function handleFormData($edit_submit = false) { global $template, $WebBaseDir, $i18n, $AddIP, $userid, $group_ids, $AccessOption, $ComplaintsStateOption; $apf_refundment = DB_DataObject::factory('ApfRefundment'); if ($edit_submit) { $apf_refundment->get($apf_refundment->escape($_POST['ID'])); $do_action = "updatesubmit"; } else { $do_action = "addsubmit"; } $apf_refundment->setCategory(stripslashes(trim($_POST['category']))); $apf_refundment->setCompany(stripslashes(trim($_POST['company']))); $apf_refundment->setRefundmenter(stripslashes(trim($_POST['refundmenter']))); $apf_refundment->setReasons(stripslashes(trim($_POST['reasons']))); $apf_refundment->setReply(stripslashes(trim($_POST['reply']))); $apf_refundment->setHandleman(stripslashes(trim($_POST['handleman']))); $apf_refundment->setHandledate(stripslashes(trim($_POST['handledate']))); $apf_refundment->setState(stripslashes(trim($_POST['state']))); $apf_refundment->setAccess(stripslashes(trim($_POST['access']))); $apf_refundment->setActive(stripslashes(trim($_POST['active']))); $apf_refundment->setAddIp($AddIP); $apf_refundment->setGroupid($group_ids); $apf_refundment->setUserid($userid); $val = $apf_refundment->validate(); if ($val === TRUE) { if ($edit_submit) { $apf_refundment->setUpdateAt(DB_DataObject_Cast::dateTime()); $apf_refundment->update(); $log_string = $i18n->_("Update") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['ID']}"; logFileString($log_string); $this->forward("refundment/apf_refundment/update/" . $_POST['ID'] . "/ok"); } else { $apf_refundment->setCreatedAt(DB_DataObject_Cast::dateTime()); $apf_refundment->insert(); $log_string = $i18n->_("Create") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['create_date']}"; logFileString($log_string); $this->forward("refundment/apf_refundment/"); } } else { $template->setFile(array("MAIN" => "apf_refundment_edit.html")); $template->setBlock("MAIN", "edit_block"); $category_arr = $this->getCategory(); array_shift($AccessOption); array_shift($ComplaintsStateOption); $template->setVar(array("WEBDIR" => $WebBaseDir, "CATEGORYOPTION" => selectTag("category", $category_arr, $_POST['category']), "ACCESSOPTION" => radioTag("access", $AccessOption, $_POST['access']), "STATE_OPTION" => radioTag("state", $ComplaintsStateOption, $_POST['state']), "HANDLE_DATE" => inputDateTag("handledate", $_POST['handledate']), "REASONS_TEXT" => textareaTag('reasons', $_POST['reasons'], false, "ROWS=\"8\" COLS=\"40\""), "DOACTION" => $do_action)); foreach ($val as $k => $v) { if ($v == false) { $template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ ")); } } $template->setVar(array("ID" => $_POST['id'], "CATEGORY" => $_POST['category'], "COMPANY" => $_POST['company'], "REFUNDMENTER" => $_POST['refundmenter'], "REASONS" => $_POST['reasons'], "REPLY" => $_POST['reply'], "HANDLEMAN" => $_POST['handleman'], "HANDLEDATE" => $_POST['handledate'], "STATE" => $_POST['state'], "GROUPID" => $_POST['groupid'], "USERID" => $_POST['userid'], "ACCESS" => $_POST['access'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at'])); } }
function handleFormData($edit_submit = false) { global $template, $WebBaseDir, $i18n, $AddIP, $userid, $group_ids, $AccessOption; $apf_agreement = DB_DataObject::factory('ApfAgreement'); if ($edit_submit) { $apf_agreement->get($apf_agreement->escape($_POST['ID'])); $do_action = "updatesubmit"; } else { $do_action = "addsubmit"; } $apf_agreement->setNoid(stripslashes(trim($_POST['noid']))); $apf_agreement->setCategory(stripslashes(trim($_POST['category']))); $apf_agreement->setEffectdate(stripslashes(trim($_POST['effectdate']))); $apf_agreement->setExpireddate(stripslashes(trim($_POST['expireddate']))); $apf_agreement->setBuyer(stripslashes(trim($_POST['buyer']))); $apf_agreement->setVender(stripslashes(trim($_POST['vender']))); $apf_agreement->setBuyersignature(stripslashes(trim($_POST['buyersignature']))); $apf_agreement->setVendersignature(stripslashes(trim($_POST['vendersignature']))); $apf_agreement->setDescription(stripslashes(trim($_POST['description']))); $apf_agreement->setAccess(stripslashes(trim($_POST['access']))); $apf_agreement->setActive(stripslashes(trim($_POST['active']))); $apf_agreement->setAddIp($AddIP); $apf_agreement->setGroupid($group_ids); $apf_agreement->setUserid($userid); $val = $apf_agreement->validate(); if ($val === TRUE) { if ($edit_submit) { $apf_agreement->setUpdateAt(DB_DataObject_Cast::dateTime()); $apf_agreement->update(); $log_string = $i18n->_("Update") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['ID']}"; logFileString($log_string); $this->forward("agreement/apf_agreement/update/" . $_POST['ID'] . "/ok"); } else { $apf_agreement->setCreatedAt(DB_DataObject_Cast::dateTime()); $apf_agreement->insert(); $log_string = $i18n->_("Create") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['create_date']}"; logFileString($log_string); $this->forward("agreement/apf_agreement/"); } } else { $template->setFile(array("MAIN" => "apf_agreement_edit.html")); $template->setBlock("MAIN", "edit_block"); $category_arr = $this->getCategory(); array_shift($AccessOption); $template->setVar(array("WEBDIR" => $WebBaseDir, "CATEGORYOPTION" => selectTag("category", $category_arr, $_POST['category']), "EFFECT_DATE" => inputDateTag("effectdate", $_POST['effectdate']), "EXPIRED_DATE" => inputDateTag("expireddate", $_POST['expireddate']), "ACCESSOPTION" => radioTag("access", $AccessOption, $_POST['access']), "DESCRIPTION_TEXT" => textareaTag('description', $_POST['description'], false, "ROWS=\"8\" COLS=\"40\""), "DOACTION" => $do_action)); foreach ($val as $k => $v) { if ($v == false) { $template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ ")); } } $template->setVar(array("ID" => $_POST['id'], "NOID" => $_POST['noid'], "CATEGORY" => $_POST['category'], "EFFECTDATE" => $_POST['effectdate'], "EXPIREDDATE" => $_POST['expireddate'], "BUYER" => $_POST['buyer'], "VENDER" => $_POST['vender'], "BUYERSIGNATURE" => $_POST['buyersignature'], "VENDERSIGNATURE" => $_POST['vendersignature'], "DESCRIPTION" => $_POST['description'], "GROUPID" => $_POST['groupid'], "USERID" => $_POST['userid'], "ACCESS" => $_POST['access'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at'])); } }
/** * Register a user with a username on a given provider * @param User User object * @param string username on the given provider * @param provider_name string name of the provider * @return mixed User_username instance if the registration succeeded, false if it did not */ static function register($user, $username, $provider_name) { $user_username = new User_username(); $user_username->user_id = $user->id; $user_username->provider_name = $provider_name; $user_username->username = $username; $user_username->created = DB_DataObject_Cast::dateTime(); if ($user_username->insert()) { return $user_username; } else { return false; } }
function oid_link_user($id, $canonical, $display) { $oid = new User_openid(); $oid->user_id = $id; $oid->canonical = $canonical; $oid->display = $display; $oid->created = DB_DataObject_Cast::dateTime(); if (!$oid->insert()) { $err = PEAR::getStaticProperty('DB_DataObject', 'lastError'); return false; } return true; }
function handleFormData($edit_submit = false) { global $template, $WebBaseDir, $i18n, $ActiveOption, $DebitOption, $AddIP, $userid, $group_ids; $apf_finance = DB_DataObject::factory('ApfFinance'); if ($edit_submit) { $apf_finance->get($apf_finance->escape($_POST['ID'])); $do_action = "updatesubmit"; } else { $do_action = "addsubmit"; } $apf_finance->setCategory(stripslashes(trim($_POST['category']))); $apf_finance->setCreateDate(stripslashes(trim($_POST['create_date']))); $apf_finance->setAmount(stripslashes(trim($_POST['amount']))); $apf_finance->setDebit(stripslashes(trim($_POST['debit']))); $apf_finance->setMoney(stripslashes(trim($_POST['money']))); $apf_finance->setMemo(stripslashes(trim($_POST['memo']))); $apf_finance->setActive(stripslashes(trim($_POST['active']))); $apf_finance->setAddIp($AddIP); $apf_finance->setGroupid($group_ids); $apf_finance->setUserid($userid); $val = $apf_finance->validate(); if ($val === TRUE) { if ($edit_submit) { $apf_finance->setUpdateAt(DB_DataObject_Cast::dateTime()); $apf_finance->update(); $log_string = $i18n->_("Update") . $i18n->_("Finance") . "\t{$_POST['money']}=>{$_POST['ID']}"; logFileString($log_string); $this->forward("finance/apf_finance/update/" . $_POST['ID'] . "/ok"); } else { $apf_finance->setCreatedAt(DB_DataObject_Cast::dateTime()); $apf_finance->insert(); $log_string = $i18n->_("Create") . $i18n->_("Finance") . "\t{$_POST['money']}=>{$_POST['create_date']}"; logFileString($log_string); $this->forward("finance/apf_finance/"); } } else { $template->setFile(array("MAIN" => "apf_finance_edit.html")); $template->setBlock("MAIN", "edit_block"); $template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action)); foreach ($val as $k => $v) { if ($v == false) { $template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ ")); } } $template->setVar(array("ID" => $_POST['ID'], "CATEGORY" => $_POST['category'], "CREATE_DATE" => $_POST['create_date'], "AMOUNT" => $_POST['amount'], "DEBIT" => $_POST['debit'], "MONEY" => $_POST['money'], "MEMO" => $_POST['memo'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at'])); $category_arr = $this->getCategory(); array_shift($ActiveOption); array_shift($DebitOption); $template->setVar(array("CATEGORYOPTION" => selectTag("category", $category_arr, $_POST['category']), "CREATEDATE" => inputDateTag("create_date", $_POST['create_date']), "AMOUNTTEXT" => textTag("amount", $_POST['amount']), "ACTIVEOPTION" => radioTag("active", $ActiveOption, $_POST['active']), "DEBITOPTION" => radioTag("debit", $DebitOption, $_POST['debit']))); } }
function handleFormData($edit_submit = false) { global $template, $WebBaseDir, $i18n, $ActiveOption, $StateOption, $AddIP, $userid, $group_ids; $apf_opportunity = DB_DataObject::factory('ApfOpportunity'); if ($edit_submit) { $apf_opportunity->get($apf_opportunity->escape($_POST['ID'])); $do_action = "updatesubmit"; } else { $do_action = "addsubmit"; } $apf_opportunity->setTitle(stripslashes(trim($_POST['title']))); $apf_opportunity->setAddrees(stripslashes(trim($_POST['addrees']))); $apf_opportunity->setPhone(stripslashes(trim($_POST['phone']))); $apf_opportunity->setFax(stripslashes(trim($_POST['fax']))); $apf_opportunity->setEmail(stripslashes(trim($_POST['email']))); $apf_opportunity->setHomepage(stripslashes(trim($_POST['homepage']))); $apf_opportunity->setLinkMan(stripslashes(trim($_POST['link_man']))); $apf_opportunity->setMemo(stripslashes(trim($_POST['memo']))); $apf_opportunity->setState(stripslashes(trim($_POST['state']))); $apf_opportunity->setActive(stripslashes(trim($_POST['active']))); $apf_opportunity->setAddIp($AddIP); $apf_opportunity->setGroupid($group_ids); $apf_opportunity->setUserid($userid); $val = $apf_opportunity->validate(); if ($val === TRUE) { if ($edit_submit) { $apf_opportunity->setUpdateAt(DB_DataObject_Cast::dateTime()); $apf_opportunity->update(); $log_string = $i18n->_("Update") . $i18n->_("Opportunity") . "\t{$_POST['title']}=>{$_POST['ID']}"; logFileString($log_string); $this->forward("opportunity/apf_opportunity/update/" . $_POST['ID'] . "/ok"); } else { $apf_opportunity->setCreatedAt(DB_DataObject_Cast::dateTime()); $apf_opportunity->insert(); $log_string = $i18n->_("Create") . $i18n->_("Opportunity") . "\t{$_POST['title']}"; logFileString($log_string); $this->forward("opportunity/apf_opportunity/"); } } else { $template->setFile(array("MAIN" => "apf_opportunity_edit.html")); $template->setBlock("MAIN", "edit_block"); array_shift($ActiveOption); $template->setVar(array("WEBDIR" => $WebBaseDir, "ACTIVEOPTION" => radioTag("active", $ActiveOption, $_POST['active']), "STATE_OPTION" => radioTag("state", $StateOption, $_POST['state']), "MEMO_TEXT" => textareaTag("memo", $_POST['memo'], false, "ROWS=\"15\" COLS=\"60\" "), "DOACTION" => $do_action)); foreach ($val as $k => $v) { if ($v == false) { $template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ ")); } } $template->setVar(array("ID" => $_POST['id'], "TITLE" => $_POST['title'], "ADDREES" => $_POST['addrees'], "PHONE" => $_POST['phone'], "FAX" => $_POST['fax'], "EMAIL" => $_POST['email'], "HOMEPAGE" => $_POST['homepage'], "LINK_MAN" => $_POST['link_man'], "MEMO" => $_POST['memo'], "STATE" => $_POST['state'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at'])); } }
function handleFormData($edit_submit = false) { global $template, $WebBaseDir, $i18n, $ActiveOption, $AddIP, $userid, $group_ids; $apf_news = DB_DataObject::factory('ApfNews'); if ($edit_submit) { $apf_news->get($apf_news->escape($_POST['ID'])); $do_action = "updatesubmit"; } else { $do_action = "addsubmit"; } $apf_news->setCategoryId(stripslashes(trim($_POST['category_id']))); $apf_news->setTitle(stripslashes(trim($_POST['title']))); $apf_news->setContent(stripslashes(trim($_POST['content']))); $apf_news->setActive(stripslashes(trim($_POST['active']))); $apf_finance->setAddIp($AddIP); $apf_finance->setGroupid($group_ids); $apf_finance->setUserid($userid); $val = $apf_news->validate(); if ($val === TRUE) { if ($edit_submit) { $apf_news->setUpdateAt(DB_DataObject_Cast::dateTime()); $apf_news->update(); $log_string = $i18n->_("Update") . $i18n->_("News") . "\t{$_POST['title']}=>{$_POST['ID']}"; logFileString($log_string); $this->forward("news/apf_news/update/" . $_POST['ID'] . "/ok"); } else { $apf_news->setCreatedAt(DB_DataObject_Cast::dateTime()); $apf_news->insert(); $log_string = $i18n->_("Create") . $i18n->_("News") . "\t{$_POST['title']}"; logFileString($log_string); $this->forward("news/apf_news/"); } } else { $template->setFile(array("MAIN" => "apf_news_edit.html")); $template->setBlock("MAIN", "edit_block"); $template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action)); $category_arr = $this->getCategory(); array_shift($ActiveOption); $template->setVar(array("ACTIVEOPTION" => radioTag("active", $ActiveOption, $_POST['active']), "CATEGORYOPTION" => selectTag("category_id", $category_arr, $_POST['category_id']))); foreach ($val as $k => $v) { if ($v == false) { $template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ ")); } } $template->setVar(array("ID" => $_POST['id'], "CATEGORY_ID" => $_POST['category_id'], "TITLE" => $_POST['title'], "CONTENT" => $_POST['content'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at'])); } }
function handleFormData($edit_submit = false) { global $template, $WebBaseDir, $i18n, $ActiveOption; $apf_news_category = DB_DataObject::factory('ApfNewsCategory'); if ($edit_submit) { $apf_news_category->get($apf_news_category->escape($_POST['ID'])); $do_action = "updatesubmit"; } else { $do_action = "addsubmit"; } $apf_news_category->setCategoryName(stripslashes(trim($_POST['category_name']))); $apf_news_category->setOrderid(stripslashes(trim($_POST['orderid']))); $apf_news_category->setActive(stripslashes(trim($_POST['active']))); $apf_news_category->setAddIp(stripslashes(trim($_POST['add_ip']))); $apf_news_category->setCreatedAt(stripslashes(trim($_POST['created_at']))); $apf_news_category->setUpdateAt(stripslashes(trim($_POST['update_at']))); $val = $apf_news_category->validate(); if ($val === TRUE) { if ($edit_submit) { $apf_news_category->setUpdateAt(DB_DataObject_Cast::dateTime()); $apf_news_category->update(); $log_string = $i18n->_("Update") . $i18n->_("NewsCategory") . "\t{$_POST['category_name']}=>{$_POST['ID']}"; logFileString($log_string); $this->forward("news/apf_news_category/update/" . $_POST['ID'] . "/ok"); } else { $apf_news_category->setCreatedAt(DB_DataObject_Cast::dateTime()); $insert_id = $apf_news_category->insert(); $log_string = $i18n->_("Create") . $i18n->_("NewsCategory") . "\t{$_POST['category_name']}"; logFileString($log_string); $apf_news_category->get($insert_id); $apf_news_category->setOrderid($insert_id); $apf_news_category->update(); $this->forward("news/apf_news_category/"); } } else { $template->setFile(array("MAIN" => "apf_news_category_edit.html")); $template->setBlock("MAIN", "edit_block"); array_shift($ActiveOption); $template->setVar(array("WEBDIR" => $WebBaseDir, "ACTIVEOPTION" => radioTag("active", $ActiveOption, $_POST['active']), "DOACTION" => $do_action)); foreach ($val as $k => $v) { if ($v == false) { $template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ ")); } } $template->setVar(array("ID" => $_POST['ID'], "CATEGORY_NAME" => $_POST['category_name'], "ORDERID" => $_POST['orderid'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at'])); } }
function doEditProductPrice() { global $CurrencyFormat; require_once 'I18N/Currency.php'; $args = func_get_args(); $price = $args[0]; $product_id = $args[1]; $company_id = $args[2]; $apf_product_price = DB_DataObject::factory('ApfProductPrice'); $apf_product_price->setCompanyId($company_id); $apf_product_price->setProductId($product_id); $apf_product_price->setPrice($price); $apf_product_price->setCreatedAt(DB_DataObject_Cast::dateTime()); $apf_product_price->insert(); $currency = new I18N_Currency($CurrencyFormat); return "<div ondblclick=\"editPrice('" . $product_id . "','" . $company_id . "','" . $price . "')\" >" . $currency->format($price) . "</div>"; }
function handleFormData($edit_submit = false) { global $template, $WebBaseDir, $i18n, $AddIP, $userid, $group_ids; $apf_dailyreport = DB_DataObject::factory('ApfDailyreport'); if ($edit_submit) { $apf_dailyreport->get($apf_dailyreport->escape($_POST['ID'])); $do_action = "updatesubmit"; } else { $do_action = "addsubmit"; } $apf_dailyreport->setTitle(stripslashes(trim($_POST['title']))); $apf_dailyreport->setContent(stripslashes(trim($_POST['content']))); $apf_dailyreport->setFilldate(stripslashes(trim($_POST['filldate']))); $apf_dailyreport->setActive(stripslashes(trim($_POST['active']))); $apf_dailyreport->setAddIp($AddIP); $apf_dailyreport->setGroupid($group_ids); $apf_dailyreport->setUserid($userid); $val = $apf_dailyreport->validate(); if ($val === TRUE) { if ($edit_submit) { $apf_dailyreport->setUpdateAt(DB_DataObject_Cast::dateTime()); $apf_dailyreport->update(); $log_string = $i18n->_("Update") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['ID']}"; logFileString($log_string); $this->forward("dailyreport/apf_dailyreport/update/" . $_POST['ID'] . "/ok"); } else { $apf_dailyreport->setCreatedAt(DB_DataObject_Cast::dateTime()); $apf_dailyreport->insert(); $log_string = $i18n->_("Create") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['create_date']}"; logFileString($log_string); $this->forward("dailyreport/apf_dailyreport/"); } } else { $template->setFile(array("MAIN" => "apf_dailyreport_edit.html")); $template->setBlock("MAIN", "edit_block"); $template->setVar(array("WEBDIR" => $WebBaseDir, "FILL_DATE" => inputDateTag("filldate", $_POST['filldate']), "TEXTAREACONTENT" => textareaTag("content", $_POST['content'], true), "DOACTION" => $do_action)); foreach ($val as $k => $v) { if ($v == false) { $template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ ")); } } $template->setVar(array("ID" => $_POST['id'], "TITLE" => $_POST['title'], "CONTENT" => $_POST['content'], "FILLDATE" => $_POST['filldate'], "ACTIVE" => $_POST['active'], "GROUPID" => $_POST['groupid'], "USERID" => $_POST['userid'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at'])); } }
function handleFormData($edit_submit = false) { global $template, $WebBaseDir, $i18n; $apf_product_price = DB_DataObject::factory('ApfProductPrice'); if ($edit_submit) { $apf_product_price->get($apf_product_price->escape($_POST['ID'])); $do_action = "updatesubmit"; } else { $do_action = "addsubmit"; } $apf_product_price->setCompanyId(stripslashes(trim($_POST['company_id']))); $apf_product_price->setProductId(stripslashes(trim($_POST['product_id']))); $apf_product_price->setPrice(stripslashes(trim($_POST['price']))); $apf_product_price->setAddIp(stripslashes(trim($_POST['add_ip']))); $apf_product_price->setCreatedAt(stripslashes(trim($_POST['created_at']))); $apf_product_price->setUpdateAt(stripslashes(trim($_POST['update_at']))); $val = $apf_product_price->validate(); if ($val === TRUE) { if ($edit_submit) { $apf_product_price->setUpdateAt(DB_DataObject_Cast::dateTime()); $apf_product_price->update(); $this->forward("product/apf_product_price/update/" . $_POST['ID'] . "/ok"); } else { $apf_product_price->setCreatedAt(DB_DataObject_Cast::dateTime()); $apf_product_price->insert(); $this->forward("product/apf_product_price/"); } } else { $template->setFile(array("MAIN" => "apf_product_price_edit.html")); $template->setBlock("MAIN", "edit_block"); $template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action)); foreach ($val as $k => $v) { if ($v == false) { $template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ ")); } } $template->setVar(array("ID" => $_POST['id'], "COMPANY_ID" => $_POST['company_id'], "PRODUCT_ID" => $_POST['product_id'], "PRICE" => $_POST['price'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at'])); } }
function handleFormData($edit_submit = false) { global $template, $WebBaseDir, $i18n; $apf_groups = DB_DataObject::factory('ApfGroups'); if ($edit_submit) { $apf_groups->get($apf_groups->escape($_POST['ID'])); $do_action = "updatesubmit"; } else { $do_action = "addsubmit"; } $apf_groups->setGroupType(stripslashes(trim($_POST['group_type']))); $apf_groups->setGroupDefineName(stripslashes(trim($_POST['group_define_name']))); $apf_groups->setIsActive(stripslashes(trim($_POST['is_active']))); $apf_groups->setOwnerUserId(stripslashes(trim($_POST['owner_user_id']))); $apf_groups->setOwnerGroupId(stripslashes(trim($_POST['owner_group_id']))); $val = $apf_groups->validate(); if ($val === TRUE) { if ($edit_submit) { $apf_groups->setUpdateAt(DB_DataObject_Cast::dateTime()); $apf_groups->update(); $this->forward("users/apf_groups/update/" . $_POST['ID'] . "/ok"); } else { $apf_groups->setCreatedAt(DB_DataObject_Cast::dateTime()); $apf_groups->insert(); $this->forward("users/apf_groups/"); } } else { $template->setFile(array("MAIN" => "apf_groups_edit.html")); $template->setBlock("MAIN", "edit_block"); $template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action)); foreach ($val as $k => $v) { if ($v == false) { $template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ ")); } } $template->setVar(array("GROUP_ID" => $_POST['group_id'], "GROUP_TYPE" => $_POST['group_type'], "GROUP_DEFINE_NAME" => $_POST['group_define_name'], "IS_ACTIVE" => $_POST['is_active'], "OWNER_USER_ID" => $_POST['owner_user_id'], "OWNER_GROUP_ID" => $_POST['owner_group_id'])); } }
function create($args, $apidata) { parent::handle($args); if ($_SERVER['REQUEST_METHOD'] != 'POST') { $this->clientError(_('This method requires a POST.'), 400, $apidata['content-type']); return; } $id = $apidata['api_arg']; $other = $this->get_user($id); if (!$other) { $this->clientError(_('Could not follow user: User not found.'), 403, $apidata['content-type']); return; } $user = $apidata['user']; if ($user->isSubscribed($other)) { $errmsg = sprintf(_('Could not follow user: %s is already on your list.'), $other->nickname); $this->clientError($errmsg, 403, $apidata['content-type']); return; } $sub = new Subscription(); $sub->query('BEGIN'); $sub->subscriber = $user->id; $sub->subscribed = $other->id; $sub->created = DB_DataObject_Cast::dateTime(); # current time $result = $sub->insert(); if (!$result) { $errmsg = sprintf(_('Could not follow user: %s is already on your list.'), $other->nickname); $this->clientError($errmsg, 400, $apidata['content-type']); return; } $sub->query('COMMIT'); mail_subscribe_notify($other, $user); $type = $apidata['content-type']; $this->init_document($type); $this->show_profile($other, $type); $this->end_document($type); }
function handleFormData($edit_submit = false) { global $template, $WebBaseDir, $i18n; $apf_rights = DB_DataObject::factory('ApfRights'); if ($edit_submit) { $apf_rights->get($apf_rights->escape($_POST['ID'])); $do_action = "updatesubmit"; } else { $do_action = "addsubmit"; } $apf_rights->setAreaId(stripslashes(trim($_POST['area_id']))); $apf_rights->setRightDefineName(stripslashes(trim($_POST['right_define_name']))); $apf_rights->setHasImplied(stripslashes(trim($_POST['has_implied']))); $val = $apf_rights->validate(); if ($val === TRUE) { if ($edit_submit) { $apf_rights->setUpdateAt(DB_DataObject_Cast::dateTime()); $apf_rights->update(); $this->forward("users/apf_rights/update/" . $_POST['ID'] . "/ok"); } else { $apf_rights->setCreatedAt(DB_DataObject_Cast::dateTime()); $apf_rights->insert(); $this->forward("users/apf_rights/"); } } else { $template->setFile(array("MAIN" => "apf_rights_edit.html")); $template->setBlock("MAIN", "edit_block"); $template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action)); foreach ($val as $k => $v) { if ($v == false) { $template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ ")); } } $template->setVar(array("RIGHT_ID" => $_POST['right_id'], "AREA_ID" => $_POST['area_id'], "RIGHT_DEFINE_NAME" => $_POST['right_define_name'], "HAS_IMPLIED" => $_POST['has_implied'])); } }
function handleFileFormData($edit_submit = false) { global $template, $WebBaseDir, $i18n, $DocumentDir, $ClassDir, $AddIP, $userid, $group_ids; $apf_files = DB_DataObject::factory('ApfFiles'); if ($edit_submit) { $apf_files->get($apf_files->escape($_POST['ID'])); $do_action = "updatefilesubmit"; } else { $do_action = "addfilesubmit"; } $apf_files->setName(stripslashes(trim($_POST['name']))); $apf_files->setParent(stripslashes(trim($_POST['parent']))); $apf_files->setDescription(stripslashes(trim($_POST['description']))); $apf_files->setMajorRevision(stripslashes(trim($_POST['major_revision']))); $apf_files->setMinorRevision(stripslashes(trim($_POST['minor_revision']))); $apf_files->setPassword(stripslashes(trim($_POST['password']))); $apf_files->setActive(stripslashes(trim($_POST['active']))); $apf_files->setAccess(stripslashes(trim($_POST['access']))); $apf_files->setAddIp($AddIP); $apf_files->setGroupid($group_ids); $apf_files->setUserid($userid); $UploadDocumentDir = $DocumentDir . $this->getFolderByPID($_POST['parent']); if ($_POST['filename_del'] == 'Y') { unlink($UploadDocumentDir . $_POST['filename_old']); $apf_files->setFilename(""); $_POST['filename_old'] = ""; } if ($_POST['upload_temp']) { $apf_files->setFilename($_POST['upload_temp']); } $allow_upload_file = TRUE; if ($_FILES['filename']['name']) { require_once $ClassDir . "FileHelper.class.php"; $upload_data = FileHelper::uploadDocumentFile($UploadDocumentDir); // Var_Dump::display($upload_data); $allow_upload_file = $upload_data["upload_state"]; if ($allow_upload_file) { $filenames_arr = $upload_data["upload_msg"]; if ($filename_pic = $filenames_arr['filename']) { $apf_files->setFilename($filename_pic); $apf_files->setExt($filenames_arr['exten_name']); $apf_files->setFSize($filenames_arr['file_size']); $_POST['upload_temp'] = $filename_pic; } } else { $upload_error_msg = $upload_data["upload_msg"]; } } $val = $apf_files->validate(); if ($val === TRUE && $allow_upload_file === TRUE) { if ($edit_submit) { $apf_files->setUpdateAt(DB_DataObject_Cast::dateTime()); $apf_files->update(); $this->forward("document/apf_folders/update/" . $_POST['ID'] . "/ok"); } else { $apf_files->setCreatedAt(DB_DataObject_Cast::dateTime()); $apf_files->insert(); $log_string = $i18n->_("Create") . $i18n->_("File") . "\t{$_POST['name']}"; logFileString($log_string); $this->forward("document/apf_folders/list/{$_POST['parent']}"); } } else { $template->setFile(array("MAIN" => "apf_files_edit.html")); $template->setBlock("MAIN", "edit_block"); $template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action)); if (is_array($val)) { foreach ($val as $k => $v) { if ($v == false) { $template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ ")); } } } if ($allow_upload_file !== TRUE) { $template->setVar(array("FILENAME_ERROR_MSG" => " ↓ {$upload_error_msg} ↓ ")); } $template->setVar(array("ID" => $_POST['id'], "NAME" => $_POST['name'], "PARENT" => $_POST['parent'], "FILENAME" => $_POST['filename'], "F_SIZE" => $_POST['f_size'], "DESCRIPTION" => $_POST['description'], "CHECKED_OUT" => $_POST['checked_out'], "MAJOR_REVISION" => $_POST['major_revision'], "MINOR_REVISION" => $_POST['minor_revision'], "URL" => $_POST['url'], "PASSWORD" => $_POST['password'], "USERID" => $_POST['userid'], "GROUPID" => $_POST['groupid'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at'])); } }
function handleFormData($edit_submit = false) { global $template, $WebBaseDir, $i18n, $AddIP, $userid, $UploadDir, $ClassDir, $group_ids; $apf_selfproduct = DB_DataObject::factory('ApfSelfproduct'); if ($edit_submit) { $apf_selfproduct->get($apf_selfproduct->escape($_POST['ID'])); $do_action = "updatesubmit"; } else { $do_action = "addsubmit"; } $apf_selfproduct->setProductname(stripslashes(trim($_POST['productname']))); $apf_selfproduct->setRetailprice(stripslashes(trim($_POST['retailprice']))); $apf_selfproduct->setWholesaleprice(stripslashes(trim($_POST['wholesaleprice']))); $apf_selfproduct->setCostprice(stripslashes(trim($_POST['costprice']))); $apf_selfproduct->setReleasedate(stripslashes(trim($_POST['releasedate']))); $apf_selfproduct->setMemo(stripslashes(trim($_POST['memo']))); $apf_selfproduct->setAccess(stripslashes(trim($_POST['access']))); $apf_selfproduct->setActive(stripslashes(trim($_POST['active']))); $apf_selfproduct->setAddIp($AddIP); $apf_selfproduct->setGroupid($group_ids); $apf_selfproduct->setUserid($userid); if ($_POST['photo_del'] == 'Y') { unlink($UploadDir . $_POST['photo_old']); $apf_selfproduct->setPhoto(""); $_POST['photo_old'] = ""; } if ($_POST['upload_temp']) { $apf_selfproduct->setPhoto($_POST['upload_temp']); } $allow_upload_file = TRUE; if ($_FILES['photo']['name']) { require_once $ClassDir . "FileHelper.class.php"; $upload_data = FileHelper::uploadFile("product"); $allow_upload_file = $upload_data["upload_state"]; if ($allow_upload_file) { $photos_arr = $upload_data["upload_msg"]; if ($photo_pic = $photos_arr['photo']) { $apf_selfproduct->setPhoto($photo_pic); $_POST['upload_temp'] = $photo_pic; } } else { $upload_error_msg = $upload_data["upload_msg"]; } } $val = $apf_selfproduct->validate(); if ($val === TRUE && $allow_upload_file === TRUE) { if ($edit_submit) { $apf_selfproduct->setUpdateAt(DB_DataObject_Cast::dateTime()); $apf_selfproduct->update(); $log_string = $i18n->_("Update") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['ID']}"; logFileString($log_string); $this->forward("selfproduct/apf_selfproduct/update/" . $_POST['ID'] . "/ok"); } else { $apf_selfproduct->setCreatedAt(DB_DataObject_Cast::dateTime()); $apf_selfproduct->insert(); $log_string = $i18n->_("Create") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['create_date']}"; logFileString($log_string); $this->forward("selfproduct/apf_selfproduct/"); } } else { $template->setFile(array("MAIN" => "apf_selfproduct_edit.html")); $template->setBlock("MAIN", "edit_block"); $template->setVar(array("WEBDIR" => $WebBaseDir, "RELEASE_DATE" => inputDateTag("releasedate", $_POST['releasedate']), "FILEPHOTO" => fileTag("photo", $_POST['photo']), "MEMOTEXT" => textareaTag('memo', $_POST['memo'], false, "ROWS=\"8\" COLS=\"40\""), "DOACTION" => $do_action)); foreach ($val as $k => $v) { if ($v == false) { $template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ ")); } } $template->setVar(array("ID" => $_POST['id'], "PRODUCTNAME" => $_POST['productname'], "RETAILPRICE" => $_POST['retailprice'], "WHOLESALEPRICE" => $_POST['wholesaleprice'], "COSTPRICE" => $_POST['costprice'], "PHOTO" => $_POST['photo'], "RELEASEDATE" => $_POST['releasedate'], "MEMO" => $_POST['memo'], "ACCESS" => $_POST['access'], "ACTIVE" => $_POST['active'], "GROUPID" => $_POST['groupid'], "USERID" => $_POST['userid'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at'])); } }
function handleFormData($edit_submit = false) { global $template, $WebBaseDir, $i18n, $TimeOption, $ActiveOption, $AddIP, $userid, $group_ids, $ClassDir, $UploadDir; $apf_schedule = DB_DataObject::factory('ApfSchedule'); if ($edit_submit) { $apf_schedule->get($apf_schedule->escape($_POST['ID'])); $do_action = "updatesubmit"; } else { $do_action = "addsubmit"; } $apf_schedule->setTitle(stripslashes(trim($_POST['title']))); $apf_schedule->setDescription(stripslashes(trim($_POST['description']))); $apf_schedule->setPublishDate(DB_DataObject_Cast::date(stripslashes(trim($_POST['publish_date'])))); $apf_schedule->setPublishStarttime(DB_DataObject_Cast::time(stripslashes(trim($_POST['publish_starttime'])))); $apf_schedule->setPublishEndtime(DB_DataObject_Cast::time(stripslashes(trim($_POST['publish_endtime'])))); $apf_schedule->setImage(stripslashes(trim($_POST['image']))); $apf_schedule->setActive(stripslashes(trim($_POST['active']))); $apf_schedule->setAddIp($AddIP); $apf_schedule->setGroupid($group_ids); $apf_schedule->setUserid($userid); if ($_POST['image_del'] == 'Y') { unlink($UploadDir . $_POST['image_old']); $apf_schedule->setImage(""); $_POST['image_old'] = ""; } if ($_POST['upload_temp']) { $apf_schedule->setImage($_POST['upload_temp']); } $allow_upload_file = TRUE; if ($_FILES['image']['name']) { require_once $ClassDir . "FileHelper.class.php"; $upload_data = FileHelper::uploadFile("schedule"); $allow_upload_file = $upload_data["upload_state"]; if ($allow_upload_file) { $images_arr = $upload_data["upload_msg"]; if ($image_pic = $images_arr['image']) { $apf_schedule->setImage($image_pic); $_POST['upload_temp'] = $image_pic; } } else { $upload_error_msg = $upload_data["upload_msg"]; } } $val = $apf_schedule->validate(); if ($val === TRUE && $allow_upload_file === TRUE) { if ($edit_submit) { $apf_schedule->setUpdateAt(DB_DataObject_Cast::dateTime()); $apf_schedule->update(); $log_string = $i18n->_("Update") . $i18n->_("Schedule") . "\t{$_POST['title']}=>{$_POST['ID']}"; logFileString($log_string); $this->forward("schedule/apf_schedule/list/" . $_POST['ID'] . "/ok/?y=" . $_REQUEST['y'] . "&m=" . $_REQUEST['m'] . "&d=" . $_REQUEST['d'] . ""); } else { $apf_schedule->setCreatedAt(DB_DataObject_Cast::dateTime()); $apf_schedule->insert(); $log_string = $i18n->_("Create") . $i18n->_("Schedule") . "\t{$_POST['title']}"; logFileString($log_string); $this->forward("schedule/apf_schedule/list/?y=" . $_REQUEST['y'] . "&m=" . $_REQUEST['m'] . "&d=" . $_REQUEST['d'] . ""); } } else { $template->setFile(array("MAIN" => "apf_schedule_list.html")); $template->setBlock("MAIN", "edit_block"); if ($_REQUEST['y'] && $_REQUEST['m'] && $_REQUEST['d']) { $select_y = $_REQUEST['y']; $select_m = $_REQUEST['m']; $select_d = $_REQUEST['d']; } else { $next_week_time = $this->getDefaultDate(); $select_y = date("Y", $next_week_time); $select_m = date("m", $next_week_time); $select_d = date("d", $next_week_time); } $used_hours_arr = array(); $CalDailyView = $this->renderDayView($select_y, $select_m, $select_d, $used_hours_arr); $un_use_hour_arr = array_diff($TimeOption, $used_hours_arr); array_shift($ActiveOption); $template->setVar(array("WEBDIR" => $WebBaseDir, "IMAGES_FILE" => fileTag('image', $_POST['upload_temp'] ? $_POST['upload_temp'] : $_POST['image_old']), "STATUS_FIELD" => selectTag('status', $ActiveOption, $_POST['status']), "LEFT_CALENDAR" => $this->renderMonthView(), "DAY_VIEW" => $CalDailyView, "PUBLISH_STARTTIME_OPTION" => selectTag('publish_starttime', $un_use_hour_arr, $_POST['publish_starttime']), "PUBLISH_ENDTIME_OPTION" => selectTag('publish_endtime', $un_use_hour_arr, $_POST['publish_endtime']), "DOACTION" => $do_action, "PUBLISH_DATE" => "{$select_y}-{$select_m}-{$select_d}", "Y" => $select_y, "M" => $select_m, "D" => $select_d)); if (is_array($val)) { foreach ($val as $k => $v) { if ($v == false) { $template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ Please check here ↓ ")); } } } foreach ($val as $k => $v) { if ($v == false) { $template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ ")); } } $template->setVar(array("ID" => $_POST['id'], "TITLE" => $_POST['title'], "DESCRIPTION" => $_POST['description'], "PUBLISH_DATE" => $_POST['publish_date'], "PUBLISH_STARTTIME" => $_POST['publish_starttime'], "PUBLISH_ENDTIME" => $_POST['publish_endtime'], "IMAGE" => $_POST['image'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at'])); } }
function handleFormData($edit_submit = false) { global $template, $WebBaseDir, $PhpbbDir, $i18n, $luadmin, $ClassDir, $AllowUploadFilesType, $UploadDir; $apf_users = DB_DataObject::factory('ApfUsers'); if ($edit_submit) { $apf_users->get($apf_users->escape($_POST['ID'])); $do_action = "updatesubmit"; } else { $do_action = "addsubmit"; } $apf_users->setUserName(stripslashes(trim($_POST['user_name']))); $apf_users->setGender(stripslashes(trim($_POST['gender']))); $apf_users->setAddrees(stripslashes(trim($_POST['addrees']))); $apf_users->setPhone(stripslashes(trim($_POST['phone']))); $apf_users->setEmail(stripslashes(trim($_POST['email']))); $apf_users->setPhoto(stripslashes(trim($_POST['photo']))); $apf_users->setRoleId(stripslashes(trim($_POST['role_id']))); $apf_users->setActive(stripslashes(trim($_POST['active']))); $apf_users->setAddIp(stripslashes(trim($_POST['add_ip']))); $apf_users->setCreatedAt(stripslashes(trim($_POST['created_at']))); $apf_users->setUpdateAt(stripslashes(trim($_POST['update_at']))); if ($_POST['photo_del'] == 'Y') { unlink($UploadDir . $_POST['photo_old']); $apf_users->setPhoto(""); $_POST['photo_old'] = ""; } $allow_upload_file = TRUE; if ($_FILES['photo']['name']) { require_once 'HTTP/Upload.php'; require_once $ClassDir . "FileHelper.class.php"; $upload = new http_upload(); $file = $upload->getFiles('photo'); $file->setValidExtensions($AllowUploadFilesType, 'accept'); if (PEAR::isError($file)) { $allow_upload_file = FALSE; $upload_error_msg = $file->getMessage(); } if ($file->isValid()) { $file->setName('uniq'); $current_date = FileHelper::createCategoryDir($UploadDir, "users"); $date_photo_dir = $UploadDir . $current_date; $dest_name = $file->moveTo($date_photo_dir); if (PEAR::isError($dest_name)) { $allow_upload_file = FALSE; $upload_error_msg = $dest_name->getMessage(); } else { $real = $file->getProp('real'); $apf_users->setPhoto($current_date . $dest_name); } } elseif ($file->isError()) { $allow_upload_file = FALSE; $upload_error_msg = $file->errorMsg(); } } $val = $apf_users->validate(); // Var_Dump($val); if ($val === TRUE && $allow_upload_file === TRUE) { if ($edit_submit) { $apf_users->setUpdateAt(DB_DataObject_Cast::dateTime()); $apf_users->update(); $password = stripslashes(trim($_POST['user_pwd'])) ? stripslashes(trim($_POST['user_pwd'])) : stripslashes(trim($_POST['old_password'])); if (stripslashes(trim($_POST['user_pwd']))) { $data = array('handle' => stripslashes(trim($_POST['user_name'])), 'passwd' => $password); $updated = $luadmin->updateUser($data, $_POST['ID']); } $this->forward("users/apf_users/update/" . $_POST['ID'] . "/ok"); } else { $data = array('handle' => stripslashes(trim($_POST['user_name'])), 'passwd' => stripslashes(trim($_POST['user_pwd'])), 'perm_type' => 1); $user_id = $luadmin->addUser($data); $apf_users->get($apf_users->escape($user_id)); // $apf_users->debugLevel(4); $apf_users->update(); include_once $PhpbbDir . '/hook.php'; $phpbb_action = 'insert'; $phpbb_user['user_id'] = $user_id; // $uid变量是您要整合的系统中用户ID变量,根据系统不同自行修改,下同 $phpbb_user['username'] = stripslashes(trim($_POST['user_name'])); // 用户名 $phpbb_user['user_password'] = md5(stripslashes(trim($_POST['user_pwd']))); // 密码,注意必须是已经经过md5加密的密码 $phpbb_user['user_email'] = stripslashes(trim($_POST['email'])); // email phpbb_user($phpbb_action, $phpbb_user); $this->forward("users/apf_users/"); } } else { $template->setFile(array("MAIN" => "apf_users_edit.html")); $template->setBlock("MAIN", "edit_block"); $template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action)); foreach ($val as $k => $v) { if ($v == false) { $template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ ")); } } if ($allow_upload_file !== TRUE) { $template->setVar(array("PHOTO_ERROR_MSG" => " ↓ {$upload_error_msg} ↓ ")); } $template->setVar(array("ID" => $_POST['id'], "USER_NAME" => $_POST['user_name'], "USER_PWD" => $_POST['user_pwd'], "GENDER" => $_POST['gender'], "ADDREES" => $_POST['addrees'], "PHONE" => $_POST['phone'], "EMAIL" => $_POST['email'], "PHOTO" => $_POST['photo'], "ROLE_ID" => $_POST['role_id'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at'])); } }
function handleFormData($edit_submit = false) { global $template, $WebBaseDir, $i18n, $ActiveOption, $ClassDir, $UploadDir, $AllowUploadFilesType, $AddIP, $userid, $group_ids; $apf_product = DB_DataObject::factory('ApfProduct'); if ($edit_submit) { $apf_product->get($apf_product->escape($_POST['ID'])); $do_action = "updatesubmit"; } else { $do_action = "addsubmit"; } $apf_product->setCategory(stripslashes(trim($_POST['category']))); $apf_product->setCompanyId(stripslashes(trim($_POST['company_id']))); $apf_product->setName(stripslashes(trim($_POST['name']))); $apf_product->setPrice(stripslashes(trim($_POST['price']))); $apf_product->setMemo(stripslashes(trim($_POST['memo']))); $apf_product->setActive(stripslashes(trim($_POST['active']))); $apf_product->setAddIp($AddIP); $apf_product->setGroupid($group_ids); $apf_product->setUserid($userid); if ($_POST['photo_del'] == 'Y') { unlink($UploadDir . $_POST['photo_old']); $apf_product->setPhoto(""); $_POST['photo_old'] = ""; } if ($_POST['upload_temp']) { $apf_product->setPhoto($_POST['upload_temp']); } $allow_upload_file = TRUE; if ($_FILES['photo']['name']) { require_once $ClassDir . "FileHelper.class.php"; $upload_data = FileHelper::uploadFile("product"); $allow_upload_file = $upload_data["upload_state"]; if ($allow_upload_file) { $photos_arr = $upload_data["upload_msg"]; if ($photo_pic = $photos_arr['photo']) { $apf_product->setPhoto($photo_pic); $_POST['upload_temp'] = $photo_pic; } } else { $upload_error_msg = $upload_data["upload_msg"]; } } $val = $apf_product->validate(); if ($val === TRUE && $allow_upload_file === TRUE) { if ($edit_submit) { $apf_product->setUpdateAt(DB_DataObject_Cast::dateTime()); $apf_product->update(); $log_string = $i18n->_("Update") . $i18n->_("Product") . "\t{$_POST['name']}=>{$_POST['ID']}"; logFileString($log_string); $this->forward("product/apf_product/update/" . $_POST['ID'] . "/ok"); } else { $apf_product->setCreatedAt(DB_DataObject_Cast::dateTime()); $apf_product->insert(); $log_string = $i18n->_("Create") . $i18n->_("Product") . "\t{$_POST['name']}"; logFileString($log_string); $this->forward("product/apf_product/"); } } else { $template->setFile(array("MAIN" => "apf_product_edit.html")); $template->setBlock("MAIN", "edit_block"); $template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action)); $category_arr = $this->getCategory(); array_shift($ActiveOption); $template->setVar(array("CATEGORYOPTION" => selectTag("category", $category_arr, $_POST['category']), "FILEPHOTO" => fileTag("photo", $_POST['photo_old']), "ACTIVEOPTION" => radioTag("active", $ActiveOption, $_POST['active']))); foreach ($val as $k => $v) { if ($v == false) { $template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ ")); } } $template->setVar(array("ID" => $_POST['id'], "CATEGORY" => $_POST['category'], "COMPANY_ID" => $_POST['company_id'], "NAME" => $_POST['name'], "PRICE" => $_POST['price'], "PHOTO" => $_POST['photo'], "MEMO" => $_POST['memo'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at'])); } }
/** * * http://oauth.net/core/1.0/#nonce * "The Consumer SHALL then generate a Nonce value that is unique for * all requests with that timestamp." * XXX: It's not clear why the token is here * * @param type $consumer * @param type $token * @param type $nonce * @param type $timestamp * @return type */ function lookup_nonce($consumer, $token, $nonce, $timestamp) { $n = new Nonce(); $n->consumer_key = $consumer->key; $n->ts = common_sql_date($timestamp); $n->nonce = $nonce; if ($n->find(true)) { return true; } else { $n->created = DB_DataObject_Cast::dateTime(); $n->insert(); return false; } }
function setOriginal($filename) { $imagefile = new ImageFile($this->id, Avatar::path($filename)); $avatar = new Avatar(); $avatar->profile_id = $this->id; $avatar->width = $imagefile->width; $avatar->height = $imagefile->height; $avatar->mediatype = image_type_to_mime_type($imagefile->type); $avatar->filename = $filename; $avatar->original = true; $avatar->url = Avatar::url($filename); $avatar->created = DB_DataObject_Cast::dateTime(); # current time # XXX: start a transaction here if (!$this->delete_avatars() || !$avatar->insert()) { @unlink(Avatar::path($filename)); return null; } foreach (array(AVATAR_PROFILE_SIZE, AVATAR_STREAM_SIZE, AVATAR_MINI_SIZE) as $size) { # We don't do a scaled one if original is our scaled size if (!($avatar->width == $size && $avatar->height == $size)) { $scaled_filename = $imagefile->resize($size); //$scaled = DB_DataObject::factory('avatar'); $scaled = new Avatar(); $scaled->profile_id = $this->id; $scaled->width = $size; $scaled->height = $size; $scaled->original = false; $scaled->mediatype = image_type_to_mime_type($imagefile->type); $scaled->filename = $scaled_filename; $scaled->url = Avatar::url($scaled_filename); $scaled->created = DB_DataObject_Cast::dateTime(); # current time if (!$scaled->insert()) { return null; } } } return $avatar; }
/** * Save a subscription * * Saves the subscription from $subscriber_uri to $subscribed_user_uri. * Throws exceptions in case of error. * * @param string $subscriber_uri The OMB identifier URI specifying * the subscribing profile * * @param string $subscribed_user_uri The OMB identifier URI specifying * the subscribed profile * @param OAuthToken $token The access token * * @access public **/ public function saveSubscription($subscriber_uri, $subscribed_user_uri, $token) { $sub = new Subscription(); $subscribed = $this->_getAnyProfile($subscribed_user_uri); $subscriber = $this->_getAnyProfile($subscriber_uri); if (!$subscriber->hasRight(Right::SUBSCRIBE)) { common_log(LOG_INFO, __METHOD__ . ": remote subscriber banned ({$subscriber_uri} subbing to {$subscribed_user_uri})"); // TRANS: Error message displayed to a banned user when they try to subscribe. return _('You have been banned from subscribing.'); } $sub->subscribed = $subscribed->id; $sub->subscriber = $subscriber->id; $sub_exists = $sub->find(true); if ($sub_exists) { $orig_sub = clone $sub; } else { $sub->created = DB_DataObject_Cast::dateTime(); } $sub->token = $token->key; $sub->secret = $token->secret; if ($sub_exists) { $result = $sub->update($orig_sub); } else { $result = $sub->insert(); } if (!$result) { common_log_db_error($sub, $sub_exists ? 'UPDATE' : 'INSERT', __FILE__); // TRANS: Exception thrown when creating a new subscription fails in OAuth store. throw new Exception(_('Could not insert new subscription.')); return; } /* Notify user, if necessary. */ if ($subscribed instanceof User) { mail_subscribe_notify_profile($subscribed, Profile::staticGet($subscriber->id)); } }
function handleSubmit() { unset($_SESSION['openid_trust_root']); unset($_SESSION['openid_allow_url']); unset($_SESSION['openid_deny_url']); if ($this->arg('allow')) { //save to database $user_openid_trustroot = new User_openid_trustroot(); $user_openid_trustroot->user_id = $this->user->id; $user_openid_trustroot->trustroot = $this->trust_root; $user_openid_trustroot->created = DB_DataObject_Cast::dateTime(); if (!$user_openid_trustroot->insert()) { $err = PEAR::getStaticProperty('DB_DataObject', 'lastError'); } common_redirect($this->allowUrl, $code = 302); } else { common_redirect($this->denyUrl, $code = 302); } }
function new_request_token($consumer, $callback) { $t = new Token(); $t->consumer_key = $consumer->key; $t->tok = common_good_rand(16); $t->secret = common_good_rand(16); $t->type = 0; // request $t->state = 0; // unauthorized $t->verified_callback = $callback; if ($callback === 'oob') { // six digit pin $t->verifier = mt_rand(0, 9999999); } else { $t->verifier = common_good_rand(8); } $t->created = DB_DataObject_Cast::dateTime(); if (!$t->insert()) { return null; } else { return new OAuthToken($t->tok, $t->secret); } }
function new_access_token($token, $consumer) { common_debug('new_access_token("' . $token->key . '","' . $consumer->key . '")', __FILE__); $rt = new Token(); $rt->consumer_key = $consumer->key; $rt->tok = $token->key; $rt->type = 0; // request if ($rt->find(true) && $rt->state == 1) { // authorized common_debug('request token found.', __FILE__); $at = new Token(); $at->consumer_key = $consumer->key; $at->tok = common_good_rand(16); $at->secret = common_good_rand(16); $at->type = 1; // access $at->created = DB_DataObject_Cast::dateTime(); if (!$at->insert()) { $e = $at->_lastError; common_debug('access token "' . $at->tok . '" not inserted: "' . $e->message . '"', __FILE__); return null; } else { common_debug('access token "' . $at->tok . '" inserted', __FILE__); // burn the old one $orig_rt = clone $rt; $rt->state = 2; // used if (!$rt->update($orig_rt)) { return null; } common_debug('request token "' . $rt->tok . '" updated', __FILE__); // Update subscription // XXX: mixing levels here $sub = Subscription::staticGet('token', $rt->tok); if (!$sub) { return null; } common_debug('subscription for request token found', __FILE__); $orig_sub = clone $sub; $sub->token = $at->tok; $sub->secret = $at->secret; if (!$sub->update($orig_sub)) { return null; } else { common_debug('subscription updated to use access token', __FILE__); return new OAuthToken($at->tok, $at->secret); } } } else { return null; } }
function handleFormData($edit_submit = false) { global $template, $WebBaseDir, $i18n, $luadmin, $ClassDir, $AllowUploadFilesType, $UploadDir; include_once 'HTTP/UploadProgressMeter.class.php'; $fileWidget = new UploadProgressMeter(); $fileWidget->name = 'photo'; if ($fileWidget->uploadComplete()) { $fileWidget->finalStatus(); } $apf_users = DB_DataObject::factory('ApfUsers'); if ($edit_submit) { $apf_users->get($apf_users->escape($_POST['ID'])); $do_action = "updatesubmit"; } else { $do_action = "addsubmit"; } $apf_users->setUserName(stripslashes(trim($_POST['user_name']))); $apf_users->setRealname(stripslashes(trim($_POST['realname']))); $apf_users->setMemo(stripslashes(trim($_POST['memo']))); $apf_users->setGender(stripslashes(trim($_POST['gender']))); $apf_users->setAddrees(stripslashes(trim($_POST['addrees']))); $apf_users->setPhone(stripslashes(trim($_POST['phone']))); $apf_users->setEmail(stripslashes(trim($_POST['email']))); $apf_users->setRoleId(stripslashes(trim($_POST['role_id']))); $apf_users->setActive(stripslashes(trim($_POST['active']))); if ($_POST['photo_del'] == 'Y') { unlink($UploadDir . $_POST['photo_old']); $apf_users->setPhoto(""); $_POST['photo_old'] = ""; } if ($_POST['upload_temp']) { $apf_users->setPhoto($_POST['upload_temp']); } $allow_upload_file = TRUE; if ($_FILES['photo']['name']) { require_once $ClassDir . "FileHelper.class.php"; $upload_data = FileHelper::uploadFile("users"); $allow_upload_file = $upload_data["upload_state"]; if ($allow_upload_file) { $photos_arr = $upload_data["upload_msg"]; if ($photo_pic = $photos_arr['photo']) { $apf_users->setPhoto($photo_pic); $_POST['upload_temp'] = $photo_pic; } } else { $upload_error_msg = $upload_data["upload_msg"]; } } $val = $apf_users->validate(); if ($val === TRUE && $allow_upload_file === TRUE) { if ($edit_submit) { $apf_users->setUpdateAt(DB_DataObject_Cast::dateTime()); $apf_users->update(); $password = stripslashes(trim($_POST['user_pwd'])) ? stripslashes(trim($_POST['user_pwd'])) : stripslashes(trim($_POST['old_password'])); if (stripslashes(trim($_POST['user_pwd']))) { $data = array('handle' => stripslashes(trim($_POST['user_name'])), 'passwd' => $password); $updated = $luadmin->updateUser($data, $_POST['ID']); } //remove from group $filter = array('perm_user_id' => $_POST['ID'], 'group_id' => $_POST['old_group']); $luadmin->perm->removeUserFromGroup($filter); //add from group $data = array('perm_user_id' => $_POST['ID'], 'group_id' => $_POST['group']); $luadmin->perm->addUserToGroup($data); $this->forward("users/apf_users/update/" . $_POST['ID'] . "/ok"); } else { $data = array('handle' => stripslashes(trim($_POST['user_name'])), 'passwd' => stripslashes(trim($_POST['user_pwd'])), 'perm_type' => 1); $user_id = $luadmin->addUser($data); // add new group $data = array('perm_user_id' => $user_id, 'group_id' => $_POST['group']); $luadmin->perm->addUserToGroup($data); $apf_users->get($apf_users->escape($user_id)); // $apf_users->debugLevel(4); $apf_users->update(); $this->forward("users/apf_users/"); } } else { $template->setFile(array("MAIN" => "apf_users_edit.html")); $template->setBlock("MAIN", "edit_block"); $template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action)); foreach ($val as $k => $v) { if ($v == false) { $template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ ")); } } if ($allow_upload_file !== TRUE) { $template->setVar(array("PHOTO_ERROR_MSG" => " ↓ {$upload_error_msg} ↓ ")); } $template->setVar(array("ID" => $_POST['id'], "USER_NAME" => $_POST['user_name'], "USER_PWD" => $_POST['user_pwd'], "GENDER" => $_POST['gender'], "ADDREES" => $_POST['addrees'], "PHONE" => $_POST['phone'], "EMAIL" => $_POST['email'], "PHOTO" => $_POST['photo'], "ROLE_ID" => $_POST['role_id'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at'])); } }
function gravatar_save() { $cur = common_current_user(); if (empty($cur->email)) { return array('message' => _m('You do not have an email address set in your profile.'), 'success' => false); } //Get rid of previous Avatar $this->gravatar_remove(); foreach (array(AVATAR_PROFILE_SIZE, AVATAR_STREAM_SIZE, AVATAR_MINI_SIZE) as $size) { $gravatar = new Avatar(); $gravatar->profile_id = $cur->id; $gravatar->width = $size; $gravatar->height = $size; $gravatar->original = false; //No file, so no original $gravatar->mediatype = 'img'; //XXX: Unsure what to put here //$gravatar->filename = null;//No filename. Remote $gravatar->url = $this->gravatar_url($cur->email, $size); $gravatar->created = DB_DataObject_Cast::dateTime(); # current time if (!$gravatar->insert()) { return array('message' => _m('Failed to save Gravatar to the database.'), 'success' => false); } } return array('message' => _m('Gravatar added.'), 'success' => true); }
function handleFormData($edit_submit = false) { global $template, $WebBaseDir, $i18n, $UploadDir, $ClassDir, $AddIP, $userid, $group_ids; $apf_selfcompany = DB_DataObject::factory('ApfSelfcompany'); if ($edit_submit) { $apf_selfcompany->get($apf_selfcompany->escape($_POST['ID'])); $do_action = "updatesubmit"; } else { $do_action = "addsubmit"; } $apf_selfcompany->setName(stripslashes(trim($_POST['name']))); $apf_selfcompany->setAddrees(stripslashes(trim($_POST['addrees']))); $apf_selfcompany->setPhone(stripslashes(trim($_POST['phone']))); $apf_selfcompany->setFax(stripslashes(trim($_POST['fax']))); $apf_selfcompany->setEmail(stripslashes(trim($_POST['email']))); $apf_selfcompany->setHomepage(stripslashes(trim($_POST['homepage']))); $apf_selfcompany->setEmployee(stripslashes(trim($_POST['employee']))); $apf_selfcompany->setBankroll(stripslashes(trim($_POST['bankroll']))); $apf_selfcompany->setLinkMan(stripslashes(trim($_POST['link_man']))); $apf_selfcompany->setIncorporator(stripslashes(trim($_POST['incorporator']))); $apf_selfcompany->setIndustry(stripslashes(trim($_POST['industry']))); $apf_selfcompany->setTaxaccounts(stripslashes(trim($_POST['taxaccounts']))); $apf_selfcompany->setBankaccounts(stripslashes(trim($_POST['bankaccounts']))); $apf_selfcompany->setProducts(stripslashes(trim($_POST['products']))); $apf_selfcompany->setMemo(stripslashes(trim($_POST['memo']))); $apf_selfcompany->setActive(stripslashes(trim($_POST['active']))); $apf_selfcompany->setAccess(stripslashes(trim($_POST['access']))); $apf_selfcompany->setAddIp($AddIP); $apf_selfcompany->setGroupid($group_ids); $apf_selfcompany->setUserid($userid); if ($_POST['photo_del'] == 'Y') { unlink($UploadDir . $_POST['photo_old']); $apf_selfcompany->setPhoto(""); $_POST['photo_old'] = ""; } if ($_POST['upload_temp']) { $apf_selfcompany->setPhoto($_POST['upload_temp']); } $allow_upload_file = TRUE; if ($_FILES['photo']['name']) { require_once $ClassDir . "FileHelper.class.php"; $upload_data = FileHelper::uploadFile("product"); $allow_upload_file = $upload_data["upload_state"]; if ($allow_upload_file) { $photos_arr = $upload_data["upload_msg"]; if ($photo_pic = $photos_arr['photo']) { $apf_selfcompany->setPhoto($photo_pic); $_POST['upload_temp'] = $photo_pic; } } else { $upload_error_msg = $upload_data["upload_msg"]; } } $val = $apf_selfcompany->validate(); if ($val === TRUE && $allow_upload_file === TRUE) { if ($edit_submit) { $apf_selfcompany->setUpdateAt(DB_DataObject_Cast::dateTime()); $apf_selfcompany->update(); $log_string = $i18n->_("Update") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['ID']}"; logFileString($log_string); $this->forward("selfcompany/apf_selfcompany/update/" . $_POST['ID'] . "/ok"); } else { $apf_selfcompany->setCreatedAt(DB_DataObject_Cast::dateTime()); $apf_selfcompany->insert(); $log_string = $i18n->_("Create") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['create_date']}"; logFileString($log_string); $this->forward("selfcompany/apf_selfcompany/"); } } else { $template->setFile(array("MAIN" => "apf_selfcompany_edit.html")); $template->setBlock("MAIN", "edit_block"); $template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action)); foreach ($val as $k => $v) { if ($v == false) { $template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ ")); } } $template->setVar(array("ID" => $_POST['id'], "NAME" => $_POST['name'], "ADDREES" => $_POST['addrees'], "PHONE" => $_POST['phone'], "FAX" => $_POST['fax'], "EMAIL" => $_POST['email'], "PHOTO" => $_POST['photo'], "HOMEPAGE" => $_POST['homepage'], "EMPLOYEE" => $_POST['employee'], "BANKROLL" => $_POST['bankroll'], "LINK_MAN" => $_POST['link_man'], "INCORPORATOR" => $_POST['incorporator'], "INDUSTRY" => $_POST['industry'], "TAXACCOUNTS" => $_POST['taxaccounts'], "BANKACCOUNTS" => $_POST['bankaccounts'], "PRODUCTS" => $_POST['products'], "MEMO" => $_POST['memo'], "ACTIVE" => $_POST['active'], "ACCESS" => $_POST['access'], "GROUPID" => $_POST['groupid'], "USERID" => $_POST['userid'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at'])); } }
function new_access_token($token, $consumer) { common_debug('new_access_token("' . $token->key . '","' . $consumer->key . '")', __FILE__); $rt = new Token(); $rt->consumer_key = $consumer->key; $rt->tok = $token->key; $rt->type = 0; // request $app = Oauth_application::getByConsumerKey($consumer->key); if (empty($app)) { common_debug("empty app!"); } if ($rt->find(true) && $rt->state == 1) { // authorized common_debug('request token found.', __FILE__); // find the associated user of the app $appUser = new Oauth_application_user(); $appUser->application_id = $app->id; $appUser->token = $rt->tok; $result = $appUser->find(true); if (!empty($result)) { common_debug("Oath app user found."); } else { common_debug("Oauth app user not found. app id {$app->id} token {$rt->tok}"); return null; } // go ahead and make the access token $at = new Token(); $at->consumer_key = $consumer->key; $at->tok = common_good_rand(16); $at->secret = common_good_rand(16); $at->type = 1; // access $at->created = DB_DataObject_Cast::dateTime(); if (!$at->insert()) { $e = $at->_lastError; common_debug('access token "' . $at->tok . '" not inserted: "' . $e->message . '"', __FILE__); return null; } else { common_debug('access token "' . $at->tok . '" inserted', __FILE__); // burn the old one $orig_rt = clone $rt; $rt->state = 2; // used if (!$rt->update($orig_rt)) { return null; } common_debug('request token "' . $rt->tok . '" updated', __FILE__); // update the token from req to access for the user $orig = clone $appUser; $appUser->token = $at->tok; // It's at this point that we change the access type // to whatever the application's access is. Request // tokens should always have an access type of 0, and // therefore be unuseable for making requests for // protected resources. $appUser->access_type = $app->access_type; $result = $appUser->update($orig); if (empty($result)) { common_debug('couldn\'t update OAuth app user.'); return null; } // Okay, good return new OAuthToken($at->tok, $at->secret); } } else { return null; } }
function handle($args) { parent::handle($args); if (common_logged_in()) { $this->clientError(_('You can use the local subscription!')); return; } $omb = $_SESSION['oauth_authorization_request']; if (!$omb) { $this->clientError(_('Not expecting this response!')); return; } common_debug('stored request: ' . print_r($omb, true), __FILE__); common_remove_magic_from_request(); $req = OAuthRequest::from_request(); $token = $req->get_parameter('oauth_token'); # I think this is the success metric if ($token != $omb['token']) { $this->clientError(_('Not authorized.')); return; } $version = $req->get_parameter('omb_version'); if ($version != OMB_VERSION_01) { $this->clientError(_('Unknown version of OMB protocol.')); return; } $nickname = $req->get_parameter('omb_listener_nickname'); if (!$nickname) { $this->clientError(_('No nickname provided by remote server.')); return; } $profile_url = $req->get_parameter('omb_listener_profile'); if (!$profile_url) { $this->clientError(_('No profile URL returned by server.')); return; } if (!Validate::uri($profile_url, array('allowed_schemes' => array('http', 'https')))) { $this->clientError(_('Invalid profile URL returned by server.')); return; } if ($profile_url == common_local_url('showstream', array('nickname' => $nickname))) { $this->clientError(_('You can use the local subscription!')); return; } common_debug('listenee: "' . $omb['listenee'] . '"', __FILE__); $user = User::staticGet('nickname', $omb['listenee']); if (!$user) { $this->clientError(_('User being listened to doesn\'t exist.')); return; } $other = User::staticGet('uri', $omb['listener']); if ($other) { $this->clientError(_('You can use the local subscription!')); return; } $fullname = $req->get_parameter('omb_listener_fullname'); $homepage = $req->get_parameter('omb_listener_homepage'); $bio = $req->get_parameter('omb_listener_bio'); $location = $req->get_parameter('omb_listener_location'); $avatar_url = $req->get_parameter('omb_listener_avatar'); list($newtok, $newsecret) = $this->access_token($omb); if (!$newtok || !$newsecret) { $this->clientError(_('Couldn\'t convert request tokens to access tokens.')); return; } # XXX: possible attack point; subscribe and return someone else's profile URI $remote = Remote_profile::staticGet('uri', $omb['listener']); if ($remote) { $exists = true; $profile = Profile::staticGet($remote->id); $orig_remote = clone $remote; $orig_profile = clone $profile; # XXX: compare current postNotice and updateProfile URLs to the ones # stored in the DB to avoid (possibly...) above attack } else { $exists = false; $remote = new Remote_profile(); $remote->uri = $omb['listener']; $profile = new Profile(); } $profile->nickname = $nickname; $profile->profileurl = $profile_url; if (!is_null($fullname)) { $profile->fullname = $fullname; } if (!is_null($homepage)) { $profile->homepage = $homepage; } if (!is_null($bio)) { $profile->bio = $bio; } if (!is_null($location)) { $profile->location = $location; } if ($exists) { $profile->update($orig_profile); } else { $profile->created = DB_DataObject_Cast::dateTime(); # current time $id = $profile->insert(); if (!$id) { $this->serverError(_('Error inserting new profile')); return; } $remote->id = $id; } if ($avatar_url) { if (!$this->add_avatar($profile, $avatar_url)) { $this->serverError(_('Error inserting avatar')); return; } } $remote->postnoticeurl = $omb['post_notice_url']; $remote->updateprofileurl = $omb['update_profile_url']; if ($exists) { if (!$remote->update($orig_remote)) { $this->serverError(_('Error updating remote profile')); return; } } else { $remote->created = DB_DataObject_Cast::dateTime(); # current time if (!$remote->insert()) { $this->serverError(_('Error inserting remote profile')); return; } } if ($user->hasBlocked($profile)) { $this->clientError(_('That user has blocked you from subscribing.')); return; } $sub = new Subscription(); $sub->subscriber = $remote->id; $sub->subscribed = $user->id; $sub_exists = false; if ($sub->find(true)) { $sub_exists = true; $orig_sub = clone $sub; } else { $sub_exists = false; $sub->created = DB_DataObject_Cast::dateTime(); # current time } $sub->token = $newtok; $sub->secret = $newsecret; if ($sub_exists) { $result = $sub->update($orig_sub); } else { $result = $sub->insert(); } if (!$result) { common_log_db_error($sub, $sub_exists ? 'UPDATE' : 'INSERT', __FILE__); $this->clientError(_('Couldn\'t insert new subscription.')); return; } # Notify user, if necessary mail_subscribe_notify_profile($user, $profile); # Clear the data unset($_SESSION['oauth_authorization_request']); # If we show subscriptions in reverse chron order, this should # show up close to the top of the page common_redirect(common_local_url('subscribers', array('nickname' => $user->nickname))); }