Esempio n. 1
0
/**
 * Perform an action.
 *
 * This function executes the action with name $action as registered
 * by {@link elgg_register_action()}.
 *
 * The plugin hook 'action', $action_name will be triggered before the action
 * is executed.  If a handler returns false, it will prevent the action script
 * from being called.
 *
 * @note If an action isn't registered in the system or is registered
 * to an unavailable file the user will be forwarded to the site front
 * page and an error will be emitted via {@link register_error()}.
 *
 * @warning All actions require {@link http://docs.elgg.org/Actions/Tokens Action Tokens}.
 *
 * @param string $action    The requested action
 * @param string $forwarder Optionally, the location to forward to
 *
 * @link http://docs.elgg.org/Actions
 * @see elgg_register_action()
 *
 * @return void
 * @access private
 */
function action($action, $forwarder = "")
{
    global $CONFIG;
    $action = rtrim($action, '/');
    // @todo REMOVE THESE ONCE #1509 IS IN PLACE.
    // Allow users to disable plugins without a token in order to
    // remove plugins that are incompatible.
    // Login and logout are for convenience.
    // file/download (see #2010)
    $exceptions = array('admin/plugins/disable', 'logout', 'login', 'file/download');
    if (!in_array($action, $exceptions)) {
        // All actions require a token.
        action_gatekeeper();
    }
    $forwarder = str_replace(elgg_get_site_url(), "", $forwarder);
    $forwarder = str_replace("http://", "", $forwarder);
    $forwarder = str_replace("@", "", $forwarder);
    if (substr($forwarder, 0, 1) == "/") {
        $forwarder = substr($forwarder, 1);
    }
    if (isset($CONFIG->actions[$action])) {
        if (elgg_is_admin_logged_in() || $CONFIG->actions[$action]['access'] !== 'admin') {
            if (elgg_is_logged_in() || $CONFIG->actions[$action]['access'] === 'public') {
                // Trigger action event
                // @todo This is only called before the primary action is called.
                $event_result = true;
                $event_result = elgg_trigger_plugin_hook('action', $action, null, $event_result);
                // Include action
                // Event_result being false doesn't produce an error
                // since i assume this will be handled in the hook itself.
                // @todo make this better!
                if ($event_result) {
                    if (!(include $CONFIG->actions[$action]['file'])) {
                        register_error(elgg_echo('actionnotfound', array($action)));
                    }
                }
            } else {
                register_error(elgg_echo('actionloggedout'));
            }
        } else {
            register_error(elgg_echo('actionunauthorized'));
        }
    } else {
        register_error(elgg_echo('actionundefined', array($action)));
    }
    if (!empty($forwarder)) {
        forward($forwarder);
    } else {
        forward(REFERER);
    }
}
/**
* Loads an action script, if it exists, then forwards elsewhere
*
* @param string $action The requested action
* @param string $forwarder Optionally, the location to forward to
*/
function action($action, $forwarder = "")
{
    global $CONFIG;
    // set GET params
    elgg_set_input_from_uri();
    // @todo REMOVE THESE ONCE #1509 IS IN PLACE.
    // Allow users to disable plugins without a token in order to
    // remove plugins that are imcompatible.
    // Installation cannot use tokens because it requires site secret to be
    // working. (#1462)
    // Login and logout are for convenience.
    $exceptions = array('systemsettings/install', 'admin/plugins/disable', 'logout', 'login');
    if (!in_array($action, $exceptions)) {
        // All actions require a token.
        action_gatekeeper();
    }
    $forwarder = str_replace($CONFIG->url, "", $forwarder);
    $forwarder = str_replace("http://", "", $forwarder);
    $forwarder = str_replace("@", "", $forwarder);
    if (substr($forwarder, 0, 1) == "/") {
        $forwarder = substr($forwarder, 1);
    }
    if (isset($CONFIG->actions[$action])) {
        if (isadminloggedin() || !$CONFIG->actions[$action]['admin']) {
            if ($CONFIG->actions[$action]['public'] || $_SESSION['id'] != -1) {
                // Trigger action event TODO: This is only called before the primary action is called. We need to rethink actions for 1.5
                $event_result = true;
                $event_result = trigger_plugin_hook('action', $action, null, $event_result);
                // Include action
                // Event_result being false doesn't produce an error -
                // since i assume this will be handled in the hook itself.
                // TODO make this better!
                if ($event_result) {
                    if (!(include $CONFIG->actions[$action]['file'])) {
                        register_error(sprintf(elgg_echo('actionundefined'), $action));
                    }
                }
            } else {
                register_error(elgg_echo('actionloggedout'));
            }
        }
    } else {
        register_error(sprintf(elgg_echo('actionundefined'), $action));
    }
    forward($CONFIG->url . $forwarder);
}
Esempio n. 3
0
 /**
  * @see action
  * @access private
  */
 public function execute($action, $forwarder = "")
 {
     $action = rtrim($action, '/');
     $this->currentAction = $action;
     // @todo REMOVE THESE ONCE #1509 IS IN PLACE.
     // Allow users to disable plugins without a token in order to
     // remove plugins that are incompatible.
     // Login and logout are for convenience.
     // file/download (see #2010)
     $exceptions = array('admin/plugins/disable', 'logout', 'file/download');
     if (!in_array($action, $exceptions)) {
         // All actions require a token.
         action_gatekeeper($action);
     }
     $forwarder = str_replace(_elgg_services()->config->getSiteUrl(), "", $forwarder);
     $forwarder = str_replace("http://", "", $forwarder);
     $forwarder = str_replace("@", "", $forwarder);
     if (substr($forwarder, 0, 1) == "/") {
         $forwarder = substr($forwarder, 1);
     }
     if (!isset($this->actions[$action])) {
         register_error(_elgg_services()->translator->translate('actionundefined', array($action)));
     } elseif (!_elgg_services()->session->isAdminLoggedIn() && $this->actions[$action]['access'] === 'admin') {
         register_error(_elgg_services()->translator->translate('actionunauthorized'));
     } elseif (!_elgg_services()->session->isLoggedIn() && $this->actions[$action]['access'] !== 'public') {
         register_error(_elgg_services()->translator->translate('actionloggedout'));
     } else {
         // To quietly cancel the action file, return a falsey value in the "action" hook.
         if (_elgg_services()->hooks->trigger('action', $action, null, true)) {
             if (is_file($this->actions[$action]['file']) && is_readable($this->actions[$action]['file'])) {
                 self::includeFile($this->actions[$action]['file']);
             } else {
                 register_error(_elgg_services()->translator->translate('actionnotfound', array($action)));
             }
         }
     }
     $forwarder = empty($forwarder) ? REFERER : $forwarder;
     forward($forwarder);
 }
Esempio n. 4
0
 /**
  * @see action
  * @access private
  */
 public function execute($action, $forwarder = "")
 {
     $action = rtrim($action, '/');
     $this->currentAction = $action;
     // @todo REMOVE THESE ONCE #1509 IS IN PLACE.
     // Allow users to disable plugins without a token in order to
     // remove plugins that are incompatible.
     // Login and logout are for convenience.
     // file/download (see #2010)
     $exceptions = array('admin/plugins/disable', 'logout', 'file/download');
     if (!in_array($action, $exceptions)) {
         // All actions require a token.
         action_gatekeeper($action);
     }
     $forwarder = str_replace(elgg_get_site_url(), "", $forwarder);
     $forwarder = str_replace("http://", "", $forwarder);
     $forwarder = str_replace("@", "", $forwarder);
     if (substr($forwarder, 0, 1) == "/") {
         $forwarder = substr($forwarder, 1);
     }
     if (!isset($this->actions[$action])) {
         register_error(elgg_echo('actionundefined', array($action)));
     } elseif (!elgg_is_admin_logged_in() && $this->actions[$action]['access'] === 'admin') {
         register_error(elgg_echo('actionunauthorized'));
     } elseif (!elgg_is_logged_in() && $this->actions[$action]['access'] !== 'public') {
         register_error(elgg_echo('actionloggedout'));
     } else {
         // Returning falsy doesn't produce an error
         // We assume this will be handled in the hook itself.
         if (elgg_trigger_plugin_hook('action', $action, null, true)) {
             if (!(include $this->actions[$action]['file'])) {
                 register_error(elgg_echo('actionnotfound', array($action)));
             }
         }
     }
     $forwarder = empty($forwarder) ? REFERER : $forwarder;
     forward($forwarder);
 }
Esempio n. 5
0
<?php

/**
 * Profile Manager
 * 
 * jQuery Profile Field change category
 * 
 * @package profile_manager
 * @author ColdTrick IT Solutions
 * @copyright Coldtrick IT Solutions 2009
 * @link http://www.coldtrick.com/
 */
global $CONFIG;
action_gatekeeper();
admin_gatekeeper();
$guid = get_input("guid");
$category_guid = get_input("category_guid");
if (!empty($guid)) {
    $entity = get_entity($guid);
    if ($entity->getSubtype() == CUSTOM_PROFILE_FIELDS_PROFILE_SUBTYPE || $entity->getSubtype() == CUSTOM_PROFILE_FIELDS_GROUP_SUBTYPE) {
        if (!empty($category_guid)) {
            $entity->category_guid = $category_guid;
        } else {
            unset($entity->category_guid);
        }
        echo "true";
    }
}
exit;
Esempio n. 6
0
 /**
  * Handles graph requests
  *
  * /graph/<node>[/<edge>]
  *
  * @param array $segments URL segments
  * @return bool
  */
 public function pageHandler($segments)
 {
     elgg_register_plugin_hook_handler('debug', 'log', array($this->logger, 'debugLogHandler'));
     error_reporting(E_ALL);
     set_error_handler(array($this->logger, 'errorHandler'));
     set_exception_handler(array($this->logger, 'exceptionHandler'));
     try {
         if ($this->request->getUrlSegments()[0] == 'services') {
             elgg_trigger_plugin_hook('auth', 'graph');
         } else {
             // graph page handler is being accessed directly, and not routed to from services
             // check csrf tokens
             action_gatekeeper('');
             if ($this->request->getMethod() != HttpRequest::METHOD_GET) {
                 elgg_gatekeeper();
             }
         }
         elgg_set_context('services');
         elgg_push_context('api');
         elgg_push_context('graph');
         $viewtype = $this->mapViewtype();
         $endpoint = implode('/', $segments);
         if (!elgg_is_registered_viewtype($viewtype)) {
             $viewtype = 'json';
         }
         elgg_set_viewtype($viewtype);
         $result = $this->route($endpoint);
     } catch (Exception $ex) {
         $result = new ErrorResult($ex->getMessage(), $ex->getCode(), $ex);
     }
     $this->send($result);
     return true;
 }
Esempio n. 7
0
/**
 * Elgg welcome plugin change user email action
 *
 * @author Gerard Kanters
 * @author Wouter van Os
 * @author Juho Jaakkola
 *
 * @website https://www.centillien.com
 *
 * @copyright Centillien 2016
 */
if (elgg_get_user_validation_status($user->guid) == false) {
    register_error(elgg_echo('notallowed'));
    return;
}
action_gatekeeper('change_user_email');
// Set access status to perform needed operation
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
// Get user guid
$user_guid = (int) get_input('user_guid');
$new_email = get_input('new_email');
// Check if user guid is provided
if (!empty($user_guid) && !empty($new_email)) {
    $user = get_entity($user_guid);
    // Check if user exists
    if (elgg_instanceof($user, 'user')) {
        // Check if provided email address is valid
        if (validate_email_address($new_email)) {
            elgg_set_ignore_access(true);
            elgg_override_permissions(true);