/** * Allows user to delete a comment. * * If the comment is the only one in the discussion, the discussion will * be deleted as well. Users without administrative delete abilities * should not be able to delete a comment unless it is a draft. This is * a "hard" delete - it is removed from the database. * * @since 2.0.0 * @access public * * @param int $CommentID Unique comment ID. * @param string $TransientKey Single-use hash to prove intent. */ public function deleteComment($CommentID = '', $TransientKey = '') { $Session = Gdn::session(); $DefaultTarget = '/discussions/'; $ValidCommentID = is_numeric($CommentID) && $CommentID > 0; $ValidUser = $Session->UserID > 0 && $Session->validateTransientKey($TransientKey); if ($ValidCommentID && $ValidUser) { // Get comment and discussion data $Comment = $this->CommentModel->getID($CommentID); $DiscussionID = val('DiscussionID', $Comment); $Discussion = $this->DiscussionModel->getID($DiscussionID); if ($Comment && $Discussion) { $DefaultTarget = discussionUrl($Discussion); // Make sure comment is this user's or they have Delete permission if ($Comment->InsertUserID != $Session->UserID || !c('Vanilla.Comments.AllowSelfDelete')) { $this->permission('Vanilla.Comments.Delete', true, 'Category', $Discussion->PermissionCategoryID); } // Make sure that content can (still) be edited $EditContentTimeout = c('Garden.EditContentTimeout', -1); $CanEdit = $EditContentTimeout == -1 || strtotime($Comment->DateInserted) + $EditContentTimeout > time(); if (!$CanEdit) { $this->permission('Vanilla.Comments.Delete', true, 'Category', $Discussion->PermissionCategoryID); } // Delete the comment if (!$this->CommentModel->delete($CommentID)) { $this->Form->addError('Failed to delete comment'); } } else { $this->Form->addError('Invalid comment'); } } else { $this->Form->addError('ErrPermission'); } // Redirect if ($this->_DeliveryType == DELIVERY_TYPE_ALL) { $Target = GetIncomingValue('Target', $DefaultTarget); SafeRedirect($Target); } if ($this->Form->errorCount() > 0) { $this->setJson('ErrorMessage', $this->Form->errors()); } else { $this->jsonTarget("#Comment_{$CommentID}", '', 'SlideUp'); } $this->render(); }
public function Controller_Validate($Sender) { $form_values = array('user_email' => $Sender->Form->GetValue('user_email'), 'user_login' => $Sender->Form->GetValue('user_login'), 'val_id' => $Sender->Form->GetValue('val_id')); $oasl = new SocialLogin(); $oa_profile = $oasl->get_validation_data($form_values['val_id']); if ($oa_profile === FALSE) { SafeRedirect(Url(Gdn::Router()->GetDestination('DefaultController'), TRUE)); } $to_validate = array_merge($form_values, $oa_profile); if ($Sender->Form->IsPostBack() == TRUE) { // Verify new user submitted data: // TODO explore vanilla validation: as in $Valid = Gdn_Validation::ValidateRule ($to_validate ['user_email'], 'Email', 'function:ValidateEmail'); $valid = TRUE; if (empty($to_validate['user_login'])) { $to_validate['user_login'] = $to_validate['identity_provider'] . 'User'; $valid = FALSE; } if ($oasl->get_user_id_by_username($to_validate['user_login']) !== FALSE) { $i = 1; $user_login_tmp = $to_validate['user_login'] . $i; while ($oasl->get_user_id_by_username($user_login_tmp) !== FALSE) { $user_login_tmp = $to_validate['user_login'] . $i++; } $to_validate['user_login'] = $user_login_tmp; $valid = FALSE; } if (empty($to_validate['user_email'])) { $Sender->Form->AddError('OA_SOCIAL_LOGIN_VALIDATION_FORM_EMAIL_NONE_EXPLAIN', 'user_email'); $valid = FALSE; } if ($oasl->get_user_id_by_email($to_validate['user_email']) !== FALSE) { $to_validate['user_email'] = ''; $Sender->Form->AddError('OA_SOCIAL_LOGIN_VALIDATION_FORM_EMAIL_EXISTS_EXPLAIN', 'user_email'); $valid = FALSE; } if ($valid) { $avatar = C(self::CONFIG_PREFIX . 'AvatarsEnable', 1); $redirect = C(self::CONFIG_PREFIX . 'Redirect', ''); $to_validate['redirect'] = empty($redirect) ? Url($to_validate['redirect'], TRUE) : $redirect; $oasl->delete_validation_data($to_validate['val_id']); $oasl->social_login_resume_handle_callback($to_validate, $avatar); } } $Sender = $this->set_validation_fields($Sender, $to_validate); $Sender->Render($this->GetView('oa_social_login_validate.php')); }
/** * Complete callback once credentials validated. */ protected function social_login_redirect($error_message, $user_id, $user_data, $custom_redirect, $registration) { // Display an error message if (isset($error_message)) { trigger_error($error_message); } else { if (is_numeric($user_id)) { // Update statistics: $this->incr_login_count_identity_token($user_data['identity_token']); // Login: Gdn::Session()->Start($user_id, TRUE); if (!Gdn::Session()->CheckPermission('Garden.SignIn.Allow')) { //$this->Form->AddError('ErrorPermission'); Gdn::Session()->End(); } if ($registration === TRUE) { Gdn::UserModel()->FireEvent('RegistrationSuccessful'); } else { Gdn::UserModel()->FireEvent('AfterSignIn'); } // Redirection: if (!empty($custom_redirect)) { SafeRedirect($custom_redirect); } // This was set in the callback_uri (JS): $target = Gdn::Request()->Get('Target'); $target = empty($target) ? Gdn::Router()->GetDestination('DefaultController') : $target; SafeRedirect(Url($target, TRUE)); } } }
/** * Redirect to the url specified by the discussion. * @param array|object $Discussion */ protected function RedirectDiscussion($Discussion) { $Body = Gdn_Format::To(GetValue('Body', $Discussion), GetValue('Format', $Discussion)); if (preg_match('`href="([^"]+)"`i', $Body, $Matches)) { $Url = $Matches[1]; SafeRedirect($Url, 301); } }