static function page_bottom($theme) { $u_o = 1; if ($theme->item->owner_id != identity::active_user()->id && identity::active_user()->admin == 0) { $u_o = 0; } if ($u_o == 0 || $u_o == 1 && module::get_var("google_analytics", "owneradmin_hidden") == 0) { $google_code = ' <!-- Begin Google Analytics --> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(["_setAccount", "' . module::get_var("google_analytics", "code") . '"]); _gaq.push(["_trackPageview"]); (function() { var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true; ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s); })(); </script> <!-- End Google Analytics -->'; return $google_code; } }
static function required($perm_name, $item) { // Original code from the required function in modules/gallery/helpers/access.php. if (!access::can($perm_name, $item)) { if ($perm_name == "view") { // Treat as if the item didn't exist, don't leak any information. throw new Kohana_404_Exception(); } else { access::forbidden(); } // Begin rWatcher modifications. // Throw a 404 error when a user attempts to access a protected item, // unless the password has been provided, or the user is the item's owner. } elseif (module::get_var("albumpassword", "hideonly") == false) { $item_protected = ORM::factory("albumpassword_idcache")->where("item_id", "=", $item->id)->order_by("cache_id")->find_all(); if (count($item_protected) > 0) { $existing_password = ORM::factory("items_albumpassword")->where("id", "=", $item_protected[0]->password_id)->find(); if ($existing_password->loaded()) { if (cookie::get("g3_albumpassword") != $existing_password->password && identity::active_user()->id != $item->owner_id && !identity::active_user()->admin) { throw new Kohana_404_Exception(); } } } } }
static function get_email_form($user_id, $item_id = null) { // Determine name of the person the message is going to. $str_to_name = ""; if ($user_id == -1) { $str_to_name = module::get_var("contactowner", "contact_owner_name"); } else { // Locate the record for the user specified by $user_id, // use this to determine the user's name. $userDetails = ORM::factory("user")->where("id", "=", $user_id)->find_all(); $str_to_name = $userDetails[0]->name; } // If item_id is set, include a link to the item. $email_body = ""; if (!empty($item_id)) { $item = ORM::factory("item", $item_id); $email_body = "This message refers to <a href=\"" . url::abs_site("{$item->type}s/{$item->id}") . "\">this page</a>."; } // Make a new form with a couple of text boxes. $form = new Forge("contactowner/sendemail/{$user_id}", "", "post", array("id" => "g-contact-owner-send-form")); $sendmail_fields = $form->group("contactOwner"); $sendmail_fields->input("email_to")->label(t("To:"))->value($str_to_name)->id("g-contactowner-to-name"); $sendmail_fields->input("email_from")->label(t("From:"))->value(identity::active_user()->email)->id("g-contactowner-from-email")->rules('required|valid_email')->error_messages("required", t("You must enter a valid email address"))->error_messages("valid_email", t("You must enter a valid email address"))->error_messages("invalid", t("You must enter a valid email address")); $sendmail_fields->input("email_subject")->label(t("Subject:"))->value("")->id("g-contactowner-subject")->rules('required')->error_messages("required", t("You must enter a subject")); $sendmail_fields->textarea("email_body")->label(t("Message:"))->value($email_body)->id("g-contactowner-email-body")->rules('required')->error_messages("required", t("You must enter a message")); // Add a captcha, if there's an active captcha module. module::event("captcha_protect_form", $form); // Add a save button to the form. $sendmail_fields->submit("SendMessage")->value(t("Send")); return $form; }
public function change() { access::verify_csrf(); $active_provider = module::get_var("gallery", "identity_provider", "user"); $providers = identity::providers(); $new_provider = Input::instance()->post("provider"); if ($new_provider != $active_provider) { module::deactivate($active_provider); // Switch authentication identity::reset(); module::set_var("gallery", "identity_provider", $new_provider); module::install($new_provider); module::activate($new_provider); module::event("identity_provider_changed", $active_provider, $new_provider); module::uninstall($active_provider); message::success(t("Changed to %description", array("description" => $providers->{$new_provider}))); try { Session::instance()->destroy(); } catch (Exception $e) { // We don't care if there was a problem destroying the session. } url::redirect(item::root()->abs_url()); } message::info(t("The selected provider \"%description\" is already active.", array("description" => $providers->{$new_provider}))); url::redirect("admin/identity"); }
static function get($block_id, $theme) { if (identity::active_user()->guest) { return; } $block = ""; switch ($block_id) { case "untagged_photo": $attempts = 0; do { $item = item::random_query()->join("items_tags", "items.id", "items_tags.item_id", "left")->where("items.type", "!=", "album")->where("items_tags.item_id", "IS", null)->find_all(1)->current(); } while (!$item && $attempts++ < 3); if ($item && $item->loaded()) { $block = new Block(); $block->css_id = "g-tag-it-block"; $block->title = t("Tag it"); $block->content = new View("tag_it_block.html"); $block->content->item = $item; $form = new Forge("tags/create/{$item->id}", "", "post", array("id" => "g-tag-it-add-tag-form", "class" => "g-short-form")); $label = $item->is_album() ? t("Add tag to album") : ($item->is_photo() ? t("Add tag to photo") : t("Add tag to movie")); $group = $form->group("add_tag")->label("Add Tag"); $group->input("name")->label($label)->rules("required")->id("name"); $group->hidden("item_id")->value($item->id); $group->submit("")->value(t("Add Tag")); $block->content->form = $form; } break; } return $block; }
static function user_menu($menu, $theme) { $user = identity::active_user(); if ($user->guest) { $menu->append(Menu::factory("dialog")->id("user_menu_register")->css_id("g-register-menu")->url(url::site("register"))->label(t("Register"))); } }
/** * Shows a themed error page. * @see Kohana_Exception::handle */ private static function _show_themed_error_page(Exception $e) { // Create a text version of the exception $error = Kohana_Exception::text($e); // Add this exception to the log Kohana_Log::add('error', $error); // Manually save logs after exceptions Kohana_Log::save(); if (!headers_sent()) { if ($e instanceof Kohana_Exception) { $e->sendHeaders(); } else { header("HTTP/1.1 500 Internal Server Error"); } } $view = new Theme_View("page.html", "other", "error"); if ($e instanceof Kohana_404_Exception) { $view->page_title = t("Dang... Page not found!"); $view->content = new View("error_404.html"); $user = identity::active_user(); $view->content->is_guest = $user && $user->guest; if ($view->content->is_guest) { $view->content->login_form = new View("login_ajax.html"); $view->content->login_form->form = auth::get_login_form("login/auth_html"); // Avoid anti-phishing protection by passing the url as session variable. Session::instance()->set("continue_url", url::current(true)); } } else { $view->page_title = t("Dang... Something went wrong!"); $view->content = new View("error.html"); } print $view; }
public function create_comment_for_user_test() { $rand = rand(); $root = ORM::factory("item", 1); $admin = identity::admin_user(); $comment = comment::create($root, $admin, "text_{$rand}", "name_{$rand}", "email_{$rand}", "url_{$rand}"); $this->assert_equal($admin->full_name, $comment->author_name()); $this->assert_equal($admin->email, $comment->author_email()); $this->assert_equal($admin->url, $comment->author_url()); $this->assert_equal("text_{$rand}", $comment->text); $this->assert_equal(1, $comment->item_id); $this->assert_equal("REMOTE_ADDR", $comment->server_remote_addr); $this->assert_equal("HTTP_USER_AGENT", $comment->server_http_user_agent); $this->assert_equal("HTTP_ACCEPT", $comment->server_http_accept); $this->assert_equal("HTTP_ACCEPT_CHARSET", $comment->server_http_accept_charset); $this->assert_equal("HTTP_ACCEPT_ENCODING", $comment->server_http_accept_encoding); $this->assert_equal("HTTP_ACCEPT_LANGUAGE", $comment->server_http_accept_language); $this->assert_equal("HTTP_CONNECTION", $comment->server_http_connection); $this->assert_equal("HTTP_HOST", $comment->server_http_host); $this->assert_equal("HTTP_REFERER", $comment->server_http_referer); $this->assert_equal("HTTP_USER_AGENT", $comment->server_http_user_agent); $this->assert_equal("QUERY_STRING", $comment->server_query_string); $this->assert_equal("REMOTE_ADDR", $comment->server_remote_addr); $this->assert_equal("REMOTE_HOST", $comment->server_remote_host); $this->assert_equal("REMOTE_PORT", $comment->server_remote_port); $this->assert_true(!empty($comment->created)); }
/** * Create an album for the newly created user and give him view and edit permissions. */ static function user_created($user) { // Create a group with the same name, if necessary $group_name = "auto: {$user->name}"; $group = identity::lookup_group_by_name($group_name); if (!$group) { $group = identity::create_group($group_name); identity::add_user_to_group($user, $group); } // Create an album for the user, if it doesn't exist $album = ORM::factory("item")->where("parent_id", "=", item::root()->id)->where("name", "=", $user->name)->find(); if (!$album->loaded()) { $album->type = "album"; $album->name = $user->name; $album->title = "{$user->name}'s album"; $album->parent_id = item::root()->id; $album->sort_column = "weight"; $album->sort_order = "asc"; $album->save(); access::allow($group, "view", item::root()); access::allow($group, "view_full", $album); access::allow($group, "edit", $album); access::allow($group, "add", $album); } }
public function __construct($theme = null) { if (!identity::active_user()->admin) { access::forbidden(); } parent::__construct(); }
static function head($theme) { if (identity::active_user()->admin) { $theme->css("server_add.css"); $theme->script("server_add.js"); } }
public function upgrade() { if (php_sapi_name() == "cli") { // @todo this may screw up some module installers, but we don't have a better answer at // this time. $_SERVER["HTTP_HOST"] = "example.com"; } else { if (!identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) { access::forbidden(); } } $available = module::available(); // Upgrade gallery first $gallery = $available["gallery"]; if ($gallery->code_version != $gallery->version) { module::upgrade("gallery"); module::activate("gallery"); } // Then upgrade the rest foreach (module::available() as $id => $module) { if ($id == "gallery") { continue; } if ($module->active && $module->code_version != $module->version) { module::upgrade($id); } } if (php_sapi_name() == "cli") { print "Upgrade complete\n"; } else { url::redirect("upgrader"); } }
/** * Load the active theme. This is called at bootstrap time. We will only ever have one theme * active for any given request. */ static function load_themes() { $input = Input::instance(); $path = $input->server("PATH_INFO"); if (empty($path)) { $path = "/" . $input->get("kohana_uri"); } $config = Kohana_Config::instance(); $modules = $config->get("core.modules"); self::$is_admin = $path == "/admin" || !strncmp($path, "/admin/", 7); self::$site_theme_name = module::get_var("gallery", "active_site_theme"); if (self::$is_admin) { // Load the admin theme self::$admin_theme_name = module::get_var("gallery", "active_admin_theme"); array_unshift($modules, THEMEPATH . self::$admin_theme_name); // If the site theme has an admin subdir, load that as a module so that // themes can provide their own code. if (file_exists(THEMEPATH . self::$site_theme_name . "/admin")) { array_unshift($modules, THEMEPATH . self::$site_theme_name . "/admin"); } } else { // Admins can override the site theme, temporarily. This lets us preview themes. if (identity::active_user()->admin && ($override = $input->get("theme"))) { if (file_exists(THEMEPATH . $override)) { self::$site_theme_name = $override; } else { Kohana_Log::add("error", "Missing override theme: '{$override}'"); } } array_unshift($modules, THEMEPATH . self::$site_theme_name); } $config->set("core.modules", $modules); }
public function emailid($user_id) { // Display a form that a vistor can use to contact a registered user. // If this page is disabled, show a 404 error. if (module::get_var("contactowner", "contact_user_link") != true) { throw new Kohana_404_Exception(); } // Locate the record for the user specified by $user_id, // use this to determine the user's name. $userDetails = ORM::factory("user")->where("id", "=", $user_id)->find_all(); // Make a new form with a couple of text boxes. $form = new Forge("contactowner/sendemail", "", "post", array("id" => "g-contact-owner-send-form")); $sendmail_fields = $form->group("contactOwner"); $sendmail_fields->input("email_to")->label(t("To:"))->value($userDetails[0]->name); $sendmail_fields->input("email_from")->label(t("From:"))->value(identity::active_user()->email); $sendmail_fields->input("email_subject")->label(t("Subject:"))->value(""); $sendmail_fields->textarea("email_body")->label(t("Message:"))->value(""); $sendmail_fields->hidden("email_to_id")->value($user_id); // Add a save button to the form. $sendmail_fields->submit("SendMessage")->value(t("Send")); // Set up and display the actual page. $template = new Theme_View("page.html", "other", "Contact"); $template->content = new View("contactowner_emailform.html"); $template->content->sendmail_form = $form; print $template; }
static function context_menu($menu, $theme, $item) { $link = ORM::factory("bitly_link")->where("item_id", "=", $item->id)->find(); if (!$link->loaded() && $theme->item->owner->id == identity::active_user()->id) { $menu->get("options_menu")->append(Menu::factory("link")->id("bitly")->label(t("Shorten link with bit.ly"))->url(url::site("bitly/shorten/{$item->id}?csrf={$theme->csrf}"))->css_class("g-bitly-shorten ui-icon-link")); } }
static function site_menu($menu, $theme) { if (identity::active_user()->guest && module::get_var("registration", "policy") != "admin_only") { $menu->append(Menu::factory("dialog")->id("register_users")->label(t("Register"))->url(url::site("register"))); } return $menu; }
public function upgrade() { if (php_sapi_name() == "cli") { // @todo this may screw up some module installers, but we don't have a better answer at // this time. $_SERVER["HTTP_HOST"] = "example.com"; } else { if (!identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) { access::forbidden(); } try { access::verify_csrf(); } catch (Exception $e) { url::redirect("upgrader"); } } $available = module::available(); // Upgrade gallery first $gallery = $available["gallery"]; if ($gallery->code_version != $gallery->version) { module::upgrade("gallery"); module::activate("gallery"); } // Then upgrade the rest $failed = array(); foreach (module::available() as $id => $module) { if ($id == "gallery") { continue; } if ($module->active && $module->code_version != $module->version) { try { module::upgrade($id); } catch (Exception $e) { // @todo assume it's MODULE_FAILED_TO_UPGRADE for now $failed[] = $id; } } } // If the upgrade failed, this will get recreated site_status::clear("upgrade_now"); // Clear any upgrade check strings, we are probably up to date. site_status::clear("upgrade_checker"); if (php_sapi_name() == "cli") { if ($failed) { print "Upgrade completed ** WITH FAILURES **\n"; print "The following modules were not successfully upgraded:\n"; print " " . implode($failed, "\n ") . "\n"; print "Try getting newer versions or deactivating those modules\n"; } else { print "Upgrade complete\n"; } } else { if ($failed) { url::redirect("upgrader?failed=" . join(",", $failed)); } else { url::redirect("upgrader"); } } }
function is_admin() { if (identity::active_user()->admin) { print json_encode(array("result" => "success", "csrf" => access::csrf_token())); return; } print json_encode(array("result" => "failure")); }
static function site_menu($menu, $theme) { $item = $theme->item(); $user = identity::active_user(); if ($item && ($item->is_photo() || $item->is_movie()) && $user->admin) { $menu->get("options_menu")->append(Menu::factory("link")->id("ratingsclear")->label(t("Clear all ratings/votes"))->url(url::site("ratings/clear/{$theme->item->id}"))->css_class("g-dialog-link")->css_id("g-ratings")); } }
static function album_menu($menu, $theme) { // Make sure the user can view maps before displaying one. if (module::get_var("tagsmap", "restrict_maps") == true && identity::active_user()->guest) { return; } $menu->append(Menu::factory("link")->id("tagsmap")->label(t("View Map"))->url(url::site("tagsmap/googlemap/"))->css_id("g-tagsmap-link")); }
function is_admin() { if (identity::active_user()->admin) { json::reply(array("result" => "success", "csrf" => access::csrf_token())); return; } json::reply(array("result" => "failure")); }
static function site_menu($menu, $theme) { $item = $theme->item(); $paths = unserialize(module::get_var("server_add", "authorized_paths")); if ($item && identity::active_user()->admin && $item->is_album() && !empty($paths) && is_writable($item->is_album() ? $item->file_path() : $item->parent()->file_path())) { $menu->get("add_menu")->append(Menu::factory("dialog")->id("server_add")->label(t("Server add"))->url(url::site("server_add/browse/{$item->id}"))); } }
private function _get_form($item) { $view = new View("permissions_form.html"); $view->item = $item; $view->groups = identity::groups(); $view->permissions = ORM::factory("permission")->find_all(); return $view; }
public function deleting_an_item_deletes_its_comments_too_test() { $rand = rand(); $album = album::create(ORM::factory("item", 1), "test_{$rand}", "test_{$rand}"); $comment = comment::create($album, identity::guest(), "text_{$rand}", "name_{$rand}", "email_{$rand}", "url_{$rand}"); $album->delete(); $deleted_comment = ORM::factory("comment", $comment->id); $this->assert_false($deleted_comment->loaded); }
private static function _show_form($form) { $view = new Theme_View("page.html", "other", "reauthenticate"); $view->page_title = t("Re-authenticate"); $view->content = new View("reauthenticate.html"); $view->content->form = $form; $view->content->user_name = identity::active_user()->name; print $view; }
/** * Load the active theme. This is called at bootstrap time. We will only ever have one theme * active for any given request. */ static function load_themes() { $input = Input::instance(); $path = $input->server("PATH_INFO"); if (empty($path)) { $path = "/" . $input->get("kohana_uri"); } $config = Kohana_Config::instance(); $modules = $config->get("core.modules"); // Normally Router::find_uri() strips off the url suffix for us, but we're working off of the // PATH_INFO here so we need to strip it off manually if ($suffix = Kohana::config("core.url_suffix")) { $path = preg_replace("#" . preg_quote($suffix) . "\$#u", "", $path); } self::$is_admin = $path == "/admin" || !strncmp($path, "/admin/", 7); self::$site_theme_name = module::get_var("gallery", "active_site_theme"); // If the site theme doesn't exist, fall back to wind. if (!file_exists(THEMEPATH . self::$site_theme_name . "/theme.info")) { site_status::error(t("Theme '%name' is missing. Falling back to the Wind theme.", array("name" => self::$site_theme_name)), "missing_site_theme"); module::set_var("gallery", "active_site_theme", self::$site_theme_name = "wind"); } if (self::$is_admin) { // Load the admin theme self::$admin_theme_name = module::get_var("gallery", "active_admin_theme"); // If the admin theme doesn't exist, fall back to admin_wind. if (!file_exists(THEMEPATH . self::$admin_theme_name . "/theme.info")) { site_status::error(t("Admin theme '%name' is missing! Falling back to the Wind theme.", array("name" => self::$admin_theme_name)), "missing_admin_theme"); module::set_var("gallery", "active_admin_theme", self::$admin_theme_name = "admin_wind"); } array_unshift($modules, THEMEPATH . self::$admin_theme_name); // If the site theme has an admin subdir, load that as a module so that // themes can provide their own code. if (file_exists(THEMEPATH . self::$site_theme_name . "/admin")) { array_unshift($modules, THEMEPATH . self::$site_theme_name . "/admin"); } // Admins can override the site theme, temporarily. This lets us preview themes. if (identity::active_user()->admin && ($override = $input->get("theme"))) { if (file_exists(THEMEPATH . $override)) { self::$admin_theme_name = $override; array_unshift($modules, THEMEPATH . self::$admin_theme_name); } else { Kohana_Log::add("error", "Missing override admin theme: '{$override}'"); } } } else { // Admins can override the site theme, temporarily. This lets us preview themes. if (identity::active_user()->admin && ($override = $input->get("theme"))) { if (file_exists(THEMEPATH . $override)) { self::$site_theme_name = $override; } else { Kohana_Log::add("error", "Missing override site theme: '{$override}'"); } } array_unshift($modules, THEMEPATH . self::$site_theme_name); } $config->set("core.modules", $modules); }
/** * If Gallery is in maintenance mode, then force all non-admins to get routed to a "This site is * down for maintenance" page. */ static function maintenance_mode() { $maintenance_mode = Kohana::config("core.maintenance_mode", false, false); if (Router::$controller != "login" && !empty($maintenance_mode) && !identity::active_user()->admin) { Router::$controller = "maintenance"; Router::$controller_path = MODPATH . "gallery/controllers/maintenance.php"; Router::$method = "index"; } }
static function delete($request) { if (!identity::active_user()->admin) { access::forbidden(); } $comment = rest::resolve($request->url); access::required("edit", $comment->item()); $comment->delete(); }
public function index() { if (!identity::active_user()->admin) { url::redirect(item::root()->abs_url()); } $v = new View("welcome_message.html"); $v->user = identity::active_user(); print $v; }
/** * remove the default login link and use our own */ static function user_menu($menu, $theme) { $user = identity::active_user(); if ($user->guest) { // disable the default login $menu->remove('user_menu_login'); // add ours $menu->append(Menu::factory("dialog")->id("user_menu_pam")->css_id("g-pam-menu")->url(url::site("pam/ajax"))->label(t("Login"))); } }