private function _send_reset($form)
{
$user_name = $form->reset->inputs["name"]->value;
$user = user::lookup_by_name($user_name);
if ($user && !empty($user->email)) {
$user->hash = random::hash();
$user->save();
$message = new View("reset_password.html");
$message->confirm_url = url::abs_site("password/do_reset?key={$user->hash}");
$message->user = $user;
Sendmail::factory()->to($user->email)->subject(t("Password Reset Request"))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=UTF-8")->message($message->render())->send();
log::success("user", t("Password reset email sent for user %name", array("name" => $user->name)));
} else {
if (!$user) {
// Don't include the username here until you're sure that it's XSS safe
log::warning("user", t("Password reset email requested for user %user_name, which does not exist.", array("user_name" => $user_name)));
} else {
log::warning("user", t("Password reset failed for %user_name (has no email address on record).", array("user_name" => $user->name)));
}
}
// Always pretend that an email has been sent to avoid leaking
// information on what user names are actually real.
message::success(t("Password reset email sent"));
json::reply(array("result" => "success"));
}
public function save($module_name, $var_name)
{
access::verify_csrf();
module::set_var($module_name, $var_name, Input::instance()->post("value"));
message::success(t("Saved value for %var (%module_name)", array("var" => $var_name, "module_name" => $module_name)));
json::reply(array("result" => "success"));
}
public function auth()
{
if (!identity::active_user()->admin) {
access::forbidden();
}
access::verify_csrf();
$form = self::_form();
$valid = $form->validate();
$user = identity::active_user();
if ($valid) {
module::event("user_auth", $user);
if (!request::is_ajax()) {
message::success(t("Successfully re-authenticated!"));
}
url::redirect(Session::instance()->get_once("continue_url"));
} else {
$name = $user->name;
log::warning("user", t("Failed re-authentication for %name", array("name" => $name)));
module::event("user_auth_failed", $name);
if (request::is_ajax()) {
$v = new View("reauthenticate.html");
$v->form = $form;
$v->user_name = identity::active_user()->name;
json::reply(array("html" => (string) $v));
} else {
self::_show_form($form);
}
}
}
public function reset_api_key()
{
access::verify_csrf();
rest::reset_access_key();
message::success(t("Your REST API key has been reset."));
json::reply(array("result" => "success"));
}
public function confirm()
{
access::verify_csrf();
$messages = array("error" => array(), "warn" => array());
$desired_list = array();
foreach (module::available() as $module_name => $info) {
if ($info->locked) {
continue;
}
if ($desired = Input::instance()->post($module_name) == 1) {
$desired_list[] = $module_name;
}
if ($info->active && !$desired && module::is_active($module_name)) {
$messages = array_merge($messages, module::can_deactivate($module_name));
} else {
if (!$info->active && $desired && !module::is_active($module_name)) {
$messages = array_merge($messages, module::can_activate($module_name));
}
}
}
if (empty($messages["error"]) && empty($messages["warn"])) {
$this->_do_save();
$result["reload"] = 1;
} else {
$v = new View("admin_modules_confirm.html");
$v->messages = $messages;
$v->modules = $desired_list;
$result["dialog"] = (string) $v;
$result["allow_continue"] = empty($messages["error"]);
}
json::reply($result);
}
/**
* Allows the given item to be displayed again.
*
* @param int $id the item id
*/
public function show($id)
{
$item = model_cache::get("item", $id);
$msg = t("Displayed <b>%title</b> item", array("title" => html::purify($item->title)));
$this->_check_hide_permissions($item);
hide::show($item);
message::success($msg);
json::reply(array("result" => "success", "reload" => 1));
}
public function star_only_off()
{
//$item = model_cache::get("item", $id);
access::verify_csrf();
$msg = t("Showing all items.");
//$this->_check_star_permissions($item);
star::star_only_off();
message::success($msg);
json::reply(array("result" => "success", "reload" => 1));
}
public function save()
{
access::verify_csrf();
if (!identity::active_user()->admin) {
access::forbidden();
}
$locale = Gallery_I18n::instance()->locale();
$input = Input::instance();
$key = $input->post("l10n-message-key");
$root_message = ORM::factory("incoming_translation")->where("key", "=", $key)->where("locale", "=", "root")->find();
if (!$root_message->loaded()) {
throw new Exception("@todo bad request data / illegal state");
}
$is_plural = Gallery_I18n::is_plural_message(unserialize($root_message->message));
$is_empty = true;
if ($is_plural) {
$plural_forms = l10n_client::plural_forms($locale);
$translation = array();
foreach ($plural_forms as $plural_form) {
$value = $input->post("l10n-edit-plural-translation-{$plural_form}");
if (null === $value || !is_string($value)) {
throw new Exception("@todo bad request data");
}
$translation[$plural_form] = $value;
$is_empty = $is_empty && empty($value);
}
} else {
$translation = $input->post("l10n-edit-translation");
$is_empty = empty($translation);
if (null === $translation || !is_string($translation)) {
throw new Exception("@todo bad request data");
}
}
$entry = ORM::factory("outgoing_translation")->where("key", "=", $key)->where("locale", "=", $locale)->find();
if ($is_empty) {
if ($entry->loaded()) {
$entry->delete();
}
} else {
if (!$entry->loaded()) {
$entry->key = $key;
$entry->locale = $locale;
$entry->message = $root_message->message;
$entry->base_revision = null;
}
$entry->translation = serialize($translation);
$entry_from_incoming = ORM::factory("incoming_translation")->where("key", "=", $key)->where("locale", "=", $locale)->find();
if (!$entry_from_incoming->loaded()) {
$entry->base_revision = $entry_from_incoming->revision;
}
$entry->save();
}
Gallery_I18n::clear_cache($locale);
json::reply(new stdClass());
}
public function auth_ajax()
{
access::verify_csrf();
list($valid, $form) = $this->_auth("login/auth_ajax");
if ($valid) {
json::reply(array("result" => "success"));
} else {
$view = new View("login_ajax.html");
$view->form = $form;
json::reply(array("result" => "error", "html" => (string) $view));
}
}
public function doClear($id)
{
$photo = ORM::factory("item", $id);
$rateid = "rate" . $id;
$ratable = db::build()->select("id")->from("ratables")->where("ratableKey", "=", $rateid)->execute()->current();
if (db::build()->select("id")->from("ratings")->where("ratable_id", "=", $ratable->id)->execute()->count() < 1) {
message::warning(t("No votes have been registered for this item: Nothing cleared!"));
json::reply(array("result" => "success", "location" => $photo->url()));
return;
}
$ratings = db::build()->delete("ratings")->where("ratable_id", "=", $ratable->id)->execute();
message::success(t("All ratings and votes for this item have been cleared!"));
json::reply(array("result" => "success", "location" => $photo->url()));
}
private static function _reauth_check()
{
$session = Session::instance();
$last_active_auth = $session->get("active_auth_timestamp", 0);
$last_admin_area_activity = $session->get("admin_area_activity_timestamp", 0);
$admin_area_timeout = module::get_var("gallery", "admin_area_timeout");
$time_remaining = max($last_active_auth, $last_admin_area_activity) + $admin_area_timeout - time();
$result = new stdClass();
$result->result = "success";
if ($time_remaining < 30) {
message::success(t("Automatically logged out of the admin area for your security"));
$result->location = url::abs_site("");
}
json::reply($result);
}
public function send($id)
{
access::verify_csrf();
$user = identity::lookup_user($id);
if (!$this->_can_view_profile_pages($user)) {
throw new Kohana_404_Exception();
}
$form = user_profile::get_contact_form($user);
if ($form->validate()) {
Sendmail::factory()->to($user->email)->subject(html::clean($form->message->subject->value))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=UTF-8")->reply_to($form->message->reply_to->value)->message(html::purify($form->message->message->value))->send();
message::success(t("Sent message to %user_name", array("user_name" => $user->display_name())));
json::reply(array("result" => "success"));
} else {
json::reply(array("result" => "error", "html" => (string) $form));
}
}
public function save()
{
access::verify_csrf();
$input = Input::instance();
locales::update_installed($input->post("installed_locales"));
$installed_locales = array_keys(locales::installed());
$new_default_locale = $input->post("default_locale");
if (!in_array($new_default_locale, $installed_locales)) {
if (!empty($installed_locales)) {
$new_default_locale = $installed_locales[0];
} else {
$new_default_locale = "en_US";
}
}
module::set_var("gallery", "default_locale", $new_default_locale);
json::reply(array("result" => "success"));
}
/**
* Add a new comment to the collection.
*/
public function create($id)
{
$item = ORM::factory("item", $id);
access::required("view", $item);
if (!comment::can_comment()) {
access::forbidden();
}
$form = comment::get_add_form($item);
try {
$valid = $form->validate();
$comment = ORM::factory("comment");
$comment->item_id = $id;
$comment->author_id = identity::active_user()->id;
$comment->text = $form->add_comment->text->value;
$comment->guest_name = $form->add_comment->inputs["name"]->value;
$comment->guest_email = $form->add_comment->email->value;
$comment->guest_url = $form->add_comment->url->value;
$comment->validate();
} catch (ORM_Validation_Exception $e) {
// Translate ORM validation errors into form error messages
foreach ($e->validation->errors() as $key => $error) {
switch ($key) {
case "guest_name":
$key = "name";
break;
case "guest_email":
$key = "email";
break;
case "guest_url":
$key = "url";
break;
}
$form->add_comment->inputs[$key]->add_error($error, 1);
}
$valid = false;
}
if ($valid) {
$comment->save();
$view = new Theme_View("comment.html", "other", "comment-fragment");
$view->comment = $comment;
json::reply(array("result" => "success", "view" => (string) $view, "form" => (string) comment::get_add_form($item)));
} else {
$form = comment::prefill_add_form($form);
json::reply(array("result" => "error", "form" => (string) $form));
}
}
public function create($item_id)
{
$item = ORM::factory("item", $item_id);
access::required("view", $item);
access::required("edit", $item);
$form = tag::get_add_form($item);
if ($form->validate()) {
foreach (explode(",", $form->add_tag->inputs["name"]->value) as $tag_name) {
$tag_name = trim($tag_name);
if ($tag_name) {
$tag = tag::add($item, $tag_name);
}
}
json::reply(array("result" => "success", "cloud" => (string) tag::cloud(30)));
} else {
json::reply(array("result" => "error", "html" => (string) $form));
}
}
public function add_to_basket()
{
access::verify_csrf();
if (!isset($_POST['id'])) {
die("no id");
}
$form = self::getAddToBasketForm($_POST['id']);
$valid = $form->validate();
if ($valid) {
$basket = Session_Basket::getOrCreate();
$basket->add($form->add_to_basket->id->value, $form->add_to_basket->product->value, $form->add_to_basket->quantity->value);
$item = ORM::factory("item", $form->add_to_basket->id->value);
Session::instance()->set("redirect_home", $item->parent_id);
print json::reply(array("result" => "success"));
} else {
log_error("invalid form!");
}
}
/**
* the index page of the user homes admin
*/
public function index()
{
$form = upload_configuration::get_configure_form();
if (request::method() == "post") {
access::verify_csrf();
if ($form->validate()) {
upload_configuration::extractForm($form);
message::success(t("GWTOrganise Module Configured!"));
json::reply(array("result" => "success"));
return;
} else {
json::reply(array("result" => "error", "html" => (string) $form));
return;
}
} else {
upload_configuration::populateForm($form);
}
print $form;
}
/**
* Send the ecard.
*/
public function send($id)
{
$item = ORM::factory("item", $id);
access::required("view", $item);
if (!ecard::can_send_ecard()) {
access::forbidden();
}
$form = ecard::get_send_form($item);
try {
$valid = $form->validate();
} catch (ORM_Validation_Exception $e) {
// Translate ORM validation errors into form error messages
foreach ($e->validation->errors() as $key => $error) {
$form->edit_item->inputs[$key]->add_error($error, 1);
}
$valid = false;
}
if ($valid) {
$v = new View("ecard_email.html");
$v->item = $item;
$v->subject = module::get_var("ecard", "subject");
$to_name = $form->send_ecard->to_name->value;
$from_name = $form->send_ecard->from_name->value;
$bcc = module::get_var("ecard", "bcc");
$v->message = t(module::get_var("ecard", "message"), array("toname" => $to_name, "fromname" => $from_name));
$v->custom_message = $form->send_ecard->text->value;
$v->image = $item->name;
$to = $form->send_ecard->inputs["to_email"]->value;
$from = $form->send_ecard->inputs["from_email"]->value;
$headers = array("from" => $from_name . "<" . $from . ">", "to" => $to, "subject" => module::get_var("ecard", "subject"));
require_once MODPATH . "ecard/lib/mime.php";
$mime = new Mail_mime("\n");
$mime->setHTMLBody($v->render());
$mime->addHTMLImage($item->resize_path(), $item->mime_type, $item->name);
$body = $mime->get(array('html_charset' => 'UTF-8', 'text_charset' => 'UTF-8', 'text_encoding' => '8bit', 'head_charset' => 'UTF-8'));
self::_notify($headers['to'], $headers['from'], $headers['subject'], $item, $body, $mime->headers(), $bcc);
message::success("eCard successfully sent");
json::reply(array("result" => "success"));
} else {
json::reply(array("result" => "error", "html" => (string) $form));
}
}
public function handler()
{
access::verify_csrf();
$form = $this->_get_form();
$valid = $form->validate();
$name = $form->register_user->inputs["name"]->value;
if (register::check_user_name($name)) {
$form->register_user->inputs["name"]->add_error("in_use", 1);
$valid = false;
}
if ($valid) {
$pending_user = register::create_pending_request($form);
$policy = module::get_var("registration", "policy");
if ($policy == "visitor") {
if ($pending_user->state == 1) {
$user = register::create_new_user($pending_user->id);
Session::instance()->set("registration_first_usage");
auth::login($user);
Session::instance()->set("registration_first_usage", true);
$pending_user->delete();
} else {
$user = register::create_new_user($pending_user->id, true);
message::success(t("A confirmation email has been sent to your email address."));
}
} else {
if ($pending_user->state == 1) {
site_status::warning(t("There are pending user registration. <a href=\"%url\">Review now!</a>", array("url" => html::mark_clean(url::site("admin/register")), "locale" => module::get_var("gallery", "default_locale"))), "pending_user_registrations");
message::success(t("Your registration request is awaiting administrator approval"));
// added by Shad Laws, v2
if (module::get_var("registration", "admin_notify") == 1) {
register::send_admin_notify($pending_user);
}
} else {
register::send_confirmation($pending_user);
message::success(t("A confirmation email has been sent to your email address."));
}
}
json::reply(array("result" => "success"));
} else {
json::reply(array("result" => "error", "html" => (string) $form));
}
}
public function update()
{
access::verify_csrf();
$available_blocks = block_manager::get_available_site_blocks();
$active_blocks = array();
foreach (Input::instance()->get("block", array()) as $block_id) {
$active_blocks[md5($block_id)] = explode(":", (string) $block_id);
}
block_manager::set_active("site_sidebar", $active_blocks);
$result = array("result" => "success");
list($available, $active) = $this->_get_blocks();
$v = new View("admin_sidebar_blocks.html");
$v->blocks = $available;
$result["available"] = $v->render();
$v = new View("admin_sidebar_blocks.html");
$v->blocks = $active;
$result["active"] = $v->render();
$message = t("Updated sidebar blocks");
$result["message"] = (string) $message;
json::reply($result);
}
public function save($source_id)
{
access::verify_csrf();
$source = ORM::factory("item", $source_id);
$target = ORM::factory("item", Input::instance()->post("target_id"));
access::required("view", $source);
access::required("view", $target);
access::required("edit", $target);
model_cache::clear();
$target->album_cover_item_id = $source->is_album() ? $source->album_cover_item_id : $source->id;
$target->thumb_dirty = 1;
$target->save();
graphics::generate($target);
$grand_parent = $target->parent();
if ($grand_parent && access::can("edit", $grand_parent) && $grand_parent->album_cover_item_id == null) {
item::make_album_cover($target);
}
$msg = t("Made <b>%title</b> album's cover for <b>%album</b>", array("title" => html::purify($source->title), "album" => html::purify($target->title)));
message::success($msg);
json::reply(array("result" => "success"));
}
static function reply($data = array())
{
Session::instance()->abort_save();
header("X-Gallery-API-Version: " . rest::API_VERSION);
switch (Input::instance()->get("output", "json")) {
case "json":
json::reply($data);
break;
case "jsonp":
if (!($callback = Input::instance()->get("callback", ""))) {
throw new Rest_Exception("Bad Request", 400, array("errors" => array("callback" => "missing")));
}
if (preg_match('/^[$A-Za-z_][0-9A-Za-z_]*$/', $callback) == 1) {
header("Content-type: application/javascript; charset=UTF-8");
print "{$callback}(" . json_encode($data) . ")";
} else {
throw new Rest_Exception("Bad Request", 400, array("errors" => array("callback" => "invalid")));
}
break;
case "html":
header("Content-type: text/html; charset=UTF-8");
if ($data) {
$html = preg_replace("#([\\w]+?://[\\w]+[^ \\'\"\n\r\t<]*)#ise", "'<a href=\"\\1\" >\\1</a>'", var_export($data, 1));
} else {
$html = t("Empty response");
}
print "<pre>{$html}</pre>";
if (Session::instance()->get("profiler", false)) {
Profiler::enable();
$profiler = new Profiler();
$profiler->render();
}
break;
default:
throw new Rest_Exception("Bad Request", 400);
}
}
public function update($photo_id)
{
access::verify_csrf();
$photo = ORM::factory("item", $photo_id);
access::required("view", $photo);
access::required("edit", $photo);
$form = photo::get_edit_form($photo);
try {
$valid = $form->validate();
$photo->title = $form->edit_item->title->value;
$photo->description = $form->edit_item->description->value;
$photo->slug = $form->edit_item->slug->value;
$photo->name = $form->edit_item->inputs["name"]->value;
$photo->validate();
} catch (ORM_Validation_Exception $e) {
// Translate ORM validation errors into form error messages
foreach ($e->validation->errors() as $key => $error) {
$form->edit_item->inputs[$key]->add_error($error, 1);
}
$valid = false;
}
if ($valid) {
$photo->save();
module::event("item_edit_form_completed", $photo, $form);
log::success("content", "Updated photo", "<a href=\"{$photo->url()}\">view</a>");
message::success(t("Saved photo %photo_title", array("photo_title" => html::purify($photo->title))));
if ($form->from_id->value == $photo->id) {
// Use the new url; it might have changed.
json::reply(array("result" => "success", "location" => $photo->url()));
} else {
// Stay on the same page
json::reply(array("result" => "success"));
}
} else {
json::reply(array("result" => "error", "html" => (string) $form));
}
}
public function edit_group($id)
{
access::verify_csrf();
$group = group::lookup($id);
if (empty($group)) {
throw new Kohana_404_Exception();
}
$form = $this->_get_group_edit_form_admin($group);
try {
$valid = $form->validate();
$group->name = $form->edit_group->inputs["name"]->value;
$group->validate();
} catch (ORM_Validation_Exception $e) {
// Translate ORM validation errors into form error messages
foreach ($e->validation->errors() as $key => $error) {
$form->edit_group->inputs[$key]->add_error($error, 1);
}
$valid = false;
}
if ($valid) {
$group->save();
message::success(t("Changed group %group_name", array("group_name" => $group->name)));
json::reply(array("result" => "success"));
} else {
$group->reload();
message::error(t("Failed to change group %group_name", array("group_name" => $group->name)));
json::reply(array("result" => "error", "html" => (string) $form));
}
}
public function add()
{
access::verify_csrf();
$form = watermark::get_add_form();
if ($form->validate()) {
$file = $_POST["file"];
$pathinfo = pathinfo($file);
// Forge prefixes files with "uploadfile-xxxxxxx" for uniqueness
$name = preg_replace("/uploadfile-[^-]+-(.*)/", '$1', $pathinfo["basename"]);
if (!($image_info = getimagesize($file)) || !in_array($image_info[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG))) {
message::error(t("Unable to identify this image file"));
@unlink($file);
return;
}
rename($file, VARPATH . "modules/watermark/{$name}");
module::set_var("watermark", "name", $name);
module::set_var("watermark", "width", $image_info[0]);
module::set_var("watermark", "height", $image_info[1]);
module::set_var("watermark", "mime_type", $image_info["mime"]);
module::set_var("watermark", "position", $form->add_watermark->position->value);
module::set_var("watermark", "transparency", $form->add_watermark->transparency->value);
$this->_update_graphics_rules();
@unlink($file);
message::success(t("Watermark saved"));
log::success("watermark", t("Watermark saved"));
json::reply(array("result" => "success", "location" => url::site("admin/watermarks")));
} else {
// rawurlencode the results because the JS code that uploads the file buffers it in an
// iframe which entitizes the HTML and makes it difficult for the JS to process. If we url
// encode it now, it passes through cleanly. See ticket #797.
json::reply(array("result" => "error", "html" => rawurlencode((string) $form)));
}
// Override the application/json mime type. The dialog based HTML uploader uses an iframe to
// buffer the reply, and on some browsers (Firefox 3.6) it does not know what to do with the
// JSON that it gets back so it puts up a dialog asking the user what to do with it. So force
// the encoding type back to HTML for the iframe.
// See: http://jquery.malsup.com/form/#file-upload
header("Content-Type: text/html; charset=" . Kohana::CHARSET);
}
public function checkpassword()
{
// Check that a password is valid, then store in a browser cookie.
// Prevent Cross Site Request Forgery
access::verify_csrf();
// Convert submitted data to local variables.
$album_password = strtolower(Input::instance()->post("albumpassword_password"));
// See if the submitted password matches any in the database.
$existing_password = ORM::factory("items_albumpassword")->where("password", "=", $album_password)->find_all();
if (count($existing_password) > 0) {
// If the password if valid, then store it, and display a success message.
// If not, close the dialog and display a rejected message.
cookie::delete("g3_albumpassword_id");
cookie::set("g3_albumpassword", $album_password);
message::success(t("Password Accepted."));
json::reply(array("result" => "success"));
} else {
message::error(t("Password Rejected."));
json::reply(array("result" => "success"));
}
}
/**
* Post a status update to Twitter
* @param int $item_id
*/
public function tweet($item_id)
{
access::verify_csrf();
$item = ORM::factory("item", $item_id);
$form = twitter::get_tweet_form($item);
if ($form->validate()) {
$item_url = url::abs_site($item->relative_url_cache);
$user = $this->_get_twitter_user(identity::active_user()->id);
$consumer_key = module::get_var("twitter", "consumer_key");
$consumer_secret = module::get_var("twitter", "consumer_secret");
require_once MODPATH . "twitter/vendor/twitteroauth/twitteroauth.php";
$connection = new TwitterOAuth($consumer_key, $consumer_secret, $user->oauth_token, $user->oauth_token_secret);
$message = $form->twitter_message->tweet->value;
$attach_image = $form->twitter_message->attach_image->value;
if ($attach_image == 1) {
$filename = APPPATH . "../var/resizes/" . $item->relative_path_cache;
$handle = fopen($filename, "rb");
$image = fread($handle, filesize($filename));
fclose($handle);
$response = $connection->upload('statuses/update_with_media', array('media[]' => "{$image};type=image/jpeg;filename={$filename}", 'status' => $message));
} else {
$response = $connection->post('statuses/update', array('status' => $message));
}
if (200 == $connection->http_code) {
message::success(t("Tweet sent!"));
json::reply(array("result" => "success", "location" => $item->url()));
} else {
message::error(t("Unable to send, your Tweet has been saved. Please try again later: %http_code, %response_error", array("http_code" => $connection->http_code, "response_error" => $response->error)));
log::error("content", "Twitter", t("Unable to send tweet: %http_code", array("http_code" => $connection->http_code)));
json::reply(array("result" => "success", "location" => $item->url()));
}
$tweet->item_id = $item_id;
!empty($response->id) ? $tweet->twitter_id = $response->id : ($tweet->twitter_id = NULL);
$tweet->tweet = $message;
$tweet->id = $form->twitter_message->tweet_id->value;
$this->_save_tweet($tweet);
} else {
json::reply(array("result" => "error", "html" => (string) $form));
}
}
public function edit_quota($id)
{
// Save the specified quota to the database.
access::verify_csrf();
$group = ORM::factory("group", $id);
if (empty($group)) {
throw new Kohana_404_Exception();
}
$record = ORM::factory("groups_quota")->where("group_id", "=", $group->id)->find();
$form = $this->_get_edit_group_quota($group);
try {
$valid = $form->validate();
$record->group_id = $id;
$record->storage_limit = $form->edit_quota->inputs["group_quota"]->value * 1024 * 1024;
} catch (ORM_Validation_Exception $e) {
// Translate ORM validation errors into form error messages
foreach ($e->validation->errors() as $key => $error) {
$form->edit_quota->inputs[$key]->add_error($error, 1);
}
$valid = false;
}
if ($valid) {
$record->save();
message::success(t("Limit for group %group_name set", array("group_name" => $group->name)));
json::reply(array("result" => "success"));
} else {
json::reply(array("result" => "error", "html" => (string) $form));
}
}
private function _handle_request($method, $id = null)
{
$schedule = ORM::factory("schedule", $id);
$form = scheduler::get_form($method, $schedule);
$valid = $form->validate();
if ($valid) {
$schedule->name = $form->schedule_group->schedule_name->value;
$schedule->interval = $form->schedule_group->interval->value;
$schedule->next_run_datetime = $this->_start_date($form->schedule_group->run_date->dow->selected, $form->schedule_group->run_date->time->value);
$schedule->task_callback = $form->schedule_group->callback->value;
$schedule->save();
if ($method == "define") {
message::success(t("Added scheduled task: %name", array("name" => $schedule->name)));
} else {
message::success(t("Updated scheduled task: %name", array("name" => $schedule->name)));
}
json::reply(array("result" => "success", "reload" => 1));
} else {
json::reply(array("result" => "error", "html" => (string) $form));
}
}
public function edit_product($id)
{
access::verify_csrf();
$product = ORM::factory("bp_product", $id);
if (!$product->loaded()) {
kohana::show_404();
}
$form = bp_product::get_edit_form_admin($product);
$valid = $form->validate();
if ($valid) {
$new_name = $form->edit_product->inputs["name"]->value;
if ($new_name != $product->name && ORM::factory("bp_product")->where("name", "=", $new_name)->where("id", "!=", $product->id)->find()->loaded()) {
$form->edit_product->inputs["name"]->add_error("in_use", 1);
$valid = false;
} else {
$product->name = $new_name;
}
$product->cost = $form->edit_product->cost->value;
$product->description = $form->edit_product->description->value;
$product->bp_postage_band_id = $form->edit_product->postage_band->value;
$product->save();
message::success(t("Changed product %product_name", array("product_name" => html::clean($product->name))));
print json::reply(array("result" => "success"));
} else {
print $form;
}
}
