private function _send_reset($form)
{
$user_name = $form->reset->inputs["name"]->value;
$user = user::lookup_by_name($user_name);
if ($user && !empty($user->email)) {
$user->hash = random::hash();
$user->save();
$message = new View("reset_password.html");
$message->confirm_url = url::abs_site("password/do_reset?key={$user->hash}");
$message->user = $user;
Sendmail::factory()->to($user->email)->subject(t("Password Reset Request"))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=UTF-8")->message($message->render())->send();
log::success("user", t("Password reset email sent for user %name", array("name" => $user->name)));
} else {
if (!$user) {
// Don't include the username here until you're sure that it's XSS safe
log::warning("user", t("Password reset email requested for user %user_name, which does not exist.", array("user_name" => $user_name)));
} else {
log::warning("user", t("Password reset failed for %user_name (has no email address on record).", array("user_name" => $user->name)));
}
}
// Always pretend that an email has been sent to avoid leaking
// information on what user names are actually real.
message::success(t("Password reset email sent"));
json::reply(array("result" => "success"));
}
public function reset_api_key()
{
access::verify_csrf();
rest::reset_access_key();
message::success(t("Your REST API key has been reset."));
json::reply(array("result" => "success"));
}
public function make_call($path, $data = array(), $method = "GET")
{
$fields = $this->getFields($data);
$field_string = implode('&', $fields);
//open connection
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
//what type of request?
if ($method == "GET") {
curl_setopt($ch, CURLOPT_URL, $this->api_url . $path . '?' . $field_string);
} elseif ($method == "POST" || $method == "PATCH" || $method == "DELETE") {
if ($method == "PATCH") {
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PATCH");
}
if ($method == "DELETE") {
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "DELETE");
}
curl_setopt($ch, CURLOPT_URL, $this->api_url . $path);
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, $field_string);
}
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
//send our data back
return json::decode($result);
}
public function confirm()
{
access::verify_csrf();
$messages = array("error" => array(), "warn" => array());
$desired_list = array();
foreach (module::available() as $module_name => $info) {
if ($info->locked) {
continue;
}
if ($desired = Input::instance()->post($module_name) == 1) {
$desired_list[] = $module_name;
}
if ($info->active && !$desired && module::is_active($module_name)) {
$messages = array_merge($messages, module::can_deactivate($module_name));
} else {
if (!$info->active && $desired && !module::is_active($module_name)) {
$messages = array_merge($messages, module::can_activate($module_name));
}
}
}
if (empty($messages["error"]) && empty($messages["warn"])) {
$this->_do_save();
$result["reload"] = 1;
} else {
$v = new View("admin_modules_confirm.html");
$v->messages = $messages;
$v->modules = $desired_list;
$result["dialog"] = (string) $v;
$result["allow_continue"] = empty($messages["error"]);
}
json::reply($result);
}
function encodeData()
{
$this->data = $this->pretty_output ? json::pretty($this->data) . "\n" : json_encode($this->data);
if ($this->data === null) {
$this->throwJSONError(false, 'Failed to encode $data (' . gettype($this->data) . ') as JSON');
}
}
private function get_member_list()
{
// Call site settings for stored roster & member ranks to track
$siteSettings = site::setting();
// Decode JSON from stored roster data
$roster = json_decode($siteSettings[0]['fullRoster'], true);
$data = array();
// Decode JSON from stored roster ranks
$ranks = json_decode($siteSettings[0]['rosterRanks'], true);
$filterRanks = array();
// Ranks to track
foreach ($ranks as $key => $value) {
try {
// echo $key . ' == ' . $value['track'] . '<br/>';
if ($value['track']) {
$filterRanks[] = $key;
}
} catch (Exception $e) {
//
}
}
foreach ($roster['members'] as $key => $character) {
// echo var_dump($character['character']);
// echo $character['character']['name'];
if (in_array($character['rank'], $filterRanks)) {
$data[] = $character['character']['name'];
}
}
json::resp(array('success' => true, 'data' => $data));
}
function request($type, $url, $get = [], $post = [])
{
$developer = cookie::developer();
if ($developer) {
$get['_mode'] = 'developer';
}
$request = ['method' => $type, 'protocol_version' => '1.1', 'header' => 'Connection: Close'];
foreach ($post as $name => &$param) {
if (is_array($param) and empty($param)) {
$param = '_empty_array';
}
}
if (!empty($post)) {
$request['header'] .= "\r\nContent-type: application/x-www-form-urlencoded";
$request['content'] = http_build_query($post);
}
$ctx = stream_context_create(['http' => $request]);
$response = file_get_contents($this->endpoint . (empty($get) ? $url : $url . '?' . http_build_query($get)), false, $ctx);
$object = json::decode($response, true);
if (is_null($object)) {
if ($developer) {
var_dump($response);
die;
} else {
throw new Exception("Error Processing Request", 1);
}
}
$content = $object['content'];
return (is_object($content) or is_array($content) and array_values($content) !== $content) ? (object) $content : $content;
}
public function auth()
{
if (!identity::active_user()->admin) {
access::forbidden();
}
access::verify_csrf();
$form = self::_form();
$valid = $form->validate();
$user = identity::active_user();
if ($valid) {
module::event("user_auth", $user);
if (!request::is_ajax()) {
message::success(t("Successfully re-authenticated!"));
}
url::redirect(Session::instance()->get_once("continue_url"));
} else {
$name = $user->name;
log::warning("user", t("Failed re-authentication for %name", array("name" => $name)));
module::event("user_auth_failed", $name);
if (request::is_ajax()) {
$v = new View("reauthenticate.html");
$v->form = $form;
$v->user_name = identity::active_user()->name;
json::reply(array("html" => (string) $v));
} else {
self::_show_form($form);
}
}
}
public function save($module_name, $var_name)
{
access::verify_csrf();
module::set_var($module_name, $var_name, Input::instance()->post("value"));
message::success(t("Saved value for %var (%module_name)", array("var" => $var_name, "module_name" => $module_name)));
json::reply(array("result" => "success"));
}
/**
* 抛出json回执信息
*
* @access public
* @param string $message 消息体
* @param string $charset 信息编码
* @return void
*/
function throwJson($message, $charset = NULL)
{
/** 设置http头信息 */
header('content-Type: application/json; charset=' . (empty($charset) ? 'UTF-8' : $charset), true);
echo json::encode($message);
/** 终止后续输出 */
exit;
}
function rsp_err($msg = '', $status = '400 Bad Request', $bt = null)
{
$rsp = array('message' => $msg);
if ($bt) {
$rsp['bt'] = $bt;
}
rsp_ok(json::pretty(array('error' => $rsp)), $status);
}
public static function add($file, $content)
{
$a = json::open($file);
if (is_array($a)) {
$a[] = $content;
return json::save($file, $a);
}
return false;
}
/**
* Allows the given item to be displayed again.
*
* @param int $id the item id
*/
public function show($id)
{
$item = model_cache::get("item", $id);
$msg = t("Displayed <b>%title</b> item", array("title" => html::purify($item->title)));
$this->_check_hide_permissions($item);
hide::show($item);
message::success($msg);
json::reply(array("result" => "success", "reload" => 1));
}
/**
* Método inicial do controle
*/
function inicial()
{
$this->entidade = $_GET;
$arNome = explode(' ', strtolower($this->entidade['entidade']));
$nome = array_shift($arNome);
$arNome = array_map("ucFirst", $arNome);
array_unshift($arNome, $nome);
$this->nomeEntidade = implode('', $arNome);
$this->nomeNegocio = "N{$this->nomeEntidade}";
$xml = array();
if (arquivo::legivel("{$this->nomeEntidade}/xml/entidade.xml")) {
$xml['entidade'] = simplexml_load_file("{$this->nomeEntidade}/xml/entidade.xml");
}
if (arquivo::legivel("{$this->nomeEntidade}/xml/pt_BR.xml")) {
$xml['inter'] = simplexml_load_file("{$this->nomeEntidade}/xml/pt_BR.xml");
}
$j = new json();
echo $j->pegarJson($xml);
}
public function star_only_off()
{
//$item = model_cache::get("item", $id);
access::verify_csrf();
$msg = t("Showing all items.");
//$this->_check_star_permissions($item);
star::star_only_off();
message::success($msg);
json::reply(array("result" => "success", "reload" => 1));
}
public function save()
{
access::verify_csrf();
if (!identity::active_user()->admin) {
access::forbidden();
}
$locale = Gallery_I18n::instance()->locale();
$input = Input::instance();
$key = $input->post("l10n-message-key");
$root_message = ORM::factory("incoming_translation")->where("key", "=", $key)->where("locale", "=", "root")->find();
if (!$root_message->loaded()) {
throw new Exception("@todo bad request data / illegal state");
}
$is_plural = Gallery_I18n::is_plural_message(unserialize($root_message->message));
$is_empty = true;
if ($is_plural) {
$plural_forms = l10n_client::plural_forms($locale);
$translation = array();
foreach ($plural_forms as $plural_form) {
$value = $input->post("l10n-edit-plural-translation-{$plural_form}");
if (null === $value || !is_string($value)) {
throw new Exception("@todo bad request data");
}
$translation[$plural_form] = $value;
$is_empty = $is_empty && empty($value);
}
} else {
$translation = $input->post("l10n-edit-translation");
$is_empty = empty($translation);
if (null === $translation || !is_string($translation)) {
throw new Exception("@todo bad request data");
}
}
$entry = ORM::factory("outgoing_translation")->where("key", "=", $key)->where("locale", "=", $locale)->find();
if ($is_empty) {
if ($entry->loaded()) {
$entry->delete();
}
} else {
if (!$entry->loaded()) {
$entry->key = $key;
$entry->locale = $locale;
$entry->message = $root_message->message;
$entry->base_revision = null;
}
$entry->translation = serialize($translation);
$entry_from_incoming = ORM::factory("incoming_translation")->where("key", "=", $key)->where("locale", "=", $locale)->find();
if (!$entry_from_incoming->loaded()) {
$entry->base_revision = $entry_from_incoming->revision;
}
$entry->save();
}
Gallery_I18n::clear_cache($locale);
json::reply(new stdClass());
}
public function auth_ajax()
{
access::verify_csrf();
list($valid, $form) = $this->_auth("login/auth_ajax");
if ($valid) {
json::reply(array("result" => "success"));
} else {
$view = new View("login_ajax.html");
$view->form = $form;
json::reply(array("result" => "error", "html" => (string) $view));
}
}
public function doClear($id)
{
$photo = ORM::factory("item", $id);
$rateid = "rate" . $id;
$ratable = db::build()->select("id")->from("ratables")->where("ratableKey", "=", $rateid)->execute()->current();
if (db::build()->select("id")->from("ratings")->where("ratable_id", "=", $ratable->id)->execute()->count() < 1) {
message::warning(t("No votes have been registered for this item: Nothing cleared!"));
json::reply(array("result" => "success", "location" => $photo->url()));
return;
}
$ratings = db::build()->delete("ratings")->where("ratable_id", "=", $ratable->id)->execute();
message::success(t("All ratings and votes for this item have been cleared!"));
json::reply(array("result" => "success", "location" => $photo->url()));
}
public function __construct($status, $username, $data)
{
$json = new json();
$json->add('Status', $status);
$json->add('Username', $username);
$json->add('UserData', $data);
$json->add('Success');
$this->json = $json->make();
}
private static function _reauth_check()
{
$session = Session::instance();
$last_active_auth = $session->get("active_auth_timestamp", 0);
$last_admin_area_activity = $session->get("admin_area_activity_timestamp", 0);
$admin_area_timeout = module::get_var("gallery", "admin_area_timeout");
$time_remaining = max($last_active_auth, $last_admin_area_activity) + $admin_area_timeout - time();
$result = new stdClass();
$result->result = "success";
if ($time_remaining < 30) {
message::success(t("Automatically logged out of the admin area for your security"));
$result->location = url::abs_site("");
}
json::reply($result);
}
function prepStr($str)
{
global $CONF_use_utf, $langEncodings, $nativeLanguage;
if (!$CONF_use_utf) {
require_once dirname(__FILE__) . '/../ConvertCharset/ConvertCharset.class.php';
$NewEncoding = new ConvertCharset();
$str = $NewEncoding->Convert($str, $langEncodings[$nativeLanguage], "utf-8", $Entities);
}
$newStr = json::encode($str);
if ($newStr[0] == '"') {
return substr($newStr, 1, -1);
} else {
return $newStr;
}
// return str_replace('"','\"',$str);
}
public function send($id)
{
access::verify_csrf();
$user = identity::lookup_user($id);
if (!$this->_can_view_profile_pages($user)) {
throw new Kohana_404_Exception();
}
$form = user_profile::get_contact_form($user);
if ($form->validate()) {
Sendmail::factory()->to($user->email)->subject(html::clean($form->message->subject->value))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=UTF-8")->reply_to($form->message->reply_to->value)->message(html::purify($form->message->message->value))->send();
message::success(t("Sent message to %user_name", array("user_name" => $user->display_name())));
json::reply(array("result" => "success"));
} else {
json::reply(array("result" => "error", "html" => (string) $form));
}
}
public function save()
{
access::verify_csrf();
$input = Input::instance();
locales::update_installed($input->post("installed_locales"));
$installed_locales = array_keys(locales::installed());
$new_default_locale = $input->post("default_locale");
if (!in_array($new_default_locale, $installed_locales)) {
if (!empty($installed_locales)) {
$new_default_locale = $installed_locales[0];
} else {
$new_default_locale = "en_US";
}
}
module::set_var("gallery", "default_locale", $new_default_locale);
json::reply(array("result" => "success"));
}
function query_direct($args)
{
switch ($this->method) {
case 'photos':
isset($args['_venue_id']) or backend_error('bad_query', 'Foursquare _venue_id argument missing');
$photos = [];
if ($result = json::decode(file_get_contents('https://api.foursquare.com/v2/venues/' . $args['venue_id'] . '/photos?' . $this->foursquare->get()))) {
foreach ($result->response->photos->groups as $group) {
if ($group->type == 'venue') {
foreach ($group->items as $item) {
$photo = ['url' => $item->url, 'created' => $item->createdAt, 'user' => ['id' => $item->user->id, 'firstName' => $item->user->firstName, 'lastName' => @$item->user->lastName, 'gender' => $item->user->gender, 'photo' => $item->user->photo]];
$resampled = [];
foreach ($item->sizes->items as $size) {
$resampled[] = ['url' => $size->url, 'width' => $size->width, 'height' => $size->height];
}
$photo['resampled'] = $resampled;
$photos[] = $photo;
}
}
}
}
!(empty($photos) and $this->required) or backend_error('bad_input', 'Empty response from Froursquare procedure');
return (object) $photos;
case 'venues':
isset($args['_latitude']) or backend_error('bad_query', 'Foursquare _latitude argument missing');
isset($args['_longitude']) or backend_error('bad_query', 'Foursquare _longitude argument missing');
$venues = [];
if ($result = json::decode(file_get_contents('https://api.foursquare.com/v2/venues/search?ll=' . $args['_latitude'] . ',' . $args['_longitude'] . '&' . $this->foursquare->get()))) {
foreach ($result->response->groups as $group) {
if ($group->type == 'nearby') {
foreach ($group->items as $item) {
$venue[] = ['id' => $item->id, 'name' => $item->name, 'url' => $item->canonicalUrl];
$categories = [];
foreach ($item->categories as $category) {
$categories[] = ['id' => $category->id, 'name' => $category->name, 'pluralName' => $category->pluralName, 'shortName' => $category->shortName, 'icon' => $category->icon];
}
$venue['categories'] = $categories;
$venues[] = $venue;
}
}
}
}
!(empty($venues) and $this->required) or backend_error('bad_input', 'Empty response from Froursquare procedure');
return (object) $venues;
}
}
/**
* Add a new comment to the collection.
*/
public function create($id)
{
$item = ORM::factory("item", $id);
access::required("view", $item);
if (!comment::can_comment()) {
access::forbidden();
}
$form = comment::get_add_form($item);
try {
$valid = $form->validate();
$comment = ORM::factory("comment");
$comment->item_id = $id;
$comment->author_id = identity::active_user()->id;
$comment->text = $form->add_comment->text->value;
$comment->guest_name = $form->add_comment->inputs["name"]->value;
$comment->guest_email = $form->add_comment->email->value;
$comment->guest_url = $form->add_comment->url->value;
$comment->validate();
} catch (ORM_Validation_Exception $e) {
// Translate ORM validation errors into form error messages
foreach ($e->validation->errors() as $key => $error) {
switch ($key) {
case "guest_name":
$key = "name";
break;
case "guest_email":
$key = "email";
break;
case "guest_url":
$key = "url";
break;
}
$form->add_comment->inputs[$key]->add_error($error, 1);
}
$valid = false;
}
if ($valid) {
$comment->save();
$view = new Theme_View("comment.html", "other", "comment-fragment");
$view->comment = $comment;
json::reply(array("result" => "success", "view" => (string) $view, "form" => (string) comment::get_add_form($item)));
} else {
$form = comment::prefill_add_form($form);
json::reply(array("result" => "error", "form" => (string) $form));
}
}
public function add_to_basket()
{
access::verify_csrf();
if (!isset($_POST['id'])) {
die("no id");
}
$form = self::getAddToBasketForm($_POST['id']);
$valid = $form->validate();
if ($valid) {
$basket = Session_Basket::getOrCreate();
$basket->add($form->add_to_basket->id->value, $form->add_to_basket->product->value, $form->add_to_basket->quantity->value);
$item = ORM::factory("item", $form->add_to_basket->id->value);
Session::instance()->set("redirect_home", $item->parent_id);
print json::reply(array("result" => "success"));
} else {
log_error("invalid form!");
}
}
public function create($item_id)
{
$item = ORM::factory("item", $item_id);
access::required("view", $item);
access::required("edit", $item);
$form = tag::get_add_form($item);
if ($form->validate()) {
foreach (explode(",", $form->add_tag->inputs["name"]->value) as $tag_name) {
$tag_name = trim($tag_name);
if ($tag_name) {
$tag = tag::add($item, $tag_name);
}
}
json::reply(array("result" => "success", "cloud" => (string) tag::cloud(30)));
} else {
json::reply(array("result" => "error", "html" => (string) $form));
}
}
private function del_file()
{
$folder_name = $_POST['folder'];
$file_name = $_POST['file'];
// Lookup file first for the ext
$file = self::get_fileDetails($file_name);
// Delete actual file (thumbnail)
@unlink('../../uploads/' . $folder_name . '/' . $file_name . '_thumb' . $file['fileExt']);
// Delete actual file (full)
if (unlink('../../uploads/' . $folder_name . '/' . $file_name . $file['fileExt'])) {
// Delete DB record for file
$resp = self::delete_item($folder_name, $file_name);
}
if ($resp) {
json::resp(array('success' => $resp, 'msg' => 'File \'' . $folder_name . '/' . $file_name . $file['fileExt'] . '\' Deleted!'));
} else {
json::resp(array('success' => $resp, 'msg' => 'File delete error!'));
}
}
public function json($array)
{
$this->auto_render = FALSE;
$array = json::decode_url();
$json = array();
$items = ORM::factory($array['class'][0])->where($array['where'])->orderby($array['orderby'])->limit($array['limit'][0])->find_all();
foreach ($items as $item) {
$array = $item->as_array();
if (isset($array['url']) && !$array['url']) {
unset($array['url']);
}
if (method_exists($item, 'get_url')) {
$array['url'] = $item->get_url();
}
$json[] = $array;
}
echo json_encode($json);
$this->auto_render = FALSE;
}
/**
* the index page of the user homes admin
*/
public function index()
{
$form = upload_configuration::get_configure_form();
if (request::method() == "post") {
access::verify_csrf();
if ($form->validate()) {
upload_configuration::extractForm($form);
message::success(t("GWTOrganise Module Configured!"));
json::reply(array("result" => "success"));
return;
} else {
json::reply(array("result" => "error", "html" => (string) $form));
return;
}
} else {
upload_configuration::populateForm($form);
}
print $form;
}