Example #1
0
    public function action_create()
    {
        if (is_post()) {
            $parameters = get_previous_parameters();
            $object = new CommentObj();
            $object = $object->fromRequest();
            $object['foreign_id'] = empty($object['foreign_id']) ? reset($parameters) : $object['foreign_id'];
            $object['foreign_table'] = empty($object['foreign_table']) ? table_name(get_previous_area()) : $object['foreign_table'];
            //If we don't have a logged in user, create a dummy account
            if (!BackendUser::check()) {
                $query = new SelectQuery('BackendUser');
                $query->filter('`email` = :email');
                if ($old_user = Controller::getVar('user')) {
                    $existing_user = $query->fetchAssoc(array(':email' => $old_user['email']));
                }
                switch (true) {
                    case $existing_user && $existing_user['confirmed'] && $existing_user['active']:
                        //Attribute quote to user? Seems risque, actually, if I know a user's email address, I can just attribute to him. Auth first
                        Backend::addError('Comment not added. Please login first');
                        return false;
                        break;
                    case $existing_user && !$existing_user['confirmed'] && $existing_user['active']:
                        //Unregistered user commented before
                        $object['user_id'] = $existing_user['id'];
                        break;
                    default:
                    case !$existing_user:
                        $user_data = array('name' => $old_user['name'], 'surname' => '', 'email' => $old_user['email'], 'website' => $old_user['website'], 'username' => $old_user['email'], 'password' => get_random(), 'confirmed' => 0, 'active' => 1);
                        $user = self::getObject('BackendUser');
                        if ($user->create($user_data)) {
                            $object['user_id'] = $user->array['id'];
                            $url = SITE_LINK . '/?q=backend_user/confirm/' . $user->array['salt'];
                            $app_name = ConfigValue::get('Title');
                            $message = <<<END
Hi {$user->array['name']}!

Thank you for your comment on {$app_name}. An account has automatically been created for you. To activate it, please click on the following link:

{$url}

Please note that you don't need to do this for your comments to show, but this account will be deleted if it isn't confirmed in a weeks time.

Regards
END;
                            send_email($user->array['email'], 'Thank you for your comment.', $message);
                        } else {
                            Backend::addError('Could not create user to add Comment');
                            return false;
                        }
                        break;
                }
            }
            $object = array_filter($object, create_function('$var', 'return !is_null($var);'));
            Controller::setVar('obj', $object);
        }
        return parent::action_create();
    }
Example #2
0
 public function action_filter($pageId = 1)
 {
     $query = new SelectQuery('BackendRequest');
     $query->setFields(array('user_id', 'ip', 'user_agent', 'mode', 'request', 'query', 'COUNT(id) AS `occured`', 'MAX(`added`) AS `last_occured`'));
     $query->setGroup(array('user_id', 'ip', 'user_agent', 'mode', 'request', 'query'));
     $params = $queryFilter = array();
     $parameters = Controller::getVar('params');
     $sort = Controller::getVar('sort');
     if (!empty($parameters['userId'])) {
         $queryFilter[] = 'user_id = :userId';
         $params[':userId'] = $parameters['userId'];
     }
     if (!empty($parameters['query'])) {
         $queryFilter[] = "query LIKE('%{$parameters['query']}%')";
     }
     if (!empty($parameters['ip'])) {
         $queryFilter[] = "ip LIKE('%{$parameters['ip']}%')";
     }
     if (!empty($parameters['user_agent'])) {
         $queryFilter[] = "user_agent LIKE('%{$parameters['user_agent']}%')";
     }
     $query->filter($queryFilter);
     $count = 10;
     if (!empty($sort['field'])) {
         $query->setOrder(array($sort['field'] . '  ' . $sort['order']));
     }
     if ($pageId == 1) {
         $start = 0;
     } elseif ($pageId == 0) {
         $start = false;
         $count = false;
     } else {
         $start = floor(($pageId - 1) * $count);
     }
     $pager = array();
     if ($start === 'all') {
         $limit = 'all';
     } else {
         if ($start || $count) {
             $limit = "{$start}, {$count}";
         } else {
             $limit = false;
         }
     }
     $query->limit($limit);
     $items = $query->fetchAll($params);
     $totalItems = $query->getCount($params);
     $pager = '';
     if ($start || $count) {
         $pager = array('currentPage' => $pageId, 'itemCount' => count($items), 'itemTotal' => $totalItems, 'totalPages' => round(($totalItems - 1) / $count, 0));
     }
     $retArray['pager'] = $pager;
     $retArray['data'] = $items;
     $retArray['params'] = $parameters;
     $retArray['sort'] = $sort;
     return $retArray;
 }
 public function check()
 {
     $result = parent::check();
     if ($result === false && ($password = Controller::getVar('lock_password_' . $this->array['name']))) {
         if ($password == ConfigValue::get('LockPassword_' . $this->array['name'], false)) {
             return true;
         }
     }
     return $result;
 }
Example #4
0
 public function action_create($id = false)
 {
     if (is_get()) {
         $obj = Controller::getVar('obj');
         $obj = $obj ? $obj : array();
         $obj['active'] = 1;
         Controller::setVar('obj', $obj);
     }
     $result = parent::action_create();
     return $result;
 }
Example #5
0
 /**
  * The standard action for an Area
  */
 public final function action()
 {
     $toret = null;
     $error_number = Controller::getVar('err');
     if (!empty($error_number)) {
         Backend::addError(self::getError($error_number));
     }
     if (Controller::$debug) {
         Backend::addNotice('Checking Method ' . Controller::$action . ' for ' . get_class($this));
     }
     $request_method = strtolower(Controller::getMethod()) . '_' . Controller::$action;
     $action_method = 'action_' . Controller::$action;
     $view_method = Controller::$view->mode . '_' . Controller::$action;
     //Determine / check method
     $method = false;
     if (method_exists($this, $request_method)) {
         $method = $request_method;
     } else {
         if (method_exists($this, $action_method)) {
             $method = $action_method;
         } else {
             if (method_exists($this, $view_method)) {
                 $method = true;
             }
         }
     }
     if (!$method) {
         Controller::whoops('Unknown Method', array('message' => 'Method ' . Controller::$area . '::' . Controller::$action . ' does not exist'));
         return null;
     }
     //Check permissions on existing method
     if (Controller::getCheckPermissions() && !$this->checkPermissions()) {
         //TODO Add a permission denied hook to give the controller a chance to handle the permission denied
         Controller::whoops('Permission Denied', array('message' => 'You do not have permission to ' . Controller::$action . ' ' . get_class($this)));
         return null;
     }
     if ($method === true) {
         //View method, return null;
         return null;
     }
     if (Controller::$debug) {
         Backend::addNotice('Running ' . get_class($this) . '::' . $method);
     }
     return call_user_func_array(array($this, $method), Controller::$parameters);
 }
Example #6
0
 public static function hook_post_table_update($data, $object)
 {
     if (!$object instanceof DBObject || !is_post()) {
         return true;
     }
     $tags = Controller::getVar('tags');
     if (!empty($tags) && $object instanceof ContentObj) {
         $tags = array_filter(array_map('trim', explode(',', $tags)));
         self::add($tags, $object);
     }
     return true;
 }
Example #7
0
 /**
  * Use this function to set default parameters for specific actions
  *
  * It's also a good way to transform request variables to proper parameters
  */
 public static function checkParameters($parameters)
 {
     //If there's no action, only a ID, use the request verb to determine the action
     if (is_numeric(Controller::$action)) {
         $parameters[0] = Controller::$action;
         switch (strtoupper($_SERVER['REQUEST_METHOD'])) {
             case 'DELETE':
                 Controller::setAction('delete');
                 break;
             case 'PUT':
                 Controller::setAction('create');
                 break;
             case 'POST':
                 Controller::setAction('update');
                 break;
             case 'GET':
             default:
                 Controller::setAction('display');
                 break;
         }
     }
     //List instead of index
     if (Controller::$action == 'index') {
         Controller::setAction('list');
     }
     switch (Controller::$action) {
         case 'list':
             //Defaults for List
             if (!isset(Controller::$parameters[0])) {
                 $parameters[0] = 0;
             }
             if (!isset(Controller::$parameters[1])) {
                 $parameters[1] = ConfigValue::get('table.ListLength', 5);
             }
             break;
         case 'search':
             //Defaults for Search
             //Get the search term from the request variable. It's always the first parameter
             if ($term = Controller::getVar('term')) {
                 array_unshift($parameters, $term);
             } else {
                 if (!count($parameters)) {
                     $parameters[0] = '';
                 }
             }
             if (!isset(Controller::$parameters[1])) {
                 $start = Controller::getVar('start', FILTER_VALIDATE_INT);
                 $parameters[1] = is_null($start) ? 0 : $start;
             }
             if (!isset(Controller::$parameters[2])) {
                 $count = Controller::getVar('count', FILTER_VALIDATE_INT);
                 $parameters[2] = is_null($count) ? ConfigValue::get('table.ListLength', 5) : $count;
             }
             break;
     }
     //Get the delete_id from the request variable
     if (Controller::$action == 'delete' && empty($parameters[0]) && ($delete_id = Controller::getVar('delete_id', FILTER_VALIDATE_INT))) {
         $parameters[0] = $delete_id;
     }
     return $parameters;
 }
Example #8
0
 public static function hook_output($output)
 {
     //TODO Attach HTTP Error codes and descriptions to these errors
     if (!is_array($output)) {
         BackendError::add('Google Chart Error', 'Invalid Output');
         return false;
     }
     $type = array_key_exists('type', $output) ? $output['type'] : Backend::get('ChartType', 'simple_line');
     if (!method_exists('GChartView', $type)) {
         BackendError::add('Google Chart Error', 'Invalid Chart Type');
         return false;
     }
     if (!array_key_exists('data', $output)) {
         $output = array('data' => $output);
     }
     if (!is_array($output['data']) || !count($output['data'])) {
         BackendError::add('Google Chart Error', 'Invalid Output Data');
         return false;
     }
     $params = array();
     $title = array_key_exists('title', $output) ? $output['title'] : Backend::get('ChartTitle', false);
     if ($title) {
         $params['chtt'] = $title;
     }
     $url = self::$type($output, $params);
     if (Controller::$debug) {
         echo '<img src="' . $url . '">';
         var_dump($params);
         var_dump($output);
         $dont_kill = Controller::getVar('dont_kill');
         if (empty($dont_kill)) {
             die;
         }
     }
     $recache = Controller::getVar('recache') ? true : false;
     debug_header('Recache - ' . $recache);
     $image = curl_request($url, array(), array('cache' => $recache ? 1 : 60 * 60, 'bypass_ssl' => 1));
     if (Controller::$debug) {
         var_dump('Image:', $image);
     }
     if (!$image) {
         BackendError::add('Google Chart Error', 'Could not get image');
         return false;
     }
     $filename = Backend::get('ChartFilename', false);
     if (!$filename) {
         $filename = class_name(Controller::$area) . class_name(Controller::$action);
         if (Controller::$action == 'read' && !empty(Controller::$parameters[0])) {
             $filename .= Controller::$parameters[0];
         }
     }
     if (Controller::$debug) {
         var_dump('Filename:', $filename);
     }
     header('Content-Disposition: inline; filename="' . $filename . '.png"');
     return $image;
 }
Example #9
0
 /**
  * We check if there's any content of the name ?q=:name
  */
 public static function hook_init()
 {
     $query = Controller::getVar('q');
     if (empty($query)) {
         return;
     }
     if (substr($query, -1) == '/') {
         $query = substr($query, 0, strlen($query) - 1);
     }
     $select = new SelectQuery('Content');
     $select->filter('`name` = :query');
     $row = $select->fetchAssoc(array(':query' => $query));
     if ($row) {
         Controller::setVar('q', 'content/' . $row['id']);
     }
 }
Example #10
0
 public static function checkParameters($parameters)
 {
     $parameters = parent::checkParameters($parameters);
     switch (Controller::$action) {
         case 'login':
             if (empty($parameters[0])) {
                 $parameters[0] = Controller::getVar('username');
             }
             if (empty($parameters[1])) {
                 $parameters[1] = Controller::getVar('password');
             }
             break;
         case 'confirm':
             if (empty($parameters[0])) {
                 $parameters[0] = Controller::getVar('salt');
             }
         case 'signup':
             if (array_key_exists('user', $_SESSION) && $_SESSION['BackendUser']->id > 0) {
                 Controller::setAction('display');
             }
             break;
         case 'update':
         case 'display':
             if (array_key_exists('BackendUser', $_SESSION) && $_SESSION['BackendUser']->id > 0) {
                 //If empty, set it to the current user
                 if (empty($parameters['0'])) {
                     $parameters[0] = $_SESSION['BackendUser']->id;
                 }
                 //If not set to current user, and user doesn't have permissions, set to current user
                 if ($parameters[0] != $_SESSION['BackendUser']->id && !Permission::check('manage', class_for_url(get_called_class())) && Permission::check(Controller::$action, class_for_url(get_called_class()))) {
                     $parameters[0] = $_SESSION['BackendUser']->id;
                 }
             }
             break;
     }
     return $parameters;
 }
Example #11
0
 public static function checkParameters($parameters)
 {
     $parameters = parent::checkParameters($parameters);
     switch (Controller::$action) {
         case 'scaffold':
             if (empty($parameters[0])) {
                 $parameters[0] = Controller::getVar('table');
             }
             if (empty($parameters[1])) {
                 $parameters[1] = Controller::getVar('database');
             }
             break;
     }
     return $parameters;
 }
Example #12
0
 public function fromRequest()
 {
     $toret = array();
     foreach ($this->meta['fields'] as $name => $options) {
         $toret[$name] = null;
         $options = is_array($options) ? $options : array('type' => $options);
         $type = array_key_exists('type', $options) ? $options['type'] : 'string';
         $filter = array_key_exists('filter', $options) ? $options['filter'] : FILTER_DEFAULT;
         $filter_options = array_key_exists('filter_options', $options) ? $options['filter_options'] : array();
         //Files
         if (in_array($type, array('tiny_blob', 'blob', 'medium_blob', 'long_blob'))) {
             if (!empty($_FILES)) {
                 if ($_FILES[$name]['error']) {
                     switch ($_FILES[$name]['error']) {
                         case 1:
                         case 2:
                             $message = 'File too large to be uploaded';
                             break;
                         case 3:
                             $message = 'File only partially uploaded';
                             break;
                         case 4:
                             $message = 'No file was uploaded';
                             break;
                         case 6:
                             $message = 'Could not upload file. No tmp folder';
                             break;
                         case 7:
                             $message = 'Could not upload file. Can\'t write to tmp folder';
                             break;
                         case 8:
                             $message = 'Could not upload file. Invalid extension';
                             break;
                         default:
                             $message = 'Unknown file upload error (' . $_FILES[$name]['error'] . ')';
                             break;
                     }
                     Backend::addError($message);
                 } else {
                     $toret[$name] = file_get_contents($_FILES[$name]['tmp_name']);
                 }
             }
             //Other Types
         } else {
             $value = Controller::getVar($name);
             if (!is_null($value)) {
                 $toret[$name] = filter_var($value, $filter, $filter_options);
                 if ($toret[$name] === false) {
                     $toret[$name] = null;
                     Backend::addError('Invalid input');
                 }
             }
         }
     }
     return $toret;
 }