Ejemplo n.º 1
0
 /**
  * Function: submit
  * Submits a post to the blog owner.
  */
 public function route_submit()
 {
     if (!Visitor::current()->group->can("submit_article")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to submit articles."));
     }
     if (!empty($_POST)) {
         if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
             show_403(__("Access Denied"), __("Invalid security key."));
         }
         if (empty($_POST['body'])) {
             Flash::notice(__("Post body can't be empty!"), redirect("/"));
         }
         if (!isset($_POST['draft'])) {
             $_POST['draft'] = "true";
         }
         $_POST['body'] = "{$_POST['body']}\n\n\n{$_POST['name']}\n{$_POST['email']}\n";
         $post = Feathers::$instances[$_POST['feather']]->submit();
         if (!in_array(false, $post)) {
             Flash::notice(__("Thank you for your submission. ", "submission"), "/");
         }
     }
     if (Theme::current()->file_exists("forms/post/submit")) {
         MainController::current()->display("forms/post/submit", array("feather" => $feather), __("Submit a Text Post"));
     } else {
         require "pages/submit.php";
     }
 }
Ejemplo n.º 2
0
 public function main_delete_attachment()
 {
     if (!isset($_GET['id'])) {
         error(__("No ID Specified"), __("An ID is required to delete an attachment.", "attachments"));
     }
     $attachment = new Attachment($_GET['id']);
     if ($attachment->no_results) {
         error(__("Error"), __("Invalid attachment ID specified.", "attachments"));
     }
     if (!$attachment->deletable()) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this attachment.", "attachments"));
     }
     Attachment::delete($attachment->id);
     Flash::notice(__("Attachment deleted.", "attachments"), $_SESSION['redirect_to']);
 }
Ejemplo n.º 3
0
 static function admin_obscura_settings($admin)
 {
     if (!Visitor::current()->group->can("change_settings")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
     }
     if (empty($_POST)) {
         return $admin->display("obscura_settings");
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     $set = array(Config::current()->set("module_obscura", array("background" => $_POST['background'], "spacing" => $_POST['spacing'], "protect" => isset($_POST['protect']))));
     if (!in_array(false, $set)) {
         Flash::notice(__("Settings updated."), "/admin/?action=obscura_settings");
     }
 }
Ejemplo n.º 4
0
 static function admin_cascade_settings($admin)
 {
     if (!Visitor::current()->group->can("change_settings")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
     }
     if (empty($_POST)) {
         return $admin->display("cascade_settings");
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     $set = array(Config::current()->set("ajax_scroll_auto", isset($_POST['auto'])));
     if (!in_array(false, $set)) {
         Flash::notice(__("Settings updated."), "/admin/?action=cascade_settings");
     }
 }
Ejemplo n.º 5
0
 static function admin_emailblog_settings($admin)
 {
     if (!Visitor::current()->group->can("change_settings")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
     }
     if (empty($_POST)) {
         return $admin->display("emailblog_settings");
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     $config = Config::current();
     $set = array($config->set("emailblog_address", $_POST['email']), $config->set("emailblog_pass", $_POST['pass']), $config->set("emailblog_minutes", $_POST['minutes']), $config->set("emailblog_subjpass", $_POST['subjpass']), $config->set("emailblog_server", $_POST['server']));
     if (!in_array(false, $set)) {
         Flash::notice(__("Settings updated."), "/admin/?action=emailblog_settings");
     }
 }
Ejemplo n.º 6
0
 public function admin_theme_editor($admin)
 {
     if (!Visitor::current()->group->can("change_settings")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
     }
     if (empty($_POST)) {
         return $admin->display("theme_editor", array("editor" => self::admin_context($admin->context)), __("Theme Editor", "theme_editor"));
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     if (isset($_POST['file']) and isset($_POST['newcontent'])) {
         $done = file_put_contents($_POST['file'], $_POST['newcontent']);
         if (!empty($done)) {
             Flash::notice(__("File Updated"), "/admin/?action=theme_editor&file=" . $_POST['cur_file']);
         }
     }
 }
Ejemplo n.º 7
0
 static function admin_like_settings($admin)
 {
     $config = Config::current();
     if (!Visitor::current()->group->can("change_settings")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
     }
     if (empty($_POST)) {
         return $admin->display("like_settings");
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != $config->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     $likeText = array();
     foreach ($_POST as $key => $value) {
         if (strstr($key, "likeText-")) {
             $exploded_array = explode("-", $key, 2);
             $likeText[$exploded_array[1]] = strip_tags(stripslashes($value));
         }
     }
     $set = array($config->set("module_like", array("showOnFront" => isset($_POST['showOnFront']), "likeWithText" => isset($_POST['likeWithText']), "likeImage" => $_POST['likeImage'], "likeText" => $likeText)));
     if (!in_array(false, $set)) {
         Flash::notice(__("Settings updated."), "/admin/?action=like_settings");
     }
 }
Ejemplo n.º 8
0
 * User: loveyu
 * Date: 2015/12/9
 * Time: 0:17
 */
require_once "common.php";
if (!is_login()) {
    show_403("Please login.");
}
$path = isset($_GET['path']) ? $_GET['path'] : "";
$ext = pathinfo($path, PATHINFO_EXTENSION);
if (empty($path)) {
    show_403("No empty.");
}
if (!in_ext_list($ext)) {
    show_403("No support.");
}
$path = get_sys_path($path);
if (!is_file($path)) {
    show_403("No found.");
}
$size = filesize($path);
header("Content-Type: image/{$ext}");
header("Content-Length: {$size}");
header("Content-Disposition:filename=" . basename($path));
flush();
$fp = fopen($path, "r");
while (!feof($fp)) {
    echo fread($fp, 65536);
    flush();
}
fclose($fp);
Ejemplo n.º 9
0
 static function admin_manage_comments($admin)
 {
     if (!Comment::any_editable() and !Comment::any_deletable()) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to manage any comments.", "comments"));
     }
     fallback($_GET['query'], "");
     list($where, $params) = keywords($_GET['query'], "body LIKE :query");
     $where[] = "status != 'spam'";
     $visitor = Visitor::current();
     if (!$visitor->group->can("edit_comment", "delete_comment", true)) {
         $where["user_id"] = $visitor->id;
     }
     $admin->display("manage_comments", array("comments" => new Paginator(Comment::find(array("placeholders" => true, "where" => $where, "params" => $params)), 25)));
 }
Ejemplo n.º 10
0
 static function admin_manage_dropbox($admin)
 {
     if (!Visitor::current()->group->can("add_post", "add_draft")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to create posts."));
     }
     if (empty($_POST)) {
         return $admin->display("manage_dropbox");
     }
     $config = Config::current();
     if (!isset($config->module_dropbox["oauth_token"])) {
         Flash::notice(__("You need to authorize Dropbox first.", "dropbox"), "/admin/?action=dropbox_settings");
     }
     $data = json_decode(file_get_contents("http://chyrp.net/api/1/dropboxsync.php?keys"), true);
     $app_key = $data["key"];
     $app_secret = $data["secret"];
     $storage = new \Dropbox\OAuth\Storage\Session();
     $OAuth = new \Dropbox\OAuth\Consumer\Curl($app_key, $app_secret, $storage);
     $dropbox = new \Dropbox\API($OAuth);
     $delta = $dropbox->delta();
     $delta = $delta["body"];
     if ($delta->cursor != $config->module_dropbox["cursor"]) {
         if (count($delta->entries) > 0) {
             foreach ($delta->entries as $entry) {
                 $tmpfname = tempnam("/tmp", "md");
                 $file = $dropbox->getFile(ltrim($entry[0], "/"), $tmpfname);
                 $post = new FrontMatter($file["name"]);
                 $date = explode(".", ltrim($entry[0], "/"));
                 $values = array("title" => $post->fetch("title"), "body" => $post->fetch("content"));
                 # Set defaults
                 fallback($clean, oneof($post->fetch("slug"), strtolower(str_replace(" ", "-", $post->fetch("title")))));
                 fallback($url, Post::check_url($clean));
                 fallback($pinned, oneof($post->fetch("pinned"), 0));
                 fallback($status, oneof($post->fetch("status"), "public"));
                 fallback($date, oneof(datetime($post->fetch("date")), datetime($date[0])));
                 $post = Post::add($values, $clean, $url, "text", 1, $pinned, $status, datetime($post->fetch("date")), datetime($post->fetch("date")), false);
             }
         }
         $set = array($config->set("module_dropbox", array("oauth_token_secret" => $config->module_dropbox['oauth_token_secret'], "oauth_token" => $config->module_dropbox['oauth_token'], "uid" => $config->module_dropbox['uid'], "cursor" => $delta->cursor)));
         if (!in_array(false, $set)) {
             Flash::notice(__("Post imported successfully.", "dropbox"), "/admin/?action=manage_posts");
         }
     }
 }
Ejemplo n.º 11
0
 public function admin_delete_category($admin)
 {
     if (!Visitor::current()->group()->can("manage_categorize")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to manage categories.", "categorize"));
     }
     Category::deleteCategory($_REQUEST['id']);
     Flash::notice(__("Category deleted.", "categorize"), "/admin/?action=manage_category");
 }
Ejemplo n.º 12
0
 /**
  * Function: drafts
  * Grabs the posts for viewing the Drafts lists.
  */
 public function drafts()
 {
     $visitor = Visitor::current();
     if (!$visitor->group->can("view_own_draft", "view_draft")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to view drafts."));
     }
     $posts = new Paginator(Post::find(array("placeholders" => true, "where" => array("status" => "draft", "user_id" => $visitor->id))), $this->post_limit);
     $this->display(array("pages/drafts", "pages/index"), array("posts" => $posts), __("Drafts"));
 }
Ejemplo n.º 13
0
 public function admin_bulk_tag($admin)
 {
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     if (empty($_POST['name']) or empty($_POST['post'])) {
         redirect("/admin/?action=manage_tags");
     }
     $sql = SQL::current();
     foreach (array_map("trim", explode(",", $_POST['name'])) as $tag) {
         foreach ($_POST['post'] as $post_id) {
             $post = new Post($post_id);
             if (!$post->editable()) {
                 continue;
             }
             $tags = $sql->select("post_attributes", "value", array("name" => "tags", "post_id" => $post_id));
             if ($tags and $value = $tags->fetchColumn()) {
                 $tags = YAML::load($value);
             } else {
                 $tags = array();
             }
             $tags[$tag] = sanitize($tag);
             $sql->replace("post_attributes", array("post_id", "name"), array("name" => "tags", "value" => YAML::dump($tags), "post_id" => $post_id));
         }
     }
     Flash::notice(__("Posts tagged.", "tags"), "/admin/?action=manage_tags");
 }
Ejemplo n.º 14
0
         header("HTTP/1.1 404 Not Found");
         $trigger->call("not_found");
         exit;
     }
     $main->display("feathers/" . $post->feather, array("post" => $post, "ajax_reason" => $reason));
     break;
 case "preview":
     if (empty($_POST['content'])) {
         break;
     }
     $trigger->filter($_POST['content'], array("preview_" . $_POST['feather'], "preview"), $_POST['field'], $_POST['feather']);
     echo "<h2 class=\"preview-header\">" . __("Preview") . "</h2>\n" . "<div class=\"preview-content\">" . $_POST['content'] . "</div>";
     break;
 case "check_confirm":
     if (!$visitor->group->can("toggle_extensions")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to enable/disable extensions."));
     }
     $dir = $_POST['type'] == "module" ? MODULES_DIR : FEATHERS_DIR;
     $info = YAML::load($dir . "/" . $_POST['check'] . "/info.yaml");
     fallback($info["confirm"], "");
     if (!empty($info["confirm"])) {
         echo __($info["confirm"], $_POST['check']);
     }
     break;
 case "organize_pages":
     foreach ($_POST['parent'] as $id => $parent) {
         $sql->update("pages", array("id" => $id), array("parent_id" => $parent));
     }
     foreach ($_POST['page_list'] as $index => $page) {
         $sql->update("pages", array("id" => $page), array("list_order" => $index));
     }
Ejemplo n.º 15
0
<?php

if (version_compare(PHP_VERSION, "5.3.0", "<")) {
    exit("Chyrp requires PHP 5.3.0 or greater.");
}
require_once "includes/common.php";
# Prepare the controller.
$main = MainController::current();
# Parse the route.
$route = Route::current($main);
# Check if the user can view the site.
if (!$visitor->group->can("view_site") and !in_array($route->action, array("login", "logout", "register", "lost_password"))) {
    if ($trigger->exists("can_not_view_site")) {
        $trigger->call("can_not_view_site");
    } else {
        show_403(__("Access Denied"), __("You are not allowed to view this site."));
    }
}
# Execute the appropriate Controller responder.
$route->init();
# If the route failed or nothing was displayed, check for:
# 1. Module-provided pages.
# 2. Feather-provided pages.
# 3. Theme-provided pages.
if (!$route->success and !$main->displayed) {
    $displayed = false;
    foreach ($config->enabled_modules as $module) {
        if (file_exists(MODULES_DIR . "/" . $module . "/pages/" . $route->action . ".php")) {
            $displayed = (require MODULES_DIR . "/" . $module . "/pages/" . $route->action . ".php");
        }
    }
Ejemplo n.º 16
0
 /**
  * Export the collected data to csv file.
  * @param $sid
  *   Survey sid
  * @param $type
  *  The type of export, if human readable of machine readable.
  *
  * Route - /survey/:sid/data_export/(csv_human|csv_machine)
  */
 public function survey_export_csv($sid, $type)
 {
     if (!has_permission('export csv data any survey')) {
         show_403();
     }
     $survey = $this->survey_model->get($sid);
     if (!$survey) {
         show_404();
     }
     if (!$survey->status_allows('export csv data any survey')) {
         show_403();
     }
     // Load stuff.
     $this->load->model('survey_result_model');
     $this->load->helper('or_xform_results');
     try {
         $flattener = new OR_xform_results($survey->get_xml_full_path());
     } catch (Exception $e) {
         // The xform file does not exist or is not readable.
         show_404();
     }
     // Load results.
     $results = $this->survey_result_model->get_all($sid);
     // Type of export.
     switch ($type) {
         case 'csv_human':
             $label_key = "label";
             $value_key = "value";
             $filename = sprintf('survey_results_%d_normalized.csv', $survey->sid);
             break;
         case 'csv_machine':
             $label_key = "machine_label";
             $value_key = "machine_value";
             $filename = sprintf('survey_results_%d_raw.csv', $survey->sid);
             break;
     }
     // Compose header of csv file.
     // The header is being created from the flat xfrom so if all the result
     // files fail, we'll have an empty csv with an header.
     $flat = $flattener->get_flatten();
     $header = array();
     foreach ($flat as $key => $value) {
         // The language only matters when we're exporting a non system
         // question in a normalised format.
         if ($type == 'csv_human' && !isset($value['system']) && $flattener->is_translated()) {
             $header[] = $value['label'][$flattener->get_preferred_language()];
         } else {
             // Machine labels are never translated and human label behave the
             // same way if there's no translation.
             $header[] = $value[$label_key];
         }
     }
     // Headers.
     header("Cache-Control: public");
     header("Cache-Control: no-cache, must-revalidate");
     header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
     header("Content-Description: File Transfer");
     header("Content-Disposition: attachment; filename=" . $filename);
     header("Content-Type: application/octet-stream; ");
     header("Content-Transfer-Encoding: binary");
     // Open stream.
     $output = fopen('php://output', 'w');
     // Put headers.
     fputcsv($output, $header);
     // Compose data.
     foreach ($results as $survey_result_entity) {
         try {
             $parsed_file = $flattener->parse_result_file($survey_result_entity->get_xml_full_path());
         } catch (Exception $e) {
             // The file does not exist or is not readable. Skip.
             continue;
         }
         $fields = array();
         foreach ($parsed_file as $data) {
             $fields[] = is_array($data[$value_key]) ? implode(' ', $data[$value_key]) : $data[$value_key];
         }
         fputcsv($output, $fields);
     }
     //Close stream.
     fclose($output);
 }
Ejemplo n.º 17
0
 /**
  * List with all the users.
  * 
  * Route:
  * /users/(active|blocked)
  */
 public function users_list($filter = NULL)
 {
     if (!has_permission('view user list')) {
         show_403();
     }
     switch ($filter) {
         case 'active':
             $users = $this->user_model->get_all(User_entity::STATUS_ACTIVE);
             break;
         case 'blocked':
             $users = $this->user_model->get_all(User_entity::STATUS_BLOCKED);
             break;
         default:
             $users = $this->user_model->get_all();
             break;
     }
     $this->load->view('base/html_start');
     $this->load->view('components/navigation', array('active_menu' => 'users'));
     $this->load->view('users/user_list', array('users' => $users));
     $this->load->view('base/html_end');
 }
Ejemplo n.º 18
0
 public function destroy_version()
 {
     if (!isset($_POST['version_id'])) {
         error(__("Error"), __("No version ID specified.", "extend"));
     }
     $version = new Version($_POST['version_id']);
     if ($version->no_results) {
         error(__("Error"), __("Invalid version ID specified.", "extend"));
     }
     if (!$version->deletable()) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this version.", "extend"));
     }
     Version::delete($version->id);
     Flash::notice(__("Version deleted.", "extend"), $version->extension->url());
 }
Ejemplo n.º 19
0
 public function destroy_topic()
 {
     if (!isset($_POST['topic_id'])) {
         error(__("Error"), __("No topic ID specified.", "discuss"));
     }
     $topic = new Topic($_POST['topic_id']);
     if ($topic->no_results) {
         error(__("Error"), __("Invalid topic ID specified.", "discuss"));
     }
     if (!$topic->deletable()) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this topic.", "discuss"));
     }
     Topic::delete($topic->id);
     Flash::notice(__("Topic deleted.", "discuss"), $topic->forum->url());
 }
Ejemplo n.º 20
0
<?php

$_COOKIE[$_POST['PHPSESSNAME']] = $_POST['PHPSESSID'];
require "../../includes/common.php";
$route = Route::current(MainController::current());
if (!$visitor->group->can("add_post")) {
    show_403(__("Access Denied"), __("You do not have sufficient privileges to create posts."));
}
exit(upload($_FILES['Filedata']));
Ejemplo n.º 21
0
 public function destroy_ticket()
 {
     if (!isset($_POST['ticket_id'])) {
         error(__("Error"), __("No ticket ID specified.", "progress"));
     }
     $ticket = new Ticket($_POST['ticket_id']);
     if ($ticket->no_results) {
         error(__("Error"), __("Invalid ticket ID specified.", "progress"));
     }
     if (!$ticket->deletable()) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this ticket.", "progress"));
     }
     Ticket::delete($ticket->id);
     Flash::notice(__("Ticket deleted.", "progress"), $ticket->milestone->url());
 }
Ejemplo n.º 22
0
 public function admin_destroy_milestone()
 {
     if (!isset($_POST['id'])) {
         error(__("Error"), __("No milestone ID specified.", "progress"));
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     $milestone = new Milestone($_POST['id']);
     if ($milestone->no_results) {
         error(__("Error"), __("Invalid milestone ID specified.", "progress"));
     }
     if (!$milestone->deletable()) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this milestone.", "progress"));
     }
     foreach ($milestone->tickets as $ticket) {
         $ticket->update(null, null, $_POST['move_milestone']);
     }
     Milestone::delete($milestone->id);
     Flash::notice(__("Milestone deleted.", "progress"), "/admin/?action=manage_milestones");
 }
Ejemplo n.º 23
0
 /**
  * Function: update
  * Chyrp Update.
  */
 public function update()
 {
     if (!Visitor::current()->group->can("change_settings")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to perform the update."));
     }
     if (isset($_GET['get_update'])) {
         return $this->display("update", array("updating" => Update::get_update()));
     } else {
         return $this->display("update", array("changelog" => Update::get_changelog()));
     }
 }
Ejemplo n.º 24
0
 public function admin_clear_cache()
 {
     if (!Visitor::current()->group->can("change_settings")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
     }
     $this->regenerate();
     Flash::notice(__("Cache cleared.", "cacher"), "/admin/?action=cache_settings");
 }
Ejemplo n.º 25
0
 public function admin_destroy_type()
 {
     if (!isset($_POST['id'])) {
         error(__("Error"), __("No type ID specified.", "extend"));
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     $type = new Type($_POST['id']);
     if ($type->no_results) {
         error(__("Error"), __("Invalid type ID specified.", "extend"));
     }
     if (!$type->deletable()) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this type.", "extend"));
     }
     foreach ($type->extensions as $extension) {
         $extension->update(null, null, $_POST['move_type']);
     }
     Type::delete($type->id);
     Flash::notice(__("Type deleted.", "extend"), "/admin/?action=manage_types");
 }
Ejemplo n.º 26
0
Archivo: Admin.php Proyecto: eadz/chyrp
 /**
  * Function: route_settings
  * Route Settings page.
  */
 public function route_settings()
 {
     if (!Visitor::current()->group->can("change_settings")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
     }
     if (empty($_POST)) {
         return $this->display("route_settings");
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     $config = Config::current();
     $set = array($config->set("clean_urls", !empty($_POST['clean_urls'])), $config->set("post_url", $_POST['post_url']));
     if (!in_array(false, $set)) {
         Flash::notice(__("Settings updated."), "/admin/?action=route_settings");
     }
 }
Ejemplo n.º 27
0
 public function admin_destroy_aggregate($admin)
 {
     if (empty($_POST['id'])) {
         error(__("No ID Specified"), __("An ID is required to delete an aggregate.", "aggregator"));
     }
     if ($_POST['destroy'] == "bollocks") {
         redirect("/admin/?action=manage_aggregates");
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     if (!Visitor::current()->group->can("delete_aggregate")) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this aggregate.", "aggregator"));
     }
     $name = $_POST['id'];
     if ($_POST["delete_posts"]) {
         $this->delete_posts($name);
         $notice = __("Aggregate and its posts deleted.", "aggregator");
     } else {
         $notice = __("Aggregate deleted.", "aggregator");
     }
     $config = Config::current();
     unset($config->aggregates[$name]);
     $config->set("aggregates", $config->aggregates);
     Flash::notice($notice, "/admin/?action=manage_aggregates");
 }
Ejemplo n.º 28
0
 public function save_password()
 {
     if ($this->session->userdata('rid')) {
         $config = array(array('field' => 'current_pass', 'label' => 'Current Password', 'rules' => 'required'), array('field' => 'pass', 'label' => 'Password', 'rules' => 'min_length[5]|matches[cpass]'), array('field' => 'cpass', 'label' => 'Confirm Password', 'rules' => 'min_length[5]'));
         $this->form_validation->set_rules($config);
         if ($this->form_validation->run() == TRUE) {
             if ($this->login_model->check_current_password()) {
                 echo 'okk';
                 $this->login_model->change_password();
                 $this->session->set_flashdata('message', 'Password changed successfully');
                 redirect('login/change_password');
             } else {
                 echo 'okk1';
                 $this->session->set_flashdata('message', 'Current Password not matching');
                 redirect('login/change_password');
             }
         } else {
             echo 'okk2';
         }
         $this->change_password();
     } else {
         show_403();
     }
 }
Ejemplo n.º 29
0
 public function admin_destroy_forum()
 {
     if (!isset($_POST['id'])) {
         error(__("Error"), __("No forum ID specified.", "discuss"));
     }
     if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
         show_403(__("Access Denied"), __("Invalid security key."));
     }
     $forum = new Forum($_POST['id']);
     if ($forum->no_results) {
         error(__("Error"), __("Invalid forum ID specified.", "discuss"));
     }
     if (!$forum->deletable()) {
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this forum.", "discuss"));
     }
     foreach ($forum->topics as $topic) {
         $topic->update(null, null, $_POST['move_forum']);
     }
     Forum::delete($forum->id);
     Flash::notice(__("Forum deleted.", "discuss"), "/admin/?action=manage_forums");
 }