/** * Shows a themed error page. * @see Kohana_Exception::handle */ private static function _show_themed_error_page(Exception $e) { // Create a text version of the exception $error = Kohana_Exception::text($e); // Add this exception to the log Kohana_Log::add('error', $error); // Manually save logs after exceptions Kohana_Log::save(); if (!headers_sent()) { if ($e instanceof Kohana_Exception) { $e->sendHeaders(); } else { header("HTTP/1.1 500 Internal Server Error"); } } $view = new Theme_View("page.html", "other", "error"); if ($e instanceof Kohana_404_Exception) { $view->page_title = t("Dang... Page not found!"); $view->content = new View("error_404.html"); $user = identity::active_user(); $view->content->is_guest = $user && $user->guest; if ($view->content->is_guest) { $view->content->login_form = new View("login_ajax.html"); $view->content->login_form->form = auth::get_login_form("login/auth_html"); // Avoid anti-phishing protection by passing the url as session variable. Session::instance()->set("continue_url", url::current(true)); } } else { $view->page_title = t("Dang... Something went wrong!"); $view->content = new View("error.html"); } print $view; }
/** * @see REST_Controller::_show($resource) */ public function _show($album) { $page_size = module::get_var("gallery", "page_size", 9); if (!access::can("view", $album)) { if ($album->id == 1) { $view = new Theme_View("page.html", "login"); $view->page_title = t("Log in to Gallery"); $view->content = new View("login_ajax.html"); $view->content->form = auth::get_login_form("login/auth_html"); print $view; return; } else { access::forbidden(); } } $show = $this->input->get("show"); if ($show) { $child = ORM::factory("item", $show); $index = $album->get_position($child); if ($index) { $page = ceil($index / $page_size); if ($page == 1) { url::redirect($album->abs_url()); } else { url::redirect($album->abs_url("page={$page}")); } } } $page = $this->input->get("page", "1"); $children_count = $album->viewable()->children_count(); $offset = ($page - 1) * $page_size; $max_pages = max(ceil($children_count / $page_size), 1); // Make sure that the page references a valid offset if ($page < 1) { url::redirect($album->abs_url()); } else { if ($page > $max_pages) { url::redirect($album->abs_url("page={$max_pages}")); } } $template = new Theme_View("page.html", "album"); $template->set_global("page_size", $page_size); $template->set_global("item", $album); $template->set_global("children", $album->viewable()->children($page_size, $offset)); $template->set_global("children_count", $children_count); $template->set_global("parents", $album->parents()); $template->content = new View("album.html"); // We can't use math in ORM or the query builder, so do this by hand. It's important // that we do this with math, otherwise concurrent accesses will damage accuracy. Database::instance()->query("UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = {$album->id}"); print $template; }
/** * authenticate the user * * @param string $url * @return boolean */ private function _auth($url) { $form = auth::get_login_form($url); $validform = $form->validate(); $valid = false; if ($validform) { // retrieve the values from the form $name = $form->login->inputs["name"]->value; $pass = $form->login->password->value; // do we have a user? $user = identity::lookup_user_by_name($name); $validuser = empty($user) ? false : true; // is the user authentic? $checkpass = $this->_checkpass($name, $pass); /* * we are concerned with these three possibilities: * 1. there is no valid user or no valid password * 2. there is no valid user but a valid password * 3. there is a valid user and a valid password */ // 1. there is no valid user or no valid password: error if (!$validuser || !$checkpass) { $form->login->inputs["name"]->add_error("invalid_login", 1); $name = $form->login->inputs["name"]->value; log::warning("user", t("Failed login for %name", array("name" => $name))); module::event("user_auth_failed", $name); } // 2. there is no valid user but a valid password: create account if allowed if (!$validuser && $checkpass && $this->create_account) { $account = $this->pam_auth->getAccount(); if ($account) { $password = md5(uniqid(mt_rand(), true)); $new_user = identity::create_user($account->name, $account->full_name, $password, $account->email); $new_user->url = ''; $new_user->admin = false; $new_user->guest = false; $new_user->save(); $user = identity::lookup_user_by_name($account->name); $validuser = empty($user) ? false : true; } } // 3. there is a valid user and a valid password: load user account if ($validuser && $checkpass) { auth::login($user); $valid = true; } } // regenerate the session id to avoid session trapping Session::instance()->regenerate(); return array($valid, $form); }
private function _auth($url) { $form = auth::get_login_form($url); $valid = $form->validate(); if ($valid) { $user = identity::lookup_user_by_name($form->login->inputs["name"]->value); if (empty($user) || !identity::is_correct_password($user, $form->login->password->value)) { log::warning("user", t("Failed login for %name", array("name" => $form->login->inputs["name"]->value))); $form->login->inputs["name"]->add_error("invalid_login", 1); $valid = false; } } if ($valid) { auth::login($user); } // Either way, regenerate the session id to avoid session trapping Session::instance()->regenerate(); return array($valid, $form); }
public function view() { if (favourites_configuration::isUsersOnly() && identity::active_user()->name == "guest") { //login required. Session::instance()->set("continue_url", url::current(true)); $template = new Theme_View("page.html", "collection", "album"); $template->content = new View("login_required.html"); $template->content->login_form = new View("login_ajax.html"); $template->content->login_form->form = auth::get_login_form("login/auth_html"); print $template; return; } // extract details from url $favourites = Favourites::getOrCreate(); $favourites->clear(); $array = func_get_args(); foreach ($array as $i => $item) { $favourites->toggle($item); } url::redirect("favourites"); }
padding-left: 0px; bullet-style: none; } ul li { margin-left: 0px; } label { width: 60px; display: block; } </style> </head> <body> <h1> <?php echo t("Gallery - maintenance mode"); ?> </h1> <p> <?php echo t("This site is currently only accessible by site administrators."); ?> </p> <?php echo auth::get_login_form("login/auth_html"); ?> </body> </html>
return; } try { // Admins get a special error page $user = identity::active_user(); if ($user && $user->admin) { include Kohana::find_file("views", "error_admin.html"); return; } } catch (Exception $ignored) { } // Try to show a themed error page for 404 errors if ($e instanceof Kohana_404_Exception) { if (Router::$controller == "file_proxy") { print "File not found"; } else { $view = new Theme_View("page.html", "other", "error"); $view->page_title = t("Dang... Page not found!"); $view->content = new View("error_404.html"); $user = identity::active_user(); $view->content->is_guest = $user && $user->guest; if ($view->content->is_guest) { $view->content->login_form = new View("login_ajax.html"); $view->content->login_form->form = auth::get_login_form("login/auth_html"); } print $view; } return; } header("HTTP/1.1 500 Internal Server Error"); include Kohana::find_file("views", "error_user.html");