/**
* Function: submit
* Submits a post to the blog owner.
*/
public function route_submit()
{
if (!Visitor::current()->group->can("submit_article")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to submit articles."));
}
if (!empty($_POST)) {
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
if (empty($_POST['body'])) {
Flash::notice(__("Post body can't be empty!"), redirect("/"));
}
if (!isset($_POST['draft'])) {
$_POST['draft'] = "true";
}
$_POST['body'] = "{$_POST['body']}\n\n\n{$_POST['name']}\n{$_POST['email']}\n";
$post = Feathers::$instances[$_POST['feather']]->submit();
if (!in_array(false, $post)) {
Flash::notice(__("Thank you for your submission. ", "submission"), "/");
}
}
if (Theme::current()->file_exists("forms/post/submit")) {
MainController::current()->display("forms/post/submit", array("feather" => $feather), __("Submit a Text Post"));
} else {
require "pages/submit.php";
}
}
public function main_delete_attachment()
{
if (!isset($_GET['id'])) {
error(__("No ID Specified"), __("An ID is required to delete an attachment.", "attachments"));
}
$attachment = new Attachment($_GET['id']);
if ($attachment->no_results) {
error(__("Error"), __("Invalid attachment ID specified.", "attachments"));
}
if (!$attachment->deletable()) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this attachment.", "attachments"));
}
Attachment::delete($attachment->id);
Flash::notice(__("Attachment deleted.", "attachments"), $_SESSION['redirect_to']);
}
static function admin_obscura_settings($admin)
{
if (!Visitor::current()->group->can("change_settings")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
}
if (empty($_POST)) {
return $admin->display("obscura_settings");
}
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
$set = array(Config::current()->set("module_obscura", array("background" => $_POST['background'], "spacing" => $_POST['spacing'], "protect" => isset($_POST['protect']))));
if (!in_array(false, $set)) {
Flash::notice(__("Settings updated."), "/admin/?action=obscura_settings");
}
}
static function admin_cascade_settings($admin)
{
if (!Visitor::current()->group->can("change_settings")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
}
if (empty($_POST)) {
return $admin->display("cascade_settings");
}
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
$set = array(Config::current()->set("ajax_scroll_auto", isset($_POST['auto'])));
if (!in_array(false, $set)) {
Flash::notice(__("Settings updated."), "/admin/?action=cascade_settings");
}
}
static function admin_emailblog_settings($admin)
{
if (!Visitor::current()->group->can("change_settings")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
}
if (empty($_POST)) {
return $admin->display("emailblog_settings");
}
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
$config = Config::current();
$set = array($config->set("emailblog_address", $_POST['email']), $config->set("emailblog_pass", $_POST['pass']), $config->set("emailblog_minutes", $_POST['minutes']), $config->set("emailblog_subjpass", $_POST['subjpass']), $config->set("emailblog_server", $_POST['server']));
if (!in_array(false, $set)) {
Flash::notice(__("Settings updated."), "/admin/?action=emailblog_settings");
}
}
public function admin_theme_editor($admin)
{
if (!Visitor::current()->group->can("change_settings")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
}
if (empty($_POST)) {
return $admin->display("theme_editor", array("editor" => self::admin_context($admin->context)), __("Theme Editor", "theme_editor"));
}
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
if (isset($_POST['file']) and isset($_POST['newcontent'])) {
$done = file_put_contents($_POST['file'], $_POST['newcontent']);
if (!empty($done)) {
Flash::notice(__("File Updated"), "/admin/?action=theme_editor&file=" . $_POST['cur_file']);
}
}
}
static function admin_like_settings($admin)
{
$config = Config::current();
if (!Visitor::current()->group->can("change_settings")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
}
if (empty($_POST)) {
return $admin->display("like_settings");
}
if (!isset($_POST['hash']) or $_POST['hash'] != $config->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
$likeText = array();
foreach ($_POST as $key => $value) {
if (strstr($key, "likeText-")) {
$exploded_array = explode("-", $key, 2);
$likeText[$exploded_array[1]] = strip_tags(stripslashes($value));
}
}
$set = array($config->set("module_like", array("showOnFront" => isset($_POST['showOnFront']), "likeWithText" => isset($_POST['likeWithText']), "likeImage" => $_POST['likeImage'], "likeText" => $likeText)));
if (!in_array(false, $set)) {
Flash::notice(__("Settings updated."), "/admin/?action=like_settings");
}
}
* User: loveyu
* Date: 2015/12/9
* Time: 0:17
*/
require_once "common.php";
if (!is_login()) {
show_403("Please login.");
}
$path = isset($_GET['path']) ? $_GET['path'] : "";
$ext = pathinfo($path, PATHINFO_EXTENSION);
if (empty($path)) {
show_403("No empty.");
}
if (!in_ext_list($ext)) {
show_403("No support.");
}
$path = get_sys_path($path);
if (!is_file($path)) {
show_403("No found.");
}
$size = filesize($path);
header("Content-Type: image/{$ext}");
header("Content-Length: {$size}");
header("Content-Disposition:filename=" . basename($path));
flush();
$fp = fopen($path, "r");
while (!feof($fp)) {
echo fread($fp, 65536);
flush();
}
fclose($fp);
static function admin_manage_comments($admin)
{
if (!Comment::any_editable() and !Comment::any_deletable()) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to manage any comments.", "comments"));
}
fallback($_GET['query'], "");
list($where, $params) = keywords($_GET['query'], "body LIKE :query");
$where[] = "status != 'spam'";
$visitor = Visitor::current();
if (!$visitor->group->can("edit_comment", "delete_comment", true)) {
$where["user_id"] = $visitor->id;
}
$admin->display("manage_comments", array("comments" => new Paginator(Comment::find(array("placeholders" => true, "where" => $where, "params" => $params)), 25)));
}
static function admin_manage_dropbox($admin)
{
if (!Visitor::current()->group->can("add_post", "add_draft")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to create posts."));
}
if (empty($_POST)) {
return $admin->display("manage_dropbox");
}
$config = Config::current();
if (!isset($config->module_dropbox["oauth_token"])) {
Flash::notice(__("You need to authorize Dropbox first.", "dropbox"), "/admin/?action=dropbox_settings");
}
$data = json_decode(file_get_contents("http://chyrp.net/api/1/dropboxsync.php?keys"), true);
$app_key = $data["key"];
$app_secret = $data["secret"];
$storage = new \Dropbox\OAuth\Storage\Session();
$OAuth = new \Dropbox\OAuth\Consumer\Curl($app_key, $app_secret, $storage);
$dropbox = new \Dropbox\API($OAuth);
$delta = $dropbox->delta();
$delta = $delta["body"];
if ($delta->cursor != $config->module_dropbox["cursor"]) {
if (count($delta->entries) > 0) {
foreach ($delta->entries as $entry) {
$tmpfname = tempnam("/tmp", "md");
$file = $dropbox->getFile(ltrim($entry[0], "/"), $tmpfname);
$post = new FrontMatter($file["name"]);
$date = explode(".", ltrim($entry[0], "/"));
$values = array("title" => $post->fetch("title"), "body" => $post->fetch("content"));
# Set defaults
fallback($clean, oneof($post->fetch("slug"), strtolower(str_replace(" ", "-", $post->fetch("title")))));
fallback($url, Post::check_url($clean));
fallback($pinned, oneof($post->fetch("pinned"), 0));
fallback($status, oneof($post->fetch("status"), "public"));
fallback($date, oneof(datetime($post->fetch("date")), datetime($date[0])));
$post = Post::add($values, $clean, $url, "text", 1, $pinned, $status, datetime($post->fetch("date")), datetime($post->fetch("date")), false);
}
}
$set = array($config->set("module_dropbox", array("oauth_token_secret" => $config->module_dropbox['oauth_token_secret'], "oauth_token" => $config->module_dropbox['oauth_token'], "uid" => $config->module_dropbox['uid'], "cursor" => $delta->cursor)));
if (!in_array(false, $set)) {
Flash::notice(__("Post imported successfully.", "dropbox"), "/admin/?action=manage_posts");
}
}
}
public function admin_delete_category($admin)
{
if (!Visitor::current()->group()->can("manage_categorize")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to manage categories.", "categorize"));
}
Category::deleteCategory($_REQUEST['id']);
Flash::notice(__("Category deleted.", "categorize"), "/admin/?action=manage_category");
}
/**
* Function: drafts
* Grabs the posts for viewing the Drafts lists.
*/
public function drafts()
{
$visitor = Visitor::current();
if (!$visitor->group->can("view_own_draft", "view_draft")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to view drafts."));
}
$posts = new Paginator(Post::find(array("placeholders" => true, "where" => array("status" => "draft", "user_id" => $visitor->id))), $this->post_limit);
$this->display(array("pages/drafts", "pages/index"), array("posts" => $posts), __("Drafts"));
}
public function admin_bulk_tag($admin)
{
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
if (empty($_POST['name']) or empty($_POST['post'])) {
redirect("/admin/?action=manage_tags");
}
$sql = SQL::current();
foreach (array_map("trim", explode(",", $_POST['name'])) as $tag) {
foreach ($_POST['post'] as $post_id) {
$post = new Post($post_id);
if (!$post->editable()) {
continue;
}
$tags = $sql->select("post_attributes", "value", array("name" => "tags", "post_id" => $post_id));
if ($tags and $value = $tags->fetchColumn()) {
$tags = YAML::load($value);
} else {
$tags = array();
}
$tags[$tag] = sanitize($tag);
$sql->replace("post_attributes", array("post_id", "name"), array("name" => "tags", "value" => YAML::dump($tags), "post_id" => $post_id));
}
}
Flash::notice(__("Posts tagged.", "tags"), "/admin/?action=manage_tags");
}
header("HTTP/1.1 404 Not Found");
$trigger->call("not_found");
exit;
}
$main->display("feathers/" . $post->feather, array("post" => $post, "ajax_reason" => $reason));
break;
case "preview":
if (empty($_POST['content'])) {
break;
}
$trigger->filter($_POST['content'], array("preview_" . $_POST['feather'], "preview"), $_POST['field'], $_POST['feather']);
echo "<h2 class=\"preview-header\">" . __("Preview") . "</h2>\n" . "<div class=\"preview-content\">" . $_POST['content'] . "</div>";
break;
case "check_confirm":
if (!$visitor->group->can("toggle_extensions")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to enable/disable extensions."));
}
$dir = $_POST['type'] == "module" ? MODULES_DIR : FEATHERS_DIR;
$info = YAML::load($dir . "/" . $_POST['check'] . "/info.yaml");
fallback($info["confirm"], "");
if (!empty($info["confirm"])) {
echo __($info["confirm"], $_POST['check']);
}
break;
case "organize_pages":
foreach ($_POST['parent'] as $id => $parent) {
$sql->update("pages", array("id" => $id), array("parent_id" => $parent));
}
foreach ($_POST['page_list'] as $index => $page) {
$sql->update("pages", array("id" => $page), array("list_order" => $index));
}
<?php
if (version_compare(PHP_VERSION, "5.3.0", "<")) {
exit("Chyrp requires PHP 5.3.0 or greater.");
}
require_once "includes/common.php";
# Prepare the controller.
$main = MainController::current();
# Parse the route.
$route = Route::current($main);
# Check if the user can view the site.
if (!$visitor->group->can("view_site") and !in_array($route->action, array("login", "logout", "register", "lost_password"))) {
if ($trigger->exists("can_not_view_site")) {
$trigger->call("can_not_view_site");
} else {
show_403(__("Access Denied"), __("You are not allowed to view this site."));
}
}
# Execute the appropriate Controller responder.
$route->init();
# If the route failed or nothing was displayed, check for:
# 1. Module-provided pages.
# 2. Feather-provided pages.
# 3. Theme-provided pages.
if (!$route->success and !$main->displayed) {
$displayed = false;
foreach ($config->enabled_modules as $module) {
if (file_exists(MODULES_DIR . "/" . $module . "/pages/" . $route->action . ".php")) {
$displayed = (require MODULES_DIR . "/" . $module . "/pages/" . $route->action . ".php");
}
}
/**
* Export the collected data to csv file.
* @param $sid
* Survey sid
* @param $type
* The type of export, if human readable of machine readable.
*
* Route - /survey/:sid/data_export/(csv_human|csv_machine)
*/
public function survey_export_csv($sid, $type)
{
if (!has_permission('export csv data any survey')) {
show_403();
}
$survey = $this->survey_model->get($sid);
if (!$survey) {
show_404();
}
if (!$survey->status_allows('export csv data any survey')) {
show_403();
}
// Load stuff.
$this->load->model('survey_result_model');
$this->load->helper('or_xform_results');
try {
$flattener = new OR_xform_results($survey->get_xml_full_path());
} catch (Exception $e) {
// The xform file does not exist or is not readable.
show_404();
}
// Load results.
$results = $this->survey_result_model->get_all($sid);
// Type of export.
switch ($type) {
case 'csv_human':
$label_key = "label";
$value_key = "value";
$filename = sprintf('survey_results_%d_normalized.csv', $survey->sid);
break;
case 'csv_machine':
$label_key = "machine_label";
$value_key = "machine_value";
$filename = sprintf('survey_results_%d_raw.csv', $survey->sid);
break;
}
// Compose header of csv file.
// The header is being created from the flat xfrom so if all the result
// files fail, we'll have an empty csv with an header.
$flat = $flattener->get_flatten();
$header = array();
foreach ($flat as $key => $value) {
// The language only matters when we're exporting a non system
// question in a normalised format.
if ($type == 'csv_human' && !isset($value['system']) && $flattener->is_translated()) {
$header[] = $value['label'][$flattener->get_preferred_language()];
} else {
// Machine labels are never translated and human label behave the
// same way if there's no translation.
$header[] = $value[$label_key];
}
}
// Headers.
header("Cache-Control: public");
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=" . $filename);
header("Content-Type: application/octet-stream; ");
header("Content-Transfer-Encoding: binary");
// Open stream.
$output = fopen('php://output', 'w');
// Put headers.
fputcsv($output, $header);
// Compose data.
foreach ($results as $survey_result_entity) {
try {
$parsed_file = $flattener->parse_result_file($survey_result_entity->get_xml_full_path());
} catch (Exception $e) {
// The file does not exist or is not readable. Skip.
continue;
}
$fields = array();
foreach ($parsed_file as $data) {
$fields[] = is_array($data[$value_key]) ? implode(' ', $data[$value_key]) : $data[$value_key];
}
fputcsv($output, $fields);
}
//Close stream.
fclose($output);
}
/**
* List with all the users.
*
* Route:
* /users/(active|blocked)
*/
public function users_list($filter = NULL)
{
if (!has_permission('view user list')) {
show_403();
}
switch ($filter) {
case 'active':
$users = $this->user_model->get_all(User_entity::STATUS_ACTIVE);
break;
case 'blocked':
$users = $this->user_model->get_all(User_entity::STATUS_BLOCKED);
break;
default:
$users = $this->user_model->get_all();
break;
}
$this->load->view('base/html_start');
$this->load->view('components/navigation', array('active_menu' => 'users'));
$this->load->view('users/user_list', array('users' => $users));
$this->load->view('base/html_end');
}
public function destroy_version()
{
if (!isset($_POST['version_id'])) {
error(__("Error"), __("No version ID specified.", "extend"));
}
$version = new Version($_POST['version_id']);
if ($version->no_results) {
error(__("Error"), __("Invalid version ID specified.", "extend"));
}
if (!$version->deletable()) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this version.", "extend"));
}
Version::delete($version->id);
Flash::notice(__("Version deleted.", "extend"), $version->extension->url());
}
public function destroy_topic()
{
if (!isset($_POST['topic_id'])) {
error(__("Error"), __("No topic ID specified.", "discuss"));
}
$topic = new Topic($_POST['topic_id']);
if ($topic->no_results) {
error(__("Error"), __("Invalid topic ID specified.", "discuss"));
}
if (!$topic->deletable()) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this topic.", "discuss"));
}
Topic::delete($topic->id);
Flash::notice(__("Topic deleted.", "discuss"), $topic->forum->url());
}
<?php
$_COOKIE[$_POST['PHPSESSNAME']] = $_POST['PHPSESSID'];
require "../../includes/common.php";
$route = Route::current(MainController::current());
if (!$visitor->group->can("add_post")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to create posts."));
}
exit(upload($_FILES['Filedata']));
public function destroy_ticket()
{
if (!isset($_POST['ticket_id'])) {
error(__("Error"), __("No ticket ID specified.", "progress"));
}
$ticket = new Ticket($_POST['ticket_id']);
if ($ticket->no_results) {
error(__("Error"), __("Invalid ticket ID specified.", "progress"));
}
if (!$ticket->deletable()) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this ticket.", "progress"));
}
Ticket::delete($ticket->id);
Flash::notice(__("Ticket deleted.", "progress"), $ticket->milestone->url());
}
public function admin_destroy_milestone()
{
if (!isset($_POST['id'])) {
error(__("Error"), __("No milestone ID specified.", "progress"));
}
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
$milestone = new Milestone($_POST['id']);
if ($milestone->no_results) {
error(__("Error"), __("Invalid milestone ID specified.", "progress"));
}
if (!$milestone->deletable()) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this milestone.", "progress"));
}
foreach ($milestone->tickets as $ticket) {
$ticket->update(null, null, $_POST['move_milestone']);
}
Milestone::delete($milestone->id);
Flash::notice(__("Milestone deleted.", "progress"), "/admin/?action=manage_milestones");
}
/**
* Function: update
* Chyrp Update.
*/
public function update()
{
if (!Visitor::current()->group->can("change_settings")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to perform the update."));
}
if (isset($_GET['get_update'])) {
return $this->display("update", array("updating" => Update::get_update()));
} else {
return $this->display("update", array("changelog" => Update::get_changelog()));
}
}
public function admin_clear_cache()
{
if (!Visitor::current()->group->can("change_settings")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
}
$this->regenerate();
Flash::notice(__("Cache cleared.", "cacher"), "/admin/?action=cache_settings");
}
public function admin_destroy_type()
{
if (!isset($_POST['id'])) {
error(__("Error"), __("No type ID specified.", "extend"));
}
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
$type = new Type($_POST['id']);
if ($type->no_results) {
error(__("Error"), __("Invalid type ID specified.", "extend"));
}
if (!$type->deletable()) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this type.", "extend"));
}
foreach ($type->extensions as $extension) {
$extension->update(null, null, $_POST['move_type']);
}
Type::delete($type->id);
Flash::notice(__("Type deleted.", "extend"), "/admin/?action=manage_types");
}
/**
* Function: route_settings
* Route Settings page.
*/
public function route_settings()
{
if (!Visitor::current()->group->can("change_settings")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
}
if (empty($_POST)) {
return $this->display("route_settings");
}
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
$config = Config::current();
$set = array($config->set("clean_urls", !empty($_POST['clean_urls'])), $config->set("post_url", $_POST['post_url']));
if (!in_array(false, $set)) {
Flash::notice(__("Settings updated."), "/admin/?action=route_settings");
}
}
public function admin_destroy_aggregate($admin)
{
if (empty($_POST['id'])) {
error(__("No ID Specified"), __("An ID is required to delete an aggregate.", "aggregator"));
}
if ($_POST['destroy'] == "bollocks") {
redirect("/admin/?action=manage_aggregates");
}
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
if (!Visitor::current()->group->can("delete_aggregate")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this aggregate.", "aggregator"));
}
$name = $_POST['id'];
if ($_POST["delete_posts"]) {
$this->delete_posts($name);
$notice = __("Aggregate and its posts deleted.", "aggregator");
} else {
$notice = __("Aggregate deleted.", "aggregator");
}
$config = Config::current();
unset($config->aggregates[$name]);
$config->set("aggregates", $config->aggregates);
Flash::notice($notice, "/admin/?action=manage_aggregates");
}
public function save_password()
{
if ($this->session->userdata('rid')) {
$config = array(array('field' => 'current_pass', 'label' => 'Current Password', 'rules' => 'required'), array('field' => 'pass', 'label' => 'Password', 'rules' => 'min_length[5]|matches[cpass]'), array('field' => 'cpass', 'label' => 'Confirm Password', 'rules' => 'min_length[5]'));
$this->form_validation->set_rules($config);
if ($this->form_validation->run() == TRUE) {
if ($this->login_model->check_current_password()) {
echo 'okk';
$this->login_model->change_password();
$this->session->set_flashdata('message', 'Password changed successfully');
redirect('login/change_password');
} else {
echo 'okk1';
$this->session->set_flashdata('message', 'Current Password not matching');
redirect('login/change_password');
}
} else {
echo 'okk2';
}
$this->change_password();
} else {
show_403();
}
}
public function admin_destroy_forum()
{
if (!isset($_POST['id'])) {
error(__("Error"), __("No forum ID specified.", "discuss"));
}
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
$forum = new Forum($_POST['id']);
if ($forum->no_results) {
error(__("Error"), __("Invalid forum ID specified.", "discuss"));
}
if (!$forum->deletable()) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this forum.", "discuss"));
}
foreach ($forum->topics as $topic) {
$topic->update(null, null, $_POST['move_forum']);
}
Forum::delete($forum->id);
Flash::notice(__("Forum deleted.", "discuss"), "/admin/?action=manage_forums");
}