Example #1
0
        param('code', 'string', true);
    case 'new':
        param('container', 'string', true, true);
        // memorize
        break;
    case 'edit':
    case 'update':
    case 'delete':
    case 'move_up':
    case 'move_down':
        param('wi_ID', 'integer', true);
        $WidgetCache =& get_Cache('WidgetCache');
        $edited_ComponentWidget =& $WidgetCache->get_by_ID($wi_ID);
        // Take blog from here!
        // echo $edited_ComponentWidget->coll_ID;
        set_working_blog($edited_ComponentWidget->coll_ID);
        $BlogCache =& get_Cache('BlogCache');
        $Blog =& $BlogCache->get_by_ID($blog);
        break;
    default:
        debug_die('Init objects: unhandled action');
}
if (!valid_blog_requested()) {
    debug_die('Invalid blog requested');
}
$current_User->check_perm('blog_properties', 'edit', true, $blog);
// Get Skin used by current Blog:
$SkinCache =& get_Cache('SkinCache');
$Skin =& $SkinCache->get_by_ID($Blog->skin_ID);
// Make sure containers are loaded for that skin:
$container_list = $Skin->get_containers();
Example #2
0
load_funcs('dashboard/model/_dashboard.funcs.php');
/**
 * @var User
 */
global $current_User;
global $dispatcher, $allow_evo_stats, $blog;
if (empty($_GET['blog'])) {
    // Use dashboard for selected blog only from GET request
    $blog = 0;
    unset($Blog);
}
if ($blog) {
    // Collection dashboard
    if (!$current_User->check_perm('blog_ismember', 'view', false, $blog)) {
        // We don't have permission for the requested blog (may happen if we come to admin from a link on a different blog)
        set_working_blog(0);
        unset($Blog);
    }
    $AdminUI->set_path('collections', 'dashboard');
    // Init params to display a panel with blog selectors
    $AdminUI->set_coll_list_params('blog_ismember', 'view', array('ctrl' => 'dashboard'));
    $AdminUI->breadcrumbpath_init(true, array('text' => T_('Collections'), 'url' => $admin_url . '?ctrl=dashboard&blog=$blog$'));
    $AdminUI->breadcrumbpath_add(T_('Collection Dashboard'), $admin_url . '?ctrl=dashboard&blog=$blog$');
    // Set an url for manual page:
    $AdminUI->set_page_manual_link('collection-dashboard');
    // We should activate toolbar menu items for this controller and action
    $activate_collection_toolbar = true;
} else {
    // Site dashboard
    $AdminUI->set_path('site', 'dashboard');
    $AdminUI->breadcrumbpath_init(false);
Example #3
0
     break;
 case 'make_posts_pre':
     // form for edit several posts
     break;
 case 'make_posts_from_files':
     // Make posts with selected images:
     // Check that this action request is not a CSRF hacked request:
     $Session->assert_received_crumb('file');
     $FileRootCache =& get_FileRootCache();
     // getting root
     $root = param("root");
     $fm_FileRoot =& $FileRootCache->get_by_ID($root, true);
     // fp> TODO: this block should move to a general level
     // Try to go to the right blog:
     if ($fm_FileRoot->type == 'collection') {
         set_working_blog($fm_FileRoot->in_type_ID);
         // Load the blog we're in:
         $Blog =& $BlogCache->get_by_ID($blog);
     }
     // ---
     if (empty($Blog)) {
         $Messages->add(T_('No destination blog is selected.'), 'error');
         break;
     }
     //$Blog->disp('name');
     // Get default status (includes PERM CHECK):
     $item_status = $Blog->get_allowed_item_status();
     if (empty($item_status)) {
         $Messages->add(T_('Sorry, you have no permission to post into this blog.'), 'error');
         break;
     }
Example #4
0
 /**
  * Handle collections module htsrv actions
  */
 function handle_htsrv_action()
 {
     global $demo_mode, $current_User, $DB, $Session, $Messages;
     global $UserSettings, $samedomain_htsrv_url;
     if (!is_logged_in()) {
         // user must be logged in
         bad_request_die($this->T_('You are not logged in.'));
     }
     // Init the objects we want to work on.
     $action = param_action(true);
     // Check that this action request is not a CSRF hacked request:
     $Session->assert_received_crumb('collections_' . $action);
     switch ($action) {
         case 'unlink':
             // Unlink a file from a LinkOwner ( Item, Comment ) object, and delete that file if it's not linked to any other object
             $link_ID = param('link_ID', 'integer', true);
             $redirect_to = param('redirect_to', 'url', '');
             $LinkCache =& get_LinkCache();
             $edited_Link =& $LinkCache->get_by_ID($link_ID, false);
             if (!$edited_Link) {
                 // the edited Link object doesn't exists
                 $Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Link')), 'error');
                 header_redirect();
             }
             // We have a link, get the LinkOwner it is attached to:
             $LinkOwner =& $edited_Link->get_LinkOwner();
             $linked_File =& $edited_Link->get_File();
             // Load the blog we're in:
             $Blog =& $LinkOwner->get_Blog();
             set_working_blog($Blog->ID);
             // Check permission:
             $LinkOwner->check_perm('edit', true);
             $confirmed = param('confirmed', 'integer', 0);
             if ($confirmed) {
                 // Unlink File from Item:
                 $edited_Link->dbdelete(true);
                 unset($edited_Link);
                 $Messages->add($LinkOwner->translate('Link has been deleted from $ownerTitle$.'), 'success');
                 if ($current_User->check_perm('files', 'edit')) {
                     // current User has permission to edit/delete files
                     $file_name = $linked_File->get_name();
                     // Get number of objects where this file is attahced to
                     // TODO: attila>this must be handled with a different function
                     $file_links = get_file_links($linked_File->ID, array('separator' => '<br />'));
                     $links_count = strlen($file_links) > 0 ? substr_count($file_links, '<br />') + 1 : 0;
                     if ($links_count > 0) {
                         // File is linked to other objects
                         $Messages->add(sprintf(T_('File %s is still linked to %d other objects'), $file_name, $links_count), 'note');
                     } else {
                         // File is not linked to other objects
                         if ($linked_File->unlink()) {
                             // File removed successful ( removed from db and from storage device also )
                             $Messages->add(sprintf(T_('File %s has been deleted.'), $file_name), 'success');
                         } else {
                             // Could not completly remove the file
                             $Messages->add(sprintf(T_('File %s could not be deleted.'), $file_name), 'error');
                         }
                     }
                 }
             } else {
                 // Display confirm unlink/delete message
                 $delete_url = $samedomain_htsrv_url . 'action.php?mname=collections&action=unlink&link_ID=' . $edited_Link->ID . '&confirmed=1&crumb_collections_unlink=' . get_crumb('collections_unlink');
                 $ok_button = '<span class="linkbutton"><a href="' . $delete_url . '">' . T_('I am sure!') . '!</a></span>';
                 $cancel_button = '<span class="linkbutton"><a href="' . $redirect_to . '">CANCEL</a></span>';
                 $msg = sprintf(T_('You are about to unlink and delete the attached file from %s path.'), $linked_File->get_root_and_rel_path());
                 $msg .= '<br />' . T_('This CANNOT be undone!') . '<br />' . T_('Are you sure?') . '<br /><br />' . $ok_button . "\t" . $cancel_button;
                 $Messages->add($msg, 'error');
             }
             header_redirect($redirect_to);
             break;
         case 'isubs_update':
             // Subscribe/Unsubscribe user on the selected item
             if ($demo_mode && $current_User->ID <= 3) {
                 // don't allow default users profile change on demo mode
                 bad_request_die('Demo mode: you can\'t edit the admin and demo users profile!<br />[<a href="javascript:history.go(-1)">' . T_('Back to profile') . '</a>]');
             }
             // Get params
             $item_ID = param('p', 'integer', true);
             $notify = param('notify', 'integer', 0);
             if ($notify < 0 || $notify > 1) {
                 // Invalid notify param. It should be 0 for unsubscribe and 1 for subscribe.
                 $Messages->add('Invalid params!', 'error');
             }
             if (!is_email($current_User->get('email'))) {
                 // user doesn't have a valid email address
                 $Messages->add(T_('Your email address is invalid. Please set your email address first.'), 'error');
             }
             if ($Messages->has_errors()) {
                 // errors detected
                 header_redirect();
                 // already exited here
             }
             if (set_user_isubscription($current_User->ID, $item_ID, $notify)) {
                 if ($notify == 0) {
                     $Messages->add(T_('You have successfully unsubscribed.'), 'success');
                 } else {
                     $Messages->add(T_('You have successfully subscribed to notifications.'), 'success');
                 }
             } else {
                 $Messages->add(T_('Could not subscribe to notifications.'), 'error');
             }
             header_redirect();
             break;
             // already exited here
     }
 }
Example #5
0
                $action = 'edit_links';
            } else {
                $action = 'nil';
            }
        }
        break;
}
if ($action == 'edit_links') {
    // set LinkOwner from params
    $link_type = param('link_type', 'string', 'item', true);
    $object_ID = param('link_object_ID', 'integer', 0, true);
    $LinkOwner = get_link_owner($link_type, $object_ID);
    if (empty($Blog)) {
        // Load the blog we're in:
        $Blog =& $LinkOwner->get_Blog();
        set_working_blog($Blog->ID);
    }
}
if (empty($LinkOwner)) {
    // If LinkOwner object is not set, we can't process any action
    $Messages->add(T_('Requested link owner object does not exist any longer.'), 'error');
    header_redirect($redirect_to);
}
switch ($action) {
    case 'edit_links':
        // Display link owner attachments
        // Check permission:
        $LinkOwner->check_perm('edit', true);
        // Add JavaScript to handle links modifications.
        require_js('links.js');
        break;
Example #6
0
 *
 * @todo (sessions) When creating a blog, provide "edit options" (3 tabs) instead of a single long "New" form (storing the new Blog object with the session data).
 * @todo Currently if you change the name of a blog it gets not reflected in the blog list buttons!
 *
 * @version $Id: coll_settings.ctrl.php,v 1.11 2008/01/21 09:35:26 fplanque Exp $
 */
if (!defined('EVO_MAIN_INIT')) {
    die('Please, do not access this page directly.');
}
param_action('edit');
param('tab', 'string', 'general', true);
// Check permissions on requested blog and autoselect an appropriate blog if necessary.
// This will prevent a fat error when switching tabs and you have restricted perms on blog properties.
if ($selected = autoselect_blog('blog_properties', 'edit')) {
    // We have a blog to work on:
    if (set_working_blog($selected)) {
        // Selected a new blog:
        $BlogCache =& get_Cache('BlogCache');
        $Blog =& $BlogCache->get_by_ID($blog);
    }
    /**
     * @var Blog
     */
    $edited_Blog =& $Blog;
} else {
    // We could not find a blog we have edit perms on...
    // Note: we may still have permission to edit categories!!
    // redirect to blog list:
    header_redirect('?ctrl=collections');
    // EXITED:
    $Messages->add(T_('Sorry, you have no permission to edit blog properties.'), 'error');
Example #7
0
 /**
  * Delete all blogs of the user recursively
  *
  * @return boolean True on success
  */
 function delete_blogs()
 {
     global $DB, $UserSettings, $current_User;
     $DB->begin();
     // Get all own blogs of this user which current user can delete
     $deleted_Blogs = $this->get_deleted_blogs();
     foreach ($deleted_Blogs as $deleted_Blog) {
         // Delete from DB:
         $deleted_Blog->dbdelete();
         set_working_blog(0);
         $UserSettings->delete('selected_blog');
         // Needed or subsequent pages may try to access the delete blog
         $UserSettings->dbupdate();
     }
     $DB->commit();
     return true;
 }
Example #8
0
         $Messages->add(T_('You have no permission to edit comments.'), 'error');
         $action = 'nil';
     } elseif (set_working_blog($selected)) {
         // Selected a new blog:
         $BlogCache =& get_BlogCache();
         $Blog =& $BlogCache->get_by_ID($blog);
     }
     break;
 case 'spam':
     // Used for quick SPAM vote of comments
     // Check that this action request is not a CSRF hacked request:
     $Session->assert_received_crumb('comment');
     param('comment_ID', 'integer', true);
     $edited_Comment =& Comment_get_by_ID($comment_ID);
     $edited_Comment_Item =& $edited_Comment->get_Item();
     set_working_blog($edited_Comment_Item->get_blog_ID());
     $BlogCache =& get_BlogCache();
     $Blog =& $BlogCache->get_by_ID($blog);
     // Check permission for spam voting
     $current_User->check_perm('blog_vote_spam_comments', 'edit', true, $Blog->ID);
     if ($edited_Comment !== false) {
         // The comment still exists
         if ($current_User->ID != $edited_Comment->author_user_ID) {
             // Do not allow users to vote on their own comments
             $edited_Comment->set_vote('spam', param('value', 'string'));
             $edited_Comment->dbupdate();
         }
     }
     // Where are we going to redirect to?
     param('redirect_to', 'url', url_add_param($admin_url, 'ctrl=comments&blog=' . $blog . '&filter=restore', '&'));
     // Redirect so that a reload doesn't write to the DB twice:
Example #9
0
     }
     break;
 case 'make_post':
     // TODO: We don't need the Filelist, move UP!
     // Make posts with selected images:
     // Check that this action request is not a CSRF hacked request:
     $Session->assert_received_crumb('file');
     if (!$selected_Filelist->count()) {
         $Messages->add(T_('Nothing selected.'), 'error');
         $action = 'list';
         break;
     }
     // fp> TODO: this block should move to a general level
     // Try to go to the right blog:
     if ($fm_Filelist->get_root_type() == 'collection') {
         set_working_blog($fm_Filelist->get_root_ID());
         // Load the blog we're in:
         $Blog =& $BlogCache->get_by_ID($blog);
     }
     // ---
     if (empty($Blog)) {
         $Messages->add(T_('No destination blog is selected.'), 'error');
         break;
     }
     //$Blog->disp('name');
     // Get default status (includes PERM CHECK):
     $item_status = $Blog->get_allowed_item_status();
     if (empty($item_status)) {
         $Messages->add(T_('Sorry, you have no permission to post into this blog.'), 'error');
         break;
     }
Example #10
0
 * Get the blog from param, defaulting to the last selected one for this user:
 * we need it for quite a few of the menu urls
 */
if (isset($collections_Module)) {
    $user_selected_blog = (int) $UserSettings->get('selected_blog');
    $BlogCache =& get_BlogCache();
    if (param('blog', 'integer', NULL, true) === NULL || $blog > 0 && !($Blog =& $BlogCache->get_by_ID($blog, false, false))) {
        // Try the memorized blog from the previous action:
        $blog = $user_selected_blog;
        if (!($Blog =& $BlogCache->get_by_ID($blog, false, false))) {
            // That one doesn't exist either...
            $blog = 0;
        }
    } elseif ($blog != $user_selected_blog) {
        // We have selected a new & valid blog. Update UserSettings for selected blog:
        set_working_blog($blog);
    }
}
// bookmarklet, upload (upload actually means sth like: select img for post):
param('mode', 'string', '', true);
/*
 * Get the Admin skin
 * TODO: Allow setting through GET param (dropdown in backoffice), respecting a checkbox "Use different setting on each computer" (if cookie_state handling is ready)
 */
$admin_skin = $UserSettings->get('admin_skin');
$admin_skin_path = $adminskins_path . '%s/_adminUI.class.php';
if (!$admin_skin || !file_exists(sprintf($admin_skin_path, $admin_skin))) {
    // there's no skin for the user
    if (!$admin_skin) {
        $Debuglog->add('The user has no admin skin set.', 'skins');
    } else {