public static function kickout_non_admin($url = 'index.php')
 {
     self::create_user();
     if ($_SESSION[Config::$sitename]['user']['logged_in'] == false || $_SESSION[Config::$sitename]['user']['is_admin'] == false) {
         URL::redirect($url);
     }
 }
 public function internalAction()
 {
     $this->_view->_title = 'Internal Group Management';
     if (isset($_GET['team']) && trim($_GET['team']) != '') {
         if (isset($_POST['group_form']) && !empty($_POST['group_form'])) {
             $this->_view->colUser = $this->_model->listTeamUser($_GET['team'], $_POST['group_form']);
         } else {
             if (!isset($_GET['date_from']) && !isset($_GET['date_to'])) {
                 $arrayDefault = array('date_from' => date("d/m/Y"), 'date_to' => date("d/m/Y"));
                 $this->_view->colUser = $this->_model->listTeamUser($_GET['team'], $arrayDefault);
                 $this->_view->duration = $this->_model->getDuration('2', $arrayDefault, 'standard_duration');
                 $this->_view->chart = $this->_model->createChart($_GET['team'], $arrayDefault);
             } else {
                 if (isset($_GET['date_from']) && isset($_GET['date_to'])) {
                     $arrayDate = array('date_from' => $_GET['date_from'], 'date_to' => $_GET['date_to']);
                     $this->_view->colUser = $this->_model->listTeamUser($_GET['team'], $arrayDate);
                     $this->_view->duration = $this->_model->getDuration('2', $arrayDate, 'standard_duration');
                     $this->_view->chart = $this->_model->createChart($_GET['team'], $arrayDate);
                 } else {
                     $this->_view->colUser = $this->_model->listTeamUser($_GET['team']);
                 }
             }
         }
     } else {
         URL::redirect(URL::createLink('default', 'index', 'index'));
     }
     // CREATE CHART
     if (isset($_POST['group_form'])) {
         $this->_view->duration = $this->_model->getDuration('2', $_POST['group_form'], 'standard_duration');
         $this->_view->chart = $this->_model->createChart($_GET['team'], $_POST['group_form']);
     }
     $this->_view->render('group/internal');
 }
 public function loginAction()
 {
     $userInfo = Session::get('user');
     if ($userInfo['login'] == true && $userInfo['time'] + TIME_LOGIN >= time()) {
         URL::redirect('default', 'user', 'index');
     }
     $this->_view->_title = 'Login';
     if (@$this->_arrParam['form']['token'] > 0) {
         $validate = new Validate($this->_arrParam['form']);
         $email = $this->_arrParam['form']['email'];
         $password = md5($this->_arrParam['form']['password']);
         $query = "SELECT `id` FROM `user` WHERE `email` = '{$email}' AND `password` = '{$password}'";
         $validate->addRule('email', 'existRecord', array('database' => $this->_model, 'query' => $query));
         $validate->run();
         if ($validate->isValid() == true) {
             $infoUser = $this->_model->infoItem($this->_arrParam);
             $arraySession = array('login' => true, 'info' => $infoUser, 'time' => time(), 'group_acp' => $infoUser['group_acp']);
             Session::set('user', $arraySession);
             URL::redirect('default', 'user', 'index');
         } else {
             $this->_view->errors = $validate->showErrorsPublic();
         }
     }
     $this->_view->render('index/login');
 }
 public function short_url__redirect()
 {
     $shortcode = Request::get('shortcode');
     $url = $this->core->expand($shortcode);
     if ($url != NULL) {
         URL::redirect($url);
     }
 }
Beispiel #5
0
 public static function checkRefreshPage($value, $module, $controller, $action, $params = null)
 {
     if (Session::get('token') == $value) {
         Session::delete('token');
         URL::redirect($module, $controller, $action);
     } else {
         Session::set('token', $value);
     }
 }
 public function deleteAction()
 {
     $permission = isset($_SESSION['user']) && $_SESSION['user']['info']['admin_control'] == true ? true : false;
     if ($permission == true) {
         $this->_view->_title = 'Delete | User';
         $this->_view->message = '';
         if (isset($_GET['id'])) {
             $this->_view->message = $this->_model->processDelete($_GET['id']);
         }
         $this->_view->render('user/delete', true);
     } else {
         URL::redirect(URL::createLink('default', 'error', 'index', array('type' => 'not-url')));
     }
 }
 public function editAction()
 {
     $permission = isset($_SESSION['user']) && $_SESSION['user']['info']['admin_control'] == true ? true : false;
     if ($permission == true) {
         $this->_view->_title = 'Edit | Team';
         if (isset($_GET['id'])) {
             $this->_view->_arrayTeam = $this->_model->arrayEdit($_GET['id']);
         }
         if (isset($_POST['editTeam']) && isset($_GET['id'])) {
             $this->_view->_result = $this->_model->processEdit($_POST['editTeam'], $_GET['id']);
             URL::redirect(URL::createLink('default', 'team', 'edit', array('id' => $_GET['id'])));
         }
         $this->_view->render('team/edit', true);
     } else {
         URL::redirect(URL::createLink('default', 'error', 'index', array('type' => 'not-url')));
     }
 }
Beispiel #8
0
 private function callMethod()
 {
     $actionName = $this->_params['action'] . 'Action';
     if (method_exists($this->_controllerObject, $actionName) == true) {
         $module = $this->_params['module'];
         $controller = $this->_params['controller'];
         $action = $this->_params['action'];
         $requestURL = $module . "-" . $controller . "-" . $action;
         $userInfo = Session::get('user');
         $logged = $userInfo['login'] == true && $userInfo['time'] + TIME_LOGIN >= time();
         // MODULE ADMIN
         if ($module == 'admin') {
             if ($logged == true) {
                 if ($userInfo['group_acp'] == 1) {
                     //if(in_array($requestURL, $userInfo['info']['privilege'])==true){
                     $this->_controllerObject->{$actionName}();
                     //}else{
                     //	URL::redirect('default', 'index', 'notice', array('type' => 'not-permission'));
                     //}
                 } else {
                     URL::redirect('default', 'index', 'notice', array('type' => 'not-permission'));
                 }
             } else {
                 $this->callLoginAction($module);
             }
             // MODULE DEFAULT
         } else {
             if ($module == 'default') {
                 if ($controller == 'user') {
                     if ($logged == true) {
                         $this->_controllerObject->{$actionName}();
                     } else {
                         $this->callLoginAction($module);
                     }
                 } else {
                     $this->_controllerObject->{$actionName}();
                 }
             }
         }
         //$this->_controllerObject->$actionName();
     } else {
         //$this->_error();
         URL::redirect('default', 'index', 'notice', array('type' => 'not-url'));
     }
 }
 public function require_password()
 {
     $password_list = trim($this->fetchParam('allowed', '', null, false, false));
     $passwords = explode('|', $password_list);
     $password_url = $this->fetch('password_url', null, null, false, false);
     $no_access_url = $this->fetch('no_access_url', '/', null, false, false);
     $return_variable = $this->fetch('return_variable', 'return', null, false, false);
     // no passwords set? this is OK
     if (!$password_list) {
         return;
     }
     // determine form URL
     $form_url = Helper::pick($password_url, $no_access_url);
     if (!$this->tasks->hasPassword(URL::getCurrent(), $passwords)) {
         URL::redirect(URL::appendGetVariable($form_url, $return_variable, URL::getCurrent()), 302);
         exit;
     }
 }
 public function orderAction()
 {
     $cart = Session::get('cart');
     $bookID = $this->_arrParam['book_id'];
     $price = $this->_arrParam['price'];
     if (empty($cart)) {
         $cart['quantity'][$bookID] = 1;
         $cart['price'][$bookID] = $price;
     } else {
         if (array_key_exists($bookID, $cart['quantity'])) {
             $cart['quantity'][$bookID] += 1;
             $cart['price'][$bookID] = $price * $cart['quantity'][$bookID];
         } else {
             $cart['quantity'][$bookID] = 1;
             $cart['price'][$bookID] = $price;
         }
     }
     Session::set('cart', $cart);
     URL::redirect('default', 'book', 'detail', array('book_id' => $bookID));
 }
 public function protect__password()
 {
     // grab values
     $token = filter_input(INPUT_POST, 'token', FILTER_SANITIZE_STRING);
     $return = filter_input(INPUT_POST, 'return', FILTER_SANITIZE_STRING);
     $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
     $referrer = $_SERVER['HTTP_REFERER'];
     // validate token
     if (!$this->tokens->validate($token)) {
         $this->flash->set('error', 'Invalid token passed, please try again.');
         URL::redirect($referrer);
     }
     // check password matches a password from return text
     if (!$this->tasks->isValidPassword($return, $password)) {
         $this->flash->set('error', 'Incorrect password.');
         URL::redirect($referrer);
     }
     // store this password in the session
     $this->tasks->addPassword($return, $password);
     // redirect to the URL
     URL::redirect($return);
 }
Beispiel #12
0
 private function callMethod()
 {
     $actionName = $this->_params['action'] . 'Action';
     if (method_exists($this->_controllerObject, $actionName) == true) {
         $module = $this->_params['module'];
         $controller = $this->_params['controller'];
         $action = $this->_params['action'];
         $requestURL = $module . "-" . $controller . "-" . $action;
         $userInfo = Session::get('user');
         $logged = $userInfo['login'] == true && $userInfo['time'] + TIME_LOGIN >= time();
         // MODULE ADMIN
         if ($logged == true) {
             $this->_controllerObject->{$actionName}();
         } else {
             $this->callLoginAction();
         }
         //$this->_controllerObject->$actionName();
     } else {
         //$this->_error();
         URL::redirect(URL::createLink('default', 'error', 'index', array('type' => 'not-url')));
     }
 }
 public function indexAction()
 {
     $this->_view->_title = 'Personal Management';
     $totalItems = $this->_model->countItem($this->_arrParam, null);
     $configPagination = array('totalItemsPerPage' => 5, 'pageRange' => 2);
     $this->setPagination($configPagination);
     $this->_view->pagination = new Pagination($totalItems, $this->_pagination);
     //$this->_view->Items    				= 		$this->_model->listItems($this->_arrParam, null);
     // Process Maintenance Data
     //$this->_view->arrayMaintenance 		= 		$this->_model->processMaintenance();
     // Process Newton Data
     //$this->_view->arrayNewtonDetail 	=		$this->_model->processNewtonDetail();
     //$this->_view->arrayNewton 			=		$this->_model->processNewton();
     // Process Newcoding Detail
     //$this->_view->arrayNewCodingDetail 	=		$this->_model->processNewCodingDetail();
     //$this->_view->arrayNewCoding 			=		$this->_model->processNewCoding();
     // Process Domestic Data
     //$this->_view->arrayDomestic 			=		$this->_model->processDomestic();
     // Process FC Data
     //$this->_view->arrayFcDetail 			=		$this->_model->processFcDetail();
     //$this->_view->arrayFc 					=		$this->_model->processFc();
     // Process Other
     //$this->_view->arrayOther 				=		$this->_model->processOther();
     // Process Research
     //$this->_view->arrayResearch 			=		$this->_model->processResearch();
     // Process Worktime
     //$this->_view->arrayWorktime 			=		$this->_model->processWorkTime();
     $this->_model->importMaintenance();
     $this->_model->importNewton();
     $this->_model->importDomestic();
     $this->_model->importFC();
     $this->_model->importOther();
     $this->_model->importResearch();
     $this->_model->importNewCoding();
     $this->_model->importWorkTime();
     URL::redirect(URL::createLink('default', 'index', 'index'));
     $this->_view->render('import/index', true);
 }
Beispiel #14
0
 function show()
 {
     $cols = $this->cols();
     $rows = $this->rows();
     $table = $this->table();
     $link = $this->link();
     echo '<form action="#" method="get">';
     echo '<span>';
     foreach ($_GET as $key => $value) {
         echo '<input type="hidden" name="' . $key . '" value="' . $value . '"/>';
     }
     echo '</span>';
     echo '<table cellspacing="0" cellpadding="0" class="db">';
     $order = isset($_GET['orderby']) ? $_GET['orderby'] : 'bug_id DESC';
     echo '<tr class="header">';
     foreach ($cols as $name => $column) {
         if ($column['title'] == "") {
             $title = humantitle($name);
         } else {
             $title = $column['title'];
         }
         echo '<th>';
         $by = $order == $name ? $name . ' DESC' : $name;
         echo '<a href="' . URL::redirect('#', array('orderby' => $by)) . '" class="header">';
         echo '<div class="full">' . $title . '</div>';
         echo '</a>';
         echo '</th>';
     }
     echo '</tr>';
     echo '<tr class="filter">';
     foreach ($cols as $name => $cfg) {
         echo '<td>';
         switch ($cfg['filter']) {
             case 'search':
                 echo '<input type="text" name="filter_' . $name . '" class="full" />';
                 echo '<span><input type="hidden" name="f_' . $name . '_type" value="search" /></span>';
                 break;
             case 'submit':
                 echo '<input class="full" type="submit" value="Filter" />';
                 break;
             default:
             case 'select':
                 echo '<select name="filter_' . $name . '" class="full">';
                 echo '<option value="">No Filter</option>';
                 $query = "SELECT DISTINCT {$name} FROM {$table} ORDER BY {$name}";
                 $result = mysql_query($query) or die('MySQL Error: ' . mysql_error());
                 while ($row = mysql_fetch_array($result)) {
                     echo '<option value="' . $row[$name] . '"' . ($_GET['filter_' . $name] == $row[$name] ? ' selected="selected"' : '') . '>' . $this->rename($name, $row[$name]) . '</option>';
                 }
                 echo '</select>';
                 break;
         }
         echo '</td>';
     }
     echo '</tr>';
     for ($i = 0; $i < count($rows); $i++) {
         echo '<tr class="row r_' . $x++ % 2 . '">';
         foreach ($rows[$i] as $name => $value) {
             $value = $this->rename($name, $value);
             if ($_GET['f_' . $name . '_type'] == 'search') {
                 $value = str_replace($_GET['filter_' . $name], '<span class="found">' . $_GET['filter_' . $name] . '</span>', $value);
             }
             echo '<td class="row"';
             if ($cols[$name]['css'] != "") {
                 echo ' style="' . $cols[$name]['css'] . '"';
             }
             echo '><a class="normal" href="?show=' . $link . '&amp;id=' . $rows[$i][$this->idcol] . '"><div class="full">' . $value . '</div></a></td>';
         }
         echo '</tr>';
     }
     echo '<tr class="footer"><td colspan="' . count($cols) . '">';
     $this->pager->display();
     echo '</td></tr>';
     echo '</table>';
     echo '</form>';
 }
 public function member__reset_password()
 {
     $site_root = Config::getSiteRoot();
     $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
     $password_confirm = filter_input(INPUT_POST, 'password_confirmation', FILTER_SANITIZE_STRING);
     $token = filter_input(INPUT_POST, 'token', FILTER_SANITIZE_STRING);
     $hash = filter_input(INPUT_POST, 'hash', FILTER_SANITIZE_STRING);
     $referrer = $_SERVER['HTTP_REFERER'];
     // validate form token
     if (!$this->tokens->validate($token)) {
         $this->flash->set('reset_password_error', 'Invalid token.');
         URL::redirect($referrer);
     }
     // bail if cache doesnt exist or if its too old.
     // this should have been caught on the page itself,
     // but if it got submitted somehow, just redirect and the error logic will be in the plugin.
     if (!$this->cache->exists($hash) || $this->cache->getAge($hash) > $this->fetchConfig('reset_password_age_limit', 20, 'is_numeric') * 60) {
         URL::redirect($referrer);
     }
     // password check
     if (is_null($password) || $password == '') {
         $this->flash->set('reset_password_error', 'Password cannot be blank.');
         URL::redirect($referrer);
     }
     // password confirmation check
     if (!is_null($password_confirm) && $password !== $password_confirm) {
         $this->flash->set('reset_password_error', 'Passwords did not match.');
         URL::redirect($referrer);
     }
     // get username
     $cache = $this->cache->getYAML($hash);
     $username = $cache['username'];
     // change password
     $member = Member::load($username);
     $member->set('password', $password);
     $member->save();
     // delete used cache
     $this->cache->delete($hash);
     // redirect
     URL::redirect(array_get($cache, 'return', $this->fetchConfig('member_home', $site_root, null, false, false)));
 }
Beispiel #16
0
 public function logout()
 {
     URL::redirect($this->logout_url());
 }
 public function reset_password_form()
 {
     $data = array();
     $errors = array();
     // parse parameters and vars
     $attr_string = '';
     $site_root = Config::getSiteRoot();
     $logged_in_redirect = $this->fetchParam('logged_in_redirect', $this->fetchConfig('member_home', $site_root), null, false, false);
     $attr = $this->fetchParam('attr', false);
     $hash = filter_input(INPUT_GET, 'H', FILTER_SANITIZE_URL);
     // is user already logged in? forward as needed
     if (Auth::isLoggedIn()) {
         URL::redirect($logged_in_redirect, 302);
     }
     // no hash in URL?
     if (!$hash) {
         $errors[] = Localization::fetch('reset_password_url_invalid');
         $data['url_invalid'] = true;
     }
     if (count($errors) == 0) {
         // cache file doesn't exist or is too old
         if (!$this->cache->exists($hash) || $this->cache->getAge($hash) > $this->fetchConfig('reset_password_age_limit') * 60) {
             $errors[] = Localization::fetch('reset_password_url_expired');
             $data['expired'] = true;
         }
         // flash errors
         if ($flash_error = $this->flash->get('reset_password_error')) {
             $errors[] = $flash_error;
         }
     }
     // set up attributes
     if ($attr) {
         $attributes_array = Helper::explodeOptions($attr, true);
         foreach ($attributes_array as $key => $value) {
             $attr_string .= ' ' . $key . '="' . $value . '"';
         }
     }
     // errors
     $data['errors'] = $errors;
     // set up form HTML
     $html = '<form method="post" action="' . Path::tidy($site_root . "/TRIGGER/member/reset_password") . '" ' . $attr_string . '>';
     $html .= '<input type="hidden" name="token" value="' . $this->tokens->create() . '">';
     $html .= '<input type="hidden" name="hash" value="' . $hash . '">';
     $html .= Parse::template($this->content, $data);
     $html .= '</form>';
     // return that HTML
     return $html;
 }
<?php

# new_task.php
# 1. logic
$project = new Project();
$project->load(['slug' => Route::param('slug')]);
if (Input::posted()) {
    $task = new Task();
    $task->fill(Input::all());
    $task->user_id = Auth::user_id();
    $task->project_id = $project->id;
    if (Input::get('name') != "" || Input::get('description') != "") {
        $task->save();
    }
}
URL::redirect('/' . $project->slug);
Beispiel #19
0
 private function loginmember($visitor_ip)
 {
     global $db, $prefix, $user_prefix, $sec_code, $CPG_SESS;
     $username = Fix_Quotes($_POST['ulogin']);
     $result = $db->sql_query('SELECT user_id, username, user_password, user_level, theme FROM ' . $user_prefix . "_users WHERE username='******' AND user_id>1");
     if ($db->sql_numrows($result) < 1) {
         URL::redirect(URL::index('Your_Account&error=1&uname=' . urlencode(base64_encode($username))), true);
     }
     $setinfo = $db->sql_fetchrow($result, SQL_ASSOC);
     if ($setinfo['user_password'] != '' && $setinfo['user_level'] > 0) {
         $pass = md5($_POST['user_password']);
         if ($setinfo['user_password'] != $pass) {
             URL::redirect(URL::index('Your_Account&error=2'), true);
         }
         if ($sec_code & 2) {
             $gfxid = isset($_POST['gfxid']) ? $_POST['gfxid'] : 0;
             $code = $CPG_SESS['gfx'][$gfxid];
             $gfx_check = isset($_POST['gfx_check']) ? $_POST['gfx_check'] : '';
             if (strlen($gfx_check) < 2 || $code != $gfx_check) {
                 URL::redirect(URL::index('Your_Account&error=2'), true);
             }
         }
         $db->sql_query('DELETE FROM ' . $prefix . "_session WHERE host_addr={$visitor_ip} AND guest=1");
         unset($CPG_SESS['session_start']);
         $CPG_SESS['theme'] = $setinfo['theme'];
         return $this->setmemcookie($setinfo['user_id'], $pass, false);
     } else {
         if ($setinfo['user_level'] == 0) {
             URL::redirect(URL::index('Your_Account&profile=' . $setinfo['user_id']));
         } else {
             if ($setinfo['user_level'] == -1) {
                 URL::redirect(URL::index('Your_Account&profile=' . $setinfo['user_id']));
             }
         }
         URL::redirect(URL::index('Your_Account&error=2'), true);
     }
 }
Beispiel #20
0
  | http://www.dragonflycms.com                                       |
  | Dragonfly is released under the terms and conditions of the GNU   |
  | GPL version 2 or any later version                                |  
  +-------------------------------------------------------------------+
*/
if (!defined('ADMIN_PAGES')) {
    exit;
}
if (!can_admin('referers')) {
    die('Access Denied');
}
$pagetitle .= ' ' . _BC_DELIM . ' ' . _HTTPREFERERS;
global $bgcolor3, $db, $prefix;
if (isset($_GET['del']) && $_GET['del'] == 'all') {
    $db->sql_query('DELETE FROM ' . $prefix . '_referer');
    URL::redirect(URL::admin());
} else {
    require_once 'header.php';
    GraphicAdmin('_AMENU6');
    $result = $db->sql_query('SELECT url FROM ' . $prefix . '_referer');
    $bgcolor = '';
    if ($db->sql_numrows($result) > 0) {
        $cpgtpl->assign_vars(array('U_DELREFERERS' => URL::admin('&amp;del=all')));
        while (list($url) = $db->sql_fetchrow($result)) {
            $bgcolor = $bgcolor == '' ? ' style="background: ' . $bgcolor3 . '"' : '';
            $cpgtpl->assign_block_vars('referer', array('URL' => $url, 'CLR' => $bgcolor));
        }
        $cpgtpl->set_filenames(array('body' => 'admin/referers.html'));
        $cpgtpl->display('body');
        $cpgtpl->__destruct();
    } else {
Beispiel #21
0
            $db->sql_query("UPDATE " . $dl_prefix . "_screenshots \n\t\t\t\tSET did={$next_id} \n\t\t\t\tWHERE did={$mng_id}");
            if (can_admin($module_name)) {
                $time = time();
                $time_year = generate_date($time, 'Y');
                $time_month = generate_date($time, 'm');
                $db->sql_query("INSERT INTO " . $dl_prefix . "_stats \n\t\t\t\t(id, year, month, hits, views) \n\t\t\t\tVALUES \n\t\t\t\t('{$next_id}', '{$time_year}', '{$time_month}', 0, 0)");
            }
            if ($fields['version']) {
                $db->sql_query("INSERT INTO " . $dl_prefix . "_history \n\t\t\t\t(id, vers, author, date, comment) \n\t\t\t\tVALUES \n\t\t\t\t({$next_id}, '{$fields['version']}', '{$fields['submitter']}', " . time() . ", 'Initial Version')");
            }
            if (!can_admin($module_name)) {
                $d_queue = $db->sql_count($dl_prefix . '_downloads', "lid!='{$next_id}' AND active=2");
                cpg_error('Your download has been queued for review by an administrator<br /><br />At this time, we have <strong>' . $d_queue . '</strong> other downloads awaiting approval', _TB_INFO, URL::index('&file=manage&s=1', true, true));
            }
            DL_Cat::count_dl();
            URL::redirect(URL::index('&amp;file=details&amp;id=' . $next_id));
        }
    }
}
$cats = array();
DL_Cat::list_all($cats);
if (count($cats) < 1) {
    cpg_error('There are no categories in which you can add a download');
}
if (can_admin($module_name) || $dl_config['user_catparent']) {
    $selects = DL_Cat::selectbox($in['cat'], 'in[cat]', false);
} else {
    $selects = '<select class="set" name="in[cat]" id="in[cat]">
	<option selected="selected" label="none" value="none">select a category</option>';
    foreach ($cats as $cat) {
        if ($cat['level'] == 1) {
Beispiel #22
0
**********************************************/
if (!defined('CPG_NUKE')) {
    exit;
}
global $textcolor1, $textcolor2;
if (isset($_GET['sid'])) {
    $sid = intval($_GET['sid']);
} else {
    URL::redirect(URL::index());
}
$result = $db->sql_query('SELECT s.*, c.title as cattitle, t.topicimage, t.topictext FROM ' . $prefix . '_stories s
	LEFT JOIN ' . $prefix . '_stories_cat c ON c.catid=s.catid
	LEFT JOIN ' . $prefix . '_topics t ON t.topicid=s.topic 
	WHERE s.sid=' . $sid);
if ($db->sql_numrows($result) != 1) {
    URL::redirect(URL::index());
}
$story = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$db->sql_query('UPDATE ' . $prefix . '_stories 
	SET counter=counter+1 
	WHERE sid=' . $sid);
$pagetitle .= _NewsLANG . ' ' . _BC_DELIM . ' ' . $story['title'];
require_once 'includes/nbbcode.php';
$datetime = formatDateTime($story['time'], _DATESTRING);
$hometext = decode_bb_all($story['hometext'], 1, true);
$bodytext = decode_bb_all($story['bodytext'], 1, true);
$notes = decode_bb_all($story['notes'], 1, true);
if ($story['catid'] > 0) {
    $story['title'] = '<a href="' . URL::index('&amp;catid=' . $story['catid']) . '"><span class="storycat">' . $story['cattitle'] . '</span></a>: ' . $story['title'];
}
Beispiel #23
0
 /**
  * Edit topic
  *
  * @param  mixed  $topic_id
  * @param  mixed  $area_id
  */
 public function _topic_edit($topic_id, $area_id = false)
 {
     $this->history = false;
     $errors = array();
     $forum_topic = new Forum_Topic_Model((int) $topic_id);
     $forum_area = $forum_topic->loaded() ? $forum_topic->forum_area : new Forum_Area_Model((int) $area_id);
     if ($forum_topic->loaded()) {
         // Editing topic
         $editing = true;
         if (!$forum_topic->has_access(Forum_Topic_Model::ACCESS_EDIT)) {
             url::back('forum');
         }
     } else {
         if ($forum_area->loaded()) {
             // New topic
             $editing = false;
             if (!$forum_area->has_access(Forum_Area_Model::ACCESS_WRITE)) {
                 url::back('forum');
             }
         } else {
             // New topic in unknown area
             $errors[] = __('Area :area or topic :topic not found', array(':area' => (int) $area_id, ':topic' => (int) $topic_id));
         }
     }
     if (empty($errors)) {
         $forum_post = new Forum_Post_Model((int) $forum_topic->first_post_id);
         $form_errors = array();
         $form_values_topic = $forum_topic->as_array();
         $form_values_post = $forum_post->as_array();
         $form_topics = false;
         // Bound area?
         if ($forum_area->is_type(Forum_Area_Model::TYPE_BIND)) {
             // Get bind config and load topics
             $bind = Forum_Area_Model::binds($forum_area->bind);
             if ($editing) {
                 // Can't edit bound topic
                 $form_topics = array($forum_topic->bind_id => $forum_topic->name);
             } else {
                 // Try to load options from configured model
                 try {
                     $bind_topics = ORM::factory($bind['model'])->find_bind_topics($forum_area->bind);
                     $form_topics = array(0 => __('Choose..')) + $bind_topics;
                 } catch (Kohana_Exception $e) {
                     $form_topics = array();
                 }
             }
         }
         // Admin actions
         if ($editing && $forum_topic->has_access(Forum_Topic_Model::ACCESS_DELETE)) {
             $this->page_actions[] = array('link' => url::model($forum_topic) . '/delete/?token=' . csrf::token(), 'text' => __('Delete topic'), 'class' => 'topic-delete');
         }
         // Check post
         if ($post = $this->input->post()) {
             $post['forum_area_id'] = $forum_area->id;
             $topic = $post;
             if (isset($bind_topics)) {
                 $topic['name'] = arr::get($bind_topics, (int) $topic['bind_id'], '');
             }
             $post_extra = $topic_extra = array('author_id' => $this->user->id, 'author_name' => $this->user->username);
             if ($editing) {
                 $post_extra['modifies'] = (int) $forum_post->modifies + 1;
                 $post_extra['modified'] = date::unix2sql(time());
             }
             $post_extra['author_ip'] = $this->input->ip_address();
             $post_extra['author_host'] = $this->input->host_name();
             // validate post first and save topic if ok
             if (csrf::valid() && $forum_post->validate($post, false, $post_extra) && $forum_topic->validate($topic, true, $topic_extra)) {
                 // post
                 $forum_post->forum_topic_id = $forum_topic->id;
                 $forum_post->save();
                 if (!$editing) {
                     // topic
                     $forum_topic->first_post_id = $forum_post->id;
                     $forum_topic->last_post_id = $forum_post->id;
                     $forum_topic->last_poster = $this->user->username;
                     $forum_topic->last_posted = date::unix2sql(time());
                     $forum_topic->posts = 1;
                     $forum_topic->save();
                     // area
                     $forum_area->last_topic_id = $forum_topic->id;
                     $forum_area->posts += 1;
                     $forum_area->topics += 1;
                     $forum_area->save();
                     // user
                     $this->user->posts += 1;
                     $this->user->save();
                     // News feed
                     newsfeeditem_forum::topic($this->user, $forum_topic);
                 }
                 // redirect back to topic
                 URL::redirect(url::model($forum_topic));
             } else {
                 $form_errors = array_merge($post->errors(), is_object($topic) ? $topic->errors() : array());
             }
             $form_values_topic = arr::overwrite($form_values_topic, is_object($topic) ? $topic->as_array() : $topic);
             $form_values_post = arr::overwrite($form_values_post, $post->as_array());
         }
     }
     // Show form
     if (empty($errors)) {
         $this->breadcrumb[] = html::anchor(url::model($forum_area), text::title($forum_area->name));
         $this->page_title = $editing ? text::title($forum_topic->name) : __('New topic');
         $this->page_subtitle = __('Area :area', array(':area' => html::anchor(url::model($forum_area), text::title($forum_area->name), array('title' => strip_tags($forum_area->description)))));
         widget::add('head', html::script(array('js/jquery.markitup.pack', 'js/markitup.bbcode')));
         widget::add('main', View_Mod::factory('forum/topic_edit', array('topic' => $form_values_topic, 'topics' => $form_topics, 'post' => $form_values_post, 'errors' => $form_errors)));
     } else {
         $this->_error(__('Error'), $errors);
     }
     $this->_side_views();
 }
Beispiel #24
0
    } else {
        list($pos) = $db->sql_ufetchrow("SELECT pos FROM " . $prefix . "_modules_cat \n\t\t\tORDER BY pos DESC", SQL_NUM);
        $pos = empty($pos) ? 0 : $pos + 1;
        $db->sql_query("INSERT INTO " . $prefix . "_modules_cat (name, image, pos, link, link_type) VALUES ('" . Fix_Quotes($_POST['catname']) . "', '{$_POST['catimage']}', '{$pos}', '{$_POST['catlink']}', '{$_POST['lnktype']}')");
    }
    URL::redirect(URL::admin('cpgmm'));
} elseif ($mode == 'delcat' && intval($_GET['cid']) > 0) {
    $cid = intval($_GET['cid']);
    $result = $db->sql_query("SELECT name FROM " . $prefix . "_modules_cat WHERE cid=" . $cid);
    if ($db->sql_numrows($result) > 0) {
        $cat = $db->sql_fetchrow($result);
        if (isset($_GET['ok'])) {
            $db->sql_query("UPDATE " . $prefix . "_modules_links SET cat_id=0 WHERE cat_id=" . $cid);
            $db->sql_query("UPDATE " . $prefix . "_modules SET cat_id=0 WHERE cat_id=" . $cid);
            $db->sql_query("DELETE FROM " . $prefix . "_modules_cat WHERE cid=" . $cid);
            URL::redirect(URL::admin('cpgmm'));
        }
        $cat['name'] = defined($cat['name']) ? constant($cat['name']) : $cat['name'];
        $pagetitle .= ' ' . _BC_DELIM . ' Delete Category: ' . $cat['name'];
        require 'header.php';
        GraphicAdmin('_AMENU1');
        OpenTable();
        echo '<center>' . sprintf(_ERROR_DELETE_CONF, '<i>' . $cat['name'] . '</i>');
        echo '<br /><br />[ <a href="' . URL::admin('cpgmm') . '">' . _NO . '</a> | <a href="' . URL::admin("cpgmm&amp;cid={$cid}&amp;mode=delcat&amp;ok=1") . '">' . _YES . '</a> ]</center>';
        CloseTable();
    } else {
        cpg_error(_CPG_MMNOCAT);
    }
} else {
    if (Security::check_post() && isset($_POST['updatecpgmm']) && intval($_POST['id']) && intval($_POST['parent']) && intval($_POST['pos'])) {
        $cats = -1;
Beispiel #25
0
 if ($search_id == 'newposts' || $search_id == 'egosearch' || $search_author != '' && $search_keywords == '') {
     if ($search_id == 'newposts') {
         if (is_user()) {
             $sql = "SELECT post_id FROM " . POSTS_TABLE . " WHERE post_time >= " . $userdata['user_lastvisit'];
         } else {
             URL::redirect(URL::index('Your_Account'), true);
         }
         $show_results = 'topics';
         $sort_by = 0;
         $sort_dir = 'DESC';
     } else {
         if ($search_id == 'egosearch') {
             if (is_user()) {
                 $sql = "SELECT post_id FROM " . POSTS_TABLE . " WHERE poster_id = " . $userdata['user_id'];
             } else {
                 URL::redirect(URL::index('Your_Account'), true);
             }
             $show_results = 'topics';
             $sort_by = 0;
             $sort_dir = 'DESC';
         } else {
             if (preg_match('#^[\\*%]+$#', trim($search_author)) || preg_match('#^[^\\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author)))) {
                 $search_author = '';
             }
             $search_author = str_replace('*', '%', trim($search_author));
             $sql = "SELECT user_id FROM " . USERS_TABLE . "\n\t\t\t\t\tWHERE username LIKE '" . Fix_Quotes($search_author) . "'";
             if (!($result = $db->sql_query($sql))) {
                 message_die(GENERAL_ERROR, "Couldn't obtain list of matching users (searching for: {$search_author})", "", __LINE__, __FILE__, $sql);
             }
             $matching_userids = '';
             if ($row = $db->sql_fetchrow($result)) {
 public function orderingAction()
 {
     $this->_model->ordering($this->_arrParam);
     URL::redirect('admin', 'user', 'index');
 }
<?php 
# register.php
# 1. logic
if (Input::posted()) {
    $user = new User();
    $user->fill(Input::all());
    $user->password = password_hash($user->password, PASSWORD_DEFAULT);
    $user->save();
    Auth::log_in($user->id);
    URL::redirect('home');
}
# 2. views
include VIEWS . 'header.php';
include VIEWS . 'register.php';
include VIEWS . 'footer.php';
Beispiel #28
0
        }
        if (!isset($rated)) {
            $rated = _THANKSVOTEARTICLE;
            $rcookie[] = $sid;
            $db->sql_query("UPDATE " . $prefix . "_stories SET score=score+{$score}, ratings=ratings+1 WHERE sid={$sid}");
            $info = base64_encode(implode(':', $rcookie));
            setcookie('ratecookie', $info, time() + 3600, $MAIN_CFG['cookie']['path']);
        }
        cpg_error($rated, _ARTICLERATING, URL::index('News&file=article&sid=' . $sid));
    } else {
        cpg_error(_DIDNTRATE, _ARTICLERATING);
    }
}
$sid = isset($_POST['sid']) ? intval($_POST['sid']) : (isset($_GET['sid']) ? intval($_GET['sid']) : 0);
if ((isset($_POST['postreply']) || isset($_POST['preview']) || isset($_GET['reply']) || isset($_GET['comment'])) && (!$MAIN_CFG['global']['articlecomm'] || $db->sql_count($prefix . '_stories', "sid={$sid} AND acomm=0"))) {
    URL::redirect(URL::index('&amp;file=article&amp;sid=' . $sid));
}
require_once "modules/{$module_name}/comments.php";
if (isset($_POST['postreply'])) {
    replyPost($sid);
    // store the reply
} else {
    if (isset($_GET['reply'])) {
        reply($sid);
        // reply to comment
    } elseif (isset($_POST['preview'])) {
        replyPreview($sid);
        // Preview the reply before storage
    } else {
        if (isset($_GET['comment'])) {
            // Show comment X
 public function orderingAction()
 {
     $this->_model->ordering($this->_arrParam);
     URL::redirect(URL::createLink('admin', 'group', 'index'));
 }
Beispiel #30
0
    if (!isset($groups)) {
        global $db, $prefix;
        $groups = array(0 => _NL_ALLUSERS, 1 => _SUBSCRIBEDUSERS, 2 => _NL_ADMINS);
        $groupsResult = $db->sql_query("SELECT group_id, group_name FROM " . $prefix . "_bbgroups WHERE group_single_user=0");
        while (list($groupID, $groupName) = $db->sql_fetchrow($groupsResult)) {
            $groups[$groupID + 2] = $groupName;
        }
    }
    $tmpgroups = $groups;
    return select_box($fieldname, $current, $tmpgroups);
}
$subject = isset($_POST['subject']) ? $_POST['subject'] : '';
$content = isset($_POST['content']) ? $_POST['content'] : '';
$group = isset($_POST['group']) ? intval($_POST['group']) : 1;
if (isset($_POST['discard'])) {
    URL::redirect(URL::admin('newsletter'));
} elseif (isset($_POST['send'])) {
    $subject = $_POST['subject'];
    $n_group = intval($_POST['n_group']);
    if (empty($subject)) {
        cpg_error(sprintf(_ERROR_NOT_SET, _SUBJECT));
    }
    if (empty($content)) {
        cpg_error(sprintf(_ERROR_NOT_SET, _CONTENT));
    }
    ignore_user_abort(true);
    if ($n_group == 0) {
        $query = 'SELECT username, user_email FROM ' . $user_prefix . '_users WHERE user_level > 0 AND user_id > 1';
        $count = $db->sql_count($user_prefix . '_users WHERE user_level > 0 AND user_id > 1');
    } elseif ($n_group == 2) {
        $query = 'SELECT aid, email FROM ' . $prefix . '_admins';