public function getDelete(Request $request)
{
$referer = setReferer('/admin/page/pages', 'admin/page/delete');
$post = $request->all();
if ($request->input('id') && $request->input('token') == csrf_token()) {
if (Pages::find($post['id'])->forceDelete()) {
return redirect($referer)->withInput(['success' => '页面删除成功']);
} else {
abort(404);
}
}
}
public function checkMulti($request)
{
if ($request->input('table_submit') == 'multiApply') {
$referer = setReferer('/admin/user/users', '/admin/user/users');
$selected = $request->input('selected');
if ($request->input('multi') == 'disabled') {
foreach ($selected as $id) {
Users::find($id)->update(['status' => 'disabled']);
}
}
if ($request->input('multi') == 'abled') {
foreach ($selected as $id) {
Users::find($id)->update(['status' => 'abled']);
}
}
if ($request->input('multi') == 'delete') {
foreach ($selected as $id) {
Users::find($id)->delete();
}
}
return redirect($referer);
}
return false;
}
/**
* Create Edit post form
*
* @param int $id Post ID
*/
public function edit_post_form($id = null)
{
$id = (int) $id;
if ($id < 1) {
redirect('/forum/');
}
$writer_status = !empty($_SESSION['user']['status']) ? $_SESSION['user']['status'] : 0;
// Получаем из БД сообщение
$postModel = $this->Register['ModManager']->getModelInstance('Posts');
$postModel->bindModel('attacheslist');
$post = $postModel->getById($id);
if (!$post) {
return $this->showInfoMessage(__('Some error occurred'), '/forum/');
}
$id_theme = $post->getId_theme();
// get theme for check access (by theme.id_forum)
$themesModel = $this->Register['ModManager']->getModelInstance('Themes');
$theme = $themesModel->getById($id_theme);
if (!$theme) {
return $this->showInfoMessage(__('Topic not found'), '/forum/');
}
//check access
if (!$this->ACL->turn(array('forum', 'edit_posts', $theme->getId_forum()), false) && (!empty($_SESSION['user']['id']) && $post->getId_author() == $_SESSION['user']['id'] && $this->ACL->turn(array('forum', 'edit_mine_posts', $theme->getId_forum()), false)) === false) {
return $this->showInfoMessage(__('Permission denied'), '/forum/');
}
$message = $post->getMessage();
//if user vant preview message
if (isset($_SESSION['viewMessage']) and !empty($_SESSION['viewMessage'])) {
$preview = $this->Parser->getPreview($_SESSION['viewMessage']);
$message = $_SESSION['viewMessage'];
unset($_SESSION['viewMessage']);
}
// errors
if (isset($_SESSION['FpsForm'])) {
$errors = $this->Register['Validate']->getErrors();
$message = $_SESSION['FpsForm']['message'];
unset($_SESSION['FpsForm']);
}
$markers = array('errors' => !empty($errors) ? $errors : '', 'preview' => !empty($preview) ? $preview : '', 'action' => get_url('/forum/update_post/' . $id), 'message' => h($message));
/**** ATTACH ****/
$unlinkfiles = array('att1' => '', 'att2' => '', 'att3' => '', 'att4' => '', 'att5' => '');
if ($post->getAttaches()) {
$attachModel = $this->Register['ModManager']->getModelInstance('ForumAttaches');
$attach_files = $attachModel->getCollection(array('post_id' => $post->getId()));
if ($attach_files) {
foreach ($attach_files as $attach_file) {
if (file_exists(ROOT . '/sys/files/forum/' . $attach_file->getFilename())) {
$unlinkfiles['att' . $attach_file->getAttach_number()] = '<input type="checkbox" name="unlink' . $attach_file->getAttach_number() . '" value="1" /> ' . __('Delete') . "\n";
}
}
}
}
$markers['unlinkfiles'] = $unlinkfiles;
/**** END ATTACH ****/
// nav block
$navi = array();
$navi['navigation'] = get_link(__('Forums list'), '/forum/') . __('Separator') . get_link('Просмотр темы', '/forum/view_theme/' . $id_theme) . __('Separator') . __('Edit message');
$this->_globalize($navi);
setReferer();
$source = $this->render('editpostform.html', array('context' => $markers));
return $this->_view($source);
}
/**
*
* Create form and fill his data from record which ID
* transfered into function. Show errors if an exists
* after unsuccessful attempt. Also can get data for filling
* from SESSION if user try preview message or create error.
*
* @param int $id material then to be edit
*/
public function edit_form($id = null)
{
$id = (int) $id;
if ($id < 1) {
redirect('/');
}
$writer_status = !empty($_SESSION['user']['status']) ? $_SESSION['user']['status'] : 0;
$this->Model->bindModel('attaches');
$this->Model->bindModel('author');
$this->Model->bindModel('category');
$entity = $this->Model->getById($id);
if (!$entity) {
redirect('/' . $this->module . '/');
}
if (is_object($this->AddFields) && count($entity) > 0) {
$entity = $this->AddFields->mergeRecords(array($entity), true);
$entity = $entity[0];
}
//turn access
if (!$this->ACL->turn(array($this->module, 'edit_materials'), false) && (!empty($_SESSION['user']['id']) && $entity->getAuthor()->getId() == $_SESSION['user']['id'] && $this->ACL->turn(array($this->module, 'edit_mine_materials'), false)) === false) {
return $this->showInfoMessage(__('Permission denied'), '/' . $this->module . '/');
}
//forming categories list
$this->_getCatsTree($entity->getCategory()->getId());
$data = array('title' => '', 'main_text' => $entity->getMain(), 'in_cat' => $entity->getCategory_id(), 'description' => '', 'tags' => '', 'sourse' => '', 'sourse_email' => '', 'sourse_site' => '', 'commented' => '', 'available' => '');
$markers = Validate::getCurrentInputsValues($entity, $data);
$markers->setPreview($this->Parser->getPreview($markers->getMain()));
$markers->setErrors($this->Register['Validate']->getErrors());
if (isset($_SESSION['viewMessage'])) {
unset($_SESSION['viewMessage']);
}
if (isset($_SESSION['FpsForm'])) {
unset($_SESSION['FpsForm']);
}
$sectionsModel = $this->Register['ModManager']->getModelInstance($this->module . 'Categories');
$cats = $sectionsModel->getCollection();
$selectedCatId = $markers->getIn_cat() ? $markers->getIn_cat() : $markers->getCategory_id();
$cats_change = $this->_buildSelector($cats, $selectedCatId);
//comments and hide
$commented = $markers->getCommented() ? 'checked="checked"' : '';
if (!$this->ACL->turn(array($this->module, 'record_comments_management'), false)) {
$commented .= ' disabled="disabled"';
}
$available = $markers->getAvailable() ? 'checked="checked"' : '';
if (!$this->ACL->turn(array('loads', 'hide_material'), false)) {
$available .= ' disabled="disabled"';
}
$markers->setAction(get_url('/' . $this->module . '/update/' . $markers->getId()));
$markers->setCommented($commented);
$markers->setAvailable($available);
$attaches = $markers->getAttaches();
$attDelButtons = '';
if (count($attaches)) {
foreach ($attaches as $key => $attach) {
$attDelButtons .= '<input type="checkbox" name="' . $attach->getAttach_number() . 'dattach"> ' . $attach->getAttach_number() . '. (' . $attach->getFilename() . ')' . "<br />\n";
}
}
$markers->setCats_selector($cats_change);
$markers->setAttaches_delete($attDelButtons);
$markers->setMax_attaches($this->Register['Config']->read('max_attaches', $this->module));
//navigation panel
$navi = array();
$navi['navigation'] = $this->_buildBreadCrumbs($entity->getCategory_id());
$this->_globalize($navi);
setReferer();
$source = $this->render('editform.html', array('context' => $markers));
return $this->_view($source);
}
public function getStatus(Request $request)
{
$postCtr = new Postctr();
$referer = setReferer('/admin/post/posts', 'admin/post/status');
$post = $request->all();
if ($request->input('id') && $request->input('token') == csrf_token()) {
$post = $postCtr->getPost(new Request($post));
$post['status'] = $request->input('status');
$response = $postCtr->putPost(new Request($post));
if (!isset($response['error'])) {
$status = $post['status'] == 'public' ? '公开' : '草稿';
return redirect($referer)->withInput(['success' => '文章:' . $response['title'] . '设为 ' . $status . '成功']);
} else {
p($response);
}
}
}
public function display()
{
$start = gettimeofday(TRUE);
// ATTN: check system always returns true?
if (!$this->check_system()) {
$this->login_required = FALSE;
// if (!defined('SETUP'))
// {
// define('SETUP', TRUE);
// }
if (!defined('MODULE')) {
define('MODULE', 'system_admin');
}
if (!defined('CONTROLLER')) {
define('CONTROLLER', 'SystemsController');
}
}
$this->load_essential();
debug('system::display session data:' . print_r($_SESSION, TRUE));
$this->user = FALSE;
if (isLoggedIn()) {
// Sets the global constants EGS_USERNAME and EGS_COMPANY_ID
setupLoggedInUser();
$this->user = getCurrentUser();
$this->access = AccessObject::Instance($_SESSION['username']);
} else {
define('EGS_COMPANY_ID', -1);
define('EGS_USERNAME', $_SESSION['username']);
$this->access = AccessObject::Instance();
}
$this->setView();
$this->view->set("accessTree", $this->access->tree);
$this->view->set('access', $this->access);
$this->setController();
$this->setTemplates();
$this->setAction();
$csrf = new \Riimu\Kit\CSRF\CSRFHandler();
// check that the csrf token is valid
if (!$this->csrfValid()) {
sendBack();
}
$csrf_token = $csrf->getToken();
// make csrf token available to smarty templates
$this->view->set('csrf_token', $csrf_token);
if (isLoggedIn()) {
$this->checkPermission();
}
// output standard arrays to smarty
$this->view->set("module_css", $this->get_css());
$this->view->set("module_js", $this->get_js());
$this->view->set('current_user', $this->user);
$action = $this->action;
$controller = $this->controller;
$theme = '';
if (defined('EGS_COMPANY_ID') && EGS_COMPANY_ID !== 'null' && EGS_COMPANY_ID > 0) {
$sc = DataObjectFactory::Factory('Systemcompany');
$sc->load(EGS_COMPANY_ID);
if ($sc->isLoaded()) {
define('SYSTEM_COMPANY', $sc->company);
define('COMPANY_ID', $sc->company_id);
$theme = $sc->theme;
$this->available = $sc->access_enabled == 'NONE' ? FALSE : TRUE;
$this->audit = $sc->audit_enabled == 't' ? TRUE : FALSE;
$this->debug = $sc->debug_enabled == 't' ? TRUE : FALSE;
$this->view->set('info_message', $sc->info_message);
$this->view->set('systemcompany', $sc);
}
}
$policy = DataObjectFactory::Factory('SystemObjectPolicy');
if ($policy->getCount() > 0) {
define('SYSTEM_POLICIES_ENABLED', TRUE);
} else {
define('SYSTEM_POLICIES_ENABLED', FALSE);
}
if (!defined('SYSTEM_COMPANY')) {
define('SYSTEM_COMPANY', '');
}
if (!defined('COMPANY_ID')) {
define('COMPANY_ID', '');
}
// Set auditing/debugging for logged in user
if ($this->user) {
$this->audit = $this->audit ? $this->audit : ($this->user->audit_enabled == 't' ? TRUE : FALSE);
$this->debug = $this->debug ? $this->debug : ($this->user->debug_enabled == 't' ? TRUE : FALSE);
$this->available = $this->available ? $this->user->access_enabled == 't' ? TRUE : FALSE : $this->available;
}
if (!$this->available && isLoggedIn()) {
$_SESSION['loggedin'] = FALSE;
$_SESSION['username'] = null;
$flash = Flash::Instance();
$flash->addError('The system is unavailable at present');
$flash->save();
sendto('');
}
define('AUDIT', $this->audit);
define('DEBUG', $this->debug);
$db = DB::Instance();
$db->debug(DEBUG);
if (defined('LOGIN_PAGE_THEME') && $this->modules['module'] == 'login') {
$theme = LOGIN_PAGE_THEME;
}
if (!empty($theme)) {
define('THEME', $theme);
} else {
define('THEME', 'default');
}
$this->view->set('theme', THEME);
if (!defined('EGS_CURRENCY')) {
define('EGS_CURRENCY', 'GBP');
}
if (class_exists('Currency')) {
$currency = DataObjectFactory::Factory('Currency');
$currency->loadBy('currency', EGS_CURRENCY);
if ($currency) {
define('EGS_CURRENCY_SYMBOL', utf8_decode($currency->symbol));
}
}
if (!defined('EGS_CURRENCY_SYMBOL')) {
define('EGS_CURRENCY_SYMBOL', utf8_decode('£'));
}
/**
* *BEGIN CACHE CHECK*****
*/
if (!defined('EGS_COMPANY_ID')) {
define('EGS_COMPANY_ID', '');
}
if (DEBUG) {
$this->writeDebug();
}
$cache_key = md5($_SERVER['REQUEST_URI'] . EGS_COMPANY_ID . EGS_USERNAME);
if (TRUE || !$smarty->isCached('index.tpl', $cache_key)) {
$flash = Flash::Instance();
$config = Config::Instance();
// output all the variables to smarty
// this replaces $smarty.const.setting_name
$this->view->assign('config', $config->get_all());
setRefererPage();
debug('system::display Calling function ' . get_class($controller) . '::' . $action);
// echo 'system::display (1),'.microtime(TRUE).'<br>';
$controller->checkRequest($this->request, $action)->{$action}();
// echo 'system::display (2),'.microtime(TRUE).'<br>';
$flash->save();
// Save any flash messages for audit purposes
$this->flash['errors'] = $flash->getMessages('errors');
$this->flash['warnings'] = $flash->getMessages('warnings');
$this->flash['messages'] = $flash->getMessages('messages');
if (isLoggedIn()) {
$this->access->save();
}
// assign stuff to smarty
$controller->assignModels();
// this code fires $controller->index() if (perhaps) getPrintActions doesn't exist,
// thus overwriting the sidebar. Only fire if subclass of printController
if (is_subclass_of($controller, 'printController') && $action != 'printDialog') {
$this->view->assign('printaction', $controller->getPrintActions());
}
$controllername = str_replace('Controller', '', get_class($controller));
$this->pid = $this->access->getPermission($this->modules, $controllername, $action);
$self = array();
if (!empty($this->pid)) {
$self['pid'] = $this->pid;
}
$self['modules'] = $this->modules;
// $self['controller']=$controllername;
// $self['action']=$action;
$qstring = $_GET;
foreach ($qstring as $qname => $qvalue) {
if (!in_array($qname, array('orderby', 'page'))) {
$self[$qname] = $qvalue;
}
}
$this->view->assign('self', $self);
if (isset($this->user)) {
$this->view->assign('current_user', $this->user);
}
// Session timed out on input form so save the form data while the user logs back in
// See system::setController for where the form data is read after logging back in
if ($this->modules['module'] == 'login' && !empty($_POST)) {
$_SESSION['data'] = $_POST;
}
$echo = $controller->view->get('echo');
if (($this->ajax || $this->json) && $echo !== FALSE) {
echo $controller->view->get('echo');
exit;
} elseif ($this->modules['module'] == 'login') {
$current = getParamsArray($_SERVER['QUERY_STRING']);
$referer['modules'] = $current['modules'];
$referer['controller'] = 'Index';
$referer['action'] = 'index';
unset($referer['other']);
$_SESSION['referer'][setParamsString($current)] = setParamsString($referer);
} elseif (!isset($_GET['ajax'])) {
$referer = '';
if (!empty($_POST)) {
// This is a save form so set the referer to be the referer's referer!
$referer = isset($_SESSION['refererPage']) ? $_SESSION['refererPage'] : '';
}
setReferer($referer);
$current = getParamsArray($_SERVER['QUERY_STRING']);
$flash = Flash::Instance();
$current += array('messages' => $flash->getMessages('messages'), 'warnings' => $flash->getMessages('warnings'), 'errors' => $flash->getMessages('errors'));
$_SESSION['submit_token']['current'] = $current;
}
}
showtime('pre-display');
// echo 'System::display end '.(gettimeofday(TRUE)-$start).'<br>';
// echo 'system::display (3),'.microtime(TRUE).'<br>';
$this->view->display('index_page.tpl', $cache_key);
// echo 'system::display (4),'.microtime(TRUE).'<br>';
showtime('post-display');
}