$params['separator'] = ' | ';
}
if (!isset($params['class'])) {
$params['class'] = 'pn-sub';
}
$html = '';
if ($params['viewas'] == 'teacher') {
if (SecurityUtil::checkPermission('IWqv::', "::", ACCESS_ADD)) {
$html = "<span class=\"" . $params['class'] . "\">" . $params['start'] . " ";
$html .= "<a onclick=\"iwqvPreviewAssignment('" . $params['url'] . "?skin=" . $params['skin'] . "&lang=" . $params['lang'] . "')\" href=\"javascript:void(0);\">" . __('preview', $dom) . "</a>";
if (isset($params['hidecorrect']) && $params['hidecorrect'] == false)
$html .= $params['separator'] . "<a onclick=\"iwqvShowAssignment(" . $params['qvid'] . ", '" . $params['viewas'] . "')\" href=\"javascript:void(0);\">" . __('correct', $dom) . "</a>";
$html .= $params['separator'] . "<a onclick=\"iwqvEditAssignment(" . $params['qvid'] . ")\" href=\"javascript:void(0);\">" . __('edit', $dom) . "</a>";
if (SecurityUtil::checkPermission('IWqv::', "::", ACCESS_DELETE)) {
if (isset($params['hidecorrect']) && $params['hidecorrect'] == false)
$html .= $params['separator'] . "<a onclick=\"iwqvDeleteAssignment(" . $params['qvid'] . ")\" href=\"javascript:void(0);\">" . __('delete', $dom) . "</a>";
}
$html .= $params['end'] . "</span>\n";
}
}
return $html;
}
public function display($blockinfo) {
// Security check (1)
if (!SecurityUtil::checkPermission('IWmenu:topblock:', "$blockinfo[title]::", ACCESS_READ)) {
return false;
}
// Check if the module is available. (2)
if (!ModUtil::available('IWmenu')) {
return false;
}
// Get variables from content block (3)
//Get cached user menu
$uid = is_null(UserUtil::getVar('uid')) ? '-1' : UserUtil::getVar('uid');
//Generate menu
$menu_estructure = ModUtil::apiFunc('IWmenu', 'user', 'getMenuStructure');
// Defaults (4)
if (empty($menu_estructure)) {
return false;
}
// Create output object (6)
$view = Zikula_View::getInstance('IWmenu');
// assign your data to to the template (7)
$view->assign('menu', $menu_estructure);
// Populate block info and pass to theme (8)
$menu = $view->fetch('IWmenu_block_top.htm');
//$blockinfo['content'] = $menu;
//return BlockUtil::themesideblock($blockinfo);
return $menu;
}
public function initialize(Zikula_Form_View $view)
{
$this->pageId = FormUtil::getPassedValue('pid', isset($this->args['pid']) ? $this->args['pid'] : null);
$offset = (int) FormUtil::getPassedValue('offset');
if ((bool) $this->getVar('inheritPermissions', false) === true) {
if (!ModUtil::apiFunc('Content', 'page', 'checkPermissionForPageInheritance', array('pageId' => $this->pageId, 'level' => ACCESS_EDIT))) {
throw new Zikula_Exception_Forbidden(LogUtil::getErrorMsgPermission());
}
} else {
if (!SecurityUtil::checkPermission('Content:page:', $this->pageId . '::', ACCESS_EDIT)) {
throw new Zikula_Exception_Forbidden(LogUtil::getErrorMsgPermission());
}
}
$page = ModUtil::apiFunc('Content', 'Page', 'getPage', array('id' => $this->pageId, 'editing' => false, 'filter' => array('checkActive' => false), 'enableEscape' => true, 'translate' => false, 'includeContent' => false, 'includeCategories' => false));
if ($page === false) {
return $this->view->registerError(null);
}
$versionscnt = ModUtil::apiFunc('Content', 'History', 'getPageVersionsCount', array('pageId' => $this->pageId));
$versions = ModUtil::apiFunc('Content', 'History', 'getPageVersions', array('pageId' => $this->pageId, 'offset' => $offset));
if ($versions === false) {
return $this->view->registerError(null);
}
$this->view->assign('page', $page);
$this->view->assign('versions', $versions);
Content_Util::contentAddAccess($this->view, $this->pageId);
// Assign the values for the smarty plugin to produce a pager
$this->view->assign('numitems', $versionscnt);
PageUtil::setVar('title', $this->__("Page history") . ' : ' . $page['title']);
if (!$this->view->isPostBack() && FormUtil::getPassedValue('back', 0)) {
$this->backref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : null;
}
return true;
}
public function handleCommand(Zikula_Form_View $view, &$args)
{
if (!SecurityUtil::checkPermission('Content:page:', '::', ACCESS_ADD)) {
throw new Zikula_Exception_Forbidden($this->__('Error! You have not been granted access to create pages.'));
}
if ($args['commandName'] == 'create') {
$pageData = $this->view->getValues();
$validators = $this->notifyHooks(new Zikula_ValidationHook('content.ui_hooks.pages.validate_edit', new Zikula_Hook_ValidationProviders()))->getValidators();
if (!$validators->hasErrors() && $this->view->isValid()) {
$id = ModUtil::apiFunc('Content', 'Page', 'newPage', array('page' => $pageData, 'pageId' => $this->pageId, 'location' => $this->location));
if ($id === false) {
return false;
}
// notify any hooks they may now commit the as the original form has been committed.
$objectUrl = new Zikula_ModUrl('Content', 'user', 'view', ZLanguage::getLanguageCode(), array('pid' => $this->pageId));
$this->notifyHooks(new Zikula_ProcessHook('content.ui_hooks.pages.process_edit', $this->pageId, $objectUrl));
} else {
return false;
}
$url = ModUtil::url('Content', 'admin', 'editPage', array('pid' => $id));
} else {
if ($args['commandName'] == 'cancel') {
$id = null;
$url = ModUtil::url('Content', 'admin', 'main');
}
}
return $this->view->redirect($url);
}
/**
* Implement permissions checks in a template.
*
* Available attributes:
* - component (string) The component to be tested, e.g., 'ModuleName::'
* - instance (string) The instance to be tested, e.g., 'name::1'
* - level (int) The level of access required, e.g., ACCESS_READ
*
* Example:
* <pre>
* {secauthaction_block component='News::' instance='1::' level=ACCESS_COMMENT}
* do some stuff now that we have permission
* {/secauthaction_block}
* </pre>.
*
* @param array $params All attributes passed to this function from the template.
* @param string $content The content between the block tags.
* @param Smarty &$smarty Reference to the {@link Zikula_View} object.
*
* @return mixed The content of the block, if the user has the specified
* access level for the component and instance, otherwise null;
* false on an error.
*
* @deprecated See {@link smarty_block_securityutil_checkpermission_block}.
*/
function smarty_block_secauthaction_block($params, $content, &$smarty)
{
LogUtil::log(__f('Warning! Template block {%1$s} is deprecated, please use {%2$s} instead.', array('secauthaction_block', 'checkpermissionblock')), E_USER_DEPRECATED);
if (is_null($content)) {
return;
}
// check our input
if (!isset($params['component'])) {
$smarty->trigger_error(__f('Error! in %1$s: the %2$s parameter must be specified.', array('smarty_block_secauthaction_block', 'component')));
return false;
}
if (!isset($params['instance'])) {
$smarty->trigger_error(__f('Error! in %1$s: the %2$s parameter must be specified.', array('smarty_block_secauthaction_block', 'instance')));
return false;
}
if (!isset($params['level'])) {
$smarty->trigger_error(__f('Error! in %1$s: the %2$s parameter must be specified.', array('smarty_block_secauthaction_block', 'level')));
return false;
}
if (!SecurityUtil::checkPermission($params['component'], $params['instance'], constant($params['level']))) {
return;
}
return $content;
}
public function getlinks($args)
{
if (SecurityUtil::checkPermission('IWmessages::', '::', ACCESS_ADMIN)) {
$links[] = array('url' => ModUtil::url($this->name, 'admin', 'main'), 'text' => $this->__('Module configuration'),'class' => 'z-icon-es-config');
}
return $links;
}