private function _send_reset($form)
{
$user_name = $form->reset->inputs["name"]->value;
$user = user::lookup_by_name($user_name);
if ($user && !empty($user->email)) {
$user->hash = random::hash();
$user->save();
$message = new View("reset_password.html");
$message->confirm_url = url::abs_site("password/do_reset?key={$user->hash}");
$message->user = $user;
Sendmail::factory()->to($user->email)->subject(t("Password Reset Request"))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=UTF-8")->message($message->render())->send();
log::success("user", t("Password reset email sent for user %name", array("name" => $user->name)));
} else {
if (!$user) {
// Don't include the username here until you're sure that it's XSS safe
log::warning("user", t("Password reset email requested for user %user_name, which does not exist.", array("user_name" => $user_name)));
} else {
log::warning("user", t("Password reset failed for %user_name (has no email address on record).", array("user_name" => $user->name)));
}
}
// Always pretend that an email has been sent to avoid leaking
// information on what user names are actually real.
message::success(t("Password reset email sent"));
json::reply(array("result" => "success"));
}
private function _send_reset()
{
$form = $this->_reset_form();
$valid = $form->validate();
if ($valid) {
$user = user::lookup_by_name($form->reset->inputs["name"]->value);
if (!$user->loaded || empty($user->email)) {
$form->reset->inputs["name"]->add_error("no_email", 1);
$valid = false;
}
}
if ($valid) {
$user->hash = md5(rand());
$user->save();
$message = new View("reset_password.html");
$message->confirm_url = url::abs_site("password/do_reset?key={$user->hash}");
$message->user = $user;
Sendmail::factory()->to($user->email)->subject(t("Password Reset Request"))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=iso-8859-1")->message($message->render())->send();
log::success("user", t("Password reset email sent for user %name", array("name" => $user->name)));
} else {
// Don't include the username here until you're sure that it's XSS safe
log::warning("user", "Password reset email requested for bogus user");
}
message::success(t("Password reset email sent"));
print json_encode(array("result" => "success"));
}
static function context_menu($menu, $theme, $item)
{
// Add a "Buy Prints" option to the photo's thumbnail menu.
if ($item->type == "photo") {
$menu->get("options_menu")->append(Menu::factory("link")->id("fotomotorw")->label(t("Buy Prints"))->url("javascript:showFotomotoDialog(100, '" . url::abs_site("fotomotorw/resize/" . md5($item->created) . "/{$item->id}") . "');")->css_class("g-print-fotomotorw-link ui-icon-print"));
}
}
static function feed($feed_id, $offset, $limit, $id)
{
if ($feed_id != "newest" && $feed_id != "item") {
return;
}
$comments = ORM::factory("comment")->where("state", "published")->orderby("created", "DESC");
$all_comments = ORM::factory("comment")->where("state", "published")->orderby("created", "DESC");
if ($feed_id == "item") {
$comments->where("item_id", $id);
$all_comments->where("item_id", $id);
}
if (!empty($comments)) {
$feed->view = "comment.mrss";
$comments = $comments->find_all($limit, $offset);
$feed->children = array();
foreach ($comments as $comment) {
$item = $comment->item();
$feed->children[] = new ArrayObject(array("pub_date" => date("D, d M Y H:i:s T", $comment->created), "text" => $comment->text, "thumb_url" => $item->thumb_url(), "thumb_height" => $item->thumb_height, "thumb_width" => $item->thumb_width, "item_uri" => url::abs_site("{$item->type}s/{$item->id}"), "title" => $item->title, "author" => $comment->author_name()), ArrayObject::ARRAY_AS_PROPS);
}
$feed->max_pages = ceil($all_comments->find_all()->count() / $limit);
$feed->title = htmlspecialchars(t("Recent Comments"));
$feed->uri = url::abs_site("albums/" . (empty($id) ? "1" : $id));
$feed->description = t("Recent Comments");
return $feed;
}
}
static function send_confirmation($user)
{
$message = new View("confirm_registration.html");
$message->confirm_url = url::abs_site("register/confirm/{$user->hash}");
$message->user = $user;
self::_sendemail($user->email, t("User registration confirmation"), $message);
}
public function tagitems()
{
// Tag all non-album items in the current album with the specified tags.
// Prevent Cross Site Request Forgery
access::verify_csrf();
// Generate an array of all non-album items in the current album.
$children = ORM::factory("item")->where("parent_id", $this->input->post("item_id"))->where("type !=", "album")->find_all();
// Loop through each item in the album and make sure the user has
// access to view and edit it.
foreach ($children as $child) {
if (access::can("view", $child) && access::can("edit", $child)) {
// Assuming the user can view/edit the current item, loop
// through each tag that was submitted and apply it to
// the current item.
foreach (split(",", $this->input->post("name")) as $tag_name) {
$tag_name = trim($tag_name);
if ($tag_name) {
tag::add($child, $tag_name);
}
}
}
}
// Redirect back to the album.
$item = ORM::factory("item", $this->input->post("item_id"));
url::redirect(url::abs_site("{$item->type}s/{$item->id}"));
}
static function get_email_form($user_id, $item_id = null)
{
// Determine name of the person the message is going to.
$str_to_name = "";
if ($user_id == -1) {
$str_to_name = module::get_var("contactowner", "contact_owner_name");
} else {
// Locate the record for the user specified by $user_id,
// use this to determine the user's name.
$userDetails = ORM::factory("user")->where("id", "=", $user_id)->find_all();
$str_to_name = $userDetails[0]->name;
}
// If item_id is set, include a link to the item.
$email_body = "";
if (!empty($item_id)) {
$item = ORM::factory("item", $item_id);
$email_body = "This message refers to <a href=\"" . url::abs_site("{$item->type}s/{$item->id}") . "\">this page</a>.";
}
// Make a new form with a couple of text boxes.
$form = new Forge("contactowner/sendemail/{$user_id}", "", "post", array("id" => "g-contact-owner-send-form"));
$sendmail_fields = $form->group("contactOwner");
$sendmail_fields->input("email_to")->label(t("To:"))->value($str_to_name)->id("g-contactowner-to-name");
$sendmail_fields->input("email_from")->label(t("From:"))->value(identity::active_user()->email)->id("g-contactowner-from-email")->rules('required|valid_email')->error_messages("required", t("You must enter a valid email address"))->error_messages("valid_email", t("You must enter a valid email address"))->error_messages("invalid", t("You must enter a valid email address"));
$sendmail_fields->input("email_subject")->label(t("Subject:"))->value("")->id("g-contactowner-subject")->rules('required')->error_messages("required", t("You must enter a subject"));
$sendmail_fields->textarea("email_body")->label(t("Message:"))->value($email_body)->id("g-contactowner-email-body")->rules('required')->error_messages("required", t("You must enter a message"));
// Add a captcha, if there's an active captcha module.
module::event("captcha_protect_form", $form);
// Add a save button to the form.
$sendmail_fields->submit("SendMessage")->value(t("Send"));
return $form;
}
public function tags($id)
{
$tag = ORM::factory("tag", $id);
if (!$tag->loaded) {
return Kohana::show_404();
}
$page = $this->input->get("page", 1);
if ($page < 1) {
url::redirect("media_rss/tags/{$tag->id}");
}
$children = $tag->items(self::$page_size, ($page - 1) * self::$page_size, "photo");
$max_pages = ceil($tag->count / self::$page_size);
if ($page > $max_pages) {
url::redirect("media_rss/tags/{$tag->id}?page={$max_pages}");
}
$view = new View("feed.mrss");
$view->title = $tag->name;
$view->link = url::abs_site("tags/{$tag->id}");
$view->description = t("Photos related to %tag_name", array("tag_name" => $tag->name));
$view->feed_link = url::abs_site("media_rss/tags/{$tag->id}");
$view->children = $children;
if ($page > 1) {
$previous_page = $page - 1;
$view->previous_page_link = url::site("media_rss/tags/{$tag->id}?page={$previous_page}");
}
if ($page < $max_pages) {
$next_page = $page + 1;
$view->next_page_link = url::site("media_rss/tags/{$tag->id}?page={$next_page}");
}
// @todo do we want to add an upload date to the items table?
$view->pub_date = date("D, d M Y H:i:s T");
rest::http_content_type(rest::RSS);
print $view;
}
public function feed($module_id, $feed_id, $id = null)
{
$page = $this->input->get("page", 1);
if ($page < 1) {
url::redirect(url::merge(array("page" => 1)));
}
// Configurable page size between 1 and 100, default 20
$page_size = max(1, min(100, $this->input->get("page_size", self::$page_size)));
// Run the appropriate feed callback
if (module::is_active($module_id)) {
$class_name = "{$module_id}_rss";
if (method_exists($class_name, "feed")) {
$feed = call_user_func(array($class_name, "feed"), $feed_id, ($page - 1) * $page_size, $page_size, $id);
}
}
if (empty($feed)) {
Kohana::show_404();
}
if ($feed->max_pages && $page > $feed->max_pages) {
url::redirect(url::merge(array("page" => $feed->max_pages)));
}
$view = new View(empty($feed->view) ? "feed.mrss" : $feed->view);
unset($feed->view);
$view->feed = $feed;
$view->pub_date = date("D, d M Y H:i:s T");
$feed->uri = url::abs_site(Router::$current_uri);
if ($page > 1) {
$feed->previous_page_uri = url::abs_site(url::merge(array("page" => $page - 1)));
}
if ($page < $feed->max_pages) {
$feed->next_page_uri = url::abs_site(url::merge(array("page" => $page + 1)));
}
rest::http_content_type(rest::RSS);
print $view;
}
public function feed($module_id, $feed_id, $id = null)
{
$page = (int) Input::instance()->get("page", 1);
if ($page < 1) {
url::redirect(url::merge(array("page" => 1)));
}
// Configurable page size between 1 and 100, default 20
$page_size = max(1, min(100, (int) Input::instance()->get("page_size", self::$page_size)));
// Run the appropriate feed callback
if (module::is_active($module_id)) {
$class_name = "{$module_id}_rss";
if (method_exists($class_name, "feed")) {
$feed = call_user_func(array($class_name, "feed"), $feed_id, ($page - 1) * $page_size, $page_size, $id);
}
}
if (empty($feed)) {
throw new Kohana_404_Exception();
}
if ($feed->max_pages && $page > $feed->max_pages) {
url::redirect(url::merge(array("page" => $feed->max_pages)));
}
$view = new View(empty($feed->view) ? "feed.mrss" : $feed->view);
unset($feed->view);
$view->feed = $feed;
$view->pub_date = date("D, d M Y H:i:s T");
$feed->uri = url::abs_site(url::merge($_GET));
if ($page > 1) {
$feed->previous_page_uri = url::abs_site(url::merge(array("page" => $page - 1)));
}
if ($page < $feed->max_pages) {
$feed->next_page_uri = url::abs_site(url::merge(array("page" => $page + 1)));
}
header("Content-Type: application/rss+xml");
print $view;
}
static function send_admin_notify($user)
{
$message = new View("register_admin_notify.html");
$message->admin_register_url = url::abs_site("admin/register");
$message->user = $user;
$message->subject_prefix = module::get_var("registration", "subject_prefix");
$message->locale = module::get_var("gallery", "default_locale");
// as Gallery default
$message->subject = t("New pending user registration", array("locale" => $message->locale));
self::_sendemail(module::get_var("gallery", "email_reply_to"), $message->subject_prefix . $message->subject, $message);
}
static function albums($offset, $limit, $id)
{
$item = ORM::factory("item", $id);
access::required("view", $item);
$feed = new stdClass();
$feed->data["children"] = $item->viewable()->descendants($limit, $offset, "photo");
$feed->max_pages = ceil($item->viewable()->descendants_count("photo") / $limit);
$feed->data["title"] = $item->title;
$feed->data["link"] = url::abs_site("albums/{$item->id}");
$feed->data["description"] = $item->description;
return $feed;
}
static function head($theme)
{
// If the current page is an item, and if it's in the tags_album_id table,
// then redirect to the tag_albums page.
if ($theme->item()) {
$album_tags = ORM::factory("tags_album_id")->where("album_id", "=", $theme->item->id)->find_all();
if (count($album_tags) > 0) {
url::redirect(url::abs_site("tag_albums/album/" . $album_tags[0]->id . "/" . urlencode($theme->item->name)));
}
}
return;
}
public function map($map_type, $type_id)
{
// Map all items in the specified album or user.
$map_title = "";
if ($map_type == "album") {
// Generate an array of all items in the current album that have exif gps
// coordinates and order by latitude (to group items w/ the same
// coordinates together).
$items = ORM::factory("item", $type_id)->join("exif_coordinates", "items.id", "exif_coordinates.item_id")->viewable()->order_by("exif_coordinates.latitude", "ASC")->descendants();
$curr_album = ORM::factory("item")->where("id", "=", $type_id)->find_all();
$map_title = $curr_album[0]->name;
} elseif ($map_type == "user") {
// Generate an array of all items uploaded by the current user that
// have exif gps coordinates and order by latitude (to group items
// w/ the same coordinates together).
$items = ORM::factory("item")->join("exif_coordinates", "items.id", "exif_coordinates.item_id")->where("items.owner_id", "=", $type_id)->viewable()->order_by("exif_coordinates.latitude", "ASC")->find_all();
$curr_user = ORM::factory("user")->where("id", "=", $type_id)->find_all();
$map_title = $curr_user[0]->full_name . "'s " . t("Photos");
}
// Make a new page.
$template = new Theme_View("page.html", "other", "EXIFMap");
$template->page_title = t("Gallery :: Map");
$template->content = new View("exif_gps_map.html");
if ($map_title == "") {
$template->content->title = t("Map");
} else {
$template->content->title = t("Map of") . " " . $map_title;
}
// Figure out default map type.
$int_map_type = module::get_var("exif_gps", "largemap_maptype");
if ($int_map_type == 0) {
$map_type = "ROADMAP";
}
if ($int_map_type == 1) {
$map_type = "SATELLITE";
}
if ($int_map_type == 2) {
$map_type = "HYBRID";
}
if ($int_map_type == 3) {
$map_type = "TERRAIN";
}
$template->content->map_type = $map_type;
// When mapping an album, generate a "return to album" link.
if (isset($curr_album)) {
$template->content->return_url = url::abs_site("{$curr_album[0]->type}s/{$curr_album[0]->id}");
}
// Load in module preferences.
$template->content->items = $items;
$template->content->google_map_key = module::get_var("exif_gps", "googlemap_api_key");
// Display the page.
print $template;
}
/**
* Shorten a G3 item's link and display the result in a status message.
* @param int $item_id
*/
public function shorten($item_id)
{
// Prevent Cross Site Request Forgery
access::verify_csrf();
$item = ORM::factory("item", $item_id);
// Ensure user has permission
access::required("view", $item);
access::required("edit", $item);
// Get the item's URL and shorten it
$short_url = bitly::shorten_url($item_id);
// Redirect back to the item
url::redirect(url::abs_site($item->relative_url_cache));
}
/**
* Convert a REST url into an object.
* Eg:
* http://example.com/gallery3/index.php/rest/item/35 -> Item_Model
* http://example.com/gallery3/index.php/rest/tag/16 -> Tag_Model
* http://example.com/gallery3/index.php/rest/tagged_item/1,16 -> [Tag_Model, Item_Model]
*
* @param string the fully qualified REST url
* @return mixed the corresponding object (usually a model of some kind)
*/
static function resolve($url)
{
$relative_url = substr($url, strlen(url::abs_site("rest")));
$path = parse_url($relative_url, PHP_URL_PATH);
$components = explode("/", $path, 3);
if (count($components) != 3) {
throw new Kohana_404_Exception($url);
}
$class = "{$components['1']}_rest";
if (!method_exists($class, "resolve")) {
throw new Kohana_404_Exception($url);
}
return call_user_func(array($class, "resolve"), !empty($components[2]) ? $components[2] : null);
}
static function tags($offset, $limit, $id)
{
$tag = ORM::factory("tag", $id);
if (!$tag->loaded) {
return Kohana::show_404();
}
$feed = new stdClass();
$feed->data["children"] = $tag->items($limit, $offset, "photo");
$feed->max_pages = ceil($tag->count / $limit);
$feed->data["title"] = $tag->name;
$feed->data["link"] = url::abs_site("tags/{$tag->id}");
$feed->data["description"] = t("Photos related to %tag_name", array("tag_name" => $tag->name));
return $feed;
}
private static function _reauth_check()
{
$session = Session::instance();
$last_active_auth = $session->get("active_auth_timestamp", 0);
$last_admin_area_activity = $session->get("admin_area_activity_timestamp", 0);
$admin_area_timeout = module::get_var("gallery", "admin_area_timeout");
$time_remaining = max($last_active_auth, $last_admin_area_activity) + $admin_area_timeout - time();
$result = new stdClass();
$result->result = "success";
if ($time_remaining < 30) {
$result->location = url::abs_site("");
}
print json_encode($result);
}
static function site_menu($menu, $theme)
{
// Add menu options for Adding / Removing / Using passwords to the menu.
// If this page doesn't belong to an item, don't display the menu.
if (!$theme->item()) {
return;
}
$item = $theme->item();
// If there isn't currently a password stored in the cookie,
// then display the enter password link.
if (cookie::get("g3_albumpassword") == "") {
$menu->append(Menu::factory("dialog")->id("albumpassword_login")->css_id("g-album-password-login")->url(url::site("albumpassword/login"))->label(t("Unlock albums")));
} else {
// If a password has been entered already
// display the log out link, and links to the protected albums
$menu->append(Menu::factory("submenu")->id("albumpassword_protected")->css_id("g-album-password-protected")->label(t("Protected albums")));
$menu->get("albumpassword_protected")->append(Menu::factory("link")->id("albumpassword_logout")->css_id("g-album-password-logout")->url(url::site("albumpassword/logout"))->label(t("Clear password")));
$existing_password = "";
if (cookie::get("g3_albumpassword_id") != "") {
$existing_password = ORM::factory("items_albumpassword")->where("password", "=", cookie::get("g3_albumpassword"))->where("id", "=", cookie::get("g3_albumpassword_id"))->find_all();
} else {
$existing_password = ORM::factory("items_albumpassword")->where("password", "=", cookie::get("g3_albumpassword"))->find_all();
}
if (count($existing_password) > 0) {
$counter = 0;
while ($counter < count($existing_password)) {
$item_album = ORM::factory("item")->where("id", "=", $existing_password[$counter]->album_id)->find();
$menu->get("albumpassword_protected")->append(Menu::factory("link")->id("albumpassword_album" . $counter)->label(html::purify($item_album->title))->css_id("g-album-password-album" . $counter)->url(url::abs_site("{$item_album->type}s/{$item_album->id}")));
$counter++;
}
}
}
// If this is an album without a password, display a link for assigning one.
// If this is an album with a password, display a link to remove it.
if ($item->is_album()) {
if (access::can("view", $item) && access::can("edit", $item)) {
$existing_password = ORM::factory("items_albumpassword")->where("album_id", "=", $item->id)->find_all();
if (count($existing_password) > 0) {
$menu->get("options_menu")->append(Menu::factory("link")->id("albumpassword_remove")->label(t("Remove password"))->css_id("g-album-password-remove")->url(url::site("albumpassword/remove/" . $item->id)));
} elseif ($item->id != 1) {
$passworded_subitems = ORM::factory("item", $item->id)->and_open()->join("albumpassword_idcaches", "items.id", "albumpassword_idcaches.item_id", "LEFT OUTER")->where("albumpassword_idcaches.item_id", "IS NOT", NULL)->close()->descendants();
$existing_cacheditem = ORM::factory("albumpassword_idcache")->where("item_id", "=", $item->id)->order_by("cache_id")->find_all();
if (count($existing_cacheditem) == 0 && count($passworded_subitems) == 0) {
$menu->get("options_menu")->append(Menu::factory("dialog")->id("albumpassword_assign")->label(t("Assign password"))->css_id("g-album-password-assign")->url(url::site("albumpassword/assign/" . $item->id)));
}
}
}
}
}
static function feed($feed_id, $offset, $limit, $id) {
if ($feed_id == "tag") {
$tag = ORM::factory("tag", $id);
if (!$tag->loaded) {
Kohana::show_404();
}
$feed->children = $tag->items($limit, $offset, "photo");
$feed->max_pages = ceil($tag->count / $limit);
$feed->title = $tag->name;
$feed->link = url::abs_site("tags/{$tag->id}");
$feed->description = t("Photos related to %tag_name", array("tag_name" => $tag->name));
return $feed;
}
}
static function head($theme)
{
if (module::is_installed("rss") && ($theme->item() || $theme->tag())) {
if ($item = $theme->item()) {
$url = rss::feed_link("gallery/album/{$item->id}");
} else {
if ($tag = $theme->tag()) {
$url = rss::feed_link("tag/tag/{$tag->id}");
}
}
// Polar Rose doesn't understand relative URLs. Hack around that until they fix it.
$url = url::abs_site(substr($url, strpos($url, "index.php") + 10));
return "<script type=\"text/javascript\">" . "var polarroseconfig = {" . "partner: 'gallery3'," . "rss: '{$url}'," . "insert: 'g-polar-rose'," . "optin: ''," . "theme: 'dark'," . "progress: true" . "}</script>" . "<script type=\"text/javascript\" " . "src=\"http://cdn.widget.polarrose.com/polarrosewidget.js\">" . "</script>";
}
}
static function get_display_context($item, $title, $query_terms, $q)
{
$position = search::get_position($item, $query_terms);
if ($position > 1) {
list($count, $result_data) = search::search($query_terms, 3, $position - 2);
list($previous_item, $ignore, $next_item) = $result_data;
} else {
$previous_item = null;
list($count, $result_data) = search::search($query_terms, 1, $position);
list($next_item) = $result_data;
}
$search_url = url::abs_site("search?q=" . urlencode($q) . "&show={$item->id}");
$root = item::root();
return array("position" => $position, "previous_item" => $previous_item, "next_item" => $next_item, "sibling_count" => $count, "breadcrumbs" => array(Breadcrumb::instance($root->title, "/", $root->id)->set_first(), Breadcrumb::instance(t("Search: %q", array("q" => $q)), $search_url), Breadcrumb::instance($item->title, $item->url())->set_last()));
}
static function head($theme)
{
if (module::is_installed("media_rss")) {
if ($theme->item()) {
$url = media_rss::item_feed($theme->item());
} else {
if ($theme->tag()) {
$url = media_rss::tag_feed($theme->tag());
}
}
// Polar Rose doesn't understand relative URLs. Hack around that until they fix it.
$url = url::abs_site(substr($url, strpos($url, "index.php") + 10));
return "<script type=\"text/javascript\">" . "var polarroseconfig = {" . "partner: 'gallery3'," . "rss: '{$url}'," . "insert: 'gPolarRose'," . "optin: ''," . "theme: 'dark'" . "}</script>" . "<script type=\"text/javascript\" " . "src=\"http://cdn.widget.polarrose.com/widgetanddashboard/" . "polarrosewidgetanddashboard.js\">" . "</script>";
}
}
private static function _reauth_check()
{
$session = Session::instance();
$last_active_auth = $session->get("active_auth_timestamp", 0);
$last_admin_area_activity = $session->get("admin_area_activity_timestamp", 0);
$admin_area_timeout = module::get_var("gallery", "admin_area_timeout");
$time_remaining = max($last_active_auth, $last_admin_area_activity) + $admin_area_timeout - time();
$result = new stdClass();
$result->result = "success";
if ($time_remaining < 30) {
message::success(t("Automatically logged out of the admin area for your security"));
$result->location = url::abs_site("");
}
json::reply($result);
}
static function get_display_context($item, $album, $q)
{
$q_with_more_terms = search::add_query_terms($q);
$position = search::get_position_within_album($item, $q_with_more_terms, $album);
if ($position > 1) {
list($count, $result_data) = search::search_within_album($q_with_more_terms, $album, 3, $position - 2);
list($previous_item, $ignore, $next_item) = $result_data;
} else {
$previous_item = null;
list($count, $result_data) = search::search_within_album($q_with_more_terms, $album, 1, $position);
list($next_item) = $result_data;
}
$search_url = url::abs_site("search" . "?q=" . urlencode($q) . "&album=" . urlencode($album->id) . "&show={$item->id}");
$root = item::root();
return array("position" => $position, "previous_item" => $previous_item, "next_item" => $next_item, "sibling_count" => $count, "siblings_callback" => array("Search_Controller::get_siblings", array($q, $album)), "breadcrumbs" => array(Breadcrumb::instance($root->title, $root->url())->set_first(), Breadcrumb::instance(t("Search: %q", array("q" => $q)), $search_url), Breadcrumb::instance($item->title, $item->url())->set_last()));
}
/**
* Shorten a G3 item's link and display the result in a status message.
* @param int $item_id
*/
public function shorten($item_id)
{
// Prevent Cross Site Request Forgery
access::verify_csrf();
$item = ORM::factory("item", $item_id);
// Ensure user has permission
access::required("view", $item);
access::required("edit", $item);
// Shorten the item's URL
$short_url = bitly::shorten_url($item_id);
if ($short_url) {
message::success("Item URL shortened to {$short_url}");
} else {
message::error("Unable to shorten " . url::abs_site($item->relative_url_cache));
}
// Redirect back to the item
url::redirect(url::abs_site($item->relative_url_cache));
}
public function index($id)
{
$paths = unserialize(module::get_var("server_add", "authorized_paths"));
$item = ORM::factory("item", $id);
access::required("server_add", $item);
access::required("add", $item);
$view = new View("server_add_tree_dialog.html");
$view->action = url::abs_site("__ARGS__/{$id}__TASK_ID__?csrf=" . access::csrf_token());
$view->parents = $item->parents();
$view->album_title = $item->title;
$tree = new View("server_add_tree.html");
$tree->data = array();
$tree->tree_id = "tree_{$id}";
foreach (array_keys($paths) as $path) {
$tree->data[$path] = array("path" => $path, "is_dir" => true);
}
$view->tree = $tree->__toString();
print $view;
}
static function comments($offset, $limit, $id)
{
$feed = new stdClass();
$orm = ORM::factory("comment")->where("state", "published")->orderby("created", "DESC");
if (!empty($id)) {
$orm->where("item_id", $id);
}
$feed->view = "comment.mrss";
$comments = $orm->find_all($limit, $offset);
$feed->data["children"] = array();
foreach ($comments as $comment) {
$item = $comment->item();
$feed->data["children"][] = array("pub_date" => date("D, d M Y H:i:s T", $comment->created), "text" => htmlspecialchars($comment->text), "thumb_url" => $item->thumb_url(), "thumb_height" => $item->thumb_height, "thumb_width" => $item->thumb_width, "item_link" => htmlspecialchars(url::abs_site("{$item->type}s/{$item->id}")), "title" => htmlspecialchars($item->title), "author" => empty($comment->guest_name) ? $comment->author()->full_name : $comment->guest_name);
}
$feed->max_pages = ceil($comments->count() / $limit);
$feed->data["title"] = htmlspecialchars(t("Recent Comments"));
$feed->data["link"] = url::abs_site("albums/" . (empty($id) ? "1" : $id));
$feed->data["description"] = t("Recent Comments");
return $feed;
}
public function print_photo($id)
{
access::verify_csrf();
$item = ORM::factory("item", $id);
access::required("view", $item);
if (access::group_can(identity::everybody(), "view_full", $item)) {
$full_url = $item->file_url(true);
$thumb_url = $item->thumb_url(true);
} else {
$proxy = ORM::factory("digibug_proxy");
$proxy->uuid = random::hash();
$proxy->item_id = $item->id;
$proxy->save();
$full_url = url::abs_site("digibug/print_proxy/full/{$proxy->uuid}/{$item->id}");
$thumb_url = url::abs_site("digibug/print_proxy/thumb/{$proxy->uuid}/{$item->id}");
}
$v = new View("digibug_form.html");
$v->order_params = array("digibug_api_version" => "100", "company_id" => module::get_var("digibug", "company_id"), "event_id" => module::get_var("digibug", "event_id"), "cmd" => "addimg", "partner_code" => "69", "return_url" => url::abs_site("digibug/close_window"), "num_images" => "1", "image_1" => $full_url, "thumb_1" => $thumb_url, "image_height_1" => $item->height, "image_width_1" => $item->width, "thumb_height_1" => $item->thumb_height, "thumb_width_1" => $item->thumb_width, "title_1" => html::purify($item->title));
print $v;
}
static function feed($feed_id, $offset, $limit, $id)
{
switch ($feed_id) {
case "latest":
$feed->children = ORM::factory("item")->viewable()->where("type !=", "album")->orderby("created", "DESC")->find_all($limit, $offset);
$all_children = ORM::factory("item")->viewable()->where("type !=", "album")->orderby("created", "DESC");
$feed->max_pages = ceil($all_children->find_all()->count() / $limit);
$feed->title = t("Recent Updates");
$feed->link = url::abs_site("albums/1");
$feed->description = t("Recent Updates");
return $feed;
case "album":
$item = ORM::factory("item", $id);
access::required("view", $item);
$feed->children = $item->viewable()->descendants($limit, $offset, "photo");
$feed->max_pages = ceil($item->viewable()->descendants_count("photo") / $limit);
$feed->title = $item->title;
$feed->link = url::abs_site("albums/{$item->id}");
$feed->description = $item->description;
return $feed;
}
}
