LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
require_once "../models/config.php";
set_error_handler('logAllErrors');
// User must be logged in
if (!isUserLoggedIn()) {
addAlert("danger", "You must be logged in to access this resource.");
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
// Create a new group with the specified name and home page id
// POST: group_name, home_page_id
$validator = new Validator();
$group_name = $validator->requiredPostVar('group_name');
$home_page_id = $validator->requiredPostVar('home_page_id');
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
//Forms posted
if ($group_name) {
if (!createGroup($group_name, $home_page_id)) {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
} else {
addAlert("danger", lang("PERMISSION_CHAR_LIMIT", array(1, 50)));
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
require_once "../../models/config.php";
require_once "../models/pm_functions.php";
set_error_handler('logAllErrors');
// User must be logged in
if (!isUserLoggedIn()) {
addAlert("danger", "You must be logged in to access this resource.");
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
$validate = new Validator();
// Add alerts for any failed input validation
foreach ($validate->errors as $error) {
addAlert("danger", $error);
}
$msg_id = $validate->optionalPostVar("msg_id");
$sender_id = $validate->requiredPostVar("sender_id");
$title = $validate->requiredPostVar("title");
if (!$msg_id) {
$receiver_name = $validate->requiredPostVar("receiver_name");
$receiver_info = fetchUserIdByDisplayname($receiver_name);
$receiver_id = $receiver_info['id'];
} else {
$receiver_id = $validate->requiredPostVar("receiver_name");
}
$message = $validate->requiredPostVar("message");
$csrf_token = $validate->requiredPostVar("csrf_token");
// Validate csrf token
if (!$csrf_token or !$loggedInUser->csrf_validate(trim($csrf_token))) {
addAlert("danger", lang("ACCESS_DENIED"));
if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true") {
echo json_encode(array("errors" => 1, "successes" => 0));
$ajax = checkRequestMode("post");
} else {
$ajax = checkRequestMode("get");
}
$validate = new Validator();
$confirm = $validate->optionalPostVar('token');
$initial = $validate->optionalPostVar('initial');
// User has a token and want to reset there password
// Fix code to set lost_password_request to 0 when new pass is set
if (!empty($confirm)) {
// Add alerts for any failed input validation
foreach ($validate->errors as $error) {
addAlert("danger", $error);
}
// Grab up the token and remove any whitespace
$token = $validate->requiredPostVar('token');
// Validate the token to make sure its valid
if ($token == "" || !validateLostPasswordToken($token)) {
$errors[] = lang("FORGOTPASS_INVALID_TOKEN");
} else {
// Set up variables for new password
$username = $validate->requiredPostVar('username');
$password = $validate->requiredPostVar('password');
$passwordc = $validate->requiredPostVar('passwordc');
//Fetch user details
$userdetails = fetchUserAuth('user_name', $username);
// Get the time stamp of the last request
$request_time = $userdetails["lost_password_timestamp"];
// Get the timeout value from the configuration table
global $token_timeout;
$current_token_life = time() - $request_time;
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
require_once "../models/config.php";
set_error_handler('logAllErrors');
// Request method: POST
$ajax = checkRequestMode("post");
// User must be logged in
checkLoggedInUser($ajax);
$validator = new Validator();
// Required: csrf_token, user_id
$csrf_token = $validator->requiredPostVar('csrf_token');
$user_id = $validator->requiredNumericPostVar('user_id');
$display_name = trim($validator->optionalPostVar('display_name'));
$email = str_normalize($validator->optionalPostVar('email'));
$title = trim($validator->optionalPostVar('title'));
$rm_groups = $validator->optionalPostVar('remove_groups');
$add_groups = $validator->optionalPostVar('add_groups');
$enabled = $validator->optionalPostVar('enabled');
$primary_group_id = $validator->optionalPostVar('primary_group_id');
// For updating passwords. The user's current password must also be included (passwordcheck) if they are resetting their own password.
$password = $validator->optionalPostVar('password');
$passwordc = $validator->optionalPostVar('passwordc');
$passwordcheck = $validator->optionalPostVar('passwordcheck');
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
require_once "../models/config.php";
set_error_handler('logAllErrors');
// Publically accessible API
// Request method: POST
$ajax = checkRequestMode("post");
//Forward the user to their default page if he/she is already logged in
if (isUserLoggedIn()) {
addAlert("warning", "You're already logged in!");
apiReturnError($ajax, getReferralPage());
}
$validate = new Validator();
$postedUsername = str_normalize($validate->requiredPostVar('username'));
global $email_login;
$isEmail = count(explode('@', $postedUsername));
if ($isEmail == 2 && $email_login == 1) {
$email = 1;
$email_address = $postedUsername;
} elseif ($isEmail == 1 && $email_login == 1) {
$email = 0;
$username = $postedUsername;
} else {
// ($email_login == 0){
$email = 0;
$username = $postedUsername;
}
$errors = array();
$password = $validate->requiredPostVar('password');
<?php
require_once "../models/config.php";
set_error_handler('logAllErrors');
// User must be logged in
if (!isUserLoggedIn()) {
addAlert("danger", "You must be logged in to access this resource.");
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
// Delete an action-permit mapping, specified by action_id
// POST: action_id, type = (user, group)
$validator = new Validator();
$action_id = $validator->requiredPostVar('action_id');
$type = $validator->requiredPostVar('type');
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
//Forms posted
if ($action_id && $type) {
if ($type == "user") {
if (!deleteUserActionPermit($action_id)) {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
} else {
if ($type == "group") {
if (!deleteGroupActionPermit($action_id)) {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
require_once "../models/config.php";
set_error_handler('logAllErrors');
// Request method: POST
$ajax = checkRequestMode("post");
// User must be logged in
checkLoggedInUser($ajax);
// POST: page_id, group_id, checked. if group_id is set to "private", will change private/public status of page.
$validator = new Validator();
$page_id = $validator->requiredPostVar('page_id');
$group_id = $validator->requiredPostVar('group_id');
$checked = $validator->requiredPostVar('checked');
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
if (count($validator->errors) > 0) {
apiReturnError($ajax, getReferralPage());
}
//Forms posted
if ($page_id !== null && $group_id !== null && $checked !== null) {
if (!updatePageGroupLink($page_id, $group_id, $checked)) {
apiReturnError($ajax, getReferralPage());
}
}
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
require_once "../models/config.php";
set_error_handler('logAllErrors');
// Request method: POST
$ajax = checkRequestMode("post");
// User must be logged in
checkLoggedInUser($ajax);
// Update an action_permit mapping for a user or group.
// POST: action_id, permit, [user_id, group_id]
$validator = new Validator();
$action_id = $validator->requiredPostVar('action_id');
$permit = $validator->requiredPostVar('permit');
$group_id = $validator->optionalPostVar('group_id');
$user_id = $validator->optionalPostVar('user_id');
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
if (count($validator->errors) > 0) {
apiReturnError($ajax, getReferralPage());
}
//Forms posted
if ($group_id) {
if (!updateGroupActionPermit($action_id, $group_id, $permit)) {
apiReturnError($ajax, getReferralPage());
}
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
// Create a new user.
require_once "../models/config.php";
set_error_handler('logAllErrors');
// Request method: POST
$ajax = checkRequestMode("post");
$validator = new Validator();
// POST: user_name, display_name, email, title, password, passwordc, [admin, add_groups, skip_activation, csrf_token]
// Check if request is from public or backend
$admin = $validator->optionalPostVar('admin');
if ($admin == "true") {
// Admin mode must be from a logged in user
checkLoggedInUser($ajax);
$csrf_token = $validator->requiredPostVar('csrf_token');
// Validate csrf token
checkCSRF($ajax, $csrf_token);
} else {
global $can_register;
if (!userIdExists('1')) {
addAlert("danger", lang("MASTER_ACCOUNT_NOT_EXISTS"));
apiReturnError($ajax, SITE_ROOT);
}
// If registration is disabled, send them back to the home page with an error message
if (!$can_register) {
addAlert("danger", lang("ACCOUNT_REGISTRATION_DISABLED"));
apiReturnError($ajax, SITE_ROOT);
}
//Prevent the user visiting the logged in page if he/she is already logged in
if (isUserLoggedIn()) {
<?php
require_once "../models/config.php";
set_error_handler('logAllErrors');
// User must be logged in
if (!isUserLoggedIn()) {
addAlert("danger", "You must be logged in to access this resource.");
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
// Create a new action_permit mapping for a user or group.
// POST: action_name, permit, [user_id, group_id]
$validator = new Validator();
$action_name = $validator->requiredPostVar('action_name');
$permit = $validator->requiredPostVar('permit');
$group_id = $validator->optionalPostVar('group_id');
$user_id = $validator->optionalPostVar('user_id');
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
//Forms posted
if ($group_id) {
if (!createGroupActionPermit($group_id, $action_name, $permit)) {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
} else {
if ($user_id) {
if (!createUserActionPermit($user_id, $action_name, $permit)) {
echo json_encode(array("errors" => 1, "successes" => 0));
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
require_once "../models/config.php";
set_error_handler('logAllErrors');
// Request method: POST
$ajax = checkRequestMode("post");
// User must be logged in
checkLoggedInUser($ajax);
$validator = new Validator();
$group_id = $validator->requiredPostVar('group_id');
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
if (count($validator->errors) > 0) {
apiReturnError($ajax, getReferralPage());
}
//Forms posted
if ($group_id) {
if (!deleteGroup($group_id)) {
apiReturnError($ajax, getReferralPage());
}
} else {
apiReturnError($ajax, getReferralPage());
}
* @version 0.1
* @link http://www.userfrosting.com/
* @link http://www.github.com/lilfade/UF-PMSystem/
*/
include '../../models/db-settings.php';
include '../../models/config.php';
require_once "../models/pm_functions.php";
set_error_handler('logAllErrors');
// User must be logged in
if (!isUserLoggedIn()) {
addAlert("danger", "You must be logged in to access this resource.");
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
$validator = new Validator();
$msg_id = $validator->requiredPostVar('msg_id');
$user_id = $loggedInUser->user_id;
$field = $validator->optionalPostVar('table');
// receiver_deleted or sender_deleted depending on inbox or outbox
$uid = $validator->optionalPostVar('action');
//receiver_id or sender_id depending on inbox or outbox
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
// Delete the pm from the user's view but not from the database entirely. This is not a true delete
if (!removePM($msg_id, $user_id, $field, $uid)) {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
} else {
addAlert("success", lang("PM_RECEIVER_DELETION_SUCCESSFUL", array('1')));
<?php
include '../models/db-settings.php';
include '../models/config.php';
set_error_handler('logAllErrors');
// User must be logged in
if (!isUserLoggedIn()) {
addAlert("danger", "You must be logged in to access this resource.");
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
// POST Parameters: user_id
$validator = new Validator();
$user_id = $validator->requiredPostVar('user_id');
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
// Cannot delete master account
if ($user_id == $master_account) {
addAlert("danger", lang("ACCOUNT_DELETE_MASTER"));
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
} else {
// Delete the user entirely. This action cannot be undone!
if (deleteUser($user_id)) {
addAlert("success", lang("ACCOUNT_DELETIONS_SUCCESSFUL", array('1')));
} else {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
* @copyright 2014 UserFrosting
* @version 0.2.0
* @link http://www.userfrosting.com/
*/
require_once "../models/config.php";
set_error_handler('logAllErrors');
// User must be logged in
if (!isUserLoggedIn()) {
addAlert("danger", "You must be logged in to access this resource.");
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
$validator = new Validator();
//Forms posted
if (isset($_POST)) {
$name = $validator->requiredPostVar('name');
$value = $validator->requiredPostVar('value');
$newSettings = $_POST;
}
if (!empty($newSettings)) {
// Check to see if this should be a binary or string value, update accordingly
if ($results = checkBinaryConfig($name)) {
// Assume binary data type, hack to simply change to new value rather then using value
if ($results[1] == 1) {
if (updateSitePluginSettings($name, 0)) {
$successes[] = lang("CONFIG_UPDATE_SUCCESSFUL");
}
} else {
if (updateSitePluginSettings($name, 1)) {
$successes[] = lang("CONFIG_UPDATE_SUCCESSFUL");
}
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
// This is the config file in the install directory.
require_once "config.php";
// Process POSTed site settings
$validator = new Validator();
$site_url_root = $validator->requiredPostVar('site_url');
$site_name = $validator->requiredPostVar('site_name');
$site_email = $validator->requiredPostVar('site_email');
$user_title = $validator->requiredPostVar('user_title');
// Check and see if email login should be enabled or disabled by default
if ($validator->optionalPostVar('select_email') == 'on') {
$selected_email = 1;
} else {
$selected_email = 0;
}
// Check and see if general registration should be enabled or disabled by default
if ($validator->optionalPostVar('can_register') == 'on') {
$selected_register = 1;
} else {
$selected_register = 0;
}
