Exemple #1
0
 public function build($runData)
 {
     $c = new Criteria();
     $c->add("site_id", $runData->getTemp("site")->getSiteId());
     $c->addJoin("user_id", "ozone_user.user_id");
     $pl = $runData->getParameterList();
     $from = $pl->getParameterValue("group", "MODULE");
     $showSince = $pl->getParameterValue("showSince", "MODULE");
     if ($showSince == "no" || $showSince == "false" || $showSince == "get lost") {
         $showSince = false;
     } else {
         $showSince = true;
     }
     if ($pl->getParameterType("from") == "MODULE") {
         $from = $pl->getParameterValue("from");
     }
     if ($from !== "admins" && $from !== "moderators") {
         $from = null;
     }
     if ($from === "admins") {
         $mems = DB_AdminPeer::instance()->select($c);
     } elseif ($from === "moderators") {
         $mems = DB_ModeratorPeer::instance()->select($c);
     } else {
         $mems = DB_MemberPeer::instance()->select($c);
     }
     if (count($mems) > 0) {
         $runData->contextAdd("from", $from);
         $runData->contextAdd("memberships", $mems);
         $runData->contextAdd("showSince", $showSince);
     }
 }
Exemple #2
0
 private function canSetBlock($user, $page)
 {
     if ($user && ($user->getSuperAdmin() || $user->getSuperModerator())) {
         return true;
     }
     if (!$user) {
         return false;
     }
     // still nothing. check if moderator of "pages".
     $c = new Criteria();
     $c->add("site_id", $page->getSiteId());
     $c->add("user_id", $user->getUserId());
     $rel = DB_ModeratorPeer::instance()->selectOne($c);
     if ($rel && strpos($rel->getPermissions(), 'p') !== false) {
         return true;
     }
     // still nothing. check if admin.
     $c = new Criteria();
     $c->add("site_id", $page->getSiteId());
     $c->add("user_id", $user->getUserId());
     $rel = DB_AdminPeer::instance()->selectOne($c);
     if ($rel) {
         return true;
     }
     return false;
 }
 public function build($runData)
 {
     $pl = $runData->getParameterList();
     $threadId = $pl->getParameterValue("threadId");
     $site = $runData->getTemp("site");
     $user = $runData->getUser();
     $db = Database::connection();
     $db->begin();
     $thread = DB_ForumThreadPeer::instance()->selectByPrimaryKey($threadId);
     if ($thread == null || $thread->getSiteId() !== $site->getSiteId()) {
         throw new ProcessException(_("No thread found... Is it deleted?"), "no_thread");
     }
     // check if thread blocked
     if ($thread->getBlocked()) {
         // check if moderator or admin
         $c = new Criteria();
         $c->add("site_id", $site->getSiteId());
         $c->add("user_id", $user->getUserId());
         $rel = DB_ModeratorPeer::instance()->selectOne($c);
         if (!$rel || strpos($rel->getPermissions(), 'f') == false) {
             $rel = DB_AdminPeer::instance()->selectOne($c);
             if (!$rel) {
                 throw new WDPermissionException(_("Sorry, this thread is blocked. Nobody can add new posts nor edit existing ones."));
             }
         }
     }
     $category = $thread->getCategory();
     WDPermissionManager::instance()->hasForumPermission('edit_thread', $runData->getUser(), $category, $thread);
     $runData->contextAdd("thread", $thread);
     $db->commit();
 }
 public function build($runData)
 {
     $c = new Criteria();
     $c->add("site_id", $runData->getTemp("site")->getSiteId());
     $c->addJoin("user_id", "ozone_user.user_id");
     $c->addOrderAscending("ozone_user.nick_name");
     $mems = DB_ModeratorPeer::instance()->select($c);
     if (count($mems) > 0) {
         $runData->contextAdd("moderators", $mems);
     }
 }
 public function build($runData)
 {
     $userId = $runData->getUserId();
     // get all membership - criteria with join ;-) wooo!
     $c = new Criteria();
     $c->add("user_id", $userId);
     $c->addJoin("site_id", "site.site_id");
     $c->add("site.deleted", false);
     $mems = DB_ModeratorPeer::instance()->select($c);
     if (count($mems) > 0) {
         $runData->contextAdd("moderators", $mems);
     }
 }
 public function build($runData)
 {
     $pl = $runData->getParameterList();
     $postId = $pl->getParameterValue("postId", "AMODULE");
     $user = $runData->getUser();
     $site = $runData->getTemp("site");
     if ($postId == null || !is_numeric($postId)) {
         throw new ProcessException(_("No post specified."), "no_post");
     }
     $post = DB_ForumPostPeer::instance()->selectByPrimaryKey($postId);
     if ($post == null || $post->getSiteId() != $site->getSiteId()) {
         throw new ProcessException(_("No post specified."), "no_post");
     }
     $category = $post->getForumThread()->getCategory();
     WDPermissionManager::instance()->hasForumPermission('edit_post', $runData->getUser(), $category, null, $post);
     // check if thread blocked
     $thread = $post->getForumThread();
     if ($thread->getBlocked()) {
         // check if moderator or admin
         $c = new Criteria();
         $c->add("site_id", $site->getSiteId());
         $c->add("user_id", $user->getUserId());
         $rel = DB_ModeratorPeer::instance()->selectOne($c);
         if (!$rel || strpos($rel->getPermissions(), 'f') == false) {
             $rel = DB_AdminPeer::instance()->selectOne($c);
             if (!$rel) {
                 throw new WDPermissionException(_("Sorry, this thread is blocked. Nobody can add new posts nor edit existing ones."));
             }
         }
     }
     // OK for now...
     // keep the session - i.e. put an object into session storage not to delete it!!!
     $runData->sessionAdd("keep", true);
     $runData->contextAdd("post", $post);
     $runData->ajaxResponseAdd("postId", $postId);
     $userId = $runData->getUserId();
     if ($userId == null) {
         $userString = $runData->createIpString();
         $runData->contextAdd("anonymousString", $userString);
     }
 }
 public function build($runData)
 {
     $pl = $runData->getParameterList();
     $moderatorId = $pl->getParameterValue("moderatorId");
     $site = $runData->getTemp("site");
     $mod = DB_ModeratorPeer::instance()->selectByPrimaryKey($moderatorId);
     if ($mod == null || $mod->getSiteId() != $site->getSiteId()) {
         throw new ProcessException("No such moderator.");
     }
     $runData->contextAdd("moderator", $mod);
     $ps = $mod->getPermissions();
     if (strpos($ps, 'p') !== false) {
         $runData->contextAdd("ppages", true);
     }
     if (strpos($ps, 'f') !== false) {
         $runData->contextAdd("pforum", true);
     }
     if (strpos($ps, 'u') !== false) {
         $runData->contextAdd("pusers", true);
     }
     $runData->ajaxResponseAdd("moderatorId", $moderatorId);
 }
 public function saveModeratorPermissionsEvent($runData)
 {
     $pl = $runData->getParameterList();
     $moderatorId = $pl->getParameterValue("moderatorId");
     if ($moderatorId == null || !is_numeric($moderatorId)) {
         throw new ProcessException(_("Moderator does not exist."));
     }
     $mod = DB_ModeratorPeer::instance()->selectByPrimaryKey($moderatorId);
     if ($mod == null || $mod->getSiteId() != $runData->getTemp("site")->getSiteId()) {
         throw new ProcessException(_("Moderator does not exist."));
     }
     $ps = '';
     if ($pl->getParameterValue("pages")) {
         $ps .= 'p';
     }
     if ($pl->getParameterValue("forum")) {
         $ps .= 'f';
     }
     if ($pl->getParameterValue("users")) {
         $ps .= 'u';
     }
     $mod->setPermissions($ps);
     $mod->save();
     if (GlobalProperties::$UI_SLEEP) {
         sleep(1);
     }
 }
 public function moderatorResignEvent($runData)
 {
     $siteId = $runData->getParameterList()->getParameterValue("site_id");
     $userId = $runData->getUserId();
     $db = Database::connection();
     $db->begin();
     $c = new Criteria();
     $c->add("user_id", $userId);
     $c->add("site_id", $siteId);
     DB_ModeratorPeer::instance()->delete($c);
     $site = DB_SitePeer::instance()->selectByPrimaryKey($siteId);
     $user = $runData->getUser();
     AdminNotificationMaker::instance()->moderatorResigned($site, $user);
     $db->commit();
 }
 public function build($runData)
 {
     $pl = $runData->getParameterList();
     $postId = $pl->getParameterValue("postId");
     $threadId = $pl->getParameterValue("threadId");
     $user = $runData->getUser();
     $site = $runData->getTemp("site");
     $title = '';
     $db = Database::connection();
     $db->begin();
     $thread = DB_ForumThreadPeer::instance()->selectByPrimaryKey($threadId);
     if ($thread == null || $thread->getSiteId() !== $site->getSiteId()) {
         throw new ProcessException(_("No thread found... Is it deleted?"), "no_thread");
     }
     // check if thread blocked
     if ($thread->getBlocked()) {
         // check if moderator or admin
         if ($runData->getUser()) {
             $c = new Criteria();
             $c->add("site_id", $site->getSiteId());
             $c->add("user_id", $user->getUserId());
             $rel = DB_ModeratorPeer::instance()->selectOne($c);
         }
         if (!$rel || strpos($rel->getPermissions(), 'f') == false) {
             $rel = DB_AdminPeer::instance()->selectOne($c);
             if (!$rel) {
                 throw new WDPermissionException(_("Sorry, this thread is blocked. Nobody can add new posts nor edit existing ones."));
             }
         }
     }
     // now check if user is allowed
     $category = $thread->getCategory();
     WDPermissionManager::instance()->hasForumPermission('new_post', $runData->getUser(), $category);
     if ($postId !== null && is_numeric($postId)) {
         $post = DB_ForumPostPeer::instance()->selectByPrimaryKey($postId);
         if ($post == null || $post->getThreadId() !== $thread->getThreadId()) {
             throw new ProcessException(_("Original post does not exist! Please reload the page to make it up-to-date."), "no_post");
         }
         // try to  determine true parent id based on the nesting level.
         // TODO!
         $maxNest = $thread->getForumCategory()->getEffectiveMaxNestLevel();
         // now check the nest level of the post... woooo...
         $parentId6 = $post->getParentId();
         $nestLevel6 = 0;
         $parents = array();
         while ($parentId6 != null) {
             $parent6 = DB_ForumPostPeer::instance()->selectByPrimaryKey($parentId6);
             $parents[] = $parent6;
             $parentId6 = $parent6->getParentId();
             $nestLevel6++;
         }
         if ($nestLevel6 >= $maxNest) {
             // change parent id to the maxNest-1 in the chain
             $parent = $parents[$nestLevel6 - ($maxNest - 1) - 1];
             if ($parent) {
                 $parentId = $parent->getPostId();
                 $parentChanged = true;
             }
         } else {
             $parentId = $post->getPostId();
         }
         $title = preg_replace('/^Re:\\s?/', '', $post->getTitle());
         $title = 'Re: ' . $title;
     } else {
         // only if NOT a page discussion
         if ($thread->getPageId() == null) {
             $title = 'Re: ' . $thread->getTitle();
         }
     }
     $runData->contextAdd("thread", $thread);
     if ($parentId) {
         $runData->ajaxResponseAdd("parentId", $parentId);
         $runData->contextAdd("parentId", $parentId);
         if ($parentChanged) {
             $runData->ajaxResponseAdd("parentChanged", true);
         }
     }
     $runData->contextAdd("title", $title);
     // keep the session - i.e. put an object into session storage not to delete it!!!
     $runData->sessionAdd("keep", true);
     $userId = $runData->getUserId();
     if ($userId == null) {
         $userString = $runData->createIpString();
         $runData->contextAdd("anonymousString", $userString);
     }
     $db->commit();
 }
Exemple #11
0
 public function saveEvent($runData)
 {
     $params = $runData->getParameterList()->asArray();
     $ids = array();
     foreach ($params as $param_key => $param_val) {
         $m = array();
         if (preg_match(';^nick_name_([new0-9]+)$;', $param_key, $m)) {
             $ids[] = $m[1];
         }
     }
     foreach ($ids as $id) {
         $nick_name = $params["nick_name_{$id}"];
         $password = $params["password_{$id}"];
         $admin = $params["admin_{$id}"] ? true : false;
         $mod = $params["mod_{$id}"] ? true : false;
         $site = $runData->getTemp('site');
         if ($nick_name) {
             if ($id = 1 * $id) {
                 $u = DB_OzoneUserPeer::instance()->selectByPrimaryKey($id);
             } else {
                 $u = null;
             }
             $next = false;
             if (!$u) {
                 $u = new DB_OzoneUser();
                 if (!$password) {
                     $next = true;
                 }
                 $u->save();
                 $m = new DB_Member();
                 $m->setUserId($u->getUserId());
                 $m->setSiteId($site->getSiteId());
                 $m->save();
             }
             if (!$next) {
                 $u->setName($nick_name);
                 $u->setEmail($nick_name);
                 $u->setNickName($nick_name);
                 $u->setUnixName(WDStringUtils::toUnixName($nick_name));
                 if ($password) {
                     $u->setPassword(md5($password));
                 }
                 $u->save();
                 if ($admin) {
                     if (!WDPermissionManager::hasPermission('manage_site', $u, $site)) {
                         $a = new DB_Admin();
                         $a->setUserId($u->getUserId());
                         $a->setSiteId($site->getSiteId());
                         $a->save();
                     }
                 } else {
                     // ! $admin
                     $c = new Criteria();
                     $c->add('site_id', $site->getSiteId());
                     $c->add('user_id', $u->getUserId());
                     DB_AdminPeer::instance()->delete($c);
                 }
                 if ($mod) {
                     if (!WDPermissionManager::hasPermission('moderate_site', $u, $site)) {
                         $m = new DB_Moderator();
                         $m->setUserId($u->getUserId());
                         $m->setSiteId($site->getSiteId());
                         $m->save();
                     }
                 } else {
                     // ! $mod
                     $c = new Criteria();
                     $c->add('site_id', $site->getSiteId());
                     $c->add('user_id', $u->getUserId());
                     DB_ModeratorPeer::instance()->delete($c);
                 }
             }
         }
     }
 }
 public function hasForumPermission($action, $user, $category, $thread = null, $post = null)
 {
     if ($user) {
         if (is_string($user) && is_numeric($user) || is_int($user)) {
             $user = DB_OzoneUserPeer::instance()->selectByPrimaryKey($user);
         }
     }
     if ($user && ($user->getSuperAdmin() || $user->getSuperModerator())) {
         return true;
     }
     $site = $GLOBALS['site'];
     // ugly.
     // ban by IP first.
     if ($this->checkIpBlocks) {
         $ips = Ozone::getRunData()->createIpString();
         $blocks = $this->checkIpBlocked($ips, $site);
         if (count($blocks) > 0) {
             if ($this->throwExceptions) {
                 throw new WDPermissionException(_("Sorry, your IP address is blocked from participating in and modifying this site."));
             } else {
                 return false;
             }
         }
     }
     if (strpos($action, "thread")) {
         $authorString = _("author of the thread");
     } else {
         $authorString = _("author of the post");
     }
     //action code
     $ac = self::$forumActions[$action];
     //permission string
     $ps = $category->getPermissionString();
     //throw new WDPermissionException($ps);
     // first try anonymous and registered to save effort
     $uc = self::$userClasses['anonymous'];
     if ($this->permissionLookup($ac, $uc, $ps)) {
         // ok, anyone can.
         // but check ip blocks.
         if ($this->checkUserBlocks && $user) {
             //if(!$user){
             //	$ips = Ozone::getRunData()->createIpString();
             //
             //	$blocks = $this->checkIpBlocked($ips, $site);
             //	if(count($blocks)>0){
             //
             //		if($this->throwExceptions){
             //			throw new WDPermissionException(_("Sorry, your IP address is blocked from participating in and modifying this site."));
             //		}else{
             //			return false;
             //		}
             //	}
             //}
             //if($user){
             $block = $this->checkUserBlocked($user, $site);
             if ($block) {
                 if ($this->throwExceptions) {
                     $message = _("Sorry, you are blocked from participating in and modifying this site. ");
                     if ($block->getReason() && $block->getReason() != '') {
                         $message .= _("The given reason is:") . " <p>" . htmlspecialchars($block->getReason()) . "</p>";
                     }
                     throw new WDPermissionException($message);
                     //throw new WDPermissionException("Sorry, you are blocked from participating in and modifying this site. " .
                     //		"The given reason is: \"".htmlspecialchars($block->getReason())."\"");
                 } else {
                     return false;
                 }
             }
             //}
         }
         return true;
     } elseif (!$user) {
         // anonymous can not and the user is only anonymous. game over.
         //	throw new WDPermissionException($ps);
         $m = $this->generateMessage($action, $uc, $ps, 'forum', array("o" => $authorString));
         $this->handleFalse($m);
         return false;
     }
     // ok, check registered now
     $uc = self::$userClasses['registered'];
     if ($this->permissionLookup($ac, $uc, $ps)) {
         // check blocked users
         if ($this->checkUserBlocks) {
             $block = $this->checkUserBlocked($user, $site);
             if ($block) {
                 if ($this->throwExceptions) {
                     $message = _("Sorry, you are blocked from participating in and modifying this site. ");
                     if ($block->getReason() && $block->getReason() != '') {
                         $message .= _("The given reason is:") . " <p>" . htmlspecialchars($block->getReason()) . "</p>";
                     }
                     throw new WDPermissionException($message);
                     //throw new WDPermissionException("Sorry, you are blocked from participating in and modifying this site. " .
                     //		"The given reason is: \"".htmlspecialchars($block->getReason())."\"");
                 } else {
                     return false;
                 }
             }
         }
         return true;
     }
     // ok, a "premium feature" or what... need to check members now...
     $uc = self::$userClasses['member'];
     if ($this->permissionLookup($ac, $uc, $ps)) {
         // ok, members CAN do this. is the user a member?
         $c = new Criteria();
         $c->add("site_id", $category->getSiteId());
         $c->add("user_id", $user->getUserId());
         $rel = DB_MemberPeer::instance()->selectOne($c);
         if ($rel) {
             return true;
         }
     }
     /*// still nothing. check if owner of the page
     		if($page && $page->getOwnerUserId() && $user->getUserId() == $page->getOwnerUserId()){
     			$uc = self::$userClasses['owner'];
     			if($this->permissionLookup($ac, $uc, $ps)){
     				return true;	
     			}
     		}*/
     $uc = self::$userClasses['owner'];
     if (($post || $thread) && $this->permissionLookup($ac, $uc, $ps)) {
         $o = $post ? $post : $thread;
         if ($o && $o->getUserId() && $user->getUserId() == $o->getUserId()) {
             // check blocked users
             if ($this->checkUserBlocks) {
                 $block = $this->checkUserBlocked($user, $site);
                 if ($block) {
                     if ($this->throwExceptions) {
                         $message = _("Sorry, you are blocked from participating in and modifying this site. ");
                         if ($block->getReason() && $block->getReason() != '') {
                             $message .= _("The given reason is:") . " <p>" . htmlspecialchars($block->getReason()) . "</p>";
                         }
                         throw new WDPermissionException($message);
                         //throw new WDPermissionException("Sorry, you are blocked from participating in and modifying this site. " .
                         //		"The given reason is: \"".htmlspecialchars($block->getReason())."\"");
                     } else {
                         return false;
                     }
                 }
             }
             return true;
         }
     }
     // still nothing. check if moderator of "forum".
     $c = new Criteria();
     $c->add("site_id", $category->getSiteId());
     $c->add("user_id", $user->getUserId());
     $rel = DB_ModeratorPeer::instance()->selectOne($c);
     if ($rel && strpos($rel->getPermissions(), 'f') !== false) {
         return true;
     }
     // still nothing. check if admin.
     $c = new Criteria();
     $c->add("site_id", $category->getSiteId());
     $c->add("user_id", $user->getUserId());
     $rel = DB_AdminPeer::instance()->selectOne($c);
     if ($rel) {
         return true;
     }
     $m = $this->generateMessage($action, $uc, $ps, 'forum', array("o" => $authorString));
     $this->handleFalse($m);
     return false;
 }
Exemple #13
0
 public function saveThreadMetaEvent($runData)
 {
     $pl = $runData->getParameterList();
     $threadId = $pl->getParameterValue("threadId");
     $site = $runData->getTemp("site");
     $title = $pl->getParameterValue("title");
     $description = $pl->getParameterValue("description");
     // validate
     $errors = array();
     if ($title == '') {
         $errors['title'] = _("Thread title can not be empty.");
     }
     if (strlen8($title) > 128) {
         $errors['title'] = _("Thread title should not be longer than 128 characters.");
     }
     if (strlen($description) > 1000) {
         $errors['description'] = _("Thread description should not be longer than 1000 characters.");
     }
     if (count($errors) > 0) {
         $runData->ajaxResponseAdd("formErrors", $errors);
         throw new ProcessException("Form errors", "form_errors");
     }
     $db = Database::connection();
     $db->begin();
     $thread = DB_ForumThreadPeer::instance()->selectByPrimaryKey($threadId);
     if ($thread == null || $thread->getSiteId() !== $site->getSiteId()) {
         throw new ProcessException(_("No thread found... Is it deleted?"), "no_thread");
     }
     if ($thread->getBlocked()) {
         // check if moderator or admin
         $c = new Criteria();
         $c->add("site_id", $site->getSiteId());
         $c->add("user_id", $user->getUserId());
         $rel = DB_ModeratorPeer::instance()->selectOne($c);
         if (!$rel || strpos($rel->getPermissions(), 'f') == false) {
             $rel = DB_AdminPeer::instance()->selectOne($c);
             if (!$rel) {
                 throw new WDPermissionException(_("Sorry, this thread is blocked. Meta information can not be edited."));
             }
         }
     }
     $category = $thread->getCategory();
     WDPermissionManager::instance()->hasForumPermission('edit_thread', $runData->getUser(), $category, $thread);
     $changed = false;
     $title = trim($title);
     $description = trim($description);
     if ($title !== $thread->getTitle()) {
         $changed = true;
         $thread->setTitle($title);
     }
     if ($description !== $thread->getDescription()) {
         $changed = true;
         $thread->setDescription($description);
     }
     if ($changed) {
         $thread->save();
         EventLogger::instance()->logSaveThreadMeta($thread);
     }
     $o = new Outdater();
     $o->forumEvent("thread_save", $thread);
     // index thread
     Indexer::instance()->indexThread($thread);
     $db->commit();
     if (GlobalProperties::$UI_SLEEP) {
         sleep(1);
     }
 }