function update()
{
$this->load->config('gfx');
$this->load->helper('gfx');
if (!checkAuth(true, true, 'json')) {
return;
}
/* About name cannot collide function name */
if (in_array($this->input->post('name'), array('update', 'delete'))) {
json_message('error_about_name');
return;
}
/* Check whether name already used */
$data = $this->db->query('SELECT `name` FROM `aboutpages` WHERE `id` != ' . $this->input->post('id') . ' AND `name` = ' . $this->db->escape($this->input->post('name')) . ';');
if ($data->num_rows() !== 0) {
json_message('dup_about_name');
return;
}
$data->free_result();
/* Update data */
$this->db->update('aboutpages', array('title' => $this->input->post('title'), 'name' => $this->input->post('name'), 'content' => $this->input->post('content')), array('id' => $this->input->post('id')));
$this->load->library('cache');
$this->cache->remove($this->input->post('name'), 'about');
json_message('about_updated', 'highlight', 'info');
}
function checkAuth($checkOrigin = false, $checkAdmin = false, $errorType = '')
{
$CI =& get_instance();
$islogin = true;
/* check is loged in or not */
if (!$CI->session->userdata('id')) {
$islogin = false;
}
if (!$islogin) {
switch ($errorType) {
case 'json':
json_message('not_logged_in');
break;
case 'flashdata':
flashdata_message('not_logged_in');
break;
}
return false;
}
if (!$checkOrigin && !$checkAdmin) {
return true;
}
$CI->load->config('gfx');
if ($checkOrigin && $CI->input->post('token') !== md5($CI->session->userdata('id') . $CI->config->item('gfx_token'))) {
$islogin = false;
}
if ($checkAdmin) {
if ($CI->session->userdata('admin') !== 'Y') {
$islogin = false;
} else {
$CI->load->database();
//query
$data = $CI->db->query('SELECT `id` FROM `users` WHERE `admin` = \'Y\' AND `id` = ' . $CI->session->userdata('id') . ';');
if ($data->num_rows() === 0) {
$islogin = false;
}
$data->free_result();
}
}
if (!$islogin) {
switch ($errorType) {
case 'json':
json_message('login_validation_failed');
break;
case 'flashdata':
flashdata_message('login_validation_failed');
break;
}
}
return $islogin;
}
function skip_announcement()
{
$this->load->helper('gfx');
session_data_set(array('hide_announcement' => 'Y'), false);
json_message('ok', 'highlight', 'info');
}
function json_success($message = '', $data = array())
{
die(json_message(true, $message, $data));
}
function upload()
{
//Can't check session here becasue of Flash plugin bug.
//We do not and unable to verify user information, therefore we only process the image are return the filename; the actual submision of avatar is done by save() function.
$subdir = date('Y/m/');
@mkdir('./useravatars/' . $subdir, 755, true);
$this->load->library('upload', array('upload_path' => './useravatars/' . $subdir, 'allowed_types' => 'exe|jpg|gif|png', 'max_size' => 1024, 'encrypt_name' => true));
if (!$this->upload->do_upload('Filedata')) {
$this->load->view('json.php', array('jsonObj' => array('error' => $this->upload->display_errors('', ''))));
} else {
$data = $this->upload->data();
//Check is image or not ourselves
list($width, $height, $type) = @getimagesize($data['full_path']);
if (!in_array($type, array(IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG))) {
unlink($data['full_path']);
$this->load->helper('gfx');
json_message('EDITOR_AVATAR_WRONG_FILE_TYPE');
return;
}
if ($width > 500 || $height > 500) {
unlink($data['full_path']);
$this->load->helper('gfx');
json_message('EDITOR_AVATAR_SIZE_TOO_LARGE');
return;
}
//Success!
$this->load->view('json.php', array('jsonObj' => array('img' => $subdir . $data['file_name'])));
}
}
function userlist($type = '')
{
/* function name cannot be list() */
switch ($type) {
case 'random-avatars':
/*
Here is what we do:
random a number, see if the cache exists, if so output it, if not then generate one then saves it.
these cache have short ttl because we do not check the data within against database.
*/
/*
Prevent users from sending requests at this URL less than 60 secs of peroid.
Responsible browsers will serve cache to xhr request if request took places less than 60 sec.
*/
header('Cache-Control: max-age=60, must-revalidate');
case 'random-avatars-reload':
/*
No Cache-Control header for this URL.
*/
/*
No Cache-Control header for this URL.
*/
case 'random-avatars-frame':
/*
Output webpage or json will be decided later.
*/
$this->load->library('cache');
$i = rand(0, 99);
$users = $this->cache->get($i, 'random-avatars');
if (!$users) {
$this->load->database();
$this->load->helper('gfx');
/*
Really expensive query, should change it right away should user > 1000
or fill the cache by using crontab instead of user request
*/
$query = $this->db->query('SELECT `login`, `name`, `title`, `avatar`, `email` FROM `users` WHERE `avatar` != \'\' AND `ready` = \'Y\' AND `shown` = \'Y\' ORDER BY RAND() LIMIT 10;');
$users = array();
foreach ($query->result_array() as $user) {
$users[] = array('name' => $user['name'], 'title' => $user['title'], 'avatar' => avatarURL($user['avatar'], $user['email'], $user['login'], '&'));
}
$this->cache->save($i, $users, 'random-avatars', 300);
}
if ($type === 'random-avatars-frame') {
$this->load->view('user/random-avatars.php', array('users' => $users));
} else {
$this->load->view('json.php', array('jsonObj' => array('users' => $users)));
}
break;
default:
json_message('Invalid List type');
}
}
function ajax_comment_reply()
{
$parent = isset($_POST['id']) ? absint($_POST['id']) : 0;
$content = isset($_POST['content']) ? $_POST['content'] : '';
if (!($comment = Comment::find($parent))) {
json_message('Parent comment not found.', false);
}
$page = $comment->page;
$page_url = $comment->page_url;
$page_title = $comment->page_title;
Comments::setMailer(app('mailer'))->setDispatcher(app('events'));
$comment = Comments::addComment(compact('content', 'parent', 'page', 'page_url', 'page_title'));
if (is_array($comment)) {
json_message(true);
} else {
json_message(is_object($comment) ? $comment->first() : trans('errors.dbsave'), false);
}
}
/**
* Rates the current page
* @todo Figure out how to display these messages on the front end.
* jRating doesn't seem to support server messages
*/
public function rate()
{
if (!$this->data()->RatingEnabled) {
return json_message(array('Message' => _t('ERROR_RATING_DISABLED', "Rating is disabled on this article"), 'Result' => 'Error'));
}
// Ensure that this user isn't voting multiple times
if ($this->userAlreadyRatedArticle()) {
return json_encode(array('Message' => _t('ERROR_ALREADY_VOTED', "You've already voted on this article"), 'Result' => 'Error'));
}
// Make sure the rating is valid
$rating = isset($_REQUEST['rate']) ? intval($_REQUEST['rate']) : null;
if (is_null($rating) || $rating < 0 || $rating > 20) {
return json_encode(array('Message' => _t('ERROR_PLEASE_SELECT', "Please select a rating"), 'Result' => 'Error'));
}
// Save the record
$record = new KnowledgeBaseArticleRating();
$record->Rating = $rating;
$record->Cookie = $this->ratingIdentifier();
$record->AuthorID = Member::currentUserID();
$record->ArticleID = $this->data()->ID;
$record->write();
// Hurrah, return a nice ignorable message to the client
return json_encode(array('Message' => _t('RATING_SUCCESS', 'Your rating has been recorded'), 'Result' => 'Success'));
}
