private function tryProcessPostData($postData) { $reqfields = array('link_path', 'link_target', 'link_priority'); if (!$postData->hasValues($reqfields)) { $this->errorMessage = 'Please specify: <ul> <li>Path</li> <li>Target</li> <li>Priority</li> </ul>'; return; } $fields = $reqfields; extract($postData->filter($fields)); $link_priority = intval($link_priority); if ($link_priority < 0 || $link_priority > 1000) { $this->errorMessage = 'Priority must be between 0 and 1000'; return; } $dbc = Application::dbConnection(); $entry = $dbc->links()->addLink('regex', $link_path, $link_target, Authorization::user()->id); if (!$entry) { $this->errorMessage = 'An internal error occurred while creating the short URL. Please try again or ask an administrator for help.'; return; } $success = $dbc->links()->setPriority($entry->id, $link_priority); if (!$success) { $url = self::getURL('links/details', array('link' => $entry->id)); $this->errorMessage = 'The link was created, but the priority could not be set. Please <a href="' . WebRenderer::escapeAttr($url) . '">try again</a>'; return; } self::redirectTo('links/details', array('link' => $entry->id)); exit; }
public function init($params) { self::requireNonce(); self::requirePermission('session.switch_user'); if ($this->revert) { if (Authorization::switched()) { Authorization::switchBack(); } self::redirectTo('home'); exit; } else { if ($this->uid === false) { self::redirectTo('home'); exit; } $dbc = Application::dbConnection(); $this->userInfo = $dbc->users()->getUser($this->uid); if ($this->userInfo) { if ($this->confirmed) { if (Authorization::switched()) { Authorization::switchBack(); } $s = Authorization::switchUser($this->userInfo); if ($s) { self::redirectTo('home'); exit; } $this->errorMessage = 'Switching failed.'; } } } }
/** * Retrieves a user from the current authorization context which should be * used for permission checks. */ public static function currentUser() { if (Authorization::switched()) { return Authorization::realUser(); } return Authorization::user(); }
private function tryProcessPostData($postData) { $reqfields = array('target_link'); if (!$postData->hasValues($reqfields)) { $this->errorMessage = 'Please enter a target link.'; return; } $fields = $reqfields; $fields[] = 'use_custom_path'; $fields[] = 'custom_path'; $fields[] = 'override_wildcards'; extract($postData->filter($fields)); if ($override_wildcards) { if (!self::hasPermission('link.override_wildcards')) { $this->errorMessage = 'You are not permitted to override wildcards.'; return; } } $dbc = Application::dbConnection(); $opts = $dbc->options()->getOptions(array('linkgen_chars', 'linkgen_length', 'custom_links_regex')); extract($opts); if ($use_custom_path) { if (!$custom_path) { $this->errorMessage = 'Please enter a valid short path or uncheck the custom path option.'; return; } if (!self::hasPermission('link.custom_path')) { $this->errorMessage = 'You are not permitted to use custom paths.'; return; } if (!preg_match("/{$custom_links_regex}/", $custom_path)) { $this->errorMessage = 'The chosen short path is not allowed due to administrative restrictions.'; return; } $shortpath = $custom_path; } else { $linkgen_length = intval($linkgen_length); $shortpath = $dbc->links()->findAvailablePath($linkgen_length, $linkgen_chars); } $conflict = $dbc->links()->checkConflictsStatic($shortpath); $this->allowOverrideWildcards = !!$conflict && self::hasPermission('link.override_wildcards'); if ($conflict) { if ($conflict->type === 'static') { $this->errorMessage = 'Another link with the same path or a conflicting path already exists.'; return; } if ($conflict->type === 'regex' && !$override_wildcards) { $url = self::getURL('links/details', array('link' => $conflict->id))->build(); $this->errorMessage = 'This path would override <a href="' . WebRenderer::escapeAttr($url) . '">a defined wildcard</a>.'; return; } } $entry = $dbc->links()->addLink('static', $shortpath, $target_link, Authorization::user()->id); if (!$entry) { $this->errorMessage = 'An internal error occurred while creating the short URL. Please try again or ask an administrator for help.'; return; } self::redirectTo('links/details', array('link' => $entry->id)); exit; }
public function init($params) { Page::requireNonce(); Authorization::logout(); self::redirectTo('login'); exit; }
public function init($params) { self::requireLogin(); $dbc = Application::dbConnection(); $this->settings = $dbc->options()->getOptions(array('allow_name_changes')); $this->userInfo = Authorization::user(); $postData = \tniessen\tinyIt\HttpParams::_POST(); if ($postData && !$postData->isEmpty()) { $this->currentParams = $postData; $this->tryProcessPostData($postData); $this->userInfo = Authorization::user('reload'); } }
public function init($params) { self::requireLogin(); $dbc = Application::dbConnection(); if ($uid = $this->userId) { $this->userInfo = $dbc->users()->getUser($uid); if ($this->userInfo) { if ($this->userId !== Authorization::user()->id) { if (self::hasPermission('session.switch_user')) { $this->canSwitchUser = true; } } if ($this->deleteMode) { self::requireNonce(); $allowed = self::hasPermission('user.delete_accounts'); $allowed |= $uid === Authorization::user()->id && self::hasPermission('user.delete_self'); if ($allowed) { $dbc->links()->removeLinksByUser($uid); if ($dbc->users()->removeUser($uid)) { self::redirectTo('users/list'); exit; } else { $this->errorMessage = 'Internal error while deleting user'; } } else { $this->errorMessage = 'You are not permitted to delete this user account.'; } } else { if (isset($params['setGroup'])) { $newgroup = intval($params['setGroup']); $ok = true; if ($newgroup) { $g = $dbc->groups()->getGroup($newgroup); if (!$g) { $ok = false; $this->errorMessage = 'The selected group was not found.'; } } if ($ok) { $dbc->users()->setGroup($uid, $newgroup); $this->userInfo = $dbc->users()->getUser($uid); } } } if ($this->userInfo->group_id) { $this->groupInfo = $dbc->groups()->getGroup($this->userInfo->group_id); } $this->availableGroups = $dbc->groups()->getGroups(0, 100); } } }
private function tryProcessPostData($postData) { $reqfields = array('username', 'password'); if (!$postData->hasValues($reqfields)) { $this->errorMessage = 'Please submit username and password.'; return; } $fields = $reqfields; extract($postData->filter($fields)); $uid = Authorization::login($username, $password); if ($uid === false) { $this->errorMessage = 'Incorrect user / password'; return; } $this->redirectTo('home'); exit; }
public function init($params) { if (Authorization::loggedIn()) { self::redirectTo('home'); exit; } $dbc = Application::dbConnection(); if (!$dbc->options()->getOption('allow_registration')) { self::redirectTo('login'); exit; } $postData = \tniessen\tinyIt\HttpParams::_POST(); if ($postData && !$postData->isEmpty()) { $this->currentParams = $postData; $this->tryProcessPostData($postData); } }
public function init($params) { self::requireLogin(); $dbc = Application::dbConnection(); if ($lid = $this->linkId) { $this->linkInfo = $dbc->links()->getLink($lid); if ($this->linkInfo) { if ($this->editMode) { $allowed = self::hasPermission('link.edit_links'); $allowed |= $this->linkInfo->owner_id === Authorization::user()->id && self::hasPermission('link.edit_own_links'); if ($allowed) { $postData = \tniessen\tinyIt\HttpParams::_POST(); if ($postData && !$postData->isEmpty()) { $this->currentParams = $postData; $this->tryProcessEditPostData($postData); } } else { $this->editMode = false; $this->errorMessage = 'You are not permitted to edit this link.'; } } elseif ($this->deleteMode) { self::requireNonce(); $allowed = self::hasPermission('link.delete_links'); $allowed |= $this->linkInfo->owner_id === Authorization::user()->id && self::hasPermission('link.delete_own_links'); if ($allowed) { if ($dbc->links()->removeLink($lid)) { self::redirectTo('links/list'); exit; } else { $this->errorMessage = 'Internal error while deleting link'; } } else { $this->errorMessage = 'You are not permitted to delete this link.'; } } if ($oid = $this->linkInfo->owner_id) { $this->linkInfo->userInfo = $dbc->users()->getUser($oid); } if ($this->linkInfo->type === 'static') { $this->linkInfo->fullURL = Application::getBaseURL()->build() . $this->linkInfo->path; } } } }
<h4 class="modal-title">Delete link</h4> </div> <div class="modal-body"> <p>Do you really want to delete this link?</p> <p><code><?php echo $r->escapeHtml($l->path); ?> </code> redirecting to <code><?php echo $r->escapeHtml($l->target); ?> </code></p> </div> <div class="modal-footer"> <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button> <a href="<?php $params = array('link' => $l->id, 'delete' => true, 'nonce' => \tniessen\tinyIt\Security\Authorization::getNonce()); $url = $pageURL('links/details', $params); echo $r->escapeAttr($url); ?> " class="btn btn-danger">Delete</a> </div> </div> </div> </div> <?php } else { ?> <div class="page-header"> <h1>Link details</h1> </div> <div class="alert alert-danger">
<li><a href="<?php echo $r->escapeAttr($pageURL('settings/own/account')); ?> ">Account settings</a></li> <li class="divider"></li> <?php if ($ru = \tniessen\tinyIt\Security\Authorization::realUser()) { ?> <li><a href="<?php $url = $pageURL('switch-user', array('revert' => true, 'nonce' => $theNonce)); echo $r->escapeAttr($url); ?> ">Switch back to <?php echo $r->escapeHtml($ru->display_name); ?> </a></li> <?php } ?> <li><a href="<?php $nonce = \tniessen\tinyIt\Security\Authorization::getNonce(); $url = $pageURL('logout', array('nonce' => $nonce)); echo $r->escapeAttr($url); ?> ">Logout</a></li> </ul> </li> </ul> </div><!-- .navbar-collapse --> </div><!-- .container-fluid --> </div><!-- .navbar -->
<?php $r->render('dashboard', array('title' => 'Home')); ?> <div class="page-header"> <h1>Welcome <small><?php echo $r->escapeHtml(\tniessen\tinyIt\Security\Authorization::user()->display_name); ?> </small></h1> </div> <div class="jumbotron"> <h1>What do you want to do?</h1> <p>Choose one of these possibilities to begin or use the navigation menu at the top.</p> <ul> <li><a href="<?php echo $r->escapeAttr($pageURL('links/shorten')); ?> ">Shorten a link</a></li> <li><a href="<?php echo $r->escapeAttr($pageURL('links/list')); ?> ">View shortened links</a></li> <li><a href="<?php echo $r->escapeAttr($pageURL('users/list')); ?> ">Manage users</a></li> <li><a href="<?php echo $r->escapeAttr($pageURL('settings/own/account')); ?> ">Change account settings</a></li> </ul>
/** * Requires an authorized session and a valid `nonce` GET parameter. * * If the client did not send a valid nonce along with the request, this * function will redirect the client to another page. * * This function will call Page::requireLogin prior to any other actions. * * @param string $redirectTo */ public static final function requireNonce($redirectTo = 'home') { self::requireLogin(); $data = \tniessen\tinyIt\HttpParams::_GET(); $okay = $data->has('nonce') && Authorization::isNonce($data->get('nonce')); if (!$okay) { self::redirectTo($redirectTo); exit; } }
if ($theUser->id === $u->id) { ?> <a href="<?php echo $r->escapeAttr($pageURL('settings/own/account')); ?> " class="btn btn-default"> <span class="glyphicon glyphicon-pencil"></span> Edit </a> <?php } ?> <?php if ($r->opt('canSwitchUser')) { ?> <a href="<?php $params = array('user' => $u->id, 'nonce' => \tniessen\tinyIt\Security\Authorization::getNonce()); $url = $pageURL('switch-user', $params); echo $r->escapeAttr($url); ?> " class="btn btn-default"> <span class="glyphicon glyphicon-arrow-right"></span> Switch </a> <?php } ?> <?php if ($page::hasPermission('user.set_group')) { ?> <button type="button" class="btn btn-default" data-toggle="modal" data-target=".select-group-modal"> Set group </button>