function test_options()
{
$payments = Appconf::options('payments');
$this->assertEquals(true, is_array($payments));
$acl = Appconf::options('acl');
$this->assertEquals(true, in_array('filemanager', array_keys($acl)));
$this->assertEquals('Upload and manage files', $acl['filemanager']);
$this->assertEquals(true, in_array('user/roles', array_keys($acl)));
$commands = Appconf::options('cli', 'commands');
$expected_commands = array('api/create-token' => 'Generate or reset an API token and secret key for a user.', 'api/get-token' => 'Fetch or generate an API token and secret key for a user.', 'blog/publish-queue' => 'Publish scheduled blog posts.');
foreach ($expected_commands as $command => $name) {
$this->assertEquals(true, in_array($command, array_keys($commands)));
$this->assertEquals($name, $commands[$command]);
}
}
// get the version and check if the app installed
$version = Appconf::get ($this->app, 'Admin', 'version');
$current = $this->installed ($this->app, $version);
if ($current === true) {
// app is already installed and up-to-date, stop here
$page->title = __ ('Already up-to-date');
printf ('<p><a href="/%s/admin">%s</a>', $this->app, __ ('Home'));
return;
}
$page->title = sprintf (
'%s: %s',
__ ('Upgrading App'),
Appconf::get ($this->app, 'Admin', 'name')
);
// grab the database driver
$conn = conf ('Database', 'master');
$driver = $conn['driver'];
// check if upgrade script exists and if so, run it
$base_version = preg_replace ('/-.*$/', '', $version);
$file = 'apps/' . $this->app . '/conf/upgrade_' . $base_version . '_' . $driver . '.sql';
if (file_exists ($file)) {
// begin the transaction
DB::beginTransaction ();
// parse the database schema into individual queries
$sql = sql_split (file_get_contents ($file));
? $tpl->run_includes ($footer)
: false;
echo $tpl->render ('blog/post', $post);
switch (Appconf::blog ('Blog', 'comments')) {
case 'disqus':
echo $this->run ('blog/disqus/comments', $post);
break;
case 'facebook':
echo $this->run ('social/facebook/comments', $post);
break;
default:
if (Appconf::blog ('Blog', 'comments') != false) {
echo $this->run (
Appconf::blog ('Blog', 'comments'),
array (
'identifier' => $post->url
)
);
}
break;
}
// add rss discovery
$page->add_script (sprintf (
'<link rel="alternate" type="application/rss+xml" href="http://%s/blog/rss" />',
$_SERVER['HTTP_HOST']
));
// add opengraph meta tags
} else {
if (User::require_acl('admin', 'blog', 'admin/add')) {
echo '<p class="hide-in-preview"><a href="/blog/add">' . __('Add Blog Post') . '</a></p>';
}
if (Appconf::blog('Blog', 'post_format') === 'markdown') {
require_once 'apps/blog/lib/markdown.php';
}
foreach ($posts as $_post) {
$post = $_post->orig();
$post->url = '/blog/post/' . $post->id . '/';
$post->fullurl = $post->url . URLify::filter($post->title);
$post->tag_list = strlen($post->tags) > 0 ? explode(',', $post->tags) : array();
$post->social_buttons = Appconf::blog('Social Buttons');
if (Appconf::blog('Blog', 'post_format') === 'html') {
$post->body = $tpl->run_includes($post->body);
} else {
$post->body = $tpl->run_includes(Markdown($post->body));
}
if ($preview_chars) {
$post->body = blog_filter_truncate($post->body, $preview_chars) . ' <a href="' . $post->url . '">' . __('Read more') . '</a>';
} else {
$post->footer = $footer;
}
echo $tpl->render('blog/post', $post);
}
}
if (!$this->internal) {
$page->window_title = Appconf::blog('Blog', 'title');
}
$page->add_script(sprintf('<link rel="alternate" type="application/rss+xml" href="http://%s/blog/rss" />', $_SERVER['HTTP_HOST']));
echo $tpl->render('blog/index', $page);
$apply = array();
foreach ($files as $k => $file) {
if (preg_match('/^apps\\/' . $this->app . '\\/conf\\/upgrade_([0-9.]+)_' . $driver . '\\.sql$/', $file, $regs)) {
if (version_compare($regs[1], $base_current, '>') && version_compare($regs[1], $base_version, '<=')) {
$apply[$regs[1]] = $file;
}
}
}
// begin the transaction
DB::beginTransaction();
// apply the upgrade scripts
foreach ($apply as $ver => $file) {
// parse the database schema into individual queries
$sql = sql_split(file_get_contents($file));
// execute each query in turn
foreach ($sql as $query) {
if (!DB::execute($query)) {
// show error and rollback on failures
printf('<p>%s</p><p class="visible-notice">%s: %s</p>', __('Upgrade failed on version %s. Rolling back changes.', $ver), __('Error'), DB::error());
DB::rollback();
return;
}
}
// add any custom upgrade logic here
}
// commit the transaction
DB::commit();
// mark the new version installed
$this->mark_installed($this->app, $version);
printf('<p><a href="/%s">%s</a>', Appconf::get($this->app, 'Admin', 'handler'), __('Done.'));
$_POST['expires'] = $now;
$_POST['signed_up'] = $now;
$_POST['updated'] = $now;
$_POST['userdata'] = json_encode(array());
unset($_POST['verify_pass']);
unset($_POST['_states']);
unset($_POST['_countries']);
$u = new User($_POST);
$u->put();
Versions::add($u);
if (!$u->error) {
$this->add_notification(__('Member added.'));
$this->hook('user/add', $_POST);
$this->redirect('/user/admin');
}
$page->title = __('An Error Occurred');
echo __('Error Message') . ': ' . $u->error;
} else {
$u = new User();
$u->type = Appconf::user('User', 'default_role');
$u->types = User::allowed_roles();
$u->failed = $f->failed;
$u = $f->merge_values($u);
$u->_states = user\Data::states();
$u->_countries = user\Data::countries();
$page->title = __('Add Member');
$page->add_script('/js/json2.js');
$page->add_script('/js/jstorage.js');
$page->add_script('/js/jquery.autosave.js');
echo $tpl->render('user/add', $u);
}
$page->layout = 'admin';
$this->require_acl ('admin', 'user');
if (! isset ($_GET['id'])) {
$this->redirect ('/user/admin');
}
$user = new User ($_GET['id']);
if ($user->error) {
$page->title = __ ('Account not found');
printf ('<p><a href="/user/admin">« %s</a></p>', __ ('Back'));
return;
}
$user = $user->orig ();
$tabs = Appconf::options ('user');
foreach ($tabs as $handler => $name) {
$user->tabs[$name] = $this->run ($handler, array ('user' => $user->id));
}
$page->title = Template::sanitize ($user->name);
$page->add_style ('/apps/user/css/details.css');
$page->add_script ('/js/jquery-ui/jquery-ui.min.js');
$page->add_script ('/apps/user/js/jquery.tools.min.js');
$page->add_script ('/apps/user/js/react/react.js');
$page->add_script ('/apps/user/js/build/links.js');
$page->add_script ('/apps/user/js/build/notes.js');
echo $tpl->render ('user/details', $user);
}
$data['num_of_tweets'] = isset ($data['num_of_tweets']) ? $data['num_of_tweets'] : 5;
$data['show_dates'] = isset ($data['show_dates']) ? $data['show_dates'] : 'no';
$cache_key = 'social:twitter:' . $data['twitter_id'] . ':' . $data['num_of_tweets'];
$res = $cache->get ($cache_key);
if ($res) {
return $res;
}
$twauth = new tmhOAuth (array (
'consumer_key' => Appconf::user ('Twitter', 'consumer_key'),
'consumer_secret' => Appconf::user ('Twitter', 'consumer_secret'),
'user_token' => Appconf::user ('Twitter', 'access_token'),
'user_secret' => Appconf::user ('Twitter', 'access_token_secret')
));
$code = $twauth->request (
'GET',
'https://api.twitter.com/1.1/statuses/user_timeline.json',
array (
'screen_name' => $data['twitter_id'],
'count' => $data['num_of_tweets']
)
);
$res = json_decode ($twauth->response['response']);
if ($code !== 200) {
error_log (sprintf (
/**
* Looks for an override of the current handler in the app
* configuration in a `[Custom Handlers]` section. Overrides
* are handlers that should be called transparently in place
* of the current handler, overriding its behaviour without
* modifying the original handler.
*
* An override setting's key should be the app/handler name,
* and the value can be either the same app/handler name
* (meaning no override), another app/handler name (meaning
* override with that handler), or Off (meaning disable the
* handler). A handler that has been disabled will return a
* 404 error.
*
* If the response is false, there was no override or disabling,
* and the handler should continue running, otherwise the
* response will contain the output of the override handler
* which should be echoed and the original handler should
* return and stop further execution.
*/
public function override($handler)
{
static $overridden = array();
if (in_array($handler, $overridden)) {
// don't override the same handler
// twice to prevent infinite loops
return false;
}
$overridden[] = $handler;
list($app) = explode('/', $handler);
$custom = Appconf::get($app, 'Custom Handlers', $handler);
if (!$custom) {
// disable this handler
return $this->error(404, __('Not found'), __('The page you requested could not be found.'));
}
if ($custom !== $handler) {
// override the handler
$override = count($this->params) ? $custom . '/' . join('/', $this->params) : $custom;
return $this->run($override, $this->data, $this->internal);
}
// no override
return false;
}
<?php
// keep unauthorized users out
$this->require_admin();
// set the layout and page title
$page->layout = 'admin';
$page->title = __('Files - Settings');
// create the form
$form = new Form('post', $this);
// set the form data from the app settings
$form->data = array('aviary_key' => Appconf::filemanager('General', 'aviary_key'));
echo $form->handle(function ($form) {
// merge the new values into the settings
$merged = Appconf::merge('filemanager', array('General' => array('aviary_key' => $_POST['aviary_key'])));
// save the settings to disk
if (!Ini::write($merged, 'conf/app.filemanager.' . ELEFANT_ENV . '.php')) {
printf('<p>%s</p>', __('Unable to save changes. Check your permissions and try again.'));
return;
}
// redirect to the main admin page with a notification
$form->controller->add_notification(__('Settings saved.'));
$form->controller->redirect('/filemanager/index');
});
/**
* Creates a preview of a web page based on POST data sent to it.
* POST data must match values available to the Page object.
*/
$this->require_admin();
$post = new blog\Post($_POST);
$page->id = 'blog';
$page->layout = Appconf::blog('Blog', 'post_layout');
if (Appconf::blog('Blog', 'post_format') === 'html') {
$post->body = $tpl->run_includes($post->body);
} else {
require_once 'apps/blog/lib/markdown.php';
$post->body = $tpl->run_includes(Markdown($post->body));
}
$post->social_buttons = Appconf::blog('Social Buttons');
echo $tpl->render('blog/post', $post);
switch (Appconf::blog('Blog', 'comments')) {
case 'disqus':
echo $this->run('blog/disqus/comments', $post);
break;
case 'facebook':
echo $this->run('social/facebook/comments', $post);
break;
default:
if (Appconf::blog('Blog', 'comments') != false) {
echo $this->run(Appconf::blog('Blog', 'comments'), array('identifier' => $post->url));
}
break;
}
$page->add_script(sprintf('<link rel="alternate" type="application/rss+xml" href="http://%s/blog/rss" />', $_SERVER['HTTP_HOST']));
/**
* The front controller only has one static method, `run()`, which
*
*/
public static function run($argv, $argc)
{
/**
* For compatibility with PHP 5.4's built-in web server, we bypass
* the front controller for requests with file extensions and
* return false.
*/
if (php_sapi_name() === 'cli-server' && isset($_SERVER['REQUEST_URI']) && preg_match('/\\.[a-zA-Z0-9]+$/', parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH))) {
return false;
}
/**
* Normalize slashes for servers that are still poorly
* configured...
*/
if (get_magic_quotes_gpc()) {
function stripslashes_gpc(&$value)
{
$value = stripslashes($value);
}
array_walk_recursive($_GET, 'stripslashes_gpc');
array_walk_recursive($_POST, 'stripslashes_gpc');
array_walk_recursive($_COOKIE, 'stripslashes_gpc');
array_walk_recursive($_REQUEST, 'stripslashes_gpc');
}
/**
* Check ELEFANT_ENV environment variable to determine which
* configuration to load. Also include the Elefant version,
* autoloader, and core functions.
*/
define('ELEFANT_ENV', getenv('ELEFANT_ENV') ? getenv('ELEFANT_ENV') : 'config');
require 'conf/version.php';
require 'lib/Autoloader.php';
require 'lib/Functions.php';
/**
* There are several settings which were moved to the admin app,
* but are replicated into the global config here for backwards
* compatibility with existing templates and apps.
*/
$site_settings = Appconf::admin('Site Settings');
foreach ($site_settings as $key => $value) {
if ($value) {
conf('General', $key, $value);
}
}
/**
* Set the default timezone to avoid warnings in date functions,
* and configure session settings.
*/
date_default_timezone_set(conf('General', 'timezone'));
ini_set('session.cookie_httponly', 1);
ini_set('session.use_only_cookies', 1);
/**
* Set the default error reporting level to All except Notices,
* and turn off displaying errors. Error handling/debugging can
* be done by setting conf[General][debug] to true, causing full
* debug traces to be displayed with highlighted code in the
* browser (*for development purposes only*), or by checking
* the error log for errors.
*/
error_reporting(E_ALL & ~E_NOTICE);
if (conf('General', 'display_errors')) {
ini_set('display_errors', 'On');
} else {
ini_set('display_errors', 'Off');
}
/**
* Enable the debugger if conf[General][debug] is true.
*/
require 'lib/Debugger.php';
Debugger::start(conf('General', 'debug'));
/**
* Include the core libraries used by the front controller
* to dispatch and respond to requests.
*/
require 'lib/DB.php';
require 'lib/Page.php';
require 'lib/I18n.php';
require 'lib/Controller.php';
require 'lib/Template.php';
require 'lib/View.php';
/**
* If we're on the command line, set the request to use
* the first argument passed to the script.
*/
if (defined('STDIN')) {
$_SERVER['REQUEST_URI'] = '/' . $argv[1];
}
/**
* Initialize some core objects. These function as singletons
* because only one instance of them per request is desired
* (no duplicate execution for things like loading translation
* files).
*/
$i18n = new I18n('lang', conf('I18n'));
$page = new Page();
$controller = new Controller(conf('Hooks'));
$tpl = new Template(conf('General', 'charset'), $controller);
$controller->page($page);
$controller->i18n($i18n);
$controller->template($tpl);
View::init($tpl);
/**
* Check for a bootstrap.php file in the root of the site
* and if found, use it for additional app-level configurations
* (Dependency Injection, custom logging settings, etc.).
*/
if (file_exists('bootstrap.php')) {
require 'bootstrap.php';
}
/**
* Initialize the built-in cache support. Provides a
* consistent cache API (based on Memcache) so we can always
* include caching in our handlers and in the front controller.
*/
if (!isset($cache) || !is_object($cache)) {
$cache = Cache::init(conf('Cache'));
}
$controller->cache($cache);
/**
* Provide global access to core objects, although the preferred
* way of accessing these is via the Controller object (`$this`
* in handlers).
*/
$GLOBALS['i18n'] = $i18n;
$GLOBALS['page'] = $page;
$GLOBALS['controller'] = $controller;
$GLOBALS['tpl'] = $tpl;
$GLOBALS['cache'] = $cache;
/**
* Run any config level route overrides.
*/
if (file_exists('conf/routes.php')) {
$_routes = parse_ini_file('conf/routes.php', true);
if (isset($_routes['Disable'])) {
foreach ($_routes['Disable'] as $_route => $_strict) {
if (!$_strict && strpos($_SERVER['REQUEST_URI'], $_route) === 0 && $_SERVER['REQUEST_URI'] !== $_route || $_strict && $_SERVER['REQUEST_URI'] == $_route) {
$page->body = $controller->run(conf('General', 'error_handler'), array('code' => 404, 'title' => 'Page not found.', 'message' => ''));
echo $page->render($tpl, $controller);
// render 404 page and exit
return true;
}
}
}
if (isset($_routes['Redirect'])) {
foreach ($_routes['Redirect'] as $_old => $_new) {
if ($_old !== $_new && $_SERVER['REQUEST_URI'] == $_old) {
$controller->redirect($_new);
}
}
}
if (isset($_routes['Alias'])) {
foreach ($_routes['Alias'] as $_old => $_new) {
if (strpos($_SERVER['REQUEST_URI'], $_old) === 0) {
$controller->alias = $_SERVER['REQUEST_URI'];
$_SERVER['REQUEST_URI'] = str_replace($_old, $_new, $_SERVER['REQUEST_URI']);
break;
}
}
}
unset($_routes);
}
/**
* Route the request to the appropriate handler and get
* the handler's response.
*/
if ($i18n->url_includes_lang) {
$handler = $controller->route($i18n->new_request_uri);
} else {
$handler = $controller->route($_SERVER['REQUEST_URI']);
}
$page->body = $controller->handle($handler, false);
/**
* Control caching of the response
*/
if (conf('Cache', 'control') && !conf('General', 'debug')) {
/* Cache control is ON */
if (session_id() === '' && $page->cache_control) {
if (isset($_SERVER["SERVER_SOFTWARE"]) && strpos($_SERVER["SERVER_SOFTWARE"], "nginx") !== false) {
/* Allow NGINX to cache this request - see http://wiki.nginx.org/X-accel */
$controller->header('X-Accel-Buffering: yes');
$controller->header('X-Accel-Expires: ' . conf('Cache', 'expires'));
}
/* Standard http headers */
$controller->header('Cache-Control: public, no-cache="set-cookie", must-revalidate, proxy-revalidate, max-age=0');
$controller->header('Pragma: public');
$controller->header('Expires: ' . gmdate('D, d M Y H:i:s', time() + conf('Cache', 'expires')) . ' GMT');
} else {
if (isset($_SERVER["SERVER_SOFTWARE"]) && strpos($_SERVER["SERVER_SOFTWARE"], "nginx") !== false) {
/* Do NOT allow NGINX to cache this request - see http://wiki.nginx.org/X-accel */
$controller->header('X-Accel-Buffering: no');
$controller->header('X-Accel-Expires: 0');
}
/* Standard http headers */
$controller->header('Pragma: no-cache');
$controller->header('Cache-Control: no-cache, must-revalidate');
$controller->header('Expires: 0');
}
} else {
if (isset($_SERVER["SERVER_SOFTWARE"]) && strpos($_SERVER["SERVER_SOFTWARE"], "nginx") !== false) {
/* Do NOT allow NGINX to cache this request by default - see http://wiki.nginx.org/X-accel */
$controller->header('X-Accel-Buffering: no');
$controller->header('X-Accel-Expires: 0');
}
}
/**
* Render and send the output to the client, using gzip
* compression if conf[General][compress_output] is true.
*/
$out = $page->render($tpl, $controller);
if (extension_loaded('zlib') && conf('General', 'compress_output')) {
ini_set('zlib.output_compression', 4096);
}
@session_write_close();
echo $out;
return true;
}
*
* - `twitter_id` - The Twitter ID to show a feed of (default = Twitter ID setting).
* - `num_of_tweets` - Number of tweets to show (default = 5)
* - `show_dates` - Whether to show the tweet dates (default = no)
*
* Also available in the dynamic objects menu as "Twitter: Feed".
*
* > Note: Requires you to register a Twitter app, then enter your
* > Twitter app credentials on the Accounts > Settings screen.
*/
if (!isset($data['twitter_id'])) {
$id = Appconf::user('Twitter', 'twitter_id');
$data['twitter_id'] = !empty($id) ? $id : $appconf['Twitter']['id'];
}
$data['num_of_tweets'] = isset($data['num_of_tweets']) ? $data['num_of_tweets'] : 5;
$data['show_dates'] = isset($data['show_dates']) ? $data['show_dates'] : 'no';
$cache_key = 'social:twitter:' . $data['twitter_id'] . ':' . $data['num_of_tweets'];
$res = $cache->get($cache_key);
if ($res) {
return $res;
}
$twauth = new tmhOAuth(array('consumer_key' => Appconf::user('Twitter', 'consumer_key'), 'consumer_secret' => Appconf::user('Twitter', 'consumer_secret'), 'user_token' => Appconf::user('Twitter', 'access_token'), 'user_secret' => Appconf::user('Twitter', 'access_token_secret')));
$code = $twauth->request('GET', 'https://api.twitter.com/1.1/statuses/user_timeline.json', array('screen_name' => $data['twitter_id'], 'count' => $data['num_of_tweets']));
$res = json_decode($twauth->response['response']);
if ($code !== 200) {
error_log(sprintf('Error requesting tweets: [%d] %s', $res->errors[0]->code, $res->errors[0]->message));
}
$data['tweets'] = $res;
$out = $tpl->render('social/twitter/feed', $data);
$cache->set($cache_key, $out, 0, 1800);
echo $out;
<?php
// keep unauthorized users out
$this->require_acl('admin', $this->app);
// set the layout
$page->layout = 'admin';
// get the version and check if the app installed
$version = Appconf::get($this->app, 'Admin', 'version');
$current = $this->installed($this->app, $version);
if ($current === true) {
// app is already installed and up-to-date, stop here
$page->title = __('Already up-to-date');
printf('<p><a href="/%s/admin">%s</a>', $this->app, __('Home'));
return;
}
$page->title = sprintf('%s: %s', __('Upgrading App'), Appconf::get($this->app, 'Admin', 'name'));
// grab the database driver
$conn = conf('Database', 'master');
$driver = $conn['driver'];
// check if upgrade script exists and if so, run it
$base_version = preg_replace('/-.*$/', '', $version);
$file = 'apps/' . $this->app . '/conf/upgrade_' . $base_version . '_' . $driver . '.sql';
if (file_exists($file)) {
// begin the transaction
DB::beginTransaction();
// parse the database schema into individual queries
$sql = sql_split(file_get_contents($file));
// execute each query in turn
foreach ($sql as $query) {
if (!DB::execute($query)) {
// show error and rollback on failures
/**
* Get the domain minus any subdomain.
*
* @return string
*/
public static function base_domain()
{
$base = \Appconf::saasy('App Settings', 'base_domain');
if ($base) {
return $base;
}
$parts = explode('.', $_SERVER['HTTP_HOST']);
if (count($parts) === 3) {
array_shift($parts);
}
return join('.', $parts);
}
}
if (!$this->internal) {
$page->title = __('Members');
} elseif (isset($data['redirect'])) {
$_POST['redirect'] = $data['redirect'];
}
if (isset($_GET['redirect'])) {
$_POST['redirect'] = $_GET['redirect'];
}
if (!isset($_POST['redirect'])) {
$_POST['redirect'] = $_SERVER['REQUEST_URI'];
if ($_POST['redirect'] == '/user/login') {
$_POST['redirect'] = '/user';
}
}
if (!Validator::validate($_POST['redirect'], 'header')) {
$_POST['redirect'] = '/user';
}
$redir = parse_url($_POST['redirect']);
if ($redir === false || $_POST['redirect'] !== $redir['path'] && $_POST['redirect'] !== $redir['path'] . '?' . $redir['query']) {
$_POST['redirect'] = '/user';
}
if (!User::require_login()) {
if (!$this->internal && !empty($_POST['username'])) {
echo '<p>' . __('Incorrect email or password, please try again.') . '</p>';
}
$_POST['signup_handler'] = Appconf::user('Custom Handlers', 'user/signup');
echo $tpl->render('user/login', $_POST);
} elseif (!$this->internal) {
$this->redirect($_POST['redirect']);
}
<?php
/**
* Global site settings manager.
*/
// keep unauthorized users out
$this->require_acl('admin', 'settings');
// set the layout and page title
$page->layout = 'admin';
$page->title = __('Site Settings');
// create the form
$form = new Form('post', $this);
// set the form data from the global conf() settings, since they've already
// been rewritten with the Appconf::storyteller() ones in bootstrap.php
$form->data = array('site_name' => conf('General', 'site_name'), 'site_domain' => conf('General', 'site_domain') ? conf('General', 'site_domain') : $_SERVER['HTTP_HOST'], 'email_from' => conf('General', 'email_from'), 'timezone' => conf('General', 'timezone'), 'google_analytics_id' => conf('General', 'google_analytics_id'));
echo $form->handle(function ($form) {
// merge the new values into the settings
$merged = Appconf::merge('admin', array('Site Settings' => array('site_name' => $_POST['site_name'], 'site_domain' => $_POST['site_domain'], 'email_from' => $_POST['email_from'], 'timezone' => $_POST['timezone'], 'google_analytics_id' => $_POST['google_analytics_id'])));
// save the settings to disk
if (!Ini::write($merged, 'conf/app.admin.' . ELEFANT_ENV . '.php')) {
printf('<p>%s</p>', __('Unable to save changes. Check your permissions and try again.'));
return;
}
// redirect to the main admin page with a notification
$form->controller->add_notification(__('Settings saved.'));
$form->controller->redirect('/');
});
<?php
/**
* Adds a new user for the user chooser's new user form.
*/
$this->require_acl('admin', 'user');
$page->layout = false;
header('Content-Type: application/json');
$f = new Form('post', 'user/add');
$f->verify_csrf = false;
if (!$f->submit()) {
echo json_encode(array('success' => false, 'error' => __('Form validation failed. Please review and try again.')));
return;
}
if (!User::require_acl('user/edit_roles')) {
$_POST['type'] = Appconf::user('User', 'default_role');
}
$_POST['password'] = User::encrypt_pass($_POST['password']);
$now = gmdate('Y-m-d H:i:s');
$_POST['expires'] = $now;
$_POST['signed_up'] = $now;
$_POST['updated'] = $now;
$_POST['userdata'] = json_encode(array());
unset($_POST['verify_pass']);
$u = new User($_POST);
$u->put();
Versions::add($u);
if (!$u->error) {
$this->add_notification(__('Member added.'));
$this->hook('user/add', $_POST);
echo json_encode(array('success' => true, 'data' => array('id' => $u->id, 'name' => $u->name, 'email' => $u->email)));
<?php
/**
* If a Google Analytics ID is set in the site settings, this will
* return the Google Analytics code for your site. You can use it in
* your layout templates just before the `</body>` tag like this:
*
* {! admin/util/analytics !}
*
* To set your Google Analytics ID, visit the Site Settings
* link in the admin toolbar.
*/
$analytics_id = Appconf::admin('Site Settings', 'google_analytics_id');
if ($analytics_id) {
echo $tpl->render('admin/util/analytics', array('analytics_id' => $analytics_id));
}
<?php
/**
* Default log out handler. You can specify a `redirect` value
* to send them to after logging out.
*/
// Check for a custom handler override
$res = $this->override('user/logout');
if ($res) {
echo $res;
return;
}
if (!isset($_GET['redirect'])) {
$_GET['redirect'] = Appconf::user('User', 'logout_redirect');
}
if (!Validator::validate($_GET['redirect'], 'header')) {
$_GET['redirect'] = '/';
}
$redir = parse_url($_GET['redirect']);
if ($redir === false || $_GET['redirect'] !== $redir['path'] && $_GET['redirect'] !== $redir['path'] . '?' . $redir['query']) {
$_GET['redirect'] = '/';
}
Lock::clear();
echo User::logout($_GET['redirect']);
<?php
/**
* Default handler, simply forwards to the current version of the API.
*/
$this->redirect('/api/' . Appconf::api('Api', 'current_version'));
<?php
/**
* This is the settings form for the blog app.
*/
$this->require_admin();
$page->layout = 'admin';
$page->title = __('Blog Settings');
$form = new Form('post', $this);
$form->data = array('title' => $appconf['Blog']['title'], 'layout' => $appconf['Blog']['layout'], 'post_layout' => $appconf['Blog']['post_layout'], 'comments' => $appconf['Blog']['comments'], 'preview_chars' => $appconf['Blog']['preview_chars'], 'post_format' => $appconf['Blog']['post_format'], 'post_footer' => $appconf['Blog']['post_footer'], 'show_related_posts' => $appconf['Blog']['show_related_posts'], 'disqus_shortname' => $appconf['Blog']['disqus_shortname'], 'social_twitter' => $appconf['Social Buttons']['twitter'], 'social_facebook' => $appconf['Social Buttons']['facebook'], 'social_google' => $appconf['Social Buttons']['google']);
echo $form->handle(function ($form) {
$merged = Appconf::merge('blog', array('Blog' => array('title' => $_POST['title'], 'layout' => $_POST['layout'], 'post_layout' => $_POST['post_layout'], 'preview_chars' => !empty($_POST['preview_chars']) ? (int) $_POST['preview_chars'] : false, 'post_format' => $_POST['post_format'], 'post_footer' => $_POST['post_footer'], 'comments' => $_POST['comments'] === 'none' ? false : $_POST['comments'], 'show_related_posts' => $_POST['show_related_posts'] === 'yes' ? true : false, 'disqus_shortname' => $_POST['disqus_shortname']), 'Social Buttons' => array('twitter' => $_POST['social_twitter'] === 'yes' ? true : false, 'facebook' => $_POST['social_facebook'] === 'yes' ? true : false, 'google' => $_POST['social_google'] === 'yes' ? true : false)));
if (!Ini::write($merged, 'conf/app.blog.' . ELEFANT_ENV . '.php')) {
printf('<p>%s</p>', __('Unable to save changes. Check your folder permissions and try again.'));
return;
}
$form->controller->run('navigation/hook/edit', array('page' => 'blog', 'id' => 'blog', 'title' => $_POST['title']));
$form->controller->add_notification(__('Settings saved.'));
$form->controller->redirect('/blog/admin');
});
* New user form for registering social login users.
*/
if (!$appconf['Custom Handlers']['user/signup']) {
echo $this->error(404, __('Not found'), __('The page you requested could not be found.'));
return;
}
// Check for a custom handler override
$res = $this->override('user/login/newuser');
if ($res) {
echo $res;
return;
}
$f = new Form('post', 'user/login/newuser');
if ($f->submit()) {
$date = gmdate('Y-m-d H:i:s');
$u = new User(array('name' => $_POST['name'], 'email' => $_POST['email'], 'password' => User::encrypt_pass($_POST['password']), 'expires' => $date, 'type' => Appconf::user('User', 'default_role'), 'signed_up' => $date, 'updated' => $date, 'userdata' => json_encode(array()), 'about' => ''));
$u->put();
Versions::add($u);
if (!$u->error) {
$oid = new User_OpenID(array('token' => $_POST['token'], 'user_id' => $u->id));
$oid->put();
$_POST['username'] = $_POST['email'];
User::require_login();
$this->redirect($_POST['redirect']);
}
// TODO: already have an account
@error_log('Error creating profile: ' . $u->error);
$page->title = 'An Error Occurred';
echo '<p>Please try again later.</p>';
echo '<p><a href="/">' . __('Back') . '</a></p>';
} else {
$u->address2 = $_POST['address2'];
$u->city = $_POST['city'];
$u->state = $_POST['state'];
$u->country = $_POST['country'];
$u->zip = $_POST['zip'];
$u->title = $_POST['title'];
$u->company = $_POST['company'];
$u->website = $_POST['website'];
if (isset($_FILES['photo']) && is_uploaded_file($_FILES['photo']['tmp_name'])) {
$tmp_file = 'cache/.' . basename($_FILES['photo']['name']);
$old_file = $u->photo;
if (move_uploaded_file($_FILES['photo']['tmp_name'], $tmp_file)) {
if (preg_match('/\\.jpe?g$/i', $tmp_file)) {
Image::reorient($tmp_file);
}
$u->photo = Image::resize($tmp_file, Appconf::user('User', 'photo_width'), Appconf::user('User', 'photo_height'));
if (strpos($u->photo, '#') !== false) {
error_log('Error processing photo: ' . $u->photo);
$u->photo = $old_file;
} elseif (!empty($old_file) && $old_file !== $u->photo && file_exists($old_file)) {
unlink($old_file);
}
unlink($tmp_file);
}
}
$u->put();
Versions::add($u);
if (!$u->error) {
$page->title = __('Profile Updated');
echo '<p><a href="/user">' . __('Continue') . '</a></p>';
return;
<?php
/**
* Embeds a twitter Follow button into the current page. Used by
* the WYSIWYG editor's dynamic objects menu.
*/
if (! isset (self::$called['social/twitter/init'])) {
echo $this->run ('social/twitter/init');
}
if (! isset ($data['twitter_id'])) {
$id = Appconf::user ('Twitter', 'twitter_id');
$data['twitter_id'] = (! empty ($id)) ? $id : $appconf['Twitter']['id'];
}
echo $tpl->render ('social/twitter/follow', $data);
/**
* Log out and optionally redirect to the specified URL.
*/
public static function logout($redirect_to = FALSE, $path = '/', $domain = false, $secure = false, $httponly = true)
{
if (self::$user === FALSE) {
self::require_login();
}
if (Appconf::user('User', 'multi_login')) {
user\Session::clear($_SESSION['session_id']);
user\Session::clear_expired();
} elseif (!empty(self::$user->session_id)) {
self::$user->expires = gmdate('Y-m-d H:i:s', time() - 100000);
self::$user->put();
}
$_SESSION['session_id'] = NULL;
$name = conf('General', 'session_name');
if (isset($_COOKIE[$name])) {
$domain = $domain ? $domain : conf('General', 'session_domain');
if ($domain === 'full') {
$domain = $_SERVER['HTTP_HOST'];
} elseif ($domain === 'top') {
$parts = explode('.', $_SERVER['HTTP_HOST']);
$tld = array_pop($parts);
$domain = '.' . array_pop($parts) . '.' . $tld;
}
setcookie($name, $_COOKIE[$name], time() - 100000, $path, $domain, $secure, $httponly);
}
if ($redirect_to) {
global $controller;
$controller->redirect($redirect_to);
}
}
/**
* Returns a list of pages that are not in the navigation.
*/
function navigation_get_other_pages($ids)
{
$pages = array();
$res = DB::fetch("select id, title, menu_title, access from #prefix#webpage where access != 'private'");
//Adds apps to Navigation, the new way
$nav = Appconf::options('nav');
foreach ($nav as $id => $title) {
$appObj = new StdClass();
$appObj->id = $id;
$appObj->title = $title;
$res[] = $appObj;
}
// Add apps to Navigation, the old way
$apps = glob('apps/*');
foreach ($apps as $app) {
$app = str_replace('apps/', '', $app);
$ini = Appconf::get($app);
foreach ($ini as $section) {
if (array_key_exists('include_in_nav', $section) && $section['include_in_nav'] && array_key_exists('title', $section) && $section['title'] != '') {
$appObj = new stdClass();
if (!in_array($section['include_in_nav'], array('1', 1, true), true)) {
$appObj->id = ltrim($section['include_in_nav'], '/');
} else {
$appPath = explode('/', $app);
$appObj->id = $appPath[0];
}
$appObj->title = $section['title'];
$appObj->menu_title = array_key_exists('menu_title', $section) ? $section['menu_title'] : $section['title'];
$res[] = $appObj;
break;
}
}
}
foreach ($res as $p) {
if (in_array($p->id, $ids)) {
// skip if in tree
continue;
}
if (!empty($p->menu_title)) {
$pages[$p->id] = $p->menu_title;
} else {
$pages[$p->id] = $p->title;
}
}
uasort($pages, function ($a, $b) {
if ($a === $b) {
return 0;
}
return $a < $b ? -1 : 1;
});
return $pages;
}
Cli::out('Invalid section name: ' . $section, 'error');
return;
}
$settings = Appconf::get($app, $section);
$names = array_keys($settings);
sort($names);
echo join(', ', $names) . "\n";
// show specific setting (encoded as JSON value)
} elseif (count($parts) === 3) {
list($app, $section, $setting) = $parts;
if (!preg_match($valid_app_name, $app) || !is_dir('apps/' . $app)) {
Cli::out('Invalid app name: ' . $app, 'error');
return;
}
if (!preg_match($valid_section_name, $section)) {
Cli::out('Invalid section name: ' . $section, 'error');
return;
}
if (!preg_match($valid_setting_name, $setting)) {
Cli::out('Invalid setting name: ' . $setting, 'error');
return;
}
$value = Appconf::get($app, $section, $setting);
if (!defined('JSON_PRETTY_PRINT')) {
define('JSON_PRETTY_PRINT', 0);
}
echo json_encode($value, JSON_PRETTY_PRINT) . "\n";
} else {
Cli::out('Invalid setting value: ' . $_SERVER['argv'][2], 'error');
}
}
$p = new blog\Post();
$posts = $p->by($page->author, $page->limit, $page->offset);
$page->count = $p->query()->where('published', 'yes')->where('author', $page->author)->count();
$page->last = $page->offset + count($posts);
$page->more = $page->count > $page->last ? true : false;
$page->next = $page->num + 2;
$footer = Appconf::blog('Blog', 'post_footer');
$footer_stripped = strip_tags($footer);
$footer = $footer && !empty($footer_stripped) ? $tpl->run_includes($footer) : false;
if (Appconf::blog('Blog', 'post_format') === 'markdown') {
require_once 'apps/blog/lib/markdown.php';
}
foreach ($posts as $post) {
$post->url = '/blog/post/' . $post->id . '/' . URLify::filter($post->title);
$post->tag_list = strlen($post->tags) > 0 ? explode(',', $post->tags) : array();
$post->social_buttons = $appconf['Social Buttons'];
if (Appconf::blog('Blog', 'post_format') === 'html') {
$post->body = $tpl->run_includes($post->body);
} else {
$post->body = $tpl->run_includes(Markdown($post->body));
}
if ($preview_chars) {
$post->body = blog_filter_truncate($post->body, $preview_chars) . ' <a href="' . $post->url . '">' . __('Read more') . '</a>';
} else {
$post->footer = $footer;
}
echo $tpl->render('blog/post', $post);
}
$page->title = __('Posts by %s', $tpl->sanitize($page->author));
$page->add_script(sprintf('<link rel="alternate" type="application/rss+xml" href="http://%s/blog/rss" />', $_SERVER['HTTP_HOST']));
echo $tpl->render('blog/by', $page);
$form = new Form('post', $this);
$appconf['User']['login_methods'] = is_array($appconf['User']['login_methods']) ? $appconf['User']['login_methods'] : array();
$form->data = array('facebook_app_id' => $appconf['Facebook']['application_id'], 'facebook_app_secret' => $appconf['Facebook']['application_secret'], 'twitter_id' => $appconf['Twitter']['twitter_id'], 'twitter_key' => $appconf['Twitter']['consumer_key'], 'twitter_secret' => $appconf['Twitter']['consumer_secret'], 'twitter_access_token' => $appconf['Twitter']['access_token'], 'twitter_access_token_secret' => $appconf['Twitter']['access_token_secret'], 'login_openid' => in_array('openid', $appconf['User']['login_methods']), 'login_google' => in_array('google', $appconf['User']['login_methods']), 'login_facebook' => in_array('facebook', $appconf['User']['login_methods']), 'login_twitter' => in_array('twitter', $appconf['User']['login_methods']), 'login_persona' => in_array('persona', $appconf['User']['login_methods']), 'default_role' => $appconf['User']['default_role'], 'roles' => array_keys(User::acl()->rules));
echo $form->handle(function ($form) {
$login_methods = array();
if ($_POST['login_openid'] === 'yes') {
$login_methods[] = 'openid';
}
if ($_POST['login_google'] === 'yes') {
$login_methods[] = 'google';
}
if ($_POST['login_facebook'] === 'yes') {
$login_methods[] = 'facebook';
}
if ($_POST['login_twitter'] === 'yes') {
$login_methods[] = 'twitter';
}
if ($_POST['login_persona'] === 'yes') {
$login_methods[] = 'persona';
}
if (count($login_methods) === 0) {
$login_methods = false;
}
$merged = Appconf::merge('user', array('User' => array('login_methods' => $login_methods, 'default_role' => $_POST['default_role']), 'Facebook' => array('application_id' => $_POST['facebook_app_id'], 'application_secret' => $_POST['facebook_app_secret']), 'Twitter' => array('twitter_id' => $_POST['twitter_id'], 'consumer_key' => $_POST['twitter_key'], 'consumer_secret' => $_POST['twitter_secret'], 'access_token' => $_POST['twitter_access_token'], 'access_token_secret' => $_POST['twitter_access_token_secret'])));
if (!Ini::write($merged, 'conf/app.user.' . ELEFANT_ENV . '.php')) {
printf('<p>%s</p>', __('Unable to save changes. Check your folder permissions and try again.'));
return;
}
$form->controller->add_notification(__('Settings saved.'));
$form->controller->redirect('/user/admin');
});
