function form_open($action = '', $attributes = array(), $hidden = array()) { $CI =& get_instance(); // If no action is provided then set to the current url if (!$action) { $action = current_url($action); } elseif (strpos($action, '://') === FALSE) { $action = if_secure_site_url($action); } $attributes = _attributes_to_string($attributes); if (stripos($attributes, 'method=') === FALSE) { $attributes .= ' method="post"'; } if (stripos($attributes, 'accept-charset=') === FALSE) { $attributes .= ' accept-charset="' . strtolower(config_item('charset')) . '"'; } $form = '<form action="' . $action . '"' . $attributes . ">\n"; // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites if ($CI->config->item('csrf_protection') === TRUE && strpos($action, if_secure_base_url()) !== FALSE && !stripos($form, 'method="get"')) { $hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash(); } // Add MY CSRF token if MY CSRF library is loaded if ($CI->load->is_loaded('tokens') && strpos($action, if_secure_base_url()) !== FALSE && !stripos($form, 'method="get"')) { $hidden[$CI->tokens->name] = $CI->tokens->token(); } if (is_array($hidden)) { foreach ($hidden as $name => $value) { $form .= '<input type="hidden" name="' . $name . '" value="' . html_escape($value) . '" style="display:none;" />' . "\n"; } } return $form; }
/** * Form Declaration * * Creates the opening portion of the form. * * Modified to accomodate HTTPS actions * * @param string the URI segments of the form destination * @param array a key/value pair of attributes * @param array a key/value pair hidden data */ function form_open($action = '', $attributes = '', $hidden = array()) { $CI =& get_instance(); if ($attributes == '') { $attributes = 'method="post"'; } // If an action is not a full URL then turn it into one if ($action && strpos($action, '://') === FALSE) { $action = if_secure_site_url($action); } // If no action is provided then set to the current url $action or $action = if_secure_site_url($CI->uri->uri_string()); $form = '<form action="' . $action . '"'; $form .= _attributes_to_string($attributes, TRUE); $form .= '>'; // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites if ($CI->config->item('csrf_protection') === TRUE and !(strpos($action, if_secure_base_url()) === FALSE or strpos($form, 'method="get"'))) { $hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash(); } // Add MY CSRF token if MY CSRF library is loaded if ($CI->load->is_loaded('tokens') and !(strpos($action, if_secure_base_url()) === FALSE or strpos($form, 'method="get"'))) { $hidden[$CI->tokens->name] = $CI->tokens->token(); } if (is_array($hidden) and count($hidden) > 0) { $form .= sprintf("<div style=\"display:none\">%s</div>", form_hidden($hidden)); } return $form; }
/** * New function creates a URL to the file that was uploaded. */ public function file_url($full_path) { // Get all URI segments of the file upload location $path_parts = explode('/', $full_path); // Initialize variable to track if upload_dir has been reached when looping through $path_parts $target_dir = FALSE; // Initialize variable to hold our image path to pass to base_url() $file_url = ''; // Loop through $path_parts for ($x = 0; $x <= count($path_parts) - 1; $x++) { // If this parth part is the upload_dir, or if the upload_dir has already been reached if ($path_parts[$x] == $this->upload_dir or $target_dir === TRUE) { // Build on to the path to pass to base_url() $file_url .= $target_dir ? '/' . $path_parts[$x] : $path_parts[$x]; $target_dir = TRUE; } } // Return the URL to the image return if_secure_base_url($file_url); }
* * @package Community Auth * @author Robert B Gottier * @copyright Copyright (c) 2011 - 2015, Robert B Gottier. (http://brianswebdesign.com/) * @license BSD - http://www.opensource.org/licenses/BSD-3-Clause * @link http://community-auth.com */ ?> <!DOCTYPE html> <html lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <title>Community Auth Installation</title> <meta name="robots" content="noindex,nofollow" /> <base href="<?php echo if_secure_base_url(); ?> " /> <?php // Always add the main stylesheet echo link_tag(array('href' => 'css/style.css', 'media' => 'screen', 'rel' => 'stylesheet')) . "\n"; // jQuery is always loaded echo script_tag('//ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js') . "\n"; // Add any additional javascript if (isset($javascripts)) { for ($x = 0; $x <= count($javascripts) - 1; $x++) { echo script_tag($javascripts["{$x}"]) . "\n"; } } ?> </head>
/** * Delete image from filesystem and database */ public function delete_image() { // Make sure anyone is logged in if ($this->require_min_level(1)) { // Load resources $this->load->helper('file'); // Make sure the form token matches if ($this->tokens->match) { // Make sure we have the appropriate post variable if ($image_data = $this->input->post('src')) { // Make sure the user's directory appears in the posted 'src' $user_dir = $this->auth_user_id . '-' . md5(config_item('encryption_key') . $this->auth_user_id); if (strpos($image_data, $user_dir) !== FALSE) { // Remove scheme and domain from the src $file_location = str_replace(if_secure_base_url(), '', $image_data); // Add path to base file location $uploaded_file = FCPATH . $file_location; // Delete the file from the file system unlink($uploaded_file); // Remove the file from the base file location to get path to directory $dir_location = FCPATH . pathinfo($file_location, PATHINFO_DIRNAME); // rmdir() will remove the directory if it is empty @rmdir($dir_location); // Check the database for existing images data $query_data = $this->uploads_model->get_custom_uploader_images($this->auth_user_id); // Unserialize the existing images data $arr = unserialize($query_data->images_data); /** * If the deleted image was the only image, delete the record * and delete the directory that was holding the images. If * there is more than one image, we just update the record. */ if (count($arr) > 1) { $temp = FALSE; // For each image in the existing images data foreach ($arr as $k => $v) { // If this isn't the image that we are deleting now if ($v != $image_data) { // Save it to a temp array $temp[] = $v; } } // Send the new images data to the model for record update if ($model_response = $this->uploads_model->save_image_data($this->auth_user_id, serialize($temp))) { $response = array('status' => 'Image Deleted', 'token' => $this->tokens->token(), 'ci_csrf_token' => $this->security->get_csrf_hash()); } else { $response['status'] = 'Error: Model Response = FALSE on SAVE'; } } else { if ($model_response = $this->uploads_model->delete_image_record($this->auth_user_id)) { $response = array('status' => 'Image Deleted', 'token' => $this->tokens->token(), 'ci_csrf_token' => $this->security->get_csrf_hash()); } else { $response['status'] = 'Error: Model Response = FALSE on DELETE'; } } } else { $response['status'] = 'Error: Image Path Not Verified'; } } else { $response['status'] = 'Error: No Image Data'; } } else { $response['status'] = 'Error: No Token Match'; } echo json_encode($response); } }