Example #1
0
function deletePage($key)
{
    global $dbPages;
    global $Language;
    if ($dbPages->delete($key)) {
        Alert::set($Language->g('The page has been deleted successfully'));
        Redirect::page('admin', 'manage-pages');
    } else {
        Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to delete the page.');
    }
}
Example #2
0
function addPage($args)
{
    global $dbPages;
    global $Language;
    // Add the page.
    if ($dbPages->add($args)) {
        Alert::set($Language->g('Page added successfully'));
        Redirect::page('admin', 'manage-pages');
    } else {
        Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to create the page.');
    }
}
Example #3
0
function deletePost($key)
{
    global $dbPosts;
    global $Language;
    if ($dbPosts->delete($key)) {
        // Reindex tags, this function is in 70.posts.php
        reIndexTagsPosts();
        Alert::set($Language->g('The post has been deleted successfully'));
        Redirect::page('admin', 'manage-posts');
    } else {
        Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to delete the post.');
    }
}
Example #4
0
function deletePage($key)
{
    global $dbPages;
    global $Language;
    if ($dbPages->delete($key)) {
        // Call the plugins after post created.
        Theme::plugins('afterPageDelete');
        Alert::set($Language->g('The page has been deleted successfully'));
        Redirect::page('admin', 'manage-pages');
    } else {
        Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to delete the page.');
    }
}
Example #5
0
function addPost($args)
{
    global $dbPosts;
    global $Language;
    // Add the page.
    if ($dbPosts->add($args)) {
        // Reindex tags, this function is in 70.posts.php
        reIndexTagsPosts();
        Alert::set($Language->g('Post added successfully'));
        Redirect::page('admin', 'manage-posts');
    } else {
        Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to create the post.');
    }
    return false;
}
Example #6
0
function addPage($args)
{
    global $dbPages;
    global $Language;
    // Add the page, if the $key is FALSE the creation of the post failure.
    $key = $dbPages->add($args);
    if ($key) {
        // Call the plugins after page created.
        Theme::plugins('afterPageCreate');
        // Alert the user
        Alert::set($Language->g('Page added successfully'));
        Redirect::page('admin', 'manage-pages');
    } else {
        Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to create the page.');
    }
}
Example #7
0
function addPost($args)
{
    global $dbPosts;
    global $Language;
    // Page status, published or draft.
    if (isset($args['publish'])) {
        $args['status'] = "published";
    } else {
        $args['status'] = "draft";
    }
    // Add the page.
    if ($dbPosts->add($args)) {
        Alert::set($Language->g('Post added successfully'));
        Redirect::page('admin', 'manage-posts');
    } else {
        Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to create the post.');
    }
}
Example #8
0
function addPost($args)
{
    global $dbPosts;
    global $Language;
    // Add the page, if the $key is FALSE the creation of the post failure.
    $key = $dbPosts->add($args);
    if ($key) {
        // Reindex tags, this function is in 70.posts.php
        reIndexTagsPosts();
        // Call the plugins after post created.
        Theme::plugins('afterPostCreate');
        // Alert for the user
        Alert::set($Language->g('Post added successfully'));
        Redirect::page('admin', 'manage-posts');
    } else {
        Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to create the post.');
    }
    return false;
}
Example #9
0
function checkGet($args)
{
    global $Security;
    global $Language;
    global $Login;
    if ($Security->isBlocked()) {
        Alert::set($Language->g('IP address has been blocked') . '<br>' . $Language->g('Try again in a few minutes'));
        return false;
    }
    // Verify User sanitize the input
    if ($Login->verifyUserByToken($args['username'], $args['tokenEmail'])) {
        // Renew the tokenCRFS. This token will be the same inside the session for multiple forms.
        $Security->generateToken();
        Redirect::page('admin', 'dashboard');
        return true;
    }
    // Bruteforce protection, add IP to blacklist.
    $Security->addLoginFail();
    return false;
}
Example #10
0
 public function restore($file)
 {
     global $Language;
     // get the absolute path to $file
     $serveur = pluginBackup::full_path();
     // redirection
     $zip = new ZipArchive();
     $res = $zip->open($file);
     $removeDir = pluginBackup::removeDir(PATH_CONTENT);
     if ($res === TRUE) {
         $removeDir;
         // Y ESO PARA QUE?
         if (!is_dir(PATH_CONTENT) && (!@mkdir(PATH_CONTENT) || !@chmod(PATH_CONTENT, 0777))) {
         }
         // extract it to the path we determined above
         $zip->extractTo(PATH_CONTENT);
         $zip->close();
         Alert::set($Language->get("Archive is restored!"));
         Redirect::page('admin', 'configure-plugin/pluginBackup');
     } else {
         Alert::set($Language->get("There was a problem to restore the ZIP archive"));
         Redirect::page('admin', 'configure-plugin/pluginBackup');
     }
 }
Example #11
0
<?php

defined('BLUDIT') or die('Bludit CMS.');
// ============================================================================
// Check role
// ============================================================================
if ($Login->role() !== 'admin') {
    Alert::set($Language->g('you-do-not-have-sufficient-permissions'));
    Redirect::page('admin', 'dashboard');
}
// ============================================================================
// Main after POST
// ============================================================================
// ============================================================================
// POST Method
// ============================================================================
// ============================================================================
// Main after POST
// ============================================================================
$themes = buildThemes();
Example #12
0
// ============================================================================
// POST Method
// ============================================================================
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    // Prevent editors to administrate other users.
    if ($Login->role() !== 'admin') {
        $_POST['username'] = $Login->username();
        unset($_POST['role']);
    }
    if (isset($_POST['delete-user-all'])) {
        deleteUser($_POST, true);
    } elseif (isset($_POST['delete-user-associate'])) {
        deleteUser($_POST, false);
    } elseif (!empty($_POST['new-password']) && !empty($_POST['confirm-password'])) {
        setPassword($_POST['username'], $_POST['new-password'], $_POST['confirm-password']);
    } else {
        editUser($_POST);
    }
}
// ============================================================================
// Main after POST
// ============================================================================
if ($Login->role() !== 'admin') {
    $layout['parameters'] = $Login->username();
}
$_user = $dbUsers->getDb($layout['parameters']);
// If the user doesn't exist, redirect to the users list.
if ($_user === false) {
    Redirect::page('admin', 'users');
}
$_user['username'] = $layout['parameters'];
Example #13
0
// ============================================================================
// Functions
// ============================================================================
// ============================================================================
// Main before POST
// ============================================================================
$_Plugin = false;
$pluginClassName = $layout['parameters'];
foreach ($plugins['all'] as $P) {
    if ($P->className() == $pluginClassName) {
        $_Plugin = $P;
    }
}
// Check if the plugin exists.
if ($_Plugin === false) {
    Redirect::page('admin', 'plugins');
}
// Check if the plugin has the method form()
if (!method_exists($_Plugin, 'form')) {
    Redirect::page('admin', 'plugins');
}
// ============================================================================
// POST Method
// ============================================================================
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $_Plugin->setDb($_POST);
    Alert::set($Language->g('the-changes-have-been-saved'));
}
// ============================================================================
// Main after POST
// ============================================================================
Example #14
0
<?php

defined('BLUDIT') or die('Bludit CMS.');
// ============================================================================
// Variables
// ============================================================================
// ============================================================================
// Functions
// ============================================================================
// ============================================================================
// Main before POST
// ============================================================================
// ============================================================================
// POST Method
// ============================================================================
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $token = isset($_POST['token']) ? Sanitize::html($_POST['token']) : false;
    if (!$Security->validateToken($token)) {
        Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying validate the token. Token ID: ' . $token);
        // Destroy the session.
        Session::destroy();
        // Redirect to login panel.
        Redirect::page('admin', 'login');
    } else {
        unset($_POST['token']);
    }
}
// ============================================================================
// Main after POST
// ============================================================================
Example #15
0
 public function write_shortcode()
 {
     global $Language;
     # Shortcode file Path
     $shortcodeFile = dirname(__FILE__) . DS . 'shortcodes.php';
     $shortcodes = isset($_POST['shortcodes']) ? $_POST['shortcodes'] : '';
     # Write in file
     file_put_contents($shortcodeFile, $shortcodes);
     # Write finish :)
     Alert::set($Language->get("Shortcodes updated!"));
     Redirect::page('admin', 'configure-plugin/pluginShorcode');
 }
Example #16
0
 /**
  * Users submits the completed survey.
  *
  * @param int $bID
  */
 public function action_submit_form($bID = false)
 {
     if ($this->bID != $bID) {
         return false;
     }
     $ip = Core::make('helper/validation/ip');
     $this->view();
     if ($ip->isBanned()) {
         $this->set('invalidIP', $ip->getErrorMessage());
         return;
     }
     $txt = Core::make('helper/text');
     $db = Database::connection();
     //question set id
     $qsID = intval($_POST['qsID']);
     if ($qsID == 0) {
         throw new Exception(t("Oops, something is wrong with the form you posted (it doesn't have a question set id)."));
     }
     $token = Core::make('token');
     if (!$token->validate('form_block_submit_qs_' . $qsID)) {
         throw new Exception(t("Invalid Request"));
     }
     //get all questions for this question set
     $rows = $db->GetArray("SELECT * FROM {$this->btQuestionsTablename} WHERE questionSetId=? AND bID=? order by position asc, msqID", [$qsID, intval($this->bID)]);
     if (!count($rows)) {
         throw new Exception(t("Oops, something is wrong with the form you posted (it doesn't have any questions)."));
     }
     $errorDetails = [];
     // check captcha if activated
     if ($this->displayCaptcha) {
         $captcha = Core::make('helper/validation/captcha');
         if (!$captcha->check()) {
             $errors['captcha'] = t("Incorrect captcha code");
             $_REQUEST['ccmCaptchaCode'] = '';
         }
     }
     //checked required fields
     foreach ($rows as $row) {
         if ($row['inputType'] == 'datetime') {
             if (!isset($datetime)) {
                 $datetime = Core::make('helper/form/date_time');
             }
             $translated = $datetime->translate('Question' . $row['msqID']);
             if ($translated) {
                 $_POST['Question' . $row['msqID']] = $translated;
             }
         }
         if (intval($row['required']) == 1) {
             $notCompleted = 0;
             if ($row['inputType'] == 'email') {
                 if (!Core::make('helper/validation/strings')->email($_POST['Question' . $row['msqID']])) {
                     $errors['emails'] = t('You must enter a valid email address.');
                     $errorDetails[$row['msqID']]['emails'] = $errors['emails'];
                 }
             }
             if ($row['inputType'] == 'checkboxlist') {
                 $answerFound = 0;
                 foreach ($_POST as $key => $val) {
                     if (strstr($key, 'Question' . $row['msqID'] . '_') && strlen($val)) {
                         $answerFound = 1;
                     }
                 }
                 if (!$answerFound) {
                     $notCompleted = 1;
                 }
             } elseif ($row['inputType'] == 'fileupload') {
                 if (!isset($_FILES['Question' . $row['msqID']]) || !is_uploaded_file($_FILES['Question' . $row['msqID']]['tmp_name'])) {
                     $notCompleted = 1;
                 }
             } elseif (!strlen(trim($_POST['Question' . $row['msqID']]))) {
                 $notCompleted = 1;
             }
             if ($notCompleted) {
                 $errors['CompleteRequired'] = t("Complete required fields *");
                 $errorDetails[$row['msqID']]['CompleteRequired'] = $errors['CompleteRequired'];
             }
         }
     }
     //try importing the file if everything else went ok
     $tmpFileIds = [];
     if (!count($errors)) {
         foreach ($rows as $row) {
             if ($row['inputType'] != 'fileupload') {
                 continue;
             }
             $questionName = 'Question' . $row['msqID'];
             if (!intval($row['required']) && (!isset($_FILES[$questionName]['tmp_name']) || !is_uploaded_file($_FILES[$questionName]['tmp_name']))) {
                 continue;
             }
             $fi = new FileImporter();
             $resp = $fi->import($_FILES[$questionName]['tmp_name'], $_FILES[$questionName]['name']);
             if (!$resp instanceof Version) {
                 switch ($resp) {
                     case FileImporter::E_FILE_INVALID_EXTENSION:
                         $errors['fileupload'] = t('Invalid file extension.');
                         $errorDetails[$row['msqID']]['fileupload'] = $errors['fileupload'];
                         break;
                     case FileImporter::E_FILE_INVALID:
                         $errors['fileupload'] = t('Invalid file.');
                         $errorDetails[$row['msqID']]['fileupload'] = $errors['fileupload'];
                         break;
                 }
             } else {
                 $tmpFileIds[intval($row['msqID'])] = $resp->getFileID();
                 if (intval($this->addFilesToSet)) {
                     $fs = new FileSet();
                     $fs = $fs->getByID($this->addFilesToSet);
                     if ($fs->getFileSetID()) {
                         $fs->addFileToSet($resp);
                     }
                 }
             }
         }
     }
     if (count($errors)) {
         $this->set('formResponse', t('Please correct the following errors:'));
         $this->set('errors', $errors);
         $this->set('errorDetails', $errorDetails);
     } else {
         //no form errors
         //save main survey record
         $u = new User();
         $uID = 0;
         if ($u->isRegistered()) {
             $uID = $u->getUserID();
         }
         $q = "insert into {$this->btAnswerSetTablename} (questionSetId, uID) values (?,?)";
         $db->query($q, [$qsID, $uID]);
         $answerSetID = $db->Insert_ID();
         $this->lastAnswerSetId = $answerSetID;
         $questionAnswerPairs = [];
         if (Config::get('concrete.email.form_block.address') && strstr(Config::get('concrete.email.form_block.address'), '@')) {
             $formFormEmailAddress = Config::get('concrete.email.form_block.address');
         } else {
             $adminUserInfo = UserInfo::getByID(USER_SUPER_ID);
             $formFormEmailAddress = $adminUserInfo->getUserEmail();
         }
         $replyToEmailAddress = $formFormEmailAddress;
         //loop through each question and get the answers
         foreach ($rows as $row) {
             //save each answer
             $answerDisplay = '';
             if ($row['inputType'] == 'checkboxlist') {
                 $answer = [];
                 $answerLong = "";
                 $keys = array_keys($_POST);
                 foreach ($keys as $key) {
                     if (strpos($key, 'Question' . $row['msqID'] . '_') === 0) {
                         $answer[] = $txt->sanitize($_POST[$key]);
                     }
                 }
             } elseif ($row['inputType'] == 'text') {
                 $answerLong = $txt->sanitize($_POST['Question' . $row['msqID']]);
                 $answer = '';
             } elseif ($row['inputType'] == 'fileupload') {
                 $answerLong = "";
                 $answer = intval($tmpFileIds[intval($row['msqID'])]);
                 if ($answer > 0) {
                     $answerDisplay = File::getByID($answer)->getVersion()->getDownloadURL();
                 } else {
                     $answerDisplay = t('No file specified');
                 }
             } elseif ($row['inputType'] == 'url') {
                 $answerLong = "";
                 $answer = $txt->sanitize($_POST['Question' . $row['msqID']]);
             } elseif ($row['inputType'] == 'email') {
                 $answerLong = "";
                 $answer = $txt->sanitize($_POST['Question' . $row['msqID']]);
                 if (!empty($row['options'])) {
                     $settings = unserialize($row['options']);
                     if (is_array($settings) && array_key_exists('send_notification_from', $settings) && $settings['send_notification_from'] == 1) {
                         $email = $txt->email($answer);
                         if (!empty($email)) {
                             $replyToEmailAddress = $email;
                         }
                     }
                 }
             } elseif ($row['inputType'] == 'telephone') {
                 $answerLong = "";
                 $answer = $txt->sanitize($_POST['Question' . $row['msqID']]);
             } else {
                 $answerLong = "";
                 $answer = $txt->sanitize($_POST['Question' . $row['msqID']]);
             }
             if (is_array($answer)) {
                 $answer = implode(',', $answer);
             }
             $questionAnswerPairs[$row['msqID']]['question'] = $row['question'];
             $questionAnswerPairs[$row['msqID']]['answer'] = $txt->sanitize($answer . $answerLong);
             $questionAnswerPairs[$row['msqID']]['answerDisplay'] = strlen($answerDisplay) ? $answerDisplay : $questionAnswerPairs[$row['msqID']]['answer'];
             $v = [$row['msqID'], $answerSetID, $answer, $answerLong];
             $q = "insert into {$this->btAnswersTablename} (msqID,asID,answer,answerLong) values (?,?,?,?)";
             $db->query($q, $v);
         }
         $foundSpam = false;
         $submittedData = '';
         foreach ($questionAnswerPairs as $questionAnswerPair) {
             $submittedData .= $questionAnswerPair['question'] . "\r\n" . $questionAnswerPair['answer'] . "\r\n" . "\r\n";
         }
         $antispam = Core::make('helper/validation/antispam');
         if (!$antispam->check($submittedData, 'form_block')) {
             // found to be spam. We remove it
             $foundSpam = true;
             $q = "delete from {$this->btAnswerSetTablename} where asID = ?";
             $v = [$this->lastAnswerSetId];
             $db->Execute($q, $v);
             $db->Execute("delete from {$this->btAnswersTablename} where asID = ?", [$this->lastAnswerSetId]);
         }
         if (intval($this->notifyMeOnSubmission) > 0 && !$foundSpam) {
             if (Config::get('concrete.email.form_block.address') && strstr(Config::get('concrete.email.form_block.address'), '@')) {
                 $formFormEmailAddress = Config::get('concrete.email.form_block.address');
             } else {
                 $adminUserInfo = UserInfo::getByID(USER_SUPER_ID);
                 $formFormEmailAddress = $adminUserInfo->getUserEmail();
             }
             $mh = Core::make('helper/mail');
             $mh->to($this->recipientEmail);
             $mh->from($formFormEmailAddress);
             $mh->replyto($replyToEmailAddress);
             $mh->addParameter('formName', $this->surveyName);
             $mh->addParameter('questionSetId', $this->questionSetId);
             $mh->addParameter('questionAnswerPairs', $questionAnswerPairs);
             $mh->load('block_form_submission');
             $mh->setSubject(t('%s Form Submission', $this->surveyName));
             //echo $mh->body.'<br>';
             @$mh->sendMail();
         }
         //launch form submission event with dispatch method
         $formEventData = [];
         $formEventData['bID'] = intval($this->bID);
         $formEventData['questionSetID'] = $this->questionSetId;
         $formEventData['replyToEmailAddress'] = $replyToEmailAddress;
         $formEventData['formFormEmailAddress'] = $formFormEmailAddress;
         $formEventData['questionAnswerPairs'] = $questionAnswerPairs;
         $event = new \Symfony\Component\EventDispatcher\GenericEvent();
         $event->setArgument('formData', $formEventData);
         Events::dispatch('on_form_submission', $event);
         if (!$this->noSubmitFormRedirect) {
             $targetPage = null;
             if ($this->redirectCID == HOME_CID) {
                 $targetPage = Page::getByID(HOME_CID);
             } elseif ($this->redirectCID > 0) {
                 $pg = Page::getByID($this->redirectCID);
                 if (is_object($pg) && $pg->cID) {
                     $targetPage = $pg;
                 }
             }
             if (is_object($targetPage)) {
                 $response = \Redirect::page($targetPage);
             } else {
                 $response = \Redirect::page(Page::getCurrentPage());
                 $url = $response->getTargetUrl() . "?surveySuccess=1&qsid=" . $this->questionSetId . "#formblock" . $this->bID;
                 $response->setTargetUrl($url);
             }
             $response->send();
             exit;
         }
     }
 }
Example #17
0
<?php

defined('BLUDIT') or die('Bludit CMS.');
// ============================================================================
// Check role
// ============================================================================
if ($Login->role() !== 'admin') {
    Alert::set($Language->g('you-do-not-have-sufficient-permissions'));
    Redirect::page('admin', 'dashboard');
}
// ============================================================================
// Functions
// ============================================================================
// ============================================================================
// Main before POST
// ============================================================================
// ============================================================================
// POST Method
// ============================================================================
// ============================================================================
// Main after POST
// ============================================================================
$themeDirname = $layout['parameters'];
if (Sanitize::pathFile(PATH_THEMES . $themeDirname)) {
    $Site->set(array('theme' => $themeDirname));
    Alert::set($Language->g('The changes have been saved'));
} else {
    Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to install the theme: ' . $themeDirname);
}
Redirect::page('admin', 'themes');
Example #18
0
    if ($Site->set($args)) {
        Alert::set($Language->g('the-changes-have-been-saved'));
    } else {
        Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to save the settings.');
    }
    return true;
}
// ============================================================================
// Main after POST
// ============================================================================
// ============================================================================
// POST Method
// ============================================================================
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    setSettings($_POST);
    Redirect::page('admin', $layout['controller']);
}
// ============================================================================
// Main after POST
// ============================================================================
// Default home page
$_homePageList = array('' => $Language->g('Show blog'));
foreach ($pagesParents as $parentKey => $pageList) {
    foreach ($pageList as $Page) {
        if ($parentKey !== NO_PARENT_CHAR) {
            $parentTitle = $pages[$Page->parentKey()]->title() . '->';
        } else {
            $parentTitle = '';
        }
        if ($Page->published()) {
            $_homePageList[$Page->key()] = $Language->g('Page') . ': ' . $parentTitle . $Page->title();