public function create()
{
$article = new Article();
if ($this->post) {
$article->title = $this->PostData('title');
$article->permalink = $this->PostData('permalink');
$article->summary = $this->PostData('summary');
$article->published = $this->PostData('published');
if ($this->PostData('publish_now') == 1) {
$article->publish_at = time();
} else {
$article->set_publish_at($this->PostData('publish_at'));
}
$article->user_id = Site::CurrentUser()->id;
if ($article->save()) {
$page = new ArticlePage();
$page->article_id = $article->id;
$page->title = $article->title;
$page->content = $this->PostData('fullbody');
$page->save();
Site::Flash("notice", "The article has been added");
Redirect("admin/articles/{$article->id}");
}
$this->assign("body", $this->PostData('fullbody'));
}
$this->assign("article", $article);
$this->tinymce = true;
$this->title = "Add Article";
$this->render("article/create.tpl");
}
public function user_index($nickname = null)
{
if (!$nickname) {
$nickname = $this->GetData('nickname');
}
$user = User::find_by_nickname($nickname);
$newaward = new LoyaltyAward();
if ($this->post) {
$newaward->user_id = $user->id;
$newaward->points = $this->PostData("points");
$newaward->justification = $this->PostData("justification");
$newaward->awarded_by_id = Site::CurrentUser()->id;
if (!$this->csrf) {
Site::InstantFlash('error', 'Invalid form submission');
} elseif ($newaward->save()) {
Site::Flash("notice", "The loyalty points have been awarded");
Redirect("admin/users/" . $user->permalink() . "/loyalty");
} else {
Site::InstantFlash('error', 'Unable to award loyalty points');
}
}
$page = 1;
if ($this->GetData('page')) {
$page = $this->GetData('page');
}
$id = mysql_real_escape_string($user->id);
$awards = LoyaltyAward::paginate("users.id = '{$id}'", "loyalty_awards.id DESC", $page, 50);
$this->assign("user", $user);
$this->assign("awards", $awards);
$this->assign('newaward', $newaward);
$this->title = "{$user->nickname} :: Loyalty";
$this->render("loyalty_award/user_index.tpl");
}
protected function selectLayout()
{
if (strpos($_SERVER['REQUEST_URI'], "/admin") === 0) {
if (Site::CurrentUser() and Site::CurrentUser()->isAdmin() > 0) {
return "admin";
}
}
return "layout";
}
public function acknowledge($id = null)
{
$script = self::load_script($id);
if ($script->getAlert('bool') && !$script->acknowledged) {
$script->acknowledged = true;
$nickname = Site::CurrentUser()->nickname;
$script->addlog("Alert acknowledged by {$nickname}");
$script->save();
}
Site::flash("notice", "The script alert has been acknowledged.");
RedirectBack("admin/scripts");
}
public function delete($id = null)
{
if (!$id) {
$id = $this->GetData('id');
}
$redemption = DiscountRedemption::find_by_id($id);
if (!$redemption || $redemption->user->id != Site::CurrentUser()->id) {
throw new Error404();
}
$redemption->destroy();
Site::Flash("notice", "Discount code removed successfully.");
RedirectBack("bookings/pay/{$cart_id}/");
}
public function index()
{
$page = 1;
if ($this->GetData('page')) {
$page = $this->GetData('page');
}
$user = Site::CurrentUser();
$id = mysql_real_escape_string($user->id);
$referrals = AffiliateReferral::paginate("referer.id = '{$id}'", "affiliate_referrals.created_at DESC, affiliate_referrals.id DESC", $page, 25);
$this->assign('user', $user);
$this->assign('referrals', $referrals);
$this->title = 'Referrals';
$this->render('affiliate_referral/index.tpl');
}
public function discounts()
{
$page = 1;
if ($this->GetData('page')) {
$page = $this->GetData('page');
}
$user = Site::CurrentUser();
$id = mysql_real_escape_string($user->id);
$discounts = LoyaltyDiscount::paginate("users.id = '{$id}'", "loyalty_discounts.id DESC", $page, 10);
$this->assign('user', $user);
$this->assign('discounts', $discounts);
$this->title = 'Loyalty Points :: Discount Codes';
$this->render('loyalty_award/discounts.tpl');
}
protected static function load_news($permalink = null, $published = true)
{
if (!$permalink) {
$permalink = $_GET['permalink'];
}
if (Site::CurrentUser() && Site::CurrentUser()->isAdmin() > 0) {
$published = false;
}
$news = News::find_by_permalink($permalink, $published);
if ($news) {
return $news;
} else {
Error404();
}
}
protected static function load_article($permalink = null)
{
if (!$permalink) {
$permalink = $_GET['permalink'];
}
$object = Article::find_by_permalink($permalink);
if ($object) {
if (Site::CurrentUser() && Site::CurrentUser()->isAdmin()) {
return $object;
} elseif (!$object->published || $object->publish_at > time()) {
throw new Error404('Article has not been published');
}
return $object;
} else {
throw new Error404('Unable to find the article');
}
}
protected static function load_event($permalink = null)
{
if (!$permalink) {
$permalink = $_GET['event_permalink'];
}
$event = Event::find_by_permalink($permalink);
if ($event) {
if (!$event->visible) {
self::restrict("admin");
}
if (!$event->check_user(Site::CurrentUser())) {
Error404();
}
return $event;
} else {
Error404();
}
}
public function run($action)
{
$controller = get_class($this);
$user = Site::CurrentUser();
if ($user) {
$group = $user->aclgroup;
} else {
$group = ACLGroup::find_by_code('guest');
}
if (!$group) {
throw new Error500('Unable to find ACL group');
}
$rule = $this->getRule($group, $controller, $action);
if (!$rule) {
throw new Error403('You do not have permission to access this resource');
}
switch ($rule->action) {
case 'araDeny':
if ($rule->error) {
Site::InstantFlash('error', $rule->error);
} elseif ($rule->notice) {
Site::InstantFlash('notice', $rule->notice);
}
throw new Error403('You do not have permission to access this resource');
case 'araRedirect':
if ($rule->error) {
Site::Flash('error', $rule->error);
} elseif ($rule->notice) {
Site::Flash('notice', $rule->notice);
}
$uri = $_SERVER["REQUEST_URI"];
if (substr($uri, 0, 1) == '/') {
$uri = substr($uri, 1);
}
Site::Flash('redirect', $uri);
Redirect($rule->url);
break;
case 'araAllow':
$params = func_get_args();
array_shift($params);
call_user_func_array(array($this, $action), $params);
break;
}
}
public static function render($title = null, $headcontent = null)
{
self::init();
global $site;
global $config;
$smarty = new SmartySite();
$smarty->assign("title", $title);
$smarty->assign("site", $site);
$smarty->assign("content", "|--|CONTENT|--|");
$smarty->assign("headcontent", $headcontent);
$smarty->assign("next_event", Event::next_event());
$all_events = Event::find_all("events.visible = true", "events.startdate DESC");
$events = array();
foreach ($all_events as $event) {
if ($event->check_user(Site::CurrentUser())) {
$events[] = $event;
}
}
$smarty->assign("all_events", $events);
$output = $smarty->fetch("application/layout.tpl");
$output = explode("|--|CONTENT|--|", $output);
return array("header" => $output[0], "footer" => $output[1]);
}
public function create()
{
$news = new News();
if ($this->post) {
$news->title = $this->PostData('title');
$news->permalink = $this->PostData('permalink');
$news->summary = $this->PostData('summary');
$news->body = $this->PostData('body');
$news->fullbody = $this->PostData('fullbody');
$news->published = $this->PostData('published');
$news->tag_id = $this->PostData('tag_id');
$news->ipb_id = $this->PostData('ipb_id');
$news->image = $this->PostData('image');
if ($this->PostData('publish_now') == 1) {
$news->publish_at = time();
} else {
$news->set_publish_at($this->PostData('publish_at'));
}
$news->user_id = Site::CurrentUser()->id;
if ($news->Save()) {
$news->update_tags($this->PostData('tags'));
Site::Flash("notice", "The news has been added");
Redirect("admin/news");
}
}
$this->assign("news", $news);
$tags = array('' => 'None');
$allTags = Tag::find_all("tags.system = TRUE", "tags.tag ASC");
foreach ($allTags as $tag) {
$tags[$tag->id] = $tag->tag;
}
$this->assign("tags", $tags);
$this->tinymce = true;
$this->title = "Add News";
$this->render("news/create.tpl");
}
public function award()
{
if ($this->post) {
$achievement = $this->load_achievement($this->PostData('achievement_id'));
$user_temp = $this->PostData('users');
if (!is_array($user_temp)) {
$user_temp = explode(',', $user_temp);
}
$error_on = array();
$success = 0;
foreach ($user_temp as $name_temp) {
$user_id = mysql_real_escape_string($name_temp);
$user = User::find_by_id($user_id);
if ($user) {
if ($achievement->award($user, $this->PostData("category_id"))) {
$success++;
} else {
$error_on[] = $name;
}
} else {
$error_on[] = $name;
}
}
if (count($user_temp) == 1) {
if ($success == 1) {
Site::InstantFlash("notice", "{$user->nickname} has been awarded {$achievement->name}");
} else {
Site::InstantFlash("error", "Unable to award achievement");
}
} else {
if ($success == 0) {
Site::InstantFlash("error", "Unable to award achievements to any of the users listed");
} elseif (count($error_on) > 0) {
Site::InstantFlash("error", "Awarded achievement to {$success} user" . ($success != 1 ? "s" : "") . ", failed to award to " . implode(", ", $error_on));
} else {
Site::InstantFlash("notice", "Awarded achievements to all users listed.");
}
}
}
$filters = array();
$pageQuery = '';
if ($this->GetData('query')) {
$pageQuery = $this->GetData('query');
$query = mysql_real_escape_string($this->GetData('query'));
$filters[] = "users.nickname LIKE '%{$query}%'";
}
$filter = implode('AND', $filters);
$achievement_id = null;
if ($this->GetData('achievement_id')) {
$achievement_id = $this->GetData('achievement_id');
}
$page = 1;
if ($this->GetData('page')) {
$page = $this->GetData('page');
}
$users = User::paginate($filter, 'users.nickname ASC', $page, 50);
$achievements = Achievement::find_all("", "achievements.created_at ASC");
$achlist = array();
foreach ($achievements as $ach) {
$achlist[$ach->id] = "{$ach->id}. {$ach->name}";
}
// Yay - Magic Numbers!
$category_id = 11;
$categories = array();
$all_categories = array();
$all_categories = AchievementCategory::find_all();
foreach ($all_categories as $category) {
$event = Event::find("achievement_category_id={$category->id}");
if (!$event || $event->check_user(Site::CurrentUser()) && $event->display_achievements) {
$categories[$category->id] = $category->category_name;
if ($category->default_category) {
$category_id = $category->id;
}
}
}
if ($this->GetData('category_id')) {
$category_id = $this->GetData('category_id');
}
$this->assign("achievements", $achlist);
$this->assign("categories", $categories);
$this->assign("category_id", $category_id);
$this->assign("achievement_id", $achievement_id);
$this->assign("users", $users);
$this->assign('pagequery', $pageQuery);
$this->title = "Award Achievement";
$this->render("achievement/award.tpl");
}
protected static function load_event($permalink = null)
{
if (!$permalink) {
$permalink = $_GET['permalink'];
}
$event = Event::find_by_permalink($permalink);
if ($event) {
if (!$event->visible) {
if (!Site::CurrentUser()->isAdmin()) {
throw new Error403();
}
}
if (!$event->check_user(Site::CurrentUser())) {
Error404();
}
return $event;
} else {
Error404();
}
}
function RenderPage($title, $content, $layout = "layout", $nosql = false, $vars = array())
{
global $site;
global $config;
$smarty = new SmartySite();
$smarty->assign("title", $title);
$smarty->assign("content", $content);
$smarty->assign("headcontent", "");
$smarty->assign("site", $site);
foreach ($vars as $name => $value) {
$smarty->assign($name, $value);
}
if (isset($_SESSION['csrf'])) {
$smarty->assign("csrf", $_SESSION['csrf']);
}
if (!$nosql) {
$revert = false;
if (isset($config['dev_sql']) && $config['dev_sql']) {
$config['dev_sql'] = false;
$revert = true;
}
$smarty->assign("next_event", Event::next_event());
$events = array('future' => Event::find_all("(events.visible = true OR events.advertised = true) AND events.enddate > NOW()", "events.enddate ASC"), 'past' => Event::find_all("(events.visible = true OR events.advertised = true) AND events.enddate <= NOW()", "events.enddate DESC"));
foreach ($events as $type => $collection) {
${$type} = array();
foreach ($collection as $key => $event) {
if ($event->check_user(Site::CurrentUser())) {
array_push(${$type}, $event);
}
}
$smarty->assign("{$type}Events", ${$type});
}
$smallEvents = array();
$largeEvents = array();
foreach ($future as $event) {
if ($event->capacity < 50) {
$smallEvents[] = $event;
} else {
$largeEvents[] = $event;
}
}
$smallEvents = array_slice($smallEvents, 0, 3);
$largeEvents = array_slice($largeEvents, 1, 1);
$smarty->assign('smallEvents', $smallEvents);
$smarty->assign('largeEvents', $largeEvents);
if ($revert) {
$config['dev_sql'] = true;
}
}
// Determine SSL or not
$protocol = "http";
if (isset($_SERVER['SERVER_PORT']) and $_SERVER['SERVER_PORT'] == 443) {
$protocol = "https";
}
$baseuri = "{$protocol}://{$_SERVER['HTTP_HOST']}";
$smarty->assign("protocol", $protocol);
$smarty->assign("baseuri", $baseuri);
$smarty->display("application/{$layout}.tpl");
if (isset($config['dev_sql']) && $config['dev_sql']) {
file_put_contents("logs/sql.log", "\r\n", FILE_APPEND);
}
die;
}
protected static function load_signup($id = null)
{
if (!$id) {
$id = $_GET['signup_id'];
}
$id = mysql_real_escape_string($id);
$signup = EventSignup::find_by_id($id);
if ($signup and $signup->user_id == Site::CurrentUser()->id) {
return $signup;
} else {
Error404();
}
}
public function show($permalink = null)
{
if (isset($_GET['permalink'])) {
$permalink = $_GET['permalink'];
}
$survey = Survey::find_by_permalink($permalink);
if (!$survey or !$survey->active && Site::CurrentUser()->isAdmin() == 0) {
Error404();
}
if ($survey->event->id) {
$event_id = mysql_real_escape_string($survey->event_id);
$user_id = mysql_real_escape_string(Site::CurrentUser()->id);
$result = EventSignup::find("events.id = '{$event_id}' AND users.id = '{$user_id}' AND event_signups.paid");
if (!$result) {
Site::Flash("error", "You must have attended {$survey->event->name} to take this survey");
RedirectBack();
}
}
$user_id = mysql_real_escape_string(Site::CurrentUser()->id);
$survey_id = mysql_real_escape_string($survey->id);
$response = SurveyResponse::find("surveys.id = '{$survey_id}' AND users.id = '{$user_id}'");
if ($response) {
Site::Flash("error", "You have already completed this survey");
Redirect("surveys");
}
$response = new SurveyResponse();
$response->survey = $survey;
$response->survey_id = $survey->id;
$response->user = Site::CurrentUser();
$response->user_id = Site::CurrentUser()->id;
$answers = array();
$choices = array();
$valid = true;
$errors = array();
if ($this->post) {
foreach ($survey->questions() as $question) {
$answer = new SurveyAnswer();
$answer->survey_question_id = $question->id;
if (in_array($question->type, array("sqtTextbox", "sqtTextArea"))) {
// Free-text input
if (isset($_POST['question'][$question->id])) {
$answer->value = $_POST['question'][$question->id];
} elseif (!$question->required) {
continue;
}
} else {
if (isset($_POST['question'][$question->id])) {
$chosen = array();
if ($question->type == "sqtCheckbox") {
// Checkboxes
$chosen = $_POST['question'][$question->id];
} else {
// Radio/Select
$chosen = array($_POST['question'][$question->id]);
}
foreach ($chosen as $id) {
$option = SurveyQuestionOption::find_by_id($id);
if (!$option or $option->question->id != $question->id) {
if (!$question->required) {
continue;
}
$valid = false;
$answer->add_error("Answer for question {$question->position} is invalid");
$errors[] = $question->id;
break;
}
$choice = new SurveyAnswerChoice();
$choice->survey_question_option_id = $option->id;
$choices[$question->id][$option->id] = $choice;
}
} elseif ($question->required) {
$valid = false;
$answer->add_error("You must enter an answer for question {$question->position}");
$errors[] = $question->id;
} else {
continue;
}
}
$result = $answer->validate();
if (!$result) {
$valid = false;
}
$answers[$question->id] = $answer;
}
if ($valid) {
// This is valid, let's save everything!
if ($response->save()) {
foreach ($answers as $answer) {
$answer->survey_response_id = $response->id;
$answer->save();
$answers[$answer->survey_question_id] = $answer;
}
foreach ($choices as $question_id => $answer_choices) {
foreach ($answer_choices as $choice) {
$choice->survey_answer_id = $answers[$question_id]->id;
$choice->save();
}
}
$account = TwitterAccount::find_by_code('site');
if ($account) {
$message = "{$response->user->nickname} has completed the {$survey->name} Survey";
$account->add_tweet($message);
}
Redirect("surveys/{$survey->permalink}/complete");
}
$valid = false;
}
}
$this->assign("answers", $answers);
$this->assign("choices", $choices);
$this->assign("valid", $valid);
$this->assign("survey", $survey);
$this->assign("response", $response);
$this->assign("errors", $errors);
$this->title = $survey->name;
$this->render("survey/show.tpl");
}
public function steam_link()
{
global $config;
$openid = new LightOpenID($config['steam']['url']);
if (!$openid->mode) {
$openid->identity = $config['steam']['endpoint'];
header('Location: ' . $openid->authUrl());
die;
} elseif ($openid->mode == 'cancel') {
Site::Flash('error', 'Steam connection attempt cancelled');
Redirect('account/steam');
} else {
if ($openid->validate()) {
$pattern = "/^http:\\/\\/steamcommunity\\.com\\/openid\\/id\\/(7[0-9]{15,25}+)\$/";
preg_match($pattern, $openid->identity, $matches);
$user = Site::CurrentUser();
$user->steamid64bit = $matches[1];
if ($user->save()) {
Site::Flash('notice', 'Your Steam account has been connected to your epic.LAN account');
Redirect('account/steam');
}
}
Site::Flash('error', 'Unable to connect your Steam account to your epic.LAN account');
Redirect('account/steam');
}
}
protected static function load_event($permalink = null, $allowed = false)
{
if (!$permalink) {
$permalink = $_GET['permalink'];
}
$event = Event::find_by_permalink($permalink);
if ($event) {
if (!$allowed && !$event->check_user(Site::CurrentUser())) {
Error404();
}
if ($event->active) {
return $event;
} else {
Site::Flash("error", "It is not possible to book for this event");
Redirect($event->permalink);
}
} else {
Error404();
}
}
public function complete()
{
if (isset($_GET['merchant_return_link'])) {
$id = $_GET['id'];
Redirect("payments/{$id}/complete");
}
$id = mysql_real_escape_string($_GET['id']);
$user_id = mysql_real_escape_string(Site::CurrentUser()->id);
$cart = Cart::find("carts.user_id = '{$user_id}' AND carts.id = '{$id}'");
if ($cart) {
// Validate Cart
foreach ($cart->items() as $item) {
if ($item->object == null) {
Error404();
}
}
$signups = $cart->get_signups();
if (count($signups) == 1) {
$this->assign("signup", current($signups));
}
$redemptions = array();
if ($cart->full_cart_discount()) {
$id = mysql_real_escape_string($cart->id);
$redemptions = DiscountRedemption::find_all("discount_redemptions.cart_id = '{$id}' and discount_redemptions.cart_item_id is null");
}
$this->assign("cart", $cart);
$this->assign("cart_discounts", $redemptions);
$this->title = "Payment Complete";
$this->render("paymenttransaction/complete.tpl");
} else {
Error404();
}
}
protected function getCart($id = null)
{
if (!$id) {
$id = $this->GetData('id');
}
$id = mysql_real_escape_string($id);
$user_id = mysql_real_escape_string(Site::CurrentUser()->id);
$cart = Cart::find("carts.id = '{$id}' and carts.user_id = '{$user_id}'");
if (!$cart) {
throw new Error404('Unable to find cart');
}
return $cart;
}
