/**
* Move an item one down or own up int he ordering
*
* @param string $move Direction to move
* @return void
*/
protected function reorderTask($move = 'down')
{
// Check for request forgeries
Request::checkToken(['get', 'post']);
// Incoming
$id = Request::getVar('id', array());
$id = $id[0];
$pid = Request::getInt('event', 0);
// Ensure we have an ID to work with
if (!$id) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_EVENTS_PAGE_NO_ID'), 'error');
return;
}
// Ensure we have a parent ID to work with
if (!$pid) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_EVENTS_PAGE_NO_EVENT_ID'), 'error');
return;
}
// Get the element moving down - item 1
$page1 = new Page($this->database);
$page1->load($id);
// Get the element directly after it in ordering - item 2
$page2 = clone $page1;
$page2->getNeighbor($this->_task);
switch ($move) {
case 'up':
// Switch places: give item 1 the position of item 2, vice versa
$orderup = $page2->ordering;
$orderdn = $page1->ordering;
$page1->ordering = $orderup;
$page2->ordering = $orderdn;
break;
case 'down':
// Switch places: give item 1 the position of item 2, vice versa
$orderup = $page1->ordering;
$orderdn = $page2->ordering;
$page1->ordering = $orderdn;
$page2->ordering = $orderup;
break;
}
// Save changes
$page1->store();
$page2->store();
// Redirect
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&id[]=' . $pid, false));
}
/**
* Save an entry
*
* @return void
*/
protected function _save()
{
// Ensure the user is logged in
if (User::isGuest()) {
return $this->_login();
}
// Check for request forgeries
Request::checkToken();
// Incoming
$comment = Request::getVar('comment', array(), 'post', 'none', 2);
// Instantiate a new comment object
$row = new \Plugins\Hubzero\Comments\Models\Comment($comment['id']);
// pass data to comment object
if (!$row->bind($comment)) {
App::redirect($this->url, $row->getError(), 'error');
return;
}
$row->set('uploadDir', $this->params->get('comments_uploadpath', '/site/comments'));
$row->set('created', Date::toSql());
if ($row->exists() && !$this->params->get('access-edit-comment')) {
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode($this->url)), Lang::txt('PLG_HUBZERO_COMMENTS_NOTAUTH'), 'warning');
return;
}
// Store new content
if (!$row->store(true)) {
$key = 'failed_comment';
$value = $row->content('raw');
User::setState($key, $value);
App::redirect($this->url, $row->getError(), 'error');
return;
}
App::redirect($this->url, Lang::txt('PLG_HUBZERO_COMMENTS_SAVED'), 'message');
}
/**
* Save
*
* @return void
*/
public function saveTask()
{
// Check for request forgeries
Request::checkToken();
// Incoming
$step = Request::getInt('step', '0');
// Where do we go next?
if ($this->_identifier && !$this->model->exists()) {
throw new Exception(Lang::txt('COM_PROJECTS_PROJECT_CANNOT_LOAD'), 404);
return;
}
// New project?
$new = $this->model->exists() ? false : true;
$setup = $new || $this->model->inSetup() ? true : false;
// Determine setup steps
$setupSteps = array('describe', 'team', 'finalize');
if ($this->_setupComplete < 3) {
array_pop($setupSteps);
}
// Next screen requested
$this->next = $setup && isset($setupSteps[$step]) ? $setupSteps[$step] : $this->section;
// Are we allowed to save this step?
$current = array_search($this->section, $setupSteps);
if ($new && $current > 0) {
throw new Exception(Lang::txt('ALERTNOTAUTH'), 403);
return;
}
// Cannot save a new project unless in setup
if ($new && !$setup) {
throw new Exception(Lang::txt('COM_PROJECTS_PROJECT_CANNOT_LOAD'), 404);
return;
}
// Get group ID
if ($this->_gid) {
// Load the group
$this->group = \Hubzero\User\Group::getInstance($this->_gid);
// Ensure we found the group info
if (!is_object($this->group) || !$this->group->get('gidNumber') && !$this->group->get('cn')) {
throw new Exception(Lang::txt('COM_PROJECTS_NO_GROUP_FOUND'), 404);
return;
}
$this->_gid = $this->group->get('gidNumber');
$this->model->set('owned_by_group', $this->_gid);
// Make sure we have up-to-date group membership information
if ($this->model->exists()) {
$objO = $this->model->table('Owner');
$objO->reconcileGroups($this->model->get('id'));
}
}
// Check authorization
if ($this->model->exists() && !$this->model->access('owner')) {
throw new Exception(Lang::txt('ALERTNOTAUTH'), 403);
return;
} elseif (!$this->model->exists() && $this->_gid) {
// Check group authorization to create a project
if (!$this->group->is_member_of('members', User::get('id')) && !$this->group->is_member_of('managers', User::get('id'))) {
throw new Exception(Lang::txt('COM_PROJECTS_ALERTNOTAUTH_GROUP'), 403);
return;
}
}
// Get group ID
if ($this->_gid) {
// Load the group
$this->group = \Hubzero\User\Group::getInstance($this->_gid);
// Ensure we found the group info
if (!is_object($this->group) || !$this->group->get('gidNumber') && !$this->group->get('cn')) {
throw new Exception(Lang::txt('COM_PROJECTS_NO_GROUP_FOUND'), 404);
return;
}
$this->_gid = $this->group->get('gidNumber');
$this->model->set('owned_by_group', $this->_gid);
}
if ($this->section == 'finalize') {
// Complete project setup
if ($this->_finalize()) {
$this->_setNotification(Lang::txt('COM_PROJECTS_NEW_PROJECT_CREATED'), 'success');
// Some follow-up actions
$this->_onAfterProjectCreate();
App::redirect(Route::url($this->model->link()));
return;
}
} else {
// Save
$this->_process();
}
// Record setup stage and move on
if ($setup && !$this->getError() && $step > $this->model->get('setup_stage')) {
$this->model->set('setup_stage', $step);
$this->model->store();
// Did we actually complete setup?
if (!$this->model->inSetup()) {
// Complete project setup
if ($this->_finalize()) {
$this->_setNotification(Lang::txt('COM_PROJECTS_NEW_PROJECT_CREATED'), 'success');
// Some follow-up actions
$this->_onAfterProjectCreate();
App::redirect(Route::url($this->model->link()));
return;
}
}
}
// Don't go next in case of error
if ($this->getError()) {
$this->next = $this->section;
$this->_setNotification($this->getError(), 'error');
} else {
$this->_setNotification(Lang::txt('COM_PROJECTS_' . strtoupper($this->section) . '_SAVED'), 'success');
}
// Redirect
$task = $setup ? 'setup' : 'edit';
$append = $new && $this->model->exists() && $this->next == 'describe' ? '#describearea' : '';
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=' . $task . '&alias=' . $this->model->get('alias') . '&active=' . $this->next) . $append);
return;
}
/**
* Save an entry
*
* @return string HTML
*/
private function _save()
{
// Check for request forgeries
Request::checkToken();
//verify were authorized
if ($this->authorized != 'manager') {
$this->setError(Lang::txt('PLG_GROUPS_ANNOUNCEMENTS_ONLY_MANAGERS_CAN_CREATE'));
return $this->_list();
}
// Incoming
$fields = Request::getVar('fields', array(), 'post', 'none', 2);
$fields = array_map('trim', $fields);
// email announcement
$email = isset($fields['email']) && $fields['email'] == 1 ? true : false;
//mark as not sent if we want to email again
if ($email === true) {
$fields['sent'] = 0;
}
// are we creating the announcement?
if (!isset($fields['id']) || $fields['id'] == 0) {
$fields['scope'] = 'group';
$fields['scope_id'] = $this->group->get('gidNumber');
$fields['created'] = Date::toSql();
$fields['created_by'] = User::get('id');
}
//do we want to mark sticky?
$fields['sticky'] = isset($fields['sticky']) && $fields['sticky'] == 1 ? 1 : 0;
//do we want to mark as high priority
$fields['priority'] = isset($fields['priority']) && $fields['priority'] == 1 ? 1 : 0;
//format publish up
if (isset($fields['publish_up']) && $fields['publish_up'] != '' && $fields['publish_up'] != '0000-00-00 00:00:00') {
$fields['publish_up'] = Date::of(str_replace('@', '', $fields['publish_up']), Config::get('offset'))->toSql();
}
//format publish down
if (isset($fields['publish_down']) && $fields['publish_down'] != '' && $fields['publish_down'] != '0000-00-00 00:00:00') {
$fields['publish_down'] = Date::of(str_replace('@', '', $fields['publish_down']), Config::get('offset'))->toSql();
}
if ($fields['publish_up'] > $fields['publish_down']) {
$this->setError(Lang::txt('PLG_GROUPS_ANNOUNCEMENTS_INVALID_PUBLISH_DATES'));
return $this->_edit($fields);
}
//announcement model
$announcement = new \Hubzero\Item\Announcement($this->database);
//attempt to save
if (!$announcement->save($fields)) {
$this->setError($announcement->getError());
return $this->_edit($fields);
}
// does user want to email and should we email yet?
if ($email === true && $announcement->announcementPublishedForDate()) {
// email announcement
$announcement->emailAnnouncement();
//set that we sent it and resave
$announcement->sent = 1;
$announcement->save($announcement);
}
//success!
App::redirect(Route::url('index.php?option=' . $this->option . '&cn=' . $this->group->get('cn') . '&active=announcements'), Lang::txt('PLG_GROUPS_ANNOUNCEMENTS_SUCCESSFULLY_CREATED'), 'success');
return;
}
/**
* Save blog settings
*
* @return void
*/
private function _savesettings()
{
if (User::isGuest()) {
$this->setError(Lang::txt('GROUPS_LOGIN_NOTICE'));
return;
}
if ($this->authorized != 'manager' && $this->authorized != 'admin') {
$this->setError(Lang::txt('PLG_GROUPS_BLOG_NOT_AUTHORIZED'));
return $this->_browse();
}
// Check for request forgeries
Request::checkToken();
$settings = Request::getVar('settings', array(), 'post');
$row = \Hubzero\Plugin\Params::blank()->set($settings);
// Get parameters
$p = new \Hubzero\Config\Registry(Request::getVar('params', array(), 'post'));
$row->set('params', $p->toString());
// Store new content
if (!$row->save()) {
$this->setError($row->getError());
return $this->_settings();
}
// Record the activity
$recipients = array(['group', $this->group->get('gidNumber')]);
foreach ($this->group->get('managers') as $recipient) {
$recipients[] = ['user', $recipient];
}
Event::trigger('system.logActivity', ['activity' => ['action' => 'updated', 'scope' => 'blog.settings', 'scope_id' => $row->get('id'), 'description' => Lang::txt('PLG_GROUPS_BLOG_ACTIVITY_SETTINGS_UPDATED')], 'recipients' => $recipients]);
App::redirect(Route::url('index.php?option=com_groups&cn=' . $this->group->get('cn') . '&active=' . $this->_name . '&action=settings'), Lang::txt('PLG_GROUPS_BLOG_SETTINGS_SAVED'), 'passed');
}
/**
* Save an entry
*
* @return string HTML
*/
private function _save()
{
// Permissions check
if (!$this->offering->access('manage', 'section')) {
return $this->_list();
}
// Check for request forgeries
Request::checkToken();
$no_html = Request::getInt('no_html', 0);
$response = new stdClass();
$response->code = 0;
// Incoming
$fields = Request::getVar('fields', array(), 'post', 'none', 2);
$fields = array_map('trim', $fields);
// Get the model and bind the data
$model = new \Components\Courses\Models\Announcement(0);
if (!$model->bind($fields)) {
$this->setError($model->getError());
return $this->_edit($model);
}
// Incoming dates are in local time. We need to convert to UTC
if ($model->get('publish_up') && $model->get('publish_up') != '0000-00-00 00:00:00') {
$model->set('publish_up', Date::of($model->get('publish_up'), Config::get('offset'))->toSql());
}
// Incoming dates are in local time. We need to convert to UTC
if ($model->get('publish_down') && $model->get('publish_down') != '0000-00-00 00:00:00') {
$model->set('publish_down', Date::of($model->get('publish_down'), Config::get('offset'))->toSql());
}
if (!isset($fields['priority']) || !$fields['priority']) {
$model->set('priority', 0);
}
// Store content
if (!$model->store(true)) {
$this->setError($model->getError());
if (!$no_html) {
return $this->_edit($model);
}
}
if ($no_html) {
if ($this->getError()) {
$response->code = 1;
$response->errors = $this->getErrors();
$response->data = $fields;
}
ob_clean();
header('Content-type: text/plain');
echo json_encode($response);
exit;
}
// Display listing
return $this->_list();
}
/**
* Save Group Calendar
*
* @return string
*/
private function saveCalendar()
{
Request::checkToken();
//get request vars
$calendarInput = Request::getVar('calendar', array());
// get the calendar
$calendar = \Components\Events\Models\Calendar::getInstance($calendarInput['id']);
//add scope and scope id to calendar array
$calendarInput['scope'] = 'group';
$calendarInput['scope_id'] = $this->group->get('gidNumber');
$calendarInput['url'] = trim($calendarInput['url']);
$colors = array('red', 'orange', 'yellow', 'green', 'blue', 'purple', 'brown');
if (!in_array($calendarInput['color'], $colors)) {
$calendarInput['color'] = '';
}
//is this a remote calendar url
if ($calendarInput['url'] != '' && filter_var($calendarInput['url'], FILTER_VALIDATE_URL)) {
$calendarInput['readonly'] = 1;
$needsRefresh = true;
} else {
$calendarInput['url'] = '';
$calendarInput['readonly'] = 0;
$needsRefresh = false;
}
// bind input
if (!$calendar->bind($calendarInput)) {
$this->setError($calendar->getError());
return $this->editCalendar();
}
// attempt to save
if (!$calendar->store(true)) {
$this->setError($calendar->getError());
return $this->editCalendar();
}
// should we refresh?
if ($needsRefresh) {
$calendar->refresh();
}
//inform and redirect
App::redirect(Route::url('index.php?option=' . $this->option . '&cn=' . $this->group->get('cn') . '&active=calendar&action=calendars'), Lang::txt('You have successfully added a new calendar.'), 'passed');
}
/**
* Save blog settings
*
* @return void
*/
private function _savesettings()
{
// Login check
if (User::isGuest()) {
return $this->_login();
}
if ($this->authorized != 'manager' && $this->authorized != 'admin') {
$this->setError(Lang::txt('PLG_GROUPS_COLLECTIONS_NOT_AUTH'));
return $this->_collections();
}
// Check for request forgeries
Request::checkToken();
$settings = Request::getVar('settings', array(), 'post');
$row = \Hubzero\Plugin\Params::oneByPlugin($this->group->get('gidNumber'), $this->_type, $this->_name);
$row->set('object_id', $this->group->get('gidNumber'));
$row->set('folder', $this->_type);
$row->set('element', $this->_name);
// Get parameters
$prms = Request::getVar('params', array(), 'post');
$params = new \Hubzero\Config\Registry($prms);
$row->set('params', $params->toString());
// Store new content
if (!$row->save()) {
$this->setError($row->getError());
return $this->_settings();
}
// Record the activity
$recipients = array(['group', $this->group->get('gidNumber')]);
foreach ($this->group->get('managers') as $recipient) {
$recipients[] = ['user', $recipient];
}
Event::trigger('system.logActivity', ['activity' => ['action' => 'updated', 'scope' => 'collections.settings', 'scope_id' => $row->get('id'), 'description' => Lang::txt('PLG_GROUPS_COLLECTIONS_ACTIVITY_SETTINGS_UPDATED')], 'recipients' => $recipients]);
App::redirect(Route::url('index.php?option=com_groups&cn=' . $this->group->get('cn') . '&active=' . $this->_name), Lang::txt('PLG_GROUPS_COLLECTIONS_SETTINGS_SAVED'), 'passed');
}
/**
* Upload a file to the wiki
*
* @return void
*/
public function _fileUpload()
{
// Check if they're logged in
if (User::isGuest()) {
return $this->_files();
}
if (Request::getVar('no_html', 0)) {
return $this->_ajaxUpload();
}
// Check for request forgeries
Request::checkToken();
// Ensure we have an ID to work with
$listdir = Request::getInt('listdir', 0, 'post');
if (!$listdir) {
$this->setError(Lang::txt('PLG_COURSES_PAGES_ERROR_NO_ID_PROVIDED'));
return $this->_files();
}
// Incoming file
$file = Request::getVar('upload', '', 'files', 'array');
if (!$file['name']) {
$this->setError(Lang::txt('PLG_COURSES_PAGES_ERROR_NO_FILE_PROVIDED'));
return $this->_files();
}
// Build the upload path if it doesn't exist
$path = $this->_path();
if (!is_dir($path)) {
if (!Filesystem::makeDirectory($path)) {
$this->setError(Lang::txt('PLG_COURSES_PAGES_ERROR_UNABLE_TO_MAKE_PATH'));
return $this->_files();
}
}
// Make the filename safe
$file['name'] = urldecode($file['name']);
$file['name'] = Filesystem::clean($file['name']);
$file['name'] = str_replace(' ', '_', $file['name']);
// Upload new files
if (!Filesystem::upload($file['tmp_name'], $path . DS . $file['name'])) {
$this->setError(Lang::txt('PLG_COURSES_PAGES_ERROR_UNABLE_TO_UPLOAD'));
}
if (!Filesystem::isSafe($path . DS . $file['name'])) {
Filesystem::delete($path . DS . $file['name']);
$this->setError(Lang::txt('PLG_COURSES_PAGES_ERROR_UNSAFE_FILE'));
}
// Push through to the media view
return $this->_files();
}
/**
* Save an entry
*
* @return mixed An html view on error, redirects on success
*/
private function _save()
{
// Check for request forgeries
Request::checkToken();
//verify were authorized
if ($this->authorized != 'manager') {
$this->setError(Lang::txt('PLG_GROUPS_ANNOUNCEMENTS_ONLY_MANAGERS_CAN_CREATE'));
return $this->_list();
}
// Incoming
$fields = Request::getVar('fields', array(), 'post', 'none', 2);
$fields = array_map('trim', $fields);
// email announcement
$email = isset($fields['email']) && $fields['email'] == 1 ? true : false;
//mark as not sent if we want to email again
if ($email === true) {
$fields['sent'] = 0;
}
// are we creating the announcement?
if (!isset($fields['id']) || $fields['id'] == 0) {
$fields['id'] = 0;
$fields['scope'] = 'group';
$fields['scope_id'] = $this->group->get('gidNumber');
$fields['created'] = Date::toSql();
$fields['created_by'] = User::get('id');
}
//do we want to mark sticky?
$fields['sticky'] = isset($fields['sticky']) && $fields['sticky'] == 1 ? 1 : 0;
//do we want to mark as high priority
$fields['priority'] = isset($fields['priority']) && $fields['priority'] == 1 ? 1 : 0;
//format publish up
if (isset($fields['publish_up']) && $fields['publish_up'] != '' && $fields['publish_up'] != '0000-00-00 00:00:00') {
$fields['publish_up'] = Date::of(str_replace('@', '', $fields['publish_up']), Config::get('offset'))->toSql();
}
//format publish down
if (isset($fields['publish_down']) && $fields['publish_down'] != '' && $fields['publish_down'] != '0000-00-00 00:00:00') {
$fields['publish_down'] = Date::of(str_replace('@', '', $fields['publish_down']), Config::get('offset'))->toSql();
}
// Bind data
$model = \Hubzero\Item\Announcement::oneOrNew($fields['id'])->set($fields);
if ($model->get('publish_down') != '0000-00-00 00:00:00' && $model->get('publish_up') > $model->get('publish_down')) {
$this->setError(Lang::txt('PLG_GROUPS_ANNOUNCEMENTS_INVALID_PUBLISH_DATES'));
return $this->_edit($model);
}
if (!$model->save()) {
$this->setError($model->setError());
return $this->_edit($model);
}
// Does user want to email and should we email yet?
if ($email === true && $model->inPublishWindow()) {
// Email announcement
self::send($model, $this->group);
// Set that we sent it and resave
$model->set('sent', 1);
$model->save();
}
$url = 'index.php?option=' . $this->option . '&cn=' . $this->group->get('cn') . '&active=' . $this->_name;
// Record the activity
$recipients = array(['group', $this->group->get('gidNumber')]);
foreach ($this->group->get('managers') as $recipient) {
$recipients[] = ['user', $recipient];
}
Event::trigger('system.logActivity', ['activity' => ['action' => $fields['id'] ? 'updated' : 'created', 'scope' => 'announcement', 'scope_id' => $model->get('id'), 'description' => Lang::txt('PLG_GROUPS_ANNOUNCEMENTS_ACTIVITY_' . ($fields['id'] ? 'UPDATED' : 'CREATED'), '<a href="' . Route::url($url) . '">' . \Hubzero\Utility\String::truncate(strip_tags($model->get('content')), 70) . '</a>'), 'details' => array('url' => Route::url($url), 'id' => $this->group->get('gidNumber'), 'alias' => $this->group->get('cn'), 'title' => $this->group->get('description'))], 'recipients' => $recipients]);
// Redirect to the main listing
App::redirect(Route::url($url), Lang::txt('PLG_GROUPS_ANNOUNCEMENTS_SUCCESSFULLY_SAVED'), 'success');
}
/**
* Set the state of a course
*
* @return void
*/
public function stateTask()
{
// Check for request forgeries
Request::checkToken(['get', 'post']);
$state = $this->_task == 'publish' ? 1 : 0;
// Incoming
$ids = Request::getVar('id', array());
$ids = !is_array($ids) ? array($ids) : $ids;
// Do we have any IDs?
$num = 0;
if (!empty($ids)) {
//foreach course id passed in
foreach ($ids as $id) {
// Load the course page
$model = \Components\Courses\Models\Offering::getInstance($id);
// Ensure we found the course info
if (!$model->exists()) {
continue;
}
//set the course to be published and update
$model->set('state', $state);
if (!$model->store()) {
$this->setError(Lang::txt('COM_COURSES_ERROR_UNABLE_TO_SET_STATE', $id));
continue;
}
// Log the course approval
$model->log($model->get('id'), 'offering', $state ? 'published' : 'unpublished');
$num++;
}
}
if ($this->getErrors()) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&course=' . Request::getInt('course', 0), false), implode('<br />', $this->getErrors()), 'error');
} else {
// Output messsage and redirect
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&course=' . Request::getInt('course', 0), false), $state ? Lang::txt('COM_COURSES_ITEMS_PUBLISHED', $num) : Lang::txt('COM_COURSES_ITEMS_UNPUBLISHED', $num));
}
}
/**
* Remove one or more types
*
* @return void Redirects back to main listing
*/
public function removeTask()
{
// Check for request forgeries
Request::checkToken();
// Incoming (expecting an array)
$ids = Request::getVar('id', array());
$ids = !is_array($ids) ? array($ids) : $ids;
// Ensure we have an ID to work with
if (empty($ids)) {
// Redirect with error message
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_PUBLICATIONS_NO_ITEM_SELECTED'), 'error');
return;
}
$rt = new \Components\Publications\Tables\MasterType($this->database);
foreach ($ids as $id) {
// Check if the type is being used
$total = $rt->checkUsage($id);
if ($total > 0) {
// Redirect with error message
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_PUBLICATIONS_TYPE_BEING_USED', $id), 'error');
return;
}
// Delete the type
$rt->delete($id);
}
// Redirect
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_PUBLICATIONS_ITEMS_REMOVED', count($ids)));
}
/**
* Send a message
*
* @return mixed
*/
public function send($database, $option, $member)
{
// Ensure the user is logged in
if (User::isGuest()) {
return false;
}
// Check for request forgeries
Request::checkToken();
// Incoming array of users to message
$mbrs = array_map("trim", explode(',', Request::getVar('mbrs', array(), 'post')));
//array to hold members
$email_users = array();
//
foreach ($mbrs as $mbr) {
if (is_numeric($mbr)) {
$email_users[] = $mbr;
} else {
preg_match("/\\((\\d+)\\)/", $mbr, $matches);
$email_users[] = $matches[1];
}
}
// Incoming message and subject
$subject = Request::getVar('subject', Lang::txt('PLG_MEMBERS_MESSAGES_SUBJECT_MESSAGE'));
$message = Request::getVar('message', '');
$no_html = Request::getInt('no_html', 0);
if (!$subject || !$message) {
if (!$no_html) {
$this->addPluginMessage(Lang::txt('You must select a message recipient and enter a message.'), 'error');
return $this->redirect(Route::url($member->getLink() . '&active=messages&action=new'));
}
return App::abort(500, Lang::txt('You must select a message recipient and enter a message.'));
}
// Build the "from" data for the e-mail
$from = array();
$from['name'] = $member->get('name');
$from['email'] = $member->get('email');
// Send the message
if (!Event::trigger('xmessage.onSendMessage', array('member_message', $subject, $message, $from, $email_users, $option))) {
$this->setError(Lang::txt('PLG_MEMBERS_MESSAGES_ERROR_MSG_USER_FAILED'));
}
// Determine if we're returning HTML or not
// (if no - this is an AJAX call)
if (!$no_html) {
$this->addPluginMessage(Lang::txt('You have successfully sent a message.'), 'passed');
return App::redirect(Route::url($member->getLink() . '&active=messages&task=inbox'));
}
}
/**
* Sets the state of one or more entries
*
* @param integer The state to set entries to
* @return void
*/
public function stateTask($state = 0)
{
// Check for request forgeries
Request::checkToken(['get', 'post']);
// Incoming
$ids = Request::getVar('id', array());
// Check for an ID
if (count($ids) < 1) {
$action = $state == 1 ? Lang::txt('PLG_RESOURCES_SPONSORS_UNPUBLISH') : Lang::txt('PLG_RESOURCES_SPONSORS_PUBLISH');
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=manage&plugin=sponsors', false), Lang::txt('PLG_RESOURCES_SPONSORS_SELECT_ITEM_TO', $action), 'error');
return;
}
foreach ($ids as $id) {
// Update record(s)
$row = \Plugins\Resources\Sponsors\Models\Sponsor::oneOrFail((int) $id);
$row->set('state', $state);
if (!$row->save()) {
$this->setError($row->getError());
return $this->defaultTask();
}
}
// set message
if ($state == 1) {
$message = Lang::txt('PLG_RESOURCES_SPONSORS_ITEMS_PUBLISHED', count($ids));
} else {
$message = Lang::txt('PLG_RESOURCES_SPONSORS_ITEMS_UNPUBLISHED', count($ids));
}
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=manage&plugin=sponsors', false), $message);
}
/**
* Process import selections
*
* @return void
*/
private function processAction()
{
// Check if they're logged in
if (User::isGuest()) {
return $this->loginAction();
}
if (!$this->params->get('access-manage')) {
throw new Exception(Lang::txt('PLG_MEMBERS_CITATIONS_NOT_AUTHORIZED'), 403);
}
Request::checkToken();
$cites_require_attention = $this->importer->readRequiresAttention();
$cites_require_no_attention = $this->importer->readRequiresNoAttention();
// action for citations needing attention
$citations_action_attention = Request::getVar('citation_action_attention', array());
// action for citations needing no attention
$citations_action_no_attention = Request::getVar('citation_action_no_attention', array());
// check to make sure we have citations
if (!$cites_require_attention && !$cites_require_no_attention) {
App::redirect(Route::url($this->member->getLink() . '&active=' . $this->_name . '&action=import'), Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_MISSING_FILE_CONTINUE'), 'error');
return;
}
// vars
$allow_tags = "yes";
$allow_badges = "yes";
$this->importer->set('user', User::get('id'));
$this->importer->setTags($allow_tags == 'yes');
$this->importer->setBadges($allow_badges == 'yes');
$this->importer->set('scope_id', $this->member->get('uidNumber'));
$this->importer->set('scope', 'member');
// Process
$results = $this->importer->process($citations_action_attention, $citations_action_no_attention);
// success message a redirect
Notify::success(Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_RESULTS_SAVED', count($results['saved'])), 'plg_citations');
// if we have citations not getting saved
if (count($results['not_saved']) > 0) {
Notify::warning(Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_RESULTS_NOT_SAVED', count($results['not_saved'])), 'plg_citations');
}
if (count($results['error']) > 0) {
Notify::error(Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_RESULTS_SAVE_ERROR', count($results['error'])), 'plg_citations');
}
//get the session object
$session = App::get('session');
//ids of sessions saved and not saved
$session->set('citations_saved', $results['saved']);
$session->set('citations_not_saved', $results['not_saved']);
$session->set('citations_error', $results['error']);
//delete the temp files that hold citation data
$this->importer->cleanup(true);
//redirect
App::redirect(Route::url($this->member->getLink() . '&active=' . $this->_name . '&action=saved'));
}
/**
* Save comment
*
* @return void, redirect
*/
protected function _saveComment()
{
// Check for request forgeries
Request::checkToken();
// Check permission
if (!$this->model->access('content')) {
throw new Exception(Lang::txt('ALERTNOTAUTH'), 403);
return;
}
// Incoming
$itemid = Request::getInt('itemid', 0, 'post');
$comment = trim(Request::getVar('comment', '', 'post'));
$parent_activity = Request::getInt('parent_activity', 0, 'post');
// Clean-up
$comment = \Hubzero\Utility\Sanitize::stripScripts($comment);
$comment = \Hubzero\Utility\Sanitize::stripImages($comment);
$comment = \Hubzero\Utility\String::truncate($comment, 800);
// Instantiate comment
$objC = new \Components\Projects\Tables\Comment($this->_database);
if ($comment) {
$objC->itemid = $itemid;
$objC->tbl = 'todo';
$objC->parent_activity = $parent_activity;
$objC->comment = $comment;
$objC->created = Date::toSql();
$objC->created_by = $this->_uid;
if (!$objC->store()) {
$this->setError($objC->getError());
} else {
$this->_msg = Lang::txt('PLG_PROJECTS_TODO_COMMENT_POSTED');
}
// Get new entry ID
if (!$objC->id) {
$objC->checkin();
}
// Record activity
if ($objC->id) {
$what = Lang::txt('COM_PROJECTS_TODO_ITEM');
$url = Route::url($this->model->link('todo') . '&action=view&todoid=' . $itemid);
$aid = $this->model->recordActivity(Lang::txt('COM_PROJECTS_COMMENTED') . ' ' . Lang::txt('COM_PROJECTS_ON') . ' ' . $what, $objC->id, $what, $url, 'quote', 0);
}
// Store activity ID
if ($aid) {
$objC->activityid = $aid;
$objC->store();
}
}
// Pass error or success message
if ($this->getError()) {
\Notify::message($this->getError(), 'error', 'projects');
} elseif (!empty($this->_msg)) {
\Notify::message($this->_msg, 'success', 'projects');
}
// Redirect
App::redirect(Route::url($this->model->link('todo') . '&action=view&todoid=' . $itemid));
return;
}
/**
* Save an entry
*
* @return void
*/
protected function _save()
{
// Ensure the user is logged in
if (User::isGuest()) {
return $this->_login();
}
// Check for request forgeries
Request::checkToken();
// Incoming
$comment = Request::getVar('comment', array(), 'post', 'none', 2);
// Instantiate a new comment object
$row = \Plugins\Hubzero\Comments\Models\Comment::oneOrNew($comment['id'])->set($comment);
if ($row->get('id') && !$this->params->get('access-edit-comment')) {
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode($this->url)), Lang::txt('PLG_HUBZERO_COMMENTS_NOTAUTH'), 'warning');
}
// Store new content
if (!$row->save()) {
User::setState('failed_comment', $row->get('content'));
App::redirect($this->url, $row->getError(), 'error');
}
$upload = Request::getVar('comment_file', '', 'files', 'array');
if (!empty($upload) && $upload['name']) {
if ($upload['error']) {
$this->setError(\Lang::txt('PLG_HUBZERO_COMMENTS_ERROR_UPLOADING_FILE'));
}
$file = new \Plugins\Hubzero\Comments\Models\File();
$file->set('comment_id', $row->get('id'));
$file->setUploadDir($this->params->get('comments_uploadpath', '/site/comments'));
$fileName = $upload['name'];
$fileTemp = $upload['tmp_name'];
if (!$file->upload($fileName, $fileTemp)) {
$this->setError($file->getError());
} else {
$file->save();
}
}
App::redirect($this->url, Lang::txt('PLG_HUBZERO_COMMENTS_SAVED'), 'message');
}
/**
* Reorder a plugin
*
* @param integer $access Access level to set
* @return void
*/
public function orderTask()
{
// Check for request forgeries
Request::checkToken();
$id = Request::getVar('id', array(0), 'post', 'array');
\Hubzero\Utility\Arr::toInteger($id, array(0));
$uid = $id[0];
$inc = $this->_task == 'orderup' ? -1 : 1;
$row = new Tables\Assetgroup($this->database);
$row->load($uid);
$row->move($inc, 'unit_id=' . $this->database->Quote($row->unit_id) . ' AND parent=' . $this->database->Quote($row->parent));
$row->reorder('unit_id=' . $this->database->Quote($row->unit_id) . ' AND parent=' . $this->database->Quote($row->parent));
//$unit = \Components\Courses\Models\Unit::getInstance(Request::getInt('unit', 0));
//$ags = $unit->assetgroups(null, array('parent' => $row->parent));
if ($ags = $row->find(array('w' => array('parent' => $row->parent, 'unit_id' => $row->unit_id)))) {
foreach ($ags as $ag) {
$a = new \Components\Courses\Models\Assetgroup($ag);
$a->store();
}
}
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&unit=' . Request::getInt('unit', 0), false));
}
/**
* Save blog settings
*
* @return void
*/
private function _savesettings()
{
// Login check
if (User::isGuest()) {
return $this->_login();
}
if ($this->authorized != 'manager' && $this->authorized != 'admin') {
$this->setError(Lang::txt('PLG_COLLECTIONS_BLOG_NOT_AUTH'));
return $this->_collections();
}
// Check for request forgeries
Request::checkToken();
$settings = Request::getVar('settings', array(), 'post');
$row = new \Hubzero\Plugin\Params($this->database);
$row->loadPlugin($this->group->get('gidNumber'), $this->_type, $this->_name);
$row->object_id = $this->group->get('gidNumber');
$row->folder = $this->_type;
$row->element = $this->_name;
// Get parameters
$prms = Request::getVar('params', array(), 'post');
$params = new \Hubzero\Config\Registry($prms);
$row->params = $params->toString();
// Check content
if (!$row->check()) {
$this->setError($row->getError());
return $this->_settings();
}
// Store new content
if (!$row->store()) {
$this->setError($row->getError());
return $this->_settings();
}
App::redirect(Route::url('index.php?option=com_groups&cn=' . $this->group->get('cn') . '&active=' . $this->_name), Lang::txt('PLG_GROUPS_COLLECTIONS_SETTINGS_SAVED'), 'passed');
}
/**
* Save a question and redirect to the main listing when done
*
* @return void
*/
private function _save()
{
// Login required
if (User::isGuest()) {
return $this->_browse();
}
// Check for request forgeries
Request::checkToken();
Lang::load('com_answers');
// Incoming
$tags = Request::getVar('tags', '');
$funds = Request::getInt('funds', 0);
$reward = Request::getInt('reward', 0);
// If offering a reward, do some checks
if ($reward) {
// Is it an actual number?
if (!is_numeric($reward)) {
App::abort(500, Lang::txt('COM_ANSWERS_REWARD_MUST_BE_NUMERIC'));
return;
}
// Are they offering more than they can afford?
if ($reward > $funds) {
App::abort(500, Lang::txt('COM_ANSWERS_INSUFFICIENT_FUNDS'));
return;
}
}
// Initiate class and bind posted items to database fields
$fields = Request::getVar('question', array(), 'post', 'none', 2);
$row = new \Components\Answers\Models\Question($fields['id']);
if (!$row->bind($fields)) {
$this->setError($row->getError());
return $this->_new($row);
}
if ($reward && $this->banking) {
$row->set('reward', 1);
}
// Ensure the user added a tag
/*
if (!$tags)
{
$this->setError(Lang::txt('COM_ANSWERS_QUESTION_MUST_HAVE_TAG'));
return $this->_new($row);
}
*/
// Store new content
if (!$row->store(true)) {
$row->set('tags', $tags);
$this->setError($row->getError());
return $this->_new($row);
}
// Hold the reward for this question if we're banking
if ($reward && $this->banking) {
$BTL = new \Hubzero\Bank\Teller($this->database, User::get('id'));
$BTL->hold($reward, Lang::txt('COM_ANSWERS_HOLD_REWARD_FOR_BEST_ANSWER'), 'answers', $row->get('id'));
}
// Add the tags
$row->tag($tags);
// Add the tag to link to the resource
$tag = $this->model->isTool() ? 'tool:' . $this->model->resource->alias : 'resource:' . $this->model->resource->id;
$row->addTag($tag, User::get('id'), $this->model->isTool() ? 0 : 1);
// Get users who need to be notified on every question
$config = Component::params('com_answers');
$apu = $config->get('notify_users', '');
$apu = explode(',', $apu);
$apu = array_map('trim', $apu);
$receivers = array();
// Get tool contributors if question is about a tool
if ($tags) {
$tags = explode(',', $tags);
if (count($tags) > 0) {
require_once PATH_CORE . DS . 'components' . DS . 'com_tools' . DS . 'tables' . DS . 'author.php';
require_once PATH_CORE . DS . 'components' . DS . 'com_tools' . DS . 'tables' . DS . 'version.php';
$TA = new \Components\Tools\Tables\Author($this->database);
$objV = new \Components\Tools\Tables\Version($this->database);
if ($this->model->isTool()) {
$toolname = $this->model->resource->alias;
$rev = $objV->getCurrentVersionProperty($toolname, 'revision');
$authors = $TA->getToolAuthors('', 0, $toolname, $rev);
if (count($authors) > 0) {
foreach ($authors as $author) {
$receivers[] = $author->uidNumber;
}
}
}
}
}
if (!empty($apu)) {
foreach ($apu as $u) {
$user = User::getInstance($u);
if ($user) {
$receivers[] = $user->get('id');
}
}
}
$receivers = array_unique($receivers);
// Send the message
if (!empty($receivers)) {
// Send a message about the new question to authorized users (specified admins or related content authors)
$from = array('email' => Config::get('mailfrom'), 'name' => Config::get('sitename') . ' ' . Lang::txt('COM_ANSWERS_ANSWERS'), 'multipart' => md5(date('U')));
// Build the message subject
$subject = Lang::txt('COM_ANSWERS_ANSWERS') . ', ' . Lang::txt('new question about content you author or manage');
// Build the message
$eview = new \Hubzero\Mail\View(array('base_path' => PATH_CORE . DS . 'components' . DS . 'com_answers' . DS . 'site', 'name' => 'emails', 'layout' => 'question_plaintext'));
$eview->option = 'com_answers';
$eview->sitename = Config::get('sitename');
$eview->question = $row;
$eview->id = $row->get('id', 0);
$eview->boundary = $from['multipart'];
$message['plaintext'] = $eview->loadTemplate(false);
$message['plaintext'] = str_replace("\n", "\r\n", $message['plaintext']);
// HTML message
$eview->setLayout('question_html');
$message['multipart'] = $eview->loadTemplate();
$message['multipart'] = str_replace("\n", "\r\n", $message['multipart']);
if (!Event::trigger('xmessage.onSendMessage', array('new_question_admin', $subject, $message, $from, $receivers, 'com_answers'))) {
$this->setError(Lang::txt('COM_ANSWERS_MESSAGE_FAILED'));
}
}
// Redirect to the question
App::redirect(Route::url('index.php?option=' . $this->option . '&id=' . $this->model->resource->id . '&active=' . $this->_name));
}
/**
* Change status
* Redirects to list
*
* @return void
*/
public function changestatusTask($dir = 0)
{
// Check for request forgeries
Request::checkToken();
// Incoming
$ids = Request::getVar('id', array(0), '', 'array');
// Initialize
$row = new \Components\Publications\Tables\Category($this->database);
foreach ($ids as $id) {
if (intval($id)) {
// Load row
$row->load($id);
$row->state = $row->state == 1 ? 0 : 1;
// Save
if (!$row->store()) {
$this->addComponentMessage($row->getError(), 'error');
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false));
return;
}
}
}
// Redirect
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_PUBLICATIONS_CATEGORY_ITEM_STATUS_CHNAGED'));
}
/**
* Save an entry
*
* @return void
*/
protected function _save()
{
// Ensure the user is logged in
if (User::isGuest()) {
return $this->_login();
}
// Check for request forgeries
Request::checkToken();
// Incoming
$comment = Request::getVar('comment', array(), 'post', 'none', 2);
// Instantiate a new comment object and pass it the data
$row = new \Hubzero\Item\Comment($this->database);
if (!$row->bind($comment)) {
App::redirect($this->url, $row->getError(), 'error');
return;
}
$row->setUploadDir($this->params->get('comments_uploadpath', '/site/comments'));
if ($row->id && !$this->params->get('access-edit-comment')) {
App::redirect($this->url, Lang::txt('PLG_COURSES_REVIEWS_NOTAUTH'), 'warning');
return;
}
// Check content
if (!$row->check()) {
App::redirect($this->url, $row->getError(), 'error');
return;
}
// Store new content
if (!$row->store()) {
App::redirect($this->url, $row->getError(), 'error');
return;
}
App::redirect($this->url, Lang::txt('PLG_COURSES_REVIEWS_SAVED'), 'message');
}
/**
* Remove one or more users from the course manager list
*
* @return void
*/
public function updateTask()
{
// Check for request forgeries
Request::checkToken();
// Incoming member ID
$id = Request::getInt('offering', 0);
if (!$id) {
$this->setError(Lang::txt('COM_COURSES_ERROR_NO_ID'));
$this->displayTask();
return;
}
$section = Request::getInt('section', 0);
$model = \Components\Courses\Models\Offering::getInstance($id);
if ($section) {
$model->section($section);
}
$entries = Request::getVar('entries', array(0), 'post');
foreach ($entries as $key => $data) {
// Retrieve user's account info
$member = \Components\Courses\Models\Member::getInstance($data['id'], null, null, null);
if ($member->get('role_id') == $data['role_id']) {
continue;
}
$member->set('role_id', $data['role_id']);
if (!$member->store()) {
$this->setError($member->getError());
}
}
// Push through to the hosts view
$this->displayTask($model);
}
/**
* Remove an entry
*
* @return void
*/
public function removeTask()
{
// Incoming
$step = Request::getInt('step', 1);
$step = !$step ? 1 : $step;
// What step are we on?
switch ($step) {
case 1:
Request::setVar('hidemainmenu', 1);
// Incoming
$id = Request::getVar('id', array(0));
if (!is_array($id) && !empty($id)) {
$id = array($id);
}
$this->view->ogId = $id;
// Set any errors
if ($this->getError()) {
$this->view->setError($this->getError());
}
// Output the HTML
$this->view->display();
break;
case 2:
// Check for request forgeries
Request::checkToken() or jexit('Invalid Token');
// Incoming
$ogIds = Request::getVar('ogId', 0);
//print_r($ogIds); die;
// Make sure we have ID(s) to work with
if (empty($ogIds)) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=dispaly', false), Lang::txt('COM_STOREFRONT_NO_ID'), 'error');
return;
}
$delete = Request::getVar('delete', 0);
$msg = "Delete canceled";
$type = 'error';
if ($delete) {
// Do the delete
$obj = new Archive();
$warnings = array();
foreach ($ogIds as $ogId) {
// Delete option group
try {
$optionGroup = new OptionGroup($ogId);
$optionGroup->delete();
// see if there are any warnings to display
if ($optionGroupWarnings = $optionGroup->getMessages()) {
foreach ($optionGroupWarnings as $optionGroupWarning) {
if (!in_array($optionGroupWarning, $warnings)) {
$warnings[] = $optionGroupWarning;
}
}
}
} catch (\Exception $e) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=dispaly', false), $e->getMessage(), $type);
return;
}
}
$msg = "Option group(s) deleted";
$type = 'message';
}
// Set the redirect
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=dispaly', false), $msg, $type);
if ($warnings) {
foreach ($warnings as $warning) {
\Notify::warning($warning);
}
}
break;
}
}
/**
* Upload a resume
*
* @param object $database Database
* @param string $option Component name
* @param object $member Profile
* @return string
*/
protected function _upload($database, $option, $member)
{
$path = $this->build_path($member->get('id'));
$emp = Request::getInt('emp', 0);
if (!$path) {
$this->setError(Lang::txt('PLG_MEMBERS_RESUME_SUPPORT_NO_UPLOAD_DIRECTORY'));
return $this->_view($database, $option, $member, $emp);
}
// Check for request forgeries
Request::checkToken(['get', 'post']);
// Incoming file
$file = Request::getVar('uploadres', '', 'files', 'array');
if (!$file['name']) {
$this->setError(Lang::txt('PLG_MEMBERS_RESUME_SUPPORT_NO_FILE'));
return $this->_view($database, $option, $member, $emp);
}
// Incoming
$title = Request::getVar('title', '');
$default_title = $member->get('firstname') ? $member->get('firstname') . ' ' . $member->get('lastname') . ' ' . ucfirst(Lang::txt('PLG_MEMBERS_RESUME_RESUME')) : $member->get('name') . ' ' . ucfirst(Lang::txt('PLG_MEMBERS_RESUME_RESUME'));
$path = PATH_APP . $path;
// Replace file title with user name
$file_ext = substr($file['name'], strripos($file['name'], '.'));
$file['name'] = $member->get('firstname') ? $member->get('firstname') . ' ' . $member->get('lastname') . ' ' . ucfirst(Lang::txt('PLG_MEMBERS_RESUME_RESUME')) : $member->get('name') . ' ' . ucfirst(Lang::txt('PLG_MEMBERS_RESUME_RESUME'));
$file['name'] .= $file_ext;
// Make the filename safe
$file['name'] = Filesystem::clean($file['name']);
$file['name'] = str_replace(' ', '_', $file['name']);
$ext = strtolower(Filesystem::extension($file['name']));
if (!in_array($ext, explode(',', $this->params->get('file_ext', 'jpg,jpeg,jpe,bmp,tif,tiff,png,gif,pdf,txt,rtf,doc,docx,ppt')))) {
$this->setError(Lang::txt('Disallowed file type.'));
return $this->_view($database, $option, $member, $emp);
}
$row = new \Components\Jobs\Tables\Resume($database);
if (!$row->loadResume($member->get('id'))) {
$row = new \Components\Jobs\Tables\Resume($database);
$row->id = 0;
$row->uid = $member->get('id');
$row->main = 1;
} else {
if (file_exists($path . DS . $row->filename)) {
Filesystem::delete($path . DS . $row->filename);
// Remove stats for prev resume
$jobstats = new \Components\Jobs\Tables\JobStats($database);
$jobstats->deleteStats($member->get('id'), 'seeker');
}
}
// Perform the upload
if (!Filesystem::upload($file['tmp_name'], $path . DS . $file['name'])) {
$this->setError(Lang::txt('ERROR_UPLOADING'));
} else {
$fpath = $path . DS . $file['name'];
if (!Filesystem::isSafe($fpath)) {
Filesystem::delete($fpath);
$this->setError(Lang::txt('File rejected because the anti-virus scan failed.'));
return $this->_view($database, $option, $member, $emp);
}
// File was uploaded, create database entry
$title = htmlspecialchars($title);
$row->created = Date::toSql();
$row->filename = $file['name'];
$row->title = $title ? $title : $default_title;
if (!$row->check()) {
$this->setError($row->getError());
}
if (!$row->store()) {
$this->setError($row->getError());
}
}
return $this->_view($database, $option, $member, $emp);
}
/**
* Remove one or more users from the course manager list
*
* @return void
*/
public function updateTask()
{
// Check for request forgeries
Request::checkToken();
// Incoming member ID
$id = Request::getInt('id', 0);
if (!$id) {
$this->setError(Lang::txt('COM_COURSES_ERROR_MISSING_COURSE'));
$this->displayTask();
return;
}
$model = Course::getInstance($id);
$entries = Request::getVar('entries', array(0), 'post');
require_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'member.php';
foreach ($entries as $key => $data) {
// Retrieve user's account info
$tbl = new Tables\Member($this->database);
$tbl->load($data['user_id'], $data['course_id'], $data['offering_id'], $data['section_id'], 0);
if ($tbl->role_id == $data['role_id']) {
continue;
}
$tbl->role_id = $data['role_id'];
if (!$tbl->store()) {
$this->setError($tbl->getError());
}
}
// Push through to the hosts view
$this->displayTask();
}
/**
* Save an entry
*
* @return void
*/
public function saveTask()
{
// Check if they're logged in
if (User::isGuest()) {
$this->loginTask();
return;
}
Request::checkToken();
// get the posted vars
$id = Request::getInt('id', 0, 'post');
$c = Request::getVar('fields', array(), 'post');
$c['id'] = $id;
// clean vars
foreach ($c as $key => $val) {
if (!is_array($val)) {
$val = html_entity_decode(urldecode($val));
$val = Sanitize::stripAll($val);
$c[$key] = Sanitize::clean($val);
}
}
// Bind incoming data to object
$row = new Citation($this->database);
if (!$row->bind($c)) {
$this->setError($row->getError());
$this->editTask();
return;
}
// New entry so set the created date
if (!$row->id) {
$row->created = Date::toSql();
}
if (!filter_var($row->url, FILTER_VALIDATE_URL)) {
$row->url = null;
}
// Check content for missing required data
if (!$row->check()) {
$this->setError($row->getError());
$this->editTask();
return;
}
// Store new content
if (!$row->store()) {
$this->setError($row->getError());
$this->editTask();
return;
}
// Incoming associations
$arr = Request::getVar('assocs', array(), 'post');
$ignored = array();
foreach ($arr as $a) {
$a = array_map('trim', $a);
// Initiate extended database class
$assoc = new Association($this->database);
//check to see if we should delete
if (isset($a['id']) && $a['tbl'] == '' && $a['oid'] == '') {
// Delete the row
if (!$assoc->delete($a['id'])) {
$this->setError($assoc->getError());
$this->editTask();
return;
}
} else {
if ($a['tbl'] != '' || $a['oid'] != '') {
$a['cid'] = $row->id;
// bind the data
if (!$assoc->bind($a)) {
$this->setError($assoc->getError());
$this->editTask();
return;
}
// Check content
if (!$assoc->check()) {
$this->setError($assoc->getError());
$this->editTask();
return;
}
// Store new content
if (!$assoc->store()) {
$this->setError($assoc->getError());
$this->editTask();
return;
}
}
}
}
//check if we are allowing tags
if ($this->config->get('citation_allow_tags', 'no') == 'yes') {
$tags = trim(Request::getVar('tags', '', 'post'));
$ct1 = new Tags($row->id);
$ct1->setTags($tags, User::get('id'), 0, 1, '');
}
//check if we are allowing badges
if ($this->config->get('citation_allow_badges', 'no') == 'yes') {
$badges = trim(Request::getVar('badges', '', 'post'));
$ct2 = new Tags($row->id);
$ct2->setTags($badges, User::get('id'), 0, 1, 'badge');
}
// Redirect
$task = '&task=browse';
if ($this->config->get('citation_single_view', 1)) {
$task = '&task=view&id=' . $row->id;
}
App::redirect(Route::url('index.php?option=' . $this->_option . $task), Lang::txt('COM_CITATIONS_CITATION_SAVED'));
}
/**
* Save blog settings
*
* @return void
*/
private function savesettings()
{
if (User::isGuest()) {
$this->setError(Lang::txt('GROUPS_LOGIN_NOTICE'));
return;
}
if ($this->authorized != 'manager' && $this->authorized != 'admin') {
$this->setError(Lang::txt('PLG_GROUPS_FORUM_NOT_AUTHORIZED'));
return $this->sections();
}
// Check for request forgeries
Request::checkToken();
$settings = Request::getVar('settings', array(), 'post');
$row = new \Hubzero\Plugin\Params($this->database);
if (!$row->bind($settings)) {
$this->setError($row->getError());
return $this->settings();
}
// Get parameters
$p = new \Hubzero\Config\Registry(Request::getVar('params', '', 'post'));
$row->params = $p->toString();
// Check content
if (!$row->check()) {
$this->setError($row->getError());
return $this->_settings();
}
// Store new content
if (!$row->store()) {
$this->setError($row->getError());
return $this->_settings();
}
App::redirect(Route::url('index.php?option=com_groups&cn=' . $this->group->get('cn') . '&active=' . $this->_name . '&action=settings'), Lang::txt('PLG_GROUPS_FORUM_SETTINGS_SAVED'));
}
/**
* Save a reply
*
* @return void
*/
private function savereply()
{
// Check for request forgeries
Request::checkToken();
// Is the user logged in?
if (User::isGuest()) {
$this->setError(Lang::txt('PLG_PUBLICATIONS_REVIEWS_LOGIN_NOTICE'));
return;
}
$publication =& $this->publication;
// Trim and addslashes all posted items
$comment = Request::getVar('comment', array(), 'post', 'none', 2);
if (!$publication->exists()) {
// Cannot proceed
$this->setError(Lang::txt('PLG_PUBLICATIONS_REVIEWS_COMMENT_ERROR_NO_REFERENCE_ID'));
return;
}
$database = App::get('db');
$row = \Hubzero\Item\Comment::blank()->set($comment);
$message = $row->id ? Lang::txt('PLG_PUBLICATIONS_REVIEWS_EDITS_SAVED') : Lang::txt('PLG_PUBLICATIONS_REVIEWS_COMMENT_POSTED');
// Perform some text cleaning, etc.
$row->set('content', \Hubzero\Utility\Sanitize::clean($row->get('content')));
$row->set('anonymous', $row->get('anonymous') ? $row->get('anonymous') : 0);
$row->set('state', $row->get('id') ? $row->get('state') : 0);
// Save the data
if (!$row->save()) {
$this->setError($row->getError());
return;
}
// Redirect
App::redirect(Route::url($publication->link('reviews')), $message);
}
/**
* Set local password
*
* @return void - redirect to members account page
*/
private function setlocalpass()
{
// Logged in?
if ($this->user->get('guest')) {
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode(Route::url('index.php?option=' . $this->option . '&task=myaccount&active=account&action=setlocalpass'))), Lang::txt('You must be a logged in to access this area.'), 'warning');
return;
}
// Get the token from the user state variable
$token = User::getState($this->option . 'token');
// First check to make sure they're not trying to jump to this page without first verifying their token
if (is_null($token)) {
// Tsk tsk, no sneaky business
App::redirect(Route::url('index.php?option=' . $this->option . '&id=' . $this->user->get('id') . '&active=account&task=sendtoken'), Lang::txt('You must first verify your email address by inputting the token.'), 'error');
return;
}
// Get the password input
$password1 = Request::getVar('password1', null, 'post', 'string', JREQUEST_ALLOWRAW);
$password2 = Request::getVar('password2', null, 'post', 'string', JREQUEST_ALLOWRAW);
$change = Request::getVar('change', '', 'post');
// Create the view
$view = new \Hubzero\Plugin\View(array('folder' => 'members', 'element' => 'account', 'name' => 'setlocalpassword', 'layout' => 'setlocalpass'));
// Add a few more variables to the view
$view->option = $this->option;
$view->id = $this->user->get('id');
// Get the password rules
$password_rules = \Hubzero\Password\Rule::getRules();
// Get the password rule descriptions
$view->password_rules = array();
foreach ($password_rules as $rule) {
if (!empty($rule['description'])) {
$view->password_rules[] = $rule['description'];
}
}
// Blank form request (no data submitted)
if (empty($change)) {
$view->notifications = $this->getPluginMessage() ? $this->getPluginMessage() : array();
return $view->loadTemplate();
}
// Check for request forgeries
Request::checkToken();
// Load some needed libraries
jimport('joomla.user.helper');
// Initiate profile classs
$profile = new \Hubzero\User\Profile();
$profile->load($this->user->get('id'));
// Fire the onBeforeStoreUser trigger
Event::trigger('user.onBeforeStoreUser', array($this->user->getProperties(), false));
// Validate the password against password rules
if (!empty($password1)) {
$msg = \Hubzero\Password\Rule::validate($password1, $password_rules, $profile->get('username'));
} else {
$msg = array();
}
// Verify password
$passrules = false;
if (!$password1 || !$password2) {
$this->setError(Lang::txt('MEMBERS_PASS_MUST_BE_ENTERED_TWICE'));
} elseif ($password1 != $password2) {
$this->setError(Lang::txt('MEMBERS_PASS_NEW_CONFIRMATION_MISMATCH'));
} elseif (!empty($msg)) {
$this->setError(Lang::txt('Password does not meet site password requirements. Please choose a password meeting all the requirements listed.'));
$passrules = true;
}
// Were there any errors?
if ($this->getError()) {
$change = array();
$change['_missing']['password'] = $this->getError();
if (!empty($msg) && $passrules) {
//$change = $msg;
}
if (Request::getInt('no_html', 0)) {
echo json_encode($change);
exit;
} else {
$view->setError($this->getError());
return $view->loadTemplate();
}
}
// No errors, so let's move on - encrypt the password and update the profile
$result = \Hubzero\User\Password::changePassword($profile->get('uidNumber'), $password1);
// Save the changes
if (!$result) {
$view->setError(Lang::txt('MEMBERS_PASS_CHANGE_FAILED'));
return $view->loadTemplate();
}
// Fire the onAfterStoreUser trigger
Event::trigger('user.onAfterStoreUser', array($this->user->getProperties(), false, null, $this->getError()));
// Flush the variables from the session
User::setState($this->option . 'token', null);
// Redirect
if (Request::getInt('no_html', 0)) {
echo json_encode(array("success" => true, "redirect" => Route::url($this->member->getLink() . '&active=account')));
exit;
} else {
// Redirect user to confirm view page
App::redirect(Route::url($this->member->getLink() . '&active=account'), Lang::txt('Password reset successful'), 'passed');
}
return;
}