public function execute(HTTPRequestCustom $request)
{
$id = $request->get_getint('id', 0);
if (!empty($id)) {
try {
$this->weblink = WebService::get_weblink('WHERE web.id = :id', array('id' => $id));
} catch (RowNotFoundException $e) {
$error_controller = PHPBoostErrors::unexisting_page();
DispatchManager::redirect($error_controller);
}
}
if ($this->weblink !== null && !DownloadAuthorizationsService::check_authorizations($this->weblink->get_id_category())->read()) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
} else {
if ($this->weblink !== null && $this->weblink->is_visible()) {
$this->weblink->set_number_views($this->weblink->get_number_views() + 1);
WebService::update_number_views($this->weblink);
WebCache::invalidate();
AppContext::get_response()->redirect($this->weblink->get_url()->absolute());
} else {
$error_controller = PHPBoostErrors::unexisting_page();
DispatchManager::redirect($error_controller);
}
}
}
private function check_authorizations()
{
if (!(CalendarAuthorizationsService::check_authorizations()->write() || CalendarAuthorizationsService::check_authorizations()->contribution() || CalendarAuthorizationsService::check_authorizations()->moderation())) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
}
private function check_authorizations()
{
if (!BugtrackerAuthorizationsService::check_authorizations()->read()) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
}
private function check_authorizations()
{
if (!NewsletterAuthorizationsService::check_authorizations()->subscribe()) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
}
private function check_authorizations()
{
$id_cat = $this->get_category()->get_id();
if (!CalendarAuthorizationsService::check_authorizations($id_cat)->read()) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
}
public function execute(HTTPRequestCustom $request)
{
$this->init();
if (!$this->user->check_level(User::MEMBER_LEVEL)) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
$this->build_form();
return $this->build_response($this->tpl);
}
private function check_authorizations()
{
if (!BugtrackerAuthorizationsService::check_authorizations()->moderation() && $this->current_user->get_id() != $this->bug->get_assigned_to_id()) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
if (AppContext::get_current_user()->is_readonly()) {
$controller = PHPBoostErrors::user_in_read_only();
DispatchManager::redirect($controller);
}
}
private function check_authorizations()
{
if (!$this->downloadfile->is_authorized_to_delete()) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
if (AppContext::get_current_user()->is_readonly()) {
$error_controller = PHPBoostErrors::user_in_read_only();
DispatchManager::redirect($error_controller);
}
}
private function check_authorizations(ShoutboxMessage $message)
{
if (!$message->is_authorized_to_delete()) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
if (AppContext::get_current_user()->is_readonly()) {
$controller = PHPBoostErrors::user_in_read_only();
DispatchManager::redirect($controller);
}
}
private function check_authorizations()
{
if (!$this->event->get_content()->is_registration_authorized()) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
if (time() > $this->event->get_start_date()->get_timestamp()) {
$error_controller = new UserErrorController(LangLoader::get_message('error', 'status-messages-common'), LangLoader::get_message('calendar.notice.unsuscribe.event_date_expired', 'common', 'calendar'));
DispatchManager::redirect($error_controller);
}
if (AppContext::get_current_user()->is_readonly()) {
$error_controller = PHPBoostErrors::user_in_read_only();
DispatchManager::redirect($error_controller);
}
}
public function execute(HTTPRequestCustom $request)
{
$id = $request->get_getint('id', 0);
if (!empty($id)) {
try {
$this->downloadfile = DownloadService::get_downloadfile('WHERE download.id = :id', array('id' => $id));
} catch (RowNotFoundException $e) {
$error_controller = PHPBoostErrors::unexisting_page();
DispatchManager::redirect($error_controller);
}
}
if ($this->downloadfile !== null && !DownloadAuthorizationsService::check_authorizations($this->downloadfile->get_id_category())->read()) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
} else {
if ($this->downloadfile !== null && $this->downloadfile->is_visible()) {
$this->downloadfile->set_number_downloads($this->downloadfile->get_number_downloads() + 1);
DownloadService::update_number_downloads($this->downloadfile);
DownloadCache::invalidate();
$status = 200;
$file_headers = get_headers($this->downloadfile->get_url()->absolute(), true);
if (is_array($file_headers)) {
if (preg_match('/^HTTP\\/[12]\\.[01] (\\d\\d\\d)/', $file_headers[0], $matches)) {
$status = (int) $matches[1];
}
}
if ($status == 200) {
header('Content-Disposition: attachment; filename="' . urldecode(basename($this->downloadfile->get_url()->absolute())) . '"');
header('Content-Description: File Transfer');
header('Content-Transfer-Encoding: binary');
header('Accept-Ranges: bytes');
header('Content-Type: application/force-download');
set_time_limit(0);
readfile($this->downloadfile->get_url()->absolute());
} else {
$error_controller = new UserErrorController(LangLoader::get_message('error', 'status-messages-common'), LangLoader::get_message('download.message.error.file_not_found', 'common', 'download'), UserErrorController::WARNING);
DispatchManager::redirect($error_controller);
}
} else {
$error_controller = PHPBoostErrors::unexisting_page();
DispatchManager::redirect($error_controller);
}
}
}
public function execute(HTTPRequestCustom $request)
{
AppContext::get_session()->csrf_get_protect();
$news = $this->get_news($request);
if (!$news->is_authorized_to_delete()) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
if (AppContext::get_current_user()->is_readonly()) {
$controller = PHPBoostErrors::user_in_read_only();
DispatchManager::redirect($controller);
}
NewsService::delete('WHERE id=:id', array('id' => $news->get_id()));
NewsService::get_keywords_manager()->delete_relations($news->get_id());
PersistenceContext::get_querier()->delete(DB_TABLE_EVENTS, 'WHERE module=:module AND id_in_module=:id', array('module' => 'news', 'id' => $news->get_id()));
CommentsService::delete_comments_topic_module('news', $news->get_id());
Feed::clear_cache('news');
AppContext::get_response()->redirect($request->get_url_referrer() ? $request->get_url_referrer() : NewsUrlBuilder::home(), StringVars::replace_vars(LangLoader::get_message('news.message.success.delete', 'common', 'news'), array('name' => $news->get_name())));
}
public function execute(HTTPRequestCustom $request)
{
$this->init();
$user_id = $request->get_getint('user_id', AppContext::get_current_user()->get_id());
try {
$this->user = UserService::get_user($user_id);
} catch (RowNotFoundException $e) {
$error_controller = PHPBoostErrors::unexisting_element();
DispatchManager::redirect($error_controller);
}
try {
$this->internal_auth_infos = PHPBoostAuthenticationMethod::get_auth_infos($user_id);
} catch (RowNotFoundException $e) {
}
$this->user_auth_types = AuthenticationService::get_user_types_authentication($user_id);
if (!$this->check_authorizations($user_id)) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
$associate_type = $request->get_getvalue('associate', false);
if ($associate_type) {
if (!in_array($associate_type, $this->user_auth_types)) {
$authentication_method = AuthenticationService::get_authentication_method($associate_type);
AuthenticationService::associate($authentication_method, $user_id);
AppContext::get_response()->redirect(UserUrlBuilder::edit_profile($user_id));
}
}
$dissociate_type = $request->get_getvalue('dissociate', false);
if ($dissociate_type) {
if (in_array($dissociate_type, $this->user_auth_types) && count($this->user_auth_types) > 1) {
$authentication_method = AuthenticationService::get_authentication_method($dissociate_type);
AuthenticationService::dissociate($authentication_method, $user_id);
AppContext::get_response()->redirect(UserUrlBuilder::edit_profile($user_id));
}
}
$this->build_form();
if ($this->submit_button->has_been_submited() && $this->form->validate()) {
$this->save($request);
}
$this->tpl->put('FORM', $this->form->display());
return $this->build_response();
}
private function check_authorizations()
{
$weblink = $this->get_weblink();
$not_authorized = !WebAuthorizationsService::check_authorizations($weblink->get_id_category())->moderation() && (!WebAuthorizationsService::check_authorizations($weblink->get_id_category())->write() && $weblink->get_author_user()->get_id() != AppContext::get_current_user()->get_id());
switch ($weblink->get_approbation_type()) {
case WebLink::APPROVAL_NOW:
if (!WebAuthorizationsService::check_authorizations($weblink->get_id_category())->read() && $not_authorized) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
break;
case WebLink::NOT_APPROVAL:
if ($not_authorized) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
break;
case WebLink::APPROVAL_DATE:
if (!$weblink->is_visible() && $not_authorized) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
break;
default:
$error_controller = PHPBoostErrors::unexisting_page();
DispatchManager::redirect($error_controller);
break;
}
}
private function check_authorizations()
{
$article = $this->get_article();
$auth_write = ArticlesAuthorizationsService::check_authorizations($article->get_id_category())->write();
$auth_moderation = ArticlesAuthorizationsService::check_authorizations($article->get_id_category())->moderation();
$not_authorized = !$auth_moderation && (!$auth_write && $article->get_author_user()->get_id() != AppContext::get_current_user()->get_id());
switch ($article->get_publishing_state()) {
case Article::PUBLISHED_NOW:
if (!ArticlesAuthorizationsService::check_authorizations($article->get_id_category())->read() && $not_authorized) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
break;
case Article::NOT_PUBLISHED:
if ($not_authorized) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
break;
case Article::PUBLISHED_DATE:
if (!$article->is_published() && $not_authorized) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
break;
default:
$error_controller = PHPBoostErrors::unexisting_page();
DispatchManager::redirect($error_controller);
break;
}
}
private function get_error($authorizations_type)
{
DispatchManager::redirect(PHPBoostErrors::user_not_authorized());
return;
}
public function get_right_controller_regarding_authorizations()
{
if (!AppContext::get_current_user()->check_auth(UserAccountsConfig::load()->get_auth_read_members(), UserAccountsConfig::AUTH_READ_MEMBERS_BIT)) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
return $this;
}
public function get_right_controller_regarding_authorizations()
{
if (!AppContext::get_current_user()->check_auth(CommentsConfig::load()->get_authorizations(), CommentsAuthorizations::READ_AUTHORIZATIONS)) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
return $this;
}
$error_controller = PHPBoostErrors::unexisting_page();
DispatchManager::redirect($error_controller);
}
$category = ForumService::get_categories_manager()->get_categories_cache()->get_category($topic['idcat']);
$topic_name = !empty($topic['title']) ? stripslashes($topic['title']) : '';
$Bread_crumb->add($config->get_forum_name(), 'index.php');
$Bread_crumb->add($category->get_name(), 'forum' . url('.php?id=' . $topic['idcat'], '-' . $topic['idcat'] . '+' . $category->get_rewrited_name() . '.php'));
$Bread_crumb->add($topic['title'], 'topic' . url('.php?id=' . $alert, '-' . $alert . '-' . Url::encode_rewrite($topic_name) . '.php'));
$Bread_crumb->add($LANG['alert_topic'], '');
define('TITLE', $LANG['alert_topic']);
require_once '../kernel/header.php';
if (empty($alert) && empty($alert_post) || empty($topic['idcat'])) {
AppContext::get_response()->redirect('/forum/index' . url('.php'));
}
if (!AppContext::get_current_user()->check_level(User::MEMBER_LEVEL)) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
$tpl = new FileTemplate('forum/forum_alert.tpl');
//On fait un formulaire d'alerte
if (!empty($alert) && empty($alert_post)) {
//On vérifie qu'une alerte sur le même sujet n'ait pas été postée
$nbr_alert = PersistenceContext::get_querier()->count(PREFIX . 'forum_alerts', 'WHERE idtopic=:idtopic AND status = 0', array('idtopic' => $alert));
if (empty($nbr_alert)) {
$editor = AppContext::get_content_formatting_service()->get_default_editor();
$editor->set_identifier('contents');
$tpl->put_all(array('KERNEL_EDITOR' => $editor->display(), 'L_ALERT' => $LANG['alert_topic'], 'L_ALERT_EXPLAIN' => $LANG['alert_modo_explain'], 'L_ALERT_TITLE' => $LANG['alert_title'], 'L_ALERT_CONTENTS' => $LANG['alert_contents'], 'L_REQUIRE' => LangLoader::get_message('form.explain_required_fields', 'status-messages-common'), 'L_REQUIRE_TEXT' => $LANG['require_text'], 'L_REQUIRE_TITLE' => $LANG['require_title']));
$tpl->assign_block_vars('alert_form', array('TITLE' => $topic_name, 'U_TOPIC' => 'topic' . url('.php?id=' . $alert, '-' . $alert . '-' . Url::encode_rewrite($topic_name) . '.php'), 'ID_ALERT' => $alert));
} else {
$tpl->put_all(array('L_ALERT' => $LANG['alert_topic'], 'L_BACK_TOPIC' => $LANG['alert_back'], 'URL_TOPIC' => 'topic' . url('.php?id=' . $alert, '-' . $alert . '-' . Url::encode_rewrite($topic_name) . '.php')));
$tpl->assign_block_vars('alert_confirm', array('MSG' => $LANG['alert_topic_already_done']));
$tpl->put_all(array('ID' => $page_infos['id'], 'TITLE' => stripslashes(stripslashes($page_infos['title'])), 'CONTENTS' => pages_second_parse($page_infos['contents']), 'COUNT_HITS' => $page_infos['count_hits'] ? sprintf($LANG['page_hits'], $page_infos['hits'] + 1) : ' ', 'L_LINKS' => $LANG['pages_links_list'], 'L_PAGE_OUTILS' => $LANG['pages_links_list']));
$tpl->display();
} elseif ((!empty($encoded_title) || $id_com > 0) && $num_rows == 0) {
$error_controller = PHPBoostErrors::unexisting_page();
DispatchManager::redirect($error_controller);
} elseif ($id_com > 0) {
//Commentaires activés pour cette page ?
if ($page_infos['activ_com'] == 0) {
DispatchManager::redirect(PHPBoostErrors::unexisting_page());
}
//Autorisation particulière ?
$special_auth = !empty($page_infos['auth']);
$array_auth = unserialize($page_infos['auth']);
//Vérification de l'autorisation de voir la page
if ($special_auth && !AppContext::get_current_user()->check_auth($array_auth, READ_PAGE) || !$special_auth && !AppContext::get_current_user()->check_auth($config_authorizations, READ_PAGE) && ($special_auth && !AppContext::get_current_user()->check_auth($array_auth, READ_COM)) || !$special_auth && !AppContext::get_current_user()->check_auth($config_authorizations, READ_COM)) {
DispatchManager::redirect(PHPBoostErrors::user_not_authorized());
}
$tpl = new FileTemplate('pages/com.tpl');
$comments_topic = new PagesCommentsTopic();
$comments_topic->set_id_in_module($id_com);
$comments_topic->set_url(new Url(PagesUrlBuilder::get_link_item_com($id_com, '%s')));
$tpl->put_all(array('COMMENTS' => CommentsService::display($comments_topic)->render()));
$tpl->display();
} else {
$modulesLoader = AppContext::get_extension_provider_service();
$module = $modulesLoader->get_provider('pages');
if ($module->has_extension_point(HomePageExtensionPoint::EXTENSION_POINT)) {
echo $module->get_extension_point(HomePageExtensionPoint::EXTENSION_POINT)->get_home_page()->get_view()->display();
}
}
require_once '../kernel/footer.php';
private function check_authorizations()
{
$bug = $this->get_bug();
if ($bug->get_id() === null) {
if (!$bug->is_authorized_to_add()) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
} else {
if (!($bug->is_authorized_to_edit() || $bug->get_assigned_to_id() && $this->current_user->get_id() == $bug->get_assigned_to_id())) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
}
if (AppContext::get_current_user()->is_readonly()) {
$error_controller = PHPBoostErrors::user_in_read_only();
DispatchManager::redirect($error_controller);
}
}
private function check_authorizations()
{
$event = $this->get_event();
if (!CalendarAuthorizationsService::check_authorizations($event->get_content()->get_category_id())->read() && (!(CalendarAuthorizationsService::check_authorizations($event->get_content()->get_category_id())->write() || CalendarAuthorizationsService::check_authorizations($event->get_content()->get_category_id())->contribution() && !$event->get_content()->is_approved()) && $event->get_content()->get_author_user()->get_id() != AppContext::get_current_user()->get_id())) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
}
private function check_authorizations()
{
$message = $this->get_message();
if ($message->get_id() === null) {
if (!GuestbookAuthorizationsService::check_authorizations()->write()) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
} else {
if (!$message->is_authorized_edit()) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
}
if (AppContext::get_current_user()->is_readonly()) {
$controller = PHPBoostErrors::user_in_read_only();
DispatchManager::redirect($controller);
}
}
private function check_authorizations()
{
if (AppContext::get_current_user()->is_guest()) {
if ($this->config->are_descriptions_displayed_to_guests() && (!Authorizations::check_auth(RANK_TYPE, User::MEMBER_LEVEL, $this->get_category()->get_authorizations(), Category::READ_AUTHORIZATIONS) || $this->config->get_category_display_type() == DownloadConfig::DISPLAY_ALL_CONTENT) || !$this->config->are_descriptions_displayed_to_guests() && !DownloadAuthorizationsService::check_authorizations($this->get_category()->get_id())->read()) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
} else {
if (!DownloadAuthorizationsService::check_authorizations($this->get_category()->get_id())->read()) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
}
}
private static function register_notation(Notation $notation)
{
if (self::$user->check_level(User::MEMBER_LEVEL)) {
$note_is_valid = $notation->get_note() >= 0 && $notation->get_note() <= $notation->get_notation_scale() ? true : false;
$member_already_notation = self::$db_querier->count(DB_TABLE_NOTE, 'WHERE user_id=:user_id AND module_name=:module_name AND id_in_module=:id_in_module', array('module_name' => $notation->get_module_name(), 'id_in_module' => $notation->get_id_in_module(), 'user_id' => $notation->get_user_id()));
if (!$member_already_notation && $note_is_valid) {
self::$db_querier->insert(DB_TABLE_NOTE, array('module_name' => $notation->get_module_name(), 'id_in_module' => $notation->get_id_in_module(), 'user_id' => $notation->get_user_id(), 'note' => $notation->get_note()));
$condition = 'WHERE module_name=:module_name AND id_in_module=:id_in_module';
$parameters = array('module_name' => $notation->get_module_name(), 'id_in_module' => $notation->get_id_in_module());
$nbr_notes = self::$db_querier->count(DB_TABLE_AVERAGE_NOTES, $condition, $parameters);
if ($nbr_notes == 0) {
self::$db_querier->insert(DB_TABLE_AVERAGE_NOTES, array('module_name' => $notation->get_module_name(), 'id_in_module' => $notation->get_id_in_module(), 'average_notes' => self::calculates_average_notes($notation), 'number_notes' => 1));
} else {
self::$db_querier->update(DB_TABLE_AVERAGE_NOTES, array('average_notes' => self::calculates_average_notes($notation), 'number_notes' => self::get_number_notes($notation) + 1), $condition, $parameters);
}
}
} else {
DispatchManager::redirect(PHPBoostErrors::user_not_authorized());
}
}
private function check_authorizations()
{
$downloadfile = $this->get_downloadfile();
if ($downloadfile->get_id() === null) {
if (!$downloadfile->is_authorized_to_add()) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
} else {
if (!$downloadfile->is_authorized_to_edit()) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
}
if (AppContext::get_current_user()->is_readonly()) {
$controller = PHPBoostErrors::user_in_read_only();
DispatchManager::redirect($controller);
}
}
private static function verificate_authorized_edit_or_delete_comment($authorizations, $comment_id)
{
$is_authorized = self::is_authorized_edit_or_delete_comment($authorizations, $comment_id);
if (!CommentsManager::comment_exists($comment_id)) {
$error_controller = PHPBoostErrors::unexisting_page();
DispatchManager::redirect($error_controller);
} else {
if (!$is_authorized) {
$error_controller = PHPBoostErrors::user_not_authorized();
DispatchManager::redirect($error_controller);
}
}
}
