public function auth()
{
if (!identity::active_user()->admin) {
access::forbidden();
}
access::verify_csrf();
$form = self::_form();
$valid = $form->validate();
$user = identity::active_user();
if ($valid) {
module::event("user_auth", $user);
if (!request::is_ajax()) {
message::success(t("Successfully re-authenticated!"));
}
url::redirect(Session::instance()->get_once("continue_url"));
} else {
$name = $user->name;
log::warning("user", t("Failed re-authentication for %name", array("name" => $name)));
module::event("user_auth_failed", $name);
if (request::is_ajax()) {
$v = new View("reauthenticate.html");
$v->form = $form;
$v->user_name = identity::active_user()->name;
json::reply(array("html" => (string) $v));
} else {
self::_show_form($form);
}
}
}
public function save()
{
access::verify_csrf();
$form = theme::get_edit_form_admin();
if ($form->validate()) {
module::set_var("gallery", "page_size", $form->edit_theme->page_size->value);
$thumb_size = $form->edit_theme->thumb_size->value;
$thumb_dirty = false;
if (module::get_var("gallery", "thumb_size") != $thumb_size) {
graphics::remove_rule("gallery", "thumb", "gallery_graphics::resize");
graphics::add_rule("gallery", "thumb", "gallery_graphics::resize", array("width" => $thumb_size, "height" => $thumb_size, "master" => Image::AUTO), 100);
module::set_var("gallery", "thumb_size", $thumb_size);
}
$resize_size = $form->edit_theme->resize_size->value;
$resize_dirty = false;
if (module::get_var("gallery", "resize_size") != $resize_size) {
graphics::remove_rule("gallery", "resize", "gallery_graphics::resize");
graphics::add_rule("gallery", "resize", "gallery_graphics::resize", array("width" => $resize_size, "height" => $resize_size, "master" => Image::AUTO), 100);
module::set_var("gallery", "resize_size", $resize_size);
}
module::set_var("gallery", "header_text", $form->edit_theme->header_text->value);
module::set_var("gallery", "footer_text", $form->edit_theme->footer_text->value);
module::set_var("gallery", "show_credits", $form->edit_theme->show_credits->value);
module::event("theme_edit_form_completed", $form);
message::success(t("Updated theme details"));
url::redirect("admin/theme_options");
} else {
$view = new Admin_View("admin.html");
$view->content = new View("admin_theme_options.html");
$view->content->form = $form;
print $view;
}
}
public function add_user()
{
access::verify_csrf();
$form = user::get_add_form_admin();
$valid = $form->validate();
$name = $form->add_user->inputs["name"]->value;
$user = ORM::factory("user")->where("name", $name)->find();
if ($user->loaded) {
$form->add_user->inputs["name"]->add_error("in_use", 1);
$valid = false;
}
if ($valid) {
$user = user::create($name, $form->add_user->full_name->value, $form->add_user->password->value);
$user->email = $form->add_user->email->value;
$user->admin = $form->add_user->admin->checked;
if ($form->add_user->locale) {
$desired_locale = $form->add_user->locale->value;
$user->locale = $desired_locale == "none" ? null : $desired_locale;
}
$user->save();
module::event("user_add_form_admin_completed", $user, $form);
message::success(t("Created user %user_name", array("user_name" => p::clean($user->name))));
print json_encode(array("result" => "success"));
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
}
public function change()
{
access::verify_csrf();
$active_provider = module::get_var("gallery", "identity_provider", "user");
$providers = identity::providers();
$new_provider = Input::instance()->post("provider");
if ($new_provider != $active_provider) {
module::deactivate($active_provider);
// Switch authentication
identity::reset();
module::set_var("gallery", "identity_provider", $new_provider);
module::install($new_provider);
module::activate($new_provider);
module::event("identity_provider_changed", $active_provider, $new_provider);
module::uninstall($active_provider);
message::success(t("Changed to %description", array("description" => $providers->{$new_provider})));
try {
Session::instance()->destroy();
} catch (Exception $e) {
// We don't care if there was a problem destroying the session.
}
url::redirect(item::root()->abs_url());
}
message::info(t("The selected provider \"%description\" is already active.", array("description" => $providers->{$new_provider})));
url::redirect("admin/identity");
}
function rearrange($target_id, $before_or_after)
{
access::verify_csrf();
$target = ORM::factory("item", $target_id);
$album = $target->parent();
access::required("view", $album);
access::required("edit", $album);
$source_ids = $this->input->post("source_ids", array());
if ($album->sort_column != "weight") {
$i = 0;
foreach ($album->children() as $child) {
// Do this directly in the database to avoid sending notifications
Database::Instance()->update("items", array("weight" => ++$i), array("id" => $child->id));
}
$album->sort_column = "weight";
$album->sort_order = "ASC";
$album->save();
$target->reload();
}
// Find the insertion point
$target_weight = $target->weight;
if ($before_or_after == "after") {
$target_weight++;
}
// Make a hole
$count = count($source_ids);
Database::Instance()->query("UPDATE {items} " . "SET `weight` = `weight` + {$count} " . "WHERE `weight` >= {$target_weight} AND `parent_id` = {$album->id}");
// Insert source items into the hole
foreach ($source_ids as $source_id) {
Database::Instance()->update("items", array("weight" => $target_weight++), array("id" => $source_id));
}
module::event("album_rearrange", $album);
print json_encode(array("grid" => self::_get_micro_thumb_grid($album, 0)->__toString(), "sort_column" => $album->sort_column, "sort_order" => $album->sort_order));
}
/**
* Create a default list of allowed movie MIME types and then let modules modify it.
*/
static function get_movie_types()
{
$types_wrapper = new stdClass();
$types_wrapper->types = array("video/flv", "video/x-flv", "video/mp4");
module::event("legal_movie_types", $types_wrapper);
return $types_wrapper->types;
}
/**
* Create a new album.
* @param integer $parent_id id of parent album
* @param string $name the name of this new album (it will become the directory name on disk)
* @param integer $title the title of the new album
* @param string $description (optional) the longer description of this album
* @return Item_Model
*/
static function create($parent, $name, $title, $description = null, $owner_id = null)
{
if (!$parent->loaded || !$parent->is_album()) {
throw new Exception("@todo INVALID_PARENT");
}
if (strpos($name, "/")) {
throw new Exception("@todo NAME_CANNOT_CONTAIN_SLASH");
}
// We don't allow trailing periods as a security measure
// ref: http://dev.kohanaphp.com/issues/684
if (rtrim($name, ".") != $name) {
throw new Exception("@todo NAME_CANNOT_END_IN_PERIOD");
}
$album = ORM::factory("item");
$album->type = "album";
$album->title = $title;
$album->description = $description;
$album->name = $name;
$album->owner_id = $owner_id;
$album->thumb_dirty = 1;
$album->resize_dirty = 1;
$album->rand_key = (double) mt_rand() / (double) mt_getrandmax();
$album->sort_column = "weight";
$album->sort_order = "ASC";
while (ORM::factory("item")->where("parent_id", $parent->id)->where("name", $album->name)->find()->id) {
$album->name = "{$name}-" . rand();
}
$album = $album->add_to_parent($parent);
mkdir($album->file_path());
mkdir(dirname($album->thumb_path()));
mkdir(dirname($album->resize_path()));
module::event("item_created", $album);
return $album;
}
static function uninstall()
{
$db = Database::instance();
$sql = "SELECT `item_id` FROM {comments}";
module::event("item_related_update_batch", $sql);
$db->query("DROP TABLE IF EXISTS {comments};");
}
public function admin_menu() {
$menu = Menu::factory("root");
gallery::admin_menu($menu, $this);
module::event("admin_menu", $menu, $this);
$menu->compact();
return $menu;
}
static function get_email_form($user_id, $item_id = null)
{
// Determine name of the person the message is going to.
$str_to_name = "";
if ($user_id == -1) {
$str_to_name = module::get_var("contactowner", "contact_owner_name");
} else {
// Locate the record for the user specified by $user_id,
// use this to determine the user's name.
$userDetails = ORM::factory("user")->where("id", "=", $user_id)->find_all();
$str_to_name = $userDetails[0]->name;
}
// If item_id is set, include a link to the item.
$email_body = "";
if (!empty($item_id)) {
$item = ORM::factory("item", $item_id);
$email_body = "This message refers to <a href=\"" . url::abs_site("{$item->type}s/{$item->id}") . "\">this page</a>.";
}
// Make a new form with a couple of text boxes.
$form = new Forge("contactowner/sendemail/{$user_id}", "", "post", array("id" => "g-contact-owner-send-form"));
$sendmail_fields = $form->group("contactOwner");
$sendmail_fields->input("email_to")->label(t("To:"))->value($str_to_name)->id("g-contactowner-to-name");
$sendmail_fields->input("email_from")->label(t("From:"))->value(identity::active_user()->email)->id("g-contactowner-from-email")->rules('required|valid_email')->error_messages("required", t("You must enter a valid email address"))->error_messages("valid_email", t("You must enter a valid email address"))->error_messages("invalid", t("You must enter a valid email address"));
$sendmail_fields->input("email_subject")->label(t("Subject:"))->value("")->id("g-contactowner-subject")->rules('required')->error_messages("required", t("You must enter a subject"));
$sendmail_fields->textarea("email_body")->label(t("Message:"))->value($email_body)->id("g-contactowner-email-body")->rules('required')->error_messages("required", t("You must enter a message"));
// Add a captcha, if there's an active captcha module.
module::event("captcha_protect_form", $form);
// Add a save button to the form.
$sendmail_fields->submit("SendMessage")->value(t("Send"));
return $form;
}
static function change_provider($new_provider)
{
$current_provider = module::get_var("gallery", "identity_provider");
if (!empty($current_provider)) {
module::uninstall($current_provider);
}
try {
IdentityProvider::reset();
$provider = new IdentityProvider($new_provider);
module::set_var("gallery", "identity_provider", $new_provider);
if (method_exists("{$new_provider}_installer", "initialize")) {
call_user_func("{$new_provider}_installer::initialize");
}
module::event("identity_provider_changed", $current_provider, $new_provider);
auth::login($provider->admin_user());
Session::instance()->regenerate();
} catch (Exception $e) {
static $restore_already_running;
// In case of error, make an attempt to restore the old provider. Since that's calling into
// this function again and can fail, we should be sure not to get into an infinite recursion.
if (!$restore_already_running) {
$restore_already_running = true;
// Make sure new provider is not in the database
module::uninstall($new_provider);
// Lets reset to the current provider so that the gallery installation is still
// working.
module::set_var("gallery", "identity_provider", null);
IdentityProvider::change_provider($current_provider);
module::activate($current_provider);
message::error(t("Error attempting to enable \"%new_provider\" identity provider, " . "reverted to \"%old_provider\" identity provider", array("new_provider" => $new_provider, "old_provider" => $current_provider)));
$restore_already_running = false;
}
throw $e;
}
}
public function _update($user)
{
if ($user->guest || $user->id != user::active()->id) {
access::forbidden();
}
$form = user::get_edit_form($user);
$valid = $form->validate();
if ($valid) {
$user->full_name = $form->edit_user->full_name->value;
if ($form->edit_user->password->value) {
$user->password = $form->edit_user->password->value;
}
$user->email = $form->edit_user->email->value;
$user->url = $form->edit_user->url->value;
if ($form->edit_user->locale) {
$desired_locale = $form->edit_user->locale->value;
$new_locale = $desired_locale == "none" ? null : $desired_locale;
if ($new_locale != $user->locale) {
// Delete the session based locale preference
setcookie("g_locale", "", time() - 24 * 3600, "/");
}
$user->locale = $new_locale;
}
$user->save();
module::event("user_edit_form_completed", $user, $form);
message::success(t("User information updated."));
print json_encode(array("result" => "success", "resource" => url::site("users/{$user->id}")));
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
}
/**
* @see REST_Controller::_update($resource)
*/
public function _update($photo)
{
access::verify_csrf();
access::required("view", $photo);
access::required("edit", $photo);
$form = photo::get_edit_form($photo);
$valid = $form->validate();
if ($valid = $form->validate()) {
if ($form->edit_item->filename->value != $photo->name || $form->edit_item->slug->value != $photo->slug) {
// Make sure that there's not a name or slug conflict
if ($row = Database::instance()->select(array("name", "slug"))->from("items")->where("parent_id", $photo->parent_id)->where("id <>", $photo->id)->open_paren()->where("name", $form->edit_item->filename->value)->orwhere("slug", $form->edit_item->slug->value)->close_paren()->get()->current()) {
if ($row->name == $form->edit_item->filename->value) {
$form->edit_item->filename->add_error("name_conflict", 1);
}
if ($row->slug == $form->edit_item->slug->value) {
$form->edit_item->slug->add_error("slug_conflict", 1);
}
$valid = false;
}
}
}
if ($valid) {
$photo->title = $form->edit_item->title->value;
$photo->description = $form->edit_item->description->value;
$photo->slug = $form->edit_item->slug->value;
$photo->rename($form->edit_item->filename->value);
$photo->save();
module::event("item_edit_form_completed", $photo, $form);
log::success("content", "Updated photo", "<a href=\"{$photo->url()}\">view</a>");
message::success(t("Saved photo %photo_title", array("photo_title" => html::purify($photo->title))));
print json_encode(array("result" => "success"));
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
}
/**
* Rotate an image. Valid options are degrees
*
* @param string $input_file
* @param string $output_file
* @param array $options
*/
static function rotate($input_file, $output_file, $options)
{
graphics::init_toolkit();
module::event("graphics_rotate", $input_file, $output_file, $options);
// BEGIN mod to original function
$image_info = getimagesize($input_file);
// [0]=w, [1]=h, [2]=type (1=GIF, 2=JPG, 3=PNG)
if (module::get_var("image_optimizer", "rotate_jpg") || $image_info[2] == 2) {
// rotate_jpg enabled, the file is a jpg. get args
$path = module::get_var("image_optimizer", "path_jpg");
$exec_args = " -rotate ";
$exec_args .= $options["degrees"] > 0 ? $options["degrees"] : $options["degrees"] + 360;
$exec_args .= " -copy all -optimize -outfile ";
// run it - from input_file to tmp_file
$tmp_file = image_optimizer::make_temp_name($output_file);
exec(escapeshellcmd($path) . $exec_args . escapeshellarg($tmp_file) . " " . escapeshellarg($input_file), $exec_output, $exec_status);
if ($exec_status || !filesize($tmp_file)) {
// either a blank/nonexistant file or an error - log an error and pass to normal function
Kohana_Log::add("error", "image_optimizer rotation failed on " . $output_file);
unlink($tmp_file);
} else {
// worked - move temp to output
rename($tmp_file, $output_file);
$status = true;
}
}
if (!$status) {
// we got here if we weren't supposed to use jpegtran or if jpegtran failed
// END mod to original function
Image::factory($input_file)->quality(module::get_var("gallery", "image_quality"))->rotate($options["degrees"])->save($output_file);
// BEGIN mod to original function
}
// END mod to original function
module::event("graphics_rotate_completed", $input_file, $output_file, $options);
}
public function save()
{
access::verify_csrf();
$changes->activate = array();
$changes->deactivate = array();
$activated_names = array();
$deactivated_names = array();
foreach (module::available() as $module_name => $info) {
if ($info->locked) {
continue;
}
$desired = $this->input->post($module_name) == 1;
if ($info->active && !$desired && module::is_active($module_name)) {
$changes->deactivate[] = $module_name;
$deactivated_names[] = $info->name;
module::deactivate($module_name);
} else {
if (!$info->active && $desired && !module::is_active($module_name)) {
$changes->activate[] = $module_name;
$activated_names[] = $info->name;
module::install($module_name);
module::activate($module_name);
}
}
}
module::event("module_change", $changes);
// @todo this type of collation is questionable from a i18n perspective
if ($activated_names) {
message::success(t("Activated: %names", array("names" => join(", ", $activated_names))));
}
if ($deactivated_names) {
message::success(t("Deactivated: %names", array("names" => join(", ", $deactivated_names))));
}
url::redirect("admin/modules");
}
/**
* @see REST_Controller::_update($resource)
*/
public function _update($photo)
{
access::verify_csrf();
access::required("view", $photo);
access::required("edit", $photo);
$form = photo::get_edit_form($photo);
if ($valid = $form->validate()) {
if ($form->edit_photo->filename->value != $photo->name) {
// Make sure that there's not a conflict
if (Database::instance()->from("items")->where("parent_id", $photo->parent_id)->where("id <>", $photo->id)->where("name", $form->edit_photo->filename->value)->count_records()) {
$form->edit_photo->filename->add_error("conflict", 1);
$valid = false;
}
}
}
if ($valid) {
$photo->title = $form->edit_photo->title->value;
$photo->description = $form->edit_photo->description->value;
$photo->rename($form->edit_photo->filename->value);
$photo->save();
module::event("photo_edit_form_completed", $photo, $form);
log::success("content", "Updated photo", "<a href=\"photos/{$photo->id}\">view</a>");
message::success(t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title))));
print json_encode(array("result" => "success", "location" => url::site("photos/{$photo->id}")));
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
}
static function uninstall()
{
// Delete all groups so that we give other modules an opportunity to clean up
$ldap_provider = new IdentityProvider("ldap");
foreach ($ldap_provider->groups() as $group) {
module::event("group_deleted", $group);
}
}
static function initialize()
{
module::set_version("ldap", 1);
$root = item::root();
foreach (IdentityProvider::instance()->groups() as $group) {
module::event("group_created", $group);
access::allow($group, "view", $root);
access::allow($group, "view_full", $root);
}
}
static function get_contact_form($user)
{
$form = new Forge("user_profile/send/{$user->id}", "", "post", array("id" => "g-user-profile-contact-form"));
$group = $form->group("message")->label(t("Compose message to %name", array("name" => $user->display_name())));
$group->input("reply_to")->label(t("From:"))->rules("required|length[1, 256]|valid_email")->error_messages("required", t("Field is required"))->error_messages("max_length", t("Field exceeds 256 bytes"))->error_messages("valid_email", t("Field is not a valid email address"));
$group->input("subject")->label(t("Subject:"))->rules("required|length[1, 256]")->error_messages("required", t("Field is required"))->error_messages("max_length", t("Field exceeds 256 bytes"));
$group->textarea("message")->label(t("Message:"))->rules("required")->error_messages("required", t("Field is required"));
module::event("user_profile_contact_form", $form);
$group->submit("")->value(t("Send"));
return $form;
}
static function stop()
{
$session = Session::instance();
$batch_level = $session->get("batch_level", 0) - 1;
if ($batch_level > 0) {
$session->set("batch_level", $batch_level);
} else {
$session->delete("batch_level");
module::event("batch_complete");
}
}
/**
* Create a new group.
*
* @param string $name
* @return Group_Model
*/
static function create($name)
{
$group = ORM::factory("group")->where("name", $name)->find();
if ($group->loaded) {
throw new Exception("@todo GROUP_ALREADY_EXISTS {$name}");
}
$group->name = $name;
$group->save();
module::event("group_created", $group);
return $group;
}
static function uninstall()
{
$db = Database::instance();
// Notify listeners that we're deleting some data. This is probably going to be very
// inefficient for large uninstalls, and we could make it better by doing things like passing
// a SQL fragment through so that the listeners could use subselects. But by using a single,
// simple event API we lighten the load on module developers.
foreach (ORM::factory("item")->join("comments", "items.id", "comments.item_id")->find_all() as $item) {
module::event("item_related_update", $item);
}
$db->query("DROP TABLE IF EXISTS {comments};");
}
static function update($item)
{
$data = new ArrayObject();
$record = ORM::factory("search_record")->where("item_id", "=", $item->id)->find();
if (!$record->loaded()) {
$record->item_id = $item->id;
}
module::event("item_index_data", $record->item(), $data);
$record->data = join(" ", (array) $data);
$record->dirty = 0;
$record->save();
}
public function save()
{
if (!$this->loaded()) {
$created = 1;
}
parent::save();
if (isset($created)) {
module::event("user_created", $this);
} else {
module::event("user_updated", $this->original(), $this);
}
return $this;
}
static function get_add_form($album)
{
$form = new Forge("embedded_videos/create/{$album->id}", "", "post", array("id" => "g-add-embed-form"));
$group = $form->group("add_embedded_video")->label(t("Add embedded video to %album_title", array("album_title" => $album->title)));
$group->input("title")->label(t("Title"))->error_messages("required", t("You must provide a title"))->error_messages("length", t("Your title is too long"));
$group->input("video_url")->label(t("Video URL"))->error_messages("conflict", t("There is already a movie with this ID"))->error_messages("required", t("You must provide a URL"))->error_messages("invalid_id", t("Invalid URL"));
$group->textarea("description")->label(t("Description"));
$group->input("slug")->label(t("Internet Address"))->error_messages("conflict", t("There is already a movie, photo or album with this internet address"))->error_messages("not_url_safe", t("The internet address should contain only letters, numbers, hyphens and underscores"))->error_messages("required", t("You must provide an internet address"))->error_messages("length", t("Your internet address is too long"));
module::event("item_add_form", $album, $form);
$group = $form->group("buttons")->label("");
$group->submit("")->value(t("Add"));
return $form;
}
static function logout()
{
$user = identity::active_user();
if (!$user->guest) {
try {
Session::instance()->destroy();
} catch (Exception $e) {
Kohana::log("error", $e);
}
module::event("user_logout", $user);
}
log::info("user", t("User %name logged out", array("name" => $user->name)), html::anchor("user/{$user->id}", html::clean($user->name)));
}
static function logout()
{
$user = identity::active_user();
if (!$user->guest) {
try {
Session::instance()->destroy();
} catch (Exception $e) {
Kohana_Log::add("error", $e);
}
module::event("user_logout", $user);
}
log::info("user", t("User %name logged out", array("name" => $user->name)), t('<a href="%url">%user_name</a>', array("url" => user_profile::url($user->id), "user_name" => html::clean($user->name))));
}
public function save()
{
if (!$this->loaded) {
$created = 1;
}
parent::save();
if (isset($created)) {
module::event("group_created", $this);
} else {
module::event("group_updated", $this);
}
return $this;
}
static function get_edit_form($movie)
{
$form = new Forge("movies/update/{$movie->id}", "", "post", array("id" => "g-edit-movie-form"));
$form->hidden("from_id");
$group = $form->group("edit_item")->label(t("Edit Movie"));
$group->input("title")->label(t("Title"))->value($movie->title)->error_messages("required", t("You must provide a title"))->error_messages("length", t("Your title is too long"));
$group->textarea("description")->label(t("Description"))->value($movie->description);
$group->input("name")->label(t("Filename"))->value($movie->name)->error_messages("conflict", t("There is already a movie, photo or album with this name"))->error_messages("no_slashes", t("The movie name can't contain a \"/\""))->error_messages("no_trailing_period", t("The movie name can't end in \".\""))->error_messages("illegal_data_file_extension", t("You cannot change the movie file extension"))->error_messages("required", t("You must provide a movie file name"))->error_messages("length", t("Your movie file name is too long"));
$group->input("slug")->label(t("Internet Address"))->value($movie->slug)->error_messages("conflict", t("There is already a movie, photo or album with this internet address"))->error_messages("not_url_safe", t("The internet address should contain only letters, numbers, hyphens and underscores"))->error_messages("required", t("You must provide an internet address"))->error_messages("length", t("Your internet address is too long"));
module::event("item_edit_form", $movie, $form);
$group = $form->group("buttons")->label("");
$group->submit("")->value(t("Modify"));
return $form;
}
public function save()
{
if (!$this->loaded()) {
// New group
parent::save();
module::event("group_created", $this);
} else {
// Updated group
$original = ORM::factory("group", $this->id);
parent::save();
module::event("group_updated", $original, $this);
}
return $this;
}
