public function save($module_name, $var_name)
{
access::verify_csrf();
module::set_var($module_name, $var_name, Input::instance()->post("value"));
message::success(t("Saved value for %var (%module_name)", array("var" => p::clean($var_name), "module_name" => $module_name)));
print json_encode(array("result" => "success"));
}
private function _send_reset()
{
$form = $this->_reset_form();
$valid = $form->validate();
if ($valid) {
$user = ORM::factory("user")->where("name", $form->reset->inputs["name"]->value)->find();
if (!$user->loaded || empty($user->email)) {
$form->reset->inputs["name"]->add_error("no_email", 1);
$valid = false;
}
}
if ($valid) {
$user->hash = md5(rand());
$user->save();
$message = new View("reset_password.html");
$message->confirm_url = url::abs_site("password/do_reset?key={$user->hash}");
$message->user = $user;
Sendmail::factory()->to($user->email)->subject(t("Password Reset Request"))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=iso-8859-1")->message($message->render())->send();
log::success("user", t("Password reset email sent for user %name", array("name" => p::clean($user->name))));
} else {
// Don't include the username here until you're sure that it's XSS safe
log::warning("user", "Password reset email requested for bogus user");
}
message::success(t("Password reset email sent"));
print json_encode(array("result" => "success"));
}
function header($item_id)
{
$item = ORM::factory("item", $item_id);
access::required("view", $item);
access::required("edit", $item);
print json_encode(array("title" => p::clean($item->title), "description" => empty($item->description) ? "" : p::clean($item->description)));
}
/**
* @see REST_Controller::_update($resource)
*/
public function _update($photo)
{
access::verify_csrf();
access::required("view", $photo);
access::required("edit", $photo);
$form = photo::get_edit_form($photo);
if ($valid = $form->validate()) {
if ($form->edit_photo->filename->value != $photo->name) {
// Make sure that there's not a conflict
if (Database::instance()->from("items")->where("parent_id", $photo->parent_id)->where("id <>", $photo->id)->where("name", $form->edit_photo->filename->value)->count_records()) {
$form->edit_photo->filename->add_error("conflict", 1);
$valid = false;
}
}
}
if ($valid) {
$photo->title = $form->edit_photo->title->value;
$photo->description = $form->edit_photo->description->value;
$photo->rename($form->edit_photo->filename->value);
$photo->save();
module::event("photo_edit_form_completed", $photo, $form);
log::success("content", "Updated photo", "<a href=\"photos/{$photo->id}\">view</a>");
message::success(t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title))));
print json_encode(array("result" => "success", "location" => url::site("photos/{$photo->id}")));
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
}
static function feed($feed_id, $offset, $limit, $id)
{
if ($feed_id != "newest" && $feed_id != "item") {
return;
}
$comments = ORM::factory("comment")->where("state", "published")->orderby("created", "DESC");
$all_comments = ORM::factory("comment")->where("state", "published")->orderby("created", "DESC");
if ($feed_id == "item") {
$comments->where("item_id", $id);
$all_comments->where("item_id", $id);
}
if (!empty($comments)) {
$feed->view = "comment.mrss";
$comments = $comments->find_all($limit, $offset);
$feed->children = array();
foreach ($comments as $comment) {
$item = $comment->item();
$feed->children[] = new ArrayObject(array("pub_date" => date("D, d M Y H:i:s T", $comment->created), "text" => nl2br(p::purify($comment->text)), "thumb_url" => $item->thumb_url(), "thumb_height" => $item->thumb_height, "thumb_width" => $item->thumb_width, "item_uri" => url::abs_site("{$item->type}s/{$item->id}"), "title" => p::purify($item->title), "author" => p::clean($comment->author_name())), ArrayObject::ARRAY_AS_PROPS);
}
$feed->max_pages = ceil($all_comments->find_all()->count() / $limit);
$feed->title = htmlspecialchars(t("Recent Comments"));
$feed->uri = url::abs_site("albums/" . (empty($id) ? "1" : $id));
$feed->description = t("Recent Comments");
return $feed;
}
}
static function available_feeds($item, $tag)
{
$feeds["comment/newest"] = t("All new comments");
if ($item) {
$feeds["comment/item/{$item->id}"] = t("Comments on %title", array("title" => p::clean($item->title)));
}
return $feeds;
}
static function available_feeds($item, $tag) {
if ($tag) {
$feeds["tag/tag/{$tag->id}"] =
t("Tag feed for %tag_name", array("tag_name" => p::clean($tag->name)));
return $feeds;
}
return array();
}
public function remove_path()
{
access::verify_csrf();
$path = $this->input->get("path");
$paths = unserialize(module::get_var("server_add", "authorized_paths"));
if (isset($paths[$path])) {
unset($paths[$path]);
message::success(t("Removed path %path", array("path" => p::clean($path))));
module::set_var("server_add", "authorized_paths", serialize($paths));
server_add::check_config($paths);
}
url::redirect("admin/server_add");
}
public function index()
{
access::verify_csrf();
$user = user::active();
user::logout();
log::info("user", t("User %name logged out", array("name" => p::clean($user->name))), html::anchor("user/{$user->id}", p::clean($user->name)));
if ($this->input->get("continue")) {
$item = url::get_item_from_uri($this->input->get("continue"));
if (access::can("view", $item)) {
url::redirect($this->input->get("continue"));
} else {
url::redirect("");
}
}
}
public function index()
{
//access::verify_csrf();
$user = user::active();
user::logout();
log::info("user", t("User %name logged out", array("name" => p::clean($user->name))), html::anchor("user/{$user->id}", p::clean($user->name)));
if ($continue_url = $this->input->get("continue")) {
$item = url::get_item_from_uri($continue_url);
if (access::can("view", $item)) {
// Don't use url::redirect() because it'll call url::site() and munge the continue url.
header("Location: {$continue_url}");
} else {
url::redirect("albums/1");
}
}
}
private function _auth($url)
{
$form = user::get_login_form($url);
$valid = $form->validate();
if ($valid) {
$user = ORM::factory("user")->where("name", $form->login->inputs["name"]->value)->find();
if (!$user->loaded || !user::is_correct_password($user, $form->login->password->value)) {
log::warning("user", t("Failed login for %name", array("name" => p::clean($form->login->inputs["name"]->value))));
$form->login->inputs["name"]->add_error("invalid_login", 1);
$valid = false;
}
}
if ($valid) {
user::login($user);
log::info("user", t("User %name logged in", array("name" => p::clean($user->name))));
}
// Either way, regenerate the session id to avoid session trapping
Session::instance()->regenerate();
return array($valid, $form);
}
/**
* @see REST_Controller::_update($resource)
*/
public function _update($album)
{
access::verify_csrf();
access::required("view", $album);
access::required("edit", $album);
$form = album::get_edit_form($album);
if ($valid = $form->validate()) {
// Make sure that there's not a conflict
if ($album->id != 1 && Database::instance()->from("items")->where("parent_id", $album->parent_id)->where("id <>", $album->id)->where("name", $form->edit_item->dirname->value)->count_records()) {
$form->edit_item->dirname->add_error("conflict", 1);
$valid = false;
}
}
if ($valid) {
$album->title = $form->edit_item->title->value;
$album->description = $form->edit_item->description->value;
$album->sort_column = $form->edit_item->sort_order->column->value;
$album->sort_order = $form->edit_item->sort_order->direction->value;
if ($album->id != 1) {
$album->rename($form->edit_item->dirname->value);
}
$album->save();
module::event("item_edit_form_completed", $album, $form);
log::success("content", "Updated album", "<a href=\"albums/{$album->id}\">view</a>");
message::success(t("Saved album %album_title", array("album_title" => p::clean($album->title))));
print json_encode(array("result" => "success", "location" => url::site("albums/{$album->id}")));
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
}
?>
"
title="<?php
echo p::clean($child->title);
?>
"
height="<?php
echo $child->thumb_height;
?>
" width="<?php
echo $child->thumb_width;
?>
" /></a><br />
<? endif ?>
<?php
echo p::clean($child->description);
?>
</p>
]]>
</content:encoded>
<media:thumbnail url="<?php
echo $child->thumb_url(true);
?>
"
fileSize="<?php
echo @filesize($child->thumb_path());
?>
"
height="<?php
echo $child->thumb_height;
?>
<?php
defined("SYSPATH") or die("No direct script access.");
?>
<html>
<head>
<title><?php
echo p::clean($subject);
?>
</title>
</head>
<body>
<h2><?php
echo p::clean($subject);
?>
</h2>
<table>
<tr>
<td colspan="2">
<?php
echo t("To view the changed album %title use the link below.", array("title" => p::purify($item->parent()->title)));
?>
</td>
</tr>
<tr>
<td><?php
echo t("Url:");
?>
</td>
<td>
<a href="<?php
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>
<? if ($page_title): ?>
<?= $page_title ?>
<? else: ?>
<? if ($theme->item()): ?>
<? if ($theme->item()->is_album()): ?>
<?= t("Browse Album :: %album_title", array("album_title" => p::clean($theme->item()->title))) ?>
<? elseif ($theme->item()->is_photo()): ?>
<?= t("Photo :: %photo_title", array("photo_title" => p::clean($theme->item()->title))) ?>
<? else: ?>
<?= t("Movie :: %movie_title", array("movie_title" => p::clean($theme->item()->title))) ?>
<? endif ?>
<? elseif ($theme->tag()): ?>
<?= t("Browse Tag :: %tag_title", array("tag_title" => p::clean($theme->tag()->name))) ?>
<? else: /* Not an item, not a tag, no page_title specified. Help! */ ?>
<?= t("Gallery") ?>
<? endif ?>
<? endif ?>
</title>
<link rel="shortcut icon" href="<?= $theme->url("images/favicon.ico") ?>" type="image/x-icon" />
<link rel="stylesheet" type="text/css" href="<?= url::file("lib/yui/reset-fonts-grids.css") ?>"
media="screen,print,projection" />
<link rel="stylesheet" type="text/css" href="<?= url::file("lib/superfish/css/superfish.css") ?>"
media="screen" />
<link rel="stylesheet" type="text/css" href="<?= url::file("lib/themeroller/ui.base.css") ?>"
media="screen,print,projection" />
<link rel="stylesheet" type="text/css" href="<?= $theme->url("css/screen.css") ?>"
media="screen,print,projection" />
<!--[if lt IE 8]>
echo t("Stalled");
?>
<? else: ?>
<?php
echo t("%percent_complete% Complete", array("percent_complete" => $task->percent_complete));
?>
<? endif ?>
</td>
<td>
<?php
echo $task->status;
?>
</td>
<td>
<?php
echo p::clean($task->owner()->name);
?>
</td>
<td>
<? if ($task->state == "stalled"): ?>
<a class="gDialogLink gButtonLink ui-icon-left ui-state-default ui-corner-all"
href="<?php
echo url::site("admin/maintenance/resume/{$task->id}?csrf={$csrf}");
?>
">
<?php
echo t("resume");
?>
</a>
<? endif ?>
<a href="<?php
?>
<h1 style="display: none">
<?php
echo t("Welcome to Gallery 3!");
?>
</h1>
<p>
<?php
echo t("Congratulations on choosing Gallery to host your photos. We're confident that you're going to have a great experience.");
?>
</p>
<p>
<?php
echo t("You're logged in to the <b>%user_name</b> account. The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => p::clean($user->name)));
?>
</p>
<p>
<a href="<?php
echo url::site("form/edit/users/{$user->id}");
?>
"
title="<?php
echo t("Edit Your Profile");
?>
"
id="gAfterInstallChangePasswordLink" class="gButtonLink ui-state-default ui-corners-all"><?php
echo t("Change Password Now");
?>
<lastBuildDate><?php
echo $pub_date;
?>
</lastBuildDate>
<? foreach ($feed->children as $child): ?>
<item>
<title><?php
echo p::purify($child->title);
?>
</title>
<link><?php
echo p::clean($child->item_uri);
?>
</link>
<author><?php
echo p::clean($child->author);
?>
</author>
<guid isPermaLink="true"><?php
echo $child->item_uri;
?>
</guid>
<pubDate><?php
echo $child->pub_date;
?>
</pubDate>
<content:encoded>
<