Example #1
0
 public function before_filter(&$action, &$args)
 {
     parent::before_filter($action, $args);
     // Lock context to user id
     $this->owner = $GLOBALS['user'];
     $this->context_id = $this->owner->id;
     $this->full_access = true;
     if (Config::get()->PERSONALDOCUMENT_OPEN_ACCESS) {
         $username = Request::username('username', $GLOBALS['user']->username);
         $user = User::findByUsername($username);
         if ($user && $user->id !== $GLOBALS['user']->id) {
             $this->owner = $user;
             $this->context_id = $user->id;
             $this->full_access = Config::get()->PERSONALDOCUMENT_OPEN_ACCESS_ROOT_PRIVILEDGED && $GLOBALS['user']->perms === 'root';
             URLHelper::bindLinkParam('username', $username);
         }
     }
     $this->limit = $GLOBALS['user']->cfg->PERSONAL_FILES_ENTRIES_PER_PAGE ?: Config::get()->ENTRIES_PER_PAGE;
     $this->userConfig = DocUsergroupConfig::getUserConfig($GLOBALS['user']->id);
     if ($this->userConfig['area_close'] == 1) {
         $this->redirect('document/closed/index');
     }
     if (Request::isPost()) {
         CSRFProtection::verifySecurityToken();
     }
     if (($ticket = Request::get('studip-ticket')) && !check_ticket($ticket)) {
         $message = _('Bei der Verarbeitung Ihrer Anfrage ist ein Fehler aufgetreten.') . "\n" . _('Bitte versuchen Sie es erneut.');
         PageLayout::postMessage(MessageBox::error($message));
         $this->redirect('document/files/index');
     }
 }
/**
 * @param $mod_reference
 * @param $module_params
 */
function module_user_tasks_public($mod_reference, $module_params)
{
    global $user, $tiki_p_tasks, $prefs;
    $smarty = TikiLib::lib('smarty');
    $tikilib = TikiLib::lib('tiki');
    if ($user && isset($tiki_p_tasks) && $tiki_p_tasks == 'y') {
        global $tasklib;
        require_once 'lib/tasks/tasklib.php';
        $smarty->assign('ownurl', $_SERVER['REQUEST_URI']);
        $user_groups = $tasklib->get_groups_to_user_with_permissions($user, 'tiki_p_tasks_receive');
        if (isset($_REQUEST['modTasksSearch'])) {
            check_ticket('user-prefs');
            $user_group = $_REQUEST['user_group'];
            $tikilib->set_user_preference($user, 'tasks_modLastSelectedGroup', $user_group);
        } else {
            $user_group = $tikilib->get_user_preference($user, 'tasks_modLastSelectedGroup', '');
        }
        $smarty->assign('user_group', $user_group);
        if ($user_group == '') {
            $public_tasks = array('data' => '');
        } else {
            $public_tasks = $tasklib->list_tasks($user, '0', '10', NULL, 'priority_asc', false, false, false, false, true, $user_group);
        }
        $smarty->assign('public_tasks', $public_tasks['data']);
        $smarty->assign('user_groups', $user_groups);
        $smarty->clear_assign('tpl_module_title');
    }
}
Example #3
0
 /**
  * Generic ticket check
  *
  * @throws AccessDeniedException if ticket is missing or invalid
  */
 protected function check_ticket()
 {
     $ticket = Request::get('studipticket');
     if (!$ticket || !check_ticket($ticket)) {
         throw new InvalidSecurityTokenException();
     }
 }
Example #4
0
<?php

// (c) Copyright 2002-2013 by authors of the Tiki Wiki CMS Groupware Project
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: include_security.php 51166 2014-05-07 16:00:38Z arildb $
//this script may only be included - so its better to die if called directly.
if (strpos($_SERVER["SCRIPT_NAME"], basename(__FILE__)) !== false) {
    header("location: index.php");
    exit;
}
if (isset($_REQUEST["security"])) {
    check_ticket('admin-inc-security');
}
if (!extension_loaded('mcrypt')) {
    global $smarty;
    $smarty->assign('no_mcrypt', 'y');
}
ask_ticket('admin-inc-security');
Example #5
0
        $smarty->assign('footerRow', $info["footerRow"]);
        $smarty->assign('parseValues', $info["parseValues"]);
    } else {
        $smarty->assign('className', 'default');
        $smarty->assign('headerRow', '0');
        $smarty->assign('footerRow', '0');
        $smarty->assign('parseValues', 'n');
        $smarty->assign('creator', $user);
        $smarty->assign('parentSheetId', 0);
    }
}
$cat_type = 'sheet';
// Process the insertion or modification of a sheet here
if (isset($_REQUEST["edit"])) {
    $access->check_permission('tiki_p_edit_sheet');
    check_ticket('sheet');
    // Everything is ok so we proceed to edit the gallery
    $smarty->assign('edit_mode', 'y');
    $smarty->assign_by_ref('title', $_REQUEST["title"]);
    $smarty->assign_by_ref('description', $_REQUEST["description"]);
    $smarty->assign_by_ref('className', $_REQUEST["className"]);
    $smarty->assign_by_ref('headerRow', $_REQUEST["headerRow"]);
    $smarty->assign_by_ref('footerRow', $_REQUEST["footerRow"]);
    if (isset($_REQUEST['parseValues'])) {
        $_REQUEST['parseValues'] = 'y';
    } else {
        $_REQUEST['parseValues'] = 'n';
    }
    $smarty->assign_by_ref('parseValues', $_REQUEST['parseValues']);
    $gid = $sheetlib->replace_sheet($_REQUEST["sheetId"], $_REQUEST["title"], $_REQUEST["description"], isset($_REQUEST['creator']) ? $_REQUEST['creator'] : $user, $_REQUEST['parentSheetId'], $_REQUEST);
    $cat_objid = $gid;
Example #6
0
    while (!feof($fp)) {
        $data .= fread($fp, 8192 * 16);
    }
    fclose($fp);
    if (strlen($data) > 1000000) {
        $smarty->assign('msg', tra("File is too big"));
        $smarty->display("error.tpl");
        die;
    }
    $size = $_FILES['userfile1']['size'];
    $name = $_FILES['userfile1']['name'];
    $type = $_FILES['userfile1']['type'];
    $notepadlib->replace_note($user, 0, $name, $data);
}
if (isset($_REQUEST["merge"])) {
    check_ticket('notepad-list');
    $merge = '';
    $first = true;
    if (!isset($_REQUEST["note"])) {
        $smarty->assign('msg', tra("No item indicated"));
        $smarty->display("error.tpl");
        die;
    }
    foreach (array_keys($_REQUEST["note"]) as $note) {
        $data_c = $notepadlib->get_note($user, $note);
        $data = $data_c['data'];
        if ($first) {
            $first = false;
            $merge .= "---------" . tra('merged note:') . $data_c['name'] . "----" . "\n";
            $merge .= $data;
        } else {
if (!isset($_REQUEST["assign_user"]) || $tiki_p_admin != 'y' && $tiki_p_admin_users != 'y') {
    $_REQUEST['assign_user'] = $user;
    $userChoice = 'y';
    $smarty->assign_by_ref('userChoice', $userChoice);
} else {
    if (!$userlib->user_exists($_REQUEST['assign_user'])) {
        $smarty->assign('msg', tra("User doesn't exist"));
        $smarty->display("error.tpl");
        die;
    }
    $userChoice = '';
    $smarty->assign_by_ref('assign_user', $_REQUEST['assign_user']);
}
$assign_user = $_REQUEST["assign_user"];
if (isset($_REQUEST["action"])) {
    check_ticket('admin-assign-user');
    if (!isset($_REQUEST["group"])) {
        $smarty->assign('msg', tra("You have to indicate a group"));
        $smarty->display("error.tpl");
        die;
    }
    if ($userChoice == 'y') {
        $gps = $userlib->get_groups(0, -1, 'groupName_asc', '', '', '', '', $userChoice);
        $groups = array();
        foreach ($gps['data'] as $g) {
            $groups[$g['groupName']] = $g;
        }
    } elseif ($tiki_p_admin != 'y') {
        $groups = $userlib->get_user_groups_inclusion($user);
    }
    if ($_REQUEST["action"] == 'assign') {
Example #8
0
    }
}
if (isset($_REQUEST['imagegallistprefs'])) {
    check_ticket('admin-inc-gal');
    $pref_toggles = array('gal_list_name', 'gal_list_parent', 'gal_list_description', 'gal_list_created', 'gal_list_lastmodif', 'gal_list_user', 'gal_list_imgs', 'gal_list_visits');
    foreach ($pref_toggles as $toggle) {
        simple_set_toggle($toggle);
    }
}
if (isset($_REQUEST['imagegalcomprefs'])) {
    check_ticket('admin-inc-gal');
    simple_set_value('image_galleries_comments_per_page');
    simple_set_value('image_galleries_comments_default_order');
}
if (isset($_REQUEST['mvimg']) && isset($_REQUEST['move_gallery'])) {
    check_ticket('admin-inc-gal');
    if ($_REQUEST['mvimg'] == 'to_fs' && $prefs['gal_use_db'] == 'n' || $_REQUEST['mvimg'] == 'to_db' && $prefs['gal_use_db'] == 'y') {
        $mvresult = $imagegallib->move_gallery_store($_REQUEST['move_gallery'], $_REQUEST['mvimg']);
        $mvmsg = sprintf(tra('moved %d images, %d errors occurred.'), $mvresult['moved_images'], $mvresult['errors']);
        if ($mvresult['timeout']) {
            $mvmsg .= ' ' . tra('a timeout occurred. Hit the reload button to move the rest');
        }
        $tikifeedback[]['mes'] = $mvmsg;
    }
}
if (!isset($_REQUEST['maxRows'])) {
    $_REQUEST['maxRows'] = $prefs['maxRowsGalleries'];
}
if (!isset($_REQUEST['rowImages'])) {
    $_REQUEST['rowImages'] = $prefs['rowImagesGalleries'];
}
Example #9
0
if (!isset($_REQUEST['referer']) && isset($_SERVER['HTTP_REFERER'])) {
    $_REQUEST['referer'] = $_SERVER['HTTP_REFERER'];
}
if (isset($_REQUEST['referer'])) {
    $smarty->assign('referer', $_REQUEST['referer']);
}
if (isset($_REQUEST['assign'])) {
    $objectName = isset($_REQUEST['objectName']) ? $_REQUEST['objectName'] : NULL;
    $objectHref = isset($_REQUEST['objectHref']) ? $_REQUEST['objectHref'] : NULL;
    $addedGroups = array();
    $deletedGroups = array();
    if (!isset($_REQUEST['checked'])) {
        $_REQUEST['checked'] = array();
    }
    $old_watches = $tikilib->get_groups_watching($_REQUEST['objectId'], $_REQUEST['watch_event'], $objectType);
    check_ticket('object_watches');
    foreach ($all_groups as $g) {
        if (in_array($g, $_REQUEST['checked']) && !in_array($g, $old_watches)) {
            $tikilib->add_group_watch($g, $_REQUEST['watch_event'], $_REQUEST['objectId'], $objectType, $objectName, $objectHref);
            $addedGroups[] = $g;
        } elseif (!in_array($g, $_REQUEST['checked']) && in_array($g, $old_watches)) {
            $tikilib->remove_group_watch($g, $_REQUEST['watch_event'], $_REQUEST['objectId'], $objectType);
            $deletedGroups[] = $g;
        }
        $smarty->assign_by_ref('addedGroups', $addedGroups);
        $smarty->assign_by_ref('deletedGroups', $deletedGroups);
        $group_watches = $_REQUEST['checked'];
    }
    if ($objectType == 'Category') {
        $addedGroupsDesc = array();
        $deletedGroupsDesc = array();
$smarty->assign('contentId', $_REQUEST["contentId"]);
$smarty->assign('pId', 0);
$info = $dcslib->get_content($_REQUEST["contentId"]);
$smarty->assign('description', $info["description"]);
if (isset($_REQUEST["remove"])) {
    $access->check_authenticity();
    $dcslib->remove_programmed_content($_REQUEST["remove"]);
}
$smarty->assign('data', '');
$smarty->assign('publishDate', $tikilib->now);
//Use 12- or 24-hour clock for $publishDate time selector based on admin and user preferences
$userprefslib = TikiLib::lib('userprefs');
$smarty->assign('use_24hr_clock', $userprefslib->get_user_clock_pref($user));
$smarty->assign('actual', '');
if (isset($_REQUEST["save"])) {
    check_ticket('edit-programmed-content');
    if ($_REQUEST['content_type'] == 'page') {
        $content = 'page:' . $_REQUEST['page_name'];
    } else {
        $content = $_REQUEST['data'];
    }
    if (!empty($_REQUEST['Time_Meridian'])) {
        $_REQUEST['Time_Hour'] = date('H', strtotime($_REQUEST['Time_Hour'] . ':00 ' . $_REQUEST['Time_Meridian']));
    }
    $publishDate = TikiLib::make_time($_REQUEST["Time_Hour"], $_REQUEST["Time_Minute"], 0, $_REQUEST["Date_Month"], $_REQUEST["Date_Day"], $_REQUEST["Date_Year"]);
    $id = $dcslib->replace_programmed_content($_REQUEST["pId"], $_REQUEST["contentId"], $publishDate, $content, $_REQUEST['content_type']);
    $smarty->assign('data', $_REQUEST["data"]);
    $smarty->assign('publishDate', $publishDate);
    $smarty->assign('pId', $id);
    $_REQUEST['edit'] = $id;
}
    $usermoduleslib->assign_user_module($_REQUEST["module"], $_REQUEST["position"], $_REQUEST["order"], $user);
}
if (isset($_REQUEST["up"])) {
    check_ticket('user-modules');
    $usermoduleslib->up_user_module($_REQUEST["up"], $user);
}
if (isset($_REQUEST["down"])) {
    check_ticket('user-modules');
    $usermoduleslib->down_user_module($_REQUEST["down"], $user);
}
if (isset($_REQUEST["left"])) {
    check_ticket('user-modules');
    $usermoduleslib->set_column_user_module($_REQUEST["left"], $user, 'l');
}
if (isset($_REQUEST["right"])) {
    check_ticket('user-modules');
    $usermoduleslib->set_column_user_module($_REQUEST["right"], $user, 'r');
}
$orders = array();
for ($i = 1; $i < 50; $i++) {
    $orders[] = $i;
}
$smarty->assign_by_ref('orders', $orders);
$assignables = $usermoduleslib->get_user_assignable_modules($user);
if (count($assignables) > 0) {
    $smarty->assign('canassign', 'y');
} else {
    $smarty->assign('canassign', 'n');
}
$modules = $usermoduleslib->get_user_assigned_modules($user);
$smarty->assign('modules_l', $usermoduleslib->get_user_assigned_modules_pos($user, 'l'));
if (isset($_REQUEST['mapg'])) {
    check_ticket('g-admin-roles');
    if ($_REQUEST['op'] == 'add') {
        $users = $userlib->get_group_users($_REQUEST['group']);
        foreach ($users as $a_user) {
            $roleManager->map_user_to_role($_REQUEST['pid'], $a_user, $_REQUEST['role']);
        }
    } else {
        $users = $userlib->get_group_users($_REQUEST['group']);
        foreach ($users as $a_user) {
            $roleManager->remove_mapping($a_user, $_REQUEST['role']);
        }
    }
}
if (isset($_REQUEST['save_map'])) {
    check_ticket('g-admin-roles');
    if (isset($_REQUEST['user']) && isset($_REQUEST['role'])) {
        foreach ($_REQUEST['user'] as $a_user) {
            foreach ($_REQUEST['role'] as $role) {
                $roleManager->map_user_to_role($_REQUEST['pid'], $a_user, $role);
            }
        }
    }
}
// list mappings
if (!isset($_REQUEST["sort_mode"])) {
    $sort_mode = 'name_asc';
} else {
    $sort_mode = $_REQUEST["sort_mode"];
}
if (!isset($_REQUEST["offset"])) {
Example #13
0
        $smarty->assign('mail_site', $_SERVER['SERVER_NAME']);
        $subject = $smarty->fetch('mail/share_subject.tpl');
    }
}
$smarty->assign('subject', $subject);
if (isset($_REQUEST['send'])) {
    if (!empty($_REQUEST['comment'])) {
        $smarty->assign('comment', $_REQUEST['comment']);
    }
    if (!empty($_REQUEST['share_token_notification'])) {
        $smarty->assign('share_token_notification', $_REQUEST['share_token_notification']);
    }
    if (!empty($_REQUEST['how_much_time_access'])) {
        $smarty->assign('how_much_time_access', $_REQUEST['how_much_time_access']);
    }
    check_ticket('share');
    if (empty($user) && $prefs['feature_antibot'] == 'y' && !$captchalib->validate()) {
        $errors[] = $captchalib->getErrors();
    } else {
        if ($report == 'y') {
            $email = !empty($prefs['feature_site_report_email']) ? $prefs['feature_site_report_email'] : (!empty($prefs['sender_email']) ? $prefs['sender_email'] : '');
            if (empty($email)) {
                $errors[] = tra("The mail can't be sent. Contact the administrator");
            }
            $_REQUEST['addresses'] = $email;
            $_REQUEST['do_email'] = 1;
        }
        if (isset($_REQUEST['do_email']) and $_REQUEST['do_email'] == 1) {
            // send
            // Fix for multi adresses with autocomplete funtionnality
            if (substr($_REQUEST['addresses'], -2) == ', ') {
Example #14
0
    $menulib->remove_menu($_REQUEST['remove']);
}
if (isset($_REQUEST['save'])) {
    $access->check_ticket();
    if (!isset($_REQUEST['icon'])) {
        $_REQUEST['icon'] = null;
    }
    $_REQUEST['use_items_icons'] = isset($_REQUEST['use_items_icons']) && $_REQUEST['use_items_icons'] == 'on' ? 'y' : 'n';
    $_REQUEST['parse'] = isset($_REQUEST['parse']) && $_REQUEST['parse'] == 'on' ? 'y' : 'n';
    $menulib->replace_menu($_REQUEST['menuId'], $_REQUEST['name'], $_REQUEST['description'], $_REQUEST['type'], $_REQUEST['icon'], $_REQUEST['use_items_icons'], $_REQUEST['parse']);
    $_REQUEST['menuId'] = 0;
    $smarty->assign('menuId', 0);
    $smarty->assign('info', array('name' => '', 'description' => '', 'type' => 'd', 'icon' => null, 'use_items_icons' => 'n', 'parse' => 'n'));
}
if (isset($_REQUEST['clone']) && $_REQUEST['menuId'] > 0) {
    check_ticket('admin-menus');
    $menulib->clone_menu($_REQUEST['menuId']);
}
if (isset($_REQUEST['reset'])) {
    $access->check_authenticity(tra('Are you sure you want to reset the Application Menu to the current system default?'));
    $menulib->reset_app_menu();
}
if (!isset($_REQUEST['sort_mode'])) {
    $sort_mode = 'name_desc';
} else {
    $sort_mode = $_REQUEST['sort_mode'];
}
$smarty->assign_by_ref('sort_mode', $sort_mode);
if (!isset($_REQUEST['offset'])) {
    $offset = 0;
} else {
    $questions = TextToQuestions($_REQUEST['input_data']);
    foreach ($questions as $question) {
        $question_text = $question->getQuestion();
        $id = $quizlib->replace_quiz_question(0, $question_text, 'o', $_REQUEST['quizId'], 0);
        $temp_max = $question->getChoiceCount();
        for ($i = 0; $i < $temp_max; $i++) {
            $a = $question->GetChoice($i);
            $b = $question->GetCorrect($i);
            $quizlib->replace_question_option(0, $a, $b, $id);
        }
    }
    $smarty->assign('question', '');
    $smarty->assign('questionId', 0);
}
if (isset($_REQUEST['useQuestion'])) {
    check_ticket('edit-quiz-question');
    $info = $quizlib->get_quiz_question($_REQUEST['usequestionid']);
    $qid = $quizlib->replace_quiz_question(0, $info['question'], $info['type'], $_REQUEST['quizId'], $_REQUEST['position']);
    $options = $quizlib->list_quiz_question_options($info['questionId'], 0, -1, 'points_desc', '');
    foreach ($options['data'] as $opt) {
        $quizlib->replace_question_option(0, $opt['optionText'], $opt['points'], $qid);
    }
}
if (!isset($_REQUEST['sort_mode'])) {
    $sort_mode = 'position_asc';
} else {
    $sort_mode = $_REQUEST['sort_mode'];
}
if (!isset($_REQUEST['offset'])) {
    $offset = 0;
} else {
<?php

// (c) Copyright 2002-2012 by authors of the Tiki Wiki CMS Groupware Project
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: include_metrics.php 39469 2012-01-12 21:13:48Z changi67 $
//this script may only be included - so its better to die if called directly.
if (strpos($_SERVER["SCRIPT_NAME"], basename(__FILE__)) !== false) {
    header("location: index.php");
    exit;
}
check_ticket('admin-inc-metrics');
ask_ticket('admin-inc-metrics');
if ($prefs['change_password'] != 'y') {
    $smarty->assign('errortype', 401);
    $smarty->assign('msg', tra("Permission denied"));
    $smarty->display("error.tpl");
    die;
}
if (!isset($_REQUEST["user"])) {
    $_REQUEST["user"] = '';
}
if (!isset($_REQUEST["oldpass"])) {
    $_REQUEST["oldpass"] = '';
}
$smarty->assign('userlogin', $_REQUEST["user"]);
$smarty->assign('oldpass', $_REQUEST["oldpass"]);
if (isset($_REQUEST["change"])) {
    check_ticket('change-password');
    // Check that pass and pass2 match, otherwise display error and exit
    if ($_REQUEST["pass"] != $_REQUEST["pass2"]) {
        $smarty->assign('msg', tra("The passwords do not match"));
        $smarty->display("error.tpl");
        die;
    }
    // Check that new password is different from old password, otherwise display error and exit
    if ($_REQUEST["pass"] == $_REQUEST["oldpass"]) {
        $smarty->assign('msg', tra("You can not use the same password again"));
        $smarty->display("error.tpl");
        die;
    }
    $polerr = $userlib->check_password_policy($_REQUEST["pass"]);
    if (strlen($polerr) > 0) {
        $smarty->assign('msg', $polerr);
Example #18
0
<?php

// (c) Copyright 2002-2013 by authors of the Tiki Wiki CMS Groupware Project
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: tiki-search_stats.php 44444 2013-01-05 21:24:24Z changi67 $
require_once 'tiki-setup.php';
include_once 'lib/search/searchstatslib.php';
//get_strings tra('Search Stats')
$access->check_feature('feature_search_stats');
$access->check_permission('tiki_p_admin');
if (isset($_REQUEST["clear"])) {
    check_ticket('search-stats');
    $searchstatslib->clear_search_stats();
}
if (!isset($_REQUEST["sort_mode"])) {
    $sort_mode = 'hits_desc';
} else {
    $sort_mode = $_REQUEST["sort_mode"];
}
if (!isset($_REQUEST["offset"])) {
    $offset = 0;
} else {
    $offset = $_REQUEST["offset"];
}
$smarty->assign_by_ref('offset', $offset);
if (isset($_REQUEST["find"])) {
    $find = $_REQUEST["find"];
} else {
    $find = '';
<?php

// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_include_community.php,v 1.1.2.7 2005/04/25 09:34:06 lfagundes Exp $
// Copyright (c) 2002-2005, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
//this script may only be included - so its better to die if called directly.
if (strpos($_SERVER["SCRIPT_NAME"], basename(__FILE__)) !== false) {
    header("location: index.php");
    exit;
}
if (isset($_REQUEST["mouseoverfeatures"])) {
    check_ticket('admin-inc-community');
    simple_set_toggle("feature_community_mouseover");
    simple_set_toggle("feature_community_mouseover_name");
    simple_set_toggle("feature_community_mouseover_picture");
    simple_set_toggle("feature_community_mouseover_friends");
    simple_set_toggle("feature_community_mouseover_score");
    simple_set_toggle("feature_community_mouseover_country");
    simple_set_toggle("feature_community_mouseover_email");
    simple_set_toggle("feature_community_mouseover_lastlogin");
    simple_set_toggle("feature_community_mouseover_distance");
}
/* This is desired future feature
if (isset($_REQUEST["friendshipfeatures"])) {
	check_ticket('admin-inc-community');
	simple_set_toggle("feature_community_friends_permission");
	simple_set_int("feature_community_friends_permission_dep");

}
*/
Example #20
0
<?php

// (c) Copyright 2002-2013 by authors of the Tiki Wiki CMS Groupware Project
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: include_blogs.php 44444 2013-01-05 21:24:24Z changi67 $
// This script may only be included - so its better to die if called directly.
if (strpos($_SERVER['SCRIPT_NAME'], basename(__FILE__)) !== false) {
    header('location: index.php');
    exit;
}
if (isset($_REQUEST['bloglistconf'])) {
    check_ticket('admin-inc-blogs');
}
if (isset($_REQUEST['blogcomprefs'])) {
    check_ticket('admin-inc-blogs');
}
ask_ticket('admin-inc-blogs');
$smarty->assign_by_ref('blogs', $blogs['data']);
Example #21
0
    $smarty->assign('hasImage', 'n');
    $smarty->assign('imageName', '');
    $smarty->assign('imageType', '');
}
if (isset($_REQUEST["removeZone"])) {
    $area = 'delbannerzone';
    if ($feature_ticketlib2 != 'y' or isset($_POST['daconfirm']) and isset($_SESSION["ticket_{$area}"])) {
        key_check($area);
        $bannerlib->banner_remove_zone($_REQUEST["removeZone"]);
    } else {
        key_get($area);
    }
}
// Now assign if the set button was pressed
if (isset($_REQUEST["save"]) || isset($_REQUEST["create_zone"])) {
    check_ticket('edit-banner');
    $fromDate = mktime(0, 0, 0, $_REQUEST["fromDate_Month"], $_REQUEST["fromDate_Day"], $_REQUEST["fromDate_Year"]);
    $toDate = mktime(0, 0, 0, $_REQUEST["toDate_Month"], $_REQUEST["toDate_Day"], $_REQUEST["toDate_Year"]);
    $fromTime = '' . $_REQUEST["fromTimeHour"] . $_REQUEST["fromTimeMinute"] . '';
    $toTime = '' . $_REQUEST["toTimeHour"] . $_REQUEST["toTimeMinute"] . '';
    $smarty->assign('fromDate', $fromDate);
    $smarty->assign('toDate', $toDate);
    $smarty->assign('fromTime', $_REQUEST["fromTimeHour"] . ':' . $_REQUEST["fromTimeMinute"]);
    $smarty->assign('toTime', $_REQUEST["toTimeHour"] . ':' . $_REQUEST["toTimeMinute"]);
    $smarty->assign('client', $_REQUEST["client"]);
    $smarty->assign('maxImpressions', $_REQUEST["maxImpressions"]);
    $smarty->assign('HTMLData', $_REQUEST["HTMLData"]);
    $smarty->assign('fixedURLData', $_REQUEST["fixedURLData"]);
    $smarty->assign('textData', $_REQUEST["textData"]);
    if (isset($_REQUEST["zone"])) {
        $smarty->assign('zone', $_REQUEST["zone"]);
        $menulib->remove_menu_option($id);
    }
    $maxPos = $menulib->get_max_option($_REQUEST['menuId']);
    $smarty->assign('position', $maxPos + 10);
}
if (isset($_REQUEST["save"])) {
    if (!isset($_REQUEST['groupname'])) {
        $_REQUEST['groupname'] = '';
    } elseif (is_array($_REQUEST['groupname'])) {
        $_REQUEST['groupname'] = implode(',', $_REQUEST['groupname']);
    }
    if (!isset($_REQUEST['level'])) {
        $_REQUEST['level'] = 0;
    }
    include_once 'lib/modules/modlib.php';
    check_ticket('admin-menu-options');
    $menulib->replace_menu_option($_REQUEST["menuId"], $_REQUEST["optionId"], $_REQUEST["name"], $_REQUEST["url"], $_REQUEST["type"], $_REQUEST["position"], $_REQUEST["section"], $_REQUEST["perm"], $_REQUEST["groupname"], $_REQUEST['level'], $_REQUEST['icon']);
    $modlib->clear_cache();
    $smarty->assign('position', $_REQUEST["position"] + 10);
    $smarty->assign('name', '');
    $smarty->assign('optionId', 0);
    $smarty->assign('url', '');
    $smarty->assign('section', '');
    $smarty->assign('perm', '');
    $smarty->assign('groupname', '');
    $smarty->assign('userlevel', 0);
    $smarty->assign('type', 'o');
    $smarty->assign('icon', '');
    $cookietab = 1;
}
if (!isset($_REQUEST["sort_mode"])) {
Example #23
0
    $info = $minicallib->minical_get_event($user, $_REQUEST["eventId"]);
    $info['start'] += $tikilib->get_site_time_difference($user);
    $ev_pdate = $info['start'];
    $ev_pdate_h = $info['start'];
} else {
    $info = array();
    $info['title'] = '';
    $info['topicId'] = 0;
    $info['description'] = '';
    $info['start'] = mktime(date("H"), date("i"), date("s"), date("m", $pdate), date("d", $pdate), date("Y", $pdate));
    $info['duration'] = 60 * 60;
}
$smarty->assign('ev_pdate', $ev_pdate);
$smarty->assign('ev_pdate_h', $ev_pdate_h);
if (isset($_REQUEST['save'])) {
    check_ticket('minical');
    $start = mktime($_REQUEST['Time_Hour'], $_REQUEST['Time_Minute'], 0, $_REQUEST['Date_Month'], $_REQUEST['Date_Day'], $_REQUEST['Date_Year']);
    $start -= $tikilib->get_site_time_difference($user);
    $minicallib->minical_replace_event($user, $_REQUEST["eventId"], $_REQUEST["title"], $_REQUEST["description"], $start, $_REQUEST['duration_hours'] * 60 * 60 + $_REQUEST['duration_minutes'] * 60, $_REQUEST['topicId']);
    $info = array();
    $info['title'] = '';
    $info['topicId'] = 0;
    $info['description'] = '';
    $info['start'] = mktime(date("h"), date("i"), date("s"), date("m", $pdate), date("d", $pdate), date("Y", $pdate));
    $info['duration'] = 60 * 60;
    $_REQUEST["eventId"] = 0;
}
$smarty->assign('eventId', $_REQUEST["eventId"]);
$smarty->assign('info', $info);
//Check here the interval for the calendar
if (!isset($_REQUEST['view'])) {
Example #24
0
$smarty->assign('url_base', $foo["path"] . "?galleryId={$galleryId}&amp;sort_mode={$sort_mode}" . ($popup ? '&amp;popup=y' : '') . '&amp;imageId=');
$smarty->assign('url_show', $tikilib->httpPrefix() . $foo2);
$imagegallib->add_image_hit($imageId);
$info = $imagegallib->get_image_info($imageId);
$maxgal = $gal_info['maxRows'] * $gal_info['rowImages'];
$smarty->assign('offset', $maxgal ? $offset - $offset % $maxgal : 0);
//$smarty->assign_by_ref('theme',$gal_info["theme"]);
//$smarty->assign('use_theme','y');
if ($prefs['feature_gal_slideshow'] != 'n') {
    $headerlib->add_jsfile('lib/imagegals/imagegallib.js', 50);
    $listImgId = implode(',', $listImgId);
    $smarty->assign('listImgId', $listImgId);
}
// Everybody can browse images
if (isset($_REQUEST["move_image"])) {
    check_ticket('browse-image');
    if ($tiki_p_admin_galleries != 'y' && (!$user || $user != $gal_info["user"])) {
        $smarty->assign('errortype', 401);
        $smarty->assign('msg', tra("You do not have permission to move images from this gallery"));
        $smarty->display("error.tpl");
        die;
    }
    if (isset($_REQUEST["newname"]) and $_REQUEST["newname"] != $info["name"]) {
        if ($imagegallib->edit_image($imageId, $_REQUEST['newname'], $info['description'], $info['lat'], $info['lon'])) {
            $info['name'] = $_REQUEST['newname'];
        }
    }
    $imagegallib->move_image($imageId, $_REQUEST["newgalleryId"]);
    $info['galleryId'] = $_REQUEST["newgalleryId"];
}
$smarty->assign_by_ref('owner', $gal_info["user"]);
    if (isset($_REQUEST["section_events"]) && $_REQUEST["section_events"] == 'on') {
        $info["section_events"] = 'y';
    } else {
        $info["section_events"] = 'n';
    }
    if (isset($_REQUEST["section_cms"]) && $_REQUEST["section_cms"] == 'on') {
        $info["section_cms"] = 'y';
    } else {
        $info["section_cms"] = 'n';
    }
    $info["content"] = $_REQUEST["content"];
    $info["name"] = $_REQUEST["name"];
    $smarty->assign('info', $info);
}
if (isset($_REQUEST["save"])) {
    check_ticket('admin-content-templates');
    $tid = $templateslib->replace_template($_REQUEST["templateId"], $_REQUEST["name"], $_REQUEST["content"]);
    $smarty->assign("templateId", '0');
    $info["name"] = '';
    $info["content"] = '';
    $info["section_cms"] = 'n';
    $info["section_wiki"] = 'n';
    $info["section_newsletters"] = 'n';
    $info["section_events"] = 'n';
    $info["section_html"] = 'n';
    $smarty->assign('info', $info);
    if (isset($_REQUEST["section_html"]) && $_REQUEST["section_html"] == 'on') {
        $templateslib->add_template_to_section($tid, 'html');
    } else {
        $templateslib->remove_template_from_section($tid, 'html');
    }
Example #26
0
 if (isset($_REQUEST["comments_reply_threadId"]) && !empty($_REQUEST["comments_reply_threadId"])) {
     $reply_info = $commentslib->get_comment($_REQUEST["comments_reply_threadId"]);
     $in_reply_to = $reply_info["message_id"];
 } else {
     $in_reply_to = '';
 }
 // Remove HTML tags and empty lines at the end of the posted comment
 $_REQUEST["comments_data"] = rtrim(strip_tags($_REQUEST["comments_data"]));
 if ($tiki_p_forum_autoapp != 'y' && ($forum_info['approval_type'] == 'queue_all' || !$user && $forum_info['approval_type'] == 'queue_anon')) {
     $smarty->assign('was_queued', 'y');
     $_REQUEST['was_queued'] = 'y';
     $qId = $commentslib->replace_queue(0, $_REQUEST['forumId'], $comments_objectId, $parent_id, $user, $_REQUEST["comments_title"], $_REQUEST["comments_data"], 'n', '', '', $thread_info['title'], $in_reply_to);
     // PROCESS ATTACHMENT HERE
     if ($qId && isset($_FILES['userfile1']) && !empty($_FILES['userfile1']['name'])) {
         if (is_uploaded_file($_FILES['userfile1']['tmp_name'])) {
             check_ticket('view-forum');
             $fp = fopen($_FILES['userfile1']['tmp_name'], "rb");
             $commentslib->add_thread_attachment($forum_info, $qId, $fp, '', $_FILES['userfile1']['name'], $_FILES['userfile1']['type'], $_FILES['userfile1']['size']);
         } else {
             $smarty->assign('msg', $tikilib->uploaded_file_error($_FILES['userfile1']['error']));
             $smarty->display("error.tpl");
             die;
         }
     }
     //END ATTACHMENT PROCESSING
 } else {
     $smarty->assign('was_queued', 'n');
     $_REQUEST['was_queued'] = 'n';
     if ($_REQUEST["comments_threadId"] == 0) {
         $message_id = '';
         if (isset($_REQUEST["anonymous_name"])) {
Example #27
0
$smarty->assign('faq_info', $faq_info);
if (!isset($_REQUEST["sort_mode"])) {
    $sort_mode = 'position_asc,questionId_asc';
} else {
    $sort_mode = $_REQUEST["sort_mode"];
}
if (isset($_REQUEST["find"])) {
    $find = $_REQUEST["find"];
} else {
    $find = '';
}
$smarty->assign('find', $find);
$channels = $faqlib->list_faq_questions($_REQUEST["faqId"], 0, -1, 'position_asc,questionId_asc', $find);
$smarty->assign_by_ref('channels', $channels["data"]);
if (isset($_REQUEST["sugg"])) {
    check_ticket('view-faq');
    if ($tiki_p_suggest_faq == 'y') {
        if (empty($user) && $prefs['feature_antibot'] == 'y' && !$captchalib->validate()) {
            $error = $captchalib->getErrors();
            $smarty->assign('error', $error);
            // Save the pending question and answer if antibot code is wrong
            $smarty->assign('pendingquestion', $_REQUEST["suggested_question"]);
            $smarty->assign('pendinganswer', $_REQUEST["suggested_answer"]);
        } else {
            if (!empty($_REQUEST["suggested_question"])) {
                $faqlib->add_suggested_faq_question($_REQUEST["faqId"], $_REQUEST["suggested_question"], $_REQUEST["suggested_answer"], $user);
            } else {
                $error = tra('You must suggest a question; please try again.');
                $smarty->assign('error', $error);
                // Save the pending answer if question is empty
                $smarty->assign('pendinganswer', $_REQUEST["suggested_answer"]);
Example #28
0
if ($prefs['feature_wysiwyg'] == 'y' && ($prefs['wysiwyg_default'] == 'y' && !isset($_REQUEST['wysiwyg'])) || isset($_REQUEST['wysiwyg']) && $_REQUEST['wysiwyg'] == 'y') {
    $smarty->assign('wysiwyg', 'y');
    $is_wysiwyg = true;
} else {
    $smarty->assign('wysiwyg', 'n');
    $is_wysiwyg = false;
}
if ($postId > 0) {
    if (empty($data["data"])) {
        $data["data"] = '';
    }
    $smarty->assign('post_info', $data);
    $smarty->assign('data', $data['data']);
    $smarty->assign('parsed_data', $tikilib->parse_data($data['data'], array('is_html' => $is_wysiwyg)));
    $smarty->assign('blogpriv', $data['priv']);
    check_ticket('blog');
    $post_images = $bloglib->get_post_images($postId);
    $smarty->assign_by_ref('post_images', $post_images);
    $cat_type = 'blog post';
    $cat_objid = $postId;
    if (isset($_REQUEST['lang'])) {
        $cat_lang = $_REQUEST['lang'];
    }
}
include_once 'freetag_list.php';
$smarty->assign('preview', 'n');
if ($tiki_p_admin != 'y') {
    if ($tiki_p_use_HTML != 'y') {
        $_REQUEST["allowhtml"] = 'off';
    }
}
    $info["publishDate"] = $tikilib->now;
}
$smarty->assign('title', $info["title"]);
$smarty->assign('active', $info["active"]);
$smarty->assign('publishDate', $info["publishDate"]);
if (isset($_REQUEST["remove"])) {
    $area = 'delpoll';
    if ($prefs['feature_ticketlib2'] != 'y' or isset($_POST['daconfirm']) and isset($_SESSION["ticket_{$area}"])) {
        key_check($area);
        $polllib->remove_poll($_REQUEST["remove"]);
    } else {
        key_get($area);
    }
}
if (isset($_REQUEST["save"])) {
    check_ticket('admin-polls');
    $publishDate = mktime($_REQUEST["Time_Hour"], $_REQUEST["Time_Minute"], 0, $_REQUEST["Date_Month"], $_REQUEST["Date_Day"], $_REQUEST["Date_Year"]);
    $pid = $polllib->replace_poll($_REQUEST["pollId"], $_REQUEST["title"], $_REQUEST["active"], $publishDate);
    $cat_type = 'poll';
    $cat_objid = $pid;
    $cat_desc = substr($_REQUEST["title"], 0, 200);
    $cat_name = $_REQUEST["title"];
    $cat_href = "tiki-poll_results.php?pollId=" . $cat_objid;
    include_once "categorize.php";
}
if (isset($_REQUEST['addPoll']) && !empty($_REQUEST['poll_template']) && !empty($_REQUEST['pages'])) {
    global $wikilib;
    include_once 'lib/wiki/wikilib.php';
    global $categlib;
    include_once 'lib/categories/categlib.php';
    $cat_type = 'wiki page';
		$_SESSION['show_submitted'] = true;
	} else {
		$_SESSION['show_submitted'] = false;
	}
	if (isset($_REQUEST['show_shared'])) {
		$_SESSION['show_shared'] = true;
	} else {
		$_SESSION['show_shared'] = false;
	}
	if (isset($_REQUEST['show_admin'])) {
		$_SESSION['show_admin'] = true;
	} else {
		$_SESSION['show_admin'] = false;
	}
	if (isset($_REQUEST['tasks_maxRecords'])) {
		check_ticket('user-prefs');
		$tikilib->set_user_preference($user, 'tasks_maxRecords', $_REQUEST['tasks_maxRecords']);
	}
}
if ($task_admin and isset($_REQUEST["admin_mode"]) and $task_admin) {
	$admin_mode = true;
	$_SESSION['admin_mode'] = true;
}
if ($task_admin and isset($_REQUEST["admin_mode_off"])) {
	$admin_mode = false;
	$_SESSION['admin_mode'] = false;
}
if ($_SESSION['admin_mode'] and $task_admin) {
	$admin_mode = true;
	$smarty->assign('admin_mode', $admin_mode);
} else {