/** * Saves the settings. */ private final function _save() { $data = $_POST['setting']; // CSRF checks if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL . 'setting')) { Flash::set('error', __('Invalid CSRF token found!')); Observer::notify('csrf_token_invalid', AuthUser::getUserName()); redirect(get_url('setting')); } } else { Flash::set('error', __('No CSRF token found!')); Observer::notify('csrf_token_not_found', AuthUser::getUserName()); redirect(get_url('setting')); } if (!isset($data['allow_html_title'])) { $data['allow_html_title'] = 'off'; } use_helper('Kses'); $allowed = array('img' => array('src' => array()), 'abbr' => array('title' => array()), 'acronym' => array('title' => array()), 'b' => array(), 'blockquote' => array('cite' => array()), 'br' => array(), 'code' => array(), 'em' => array(), 'i' => array(), 'p' => array(), 'strike' => array(), 'strong' => array()); $data['admin_title'] = kses(trim($data['admin_title']), $allowed); Setting::saveFromData($data); Flash::set('success', __('Settings have been saved!')); redirect(get_url('setting')); }
private function _edit($id) { $data = $_POST['user']; // CSRF checks if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL . 'user/edit')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('user/add')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('user/edit')); } // check if user want to change the password if (strlen($data['password']) > 0) { // check if pass and confirm are egal and >= 5 chars if (strlen($data['password']) >= 5 && $data['password'] == $data['confirm']) { unset($data['confirm']); } else { Flash::set('error', __('Password and Confirm are not the same or too small!')); redirect(get_url('user/edit/' . $id)); } } else { unset($data['password'], $data['confirm']); } $user = Record::findByIdFrom('User', $id); if (isset($data['password'])) { $data['password'] = AuthUser::generateHashedPassword($data['password'], $user->salt); } $user->setFromData($data); if ($user->save()) { if (AuthUser::hasPermission('administrator')) { // now we need to add permissions $data = isset($_POST['user_permission']) ? $_POST['user_permission'] : array(); UserPermission::setPermissionsFor($user->id, $data); } Flash::set('success', __('User has been saved!')); } else { Flash::set('error', __('User has not been saved!')); } if (AuthUser::getId() == $id) { redirect(get_url('user/edit/' . $id)); } else { redirect(get_url('user')); } }
echo date("d-M-Y", strtotime($testimonial->created_on)); ?> </td> <td><?php echo $testimonial->updated_on === NULL ? '' : date("d-M-Y", strtotime($testimonial->updated_on)); ?> </td>--> <td> <a href="<?php echo get_url('testimonial/edit/' . $testimonial->id); ?> "><img src="<?php echo URL_PUBLIC; ?> wolf/admin/images/icon-edit.gif" alt="edit icon" /></a> <a href="<?php echo get_url('testimonial/delete/' . $testimonial->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'testimonial/delete/' . $testimonial->id)); ?> " onclick="return confirm('<?php echo __('Are you sure you wish to delete testimonial : ') . ' ' . $testimonial->name . '?'; ?> ');"><img src="<?php echo URI_PUBLIC; ?> wolf/admin/images/icon-remove.gif" alt="<?php echo __('delete testimonial'); ?> " title="<?php echo __('Delete testimonial'); ?> " /></a> </td>
/** * Validates whether a given secure token is still valid. * * The validateToken() method validates the token is valid by checking: * - that the token is not expired (through the time), * - the token is valid for this user, * - the token is valid for this url * * It does so by reconstructing the token. If at any time during the valid * period of the token, the username, user password or the url changed, the * token is considered invalid. * * The token is also considered invalid if more than SecureToken::EXPIRES seconds * have passed. * * @param string $token The token. * @param string $url The url for which the token was generated. * @return boolean True if the token is valid, otherwise false. */ public static final function validateToken($token, $url) { use_helper('Hash'); $hash = new Crypt_Hash('sha256'); AuthUser::load(); if (AuthUser::isLoggedIn()) { $user = AuthUser::getRecord(); $target_url = str_replace('&', '&', $url); $pwd = substr(bin2hex($hash->hash($user->password)), 5, 20); $time = SecureToken::getTokenTime($user->username, $target_url); if (microtime(true) - $time > self::EXPIRES) { return false; } return bin2hex($hash->hash($user->username . $time . $target_url . $pwd . $user->salt)) === $token; } return false; }
private function _edit($id) { use_helper('Validate'); $data = $_POST['testimonial']; Flash::set('testimonial_postdata', $data); $errors = false; // CSRF checks if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL . 'testimonial/edit/' . $id)) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('testimonial/edit/' . $id)); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('testimonial/edit/' . $id)); } if (empty($data['name'])) { Flash::set('error', __('You have to specify a name!')); redirect(get_url('testimonial/add')); } if ($errors !== false) { // Set the errors to be displayed. Flash::set('error', implode('<br/>', $errors)); redirect(get_url('testimonial/edit/' . $id)); } $testimonial = Record::findByIdFrom('Testimonial', $id); $testimonial->setFromData($data); $testimonial->updated_by_id = AuthUser::getId(); $testimonial->updated_on = date('Y-m-d H:i:s'); if ($testimonial->save()) { // print_r($_FILES);exit; /*if (isset($_FILES)) { if(strlen($_FILES['upload_file']['name'])>0||strlen($_FILES['upload_file_home']['name'])>0){ $overwrite=false; if(strlen($_FILES['upload_file']['name'])>0){ $file = $this->upload_pdf_file($id, $_FILES['upload_file']['name'], FILES_DIR.'/testimonial/images/', $_FILES['upload_file']['tmp_name'], $overwrite); } if(strlen($_FILES['upload_file_home']['name'])>0){ $file2 = $this->upload_pdf_file2($id, $_FILES['upload_file_home']['name'], FILES_DIR.'/testimonial/home/', $_FILES['upload_file_home']['tmp_name'], $overwrite); } if ($file === false||$file2 === false) Flash::set('error', __('File has not been uploaded!')); redirect(get_url('testimonial/edit/'.$id)); } }*/ Flash::set('success', __('Testimonial has been saved!')); Observer::notify('testimonial_after_edit', $testimonial->name); } else { Flash::set('error', __('Testimonial has not been saved1!')); } // save and quit or save and continue editing? if (isset($_POST['commit'])) { redirect(get_url('testimonial')); } else { redirect(get_url('testimonial/edit/' . $id)); } }
?> </td> <td><?php echo $room->updated_on === NULL ? '' : date("d-M-Y", strtotime($room->updated_on)); ?> </td>--> <td> <a href="<?php echo get_url('room/edit/' . $room->id); ?> "><img src="<?php echo URL_PUBLIC; ?> wolf/admin/images/icon-edit.gif" alt="edit icon" /></a> <a href="<?php echo get_url('room/delete/' . $room->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'room/delete/' . $room->id)); ?> " onclick="return confirm('<?php echo __('Are you sure you wish to delete room : ') . ' ' . $room->name . '?'; ?> ');"><img src="<?php echo URI_PUBLIC; ?> wolf/admin/images/icon-remove.gif" alt="<?php echo __('delete room'); ?> " title="<?php echo __('Delete room'); ?> " /></a> </td>
function edit_feature($id) { // check if trying to save if (get_request_method() == 'POST') { // form submission $this->_checkPermission(); if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL . 'facilities/edit_feature/' . $id)) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('facilities/edit_feature/' . $id)); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('facilities/edit_feature/' . $id)); } $data = $_POST['upload']; $path = str_replace('..', '', $data['path']); $overwrite = isset($data['overwrite']) ? true : false; $title = $_POST['title']; $featureimage = FeatureImage::findById($id); if (!empty($_FILES['upload_feature_file']['name']) && !file_exists(FILES_DIR . '/facilities/feature/' . $_FILES['upload_feature_file']['tmp_name'])) { $file = $this->upload_feature_file($featureimage->facilitiesid, $featureimage->id, $title, $_FILES['upload_feature_file']['name'], FILES_DIR . '/facilities/feature/', $_FILES['upload_feature_file']['tmp_name'], $overwrite); if ($file === false) { Flash::set('error', __('File has not been uploaded!')); redirect(get_url('facilities/edit_feature/' . $id)); } } else { $featureimage->title = $title; if (!$featureimage->save()) { Flash::set('error', __('Feature could not be saved!')); } else { Flash::set('success', __('Feature has been saved!')); } } if (isset($_POST['commit'])) { redirect(get_url('facilities/edit/' . $featureimage->facilitiesid)); } else { redirect(get_url('facilities/edit_feature/' . $id)); } } else { // display edit page $feature = FeatureImage::findById($id); $this->display('facilities/edit_feature', array('csrf_token' => SecureToken::generateToken(BASE_URL . 'facilities/edit_feature/' . $id), 'feature' => $feature)); } }
private function _saveSettings($post, $type) { $this->_check("user_config"); // VALIDATE REQUEST if (!isset($post["token"]) || !SecureToken::validateToken($post["token"], get_url("user/settings/" . $type))) { $this->errors[] = __("The CSRF Token does not exist or is invalid!"); return false; } $settings = $this->_validateSettings($post, $type); // UPDATE AND REDIRECT if (!empty($settings)) { if (Plugin::setAllSettings($settings, "paw_users")) { $this->_redirect(get_url("user/settings/success#" . $type)); } } $this->errors[] = __("An unknown error is occurred!"); return false; }
echo date("d-M-Y", strtotime($experience->created_on)); ?> </td> <td><?php echo $experience->updated_on === NULL ? '' : date("d-M-Y", strtotime($experience->updated_on)); ?> </td>--> <td> <a href="<?php echo get_url('experience/edit/' . $experience->id); ?> "><img src="<?php echo URL_PUBLIC; ?> wolf/admin/images/icon-edit.gif" alt="edit icon" /></a> <a href="<?php echo get_url('experience/delete/' . $experience->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'experience/delete/' . $experience->id)); ?> " onclick="return confirm('<?php echo __('Are you sure you wish to delete experience : ') . ' ' . $experience->name . '?'; ?> ');"><img src="<?php echo URI_PUBLIC; ?> wolf/admin/images/icon-remove.gif" alt="<?php echo __('delete experience'); ?> " title="<?php echo __('Delete experience'); ?> " /></a> </td>
<div class="titlebar"> <?php echo __('Upload file'); ?> <a href="#" class="close"><img src="<?php echo ICONS_PATH; ?> action-delete-disabled-16.png"/></a> </div> <div class="content"> <form action="<?php echo get_url('plugin/shopping_cart/upload'); ?> " method="post" enctype="multipart/form-data"> <input id="csrf_token" name="csrf_token" type="hidden" value="<?php echo SecureToken::generateToken(BASE_URL . 'plugin/shopping_cart/upload'); ?> " /> <input id="upload_overwrite" name="upload[overwrite]" type="checkbox" value="1" /> <label for="upload_overwrite"><small><?php echo __('overwrite it?'); ?> </small></label><br /> <input id="upload_path" name="upload[path]" type="hidden" value="<?php echo $dir == '' ? '/' : $dir; ?> " /> <input id="upload_file" name="upload_file" type="file" /> <input id="upload_file_button" name="commit" type="submit" value="<?php echo __('Upload'); ?> " />
public function deleteUser($data, $verify) { $data = paw_xss_cleaner($data); $user = $this->_getUser($data); if (empty($user)) { $this->_error(__("The User does not exist!")); return false; } // CHECK IF ADMIN if ($this->permissions->isRole("administrator", $user->id)) { $this->_error(__("The user is an Administrator and Admins cannot be deleted!")); return false; } // CHECK PERMISSION if ((int) $this->currentID === (int) $user->id) { if ($this->config["account_deletion"] == 0) { $this->_error(__("You cannot delete your own Account, please contact an Administrator!")); return false; } if (!$this->_checkPassword($user, $verify)) { $this->_error(__("The Password is incorrect!")); return false; } } else { if ($this->permissions->hasPermission("user_delete")) { if (!SecureToken::validateToken($verify, get_url("user/delete/" . $user->id . "/" . $this->currentID))) { $this->_error(__("The CSRF Token does not exist or is invalid!")); return false; } } else { $this->_error(__("You don't have the Permission to perform this action!")); return false; } } // DELETE USER ACCOUNT $query = "DELETE FROM " . TABLE_PREFIX . "user WHERE id=" . $user->id; if (Record::query($query) !== false) { Record::query("DELETE FROM " . TABLE_PREFIX . "user_meta WHERE user_id=" . $user->id); Record::query("DELETE FROM " . TABLE_PREFIX . "user_role WHERE user_id=" . $user->id); if ((int) $this->currentID === (int) $user->id) { $this->logout(true); } return true; } return false; }
public static function setWidgetSettings($widget, $settings) { if (!array_key_exists($widget, self::$widgets)) { return false; } $widget = self::$widgets[$widget]; if (!is_callable($widget["settings_cb"])) { return false; } // CHECK SECURE TOKEN if (!isset($settings["widget_secure_token"])) { return false; } if (!SecureToken::validateToken($settings["widget_secure_token"], get_url("plugin/dashboard/" . $widget["id"]))) { return false; } // FETCH SETTINGS $newsettings = array(); foreach ($widget["settings"] as $key => $value) { if (array_key_exists($key, $settings)) { $newsettings[$key] = $settings[$key]; } else { $newsettings[$key] = NULL; } } // SET NEW SETTINGS $newsettings = call_user_func($widget["settings_cb"], $newsettings, false); Plugin::setAllSettings($newsettings, "dashboard-" . $widget["id"]); }
/** * Saves the edited Snippet. * * @todo Merge _edit() and edit() * * @param string $id Snippet id. */ private function _edit($id) { $data = $_POST['snippet']; $data['id'] = $id; // CSRF checks if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL . 'snippet/edit')) { Flash::set('post_data', (object) $data); Flash::set('error', __('Invalid CSRF token found!')); Observer::notify('csrf_token_invalid', AuthUser::getUserName()); redirect(get_url('snippet/edit/' . $id)); } } else { Flash::set('post_data', (object) $data); Flash::set('error', __('No CSRF token found!')); Observer::notify('csrf_token_not_found', AuthUser::getUserName()); redirect(get_url('snippet/edit/' . $id)); } $snippet = new Snippet($data); if (!$snippet->save()) { Flash::set('post_data', (object) $data); Flash::set('error', __('Snippet :name has not been saved. Name must be unique!', array(':name' => $snippet->name))); redirect(get_url('snippet/edit/' . $id)); } else { Flash::set('success', __('Snippet :name has been saved!', array(':name' => $snippet->name))); Observer::notify('snippet_after_edit', $snippet); } // save and quit or save and continue editing? if (isset($_POST['commit'])) { redirect(get_url('snippet')); } else { redirect(get_url('snippet/edit/' . $id)); } }
?> </label></td> <td class="field"><input type="text" id="field-label" class="textbox" value="<?php echo $form["label"]; ?> " readonly /></td> <td class="help"></td> </tr> <tr> <td class="label"><label><?php echo __("Delete Item"); ?> </label></td> <td class="field"> <input type="hidden" name="field[token]" value="<?php echo SecureToken::generateToken(get_url("user/fields/" . $action)); ?> " /> <input type="hidden" name="field[action]" value="<?php echo $action; ?> "> <input type="hidden" name="field[name]" value="<?php echo $form["name"]; ?> "> <input class="button" name="field[delete]" type="submit" accesskey="s" value="<?php echo __("Delete Field"); ?> " /> </td>
echo date("d-M-Y", strtotime($dine->created_on)); ?> </td> <td><?php echo $dine->updated_on === NULL ? '' : date("d-M-Y", strtotime($dine->updated_on)); ?> </td>--> <td> <a href="<?php echo get_url('dine/edit/' . $dine->id); ?> "><img src="<?php echo URL_PUBLIC; ?> wolf/admin/images/icon-edit.gif" alt="edit icon" /></a> <a href="<?php echo get_url('dine/delete/' . $dine->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'dine/delete/' . $dine->id)); ?> " onclick="return confirm('<?php echo __('Are you sure you wish to delete dine : ') . ' ' . $dine->name . '?'; ?> ');"><img src="<?php echo URI_PUBLIC; ?> wolf/admin/images/icon-remove.gif" alt="<?php echo __('delete dine'); ?> " title="<?php echo __('Delete dine'); ?> " /></a> </td>
echo date("d-M-Y", strtotime($event->created_on)); ?> </td> <td><?php echo $event->updated_on === NULL ? '' : date("d-M-Y", strtotime($event->updated_on)); ?> </td>--> <td> <a href="<?php echo get_url('event/edit/' . $event->id); ?> "><img src="<?php echo URL_PUBLIC; ?> wolf/admin/images/icon-edit.gif" alt="edit icon" /></a> <a href="<?php echo get_url('event/delete/' . $event->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'event/delete/' . $event->id)); ?> " onclick="return confirm('<?php echo __('Are you sure you wish to delete event : ') . ' ' . $event->name . '?'; ?> ');"><img src="<?php echo URI_PUBLIC; ?> wolf/admin/images/icon-remove.gif" alt="<?php echo __('delete event'); ?> " title="<?php echo __('Delete event'); ?> " /></a> </td>
$button = __("Send Remember Mail"); break; case "remember": $form = "login/remember"; $title = __("Remember Password"); $button = __("Set new Password"); break; case "delete": if ($pawUsers->config["account_deletion"] == 0) { redirect(get_url("login")); die; } $form = "login/delete"; $title = __("Delete Account"); $button = $title; $token = SecureToken::generateToken(get_url("login/delete/" . $current)); break; default: redirect(get_url("login")); die; break; } ?> <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta charset="utf-8" /> <title><?php echo $title . " - " . Setting::get("admin_title"); ?> </title>
public function _action($action, $post) { global $pawUsers; // VALIDATE STUFF AND PERFORM ACTION $post = paw_xss_cleaner($post); switch ($action) { case "login": if (!isset($post["user"]) || empty($post["user"])) { $this->errors[] = __("You need to enter your Username or eMail address!"); return false; } if (!isset($post["password"]) || empty($post["password"])) { $this->errors[] = __("You need to enter your Password!"); return false; } $perform = $pawUsers->login($post["user"], $post["password"], isset($post["remember"])); break; case "logout": if (!isset($post["user"]) || empty($post["user"])) { $this->errors[] = __("You need to enter your Username or eMail address!"); return false; } $current = $pawUsers->getCurrentUserID(); if (!isset($post["token"]) || !SecureToken::validateToken($post["token"], get_url("login/logout/" . $current))) { $this->_error(__("The CSRF Token does not exist or is invalid!")); return false; } Observer::notify("logout_requested"); $perform = $pawUsers->logout(); break; case "register": if (!isset($post["username"]) || empty($post["username"])) { $this->errors[] = __("You need to enter your Username!"); return false; } if (!isset($post["mail"]) || empty($post["mail"])) { $this->errors[] = __("You need to enter your eMail address!"); return false; } if (!isset($post["password"]) || !is_array($post["password"]) || count($post["password"]) !== 2) { $this->errors[] = __("You need to enter and repeat your Password!"); return false; } if (empty($post["password"][0]) || empty($post["password"][1])) { $this->errors[] = __("You need to enter and repeat your Password!"); return false; } $perform = $pawUsers->registration($post["username"], $post["mail"], $post["password"], NULL); break; case "activate": if (!isset($post["code"]) || empty($post["code"])) { $this->errors[] = __("You need to enter your Activation Code!"); return false; } if (!isset($post["user"]) || empty($post["user"])) { $this->errors[] = __("You need to enter your Username or eMail address!"); return false; } if (!isset($post["password"]) || empty($post["password"])) { $this->errors[] = __("You need to enter your Password!"); return false; } $perform = $pawUsers->activateUser($post["user"], $post["code"], $post["password"]); break; case "forgot": if (!isset($post["user"]) || empty($post["user"])) { $this->errors[] = __("You need to enter your Username or eMail address!"); return false; } $perform = $pawUsers->lostPassword($post["user"]); break; case "remember": if (!isset($post["code"]) || empty($post["code"])) { $this->errors[] = __("You need to enter your Remember-Password Code!"); return false; } if (!isset($post["user"]) || empty($post["user"])) { $this->errors[] = __("You need to enter your Username or eMail address!"); return false; } if (!isset($post["password"]) || !is_array($post["password"]) || count($post["password"]) !== 2) { $this->errors[] = __("You need to enter and repeat your new Password!"); return false; } if (empty($post["password"][0]) || empty($post["password"][1])) { $this->errors[] = __("You need to enter and repeat your new Password!"); return false; } $perform = $pawUsers->rememberPassword($post["user"], $post["code"], $post["password"]); break; case "delete": if (!isset($post["user"]) || empty($post["user"])) { $this->errors[] = __("You need to enter your Username or eMail address!"); return false; } if (!isset($post["password"]) || empty($post["password"])) { $this->errors[] = __("You need to enter your Password!"); return false; } $current = $pawUsers->getCurrentUserID(); if (!isset($post["token"]) || !SecureToken::validateToken($post["token"], get_url("login/delete/" . $current))) { $this->_error(__("The CSRF Token does not exist or is invalid!")); return false; } $perform = $pawUsers->deleteUser($post["user"], $post["password"]); break; default: $this->errors(__("Unkown Action!")); return false; break; } // RETURN if ($perform === true) { if ($action === "logout") { setcookie("expanded_rows", "", time() - 3600); setcookie("meta_tab", "", time() - 3600); setcookie("page_tab", "", time() - 3600); Observer::notify("admin_after_logout", $post["user"]); } else { Observer::notify("admin_" . $action . "_success", $post["user"]); } return true; } if (!isset($post["user"]) && isset($post["username"])) { $post["user"] = $post["username"]; } if (isset($post["user"])) { Observer::notify("admin_" . $action . "_failed", $post["user"]); } $this->errors = $pawUsers->errors; return false; }
echo __("Delete User"); ?> " /> </td> <td class="help"></td> </tr> </table> </div> </form> <?php } else { if ($action === "activate") { ?> <?php $url = get_url("user/activate/" . $form["id"] . "/" . $pawUsers->getCurrentUserID()); $token = SecureToken::generateToken($url); ?> <form id="<?php echo $action; ?> -user-form" method="post" action="<?php echo get_url("user/save/" . $action . "/" . $form["id"]); ?> "> <div id="admin-area" class="form-area <?php echo $action; ?> -user-form"> <table class="fieldset"> <tr> <td class="label"><label for="user-username"><?php
public function rename() { if (!AuthUser::hasPermission('file_manager_rename')) { Flash::set('error', __('You do not have sufficient permissions to rename this file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } // CSRF checks if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL . 'plugin/file_manager/rename')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $data['current_name'] = str_replace('..', '', $data['current_name']); $data['new_name'] = str_replace('..', '', $data['new_name']); // Clean filenames $data['new_name'] = preg_replace('/ /', '_', $data['new_name']); $data['new_name'] = preg_replace('/[^a-z0-9_\\-\\.]/i', '', $data['new_name']); $path = substr($data['current_name'], 0, strrpos($data['current_name'], '/')); $file = FILES_DIR . '/' . $data['current_name']; // Check if trying to rename to php file (.php / .php3 etc) $ext = strtolower(pathinfo($data['new_name'], PATHINFO_EXTENSION)); if (in_array($ext, ['php', 'php3', 'php4', 'inc'])) { Flash::set('error', __('Not allowed to rename to :ext', $ext)); redirect(get_url('plugin/file_manager/browse/' . $path)); } // Check another file doesn't already exist with same name if (file_exists(FILES_DIR . '/' . $path . '/' . $data['new_name'])) { Flash::set('error', __('A file or directory with that name already exists!')); redirect(get_url('plugin/file_manager/browse/' . $path)); } if (file_exists($file)) { if (!rename($file, FILES_DIR . '/' . $path . '/' . $data['new_name'])) { Flash::set('error', __('Permission denied!')); } } else { Flash::set('error', __('File or directory not found!' . $file)); } redirect(get_url('plugin/file_manager/browse/' . $path)); }
/** * Runs checks and stores a page. * * @param string $action What kind of action this is: add or edit. * @param mixed $id Page to edit if any. */ private function _store($action, $id = false) { // Sanity checks if ($action == 'edit' && !$id) { throw new Exception('Trying to edit page when $id is false.'); } use_helper('Validate'); $data = $_POST['page']; $data['is_protected'] = !empty($data['is_protected']) ? 1 : 0; Flash::set('post_data', (object) $data); // Add pre-save checks here $errors = false; // CSRF checks if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL . 'page/' . $action)) { $errors[] = __('Invalid CSRF token found!'); } } else { $errors[] = __('No CSRF token found!'); } $data['title'] = trim($data['title']); if (empty($data['title'])) { $errors[] = __('You have to specify a title!'); } $data['slug'] = trim($data['slug']); if (empty($data['slug']) && $id != '1') { $errors[] = __('You have to specify a slug!'); } else { if ($data['slug'] == ADMIN_DIR) { $errors[] = __('You cannot have a slug named :slug!', array(':slug' => ADMIN_DIR)); } if (!Validate::slug($data['slug']) && (!empty($data['slug']) && $id == '1')) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'slug')); } } // Check all numerical fields for a page $fields = array('parent_id', 'layout_id', 'needs_login'); foreach ($fields as $field) { if (!Validate::digit($data[$field])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field)); } } // Check all date fields for a page $fields = array('created_on', 'published_on', 'valid_until'); foreach ($fields as $field) { if (isset($data[$field])) { $data[$field] = trim($data[$field]); if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/D', (string) $data[$field])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field)); } } } // Check all time fields for a page $fields = array('created_on_time', 'published_on_time', 'valid_until_time'); foreach ($fields as $field) { if (isset($data[$field])) { $data[$field] = trim($data[$field]); if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{2}:[0-9]{2}:[0-9]{2}$/D', (string) $data[$field])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field)); } } } // Check alphanumerical fields $fields = array('keywords', 'description'); foreach ($fields as $field) { use_helper('Kses'); $data[$field] = kses(trim($data[$field]), array()); /* if (!empty($data[$field]) && !Validate::alpha_comma($data[$field])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field)); } * */ } // Check behaviour_id field if (!empty($data['behaviour_id']) && !Validate::slug($data['behaviour_id'])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'behaviour_id')); } // Make sure the title doesn't contain HTML if (Setting::get('allow_html_title') == 'off') { use_helper('Kses'); $data['title'] = kses(trim($data['title']), array()); } // Create the page object to be manipulated and populate data if ($action == 'add') { $page = new Page($data); } else { $page = Record::findByIdFrom('Page', $id); $page->setFromData($data); } // Upon errors, rebuild original page and return to screen with errors if (false !== $errors) { $tags = $_POST['page_tag']; // Rebuild time fields if (isset($page->created_on)) { $page->created_on = $page->created_on . ' ' . $page->created_on_time; } if (isset($page->published_on)) { $page->published_on = $page->published_on . ' ' . $page->published_on_time; } if (isset($page->valid_until)) { $page->valid_until = $page->valid_until . ' ' . $page->valid_until_time; } // Rebuild parts $part = $_POST['part']; if (!empty($part)) { $tmp = false; foreach ($part as $key => $val) { $tmp[$key] = (object) $val; } $part = $tmp; } // Set the errors to be displayed. Flash::setNow('error', implode('<br/>', $errors)); // display things ... $this->setLayout('backend'); $this->display('page/edit', array('action' => $action, 'csrf_token' => SecureToken::generateToken(BASE_URL . 'page/' . $action), 'page' => (object) $page, 'tags' => $tags, 'filters' => Filter::findAll(), 'behaviors' => Behavior::findAll(), 'page_parts' => (object) $part, 'layouts' => Record::findAllFrom('Layout'))); } // Notify if ($action == 'add') { Observer::notify('page_add_before_save', $page); } else { Observer::notify('page_edit_before_save', $page); } // Time to actually save the page // @todo rebuild this so parts are already set before save? // @todo determine lazy init impact if ($page->save()) { // Get data for parts of this page $data_parts = $_POST['part']; Flash::set('post_parts_data', (object) $data_parts); if ($action == 'edit') { $old_parts = PagePart::findByPageId($id); // check if all old page part are passed in POST // if not ... we need to delete it! foreach ($old_parts as $old_part) { $not_in = true; foreach ($data_parts as $part_id => $data) { $data['name'] = trim($data['name']); if ($old_part->name == $data['name']) { $not_in = false; // this will not really create a new page part because // the id of the part is passed in $data $part = new PagePart($data); $part->page_id = $id; Observer::notify('part_edit_before_save', $part); $part->save(); Observer::notify('part_edit_after_save', $part); unset($data_parts[$part_id]); break; } } if ($not_in) { $old_part->delete(); } } } // add the new parts foreach ($data_parts as $data) { $data['name'] = trim($data['name']); $part = new PagePart($data); $part->page_id = $page->id; Observer::notify('part_add_before_save', $part); $part->save(); Observer::notify('part_add_after_save', $part); } // save tags $page->saveTags($_POST['page_tag']['tags']); Flash::set('success', __('Page has been saved!')); } else { Flash::set('error', __('Page has not been saved!')); $url = 'page/'; $url .= $action == 'edit' ? 'edit/' . $id : 'add/'; redirect(get_url($url)); } if ($action == 'add') { Observer::notify('page_add_after_save', $page); } else { Observer::notify('page_edit_after_save', $page); } // save and quit or save and continue editing ? if (isset($_POST['commit'])) { redirect(get_url('page')); } else { redirect(get_url('page/edit/' . $page->id)); } }
public function delete($id) { if (!AuthUser::hasPermission('user_delete')) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url()); } // Sanity checks use_helper('Validate'); if (!Validate::numeric($id)) { Flash::set('error', __('Invalid input found!')); redirect(get_url()); } // CSRF checks if (isset($_GET['csrf_token'])) { $csrf_token = $_GET['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL . 'user/delete/' . $id)) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('user')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('user')); } // security (dont delete the first admin) if ($id > 1) { // find the user to delete if ($user = Record::findByIdFrom('User', $id)) { if ($user->delete()) { Flash::set('success', __('User <strong>:name</strong> has been deleted!', array(':name' => $user->name))); Observer::notify('user_after_delete', $user->name); } else { Flash::set('error', __('User <strong>:name</strong> has not been deleted!', array(':name' => $user->name))); } } else { Flash::set('error', __('User not found!')); } } else { Flash::set('error', __('Action disabled!')); } redirect(get_url('user')); }
</small> </td> <td><?php echo $user->email; ?> </td> <td><?php echo implode(', ', $user->roles()); ?> </td> <td> <?php if ($user->id > 1) { ?> <a href="<?php echo get_url('user/delete/' . $user->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'user/delete/' . $user->id)); ?> " onclick="return confirm('<?php echo __('Are you sure you wish to delete') . ' ' . $user->name . '?'; ?> ');"><img src="<?php echo PATH_PUBLIC; ?> wolf/admin/images/icon-remove.gif" alt="<?php echo __('delete user icon'); ?> " title="<?php echo __('Delete user'); ?> " /></a> <?php
/** * @todo merge _add() and _edit() into one _store() * * @param <type> $id */ private function _edit($id) { use_helper('Validate'); $data = $_POST['user']; Flash::set('post_data', (object) $data); // Add pre-save checks here $errors = false; // CSRF checks if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL . 'user/edit')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('user/edit/' . $id)); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('user/edit/' . $id)); } // check if user want to change the password if (strlen($data['password']) > 0) { // check if pass and confirm are egal and >= 5 chars if (strlen($data['password']) >= 5 && $data['password'] == $data['confirm']) { unset($data['confirm']); } else { Flash::set('error', __('Password and Confirm are not the same or too small!')); redirect(get_url('user/edit/' . $id)); } } else { unset($data['password'], $data['confirm']); } // Check alphanumerical fields $fields = array('username'); foreach ($fields as $field) { if (!empty($data[$field]) && !Validate::alphanum_space($data[$field])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field)); } } if (!empty($data['name']) && !Validate::alphanum_space($data['name'], true)) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'name')); } if (!empty($data['email']) && !Validate::email($data['email'])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'email')); } if (!empty($data['language']) && !Validate::alpha($data['language'])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'language')); } if ($errors !== false) { // Set the errors to be displayed. Flash::set('error', implode('<br/>', $errors)); redirect(get_url('user/edit/' . $id)); } $user = Record::findByIdFrom('User', $id); if (isset($data['password'])) { if (empty($user->salt)) { $user->salt = AuthUser::generateSalt(); } $data['password'] = AuthUser::generateHashedPassword($data['password'], $user->salt); } $user->setFromData($data); if ($user->save()) { if (AuthUser::hasPermission('user_edit')) { // now we need to add permissions $data = isset($_POST['user_permission']) ? $_POST['user_permission'] : array(); UserRole::setPermissionsFor($user->id, $data); } Flash::set('success', __('User has been saved!')); Observer::notify('user_after_edit', $user->name); } else { Flash::set('error', __('User has not been saved!')); } if (AuthUser::getId() == $id) { redirect(get_url('user/edit/' . $id)); } else { redirect(get_url('user')); } }
"><img src="<?php echo URI_PUBLIC; ?> wolf/admin/images/plus.png" align="middle" title="<?php echo __('Add child'); ?> " alt="<?php echo __('Add child'); ?> " /></a> <!-- //For about page okstmtcc --> <?php if ((!$child->is_protected || AuthUser::hasPermission('page_delete')) && $child->id != 4) { ?> <a class="remove" href="<?php echo get_url('page/delete/' . $child->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'page/delete/' . $child->id)); ?> " onclick="return confirm('<?php echo __('Are you sure you wish to delete'); ?> <?php echo $child->title; ?> <?php echo __('and its underlying pages'); ?> ?');"><img src="<?php echo URI_PUBLIC; ?> wolf/admin/images/icon-remove.gif" align="middle" alt="<?php echo __('Remove page');
/** * @todo Merge _add() and _edit() into one _store() * * @param <type> $id */ function _edit($id) { $layout = Record::findByIdFrom('Layout', $id); $layout->setFromData($_POST['layout']); // CSRF checks if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL . 'layout/edit')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('layout/edit/' . $id)); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('layout/edit/' . $id)); } if (!$layout->save()) { Flash::set('error', __('Layout has not been saved. Name must be unique!')); redirect(get_url('layout/edit/' . $id)); } else { Flash::set('success', __('Layout has been saved!')); Observer::notify('layout_after_edit', $layout); } // save and quit or save and continue editing? if (isset($_POST['commit'])) { redirect(get_url('layout')); } else { redirect(get_url('layout/edit/' . $id)); } }
echo date("d-M-Y", strtotime($attraction->created_on)); ?> </td> <td><?php echo $attraction->updated_on === NULL ? '' : date("d-M-Y", strtotime($attraction->updated_on)); ?> </td>--> <td> <a href="<?php echo get_url('attraction/edit/' . $attraction->id); ?> "><img src="<?php echo URL_PUBLIC; ?> wolf/admin/images/icon-edit.gif" alt="edit icon" /></a> <a href="<?php echo get_url('attraction/delete/' . $attraction->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'attraction/delete/' . $attraction->id)); ?> " onclick="return confirm('<?php echo __('Are you sure you wish to delete attraction : ') . ' ' . $attraction->name . '?'; ?> ');"><img src="<?php echo URI_PUBLIC; ?> wolf/admin/images/icon-remove.gif" alt="<?php echo __('delete attraction'); ?> " title="<?php echo __('Delete attraction'); ?> " /></a> </td>
<div class="titlebar"> <?php echo __('Upload file'); ?> <a href="#" class="close"><img src="<?php echo ICONS_PATH; ?> action-delete-disabled-16.png"/></a> </div> <div class="content"> <form action="<?php echo get_url('plugin/file_manager/upload'); ?> " method="post" enctype="multipart/form-data"> <input id="csrf_token" name="csrf_token" type="hidden" value="<?php echo SecureToken::generateToken(BASE_URL . 'plugin/file_manager/upload'); ?> " /> <input id="upload_overwrite" name="upload[overwrite]" type="checkbox" value="1" /> <label for="upload_overwrite"><small><?php echo __('overwrite it?'); ?> </small></label><br /> <input id="upload_path" name="upload[path]" type="hidden" value="<?php echo $dir == '' ? '/' : $dir; ?> " /> <input id="upload_file" name="upload_file" type="file" /> <input id="upload_file_button" name="commit" type="submit" value="<?php echo __('Upload'); ?> " />
?> "><?php echo AuthUser::getRecord()->name; ?> </a> <span class="separator"> | </span> <a id="site-view-link" href="<?php echo URL_PUBLIC; ?> " target="_blank"><?php echo __('View Site'); ?> </a> <span class="separator"> | </span> <a href="<?php echo get_url('login/logout' . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'login/logout')); ?> "><?php echo __('Log Out'); ?> </a> </p> </div> <!-- Overwrite tab function to text indent in textarea --> <script> $.fn.getTab = function () { this.keydown(function (e) { if (e.keyCode === 9) { var val = this.value, start = this.selectionStart,
/** * Runs checks and stores a page. * * @param string $action What kind of action this is: add or edit. * @param mixed $id Page to edit if any. */ private function _store($action, $id = false) { // Sanity checks if ($action == 'edit' && !$id) { throw new Exception('Trying to edit page when $id is false.'); } use_helper('Validate'); $data = $_POST['page']; $data['is_protected'] = !empty($data['is_protected']) ? 1 : 0; Flash::set('post_data', (object) $data); $pagesetting = array(); //For homepage info & about page info okstmtcc if ($id == 1 || $id == 4) { $upload = $_POST['upload']; $pagesetting = $_POST['pagesetting']; //Flash::set('post_settingdata', (object) $pagesetting); } // Add pre-save checks here $errors = false; $error_fields = false; // CSRF checks if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; $csrf_id = ''; if ($action === 'edit') { $csrf_id = '/' . $id; } if (!SecureToken::validateToken($csrf_token, BASE_URL . 'page/' . $action . $csrf_id)) { $errors[] = __('Invalid CSRF token found!'); } } else { $errors[] = __('No CSRF token found!'); } $data['title'] = trim($data['title']); if (empty($data['title'])) { $error_fields[] = __('Page Title'); } /** homepage setting check okstmtcc **/ if ($id == 1) { /** homepage page title **/ if (empty($pagesetting['homepage_discover_title'])) { $error_fields[] = __('Homepage Title'); } if (empty($pagesetting['homepage_discover_teaser'])) { $error_fields[] = __('Homepage Teaser'); } /** highlight 1 **/ // if (empty($pagesetting['highlight_title'])){ // $error_fields[] = __('Highlight 1´s Title'); // } // if (empty($pagesetting['highlight_text1'])){ // $error_fields[] = __('Highlight 1´s Text 1'); // } // if (empty($pagesetting['highlight_url'])){ // $error_fields[] = __('Highlight 1´s Read More URL'); // } // $pagesetting_ori = PageSetting::init(); // if (isset($_FILES)) { // if(empty($_FILES['upload_highlight_image']['name'])){ // $pagesetting['highlight_image'] = $pagesetting_ori->highlight_image; // } else { // $pagesetting['highlight_image'] = $_FILES['upload_highlight_image']['name']; // } // } else { // $pagesetting['highlight_image'] = $pagesetting_ori->highlight_image; // } // if (empty($pagesetting['highlight_image'])){ // $error_fields[] = __('Highlight 1´s Image'); // } // /** highlight 2 **/ // if (empty($pagesetting['highlight2_title'])){ // $error_fields[] = __('Highlight 2´s Title'); // } // if (empty($pagesetting['highlight2_text1'])){ // $error_fields[] = __('Highlight 2´s Text 1'); // } // if (empty($pagesetting['highlight2_url'])){ // $error_fields[] = __('Highlight 2´s Read More URL'); // } // if (isset($_FILES)) { // if(empty($_FILES['upload_highlight2_image']['name'])){ // $pagesetting['highlight2_image'] = $pagesetting_ori->highlight2_image; // } else { // $pagesetting['highlight2_image'] = $_FILES['upload_highlight2_image']['name']; // } // } else { // $pagesetting['highlight2_image'] = $pagesetting_ori->highlight2_image; // } // if (empty($pagesetting['highlight2_image'])){ // $error_fields[] = __('Highlight 2´s Image'); // } // if (isset($_FILES)) { // if(empty($_FILES['upload_newdev_image']['name'])){ // $pagesetting['newdev_image'] = $pagesetting_ori->newdev_image; // } else { // $pagesetting['newdev_image'] = $_FILES['upload_newdev_image']['name']; // } // } else { // $pagesetting['newdev_image'] = $pagesetting_ori->newdev_image; // } // if (empty($pagesetting['newdev_image'])){ // $error_fields[] = __('New Development Image'); // } } /** homepage setting check okstmtcc **/ $data['slug'] = !empty($data['slug']) ? trim($data['slug']) : ''; if (empty($data['slug']) && $id != '1') { $error_fields[] = __('Slug'); } else { if ($data['slug'] == ADMIN_DIR) { $errors[] = __('You cannot have a slug named :slug!', array(':slug' => ADMIN_DIR)); } if (!Validate::slug($data['slug']) && (!empty($data['slug']) && $id == '1')) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'slug')); } } // Check all numerical fields for a page $fields = array('parent_id', 'layout_id', 'needs_login'); foreach ($fields as $field) { if (!Validate::digit($data[$field])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field)); } } // Check all date fields for a page $fields = array('created_on', 'published_on', 'valid_until'); foreach ($fields as $field) { if (isset($data[$field])) { $data[$field] = trim($data[$field]); if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/D', (string) $data[$field])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field)); } } } // Check all time fields for a page $fields = array('created_on_time', 'published_on_time', 'valid_until_time'); foreach ($fields as $field) { if (isset($data[$field])) { $data[$field] = trim($data[$field]); if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{2}:[0-9]{2}:[0-9]{2}$/D', (string) $data[$field])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field)); } } } // Check alphanumerical fields $fields = array('keywords', 'description'); foreach ($fields as $field) { use_helper('Kses'); $data[$field] = kses(trim($data[$field]), array()); /* if (!empty($data[$field]) && !Validate::alpha_comma($data[$field])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field)); } * */ } // Check behaviour_id field if (!empty($data['behaviour_id']) && !Validate::slug($data['behaviour_id'])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'behaviour_id')); } // Make sure the title doesn't contain HTML if (Setting::get('allow_html_title') == 'off') { use_helper('Kses'); $data['title'] = kses(trim($data['title']), array()); } // Create the page object to be manipulated and populate data if ($action == 'add') { $page = new Page($data); } else { $page = Record::findByIdFrom('Page', $id); $page->setFromData($data); } // Upon errors, rebuild original page and return to screen with errors if (false !== $errors || $error_fields !== false) { $tags = $_POST['page_tag']; // Rebuild time fields if (isset($page->created_on) && isset($page->created_on_time)) { $page->created_on = $page->created_on . ' ' . $page->created_on_time; } if (isset($page->published_on) && isset($page->published_on_time)) { $page->published_on = $page->published_on . ' ' . $page->published_on_time; } if (isset($page->valid_until)) { $page->valid_until = $page->valid_until . ' ' . $page->valid_until_time; } // Rebuild parts $part = ''; if (!empty($_POST['part'])) { $part = $_POST['part']; $tmp = false; foreach ($part as $key => $val) { $tmp[$key] = (object) $val; } $part = $tmp; } // Set the errors to be displayed. $err_msg = $errors != false ? implode('<br/>', $errors) : ''; $err_msg .= $error_fields != false ? '<br />Please specify these fields: ' . implode(', ', $error_fields) : ''; Flash::setNow('error', $err_msg); //$settingdata = 'aaa'; // display things ... $this->setLayout('backend'); $pagesettingobj = new stdClass(); foreach ($pagesetting as $name => $value) { $pagesettingobj->{$name} = $value; } $this->display('page/edit', array('action' => $action, 'csrf_token' => SecureToken::generateToken(BASE_URL . 'page/' . $action), 'page' => (object) $page, 'pagesetting' => $pagesettingobj, 'tags' => $tags, 'filters' => Filter::findAll(), 'behaviors' => Behavior::findAll(), 'page_parts' => $part, 'layouts' => Record::findAllFrom('Layout'))); } // Notify if ($action == 'add') { Observer::notify('page_add_before_save', $page); } else { Observer::notify('page_edit_before_save', $page); } // Time to actually save the page // @todo rebuild this so parts are already set before save? // @todo determine lazy init impact $page->newwindow = !empty($data['newwindow']) ? '1' : '0'; if ($page->save()) { // Get data for parts of this page $data_parts = $_POST['part']; Flash::set('post_parts_data', (object) $data_parts); if ($action == 'edit') { $old_parts = PagePart::findByPageId($id); // check if all old page part are passed in POST // if not ... we need to delete it! foreach ($old_parts as $old_part) { $not_in = true; foreach ($data_parts as $part_id => $data) { $data['name'] = trim($data['name']); if ($old_part->name == $data['name']) { $not_in = false; // this will not really create a new page part because // the id of the part is passed in $data $part = new PagePart($data); $part->page_id = $id; Observer::notify('part_edit_before_save', $part); $part->save(); Observer::notify('part_edit_after_save', $part); unset($data_parts[$part_id]); break; } } if ($not_in) { $old_part->delete(); } } } // add the new parts foreach ($data_parts as $data) { $data['name'] = trim($data['name']); $part = new PagePart($data); $part->page_id = $page->id; Observer::notify('part_add_before_save', $part); $part->save(); Observer::notify('part_add_after_save', $part); } // save tags $page->saveTags($_POST['page_tag']['tags']); // save homepage banner info okstmtcc if ($id == 1) { // upload home banner image 1, 2 if (isset($_FILES) && !empty($_FILES['upload_banner_image1']['name'])) { //okstmtcc 20150827 Replace image filename spaces $_FILES['upload_banner_image1']['name'] = str_replace(array(" ", "(", ")"), array("_", "", ""), $_FILES['upload_banner_image1']['name']); $file = $this->upload_file($_FILES['upload_banner_image1']['name'], FILES_DIR . '/pagesetting/images/', $_FILES['upload_banner_image1']['tmp_name'], $overwrite); if ($file === false) { Flash::set('error', __('Home banner could not be uploaded!')); redirect(get_url('page/edit/1')); } else { $pagesetting['banner_image1'] = $file; } } if (isset($_FILES) && !empty($_FILES['upload_banner_image2']['name'])) { //okstmtcc 20150827 Replace image filename spaces $_FILES['upload_banner_image2']['name'] = str_replace(array(" ", "(", ")"), array("_", "", ""), $_FILES['upload_banner_image2']['name']); $file = $this->upload_file($_FILES['upload_banner_image2']['name'], FILES_DIR . '/pagesetting/images/', $_FILES['upload_banner_image2']['tmp_name'], $overwrite); if ($file === false) { Flash::set('error', __('Home banner could not be uploaded!')); redirect(get_url('page/edit/1')); } else { $pagesetting['banner_image2'] = $file; } } PageSetting::saveFromData($pagesetting); } // save homepage banner info okstmtcc // save about banner info okstmtcc if ($id == 4) { // upload about page image 1 if (isset($_FILES) && !empty($_FILES['upload_about_image1']['name'])) { //okstmtcc 20150827 Replace image filename spaces $_FILES['upload_about_image1']['name'] = str_replace(array(" ", "(", ")"), array("_", "", ""), $_FILES['upload_about_image1']['name']); $file = $this->upload_file($_FILES['upload_about_image1']['name'], FILES_DIR . '/pagesetting/images/', $_FILES['upload_about_image1']['tmp_name'], $overwrite); if ($file === false) { Flash::set('error', __('Home banner could not be uploaded!')); redirect(get_url('page/edit/1')); } else { $pagesetting['about_image1'] = $file; } } PageSetting::saveFromData($pagesetting); } // save about banner info okstmtcc Flash::set('success', __('Page has been saved.')); } else { Flash::set('error', __('Page has not been saved!')); $url = 'page/'; $url .= $action == 'edit' ? 'edit/' . $id : 'add/'; redirect(get_url($url)); } if ($action == 'add') { Observer::notify('page_add_after_save', $page); } else { Observer::notify('page_edit_after_save', $page); } // save and quit or save and continue editing ? if (isset($_POST['commit'])) { redirect(get_url('page')); } else { redirect(get_url('page/edit/' . $page->id)); } }