function deactivate_plugin($plugin) { if (!AuthUser::hasPermission('administrator')) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url()); } Plugin::deactivate($plugin); }
public static function _checkPermission() { AuthUser::load(); if (!AuthUser::isLoggedIn()) { redirect(get_url('login')); } else { if (!AuthUser::hasPermission('administrator,developer,editor')) { // Flash::set('error', __('You do not have permission to access the requested page!')); // redirect(get_url()); } } }
function __construct() { AuthUser::load(); if (!AuthUser::isLoggedIn()) { redirect(get_url('login')); } if (!AuthUser::hasPermission('admin_view')) { redirect(URL_PUBLIC); } $this->setLayout('backend'); $this->assignToLayout('sidebar', new View('../../plugins/funky_cache/views/sidebar')); }
function __construct() { AuthUser::load(); if (!AuthUser::isLoggedIn()) { redirect(get_url('login')); } else { if (!AuthUser::hasPermission('administrator') && !AuthUser::hasPermission('developer')) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url()); } } $this->setLayout('backend'); $this->assignToLayout('sidebar', new View('layout/sidebar')); }
/** * Used to check generic permissions for entire the controller. */ private static final function _checkPermission() { AuthUser::load(); if (!AuthUser::isLoggedIn()) { redirect(get_url('login')); } else { if (!AuthUser::hasPermission('admin_edit')) { Flash::set('error', __('You do not have permission to access the requested page!')); if (Setting::get('default_tab') === 'setting') { redirect(get_url('page')); } else { redirect(get_url()); } } } }
function __construct() { AuthUser::load(); if (!AuthUser::isLoggedIn()) { redirect(get_url('login')); } else { if (!AuthUser::hasPermission('layout_view')) { Flash::set('error', __('You do not have permission to access the requested page!')); if (Setting::get('default_tab') === 'layout') { redirect(get_url('page')); } else { redirect(get_url()); } } } $this->setLayout('backend'); $this->assignToLayout('sidebar', new View('layout/sidebar')); }
/** * Execute this function on page_not_found. * If the request is for an image file, * resize the image. */ function image_resize_try_resizing() { // Require that visitor be logged in and has // permission to create files if (!AuthUser::isLoggedIn()) { AuthUser::load(); } if (!AuthUser::hasPermission('administrator,developer,editor')) { return false; } // Check that gd library is available if (!ImageResize::gd_available()) { return false; } if (preg_match('#\\.(jpe?g|gif|png|wbmp)$#i', CURRENT_URI)) { // If requested file appears to be an accepted format, create the new image if (image_resize_scale(CURRENT_URI) && !DEBUG) { // If Frog isn't debugging, it writes to a file; redirect to it header('Location: ' . URL_PUBLIC . "/" . CURRENT_URI); // Exit here to prevent a page not found message exit; } } }
echo get_url('snippet/edit/' . $snippet->id); ?> "><?php echo $snippet->name; ?> </a> <img class="handle" src="<?php echo PATH_PUBLIC; ?> wolf/admin/images/drag.gif" alt="<?php echo __('Drag and Drop'); ?> " align="middle" /> <div class="remove"> <?php if (AuthUser::hasPermission('snippet_delete')) { ?> <a class="remove" href="<?php echo get_url('snippet/delete/' . $snippet->id); ?> " onclick="return confirm('<?php echo __('Are you sure you wish to delete?'); ?> <?php echo $snippet->name; ?> ?');"><img src="<?php echo PATH_PUBLIC; ?> wolf/admin/images/icon-remove.gif" alt="<?php
echo __('on'); ?> <?php echo date('D, j M Y', strtotime($snippet->updated_on)); ?> </small> </p> <?php } ?> </div> </div> </div> <p class="buttons"> <?php if ($action == 'edit' && AuthUser::hasPermission('snippet_edit') || $action == 'add' && AuthUser::hasPermission('snippet_add')) { ?> <input class="button" name="commit" type="submit" accesskey="s" value="<?php echo __('Save'); ?> " /> <input class="button" name="continue" type="submit" accesskey="e" value="<?php echo __('Save and Continue Editing'); ?> " /> <?php echo __('or'); ?> <?php } else {
private static function __checkPermission($permission='facts_view') { AuthUser::load(); if ( ! AuthUser::isLoggedIn()) { redirect(get_url('login')); } if ( ! AuthUser::hasPermission($permission) ) { Flash::set('error', __('You do not have permission to access the requested page!')); if (! AuthUser::hasPermission('facts_view') ) redirect(get_url()); else redirect(get_url('plugin/facts')); } }//*/
/** * Deletes a Snippet. * * @param string $id Snippet id */ public function delete($id) { if (!AuthUser::hasPermission('snippet_delete')) { Flash::set('error', __('You do not have permission to delete snippets!')); redirect(get_url('snippet')); } // find the user to delete if ($snippet = Record::findByIdFrom('Snippet', $id)) { if ($snippet->delete()) { Flash::set('success', __('Snippet :name has been deleted!', array(':name' => $snippet->name))); Observer::notify('snippet_after_delete', $snippet); } else { Flash::set('error', __('Snippet :name has not been deleted!', array(':name' => $snippet->name))); } } else { Flash::set('error', __('Snippet not found!')); } redirect(get_url('snippet')); }
<div class="modify"> <a href="<?php echo get_url('page/add', $child->id); ?> "><img src="<?php echo URI_PUBLIC . CORE_FOLDER; ?> /admin/images/plus.png" align="middle" title="<?php echo __('Add child'); ?> " alt="<?php echo __('Add child'); ?> " /></a> <?php if (!$child->is_protected || AuthUser::hasPermission('administrator') || AuthUser::hasPermission('developer')) { ?> <a class="remove" href="<?php echo get_url('page/delete/' . $child->id); ?> " onclick="return confirm('<?php echo __('Are you sure you wish to delete'); ?> <?php echo $child->title; ?> <?php echo __('and its underlying pages'); ?> ?');"><img src="<?php echo URI_PUBLIC . CORE_FOLDER;
public function delete($id) { if (!AuthUser::hasPermission('user_delete')) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url()); } // Sanity checks use_helper('Validate'); if (!Validate::numeric($id)) { Flash::set('error', __('Invalid input found!')); redirect(get_url()); } // CSRF checks if (isset($_GET['csrf_token'])) { $csrf_token = $_GET['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL . 'user/delete/' . $id)) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('user')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('user')); } // security (dont delete the first admin) if ($id > 1) { // find the user to delete if ($user = Record::findByIdFrom('User', $id)) { if ($user->delete()) { Flash::set('success', __('User <strong>:name</strong> has been deleted!', array(':name' => $user->name))); Observer::notify('user_after_delete', $user->name); } else { Flash::set('error', __('User <strong>:name</strong> has not been deleted!', array(':name' => $user->name))); } } else { Flash::set('error', __('User not found!')); } } else { Flash::set('error', __('Action disabled!')); } redirect(get_url('user')); }
if ($action == 'edit') { echo __('Leave password blank for it to remain unchanged.'); } ?> </td> </tr> <tr> <td class="label"><label for="user_confirm"><?php echo __('Confirm Password'); ?> </label></td> <td class="field"><input class="textbox" id="user_confirm" maxlength="40" name="user[confirm]" size="40" type="password" value="" /></td> </tr> <?php if (AuthUser::hasPermission('administrator')) { ?> <tr> <td class="label"><?php echo __('Roles'); ?> </td> <td class="field"> <?php $user_permissions = $user instanceof User ? $user->getPermissions() : array('editor'); foreach ($permissions as $perm) { ?> <span class="checkbox"><input<?php if (in_array($perm->name, $user_permissions)) { echo ' checked="checked"';
</table> <?php Observer::notify('user_edit_view_after_details', $user); ?> <p class="buttons"> <input class="button" name="commit" type="submit" accesskey="s" value="<?php echo __('Save'); ?> " /> <?php echo __('or'); ?> <a href="<?php echo AuthUser::hasPermission('administrator') ? get_url('user') : get_url(); ?> "><?php echo __('Cancel'); ?> </a> </p> </form> <script type="text/javascript"> // <![CDATA[ function setConfirmUnload(on, msg) { window.onbeforeunload = (on) ? unloadMessage : null; return true; }
public function delete($id) { if (!AuthUser::hasPermission('user_delete')) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url()); } // security (dont delete the first admin) if ($id > 1) { // find the user to delete if ($user = Record::findByIdFrom('User', $id)) { if ($user->delete()) { Flash::set('success', __('User <strong>:name</strong> has been deleted!', array(':name' => $user->name))); Observer::notify('user_after_delete', $user->name); } else { Flash::set('error', __('User <strong>:name</strong> has not been deleted!', array(':name' => $user->name))); } } else { Flash::set('error', __('User not found!')); } } else { Flash::set('error', __('Action disabled!')); } redirect(get_url('user')); }
/** * Used to delete a page. * * @todo make sure we not only delete the page but also all parts and all children! * * @param int $id Id of page to delete */ public function delete($id) { // Sanity checks use_helper('Validate'); if (!Validate::numeric($id)) { Flash::set('error', __('Invalid input found!')); redirect(get_url()); } // CSRF checks if (isset($_GET['csrf_token'])) { $csrf_token = $_GET['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL . 'page/delete/' . $id)) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('page')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('page')); } // security (dont delete the root page) if ($id > 1) { // find the page to delete if ($page = Record::findByIdFrom('Page', $id)) { // check for permission to delete this page if (!AuthUser::hasPermission('page_delete') && $page->is_protected) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url('page')); } // need to delete all page_parts too !! PagePart::deleteByPageId($id); if ($page->delete()) { Observer::notify('page_delete', $page); Flash::set('success', __('Page :title has been deleted!', array(':title' => $page->title))); } else { Flash::set('error', __('Page :title has not been deleted!', array(':title' => $page->title))); } } else { Flash::set('error', __('Page is not found!')); } } else { Flash::set('error', __('Action disabled!')); } redirect(get_url('page')); }
<div class="status"><?php echo __('Status'); ?> </div> <div class="modify"><?php echo __('Modify'); ?> </div> </div> <ul id="site-map-root"> <li id="page-0" class="node level-0"> <div class="page" style="padding-left: 4px"> <span class="w1"> <?php if ($root->is_protected && !AuthUser::hasPermission('administrator') && !AuthUser::hasPermission('developer')) { ?> <img align="middle" class="icon" src="images/page.png" alt="page icon" /> <span class="title"><?php echo $root->title; ?> </span> <?php } else { ?> <a href="<?php echo get_url('page/edit/1'); ?> " title="/"><img align="middle" class="icon" src="images/page.png" alt="page icon" /> <span class="title"><?php echo $root->title; ?> </span></a>
<? if ( AuthUser::hasPermission('redirector_delete') ) : ?> <a class="remove" href="<?=get_url('plugin/redirector/remove/404/'.$error->id)?>"><img src="<?=PLUGINS_URI;?>/redirector/images/icon-remove.png" alt="Remove 404" title="Remove 404" /></a> <? endif; ?> </span> <div class="clearfix"></div> </div> <? endforeach; ?> <? else : ?> <p><em><?php echo __('There are no 404 errors yet.'); ?></em></p> <? endif; ?> <? if ( AuthUser::hasPermission('redirector_edit') ) : ?> <script type="text/javascript" charset="utf-8"> $(function(){ $('div.entry').click(function(event){ var $target = $(event.target); if( $target.is('a') ) { alert('clicked link'); return; } $('html, body').animate({ scrollTop: $("#new").offset().top }, 500); $('#url').val($(this).attr('url')).focus(); $('#dest').val($(this).attr('dest')); });
function main() { // get the uri string from the query $path = $_SERVER['QUERY_STRING']; // Make sure special characters are decoded (support non-western glyphs like japanese) $path = urldecode($path); // START processing $_GET variables // If we're NOT using mod_rewrite, we check for GET variables we need to integrate if (!USE_MOD_REWRITE && strpos($path, '?') !== false) { $_GET = array(); // empty $_GET array since we're going to rebuild it list($path, $get_var) = explode('?', $path); $exploded_get = explode('&', $get_var); if (count($exploded_get)) { foreach ($exploded_get as $get) { list($key, $value) = explode('=', $get); $_GET[$key] = $value; } } } else { if (!USE_MOD_REWRITE && (strpos($path, '&') !== false || strpos($path, '=') !== false)) { $path = '/'; } } // If we're using mod_rewrite, we should have a WOLFPAGE entry. if (USE_MOD_REWRITE && array_key_exists('WOLFPAGE', $_GET)) { $path = $_GET['WOLFPAGE']; unset($_GET['WOLFPAGE']); } else { if (USE_MOD_REWRITE) { // We're using mod_rewrite but don't have a WOLFPAGE entry, assume site root. $path = '/'; } } // Needed to allow for ajax calls to backend if (array_key_exists('WOLFAJAX', $_GET)) { $path = '/' . ADMIN_DIR . $_GET['WOLFAJAX']; unset($_GET['WOLFAJAX']); } // END processing $_GET variables // remove suffix page if founded if (URL_SUFFIX !== '' and URL_SUFFIX !== '/') { $path = preg_replace('#^(.*)(' . URL_SUFFIX . ')$#i', "\$1", $path); } define('CURRENT_PATH', trim($path, '/')); // Alias for backward compatibility, this constant should no longer be used. define('CURRENT_URI', CURRENT_PATH); if ($path != null && $path[0] != '/') { $path = '/' . $path; } // Check if there's a custom route defined for this URI, // otherwise continue and assume page was requested. if (Dispatcher::hasRoute($path)) { Observer::notify('dispatch_route_found', $path); Dispatcher::dispatch($path); exit; } foreach (Observer::getObserverList('page_requested') as $callback) { $path = call_user_func_array($callback, array(&$path)); } // this is where 80% of the things is done $page = Page::findByPath($path, true); // if we found it, display it! if (is_object($page)) { // If a page is in preview status, only display to logged in users if (Page::STATUS_PREVIEW == $page->status_id) { AuthUser::load(); if (!AuthUser::isLoggedIn() || !AuthUser::hasPermission('page_view')) { pageNotFound($path); } } // If page needs login, redirect to login if ($page->getLoginNeeded() == Page::LOGIN_REQUIRED) { AuthUser::load(); if (!AuthUser::isLoggedIn()) { Flash::set('redirect', $page->url()); redirect(URL_PUBLIC . (USE_MOD_REWRITE ? '' : '?/') . ADMIN_DIR . '/login'); } } Observer::notify('page_found', $page); $page->_executeLayout(); } else { pageNotFound($path); } }
* * This file is part of Wolf CMS. Wolf CMS is licensed under the GNU GPLv3 license. * Please see license.txt for the full license text. */ /** * @package Views * * @author Philippe Archambault <*****@*****.**> * @copyright Philippe Archambault, 2008 * @license http://www.gnu.org/licenses/gpl.html GPLv3 license */ if (Dispatcher::getAction() == 'index') { ?> <?php if (AuthUser::hasPermission('snippet_add')) { ?> <p class="button"><a href="<?php echo get_url('snippet/add'); ?> "><img src="<?php echo PATH_PUBLIC; ?> wolf/admin/images/snippet.png" align="middle" alt="snippet icon" /> <?php echo __('New Snippet'); ?> </a></p> <?php } ?>
<option value="<?php echo Page::LOGIN_REQUIRED; ?> "<?php echo $page->needs_login == Page::LOGIN_REQUIRED ? ' selected="selected"' : ''; ?> ><?php echo __('required'); ?> </option> </select> <input id="page_is_protected" name="page[is_protected]" class="checkbox" type="checkbox" value="1"<?php if ($page->is_protected) { echo ' checked="checked"'; } if (!AuthUser::hasPermission('admin_edit')) { echo ' disabled="disabled"'; } ?> /><label for="page_is_protected" title="<?php echo __('When enabled, only users who are an administrator can edit the page.'); ?> "> <?php echo __('Protected'); ?> </label> </td> </tr> <?php } ?>
/** * Used to delete a page. * * @todo make sure we not only delete the page but also all parts and all children! * * @param int $id Id of page to delete */ public function delete($id) { // security (dont delete the root page) if ($id > 1) { // find the page to delete if ($page = Record::findByIdFrom('Page', $id)) { // check for permission to delete this page if (!AuthUser::hasPermission('page_delete') && $page->is_protected) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url('page')); } // need to delete all page_parts too !! PagePart::deleteByPageId($id); if ($page->delete()) { Observer::notify('page_delete', $page); Flash::set('success', __('Page :title has been deleted!', array(':title' => $page->title))); } else { Flash::set('error', __('Page :title has not been deleted!', array(':title' => $page->title))); } } else { Flash::set('error', __('Page not found!')); } } else { Flash::set('error', __('Action disabled!')); } redirect(get_url('page')); }
<div class="view"><?php echo __('View'); ?> </div> <div class="modify"><?php echo __('Modify'); ?> </div> </div> <ul id="site-map-root"> <li id="page-0" class="node level-0"> <div class="page" style="padding-left: 4px"> <span class="w1"> <?php if (!AuthUser::hasPermission('page_edit') || !AuthUser::hasPermission('admin_edit') && $root->is_protected) { ?> <img align="middle" class="icon" src="<?php echo URI_PUBLIC; ?> wolf/admin/images/page.png" alt="page icon" /> <span class="title"><?php echo $root->title; ?> </span> <?php } else { ?> <a href="<?php echo get_url('page/edit/1'); ?> " title="/"><img align="middle" class="icon" src="<?php
<a class="add-child-link" href="<?php echo get_url('page/add', $child->id); ?> "><img src="<?php echo URI_PUBLIC; ?> wolf/admin/images/plus.png" align="middle" title="<?php echo __('Add child'); ?> " alt="<?php echo __('Add child'); ?> " /></a> <!-- //For about page okstmtcc --> <?php if ((!$child->is_protected || AuthUser::hasPermission('page_delete')) && $child->id != 4) { ?> <a class="remove" href="<?php echo get_url('page/delete/' . $child->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'page/delete/' . $child->id)); ?> " onclick="return confirm('<?php echo __('Are you sure you wish to delete'); ?> <?php echo $child->title; ?> <?php echo __('and its underlying pages'); ?> ?');"><img src="<?php echo URI_PUBLIC;
?> " /> <input id="page_valid_until_time" maxlength="8" name="page[valid_until_time]" size="8" type="text" value="<?php echo substr($page->valid_until, 11); ?> " /> </td> </tr> <?php } ?> <?php } ?> <?php if (AuthUser::hasPermission('page_edit')) { ?> <tr> <td class="label"><label for="page_needs_login"><?php echo __('Login:'******'When enabled, users have to login before they can view the page.'); ?> "> <option value="<?php echo Page::LOGIN_INHERIT; ?> "<?php
?> <li class="right"><a href="<?php echo get_url('setting'); ?> "<?php if ($ctrl == 'setting') { echo ' class="current"'; } ?> ><?php echo __('Administration'); ?> </a></li> <?php } if (AuthUser::hasPermission('user_view')) { ?> <li class="right"><a href="<?php echo get_url('user'); ?> "<?php if ($ctrl == 'user') { echo ' class="current"'; } ?> ><?php echo __('Users'); ?> </a></li> <?php }
public function settings_save() { AuthUser::load(); if (!AuthUser::isLoggedIn()) { redirect(get_url('login')); } else { if (!AuthUser::hasPermission('admin_edit')) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url()); } } if (!isset($_POST['settings'])) { Flash::set('error', 'File Manager - ' . __('form was not posted.')); redirect(get_url('plugin/file_manager/settings')); } else { $settings = $_POST['settings']; if ($settings['umask'] == 0) { $settings['umask'] = 0; } elseif (!preg_match('/^0?[0-7]{3}$/', $settings['umask'])) { $settings['umask'] = 0; } if (strlen($settings['umask']) === 3) { $settings['umask'] = '0' . $settings['umask']; } elseif (strlen($settings['umask']) !== 4 && $settings['umask'] != 0) { $settings['umask'] = 0; } if (!preg_match('/^0?[0-7]{3}$/', $settings['dirmode'])) { $settings['dirmode'] = '0755'; } if (strlen($settings['dirmode']) === 3) { $settings['dirmode'] = '0' . $settings['dirmode']; } if (!preg_match('/^0?[0-7]{3}$/', $settings['filemode'])) { $settings['filemode'] = '0755'; } if (strlen($settings['filemode']) === 3) { $settings['filemode'] = '0' . $settings['filemode']; } } if (Plugin::setAllSettings($settings, 'file_manager')) { Flash::setNow('success', 'File Manager - ' . __('plugin settings saved.')); } else { Flash::setNow('error', 'File Manager - ' . __('plugin settings not saved!')); } $this->display('file_manager/views/settings', array('settings' => $settings)); }
</table> <?php Observer::notify('user_edit_view_after_details', $user); ?> <p class="buttons"> <input class="button" name="commit" type="submit" accesskey="s" value="<?php echo __('Save'); ?> " /> <?php echo __('or'); ?> <a href="<?php echo AuthUser::hasPermission('user_view') ? get_url('user') : get_url(); ?> "><?php echo __('Cancel'); ?> </a> </p> </form> <script type="text/javascript"> // <![CDATA[ function setConfirmUnload(on, msg) { window.onbeforeunload = (on) ? unloadMessage : null; return true; }
echo __('Opening Hour'); ?> </h3> <div id="meta-pages" class="pages"> <input class="textbox" id="opening_hour" name="attraction[opening_hour]" type="text" size="40" value="<?php if (!empty($attraction->opening_hour)) { echo $attraction->opening_hour; } elseif (!empty($postdata['opening_hour'])) { echo $postdata['opening_hour']; } ?> " /> </div> <?php if (AuthUser::hasPermission('attraction_geo')) { ?> <h3><?php echo __('Latitude'); ?> </h3> <div id="meta-pages" class="pages"> <input class="textbox" id="latitude" name="attraction[latitude]" type="text" size="40" value="<?php if (!empty($attraction->latitude)) { echo $attraction->latitude; } elseif (!empty($postdata['latitude'])) { echo $postdata['latitude']; } ?> " />