/**
* Respond to the URL that was created
* Determine the post that was supposed to be displayed, and show it in raw
* @params array $handlervars An array of values passed in from the URL requested
*/
function action_plugin_act_plaintext($handlervars)
{
$activetheme = Themes::create();
$user_filters = array('fetch_fn' => 'get_row', 'limit' => 1);
$page_key = array_search('page', $activetheme->valid_filters);
unset($activetheme->valid_filters[$page_key]);
$user_filters = Plugins::filter('template_user_filters', $user_filters);
$user_filters = array_intersect_key($user_filters, array_flip($activetheme->valid_filters));
$where_filters = Controller::get_handler()->handler_vars->filter_keys($activetheme->valid_filters);
$where_filters = $where_filters->merge($user_filters);
$where_filters = Plugins::filter('template_where_filters', $where_filters);
$post = Posts::get($where_filters);
$current_url = URL::get();
$created_at = $post->pubdate->get();
header('Content-type: text/plain; charset=utf-8');
echo <<<HERE
# {$post->title}
By {$post->author->displayname}
<{$current_url}>
{$created_at}
\t
{$post->content}
HERE;
exit;
}
/**
* All handlers must implement act() to conform to handler API.
* This is the default implementation of act(), which attempts
* to call a class member method of $this->act_$action(). Any
* subclass is welcome to override this default implementation.
*
* @param string $action the action that was in the URL rule
*/
public function act($action)
{
if (null === $this->handler_vars) {
$this->handler_vars = new SuperGlobal(array());
}
$this->action = $action;
$this->theme->assign('matched_rule', URL::get_matched_rule());
$request = new StdClass();
foreach (URL::get_active_rules() as $rule) {
$request->{$rule->name} = false;
}
$request->{$this->theme->matched_rule->name} = true;
$this->theme->assign('request', $request);
$action_hook = 'plugin_act_' . $action;
$before_action_hook = 'before_' . $action_hook;
$theme_hook = 'route_' . $action;
$after_action_hook = 'after_' . $action_hook;
Plugins::act($before_action_hook, $this);
Plugins::act($action_hook, $this);
if (Plugins::implemented($theme_hook, 'theme')) {
$theme = Themes::create();
$rule = URL::get_matched_rule();
Plugins::theme($theme_hook, $theme, $rule->named_arg_values, $this);
}
Plugins::act($after_action_hook);
}
public function action_init()
{
// gotta be an easier way of doing this
$theme_dir = Plugins::filter('admin_theme_dir', Site::get_dir('admin_theme', TRUE));
$theme = Themes::create('admin', 'RawPHPEngine', $theme_dir);
if (!$theme->template_exists('admincontrol_select')) {
$this->add_template('admincontrol_select', dirname(__FILE__) . '/admincontrol_select.php');
}
}
/**
* Add the help to the publish form
*/
public function action_form_publish($form, $post)
{
$selector = $form->append('wrapper', 'help_container');
$selector->class = 'container';
$theme = Themes::create();
$theme->help = Options::get(strtolower(get_class($this)) . '__help');
$content = $theme->fetch('help');
$selector->append('static', 'help', $content);
$form->move_after($selector, $form->silos);
return $form;
}
function filter_post_content_out($content, $post)
{
if ($post->info->phpexec == 'true') {
$content = str_replace('<!--php', '<?php', $content);
$content = str_replace('?-->', '?>', $content);
ob_start();
$theme = Themes::create();
eval('?>' . $content . '<?php ');
$content = ob_get_clean();
}
return $content;
}
/**
* Handles AJAX from /admin/tags
* Used to delete and rename tags
*/
public function ajax_tags($handler_vars)
{
Utils::check_request_method(array('POST'));
$wsse = Utils::WSSE($handler_vars['nonce'], $handler_vars['timestamp']);
if ($handler_vars['digest'] != $wsse['digest']) {
Session::error(_t('WSSE authentication failed.'));
echo Session::messages_get(true, array('Format', 'json_messages'));
return;
}
$tag_names = array();
$theme_dir = Plugins::filter('admin_theme_dir', Site::get_dir('admin_theme', true));
$this->theme = Themes::create('admin', 'RawPHPEngine', $theme_dir);
$action = $this->handler_vars['action'];
switch ($action) {
case 'delete':
foreach ($_POST as $id => $delete) {
// skip POST elements which are not tag ids
if (preg_match('/^tag_\\d+/', $id) && $delete) {
$id = substr($id, 4);
$tag = Tags::get_by_id($id);
$tag_names[] = $tag->term_display;
Tags::vocabulary()->delete_term($tag);
}
}
$msg_status = _n(_t('Tag %s has been deleted.', array(implode('', $tag_names))), _t('%d tags have been deleted.', array(count($tag_names))), count($tag_names));
Session::notice($msg_status);
break;
case 'rename':
if (!isset($this->handler_vars['master'])) {
Session::error(_t('Error: New name not specified.'));
echo Session::messages_get(true, array('Format', 'json_messages'));
return;
}
$master = $this->handler_vars['master'];
$tag_names = array();
foreach ($_POST as $id => $rename) {
// skip POST elements which are not tag ids
if (preg_match('/^tag_\\d+/', $id) && $rename) {
$id = substr($id, 4);
$tag = Tags::get_by_id($id);
$tag_names[] = $tag->term_display;
}
}
Tags::vocabulary()->merge($master, $tag_names);
$msg_status = sprintf(_n('Tag %1$s has been renamed to %2$s.', 'Tags %1$s have been renamed to %2$s.', count($tag_names)), implode($tag_names, ', '), $master);
Session::notice($msg_status);
break;
}
$this->theme->tags = Tags::vocabulary()->get_tree();
$this->theme->max = Tags::vocabulary()->max_count();
echo json_encode(array('msg' => Session::messages_get(true, 'array'), 'tags' => $this->theme->fetch('tag_collection')));
}
/**
* Constructor for theme
*
* If no parameter is supplied, then the constructor
* Loads the active theme from the database.
*
* If no theme option is set, a fatal error is thrown
*
* @param name ( optional ) override the default theme lookup
* @param template_engine ( optional ) specify a template engine
* @param theme_dir ( optional ) specify a theme directory
*/
public function __construct( $themedata )
{
$this->name = $themedata->name;
$this->version = $themedata->version;
$theme_dir = Utils::single_array($themedata->theme_dir);
// Set up the corresponding engine to handle the templating
$this->template_engine = new $themedata->template_engine();
if(isset($themedata->parent)) {
$parent = Themes::create($themedata->parent);
$parent_theme_dir = Utils::single_array($parent->theme_dir);
$theme_dir = array_merge($theme_dir, $parent_theme_dir);
}
$this->theme_dir = $theme_dir;
$this->template_engine->set_template_dir( $theme_dir );
$this->plugin_id = $this->plugin_id();
$this->load();
}
function configure()
{
$ui = new FormUI('jsmincdn');
$scripts = $ui->append('checkboxes', 'scripts', 'jsmincdn__storage', 'Select the scripts that should be served as minimized.');
$theme = Themes::create();
Plugins::act('template_header', $theme);
Plugins::act('template_footer', $theme);
$options = Stack::get_named_stack('template_header_javascript');
$options = array_merge($options, Stack::get_named_stack('template_footer_javascript'));
$options_out = array();
foreach ($options as $option => $value) {
if (preg_match('#[a-f0-9]{32}#', $option)) {
$value = htmlspecialchars(substr($value, 0, 80));
} else {
$value = $option;
}
$options_out[$option] = $value;
}
$scripts->options = $options_out;
$ui->append('submit', 'submit', 'Submit');
return $ui;
}
/**
* Handles AJAX requests from the dashboard
*/
public function ajax_dashboard($handler_vars)
{
Utils::check_request_method(array('POST'));
$theme_dir = Plugins::filter('admin_theme_dir', Site::get_dir('admin_theme', true));
$this->theme = Themes::create('admin', 'RawPHPEngine', $theme_dir);
switch ($handler_vars['action']) {
case 'updateModules':
$modules = array();
foreach ($_POST as $key => $module) {
// skip POST elements which are not module names
if (preg_match('/^module\\d+$/', $key)) {
list($module_id, $module_name) = explode(':', $module, 2);
// remove non-sortable modules from the list
if ($module_id != 'nosort') {
$modules[$module_id] = $module_name;
}
}
}
Modules::set_active($modules);
$ar = new AjaxResponse(200, _t('Modules updated.'));
break;
case 'addModule':
$id = Modules::add($handler_vars['module_name']);
$this->fetch_dashboard_modules();
$ar = new AjaxResponse(200, _t('Added module %s.', array($handler_vars['module_name'])));
$ar->html('modules', $this->theme->fetch('dashboard_modules'));
break;
case 'removeModule':
Modules::remove($handler_vars['moduleid']);
$this->fetch_dashboard_modules();
$ar = new AjaxResponse(200, _t('Removed module.'));
$ar->html('modules', $this->theme->fetch('dashboard_modules'));
break;
}
$ar->out();
}
/**
* Retreive the Theme used to display the form component
*
* @param boolean $forvalidation If true, perform validation on control and add error messages to output
* @param FormControl $control The control to output using a template
* @return Theme The theme object to display the template for the control
*/
function get_theme( $forvalidation = false, $control = null )
{
if ( !isset( $this->theme_obj ) ) {
$theme_dir = Plugins::filter( 'control_theme_dir', Plugins::filter( 'admin_theme_dir', Site::get_dir( 'admin_theme', true ) ) . 'formcontrols/', $control );
$this->theme_obj = Themes::create( 'admin', 'RawPHPEngine', $theme_dir );
}
$this->theme_obj->start_buffer();
if ( $control instanceof FormControl ) {
// PHP doesn't allow __get() to return pointers, and passing this array to foreach directly generates an error.
$properties = $control->properties;
foreach ( $properties as $name => $value ) {
$this->theme_obj->$name = $value;
}
$this->theme_obj->field = $control->field;
$this->theme_obj->value = $control->value;
$this->theme_obj->caption = $control->caption;
$this->theme_obj->id = (string) $control->id;
$class = (array) $control->class;
$message = '';
if ( $forvalidation ) {
$validate = $control->validate();
if ( count( $validate ) != 0 ) {
$class[] = 'invalid';
$message = implode( '<br>', (array) $validate );
}
}
$this->theme_obj->class = implode( ' ', (array) $class );
$this->theme_obj->message = $message;
}
return $this->theme_obj;
}
/**
* Load the active theme and create a new Theme instance.
* Also, assign the request variables.
*/
public function setup_theme()
{
$this->theme = Themes::create();
$this->theme->assign('matched_rule', URL::get_matched_rule());
$request = Controller::get_request_obj();
$this->theme->assign('request', $request);
}
/**
* Constructor for the default theme handler. Here, we
* automatically load the active theme for the installation,
* and create a new Theme instance.
*/
public function __construct()
{
$this->theme = Themes::create();
}
public function display_calendar()
{
$theme = Themes::create();
$events = Posts::get(array("status" => Post::status('published'), "nolimit" => true, "content_type" => Post::type('event')));
$upcoming = array();
foreach ($events as $event) {
if ($event->start->int > HabariDateTime::date_create()->modify('-1 week')->int) {
$upcoming[] = $event;
}
}
$theme->events = $upcoming;
$theme->display('calendar');
}
/**
* Add a comment to the site
*
* @param mixed $post A Post object instance or Post object id
* @param string $name The commenter's name
* @param string $email The commenter's email address
* @param string $url The commenter's website URL
* @param string $content The comment content
* @param array $extra An associative array of extra values that should be considered
*/
function add_comment($post, $name = null, $email = null, $url = null, $content = null, $extra = null)
{
if (is_numeric($post)) {
$post = Post::get(array('id' => $post));
}
if (!$post instanceof Post) {
// Not sure what you're trying to pull here, but that's no good
header('HTTP/1.1 403 Forbidden', true, 403);
die;
}
// let's do some basic sanity checking on the submission
if (1 == Options::get('comments_require_id') && (empty($name) || empty($email))) {
Session::error(_t('Both name and e-mail address must be provided.'));
}
if (empty($content)) {
Session::error(_t('You did not provide any content for your comment!'));
}
if (Session::has_errors()) {
// save whatever was provided in session data
Session::add_to_set('comment', $name, 'name');
Session::add_to_set('comment', $email, 'email');
Session::add_to_set('comment', $url, 'url');
Session::add_to_set('comment', $content, 'content');
// now send them back to the form
Utils::redirect($post->permalink . '#respond');
}
if ($post->info->comments_disabled) {
// comments are disabled, so let's just send
// them back to the post's permalink
Session::error(_t('Comments on this post are disabled!'));
Utils::redirect($post->permalink);
}
/* Sanitize data */
foreach (array('name', 'url', 'email', 'content') as $k) {
${$k} = InputFilter::filter(${$k});
}
/* Sanitize the URL */
if (!empty($url)) {
$parsed = InputFilter::parse_url($url);
if ($parsed['is_relative']) {
// guess if they meant to use an absolute link
$parsed = InputFilter::parse_url('http://' . $url);
if (!$parsed['is_error']) {
$url = InputFilter::glue_url($parsed);
} else {
// disallow relative URLs
$url = '';
}
}
if ($parsed['is_pseudo'] || $parsed['scheme'] !== 'http' && $parsed['scheme'] !== 'https') {
// allow only http(s) URLs
$url = '';
} else {
// reconstruct the URL from the error-tolerant parsing
// http:moeffju.net/blog/ -> http://moeffju.net/blog/
$url = InputFilter::glue_url($parsed);
}
}
if (preg_match('/^\\p{Z}*$/u', $content)) {
Session::error(_t('Comment contains only whitespace/empty comment'));
Utils::redirect($post->permalink);
}
/* Create comment object*/
$comment = new Comment(array('post_id' => $post->id, 'name' => $name, 'email' => $email, 'url' => $url, 'ip' => sprintf("%u", ip2long($_SERVER['REMOTE_ADDR'])), 'content' => $content, 'status' => Comment::STATUS_UNAPPROVED, 'date' => HabariDateTime::date_create(), 'type' => Comment::COMMENT));
// Should this really be here or in a default filter?
// In any case, we should let plugins modify the status after we set it here.
$user = User::identify();
if ($user->loggedin && $comment->email == $user->email) {
$comment->status = Comment::STATUS_APPROVED;
}
// Users need to have permission to add comments
if (!$user->can('comment')) {
Session::error(_t('You do not have permission to create comments.'));
Utils::redirect($post->permalink);
}
// Allow themes to work with comment hooks
Themes::create();
// Allow plugins to change comment data and add commentinfo based on plugin-added form fields
Plugins::act('comment_accepted', $comment, $this->handler_vars, $extra);
$spam_rating = 0;
$spam_rating = Plugins::filter('spam_filter', $spam_rating, $comment, $this->handler_vars, $extra);
$comment->insert();
$anchor = '';
// If the comment was saved
if ($comment->id && $comment->status != Comment::STATUS_SPAM) {
$anchor = '#comment-' . $comment->id;
// store in the user's session that this comment is pending moderation
if ($comment->status == Comment::STATUS_UNAPPROVED) {
Session::notice(_t('Your comment is pending moderation.'), 'comment_' . $comment->id);
}
// if no cookie exists, we should set one
// but only if the user provided some details
$cookie = 'comment_' . Options::get('GUID');
if (!User::identify()->loggedin && !isset($_COOKIE[$cookie]) && (!empty($name) || !empty($email) || !empty($url))) {
$cookie_content = $comment->name . '#' . $comment->email . '#' . $comment->url;
$site_url = Site::get_path('base', true);
setcookie($cookie, $cookie_content, time() + 31536000, $site_url);
}
}
// Return the commenter to the original page.
Utils::redirect($post->permalink . $anchor);
}
/**
* @todo use formui
*/
private function send_captcha($comment = null)
{
Session::add_to_set('mollom', $comment, 'comment');
$theme = Themes::create();
$theme->comment = $comment;
try {
$theme->captcha = Mollom::getImageCaptcha($comment->info->mollom_session_id);
$theme->audio_captcha = Mollom::getAudioCaptcha($comment->info->mollom_session_id);
} catch (Exception $e) {
}
$theme->display('mollom_fallback_captcha');
}
/**
* Entry point for installation. The reason there is a begin_install
* method to handle is that conceivably, the user can stop installation
* mid-install and need an alternate entry point action at a later time.
*/
public function act_begin_install()
{
// Create a new theme to handle the display of the installer
$this->theme = Themes::create('installer', 'RawPHPEngine', HABARI_PATH . '/system/installer/');
/**
* Set user selected Locale or default
*/
$this->theme->locales = Locale::list_all();
if (isset($_POST['locale']) && $_POST['locale'] != null) {
Locale::set($_POST['locale']);
} else {
Locale::set(Config::get('locale', 'en-us'));
}
$this->theme->locale = Locale::get();
$this->handler_vars['locale'] = Locale::get();
/**
* Check .htaccess first because ajax doesn't work without it.
*/
if (!$this->check_htaccess()) {
$this->handler_vars['file_contents'] = htmlentities(implode("\n", $this->htaccess()));
$this->display('htaccess');
}
// Dispatch AJAX requests.
if (isset($_POST['ajax_action'])) {
switch ($_POST['ajax_action']) {
case 'check_mysql_credentials':
self::ajax_check_mysql_credentials();
exit;
break;
case 'check_pgsql_credentials':
self::ajax_check_pgsql_credentials();
exit;
break;
case 'check_sqlite_credentials':
self::ajax_check_sqlite_credentials();
exit;
break;
}
}
// set the default values now, which will be overriden as we go
$this->form_defaults();
if (!$this->meets_all_requirements()) {
$this->display('requirements');
}
/**
* Add the AJAX hooks
*/
Plugins::register(Method::create('\\Habari\\InstallHandler', 'ajax_check_mysql_credentials'), 'ajax_', 'check_mysql_credentials');
Plugins::register(Method::create('\\Habari\\InstallHandler', 'ajax_check_pgsql_credentials'), 'ajax_', 'check_pgsql_credentials');
/**
* Let's check the config.php file if no POST data was submitted
*/
if (!file_exists(Site::get_dir('config_file')) && !isset($_POST['admin_username'])) {
// no config file, and no HTTP POST
$this->display('db_setup');
}
// try to load any values that might be defined in config.php
if (file_exists(Site::get_dir('config_file'))) {
include Site::get_dir('config_file');
// check for old style config (global variable, pre-dates registry based config
if (!Config::exists('db_connection') && isset($db_connection)) {
// found old style config...
// set up registry:
Config::set('db_connection', $db_connection);
// assign handler vars (for config file write)
$this->set_handler_vars_from_db_connection();
// write new config file
if ($this->write_config_file(true)) {
// successful, so redirect:
Utils::redirect(Site::get_url('site'));
}
}
if (Config::exists('db_connection')) {
$this->set_handler_vars_from_db_connection();
}
// if a $blog_data array exists in config.php, use it
// to pre-load values for the installer
// ** this is completely optional **
if (Config::exists('blog_data')) {
$blog_data = Config::get('blog_data');
foreach ($blog_data as $blog_datum => $value) {
$this->handler_vars[$blog_datum] = $value;
}
}
}
// now merge in any HTTP POST values that might have been sent
// these will override the defaults and the config.php values
$this->handler_vars = $this->handler_vars->merge($_POST);
// we need details for the admin user to install
if ('' == $this->handler_vars['admin_username'] || '' == $this->handler_vars['admin_pass1'] || '' == $this->handler_vars['admin_pass2'] || '' == $this->handler_vars['admin_email']) {
// if none of the above are set, display the form
$this->display('db_setup');
}
$db_type = $this->handler_vars['db_type'];
if ((!Config::exists('db_connection') || Config::get('db_connection')->connection_string == '') && ($db_type == 'mysql' || $db_type == 'pgsql')) {
$this->handler_vars['db_host'] = $_POST["{$db_type}_db_host"];
$this->handler_vars['db_user'] = $_POST["{$db_type}_db_user"];
$this->handler_vars['db_pass'] = $_POST->raw("{$db_type}_db_pass");
$this->handler_vars['db_schema'] = $_POST["{$db_type}_db_schema"];
}
// we got here, so we have all the info we need to install
// make sure the admin password is correct
if ($this->handler_vars['admin_pass1'] !== $this->handler_vars['admin_pass2']) {
$this->theme->assign('form_errors', array('password_mismatch' => _t('Password mis-match.')));
$this->display('db_setup');
}
// don't accept emails with control characters
if (!ctype_print($this->handler_vars['admin_email'])) {
$this->theme->assign('form_errors', array('admin_email' => _t('Only printable characters are allowed.')));
$this->display('db_setup');
}
// check whether prefix is valid
if (isset($this->handler_vars['table_prefix']) && preg_replace('/[^a-zA-Z_]/', '', $this->handler_vars['table_prefix']) !== $this->handler_vars['table_prefix']) {
$this->theme->assign('form_errors', array('table_prefix' => _t('Allowed characters are A-Z, a-z and "_".')));
$this->display('db_setup');
}
// Make sure we still have a valid connection
if (!call_user_func(array($this, "check_{$db_type}"))) {
$this->display('db_setup');
}
// try to write the config file
if (!$this->write_config_file()) {
$this->theme->assign('form_errors', array('write_file' => _t('Could not write config.php file…')));
$this->display('db_setup');
}
// try to install the database
if (!$this->install_db()) {
// the installation failed for some reason.
// re-display the form
$this->display('db_setup');
}
// Try activating plugins and themes
$this->activate_plugins();
$this->activate_theme();
// Installation complete. Secure sqlite if it was chosen as the database type to use
if ($db_type == 'sqlite') {
if (!$this->secure_sqlite()) {
$this->theme->sqlite_contents = implode("\n", $this->sqlite_contents());
$this->display('sqlite');
}
}
EventLog::log(_t('Habari successfully installed.'), 'info', 'default', 'habari');
Utils::redirect(Site::get_url('site'));
}
/**
* Sets a theme to be the current user's preview theme
*
* @param string $theme_name The name of the theme to preview
* @param string $theme_dir The directory of the theme to preview
*/
public static function preview_theme($theme_name, $theme_dir)
{
$_SESSION['user_theme_name'] = $theme_name;
$_SESSION['user_theme_dir'] = $theme_dir;
// Execute the theme's activated action
$preview_theme = Themes::create();
Plugins::act_id('theme_activated', $preview_theme->plugin_id(), $theme_name, $preview_theme);
EventLog::log(_t('Previewed Theme: %s', array($theme_name)), 'notice', 'theme', 'habari');
}
/**
* Handles AJAX requests from the groups page.
*/
public function ajax_groups($handler_vars)
{
Utils::check_request_method(array('GET', 'HEAD'));
$theme_dir = Plugins::filter('admin_theme_dir', Site::get_dir('admin_theme', true));
$this->theme = Themes::create('admin', 'RawPHPEngine', $theme_dir);
$output = '';
foreach (UserGroups::get_all() as $group) {
$this->theme->group = $group;
$group = UserGroup::get_by_id($group->id);
$users = array();
foreach ($group->members as $id) {
$user = $id == 0 ? User::anonymous() : User::get_by_id($id);
if ($user->id == 0) {
$users[] = '<strong>' . $user->displayname . '</strong>';
} else {
$users[] = '<strong><a href="' . URL::get('admin', 'page=user&id=' . $user->id) . '">' . $user->displayname . '</a></strong>';
}
}
$this->theme->users = $users;
$output .= $this->theme->fetch('groups_item');
}
echo json_encode(array('items' => $output));
}
public function create_theme()
{
$theme_dir = Plugins::filter('admin_theme_dir', Site::get_dir('admin_theme', true));
$this->theme = Themes::create('admin', 'RawPHPEngine', $theme_dir);
}
/**
* Prepare and display admin page
*
*/
public function action_admin_theme_get_menus(AdminHandler $handler, Theme $theme)
{
$theme->page_content = '';
$action = isset($_GET['action']) ? $_GET['action'] : 'create';
switch ($action) {
case 'edit':
$vocabulary = Vocabulary::get_by_id(intval($handler->handler_vars['menu']));
if ($vocabulary == false) {
$theme->page_content = '<h2>' . _t('Invalid Menu.');
// that's it, we're done. Maybe we show the list of menus instead?
break;
}
$form = new FormUI('edit_menu');
$form->append(new FormControlText('menuname', 'null:null', _t('Name'), 'transparent_text'))->add_validator('validate_required', _t('You must supply a valid menu name'))->add_validator(array($this, 'validate_newvocab'))->value = $vocabulary->name;
$form->append(new FormControlHidden('oldname', 'null:null'))->value = $vocabulary->name;
$form->append(new FormControlText('description', 'null:null', _t('Description'), 'transparent_text'))->value = $vocabulary->description;
$edit_items_array = $this->get_menu_type_data();
$edit_items = '';
foreach ($edit_items_array as $action => $menu_type) {
$edit_items .= '<a class="modal_popup_form menu_button_dark" href="' . URL::get('admin', array('page' => 'menu_iframe', 'action' => $action, 'menu' => $vocabulary->id)) . "\">" . _t('Add %s', array($menu_type['label'])) . "</a>";
}
if (!$vocabulary->is_empty()) {
$form->append('tree', 'tree', $vocabulary->get_tree(), _t('Menu'));
$form->tree->options = $vocabulary->get_tree();
$form->tree->config = array('itemcallback' => array($this, 'tree_item_callback'));
// $form->tree->value = $vocabulary->get_root_terms();
// append other needed controls, if there are any.
$form->append('static', 'buttons', '<div id="menu_item_button_container">' . $edit_items . '</div>');
$form->append('submit', 'save', _t('Apply Changes'));
} else {
$form->append('static', 'buttons', '<div id="menu_item_button_container">' . $edit_items . '</div>');
}
$delete_link = URL::get('admin', Utils::WSSE(array('page' => 'menus', 'action' => 'delete_menu', 'menu' => $handler->handler_vars['menu'])));
//$delete_link = URL::get( 'admin', array( 'page' => 'menus', 'action' => 'delete_menu', 'menu' => $handler->handler_vars[ 'menu' ] ) );
$form->append('static', 'deletebutton', '<a class="a_button" href="' . $delete_link . '">' . _t('Delete Menu') . '</a>');
$form->append(new FormControlHidden('menu', 'null:null'))->value = $handler->handler_vars['menu'];
$form->on_success(array($this, 'rename_menu_form_save'));
$form->properties['onsubmit'] = "return habari.menu_admin.submit_menu_update();";
$theme->page_content .= $form->get();
break;
case 'create':
$form = new FormUI('create_menu');
$form->append('text', 'menuname', 'null:null', _t('Menu Name'), 'transparent_text')->add_validator('validate_required', _t('You must supply a valid menu name'))->add_validator(array($this, 'validate_newvocab'));
$form->append('text', 'description', 'null:null', _t('Description'), 'transparent_text');
$form->append('submit', 'submit', _t('Create Menu'));
$form->on_success(array($this, 'add_menu_form_save'));
$theme->page_content = $form->get();
break;
case 'delete_menu':
if (Utils::verify_wsse($_GET, true)) {
$menu_vocab = Vocabulary::get_by_id(intval($handler->handler_vars['menu']));
// Delete blocks using this menu
$at = Themes::get_active_data(true);
$t = Themes::create(Themes::get_active()['name']);
$i = 0;
foreach ($at['areas'] as $area) {
foreach ($t->get_blocks($area['name'], 0, $t) as $block) {
if ($block->type == 'menu' && $block->menu_taxonomy == $handler->handler_vars['menu']) {
$block->delete();
$i++;
}
}
}
Session::notice(sprintf(_n('%s block linking to this menu deleted.', '%s blocks linking to this menu deleted.', $i), $i));
$menu_vocab->delete();
// log that it has been deleted?
Session::notice(_t('Menu deleted.'));
// redirect to a blank menu creation form
Utils::redirect(URL::get('admin', array('page' => 'menus', 'action' => 'create')));
} else {
Session::notice(_t('Menu deletion failed - please try again.'));
Utils::redirect(URL::get('admin', array('page' => 'menus', 'action' => 'edit', 'menu' => $handler->handler_vars['menu'])));
}
break;
case 'delete_term':
$term = Term::get(intval($handler->handler_vars['term']));
$menu_vocab = $term->vocabulary_id;
if (Utils::verify_wsse($_GET, true)) {
$term->delete();
// log that it has been deleted?
Session::notice(_t('Item deleted.'));
Utils::redirect(URL::get('admin', array('page' => 'menus', 'action' => 'edit', 'menu' => $menu_vocab)));
} else {
Session::notice(_t('Item deletion failed - please try again.'));
Utils::redirect(URL::get('admin', array('page' => 'menus', 'action' => 'edit', 'menu' => $menu_vocab)));
}
break;
default:
Utils::debug($_GET, $action);
die;
}
$theme->display('menus_admin');
// End everything
exit;
}
/**
* Handles AJAX requests from the manage comments page.
*/
public function ajax_comments()
{
Utils::check_request_method( array( 'GET', 'HEAD' ) );
$theme_dir = Plugins::filter( 'admin_theme_dir', Site::get_dir( 'admin_theme', true ) );
$this->theme = Themes::create( 'admin', 'RawPHPEngine', $theme_dir );
$this->theme->theme = $this->theme;
$params = $_GET;
$this->fetch_comments( $params );
$items = $this->theme->fetch( 'comments_items' );
$timeline = $this->theme->fetch( 'timeline_items' );
$item_ids = array();
foreach ( $this->theme->comments as $comment ) {
$item_ids['p' . $comment->id] = 1;
}
$ar = new AjaxResponse();
$ar->data = array(
'items' => $items,
'item_ids' => $item_ids,
'timeline' => $timeline,
);
$ar->out();
}
public function action_ajax_archive_posts($handler)
{
$theme = Themes::create();
$theme->posts = self::get_posts($handler->handler_vars['search']);
$theme->display('archive_posts');
}
/**
* Cancel the viewing of any preview theme
*/
public static function cancel_preview()
{
if ( isset( $_SESSION['user_theme_name'] ) ) {
// Execute the theme's deactivated action
$preview_theme = Themes::create();
Plugins::act_id( 'theme_deactivated', $preview_theme->plugin_id() );
EventLog::log( _t( 'Canceled Theme Preview: %s', array( $_SESSION['user_theme_name'] ) ), 'notice', 'theme', 'habari' );
unset( $_SESSION['user_theme_name'] );
unset( $_SESSION['user_theme_dir'] );
}
}
/**
* function add_comment
* adds a comment to a post, if the comment content is not NULL
* @param array An associative array of content found in the $_POST array
*/
public function act_add_comment()
{
Utils::check_request_method(array('POST'));
$defaults = array('name' => '', 'email' => '', 'url' => '', 'content' => '');
// We need to get the post anyway to redirect back to the post page.
$post = Post::get(array('id' => $this->handler_vars['id']));
if (!$post) {
// trying to comment on a non-existent post? Weirdo.
header('HTTP/1.1 403 Forbidden', true, 403);
die;
}
// make sure all our default values are set so we don't throw undefined index errors
foreach ($defaults as $k => $v) {
if (!isset($this->handler_vars[$k])) {
$this->handler_vars[$k] = $v;
}
}
// let's do some basic sanity checking on the submission
if (1 == Options::get('comments_require_id') && (empty($this->handler_vars['name']) || empty($this->handler_vars['email']))) {
Session::error(_t('Both name and e-mail address must be provided.'));
}
if (empty($this->handler_vars['content'])) {
Session::error(_t('You did not provide any content for your comment!'));
}
if (Session::has_errors()) {
// save whatever was provided in session data
Session::add_to_set('comment', $this->handler_vars['name'], 'name');
Session::add_to_set('comment', $this->handler_vars['email'], 'email');
Session::add_to_set('comment', $this->handler_vars['url'], 'url');
Session::add_to_set('comment', $this->handler_vars['content'], 'content');
// now send them back to the form
Utils::redirect($post->permalink . '#respond');
}
if ($post->info->comments_disabled) {
// comments are disabled, so let's just send
// them back to the post's permalink
Session::error(_t('Comments on this post are disabled!'));
Utils::redirect($post->permalink);
}
/* Sanitize data */
foreach ($defaults as $k => $v) {
$this->handler_vars[$k] = InputFilter::filter($this->handler_vars[$k]);
}
/* Sanitize the URL */
if (!empty($this->handler_vars['url'])) {
$url = $this->handler_vars['url'];
$parsed = InputFilter::parse_url($url);
if ($parsed['is_relative']) {
// guess if they meant to use an absolute link
$parsed = InputFilter::parse_url('http://' . $url);
if (!$parsed['is_error']) {
$url = InputFilter::glue_url($parsed);
} else {
// disallow relative URLs
$url = '';
}
}
if ($parsed['is_pseudo'] || $parsed['scheme'] !== 'http' && $parsed['scheme'] !== 'https') {
// allow only http(s) URLs
$url = '';
} else {
// reconstruct the URL from the error-tolerant parsing
// http:moeffju.net/blog/ -> http://moeffju.net/blog/
$url = InputFilter::glue_url($parsed);
}
$this->handler_vars['url'] = $url;
}
if (preg_match('/^\\p{Z}*$/u', $this->handler_vars['content'])) {
Session::error(_t('Comment contains only whitespace/empty comment'));
Utils::redirect($post->permalink);
}
/* Create comment object*/
$comment = new Comment(array('post_id' => $this->handler_vars['id'], 'name' => $this->handler_vars['name'], 'email' => $this->handler_vars['email'], 'url' => $this->handler_vars['url'], 'ip' => sprintf("%u", ip2long($_SERVER['REMOTE_ADDR'])), 'content' => $this->handler_vars['content'], 'status' => Comment::STATUS_UNAPPROVED, 'date' => HabariDateTime::date_create(), 'type' => Comment::COMMENT));
// Should this really be here or in a default filter?
// In any case, we should let plugins modify the status after we set it here.
$user = User::identify();
if ($user->loggedin && $comment->email == $user->email) {
$comment->status = Comment::STATUS_APPROVED;
}
// Allow themes to work with comment hooks
Themes::create();
$spam_rating = 0;
$spam_rating = Plugins::filter('spam_filter', $spam_rating, $comment, $this->handler_vars);
$comment->insert();
$anchor = '';
// If the comment was saved
if ($comment->id) {
$anchor = '#comment-' . $comment->id;
// store in the user's session that this comment is pending moderation
if ($comment->status == Comment::STATUS_UNAPPROVED) {
Session::notice(_t('Your comment is pending moderation.'), 'comment_' . $comment->id);
}
// if no cookie exists, we should set one
// but only if the user provided some details
$cookie = 'comment_' . Options::get('GUID');
if (!isset($_COOKIE[$cookie]) && (!empty($this->handler_vars['name']) || !empty($this->handler_vars['email']) || !empty($this->handler_vars['url']))) {
$cookie_content = $comment->name . '#' . $comment->email . '#' . $comment->url;
$site_url = Site::get_path('base', true);
setcookie($cookie, $cookie_content, time() + 31536000, $site_url);
}
}
// Return the commenter to the original page.
Utils::redirect($post->permalink . $anchor);
}
/**
* Load the active theme and create a new Theme instance.
* Also, assign the request variables.
*/
public function setup_theme()
{
$this->theme = Themes::create();
$this->theme->assign('matched_rule', URL::get_matched_rule());
$request = new StdClass();
foreach (RewriteRules::get_active() as $rule) {
$request->{$rule->name} = false;
}
$request->{$this->theme->matched_rule->name} = true;
$this->theme->assign('request', $request);
}
public function action_handler_scratchpad($handler_vars)
{
$user = User::identify();
if (!$user->loggedin) {
// TODO We should allow the user to log in somehow
$response = "User not logged in.";
} else {
// Create a form to enter the ScratchPad entry information
$theme = Themes::create();
$this->add_template('scratchpad', dirname(__FILE__) . '/scratchpad.php');
$form = new FormUI('scratchpad');
// Create the Title field
$form->append('text', 'title', 'null:null', _t('Title'));
$form->title->tabindex = 1;
$form->title->value = $handler_vars['title'];
// Create the Content field
$form->append('textarea', 'content', 'null:null', _t('Content'));
$form->content->tabindex = 2;
if (isset($handler_vars['selection'])) {
$form->content->value = $handler_vars['selection'];
}
// Add the existing scratchpads
$scratchpads = array();
$results = DB::get_results('SELECT id, name FROM {scratchpads} WHERE user_id = ?', array($user->id));
foreach ($results as $result) {
$scratchpads[$result->id] = $result->name;
}
$form->append('select', 'scratchpads', 'null:null', 'ScratchPads', $scratchpads);
$form->scratchpads->tabindex = 3;
// Create a field for adding a new scratchpad
$form->append('text', 'scratchpad', 'null:null', _t('New ScratchPad'));
$form->scratchpad->tabindex = 4;
// Add the URL as a hidden control
$form->append('hidden', 'url', 'null:null');
$form->url->value = $handler_vars['url'];
// Create the Save button
$form->append('submit', 'save', 'Save');
// Add a callback to save the form data
$form->on_success(array($this, 'insert_scratchpad'));
// Put the form into the theme
$theme->form = $form;
$theme->display('scratchpad');
}
}
/**
* Retreive the Theme used to display this form component and its descendants
*
* @return Theme The theme object to display the template for the control
*/
public function get_theme()
{
static $theme_obj = null;
if (is_null($theme_obj)) {
$theme_obj = Themes::create();
// Create the current theme instead of: 'admin', 'RawPHPEngine', $theme_dir
}
$this->prep_theme($theme_obj);
return $theme_obj;
}
public function __construct()
{
$this->config = simplexml_load_file(dirname(__FILE__) . '/lifestream.config.xml');
$this->theme = Themes::create();
}
/**
* Display the login form
*
* @param string $name Pre-fill the name field with this name
*/
protected function login_form($name)
{
// Display the login form.
$this->theme = Themes::create();
if (!$this->theme->template_exists('login')) {
$this->theme = Themes::create('admin', 'RawPHPEngine', Site::get_dir('admin_theme', TRUE));
$this->theme->assign('admin_page', 'login');
}
$request = new StdClass();
foreach (URL::get_active_rules() as $rule) {
$request->{$rule->name} = $rule->name == URL::get_matched_rule()->name;
}
if (isset($this->handler_vars['error'])) {
$this->theme->assign('error', Utils::htmlspecialchars($this->handler_vars['error']));
}
$this->theme->assign('request', $request);
$this->theme->assign('habari_username', htmlentities($name, ENT_QUOTES, 'UTF-8'));
$this->display('login');
return TRUE;
}
public function filter_post_content($content, Post $post)
{
if ($post->info->password) {
// if user logged in, show post
// make sure it's not just the anonymous user!
$user = User::identify();
if ($user instanceof User && $user != User::anonymous()) {
return $content;
}
$session = Session::get_set('post_passwords', false);
$token = Utils::crypt('42' . $post->info->password . $post->id . Options::get('GUID'));
// if password was submitted verify it
if (Controller::get_var('post_password') && Controller::get_var('post_password_id') == $post->id) {
$pass = InputFilter::filter(Controller::get_var('post_password'));
if (Utils::crypt($pass, $post->info->password)) {
Session::add_to_set('post_passwords', $token, $post->id);
$session[$post->id] = $token;
} else {
Session::error(_t('That password was incorrect.', 'postpass'));
}
}
// if password is stored in session verify it
if (isset($session[$post->id]) && $session[$post->id] == $token) {
return $content;
} else {
$theme = Themes::create();
$theme->post = $post;
return $theme->fetch('post_password_form');
}
} else {
return $content;
}
}
