public function upgrade()
{
if (php_sapi_name() == "cli") {
// @todo this may screw up some module installers, but we don't have a better answer at
// this time.
$_SERVER["HTTP_HOST"] = "example.com";
} else {
if (!user::active()->admin && !Session::instance()->get("can_upgrade", false)) {
access::forbidden();
}
}
// Upgrade gallery and user first
module::install("gallery");
module::install("user");
// Then upgrade the rest
foreach (module::available() as $id => $module) {
if ($id == "gallery") {
continue;
}
if ($module->active && $module->code_version != $module->version) {
module::install($id);
}
}
if (php_sapi_name() == "cli") {
print "Upgrade complete\n";
} else {
url::redirect("upgrader?done=1");
}
}
function add_albums_and_photos($count, $desired_type = null)
{
srand(time());
$parents = ORM::factory("item")->where("type", "album")->find_all()->as_array();
$owner_id = user::active()->id;
$test_images = glob(MODPATH . "gallery/tests/images/*.[Jj][Pp][Gg]");
batch::start();
$album_count = $photo_count = 0;
for ($i = 0; $i < $count; $i++) {
set_time_limit(30);
$parent = $parents[array_rand($parents)];
$parent->reload();
$type = $desired_type;
if (!$type) {
$type = rand(0, 10) ? "photo" : "album";
}
if ($type == "album") {
$thumb_size = module::get_var("gallery", "thumb_size");
$parents[] = album::create($parent, "rnd_" . rand(), "Rnd {$i}", "random album {$i}", $owner_id)->save();
$album_count++;
} else {
$photo_index = rand(0, count($test_images) - 1);
photo::create($parent, $test_images[$photo_index], basename($test_images[$photo_index]), "rnd_" . rand(), "sample thumb", $owner_id);
$photo_count++;
}
}
batch::stop();
if ($photo_count > 0) {
log::success("content", "(scaffold) Added {$photo_count} photos");
}
if ($album_count > 0) {
log::success("content", "(scaffold) Added {$album_count} albums");
}
url::redirect("scaffold");
}
static function site($menu, $theme)
{
if (file_exists(APPPATH . "controllers/welcome.php")) {
$menu->append(Menu::factory("link")->id("browse")->label("Scaffold")->url(url::site("welcome")));
}
$menu->append(Menu::factory("link")->id("home")->label(t("Home"))->url(url::site("albums/1")));
$item = $theme->item();
if ($item && access::can("edit", $item)) {
$menu->append($options_menu = Menu::factory("submenu")->id("options_menu")->label(t("Options"))->append(Menu::factory("dialog")->id("edit_item")->label($item->type == "album" ? t("Edit album") : t("Edit photo"))->url(url::site("form/edit/{$item->type}s/{$item->id}"))));
// @todo Move album options menu to the album quick edit pane
// @todo Create resized item quick edit pane menu
if ($item->type == "album") {
$options_menu->append(Menu::factory("dialog")->id("add_item")->label(t("Add a photo"))->url(url::site("form/add/albums/{$item->id}?type=photo")))->append(Menu::factory("dialog")->id("add_album")->label(t("Add an album"))->url(url::site("form/add/albums/{$item->id}?type=album")))->append(Menu::factory("dialog")->id("edit_permissions")->label(t("Edit permissions"))->url(url::site("permissions/browse/{$item->id}")));
}
}
if (user::active()->admin) {
$menu->append($admin_menu = Menu::factory("submenu")->id("admin_menu")->label(t("Admin")));
self::admin($admin_menu, $theme);
foreach (module::installed() as $module) {
if ($module->name == "core") {
continue;
}
$class = "{$module->name}_menu";
if (method_exists($class, "admin")) {
call_user_func_array(array($class, "admin"), array(&$admin_menu, $this));
}
}
}
}
public function emailid($user_id)
{
// Display a form that a vistor can use to contact a registered user.
// If this page is disabled, show a 404 error.
if (module::get_var("contactowner", "contact_user_link") != true) {
kohana::show_404();
}
// Locate the record for the user specified by $user_id,
// use this to determine the user's name.
$userDetails = ORM::factory("user")->where("id", $user_id)->find_all();
// Make a new form with a couple of text boxes.
$form = new Forge("contactowner/sendemail", "", "post", array("id" => "gContactOwnerSendForm"));
$sendmail_fields = $form->group("contactOwner");
$sendmail_fields->input("email_to")->label(t("To:"))->value($userDetails[0]->name);
$sendmail_fields->input("email_from")->label(t("From:"))->value(user::active()->email);
$sendmail_fields->input("email_subject")->label(t("Subject:"))->value("");
$sendmail_fields->textarea("email_body")->label(t("Message:"))->value("");
$sendmail_fields->hidden("email_to_id")->value($user_id);
// Add a save button to the form.
$sendmail_fields->submit("SendMessage")->value(t("Send"));
// Set up and display the actual page.
$template = new Theme_View("page.html", "Contact");
$template->content = new View("contactowner_emailform.html");
$template->content->sendmail_form = $form;
print $template;
}
/**
* Attempts to load a view and pre-load view data.
*
* @throws Kohana_Exception if the requested view cannot be found
* @param string $name view name
* @param string $page_type page type: album, photo, tags, etc
* @param string $theme_name view name
* @return void
*/
public function __construct($name, $page_type)
{
$theme_name = module::get_var("gallery", "active_site_theme");
if (!file_exists("themes/{$theme_name}")) {
module::set_var("gallery", "active_site_theme", "default");
theme::load_themes();
Kohana::log("error", "Unable to locate theme '{$theme_name}', switching to default theme.");
}
parent::__construct($name);
$this->theme_name = module::get_var("gallery", "active_site_theme");
if (user::active()->admin) {
$this->theme_name = Input::instance()->get("theme", $this->theme_name);
}
$this->item = null;
$this->tag = null;
$this->set_global("theme", $this);
$this->set_global("user", user::active());
$this->set_global("page_type", $page_type);
$this->set_global("page_title", null);
if ($page_type == "album") {
$this->set_global("thumb_proportion", $this->thumb_proportion());
}
$maintenance_mode = Kohana::config("core.maintenance_mode", false, false);
if ($maintenance_mode) {
message::warning(t("This site is currently in maintenance mode"));
}
}
public function _form_edit($user)
{
if ($user->guest || $user->id != user::active()->id) {
access::forbidden();
}
print user::get_edit_form($user);
}
static function search($q, $limit, $offset) {
$db = Database::instance();
$q = $db->escape_str($q);
if (!user::active()->admin) {
foreach (user::group_ids() as $id) {
$fields[] = "`view_$id` = " . access::ALLOW;
}
$access_sql = "AND (" . join(" AND ", $fields) . ")";
} else {
$access_sql = "";
}
// Count the total number of rows. We can't do this with our regular query because of the
// limit statement. It's possible that if we get rid of the limit (but keep the offset) on
// the 2nd query and combine the two, it might be faster than making 2 separate queries.
$count_query = "SELECT COUNT(*) AS c " .
"FROM {items} JOIN {search_records} ON ({items}.`id` = {search_records}.`item_id`) " .
"WHERE MATCH({search_records}.`data`) AGAINST ('$q' IN BOOLEAN MODE) " .
$access_sql;
$count = $db->query($count_query)->current()->c;
$query = "SELECT {items}.*, MATCH({search_records}.`data`) AGAINST ('$q') AS `score` " .
"FROM {items} JOIN {search_records} ON ({items}.`id` = {search_records}.`item_id`) " .
"WHERE MATCH({search_records}.`data`) AGAINST ('$q' IN BOOLEAN MODE) " .
$access_sql .
"ORDER BY `score` DESC " .
"LIMIT $limit OFFSET $offset";
return array($count, new ORM_Iterator(ORM::factory("item"), $db->query($query)));
}
/**
* Add a new comment to the collection.
* @see REST_Controller::_create($resource)
*/
public function _create($comment)
{
$item = ORM::factory("item", $this->input->post("item_id"));
access::required("view", $item);
$form = comment::get_add_form($item);
$valid = $form->validate();
if ($valid) {
if (user::active()->guest && !$form->add_comment->inputs["name"]->value) {
$form->add_comment->inputs["name"]->add_error("missing", 1);
$valid = false;
}
if (!$form->add_comment->text->value) {
$form->add_comment->text->add_error("missing", 1);
$valid = false;
}
}
if ($valid) {
$comment = comment::create($item, user::active(), $form->add_comment->text->value, $form->add_comment->inputs["name"]->value, $form->add_comment->email->value, $form->add_comment->url->value);
$active = user::active();
if ($active->guest) {
$form->add_comment->inputs["name"]->value("");
$form->add_comment->email->value("");
$form->add_comment->url->value("");
} else {
$form->add_comment->inputs["name"]->value($active->full_name);
$form->add_comment->email->value($active->email);
$form->add_comment->url->value($active->url);
}
$form->add_comment->text->value("");
print json_encode(array("result" => "success", "resource" => $comment->state == "published" ? url::site("comments/{$comment->id}") : null, "form" => $form->__toString()));
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
}
public function __construct($theme = null)
{
if (!user::active()->admin) {
throw new Exception("@todo UNAUTHORIZED", 401);
}
parent::__construct();
}
/**
* Add a set of restrictions to any following queries to restrict access only to items
* viewable by the active user.
* @chainable
*/
public function viewable()
{
if (is_null($this->view_restrictions)) {
if (user::active()->admin) {
$this->view_restrictions = array();
} else {
foreach (user::group_ids() as $id) {
// Separate the first restriction from the rest to make it easier for us to formulate
// our where clause below
if (empty($this->view_restrictions)) {
$this->view_restrictions[0] = "view_{$id}";
} else {
$this->view_restrictions[1]["view_{$id}"] = access::ALLOW;
}
}
}
}
switch (count($this->view_restrictions)) {
case 0:
break;
case 1:
$this->where($this->view_restrictions[0], access::ALLOW);
break;
default:
$this->open_paren();
$this->where($this->view_restrictions[0], access::ALLOW);
$this->orwhere($this->view_restrictions[1]);
$this->close_paren();
break;
}
return $this;
}
function change($command, $group_id, $perm_id, $item_id)
{
access::verify_csrf();
$group = ORM::factory("group", $group_id);
$perm = ORM::factory("permission", $perm_id);
$item = ORM::factory("item", $item_id);
access::required("view", $item);
access::required("edit", $item);
if ($group->loaded && $perm->loaded && $item->loaded) {
switch ($command) {
case "allow":
access::allow($group, $perm->name, $item);
break;
case "deny":
access::deny($group, $perm->name, $item);
break;
case "reset":
access::reset($group, $perm->name, $item);
break;
}
// If the active user just took away their own edit permissions, give it back.
if ($perm->name == "edit") {
if (!access::user_can(user::active(), "edit", $item)) {
access::allow($group, $perm->name, $item);
}
}
}
}
static function header_top($theme)
{
if ($theme->page_type != "login") {
$view = new View("login.html");
$view->user = user::active();
return $view->render();
}
}
function is_admin()
{
if (user::active()->admin) {
print json_encode(array("result" => "success", "csrf" => access::csrf_token()));
return;
}
print json_encode(array("result" => "failure"));
}
static function site_menu($menu, $theme)
{
$item = $theme->item();
$paths = unserialize(module::get_var("server_add", "authorized_paths"));
if ($item && user::active()->admin && $item->is_album() && !empty($paths) && is_writable($item->is_album() ? $item->file_path() : $item->parent()->file_path())) {
$menu->get("add_menu")->append(Menu::factory("dialog")->id("server_add")->label(t("Server add"))->url(url::site("server_add/browse/{$item->id}")));
}
}
public function form_edit($id)
{
$user = user::lookup($id);
if ($user->guest || $user->id != user::active()->id) {
access::forbidden();
}
print $this->_get_edit_form($user);
}
/**
* Create a new movie.
* @param integer $parent_id id of parent album
* @param string $filename path to the photo file on disk
* @param string $name the filename to use for this photo in the album
* @param integer $title the title of the new photo
* @param string $description (optional) the longer description of this photo
* @return Item_Model
*/
static function create($parent, $filename, $name, $title, $description = null, $owner_id = null)
{
if (!$parent->loaded || !$parent->is_album()) {
throw new Exception("@todo INVALID_PARENT");
}
if (!is_file($filename)) {
throw new Exception("@todo MISSING_MOVIE_FILE");
}
if (strpos($name, "/")) {
throw new Exception("@todo NAME_CANNOT_CONTAIN_SLASH");
}
// We don't allow trailing periods as a security measure
// ref: http://dev.kohanaphp.com/issues/684
if (rtrim($name, ".") != $name) {
throw new Exception("@todo NAME_CANNOT_END_IN_PERIOD");
}
$movie_info = movie::getmoviesize($filename);
// Force an extension onto the name
$pi = pathinfo($filename);
if (empty($pi["extension"])) {
$pi["extension"] = image_type_to_extension($movie_info[2], false);
$name .= "." . $pi["extension"];
}
$movie = ORM::factory("item");
$movie->type = "movie";
$movie->title = $title;
$movie->description = $description;
$movie->name = $name;
$movie->owner_id = $owner_id ? $owner_id : user::active();
$movie->width = $movie_info[0];
$movie->height = $movie_info[1];
$movie->mime_type = strtolower($pi["extension"]) == "mp4" ? "video/mp4" : "video/x-flv";
$movie->thumb_dirty = 1;
$movie->resize_dirty = 1;
$movie->sort_column = "weight";
$movie->rand_key = (double) mt_rand() / (double) mt_getrandmax();
// Randomize the name if there's a conflict
while (ORM::Factory("item")->where("parent_id", $parent->id)->where("name", $movie->name)->find()->id) {
// @todo Improve this. Random numbers are not user friendly
$movie->name = rand() . "." . $pi["extension"];
}
// This saves the photo
$movie->add_to_parent($parent);
// If the thumb or resize already exists then rename it
if (file_exists($movie->resize_path()) || file_exists($movie->thumb_path())) {
$movie->name = $pi["filename"] . "-" . rand() . "." . $pi["extension"];
$movie->save();
}
copy($filename, $movie->file_path());
module::event("item_created", $movie);
// Build our thumbnail
graphics::generate($movie);
// If the parent has no cover item, make this it.
if (access::can("edit", $parent) && $parent->album_cover_item_id == null) {
item::make_album_cover($movie);
}
return $movie;
}
public function index()
{
$user = user::active();
user::logout();
log::info("user", t("User %name logged out", array("name" => $user->name)), html::anchor("user/{$user->id}", $user->name));
if ($this->input->get("continue")) {
url::redirect($this->input->get("continue"));
}
}
public function index()
{
if (!user::active()->admin) {
url::redirect("albums/1");
}
$v = new View("after_install.html");
$v->user = user::active();
print $v;
}
/**
* Initialization.
*/
static function gallery_ready()
{
user::load_user();
$locale = user::active()->locale;
if (!empty($locale)) {
// TODO(andy_st): Check session data as well.
I18n::instance()->locale($locale);
}
}
public function index()
{
if (!user::active()->admin) {
url::redirect(item::root()->abs_url());
}
$v = new View("welcome_message.html");
$v->user = user::active();
print $v;
}
static function remove_watch($item, $user = null)
{
if ($item->is_album()) {
if (empty($user)) {
$user = user::active();
}
$subscription = ORM::factory("subscription")->where("item_id", $item->id)->where("user_id", $user->id)->find()->delete();
}
}
/**
* If Gallery is in maintenance mode, then force all non-admins to get routed to a "This site is
* down for maintenance" page.
*/
static function maintenance_mode()
{
$maintenance_mode = Kohana::config("core.maintenance_mode", false, false);
if (Router::$controller != "login" && !empty($maintenance_mode) && !user::active()->admin) {
Router::$controller = "maintenance";
Router::$controller_path = MODPATH . "gallery/controllers/maintenance.php";
Router::$method = "index";
}
}
public function toggle_l10n_mode()
{
access::verify_csrf();
if (!user::active()->admin) {
access::forbidden();
}
$session = Session::instance();
$session->set("l10n_mode", !$session->get("l10n_mode", false));
url::redirect("albums/1");
}
/**
* Attempts to load a view and pre-load view data.
*
* @throws Kohana_Exception if the requested view cannot be found
* @param string $name view name
* @param string $theme_name view name
* @return void
*/
public function __construct($name)
{
parent::__construct($name);
$this->theme_name = module::get_var("core", "active_admin_theme");
if (user::active()->admin) {
$this->theme_name = Input::instance()->get("theme", $this->theme_name);
}
$this->set_global('theme', $this);
$this->set_global('user', user::active());
}
static function album($menu, $theme)
{
if (!user::active()->guest) {
$item = $theme->item();
if ($item) {
$watching = notification::is_watching($item);
$menu->append(Menu::factory("link")->id("watch")->label(t("Enable notifications for this album"))->url(url::site("notification/watch/{$item->id}?csrf=" . access::csrf_token()))->css_id($watching ? "gRemoveWatchLink" : "gAddWatchLink"));
}
}
}
static function site_menu($menu, $theme)
{
if (!user::active()->guest) {
$item = $theme->item();
if ($item && $item->is_album() && access::can("view", $item)) {
$watching = notification::is_watching($item);
$label = $watching ? t("Remove notifications") : t("Enable notifications");
$menu->get("options_menu")->append(Menu::factory("link")->id("watch")->label($label)->css_id("gNotifyLink")->url(url::site("notification/watch/{$item->id}?csrf=" . access::csrf_token())));
}
}
}
static function add_from_server($task)
{
$context = unserialize($task->context);
try {
$paths = array_keys(unserialize(module::get_var("server_add", "authorized_paths")));
$path = $paths[$context["next_path"]];
if (!empty($context["files"][$path])) {
$file = $context["files"][$path][$context["position"]];
$parent = ORM::factory("item", $file["parent_id"]);
access::required("server_add", $parent);
access::required("add", $parent);
if (!$parent->is_album()) {
throw new Exception("@todo BAD_ALBUM");
}
$name = $file["name"];
if ($file["type"] == "album") {
$album = ORM::factory("item")->where("name", $name)->where("parent_id", $parent->id)->find();
if (!$album->loaded) {
$album = album::create($parent, $name, $name, null, user::active()->id);
}
// Now that we have a new album. Go through the remaining files to import and change the
// parent_id of any file that has the same relative path as this album's path.
$album_path = "{$file['path']}/{$name}";
for ($idx = $context["position"] + 1; $idx < count($context["files"][$path]); $idx++) {
if (strpos($context["files"][$path][$idx]["path"], $album_path) === 0) {
$context["files"][$path][$idx]["parent_id"] = $album->id;
}
}
} else {
$extension = strtolower(substr(strrchr($name, '.'), 1));
$source_path = "{$path}{$file['path']}/{$name}";
if (in_array($extension, array("flv", "mp4"))) {
$movie = movie::create($parent, $source_path, $name, $name, null, user::active()->id);
} else {
$photo = photo::create($parent, $source_path, $name, $name, null, user::active()->id);
}
}
$context["counter"]++;
if (++$context["position"] >= count($context["files"][$path])) {
$context["next_path"]++;
$context["position"] = 0;
}
} else {
$context["next_path"]++;
}
} catch (Exception $e) {
$context["errors"][$path] = $e->getMessage();
}
$task->context = serialize($context);
$task->state = "success";
$task->percent_complete = $context["counter"] / (double) $context["total"] * 100;
$task->done = $context["counter"] == (double) $context["total"];
}
/**
* Add a log entry.
*
* @param string $category an arbitrary category we can use to filter log messages
* @param string $message a detailed log message
* @param integer $severity INFO, WARNING or ERROR
* @param string $html an html snippet presented alongside the log message to aid the admin
*/
private static function _add($category, $message, $html, $severity)
{
$log = ORM::factory("log");
$log->category = $category;
$log->message = $message;
$log->severity = $severity;
$log->html = $html;
$log->url = substr(url::abs_current(true), 0, 255);
$log->referer = request::referrer(null);
$log->timestamp = time();
$log->user_id = user::active()->id;
$log->save();
}
static function create($task_def, $context)
{
$task = ORM::factory("task");
$task->callback = $task_def->callback;
$task->name = $task_def->name;
$task->percent_complete = 0;
$task->status = "";
$task->state = "started";
$task->owner_id = user::active()->id;
$task->context = serialize($context);
$task->save();
return $task;
}
public function __construct($theme = null)
{
if (!user::active()->admin) {
access::forbidden();
}
parent::__construct();
}
