function validate()
{
// make sure that the user is uploading a file
$this->_files = HttpVars::getFiles();
$this->_templateId = $this->_request->getValue("templateId");
$this->_subFolderId = $this->_request->getValue("subFolderId");
// check if there's any file to upload
if (count($this->_files) != 1) {
if (empty($this->_subFolderId)) {
$this->_view = new PluginBlogTemplatesListView($this->_blogInfo, $this->_templateId);
} else {
$this->_view = new PluginBlogTemplateSubFolderListView($this->_blogInfo, $this->_templateId, $this->_subFolderId);
}
$this->_view->setErrorMessage($this->_locale - tr("error_must_upload_file"));
$this->setCommonData();
return false;
}
if (!$this->isValidExtension($this->_files['resourceFile']['name'])) {
if (empty($this->_subFolderId)) {
$this->_view = new PluginBlogTemplatesListView($this->_blogInfo, $this->_templateId);
} else {
$this->_view = new PluginBlogTemplateSubFolderListView($this->_blogInfo, $this->_templateId, $this->_subFolderId);
}
$this->_view->setErrorMessage($this->_locale->tr("templateeditor_error_templatefile_extension"));
$this->setCommonData();
return false;
}
return true;
}
/**
* Loads the current locale. It works so that it tries to fetch the parameter "lang" from the
* request. If it's not available, then it will try to look for it in the session. If it is not
* there either, it will try to guess the most prefered language according to what the User Agent
* included in the HTTP_ACCEPT_LANGUAGE string sent with the request. If none matches available
* languages we have to use the value of "default_locale" and display the default language.
*
* @private
* @return Returns a reference to a Locale object
*/
function &_loadLocale()
{
$requestLocale =& $this->_request->getValue("lang");
$localeCode = "";
$serverVars =& HttpVars::getServer();
// check if there's something in the request...
// if not, check the session or at least try to
// guess the apropriate languege from the http_accept_lnaguage string
if ($requestLocale) {
// check if it's a valid one
if (Locales::isValidLocale($requestLocale)) {
$localeCode = $requestLocale;
}
} else {
$sessionLocale =& SessionManager::getSessionValue("summaryLang");
if ($sessionLocale) {
$localeCode = $sessionLocale;
} elseif ($this->_config->getValue("use_http_accept_language_detection", HTTP_ACCEPT_LANGUAGE_DETECTION) == 1) {
$localeCode =& $this->_matchHttpAcceptLanguages($serverVars['HTTP_ACCEPT_LANGUAGE']);
}
}
// check if the locale code is correct
// and as a valid resort, use the default one if the locale ist not valid or 'false'
if ($localeCode === false || !Locales::isValidLocale($localeCode)) {
$localeCode = $this->_config->getValue("default_locale");
}
// now put whatever locale value back to the session
SessionManager::setSessionValue("summaryLang", $localeCode);
// load the correct locale
$locale =& Locales::getLocale($localeCode);
return $locale;
}
function ResourceServerAction($actionInfo, $request)
{
$this->Action($actionInfo, $request);
// keep the session for later use
$session = HttpVars::getSession();
$this->_session = $session['SessionInfo'];
$this->_config =& Config::getConfig();
}
/**
* Carries out the specified action
*/
function perform()
{
// fetch the information coming from the resource
$this->_description = Textfilter::filterAllHTML($this->_request->getValue("resourceDescription"));
$this->_albumId = $this->_request->getValue("albumId");
$this->_resource = $this->_request->getValue("resourceFile");
// check if there is any file uploaded
$files = HttpVars::getFiles();
// we probably need to rearrange the $files array a bit better...
$this->_files = array();
foreach ($files as $file) {
if ($file["error"] == 0 && $file["size"] > 0 && $file["name"] != "") {
$this->_files[] = $file;
}
}
// let the gallery library do its work...
$resources = new GalleryResources();
$this->_view = new AdminResourcesListView($this->_blogInfo, array("albumId" => $this->_albumId));
$successMessage = "";
$errorMessage = "";
foreach ($this->_files as $file) {
// create a new FileUpload object based on the file
$upload = new FileUpload($file);
// add the resource to the db
$this->notifyEvent(EVENT_PRE_RESOURCE_ADD, array("upload" => &$upload));
$res = $resources->addResource($this->_blogInfo->getId(), $this->_albumId, $this->_description, $upload);
// check if everything went fine and if not, show an error message
if ($res > 0) {
$successMessage .= $this->_locale->pr("resource_added_ok", $file["name"]) . "<br/>";
// try to fetch the resource so that we can send it in the event
$resource = $resources->getResource($res, $this->_blogInfo->getId());
$this->notifyEvent(EVENT_POST_RESOURCE_ADD, array("resource" => &$resource));
} else {
if ($res == GALLERY_ERROR_RESOURCE_FORBIDDEN_EXTENSION) {
$errorMessage .= $this->_locale->pr("error_resource_forbidden_extension", $file["name"]) . "<br/>";
} elseif ($res == GALLERY_ERROR_RESOURCE_TOO_BIG) {
$errorMessage .= $this->_locale->pr("error_resource_too_big", $file["name"]) . "<br/>";
} elseif ($res == GALLERY_ERROR_UPLOADS_NOT_ENABLED) {
$errorMessage .= $this->_locale->tr("error_uploads_disabled") . "<br/>";
} elseif ($res == GALLERY_ERROR_QUOTA_EXCEEDED) {
$errorMessage .= $this->_locale->tr("error_quota_exceeded") . "<br/>";
} else {
$errorMessage .= $this->_locale->pr("error_adding_resource", $file["name"]) . "<br/>";
}
}
}
// clear the cache no matter what happened... we should only clear it if there was at least one
// file uploaded but this way is not that bad after all...
CacheControl::resetBlogCache($this->_blogInfo->getId(), false);
if ($successMessage != "") {
$this->_view->setSuccessMessage($successMessage);
}
if ($errorMessage != "") {
$this->_view->setErrorMessage($errorMessage);
}
$this->setCommonData();
return true;
}
/**
* @private
*/
function _getDestination()
{
$dest = HttpVars::getRequestValue("dest");
$val = new IntegerValidator();
if (!$val->validate($dest) || $dest < 1 || $dest > 3) {
$dest = 1;
}
return $dest;
}
/**
* installs an uploaded template
*/
function _performUploadTemplate()
{
// handle the uploaded file
$files = HttpVars::getFiles();
$uploads = new FileUploads($files);
if (count($files) == 0 || $files["templateFile"]["name"] == "") {
$this->_view = new AdminTemplatedView($this->_blogInfo, "newglobaltemplate");
$this->_view->setValue("templateFolder", TemplateSetStorage::getBaseTemplateFolder());
$this->_view->setErrorMessage($this->_locale->tr("error_must_upload_file"));
$this->setCommonData();
return false;
}
$config =& Config::getConfig();
$tmpFolder = $config->getValue('temp_folder');
// move it to the temporary folder
$result = $uploads->process($tmpFolder);
// and from there, unpack it
$upload = new FileUpload($files['templateFile']);
$templateSandbox = new TemplateSandbox();
$valid = $templateSandbox->checkTemplateSet($upload->getFileName(), $tmpFolder . '/');
if ($valid < 0) {
$this->_view = new AdminSiteTemplatesListView($this->_blogInfo);
$this->_view->setErrorMessage($this->_checkTemplateSandboxResult($valid));
$this->setCommonData();
return false;
}
// the template was ok, so then we can proceed and move it to the main
// template folder, add it to our array of templates
//
// :KLUDGE:
//
// maybe we should simply move the files rather than unpacking the whole
// thing again, but this indeed makes things easier! ;)
$unpacker = new Unpacker();
$templateFolder = $config->getValue('template_folder');
$fileToUnpack = $tmpFolder . '/' . $upload->getFileName();
if (!$unpacker->unpack($fileToUnpack, $templateFolder)) {
$this->_view = new AdminSiteTemplatesListView($this->_blogInfo);
$tf = new Textfilter();
$this->_view->setErrorMessage($this->_locale->pr('error_installing_template', $tf->filterAllHtml($upload->getFileName())));
$this->setCommonData();
return false;
}
// if the template set was installed ok in the template folder, we can record
// it as a valid set
$ts = new TemplateSetStorage();
$fileParts = explode(".", $upload->getFileName());
$templateName = $fileParts[0];
$ts->addTemplate($templateName);
$this->_view = new AdminSiteTemplatesListView($this->_blogInfo);
$this->_view->setSuccessMessage($this->_locale->pr('template_installed_ok', $templateName));
$this->setCommonData();
return true;
}
function perform()
{
// get the search terms that have already been validated...
$this->_searchTerms = $this->_request->getValue("searchTerms");
// check if the search feature is disabled in this site...
$config =& Config::getConfig();
if (!$config->getValue("search_engine_enabled")) {
$this->_view = new ErrorView($this->_blogInfo, "error_search_engine_disabled");
$this->setCommonData();
return false;
}
// create the view and make sure that it hasn't been cached
$this->_view = new BlogTemplatedView($this->_blogInfo, VIEW_SEARCH_TEMPLATE, array("searchTerms" => $this->_searchTerms));
if ($this->_view->isCached()) {
return true;
}
$searchEngine = new SearchEngine();
$searchResults = $searchEngine->search($this->_blogInfo->getId(), $this->_searchTerms);
// MARKWU: I add the searchterms variable for smarty/plog template
$searchTerms = $searchEngine->getAdaptSearchTerms($this->_searchTerms);
// if no search results, return an error message
if (count($searchResults) == 0) {
$this->_view = new ErrorView($this->_blogInfo, "error_no_search_results");
$this->setCommonData();
return true;
}
// if only one search result, we can see it straight away
if (count($searchResults) == 1) {
// we have to refill the $_REQUEST array, since the next action
// is going to need some of the parameters
$request =& HttpVars::getRequest();
$searchResult = array_pop($searchResults);
$article = $searchResult->getArticle();
$request["articleId"] = $article->getId();
$request["blogId"] = $this->_blogInfo->getId();
HttpVars::setRequest($request);
// since there is only one article, we can use the ViewArticleAction action
// to display that article, instead of copy-pasting the code and doing it here.
// You just have to love MVC and OOP :)
return Controller::setForwardAction("ViewArticle");
}
// or else, show a list with all the posts that match the requested
// search terms
$this->_view->setValue("searchresults", $searchResults);
// MARKWU: Now, I can use the searchterms to get the keyword
$this->_view->setValue("searchterms", $searchTerms);
// MARKWU:
$config =& Config::getConfig();
$urlmode = $config->getValue("request_format_mode");
$this->_view->setValue("urlmode", $urlmode);
$this->setCommonData();
return true;
}
/**
* Validate if everything is correct
*/
function validate()
{
// first of all, check if we have a valid blog id
$this->_blogId = $this->_request->getValue("blogId");
if ($this->_blogId == "" || $this->_blogId < 0) {
// check if the user really belongs to one or more blogs and if not, quit
$users = new Users();
$userBlogs = $users->getUsersBlogs($this->_userInfo->getId(), BLOG_STATUS_ACTIVE);
if (count($userBlogs) == 0) {
$this->_view = new AdminSimpleErrorView();
$this->_view->setValue("message", $this->_locale->tr("error_dont_belong_to_any_blog"));
return false;
}
// if everything went fine, then we can continue...
$this->_view = new AdminDashboardView($this->_userInfo, $userBlogs);
return false;
}
// load the blog
$blogs = new Blogs();
$this->_blogInfo = $blogs->getBlogInfo($this->_blogId);
// check if the blog really exists
if (!$this->_blogInfo) {
$this->_view = new AdminSimpleErrorView();
$this->_view->setValue("message", $this->_locale->tr("error_incorrect_blog_id"));
return false;
}
// if so, check that it is active
if ($this->_blogInfo->getStatus() != BLOG_STATUS_ACTIVE) {
$this->_view = new AdminSimpleErrorView();
$this->_view->setValue("message", $this->_locale->tr("error_incorrect_blog_id"));
return false;
}
// if the blog identifier is valid, now we should now check if the user belongs
// to that blog so that we know for sure that nobody has tried to forge the
// parameter in the meantime
$userPermissions = new UserPermissions();
$blogUserPermissions = $userPermissions->getUserPermissions($this->_userInfo->getId(), $this->_blogInfo->getId());
if (!$blogUserPermissions) {
$this->_view = new AdminSimpleErrorView();
$this->_view->setValue("message", $this->_locale->tr("error_no_permissions"));
return false;
}
// if all correct, we can now set the blogInfo object in the session for later
// use
$this->_session->setValue("blogInfo", $this->_blogInfo);
$session = HttpVars::getSession();
$session["SessionInfo"] = $this->_session;
HttpVars::setSession($session);
return true;
}
/**
* retrieves the current status from the request
*
* @private
* @return nothing
*/
function getStatusFromRequest()
{
$status = HttpVars::getRequestValue("status");
// validate the value
$val = new IntegerValidator();
if (!$val->validate($status)) {
$status = UserStatus::getDefaultStatus();
}
// if the value validated, check if it is a valid status
if (!UserStatus::isValidStatus($status)) {
$status = UserStatus::getDefaultStatus();
}
return $status;
}
function sessionInfoAvailable()
{
$session = HttpVars::getSession();
if (isset($session["SessionInfo"])) {
$sessionInfo = $session["SessionInfo"];
$this->_blogInfo = $sessionInfo->getValue("blogInfo");
$this->_userInfo = $sessionInfo->getValue("userInfo");
if ($this->_blogInfo == "" || $this->_userInfo == "") {
return false;
} else {
return true;
}
} else {
return false;
}
}
function perform()
{
// check if the password is correct
$secretItems = new SecretItems();
// if not, show another error
if (!$secretItems->authenticateItem($this->_articleId, $this->_password)) {
$this->_view = new ErrorView($this->_blogInfo, "Sorry, better luck next time!");
$this->setCommonData();
return false;
}
// but if correct, put the information in the session and try again
$session = HttpVars::getSession();
$sessionKey = "article_" . $this->_articleId;
$session["{$sessionKey}"] = "OK";
HttpVars::setSession($session);
BlogController::setForwardAction("ViewArticle");
return true;
}
/**
* returns true if a given url is using a subdomain or not. It works by comparing
* the url with "base_url" from the plog_config table. If they match, then the incoming
* url is *not* using subdomains. Otherwise, it will return true
*
* @param url If null, use $_SERVER["HTTP_HOST"]
* @return true if the given url is subdomained or not
* @static
*/
function isSubdomainUrl($url = null)
{
// prepare the url
if ($url == null) {
$server = HttpVars::getServer();
$urlObject = new Url("http://" . $server["HTTP_HOST"]);
} else {
$urlObject = new Url($url);
}
// and now get the base_url
$config =& Config::getConfig();
$baseUrlObject = new Url($config->getValue("base_url"));
// and finally check if whether they match or not
if ($urlObject->getHost() == $baseUrlObject->getHost()) {
$isSubdomain = false;
} else {
$isSubdomain = true;
}
// return it...
return $isSubdomain;
}
/**
* Carries out the specified action
*/
function perform()
{
$this->_view = new AdminDefaultView();
$this->notifyEvent(EVENT_PRE_LOGOUT);
// remove all the information from the session
$session = HttpVars::getSession();
$session["SessionInfo"] = null;
unset($session["SessionInfo"]);
$session = array();
HttpVars::setSession($session);
session_destroy();
// and pass the locale to the template
$config =& Config::getConfig();
$locale =& Locales::getLocale($config->getValue("default_locale"));
$url =& $this->_blogInfo->getBlogRequestGenerator();
$blogTitle = $this->_blogInfo->getBlog();
$logoutMessage = $this->_locale->tr("logout_message") . "<br/>" . $locale->pr("logout_message_2", $url->blogLink(), $blogTitle);
$this->_view->setSuccessMessage($logoutMessage);
$this->notifyEvent(EVENT_POST_LOGOUT);
// better to return true if everything fine
return true;
}
/**
* Checks the given email address
*/
function validate($value)
{
if (empty($value)) {
$this->_setError(false);
return true;
}
list($userName, $domain) = explode("@", $value);
$connectAddress = $domain;
if (!Dns::checkdnsrr($domain, "A")) {
$this->_setError(ERROR_RULE_EMAIL_DNS_SERVER_UNREACHABLE);
return false;
}
if (Dns::checkdnsrr($domain, "MX") && Dns::getmxrr($domain, $mxHosts)) {
$connectAddress = $mxHosts[0];
}
if ($connect = fsockopen($connectAddress, 25)) {
$out = fgets($connect, 1024);
if (ereg("^220", $out)) {
$server =& HttpVars::getServer();
fputs($connect, "HELO " . $server["HTTP_HOST"] . "\r\n");
$out = fgets($connect, 1024);
fputs($connect, "MAIL FROM: <" . $value . ">\r\n");
$from = fgets($connect, 1024);
fputs($connect, "RCPT TO: <" . $value . ">\r\n");
$to = fgets($connect, 1024);
fputs($connect, "QUIT\r\n");
fclose($connect);
if (!ereg("^250", $from) || !ereg("^250", $to)) {
$this->_setError(ERROR_RULE_EMAIL_DNS_NOT_PERMITTED);
return false;
}
}
} else {
$this->_setError(ERROR_RULE_EMAIL_DNS_SERVER_UNREACHABLE);
return false;
}
return true;
}
function _performUploadLocale()
{
// since we are here, the file name was validated to be ok, so we can
// continue with the operation
$files = HttpVars::getFiles();
$uploads = new FileUploads($files);
$this->_view = new AdminSiteLocalesListView($this->_blogInfo);
// we can first of all move the file to the destionation folder
$result = $uploads->process($this->_config->getValue("locale_folder"));
// the only thing that can happen is that the file was not correctly saved
if ($result[0]->getError() != 0) {
$this->_view->setErrorMessage($this->_locale->tr("error_saving_locale"));
return false;
}
// and once it's there, we can do as if we were adding a locale code
$upload = new FileUpload($files["localeFile"]);
$res = preg_match(REGEXP_VALID_LOCALE, $upload->getFileName(), $matches);
$localeCode = $matches[1];
// add the file to the list of locales
$locales = new Locales();
$locales->addLocale($localeCode);
$this->_view->setSuccessMessage($this->_locale->pr("locale_added_ok", $localeCode));
return true;
}
/**
* Saves the session data
* @private
*/
function saveSession()
{
$this->_session->setValue("blogInfo", $this->_blogInfo);
$this->_session->setValue("userInfo", $this->_userInfo);
//$_SESSION["SessionInfo"] = $this->_session;
$session = HttpVars::getSession();
$session["SessionInfo"] = $this->_session;
HttpVars::setSession($session);
}
//ini_set('memory_limit', "16M");
if (!defined("PLOG_CLASS_PATH")) {
define("PLOG_CLASS_PATH", dirname(__FILE__) . "/");
}
include_once PLOG_CLASS_PATH . "class/controller/blogcontroller.class.php";
include_once PLOG_CLASS_PATH . "class/net/http/session/sessionmanager.class.php";
include_once PLOG_CLASS_PATH . "class/dao/userinfo.class.php";
include_once PLOG_CLASS_PATH . "class/dao/bloginfo.class.php";
include_once PLOG_CLASS_PATH . "class/plugin/pluginmanager.class.php";
// just to make php use & as the separator when adding the PHPSESSID
// variable to our requests
ini_set("arg_seperator.output", "&");
ini_set("magic_quotes_runtime", 0);
//
// a security check, or else people might forget to remove the wizard.php script
//
if (File::isReadable("wizard.php")) {
print "<span style=\"color:red\">The wizard.php script has to be removed after the installation process.</span><br/><br/>\n Please remove it first to continue.";
die;
}
// initialize the session
SessionManager::init();
$controller = new BlogController();
// load the plugins, this needs to be done *before* we call the
// Controller::process() method, as some of the plugins _might_
// add new actions to the controller
$pluginManager =& PluginManager::getPluginManager();
$pluginManager->loadPlugins();
// give control to the, ehem, controller :)
$controller->process(HttpVars::getRequest(), "op");
//xdebug_dump_function_profile(4);
}
return true;
}
/**
*
* whoa believe it or not, in pLog you can also find php code that is not within a class! :-)
*
* perhaps the code below should be cleaned up and put into a TrackbackServer class or something
* like that but since it works the way it is, we'll leave it like it is!
*
*/
// prepare everything...
$config =& Config::getConfig();
// get the post and get parameters
trackbackLog("** Request received");
$params = new Properties(HttpVars::getRequest());
dumpRequest($params);
// check that they are correct and quit if they're not
if ($params->getValue("id") == "" || $params->getValue("id") <= 0) {
$result = errorResponse("Incorrect or missing id parameter.");
print $result;
trackbackLog("Sending error response: {$result}");
trackbackLog("** End");
die;
}
if ($params->getValue("url") == "") {
$result = errorResponse("The url parameter must be present.");
print $result;
trackbackLog("Sending error response: {$result}");
trackbackLog("** End");
die;
if (!defined("PLOG_CLASS_PATH")) {
define("PLOG_CLASS_PATH", dirname(__FILE__) . "/");
}
include_once PLOG_CLASS_PATH . "class/config/config.class.php";
include_once PLOG_CLASS_PATH . "class/net/http/httpvars.class.php";
include_once PLOG_CLASS_PATH . "class/net/customurlhandler.class.php";
// get the configuration data
$config =& Config::getConfig();
// in order to maintain compatilibity with previous version, and the alternative
// format of search-engine friendly urls
if ($config->getValue("request_format_mode") == SEARCH_ENGINE_FRIENDLY_MODE) {
include_once PLOG_CLASS_PATH . "error.php";
die;
}
$server = HttpVars::getServer();
$requestParser = new CustomUrlHandler();
$requestParser->process($server["REQUEST_URI"]);
$vars = $requestParser->getVars();
$params = $requestParser->getParams();
$includeFile = $requestParser->getIncludeFile();
//
// fill in the request with the parameters we need
//
$vars["op"] = "op";
foreach ($vars as $key => $value) {
if (is_array($params) && array_key_exists($key, $params) && $params["{$key}"] != "") {
HttpVars::setRequestValue($vars["{$key}"], $params["{$key}"]);
}
}
// and transfer execution to the main script
include_once PLOG_CLASS_PATH . $includeFile;
*
* To get this to work, we need a provider which allows to use
* .htaccess files in their accounts and at the same time, allows
* to have ErrorDocument directives in the .htaccess file.
*
* This should be the content of the file:
*
* ErrorDocument 401 /plog/error.php
* ErrorDocument 403 /plog/error.php
* ErrorDocument 404 /plog/error.php
*
* If pLog is running somewhere else other than /plog/, then that
* should be changed since an absolute URL is required.
*/
$config =& Config::getConfig();
if ($config->getValue("request_format_mode") == SEARCH_ENGINE_FRIENDLY_MODE) {
$server = HttpVars::getServer();
$request = HttpVars::getRequest();
$parts = split("/", $server["REQUEST_URI"]);
$userParam = $parts[count($parts) - 1];
if (is_numeric($userParam)) {
$request["blogId"] = $userParam;
} else {
$request["blogUserName"] = $userParam;
}
HttpVars::setRequest($request);
$scriptName = $config->getValue("script_name", DEFAULT_SCRIPT_NAME);
include_once PLOG_CLASS_PATH . $scriptName;
} else {
include_once PLOG_CLASS_PATH . "blog.php";
}
/**
* sets a value in the session
*
* @param key the key assigned to this vlaue
* @param value The value assigned
* @return always true
*/
function setSessionValue($key, $value)
{
// switch that informs whether the session manager has already been initialized or not
global $__sessionManagerInitialized;
// check if the session manager has already been initialized
if (!$__sessionManagerInitialized) {
throw new Exception("SessionManager::init() must be called before SessionManager::getSessionValue()");
die;
}
// get the session and SessionInfo object
$session = HttpVars::getSession();
$sessionInfo = $session["SessionInfo"];
// set the value and save it to the session
$sessionInfo->setValue($key, $value);
$session["SessionInfo"] = $sessionInfo;
HttpVars::setSession($session);
return true;
}
/**
* gets the current page from the HTTP request
*
* @return the page number from the request
* @static
*/
function getCurrentPageFromRequest()
{
// get the value from the request
$page = HttpVars::getRequestValue(VIEW_DEFAULT_PAGE_PARAMETER);
// but first of all, validate it
$val = new IntegerValidator();
if (!$val->validate($page)) {
$page = VIEW_DEFAULT_START_PAGE;
}
return $page;
}
/**
* Processess the HTTP request sent by the client
*
* @param httpRequest HTTP request sent by the client
*/
function process($httpRequest)
{
// get the name of the action
$request = new Request($httpRequest);
$i = 0;
$performed = false;
while (!$performed) {
// get the value of this varilable, every loop
global $_plogController_forwardAction;
global $_plogController_previousAction;
// jondaley: 08/29/2005, what are these here for??
// perhaps the global statements should be moved
// inside the elseif loop below?
$_plogController_forwardAction;
$_plogController_previousAction;
if ($i == 0) {
// if this is the first iteration, then we have to take this path...
// since we will use the http request to determine which action to
// use next
$actionName = $request->getValue($this->_actionParam);
$actionClass = $this->_getActionClassName($request->getValue($this->_actionParam));
} elseif (!empty($_plogController_forwardAction)) {
// if we're forwarding the current execution flow to another action, then
// we'll go this way
$actionName = $_plogController_forwardAction;
$actionClass = $this->_getActionClassName($_plogController_forwardAction);
$httpRequest = HttpVars::getRequest();
$_plogController_forwardAction = null;
} else {
// if there's nothing else to do, finish
$performed = true;
}
if (!$performed) {
// load the class if it hasn't been loaded yet
$this->loadActionClass($actionClass);
$actionInfo = new ActionInfo($this->_actionParam, $actionName);
$actionObject = new $actionClass($actionInfo, $httpRequest);
$actionObject->setPreviousAction($_plogController_previousAction);
// we can use the validate method to check the values of the form variables. If validate()
// returns 'true', then we call the 'perform' method. If not, then we won't :)
if ($actionObject->validate()) {
if ($actionObject->perform()) {
$actionObject->setSuccess(true);
} else {
$actionObject->setSuccess(false);
}
}
}
$i++;
}
// once the operation has been carried out, fetch and send the view
// to the client
$view = $actionObject->getView();
// this is not good...
if (empty($view)) {
$e = new Exception('The view is empty after calling the perform method.');
throw $e;
} else {
$view->render();
}
}
/**
* Carries out the action
*/
function perform()
{
// need to check the ip of the client
$clientIp = Client::getIp();
// fetch the same article again so that we can have all the comments from
// the database, plus this last one
$articles = new Articles();
$article = $articles->getBlogArticle($this->_articleId, $this->_blogInfo->getId());
// check if the user wanted to receive comments for this article
// or not...
if ($article->getCommentsEnabled() == false) {
$this->_view = new ErrorView($this->_blogInfo);
$this->_view->setValue("message", "Comments have been disabled for this article.");
$this->setCommonData();
return false;
}
$this->notifyEvent(EVENT_POST_LOADED, array("article" => &$article));
// we have already checked all the data, so we are sure that everything's in place
$comments = new ArticleComments();
$comment = new UserComment($this->_articleId, $this->_parentId, $this->_commentTopic, $this->_commentText, null, $this->_userName, $this->_userEmail, $this->_userUrl, $clientIp);
// check if there is already a comment with the same text, topic and made from the same
// IP already in the database because if so, then we will not add the comment that
// the user is trying to add (a reload button mistake, perhaps?)
if (!$comments->getIdenticalComment($this->_commentTopic, $this->_commentText, $this->_articleId, $this->_parentId, $this->_userName, $this->_userEmail, $this->_userUrl, $clientIp)) {
// fire an event
$this->notifyEvent(EVENT_PRE_COMMENT_ADD, array("comment" => &$comment));
if (!$comments->addComment($comment)) {
// show an error message if problems
$this->_view = new ErrorView($this->_blogInfo);
$this->_view->setValue("message", "error_adding_comment");
$this->setCommonData();
return false;
}
}
// finally, check if there was any user who wanted to be notified of new comments
// to this post...
$notifier = new ArticleNotifications();
$notifier->notifyUsers($article->getId(), $this->_blogInfo);
// fire the post event...
$this->notifyEvent(EVENT_POST_COMMENT_ADD, array("comment" => &$comment));
//
// clear caches. This should be done in a more granular way, because right now
// we're either removing *all* of them or none. I guess we should only remove the
// cache whose identifier corresponds with the blog and article that we just removed,
// but let's leave it as it is for the time being...
//
CacheControl::resetBlogCache($this->_blogInfo->getId());
// clean up the request, there's a parameter called 'userName' also used by
// ViewArticleAction but that doesn't have the same meaning so we better remove it
// before it's too late! We also need to add a new request commentUserName to replace
// original userName, in case developer need it in filter or event plugin.
$request = HttpVars::getRequest();
$request["commentUserName"] = $request["userName"];
$request["userName"] = "";
HttpVars::setRequest($request);
// forward the action to ViewArticleAction
return BlogController::setForwardAction("ViewArticle");
}
function filter()
{
// get some info
$blogInfo = $this->_pipelineRequest->getBlogInfo();
$request = $this->_pipelineRequest->getHttpRequest();
$session = HttpVars::getSession();
// get the article id from the request, since if it is available, then we know
// that we have to ask for the password before we can let users watch it
$articleId = $request->getValue("articleId");
// If we use custom url mode, the article id is not available, we need to use
// - articleName
// - userId
// - categoryId
// - date
// and $articles->getBlogArticleByTitle() to find the value
if ($articleId == "") {
$articleName = $request->getValue("articleName");
$categoryId = $request->getValue("postCategoryId", -1);
$categoryName = $request->getValue("postCategoryName");
$userId = $request->getValue("userId", -1);
$userName = $request->getValue("userName");
$date = $request->getValue("Date", -1);
// If userName available, use it to find userId
if ($userName) {
$users =& new Users();
$user = $users->getUserInfoFromUsername($userName);
if (!$user) {
$result = new PipelineResult(true);
return $result;
}
// if there was a user, use his/her id
$userId = $user->getId();
}
// If categoryName available, use it to find categoryId
if ($categoryName) {
$categories =& new ArticleCategories();
$category = $categories->getCategoryByName($categoryName, $blogInfo->getId());
if (!$category) {
$result = new PipelineResult(true);
return $result;
}
// if there was a user, use his/her id
$categoryId = $category->getId();
}
// fetch the article
// the article identifier can be either its internal id number or its mangled topic
$articles =& new Articles();
$article = $articles->getBlogArticleByTitle($articleName, $blogInfo->getId(), false, $date, $categoryId, $userId, POST_STATUS_PUBLISHED);
if ($article) {
$articleId = $article->getId();
} else {
$result = new PipelineResult(true);
return $result;
}
}
// check if the article should be protected or not
$secretItems = new SecretItems();
if ($secretItems->articleIsSecret($articleId)) {
// if so, first check if the password does not already exist in the session
$itemPassword = $request->getValue("itemPassword");
// do we already have this information in the session?
$sessionKey = "article_" . $articleId . "_auth";
if ($session["{$sessionKey}"] != "") {
// check if the information is correct
if ($secretItems->authenticateItemHash($articleId, $session["{$sessionKey}"])) {
// if all correct, go ahead!
$result = new PipelineResult(true);
return $result;
}
}
// if not, check if we are authenticating now...
if ($itemPassword != "") {
// authenticate using the given password
if (!$secretItems->authenticateItem($articleId, $itemPassword)) {
$result = new PipelineResult(false, 500, "Better luck next time!");
} else {
// if the user authenticated correctly, then put the information in the session
_debug("authenticated correctly!");
$session = HttpVars::getSession();
$session["{$sessionKey}"] = md5($itemPassword);
$result = new PipelineResult(true);
HttpVars::setSession($session);
}
} else {
$ts = new TemplateService();
$t = $ts->PluginTemplate("secret", "passwordform");
$t->assign("locale", $blogInfo->getLocale());
$t->assign("params", $request->getAsArray());
$t->assign("articleId", $articleId);
$t->assign("url", RequestGenerator::getRequestGenerator($blogInfo));
$message = $t->fetch();
$result = new PipelineResult(false, 500, $message);
}
return $result;
}
// if everything went fine, we can say so by returning
// a positive PipelineResult object
$result = new PipelineResult(true);
return $result;
}
/**
* Returns the base URL of the script
*
* @return A string containing the base URL of the script
* @static
*/
function getBaseUrl()
{
$serverVars = HttpVars::getServer();
if (!isset($serverVars['HTTPS']) || strtolower($serverVars['HTTPS']) != 'on') {
$protocol = 'http://';
} else {
$protocol = 'https://';
}
$host = $serverVars["HTTP_HOST"];
$scriptUrl = $serverVars["PHP_SELF"];
return $protocol . $host . $scriptUrl;
}
function _performUploadTemplate()
{
// get the temporary folder
$config =& Config::getConfig();
$tmpFolder = $config->getValue("temp_folder");
// move it to the temporary folder
$files = HttpVars::getFiles();
if (count($files) == 0 || $files["templateFile"]["name"] == "") {
$this->_view = new AdminTemplatedView($this->_blogInfo, "newblogtemplate");
$this->_view->setValue("templateFolder", TemplateSetStorage::getBlogBaseTemplateFolder($this->_blogInfo->getId()));
$this->_view->setErrorMessage($this->_locale->tr("error_must_upload_file"));
$this->setCommonData();
return false;
}
$uploads = new FileUploads($files);
$result = $uploads->process($tmpFolder);
if ($result < 0) {
$this->_view = new AdminBlogTemplateSetsListView($this->_blogInfo);
$this->_view->setErrorMessage($this->_locale->tr("error_uploads_disabled"));
$this->setCommonData();
return false;
}
$upload = new FileUpload($files["templateFile"]);
// and make it go through the template sandbox to check if
// we're dealing with a 'healthy' file
$templateSandbox = new TemplateSandbox();
$valid = $templateSandbox->checkTemplateSet($upload->getFileName(), $tmpFolder . "/");
if ($valid < 0) {
$this->_view = new AdminBlogTemplateSetsListView($this->_blogInfo);
$this->_view->setErrorMessage(AdminAddTemplateAction::_checkTemplateSandboxResult($valid));
$this->setCommonData();
return false;
}
//
// :KLUDGE:
//
// maybe we should simply move the files rather than unpacking the whole
// thing again, but this indeed makes things easier! ;)
//
// since it is a local template, the path has to be $template_folder/blog_x/$templateName
$ts = new TemplateSetStorage();
$blogTemplateFolder = $ts->createBlogTemplateFolder($this->_blogInfo->getId());
// it should be there now... we can continue
$destFolder = $blogTemplateFolder . "/";
$unpacker = new Unpacker();
if (!$unpacker->unpack($tmpFolder . "/" . $upload->getFileName(), $destFolder)) {
$this->_view = new AdminBlogTemplateSetsListView($this->_blogInfo);
$this->_view->setErrorMessage($this->_locale->tr("error_installing_template"));
$this->setCommonData();
// remove the file before returning!
File::delete($tmpFolder . "/" . $upload->getFileName());
return false;
}
// if the template set was installed ok in the template folder, we can record
// it as a valid set
$fileParts = explode(".", $upload->getFileName());
$templateName = $fileParts[0];
$ts->addTemplate($templateName, $this->_blogInfo->getId());
// remove the file
File::delete($tmpFolder . "/" . $upload->getFileName());
$this->_view = new AdminBlogTemplateSetsListView($this->_blogInfo);
$this->_view->setSuccessMessage($this->_locale->pr("template_installed_ok", $templateName));
$this->setCommonData();
return true;
}
/**
* Carries out the specified action
*/
function perform()
{
// get the parameters, which have already been validated
$this->_userName = Textfilter::filterAllHTML($this->_request->getValue("userName"));
$this->_userPassword = $this->_request->getValue("userPassword");
$this->_op = Textfilter::filterAllHTML($this->_request->getValue("op"));
// create a plugin manager
$pm =& PluginManager::getPluginManager();
// try to authenticate the user
$users = new Users();
if (!$users->authenticateUser($this->_userName, $this->_userPassword)) {
$this->_view = new AdminDefaultView();
$this->_view->setErrorMessage($this->_locale->tr("error_incorrect_username_or_password"));
$this->setCommonData();
$pm->notifyEvent(EVENT_LOGIN_FAILURE, array("user" => $this->_userName));
return false;
}
// if the user is correct, get and put his or her information in the session
$userInfo = $users->getUserInfo($this->_userName, $this->_userPassword);
if (!$userInfo) {
$this->_view = new AdminDefaultView();
$this->_view->setErrorMessage($this->_locale->tr("error_incorrect_username_or_password"));
$this->setCommonData();
$pm->notifyEvent(EVENT_LOGIN_FAILURE, array("user" => $this->_userName));
return false;
}
$pm->notifyEvent(EVENT_USER_LOADED, array("user" => &$userInfo, "from" => "Login"));
//$sessionInfo = $_SESSION["SessionInfo"];
$session = HttpVars::getSession();
$sessionInfo = $session["SessionInfo"];
$sessionInfo->setValue("userInfo", $userInfo);
$session["SessionInfo"] = $sessionInfo;
HttpVars::setSession($session);
// get the list of blogs to which the user belongs
$userBlogs = $users->getUsersBlogs($userInfo->getId(), BLOG_STATUS_ACTIVE);
// but if he or she does not belong to any yet, we quit
if (empty($userBlogs)) {
$this->_view = new AdminDefaultView();
$this->_view->setErrorMessage($this->_locale->tr("error_dont_belong_to_any_blog"));
$this->setCommonData();
return false;
}
$pm->notifyEvent(EVENT_BLOGS_LOADED, array("blogs" => &$userBlogs, "from" => "Login"));
// check if we are skipping the dashboard
if ($this->_config->getValue("skip_dashboard")) {
// get the first blog that came
$this->_blogInfo = end($userBlogs);
// set it in the session
$session = HttpVars::getSession();
$session["SessionInfo"]->setValue("blogInfo", $this->_blogInfo);
HttpVars::setSession($session);
// and then continue...
AdminController::setForwardAction("newPost");
} else {
$this->_view = new AdminDashboardView($userInfo, $userBlogs);
}
// better to return true if everything's fine
return true;
}
/**
* Saves the information from the session
*/
function saveSession()
{
//$_SESSION['SessionInfo'] = $this->_session;
$session = HttpVars::getSession();
$session['SessionInfo'] = $this->_session;
HttpVars::setSession($session);
}
include_once PLOG_CLASS_PATH . "class/data/timestamp.class.php";
include_once PLOG_CLASS_PATH . "class/net/http/httpvars.class.php";
include_once PLOG_CLASS_PATH . "class/dao/articles.class.php";
include_once PLOG_CLASS_PATH . "class/data/timestamp.class.php";
include_once PLOG_CLASS_PATH . "class/config/config.class.php";
include_once PLOG_CLASS_PATH . "class/gallery/dao/galleryresources.class.php";
include_once PLOG_CLASS_PATH . "class/gallery/dao/galleryalbums.class.php";
include_once PLOG_CLASS_PATH . "plugins/moblog/class/log/mobloglogger.class.php";
include_once PLOG_CLASS_PATH . "plugins/moblog/class/moblog/moblogrequest.class.php";
include_once PLOG_CLASS_PATH . "plugins/moblog/class/moblog/moblogresponse.class.php";
include_once PLOG_CLASS_PATH . "plugins/moblog/class/moblog/moblogconstants.properties.php";
include_once PLOG_CLASS_PATH . "class/template/cachecontrol.class.php";
// initialize the logging system
MoblogLogger::log("-- Initialized");
// get the request
$request = HttpVars::getRequest();
$message = $request["message"];
if ($message == "") {
MoblogLogger::log("There was no message!");
die;
}
// check if we need to remove any quotes..
if (get_magic_quotes_gpc()) {
$message = stripslashes($message);
}
MoblogLogger::log("-- message --");
MoblogLogger::log($message);
MoblogLogger::log("-- end --");
// parse the message
$request = new MoblogRequest($request);
// let's see what we get...
