public function postSuggestion() { $this->loadSuggestion(); if ($this->event->post()) { if (PHPWS_Core::isPosted()) { $this->title = dgettext('calendar', 'Duplicate suggestion.'); $this->content = dgettext('calendar', 'You may try to suggest a different event.'); return true; } if (!isset($_SESSION['Calendar_Total_Suggestions'])) { $_SESSION['Calendar_Total_Suggestions'] = 0; } if (!$this->allowSuggestion()) { $this->title = dgettext('calendar', 'Sorry'); $this->content = dgettext('calendar', 'You have exceeded your allowed event submissions.'); return true; } $result = $this->event->save(); $_SESSION['Calendar_Total_Suggestions']++; if (PHPWS_Error::isError($result)) { PHPWS_Error::log($result); if (PHPWS_Calendar::isJS()) { javascript('close_refresh', array('timeout' => 5, 'refresh' => 0)); Layout::nakedDisplay('Event suggestion failed to save. Try again later.'); exit; } else { $this->title = dgettext('calendar', 'Sorry'); $this->content = dgettext('calendar', 'Unable to save your event suggestion.'); return true; } } else { if (PHPWS_Calendar::isJS()) { javascript('alert', array('content' => dgettext('calendar', 'Event submitted for approval.'))); javascript('close_refresh', array('timeout' => 1, 'refresh' => 0)); Layout::nakedDisplay(); exit; } else { $this->title = dgettext('calendar', 'Event saved'); $this->content = dgettext('calendar', 'An administrator will review your submission. Thank you.'); return true; } } } else { return false; } }
/** * Sets the last form post made to the website. * Works with isPosted * @deprecate */ public static function setLastPost() { $key = PHPWS_Core::_getPostKey(); if (!PHPWS_Core::isPosted()) { $_SESSION['PHPWS_LastPost'][] = $key; if (count($_SESSION['PHPWS_LastPost']) > MAX_POST_TRACK) { array_shift($_SESSION['PHPWS_LastPost']); } } elseif (isset($_SESSION['PHPWS_Post_Count'][$key])) { if (isset($_SESSION['PHPWS_Post_Count'][$key])) { $_SESSION['PHPWS_Post_Count'][$key]++; } else { $_SESSION['PHPWS_Post_Count'][$key] = 1; } } }
public function adminMenu() { if (!Current_User::allow('signup')) { Current_User::disallow(); } $this->loadPanel(); $javascript = false; $this->loadMessage(); $command = $_REQUEST['aop']; switch ($command) { case 'add_slot_peep': $javascript = true; $this->loadPeep(); $this->loadForm('edit_peep'); break; case 'menu': if (!isset($_GET['tab'])) { $this->loadForm('list'); } else { $this->loadForm($_GET['tab']); } break; case 'delete_sheet': $this->loadSheet(); $this->sheet->delete(); $this->message = dgettext('signup', 'Signup sheet deleted.'); $this->loadForm('list'); break; case 'edit_sheet': $this->loadForm('edit_sheet'); break; case 'edit_slot_peep': $javascript = true; $this->loadPeep(); $this->loadForm('edit_peep'); break; case 'edit_slot_popup': $javascript = true; $this->loadSlot(); $this->loadForm('edit_slot_popup'); break; case 'edit_peep_popup': $javascript = true; $this->loadSlot(); $this->loadForm('edit_peep_popup'); break; case 'print_applicants': if (!Current_User::authorized('signup')) { Current_User::disallow(); } $this->loadSheet(); $this->printApplicants(); exit; break; case 'email_applicants': if (!Current_User::authorized('signup')) { Current_User::disallow(); } $this->loadEmail(); $this->loadSheet(); $this->loadForm('email_applicants'); break; case 'post_email': if (!Current_User::authorized('signup')) { Current_User::disallow(); } $this->loadEmail(); $this->loadSheet(); if ($this->postEmail()) { $this->sendEmail(); } else { $this->loadForm('email_applicants'); } break; case 'slot_listing': if (!Current_User::authorized('signup')) { Current_User::disallow(); } $this->loadSheet(); $this->slotListing(); exit; break; case 'csv_applicants': if (!Current_User::authorized('signup')) { Current_User::disallow(); } $this->loadSheet(); $this->csvExport(); exit; break; case 'send_email': if (!Current_User::authorized('signup')) { Current_User::disallow(); } $this->sendEmail(); break; case 'edit_slots': $this->loadSheet(); $this->loadForm('edit_slots'); break; case 'search_slot': $this->searchSlots(); break; case 'post_peep': $javascript = true; if (!Current_User::authorized('signup')) { Current_User::disallow(); } if ($this->postPeep()) { // Since added by an admin, automatically registered $this->peep->registered = 1; if (PHPWS_Error::logIfError($this->peep->save())) { $this->forwardMessage(dgettext('signup', 'Error occurred when saving applicant.')); } else { $this->forwardMessage(dgettext('signup', 'Applicant saved successfully.')); } javascript('close_refresh'); Layout::nakedDisplay(); } else { $this->loadForm('edit_peep'); } break; case 'post_sheet': $this->loadSheet(); if (!Current_User::authorized('signup', 'edit_sheet', $this->sheet->id, 'sheet')) { Current_User::disallow(); } if ($this->postSheet()) { if (!$this->sheet->id && PHPWS_Core::isPosted()) { $this->message = dgettext('signup', 'Sheet previously posted.'); $this->loadForm('edit_sheet'); } else { $new_sheet = !$this->sheet->id; if (PHPWS_Error::logIfError($this->sheet->save())) { $this->forwardMessage(dgettext('signup', 'Error occurred when saving sheet.')); PHPWS_Core::reroute('index.php?module=signup&aop=list'); } else { $this->forwardMessage(dgettext('signup', 'Sheet saved successfully.')); if ($new_sheet) { PHPWS_Core::reroute('index.php?module=signup&aop=edit_slots&sheet_id=' . $this->sheet->id); } else { $this->loadForm('list'); } } } } else { $this->loadForm('edit_sheet'); } break; case 'post_slot': $javascript = true; if (!Current_User::authorized('signup')) { Current_User::disallow(); } if ($this->postSlot()) { if (PHPWS_Error::logIfError($this->slot->save())) { $this->forwardMessage(dgettext('signup', 'Error occurred when saving slot.')); } else { $this->forwardMessage(dgettext('signup', 'Slot saved successfully.')); } javascript('close_refresh'); Layout::nakedDisplay(); } else { $this->loadForm('edit_slot_popup'); } break; case 'move_peep': $this->loadPeep(); $result = $this->movePeep(); if (PHPWS_Error::logIfError($result) || !$result) { $this->forwardMessage(dgettext('signup', 'Error occurred when moving applicant. Slot may be full.')); } PHPWS_Core::goBack(); break; case 'move_top': $this->loadSlot(); $this->slot->moveTop(); PHPWS_Core::goBack(); break; case 'move_up': $this->loadSlot(); $this->slot->moveUp(); PHPWS_Core::goBack(); break; case 'move_down': $this->loadSlot(); $this->slot->moveDown(); PHPWS_Core::goBack(); break; case 'move_bottom': $this->loadSlot(); $this->slot->moveBottom(); PHPWS_Core::goBack(); break; case 'delete_slot': $this->loadSlot(); $this->deleteSlot(); break; case 'delete_slot_peep': $this->loadPeep(); $this->peep->delete(); PHPWS_Core::goBack(); break; case 'report': if (!Current_User::authorized('signup')) { Current_User::disallow(); } $this->loadSheet(); $this->loadForm('report'); break; case 'alpha_order': case 'reset_slot_order': if (!Current_User::authorized('signup')) { Current_User::disallow(); } $this->loadSheet(); $this->resetSlots($command); $this->forwardMessage(dgettext('signup', 'Slot order reset.')); PHPWS_Core::reroute('index.php?module=signup&sheet_id=' . $this->sheet->id . '&aop=edit_slots&authkey=' . Current_User::getAuthKey()); break; } $tpl['TITLE'] = $this->title; $tpl['CONTENT'] = $this->content; $tpl['MESSAGE'] = $this->message; if ($javascript) { $fonts = '<link rel="stylesheet" type="text/css" href="' . PHPWS_SOURCE_HTTP . 'themes/bootstrap/font-awesome/css/font-awesome.min.css" /> <link rel="stylesheet" type="text/css" href="' . PHPWS_SOURCE_HTTP . 'themes/bootstrap/css/bootstrap.min.css" />'; \Layout::addJSHeader($fonts); Layout::nakedDisplay(PHPWS_Template::process($tpl, 'signup', 'main.tpl')); } else { $this->panel->setContent(PHPWS_Template::process($tpl, 'signup', 'main.tpl')); Layout::add(PHPWS_ControlPanel::display($this->panel->display())); } }
public function postForgot(&$content) { if (empty($_POST['fg_username']) && empty($_POST['fg_email'])) { $content = dgettext('users', 'You must enter either a username or email address.'); return false; } if (!empty($_POST['fg_username'])) { $username = $_POST['fg_username']; if (preg_match('/\'|"/', html_entity_decode(strip_tags($username), ENT_QUOTES))) { $content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.'); return false; } $db = new PHPWS_DB('users'); $db->addWhere('username', strtolower($username)); $db->addColumn('email'); $db->addColumn('id'); $db->addColumn('deity'); $db->addColumn('authorize'); $user_search = $db->select('row'); if (PHPWS_Error::logIfError($user_search)) { $content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.'); return false; } elseif (empty($user_search)) { $content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.'); return false; } else { if ($user_search['deity'] && !ALLOW_DEITY_FORGET) { Security::log(dgettext('users', 'Forgotten password attempt made on a deity account.')); $content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.'); return false; } if ($user_search['authorize'] != 1) { $content = sprintf(dgettext('users', 'Sorry but your authorization is not checked on this site. Please contact %s for information on reseting your password.'), PHPWS_User::getUserSetting('site_contact')); return false; } if (PHPWS_Core::isPosted()) { $content = dgettext('users', 'Please check your email for a response.'); return true; } if (empty($user_search['email'])) { $content = dgettext('users', 'Your email address is missing from your account. Please contact the site administrators.'); PHPWS_Error::log(USER_ERR_NO_EMAIL, 'users', 'User_Action::postForgot'); return true; } if (User_Action::emailPasswordReset($user_search['id'], $user_search['email'])) { $content = dgettext('users', 'We have sent you an email to reset your password.'); return true; } else { $content = dgettext('users', 'We are currently unable to send out email reminders. Try again later.'); return true; } } } elseif (!empty($_POST['fg_email'])) { $email = $_POST['fg_email']; if (preg_match('/\'|"/', html_entity_decode(strip_tags($email), ENT_QUOTES))) { $content = dgettext('users', 'Email address not found. Please try again.'); return false; } if (!PHPWS_Text::isValidInput($email, 'email')) { $content = dgettext('users', 'Email address not found. Please try again.'); return false; } $db = new PHPWS_DB('users'); $db->addWhere('email', $email); $db->addColumn('username'); $user_search = $db->select('row'); if (PHPWS_Error::logIfError($user_search)) { $content = dgettext('users', 'Email address not found. Please try again.'); return false; } elseif (empty($user_search)) { $content = dgettext('users', 'Email address not found. Please try again.'); return false; } else { if (PHPWS_Core::isPosted()) { $content = dgettext('users', 'Please check your email for a response.'); return true; } if (User_Action::emailUsernameReminder($user_search['username'], $email)) { $content = dgettext('users', 'We have sent you an user name reminder. Please check your email and return to log in.'); return true; } else { $content = dgettext('users', 'We are currently unable to send out email reminders. Try again later.'); return true; } } } }
public static function main() { if (!Current_User::authorized('blog')) { Current_User::disallow(dgettext('blog', 'User attempted access to Blog administration.')); return; } $title = $content = NULL; $message = Blog_Admin::getForward(); $panel = Blog_Admin::cpanel(); $panel->enableSecure(); if (isset($_REQUEST['command'])) { $command = $_REQUEST['command']; } else { $command = $panel->getCurrentTab(); } if (isset($_REQUEST['blog_id'])) { $blog = new Blog((int) $_REQUEST['blog_id']); } else { $blog = new Blog(); } switch ($command) { case 'edit': $panel->setCurrentTab('list'); if (!Current_User::isUser($blog->author_id) && !Current_User::authorized('blog', 'edit_blog', $_REQUEST['blog_id'], 'entry')) { Current_User::disallow(dgettext('blog', 'User tried to edit a blog.')); return; } $title = dgettext('blog', 'Update Blog Entry'); $content = Blog_Form::edit($blog); break; case 'new': $title = dgettext('blog', 'New Blog Entry'); $content = Blog_Form::edit($blog); break; case 'delete': //Blog_Admin::resetCache(); $result = $blog->delete(); Blog_Admin::setForward(dgettext('blog', 'Blog entry deleted.'), 'list'); break; case 'list': $title = dgettext('blog', 'Blog Entries'); $content = Blog_Admin::entry_list(); break; case 'menu_submit_link': Menu::pinLink(dgettext('blog', 'Submit entry'), 'index.php?module=blog&action=user&action=submit'); PHPWS_Core::reroute('index.php?module=blog&action=admin&tab=settings&authkey=' . Current_User::getAuthKey()); break; case 'sticky': if (!Current_User::isUnrestricted('blog')) { Current_User::disallow(); } Blog_Admin::sticky($blog); PHPWS_Core::goBack(); break; case 'unsticky': if (!Current_User::isUnrestricted('blog')) { Current_User::disallow(); } Blog_Admin::unsticky($blog); PHPWS_Core::goBack(); break; case 'post_entry': $title = dgettext('blog', 'Blog Archive'); $panel->setCurrentTab('list'); $blog->post_entry(); $link_back = PHPWS_Text::linkAddress('blog', array('action' => 'admin', 'tab' => 'list'), TRUE); if ($blog->_error) { if (empty($blog->id)) { $panel->setCurrentTab('new'); } $content = Blog_Form::edit($blog); } else { if (!isset($_POST['blog_id']) && PHPWS_Core::isPosted()) { Blog_Admin::setForward(dgettext('blog', 'Entry saved successfully.'), 'list'); } $result = $blog->save(); //Blog_Admin::resetCache(); if (PHPWS_Error::isError($result)) { $message = dgettext('blog', 'An error occurred when trying to save your entry. Please check your logs.'); PHPWS_Error::log($result); Blog_Admin::setForward($message, 'list'); } if (!$blog->approved) { Blog_Admin::setForward(dgettext('blog', 'Your entry is being held for approval.'), 'list'); } else { PHPWS_Core::reroute($blog->getViewLink(true)); } } break; case 'reset_cache': Blog_Admin::resetCache(); PHPWS_Core::goBack(); break; case 'post_settings': if (!Current_User::authorized('blog', 'settings')) { Current_User::disallow(); return; } if (Current_User::isDeity() && isset($_POST['purge_confirm'])) { $title = dgettext('blog', 'Purge Blog Entries'); $content = Blog_Admin::confirmPurge($_POST['purge_date']); break; } Blog_Admin::postSettings(); $message = dgettext('blog', 'Blog settings saved.'); case 'settings': if (!Current_User::allow('blog', 'settings')) { Current_User::disallow(); return; } $panel->setCurrentTab('settings'); $title = dgettext('blog', 'Blog Settings'); $content = Blog_Form::settings(); break; case 'purge_entries': if (Current_User::authorized('blog') && Current_User::isDeity()) { Blog_Admin::purgeEntries($_GET['pd']); $message = dgettext('blog', 'Blog entries purged.'); } $content = Blog_Form::settings(); } Layout::add(PHPWS_ControlPanel::display($panel->display($content, $title, $message))); }