public function execute(HTTPRequestCustom $request)
 {
     $id = $request->get_getint('id', 0);
     if (!empty($id)) {
         try {
             $this->weblink = WebService::get_weblink('WHERE web.id = :id', array('id' => $id));
         } catch (RowNotFoundException $e) {
             $error_controller = PHPBoostErrors::unexisting_page();
             DispatchManager::redirect($error_controller);
         }
     }
     if ($this->weblink !== null && !DownloadAuthorizationsService::check_authorizations($this->weblink->get_id_category())->read()) {
         $error_controller = PHPBoostErrors::user_not_authorized();
         DispatchManager::redirect($error_controller);
     } else {
         if ($this->weblink !== null && $this->weblink->is_visible()) {
             $this->weblink->set_number_views($this->weblink->get_number_views() + 1);
             WebService::update_number_views($this->weblink);
             WebCache::invalidate();
             AppContext::get_response()->redirect($this->weblink->get_url()->absolute());
         } else {
             $error_controller = PHPBoostErrors::unexisting_page();
             DispatchManager::redirect($error_controller);
         }
     }
 }
 private function check_authorizations()
 {
     if (!(CalendarAuthorizationsService::check_authorizations()->write() || CalendarAuthorizationsService::check_authorizations()->contribution() || CalendarAuthorizationsService::check_authorizations()->moderation())) {
         $error_controller = PHPBoostErrors::user_not_authorized();
         DispatchManager::redirect($error_controller);
     }
 }
 private function check_authorizations()
 {
     if (!BugtrackerAuthorizationsService::check_authorizations()->read()) {
         $error_controller = PHPBoostErrors::user_not_authorized();
         DispatchManager::redirect($error_controller);
     }
 }
 private function check_authorizations()
 {
     if (!NewsletterAuthorizationsService::check_authorizations()->subscribe()) {
         $error_controller = PHPBoostErrors::user_not_authorized();
         DispatchManager::redirect($error_controller);
     }
 }
 private function check_authorizations()
 {
     $id_cat = $this->get_category()->get_id();
     if (!CalendarAuthorizationsService::check_authorizations($id_cat)->read()) {
         $error_controller = PHPBoostErrors::user_not_authorized();
         DispatchManager::redirect($error_controller);
     }
 }
 public function execute(HTTPRequestCustom $request)
 {
     $this->init();
     if (!$this->user->check_level(User::MEMBER_LEVEL)) {
         $error_controller = PHPBoostErrors::user_not_authorized();
         DispatchManager::redirect($error_controller);
     }
     $this->build_form();
     return $this->build_response($this->tpl);
 }
 private function check_authorizations()
 {
     if (!BugtrackerAuthorizationsService::check_authorizations()->moderation() && $this->current_user->get_id() != $this->bug->get_assigned_to_id()) {
         $error_controller = PHPBoostErrors::user_not_authorized();
         DispatchManager::redirect($error_controller);
     }
     if (AppContext::get_current_user()->is_readonly()) {
         $controller = PHPBoostErrors::user_in_read_only();
         DispatchManager::redirect($controller);
     }
 }
 private function check_authorizations()
 {
     if (!$this->downloadfile->is_authorized_to_delete()) {
         $error_controller = PHPBoostErrors::user_not_authorized();
         DispatchManager::redirect($error_controller);
     }
     if (AppContext::get_current_user()->is_readonly()) {
         $error_controller = PHPBoostErrors::user_in_read_only();
         DispatchManager::redirect($error_controller);
     }
 }
 private function check_authorizations(ShoutboxMessage $message)
 {
     if (!$message->is_authorized_to_delete()) {
         $error_controller = PHPBoostErrors::user_not_authorized();
         DispatchManager::redirect($error_controller);
     }
     if (AppContext::get_current_user()->is_readonly()) {
         $controller = PHPBoostErrors::user_in_read_only();
         DispatchManager::redirect($controller);
     }
 }
 private function check_authorizations()
 {
     if (!$this->event->get_content()->is_registration_authorized()) {
         $error_controller = PHPBoostErrors::user_not_authorized();
         DispatchManager::redirect($error_controller);
     }
     if (time() > $this->event->get_start_date()->get_timestamp()) {
         $error_controller = new UserErrorController(LangLoader::get_message('error', 'status-messages-common'), LangLoader::get_message('calendar.notice.unsuscribe.event_date_expired', 'common', 'calendar'));
         DispatchManager::redirect($error_controller);
     }
     if (AppContext::get_current_user()->is_readonly()) {
         $error_controller = PHPBoostErrors::user_in_read_only();
         DispatchManager::redirect($error_controller);
     }
 }
 public function execute(HTTPRequestCustom $request)
 {
     $id = $request->get_getint('id', 0);
     if (!empty($id)) {
         try {
             $this->downloadfile = DownloadService::get_downloadfile('WHERE download.id = :id', array('id' => $id));
         } catch (RowNotFoundException $e) {
             $error_controller = PHPBoostErrors::unexisting_page();
             DispatchManager::redirect($error_controller);
         }
     }
     if ($this->downloadfile !== null && !DownloadAuthorizationsService::check_authorizations($this->downloadfile->get_id_category())->read()) {
         $error_controller = PHPBoostErrors::user_not_authorized();
         DispatchManager::redirect($error_controller);
     } else {
         if ($this->downloadfile !== null && $this->downloadfile->is_visible()) {
             $this->downloadfile->set_number_downloads($this->downloadfile->get_number_downloads() + 1);
             DownloadService::update_number_downloads($this->downloadfile);
             DownloadCache::invalidate();
             $status = 200;
             $file_headers = get_headers($this->downloadfile->get_url()->absolute(), true);
             if (is_array($file_headers)) {
                 if (preg_match('/^HTTP\\/[12]\\.[01] (\\d\\d\\d)/', $file_headers[0], $matches)) {
                     $status = (int) $matches[1];
                 }
             }
             if ($status == 200) {
                 header('Content-Disposition: attachment; filename="' . urldecode(basename($this->downloadfile->get_url()->absolute())) . '"');
                 header('Content-Description: File Transfer');
                 header('Content-Transfer-Encoding: binary');
                 header('Accept-Ranges: bytes');
                 header('Content-Type: application/force-download');
                 set_time_limit(0);
                 readfile($this->downloadfile->get_url()->absolute());
             } else {
                 $error_controller = new UserErrorController(LangLoader::get_message('error', 'status-messages-common'), LangLoader::get_message('download.message.error.file_not_found', 'common', 'download'), UserErrorController::WARNING);
                 DispatchManager::redirect($error_controller);
             }
         } else {
             $error_controller = PHPBoostErrors::unexisting_page();
             DispatchManager::redirect($error_controller);
         }
     }
 }
 public function execute(HTTPRequestCustom $request)
 {
     AppContext::get_session()->csrf_get_protect();
     $news = $this->get_news($request);
     if (!$news->is_authorized_to_delete()) {
         $error_controller = PHPBoostErrors::user_not_authorized();
         DispatchManager::redirect($error_controller);
     }
     if (AppContext::get_current_user()->is_readonly()) {
         $controller = PHPBoostErrors::user_in_read_only();
         DispatchManager::redirect($controller);
     }
     NewsService::delete('WHERE id=:id', array('id' => $news->get_id()));
     NewsService::get_keywords_manager()->delete_relations($news->get_id());
     PersistenceContext::get_querier()->delete(DB_TABLE_EVENTS, 'WHERE module=:module AND id_in_module=:id', array('module' => 'news', 'id' => $news->get_id()));
     CommentsService::delete_comments_topic_module('news', $news->get_id());
     Feed::clear_cache('news');
     AppContext::get_response()->redirect($request->get_url_referrer() ? $request->get_url_referrer() : NewsUrlBuilder::home(), StringVars::replace_vars(LangLoader::get_message('news.message.success.delete', 'common', 'news'), array('name' => $news->get_name())));
 }
 public function execute(HTTPRequestCustom $request)
 {
     $this->init();
     $user_id = $request->get_getint('user_id', AppContext::get_current_user()->get_id());
     try {
         $this->user = UserService::get_user($user_id);
     } catch (RowNotFoundException $e) {
         $error_controller = PHPBoostErrors::unexisting_element();
         DispatchManager::redirect($error_controller);
     }
     try {
         $this->internal_auth_infos = PHPBoostAuthenticationMethod::get_auth_infos($user_id);
     } catch (RowNotFoundException $e) {
     }
     $this->user_auth_types = AuthenticationService::get_user_types_authentication($user_id);
     if (!$this->check_authorizations($user_id)) {
         $error_controller = PHPBoostErrors::user_not_authorized();
         DispatchManager::redirect($error_controller);
     }
     $associate_type = $request->get_getvalue('associate', false);
     if ($associate_type) {
         if (!in_array($associate_type, $this->user_auth_types)) {
             $authentication_method = AuthenticationService::get_authentication_method($associate_type);
             AuthenticationService::associate($authentication_method, $user_id);
             AppContext::get_response()->redirect(UserUrlBuilder::edit_profile($user_id));
         }
     }
     $dissociate_type = $request->get_getvalue('dissociate', false);
     if ($dissociate_type) {
         if (in_array($dissociate_type, $this->user_auth_types) && count($this->user_auth_types) > 1) {
             $authentication_method = AuthenticationService::get_authentication_method($dissociate_type);
             AuthenticationService::dissociate($authentication_method, $user_id);
             AppContext::get_response()->redirect(UserUrlBuilder::edit_profile($user_id));
         }
     }
     $this->build_form();
     if ($this->submit_button->has_been_submited() && $this->form->validate()) {
         $this->save($request);
     }
     $this->tpl->put('FORM', $this->form->display());
     return $this->build_response();
 }
 private function check_authorizations()
 {
     $weblink = $this->get_weblink();
     $not_authorized = !WebAuthorizationsService::check_authorizations($weblink->get_id_category())->moderation() && (!WebAuthorizationsService::check_authorizations($weblink->get_id_category())->write() && $weblink->get_author_user()->get_id() != AppContext::get_current_user()->get_id());
     switch ($weblink->get_approbation_type()) {
         case WebLink::APPROVAL_NOW:
             if (!WebAuthorizationsService::check_authorizations($weblink->get_id_category())->read() && $not_authorized) {
                 $error_controller = PHPBoostErrors::user_not_authorized();
                 DispatchManager::redirect($error_controller);
             }
             break;
         case WebLink::NOT_APPROVAL:
             if ($not_authorized) {
                 $error_controller = PHPBoostErrors::user_not_authorized();
                 DispatchManager::redirect($error_controller);
             }
             break;
         case WebLink::APPROVAL_DATE:
             if (!$weblink->is_visible() && $not_authorized) {
                 $error_controller = PHPBoostErrors::user_not_authorized();
                 DispatchManager::redirect($error_controller);
             }
             break;
         default:
             $error_controller = PHPBoostErrors::unexisting_page();
             DispatchManager::redirect($error_controller);
             break;
     }
 }
 private function check_authorizations()
 {
     $article = $this->get_article();
     $auth_write = ArticlesAuthorizationsService::check_authorizations($article->get_id_category())->write();
     $auth_moderation = ArticlesAuthorizationsService::check_authorizations($article->get_id_category())->moderation();
     $not_authorized = !$auth_moderation && (!$auth_write && $article->get_author_user()->get_id() != AppContext::get_current_user()->get_id());
     switch ($article->get_publishing_state()) {
         case Article::PUBLISHED_NOW:
             if (!ArticlesAuthorizationsService::check_authorizations($article->get_id_category())->read() && $not_authorized) {
                 $error_controller = PHPBoostErrors::user_not_authorized();
                 DispatchManager::redirect($error_controller);
             }
             break;
         case Article::NOT_PUBLISHED:
             if ($not_authorized) {
                 $error_controller = PHPBoostErrors::user_not_authorized();
                 DispatchManager::redirect($error_controller);
             }
             break;
         case Article::PUBLISHED_DATE:
             if (!$article->is_published() && $not_authorized) {
                 $error_controller = PHPBoostErrors::user_not_authorized();
                 DispatchManager::redirect($error_controller);
             }
             break;
         default:
             $error_controller = PHPBoostErrors::unexisting_page();
             DispatchManager::redirect($error_controller);
             break;
     }
 }
 private function get_error($authorizations_type)
 {
     DispatchManager::redirect(PHPBoostErrors::user_not_authorized());
     return;
 }
 public function get_right_controller_regarding_authorizations()
 {
     if (!AppContext::get_current_user()->check_auth(UserAccountsConfig::load()->get_auth_read_members(), UserAccountsConfig::AUTH_READ_MEMBERS_BIT)) {
         $error_controller = PHPBoostErrors::user_not_authorized();
         DispatchManager::redirect($error_controller);
     }
     return $this;
 }
 public function get_right_controller_regarding_authorizations()
 {
     if (!AppContext::get_current_user()->check_auth(CommentsConfig::load()->get_authorizations(), CommentsAuthorizations::READ_AUTHORIZATIONS)) {
         $error_controller = PHPBoostErrors::user_not_authorized();
         DispatchManager::redirect($error_controller);
     }
     return $this;
 }
Ejemplo n.º 19
0
    $error_controller = PHPBoostErrors::unexisting_page();
    DispatchManager::redirect($error_controller);
}
$category = ForumService::get_categories_manager()->get_categories_cache()->get_category($topic['idcat']);
$topic_name = !empty($topic['title']) ? stripslashes($topic['title']) : '';
$Bread_crumb->add($config->get_forum_name(), 'index.php');
$Bread_crumb->add($category->get_name(), 'forum' . url('.php?id=' . $topic['idcat'], '-' . $topic['idcat'] . '+' . $category->get_rewrited_name() . '.php'));
$Bread_crumb->add($topic['title'], 'topic' . url('.php?id=' . $alert, '-' . $alert . '-' . Url::encode_rewrite($topic_name) . '.php'));
$Bread_crumb->add($LANG['alert_topic'], '');
define('TITLE', $LANG['alert_topic']);
require_once '../kernel/header.php';
if (empty($alert) && empty($alert_post) || empty($topic['idcat'])) {
    AppContext::get_response()->redirect('/forum/index' . url('.php'));
}
if (!AppContext::get_current_user()->check_level(User::MEMBER_LEVEL)) {
    $error_controller = PHPBoostErrors::user_not_authorized();
    DispatchManager::redirect($error_controller);
}
$tpl = new FileTemplate('forum/forum_alert.tpl');
//On fait un formulaire d'alerte
if (!empty($alert) && empty($alert_post)) {
    //On vérifie qu'une alerte sur le même sujet n'ait pas été postée
    $nbr_alert = PersistenceContext::get_querier()->count(PREFIX . 'forum_alerts', 'WHERE idtopic=:idtopic AND status = 0', array('idtopic' => $alert));
    if (empty($nbr_alert)) {
        $editor = AppContext::get_content_formatting_service()->get_default_editor();
        $editor->set_identifier('contents');
        $tpl->put_all(array('KERNEL_EDITOR' => $editor->display(), 'L_ALERT' => $LANG['alert_topic'], 'L_ALERT_EXPLAIN' => $LANG['alert_modo_explain'], 'L_ALERT_TITLE' => $LANG['alert_title'], 'L_ALERT_CONTENTS' => $LANG['alert_contents'], 'L_REQUIRE' => LangLoader::get_message('form.explain_required_fields', 'status-messages-common'), 'L_REQUIRE_TEXT' => $LANG['require_text'], 'L_REQUIRE_TITLE' => $LANG['require_title']));
        $tpl->assign_block_vars('alert_form', array('TITLE' => $topic_name, 'U_TOPIC' => 'topic' . url('.php?id=' . $alert, '-' . $alert . '-' . Url::encode_rewrite($topic_name) . '.php'), 'ID_ALERT' => $alert));
    } else {
        $tpl->put_all(array('L_ALERT' => $LANG['alert_topic'], 'L_BACK_TOPIC' => $LANG['alert_back'], 'URL_TOPIC' => 'topic' . url('.php?id=' . $alert, '-' . $alert . '-' . Url::encode_rewrite($topic_name) . '.php')));
        $tpl->assign_block_vars('alert_confirm', array('MSG' => $LANG['alert_topic_already_done']));
Ejemplo n.º 20
0
    $tpl->put_all(array('ID' => $page_infos['id'], 'TITLE' => stripslashes(stripslashes($page_infos['title'])), 'CONTENTS' => pages_second_parse($page_infos['contents']), 'COUNT_HITS' => $page_infos['count_hits'] ? sprintf($LANG['page_hits'], $page_infos['hits'] + 1) : ' ', 'L_LINKS' => $LANG['pages_links_list'], 'L_PAGE_OUTILS' => $LANG['pages_links_list']));
    $tpl->display();
} elseif ((!empty($encoded_title) || $id_com > 0) && $num_rows == 0) {
    $error_controller = PHPBoostErrors::unexisting_page();
    DispatchManager::redirect($error_controller);
} elseif ($id_com > 0) {
    //Commentaires activés pour cette page ?
    if ($page_infos['activ_com'] == 0) {
        DispatchManager::redirect(PHPBoostErrors::unexisting_page());
    }
    //Autorisation particulière ?
    $special_auth = !empty($page_infos['auth']);
    $array_auth = unserialize($page_infos['auth']);
    //Vérification de l'autorisation de voir la page
    if ($special_auth && !AppContext::get_current_user()->check_auth($array_auth, READ_PAGE) || !$special_auth && !AppContext::get_current_user()->check_auth($config_authorizations, READ_PAGE) && ($special_auth && !AppContext::get_current_user()->check_auth($array_auth, READ_COM)) || !$special_auth && !AppContext::get_current_user()->check_auth($config_authorizations, READ_COM)) {
        DispatchManager::redirect(PHPBoostErrors::user_not_authorized());
    }
    $tpl = new FileTemplate('pages/com.tpl');
    $comments_topic = new PagesCommentsTopic();
    $comments_topic->set_id_in_module($id_com);
    $comments_topic->set_url(new Url(PagesUrlBuilder::get_link_item_com($id_com, '%s')));
    $tpl->put_all(array('COMMENTS' => CommentsService::display($comments_topic)->render()));
    $tpl->display();
} else {
    $modulesLoader = AppContext::get_extension_provider_service();
    $module = $modulesLoader->get_provider('pages');
    if ($module->has_extension_point(HomePageExtensionPoint::EXTENSION_POINT)) {
        echo $module->get_extension_point(HomePageExtensionPoint::EXTENSION_POINT)->get_home_page()->get_view()->display();
    }
}
require_once '../kernel/footer.php';
 private function check_authorizations()
 {
     $bug = $this->get_bug();
     if ($bug->get_id() === null) {
         if (!$bug->is_authorized_to_add()) {
             $error_controller = PHPBoostErrors::user_not_authorized();
             DispatchManager::redirect($error_controller);
         }
     } else {
         if (!($bug->is_authorized_to_edit() || $bug->get_assigned_to_id() && $this->current_user->get_id() == $bug->get_assigned_to_id())) {
             $error_controller = PHPBoostErrors::user_not_authorized();
             DispatchManager::redirect($error_controller);
         }
     }
     if (AppContext::get_current_user()->is_readonly()) {
         $error_controller = PHPBoostErrors::user_in_read_only();
         DispatchManager::redirect($error_controller);
     }
 }
 private function check_authorizations()
 {
     $event = $this->get_event();
     if (!CalendarAuthorizationsService::check_authorizations($event->get_content()->get_category_id())->read() && (!(CalendarAuthorizationsService::check_authorizations($event->get_content()->get_category_id())->write() || CalendarAuthorizationsService::check_authorizations($event->get_content()->get_category_id())->contribution() && !$event->get_content()->is_approved()) && $event->get_content()->get_author_user()->get_id() != AppContext::get_current_user()->get_id())) {
         $error_controller = PHPBoostErrors::user_not_authorized();
         DispatchManager::redirect($error_controller);
     }
 }
 private function check_authorizations()
 {
     $message = $this->get_message();
     if ($message->get_id() === null) {
         if (!GuestbookAuthorizationsService::check_authorizations()->write()) {
             $error_controller = PHPBoostErrors::user_not_authorized();
             DispatchManager::redirect($error_controller);
         }
     } else {
         if (!$message->is_authorized_edit()) {
             $error_controller = PHPBoostErrors::user_not_authorized();
             DispatchManager::redirect($error_controller);
         }
     }
     if (AppContext::get_current_user()->is_readonly()) {
         $controller = PHPBoostErrors::user_in_read_only();
         DispatchManager::redirect($controller);
     }
 }
 private function check_authorizations()
 {
     if (AppContext::get_current_user()->is_guest()) {
         if ($this->config->are_descriptions_displayed_to_guests() && (!Authorizations::check_auth(RANK_TYPE, User::MEMBER_LEVEL, $this->get_category()->get_authorizations(), Category::READ_AUTHORIZATIONS) || $this->config->get_category_display_type() == DownloadConfig::DISPLAY_ALL_CONTENT) || !$this->config->are_descriptions_displayed_to_guests() && !DownloadAuthorizationsService::check_authorizations($this->get_category()->get_id())->read()) {
             $error_controller = PHPBoostErrors::user_not_authorized();
             DispatchManager::redirect($error_controller);
         }
     } else {
         if (!DownloadAuthorizationsService::check_authorizations($this->get_category()->get_id())->read()) {
             $error_controller = PHPBoostErrors::user_not_authorized();
             DispatchManager::redirect($error_controller);
         }
     }
 }
Ejemplo n.º 25
0
 private static function register_notation(Notation $notation)
 {
     if (self::$user->check_level(User::MEMBER_LEVEL)) {
         $note_is_valid = $notation->get_note() >= 0 && $notation->get_note() <= $notation->get_notation_scale() ? true : false;
         $member_already_notation = self::$db_querier->count(DB_TABLE_NOTE, 'WHERE user_id=:user_id AND module_name=:module_name AND id_in_module=:id_in_module', array('module_name' => $notation->get_module_name(), 'id_in_module' => $notation->get_id_in_module(), 'user_id' => $notation->get_user_id()));
         if (!$member_already_notation && $note_is_valid) {
             self::$db_querier->insert(DB_TABLE_NOTE, array('module_name' => $notation->get_module_name(), 'id_in_module' => $notation->get_id_in_module(), 'user_id' => $notation->get_user_id(), 'note' => $notation->get_note()));
             $condition = 'WHERE module_name=:module_name AND id_in_module=:id_in_module';
             $parameters = array('module_name' => $notation->get_module_name(), 'id_in_module' => $notation->get_id_in_module());
             $nbr_notes = self::$db_querier->count(DB_TABLE_AVERAGE_NOTES, $condition, $parameters);
             if ($nbr_notes == 0) {
                 self::$db_querier->insert(DB_TABLE_AVERAGE_NOTES, array('module_name' => $notation->get_module_name(), 'id_in_module' => $notation->get_id_in_module(), 'average_notes' => self::calculates_average_notes($notation), 'number_notes' => 1));
             } else {
                 self::$db_querier->update(DB_TABLE_AVERAGE_NOTES, array('average_notes' => self::calculates_average_notes($notation), 'number_notes' => self::get_number_notes($notation) + 1), $condition, $parameters);
             }
         }
     } else {
         DispatchManager::redirect(PHPBoostErrors::user_not_authorized());
     }
 }
 private function check_authorizations()
 {
     $downloadfile = $this->get_downloadfile();
     if ($downloadfile->get_id() === null) {
         if (!$downloadfile->is_authorized_to_add()) {
             $error_controller = PHPBoostErrors::user_not_authorized();
             DispatchManager::redirect($error_controller);
         }
     } else {
         if (!$downloadfile->is_authorized_to_edit()) {
             $error_controller = PHPBoostErrors::user_not_authorized();
             DispatchManager::redirect($error_controller);
         }
     }
     if (AppContext::get_current_user()->is_readonly()) {
         $controller = PHPBoostErrors::user_in_read_only();
         DispatchManager::redirect($controller);
     }
 }
Ejemplo n.º 27
0
 private static function verificate_authorized_edit_or_delete_comment($authorizations, $comment_id)
 {
     $is_authorized = self::is_authorized_edit_or_delete_comment($authorizations, $comment_id);
     if (!CommentsManager::comment_exists($comment_id)) {
         $error_controller = PHPBoostErrors::unexisting_page();
         DispatchManager::redirect($error_controller);
     } else {
         if (!$is_authorized) {
             $error_controller = PHPBoostErrors::user_not_authorized();
             DispatchManager::redirect($error_controller);
         }
     }
 }