public function editAction()
{
$app_id = $this->getAppId();
$app = wa()->getAppInfo($app_id);
$theme_id = waRequest::get('theme');
$theme = new waTheme($theme_id, $app_id);
if (($f = waRequest::get('file')) !== '') {
if (!$f) {
$files = $theme['files'];
if (isset($files['index.html'])) {
$f = 'index.html';
} else {
ksort($files);
$f = key($files);
}
}
$file = $theme->getFile($f);
$file['id'] = $f;
if ($theme->parent_theme_id && $file['parent']) {
if (!waTheme::exists($theme->parent_theme_id, $app_id)) {
$theme_id = $theme->parent_theme_id;
if (strpost($theme_id, ':') !== false) {
list($app_id, $theme_id) = explode(':', $theme_id, 2);
$app = wa()->getAppInfo($app_id);
}
throw new waException(sprintf(_ws('Theme %s for “%s” app not found.'), $theme_id, $app['name']));
}
$path = $theme->parent_theme->getPath();
$parent_file = $theme->parent_theme->getFile($f);
if (empty($file['description'])) {
$file['description'] = $parent_file['description'];
}
} else {
$path = $theme->getPath();
}
$path .= '/' . $f;
$content = file_exists($path) ? file_get_contents($path) : '';
$file['content'] = $content;
if ($theme->type == waTheme::OVERRIDDEN) {
$file['has_original'] = $theme['type'] == file_exists(wa()->getAppPath('themes/' . $theme_id, $app_id) . '/' . $f);
}
} else {
$file = array('id' => null, 'description' => '', 'custom' => true, 'content' => '');
}
$template = $this->getConfig()->getRootPath() . '/wa-system/design/templates/DesignEdit.html';
$data = array('options' => $this->options, 'app_id' => $app_id, 'design_url' => $this->design_url, 'app' => $app, 'file' => $file, 'theme_id' => $theme_id, 'theme' => $theme);
if ($theme->parent_theme_id) {
$data['parent_theme'] = $theme->parent_theme;
}
$this->display($data, $template);
}
public function setOptions(array $options)
{
$methods = get_class_methods($this);
foreach ($options as $key => $value) {
$pos = strpos($key, "_");
// get the index of the first underscore
$pos2 = strpost($key, "_", $pos + 1);
// get the index of the 2nd underscore
if ($pos !== false && $pos2 !== false) {
$key = substr_replace($key, array(strtoupper($key[$pos + 1]), strtoupper($key[$pos2 + 1])), array($pos + 1, $pos2 + 1), 1);
// uppercase the character following the underscore
} else {
$key = substr_replace($key, strtoupper($key[$pos + 1]), $pos + 1, 1);
// uppercase the character following the underscore
}
$key = str_replace("_", "", $key);
// remove the underscore
$method = 'set' . ucfirst($key);
if (in_array($method, $methods)) {
$this->{$method}($value);
}
}
return $this;
}
} elseif (isset($_GET['id'])) {
if ($_GET['id'] != "" && is_numeric($_GET['id']) == TRUE) {
$class_id = escape_string($_GET['id']);
} else {
cust_die("Invalid class ID.");
}
// perhaps $class_id = 0 can be reserved for a teachers'/admins' forum...
// see if the requested ID is an actual class.
$is_class = @query("SELECT 1 FROM `classes` WHERE `ID`='{$class_id}'") or die("Error checking the database.");
if (num_rows($is_class) == 0) {
cust_die("Invalid class ID.");
}
// if it is, see if the user may access it. teachers and admins may access all forums
if (user_type() == "user") {
$classes = parse_class_list($_SESSION['id']);
if (strpos($classes, $class_id . ",") === FALSE && strpost($classes, "," . $class_id) === FALSE) {
cust_die("You may not access this forum>");
}
}
// if he or she may...
// allow the class's teacher (or an administrator) to delete posts or topics
if (isset($_GET['delete'])) {
// if the user is an administrator or the class's teacher, allow him or her to delete the post/topic
if (user_type() == "admin" || user_type() == "teacher") {
$good = 1;
if (user_type() == "teacher") {
// see if they teach the class
$class_data = get_class_data($class_id);
$class_data = explode("::", $class_data);
$teacher_id = $class_data[1];
if ($teacher_id != $_SESSION['id']) {
