static function required($perm_name, $item) { // Original code from the required function in modules/gallery/helpers/access.php. if (!access::can($perm_name, $item)) { if ($perm_name == "view") { // Treat as if the item didn't exist, don't leak any information. throw new Kohana_404_Exception(); } else { access::forbidden(); } // Begin rWatcher modifications. // Throw a 404 error when a user attempts to access a protected item, // unless the password has been provided, or the user is the item's owner. } elseif (module::get_var("albumpassword", "hideonly") == false) { $item_protected = ORM::factory("albumpassword_idcache")->where("item_id", "=", $item->id)->order_by("cache_id")->find_all(); if (count($item_protected) > 0) { $existing_password = ORM::factory("items_albumpassword")->where("id", "=", $item_protected[0]->password_id)->find(); if ($existing_password->loaded()) { if (cookie::get("g3_albumpassword") != $existing_password->password && identity::active_user()->id != $item->owner_id && !identity::active_user()->admin) { throw new Kohana_404_Exception(); } } } } }
static function page_bottom($theme) { $u_o = 1; if ($theme->item->owner_id != identity::active_user()->id && identity::active_user()->admin == 0) { $u_o = 0; } if ($u_o == 0 || $u_o == 1 && module::get_var("google_analytics", "owneradmin_hidden") == 0) { $google_code = ' <!-- Begin Google Analytics --> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(["_setAccount", "' . module::get_var("google_analytics", "code") . '"]); _gaq.push(["_trackPageview"]); (function() { var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true; ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s); })(); </script> <!-- End Google Analytics -->'; return $google_code; } }
public function change_photo_test() { $controller = new Photos_Controller(); $root = ORM::factory("item", 1); $photo = photo::create($root, MODPATH . "gallery/tests/test.jpg", "test.jpeg", "test", "test", identity::active_user()->id, "slug"); $orig_name = $photo->name; $_POST["filename"] = "test.jpeg"; $_POST["name"] = "new name"; $_POST["title"] = "new title"; $_POST["description"] = "new description"; $_POST["slug"] = "new-slug"; $_POST["csrf"] = access::csrf_token(); access::allow(identity::everybody(), "edit", $root); ob_start(); $controller->update($photo->id); $photo->reload(); $results = ob_get_contents(); ob_end_clean(); $this->assert_equal(json_encode(array("result" => "success", "location" => "HTTP_REFERER")), $results); $this->assert_equal("new-slug", $photo->slug); $this->assert_equal("new title", $photo->title); $this->assert_equal("new description", $photo->description); // We don't change the name, yet. $this->assert_equal($orig_name, $photo->name); }
static function get_email_form($user_id, $item_id = null) { // Determine name of the person the message is going to. $str_to_name = ""; if ($user_id == -1) { $str_to_name = module::get_var("contactowner", "contact_owner_name"); } else { // Locate the record for the user specified by $user_id, // use this to determine the user's name. $userDetails = ORM::factory("user")->where("id", "=", $user_id)->find_all(); $str_to_name = $userDetails[0]->name; } // If item_id is set, include a link to the item. $email_body = ""; if (!empty($item_id)) { $item = ORM::factory("item", $item_id); $email_body = "This message refers to <a href=\"" . url::abs_site("{$item->type}s/{$item->id}") . "\">this page</a>."; } // Make a new form with a couple of text boxes. $form = new Forge("contactowner/sendemail/{$user_id}", "", "post", array("id" => "g-contact-owner-send-form")); $sendmail_fields = $form->group("contactOwner"); $sendmail_fields->input("email_to")->label(t("To:"))->value($str_to_name)->id("g-contactowner-to-name"); $sendmail_fields->input("email_from")->label(t("From:"))->value(identity::active_user()->email)->id("g-contactowner-from-email")->rules('required|valid_email')->error_messages("required", t("You must enter a valid email address"))->error_messages("valid_email", t("You must enter a valid email address"))->error_messages("invalid", t("You must enter a valid email address")); $sendmail_fields->input("email_subject")->label(t("Subject:"))->value("")->id("g-contactowner-subject")->rules('required')->error_messages("required", t("You must enter a subject")); $sendmail_fields->textarea("email_body")->label(t("Message:"))->value($email_body)->id("g-contactowner-email-body")->rules('required')->error_messages("required", t("You must enter a message")); // Add a captcha, if there's an active captcha module. module::event("captcha_protect_form", $form); // Add a save button to the form. $sendmail_fields->submit("SendMessage")->value(t("Send")); return $form; }
static function get($block_id, $theme) { if (identity::active_user()->guest) { return; } $block = ""; switch ($block_id) { case "untagged_photo": $attempts = 0; do { $item = item::random_query()->join("items_tags", "items.id", "items_tags.item_id", "left")->where("items.type", "!=", "album")->where("items_tags.item_id", "IS", null)->find_all(1)->current(); } while (!$item && $attempts++ < 3); if ($item && $item->loaded()) { $block = new Block(); $block->css_id = "g-tag-it-block"; $block->title = t("Tag it"); $block->content = new View("tag_it_block.html"); $block->content->item = $item; $form = new Forge("tags/create/{$item->id}", "", "post", array("id" => "g-tag-it-add-tag-form", "class" => "g-short-form")); $label = $item->is_album() ? t("Add tag to album") : ($item->is_photo() ? t("Add tag to photo") : t("Add tag to movie")); $group = $form->group("add_tag")->label("Add Tag"); $group->input("name")->label($label)->rules("required")->id("name"); $group->hidden("item_id")->value($item->id); $group->submit("")->value(t("Add Tag")); $block->content->form = $form; } break; } return $block; }
/** * Shows a themed error page. * @see Kohana_Exception::handle */ private static function _show_themed_error_page(Exception $e) { // Create a text version of the exception $error = Kohana_Exception::text($e); // Add this exception to the log Kohana_Log::add('error', $error); // Manually save logs after exceptions Kohana_Log::save(); if (!headers_sent()) { if ($e instanceof Kohana_Exception) { $e->sendHeaders(); } else { header("HTTP/1.1 500 Internal Server Error"); } } $view = new Theme_View("page.html", "other", "error"); if ($e instanceof Kohana_404_Exception) { $view->page_title = t("Dang... Page not found!"); $view->content = new View("error_404.html"); $user = identity::active_user(); $view->content->is_guest = $user && $user->guest; if ($view->content->is_guest) { $view->content->login_form = new View("login_ajax.html"); $view->content->login_form->form = auth::get_login_form("login/auth_html"); // Avoid anti-phishing protection by passing the url as session variable. Session::instance()->set("continue_url", url::current(true)); } } else { $view->page_title = t("Dang... Something went wrong!"); $view->content = new View("error.html"); } print $view; }
static function user_menu($menu, $theme) { $user = identity::active_user(); if ($user->guest) { $menu->append(Menu::factory("dialog")->id("user_menu_register")->css_id("g-register-menu")->url(url::site("register"))->label(t("Register"))); } }
public function upgrade() { if (php_sapi_name() == "cli") { // @todo this may screw up some module installers, but we don't have a better answer at // this time. $_SERVER["HTTP_HOST"] = "example.com"; } else { if (!identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) { access::forbidden(); } } $available = module::available(); // Upgrade gallery first $gallery = $available["gallery"]; if ($gallery->code_version != $gallery->version) { module::upgrade("gallery"); module::activate("gallery"); } // Then upgrade the rest foreach (module::available() as $id => $module) { if ($id == "gallery") { continue; } if ($module->active && $module->code_version != $module->version) { module::upgrade($id); } } if (php_sapi_name() == "cli") { print "Upgrade complete\n"; } else { url::redirect("upgrader"); } }
static function head($theme) { if (identity::active_user()->admin) { $theme->css("server_add.css"); $theme->script("server_add.js"); } }
function change($command, $group_id, $perm_id, $item_id) { access::verify_csrf(); $group = identity::lookup_group($group_id); $perm = ORM::factory("permission", $perm_id); $item = ORM::factory("item", $item_id); access::required("view", $item); access::required("edit", $item); if (!empty($group) && $perm->loaded() && $item->loaded()) { switch ($command) { case "allow": access::allow($group, $perm->name, $item); break; case "deny": access::deny($group, $perm->name, $item); break; case "reset": access::reset($group, $perm->name, $item); break; } // If the active user just took away their own edit permissions, give it back. if ($perm->name == "edit") { if (!access::user_can(identity::active_user(), "edit", $item)) { access::allow($group, $perm->name, $item); } } } }
/** * Load the active theme. This is called at bootstrap time. We will only ever have one theme * active for any given request. */ static function load_themes() { $input = Input::instance(); $path = $input->server("PATH_INFO"); if (empty($path)) { $path = "/" . $input->get("kohana_uri"); } $config = Kohana_Config::instance(); $modules = $config->get("core.modules"); self::$is_admin = $path == "/admin" || !strncmp($path, "/admin/", 7); self::$site_theme_name = module::get_var("gallery", "active_site_theme"); if (self::$is_admin) { // Load the admin theme self::$admin_theme_name = module::get_var("gallery", "active_admin_theme"); array_unshift($modules, THEMEPATH . self::$admin_theme_name); // If the site theme has an admin subdir, load that as a module so that // themes can provide their own code. if (file_exists(THEMEPATH . self::$site_theme_name . "/admin")) { array_unshift($modules, THEMEPATH . self::$site_theme_name . "/admin"); } } else { // Admins can override the site theme, temporarily. This lets us preview themes. if (identity::active_user()->admin && ($override = $input->get("theme"))) { if (file_exists(THEMEPATH . $override)) { self::$site_theme_name = $override; } else { Kohana_Log::add("error", "Missing override theme: '{$override}'"); } } array_unshift($modules, THEMEPATH . self::$site_theme_name); } $config->set("core.modules", $modules); }
public function __construct($theme = null) { if (!identity::active_user()->admin) { access::forbidden(); } parent::__construct(); }
public function emailid($user_id) { // Display a form that a vistor can use to contact a registered user. // If this page is disabled, show a 404 error. if (module::get_var("contactowner", "contact_user_link") != true) { throw new Kohana_404_Exception(); } // Locate the record for the user specified by $user_id, // use this to determine the user's name. $userDetails = ORM::factory("user")->where("id", "=", $user_id)->find_all(); // Make a new form with a couple of text boxes. $form = new Forge("contactowner/sendemail", "", "post", array("id" => "g-contact-owner-send-form")); $sendmail_fields = $form->group("contactOwner"); $sendmail_fields->input("email_to")->label(t("To:"))->value($userDetails[0]->name); $sendmail_fields->input("email_from")->label(t("From:"))->value(identity::active_user()->email); $sendmail_fields->input("email_subject")->label(t("Subject:"))->value(""); $sendmail_fields->textarea("email_body")->label(t("Message:"))->value(""); $sendmail_fields->hidden("email_to_id")->value($user_id); // Add a save button to the form. $sendmail_fields->submit("SendMessage")->value(t("Send")); // Set up and display the actual page. $template = new Theme_View("page.html", "other", "Contact"); $template->content = new View("contactowner_emailform.html"); $template->content->sendmail_form = $form; print $template; }
static function context_menu($menu, $theme, $item) { $link = ORM::factory("bitly_link")->where("item_id", "=", $item->id)->find(); if (!$link->loaded() && $theme->item->owner->id == identity::active_user()->id) { $menu->get("options_menu")->append(Menu::factory("link")->id("bitly")->label(t("Shorten link with bit.ly"))->url(url::site("bitly/shorten/{$item->id}?csrf={$theme->csrf}"))->css_class("g-bitly-shorten ui-icon-link")); } }
static function site_menu($menu, $theme) { if (identity::active_user()->guest && module::get_var("registration", "policy") != "admin_only") { $menu->append(Menu::factory("dialog")->id("register_users")->label(t("Register"))->url(url::site("register"))); } return $menu; }
public function upgrade() { if (php_sapi_name() == "cli") { // @todo this may screw up some module installers, but we don't have a better answer at // this time. $_SERVER["HTTP_HOST"] = "example.com"; } else { if (!identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) { access::forbidden(); } try { access::verify_csrf(); } catch (Exception $e) { url::redirect("upgrader"); } } $available = module::available(); // Upgrade gallery first $gallery = $available["gallery"]; if ($gallery->code_version != $gallery->version) { module::upgrade("gallery"); module::activate("gallery"); } // Then upgrade the rest $failed = array(); foreach (module::available() as $id => $module) { if ($id == "gallery") { continue; } if ($module->active && $module->code_version != $module->version) { try { module::upgrade($id); } catch (Exception $e) { // @todo assume it's MODULE_FAILED_TO_UPGRADE for now $failed[] = $id; } } } // If the upgrade failed, this will get recreated site_status::clear("upgrade_now"); // Clear any upgrade check strings, we are probably up to date. site_status::clear("upgrade_checker"); if (php_sapi_name() == "cli") { if ($failed) { print "Upgrade completed ** WITH FAILURES **\n"; print "The following modules were not successfully upgraded:\n"; print " " . implode($failed, "\n ") . "\n"; print "Try getting newer versions or deactivating those modules\n"; } else { print "Upgrade complete\n"; } } else { if ($failed) { url::redirect("upgrader?failed=" . join(",", $failed)); } else { url::redirect("upgrader"); } } }
static function site_menu($menu, $theme) { $item = $theme->item(); $user = identity::active_user(); if ($item && ($item->is_photo() || $item->is_movie()) && $user->admin) { $menu->get("options_menu")->append(Menu::factory("link")->id("ratingsclear")->label(t("Clear all ratings/votes"))->url(url::site("ratings/clear/{$theme->item->id}"))->css_class("g-dialog-link")->css_id("g-ratings")); } }
function is_admin() { if (identity::active_user()->admin) { json::reply(array("result" => "success", "csrf" => access::csrf_token())); return; } json::reply(array("result" => "failure")); }
function is_admin() { if (identity::active_user()->admin) { print json_encode(array("result" => "success", "csrf" => access::csrf_token())); return; } print json_encode(array("result" => "failure")); }
static function album_menu($menu, $theme) { // Make sure the user can view maps before displaying one. if (module::get_var("tagsmap", "restrict_maps") == true && identity::active_user()->guest) { return; } $menu->append(Menu::factory("link")->id("tagsmap")->label(t("View Map"))->url(url::site("tagsmap/googlemap/"))->css_id("g-tagsmap-link")); }
static function site_menu($menu, $theme) { $item = $theme->item(); $paths = unserialize(module::get_var("server_add", "authorized_paths")); if ($item && identity::active_user()->admin && $item->is_album() && !empty($paths) && is_writable($item->is_album() ? $item->file_path() : $item->parent()->file_path())) { $menu->get("add_menu")->append(Menu::factory("dialog")->id("server_add")->label(t("Server add"))->url(url::site("server_add/browse/{$item->id}"))); } }
private static function _show_form($form) { $view = new Theme_View("page.html", "other", "reauthenticate"); $view->page_title = t("Re-authenticate"); $view->content = new View("reauthenticate.html"); $view->content->form = $form; $view->content->user_name = identity::active_user()->name; print $view; }
/** * If Gallery is in maintenance mode, then force all non-admins to get routed to a "This site is * down for maintenance" page. */ static function maintenance_mode() { $maintenance_mode = Kohana::config("core.maintenance_mode", false, false); if (Router::$controller != "login" && !empty($maintenance_mode) && !identity::active_user()->admin) { Router::$controller = "maintenance"; Router::$controller_path = MODPATH . "gallery/controllers/maintenance.php"; Router::$method = "index"; } }
/** * Load the active theme. This is called at bootstrap time. We will only ever have one theme * active for any given request. */ static function load_themes() { $input = Input::instance(); $path = $input->server("PATH_INFO"); if (empty($path)) { $path = "/" . $input->get("kohana_uri"); } $config = Kohana_Config::instance(); $modules = $config->get("core.modules"); // Normally Router::find_uri() strips off the url suffix for us, but we're working off of the // PATH_INFO here so we need to strip it off manually if ($suffix = Kohana::config("core.url_suffix")) { $path = preg_replace("#" . preg_quote($suffix) . "\$#u", "", $path); } self::$is_admin = $path == "/admin" || !strncmp($path, "/admin/", 7); self::$site_theme_name = module::get_var("gallery", "active_site_theme"); // If the site theme doesn't exist, fall back to wind. if (!file_exists(THEMEPATH . self::$site_theme_name . "/theme.info")) { site_status::error(t("Theme '%name' is missing. Falling back to the Wind theme.", array("name" => self::$site_theme_name)), "missing_site_theme"); module::set_var("gallery", "active_site_theme", self::$site_theme_name = "wind"); } if (self::$is_admin) { // Load the admin theme self::$admin_theme_name = module::get_var("gallery", "active_admin_theme"); // If the admin theme doesn't exist, fall back to admin_wind. if (!file_exists(THEMEPATH . self::$admin_theme_name . "/theme.info")) { site_status::error(t("Admin theme '%name' is missing! Falling back to the Wind theme.", array("name" => self::$admin_theme_name)), "missing_admin_theme"); module::set_var("gallery", "active_admin_theme", self::$admin_theme_name = "admin_wind"); } array_unshift($modules, THEMEPATH . self::$admin_theme_name); // If the site theme has an admin subdir, load that as a module so that // themes can provide their own code. if (file_exists(THEMEPATH . self::$site_theme_name . "/admin")) { array_unshift($modules, THEMEPATH . self::$site_theme_name . "/admin"); } // Admins can override the site theme, temporarily. This lets us preview themes. if (identity::active_user()->admin && ($override = $input->get("theme"))) { if (file_exists(THEMEPATH . $override)) { self::$admin_theme_name = $override; array_unshift($modules, THEMEPATH . self::$admin_theme_name); } else { Kohana_Log::add("error", "Missing override admin theme: '{$override}'"); } } } else { // Admins can override the site theme, temporarily. This lets us preview themes. if (identity::active_user()->admin && ($override = $input->get("theme"))) { if (file_exists(THEMEPATH . $override)) { self::$site_theme_name = $override; } else { Kohana_Log::add("error", "Missing override site theme: '{$override}'"); } } array_unshift($modules, THEMEPATH . self::$site_theme_name); } $config->set("core.modules", $modules); }
static function delete($request) { if (!identity::active_user()->admin) { access::forbidden(); } $comment = rest::resolve($request->url); access::required("edit", $comment->item()); $comment->delete(); }
public function index() { if (!identity::active_user()->admin) { url::redirect(item::root()->abs_url()); } $v = new View("welcome_message.html"); $v->user = identity::active_user(); print $v; }
static function remove_watch($item, $user = null) { if ($item->is_album()) { if (empty($user)) { $user = identity::active_user(); } $subscription = ORM::factory("subscription")->where("item_id", "=", $item->id)->where("user_id", "=", $user->id)->find()->delete(); } }
/** * Attempts to load a view and pre-load view data. * * @throws Kohana_Exception if the requested view cannot be found * @param string $name view name * @param string $theme_name view name * @return void */ public function __construct($name) { parent::__construct($name); $this->theme_name = module::get_var("gallery", "active_admin_theme"); if (identity::active_user()->admin) { $this->theme_name = Input::instance()->get("theme", $this->theme_name); } $this->sidebar = ""; $this->set_global(array("theme" => $this, "user" => identity::active_user(), "page_type" => "admin", "page_subtype" => $name, "page_title" => null)); }
static function delete($request) { // Restrict deleting tags to admins. Otherwise, a logged in user can do great harm to an // install. if (!identity::active_user()->admin) { access::forbidden(); } $tag = rest::resolve($request->url); $tag->delete(); }
/** * remove the default login link and use our own */ static function user_menu($menu, $theme) { $user = identity::active_user(); if ($user->guest) { // disable the default login $menu->remove('user_menu_login'); // add ours $menu->append(Menu::factory("dialog")->id("user_menu_pam")->css_id("g-pam-menu")->url(url::site("pam/ajax"))->label(t("Login"))); } }