public function editProcess($actionurl = false)
{
global $callbackId;
if (PPostHandler::isHandling()) {
$vars =& PPostHandler::getVars();
if ($vars) {
// Populate the _REQUEST array with the Post-Vars, so the wiki can use them :-/
foreach ($vars as $key => $value) {
$_REQUEST[$key] = $value;
}
}
$url = $this->parseRequest();
$this->no_output = true;
ob_start();
$this->getWiki($url);
ob_end_clean();
PPostHandler::clearVars();
$url = str_replace('edit/', '', $url);
if ($actionurl) {
header('Location: ' . PVars::getObj('env')->baseuri . $actionurl);
PPHP::PExit();
}
header('Location: ' . PVars::getObj('env')->baseuri . 'wiki/' . $url);
PPHP::PExit();
//return PVars::getObj('env')->baseuri.'wiki';
} else {
$callbackId = PFunctions::hex2base64(sha1(__METHOD__));
PPostHandler::setCallback($callbackId, __CLASS__, __FUNCTION__);
return $callbackId;
}
}
echo htmlentities($vars['d'], ENT_COMPAT, 'utf-8');
}
?>
</textarea>
<p class="desc"><?php
echo $words->get('TripDesc_desc2');
?>
</p>
</div>
</fieldset>
<p>
<?php
if (isset($vars['trip_id']) && $vars['trip_id']) {
echo '<input type="hidden" name="trip_id" value="' . $vars['trip_id'] . '" />';
}
?>
<input type="hidden" name="<?php
echo $callbackId;
?>
" value="1"/>
<input type="submit" value="<?php
echo $editing ? $words->getSilent('TripSubmit_edit') : $words->getSilent('TripSubmit_create');
?>
"/><?php
echo $words->flushBuffer();
?>
</p>
</form>
<?php
PPostHandler::clearVars($callbackId);
/**
* Processing registration
*
* This is a POST callback function
*
* Sets following errors in POST-vars:
* username - general username fault
* uinuse - username already in use
* email - general email fault, email format error
* einuse - email in use
* pw - general password fault
* pwmismatch - password mismatch
* inserror - error performing db insertion
*
* @param void
*/
public function registerProcess()
{
$c = PFunctions::hex2base64(sha1(__METHOD__));
if (PPostHandler::isHandling()) {
$vars =& PPostHandler::getVars();
$errors = array();
// check username
if (!isset($vars['u']) || !preg_match(User::HANDLE_PREGEXP, $vars['u']) || strpos($vars['u'], 'xn--') !== false) {
$errors[] = 'username';
} elseif ($this->handleInUse($vars['u'])) {
$errors[] = 'uinuse';
}
// email
if (!isset($vars['e']) || !PFunctions::isEmailAddress($vars['e'])) {
$errors[] = 'email';
} elseif ($this->emailInUse($vars['e'])) {
$errors[] = 'einuse';
}
// password
if (!isset($vars['p']) || !isset($vars['pc']) || !$vars['p'] || !$vars['pc'] || strlen($vars['p']) < 8) {
$errors[] = 'pw';
} elseif ($vars['p'] != $vars['pc']) {
$errors[] = 'pwmismatch';
} else {
if (substr_count($vars['p'], '*') != strlen($vars['p'])) {
// set encoded pw
$vars['pwenc'] = MOD_user::passwordEncrypt($vars['p']);
$shadow = str_repeat('*', strlen($vars['p']));
$vars['p'] = $shadow;
$vars['pc'] = $shadow;
}
}
if (count($errors) > 0) {
$vars['errors'] = $errors;
return false;
}
$Auth = new MOD_user_Auth();
$authId = $Auth->checkAuth('defaultUser');
$query = '
INSERT INTO `user`
(`id`, `auth_id`, `handle`, `email`, `pw`, `active`)
VALUES
(
' . $this->dao->nextId('user') . ',
' . (int) $authId . ',
\'' . $this->dao->escape($vars['u']) . '\',
\'' . $this->dao->escape($vars['e']) . '\',
\'' . $this->dao->escape($vars['pwenc']) . '\',
0
)';
$s = $this->dao->query($query);
if (!$s->insertId()) {
$vars['errors'] = array('inserror');
return false;
}
$userId = $s->insertId();
$key = PFunctions::randomString(16);
// save register key
if (!APP_User::addSetting($userId, 'regkey', $key)) {
$vars['errors'] = array('inserror');
return false;
}
// save lang
if (!APP_User::addSetting($userId, 'lang', PVars::get()->lang)) {
$vars['errors'] = array('inserror');
return false;
}
$View = new UserView($this);
$View->registerMail($userId);
PPostHandler::clearVars();
return PVars::getObj('env')->baseuri . 'user/register/finish';
} else {
PPostHandler::setCallback($c, __CLASS__, __FUNCTION__);
return $c;
}
}
public function editGalleryProcess($vars)
{
$this->dao->exec("UPDATE `gallery` SET `title` = '" . $vars['t'] . "' , `description` = '" . $vars['txt'] . "' WHERE `id`= " . $vars['id']);
PPostHandler::clearVars($callbackId);
return false;
}
/**
* allows to reply to a thread in the suggestions group
*
**/
public function showExternalSuggestionsThreadReply($suggestionId, $groupId, $threadId, $urlpart)
{
$request = $this->request;
$this->parseRequest();
$this->_model->setGroupId($groupId);
$this->_model->setThreadId($threadId);
$this->isTopLevel = false;
$this->_model->prepareForum();
$this->_model->prepareTopic();
$this->_model->initLastPosts();
$this->_view->suggestionId = $suggestionId;
$this->_view->suggestionsGroupId = $groupId;
$this->_view->suggestionsThreadId = $threadId;
$this->_view->suggestionsUri = 'suggestions/' . $suggestionId . '/' . $urlpart . '/';
$callbackId = $this->replySuggestionsProcess();
$this->_view->replyTopic($callbackId);
PPostHandler::clearVars($callbackId);
}
/**
* Processing edit of a blog.
*
* This is a POST callback function.
*
* Sets following errors in POST vars:
* title - invalid(empty) title.
* startdate - wrongly formatted start date.
* enddate - wrongly formatted end date.
* duration - empty enddate and invalid duration.
* category - category is not belonging to user.
* trip - trip is not belonging to user.
* upderror - error performing db update.
* tagerror - error while updating tags.
*/
public function editProcess($args, $action, $mem_redirect, $mem_resend)
{
if (!($member = $this->_model->getLoggedInMember())) {
return false;
}
$userId = $member->id;
$vars = $args->post;
if (!isset($vars['id']) || !$this->_model->isUserPost($userId, $vars['id'])) {
return false;
}
if (isset($vars['txt'])) {
$vars['txt'] = $this->_cleanupText($vars['txt']);
}
if (!$this->_validateVars($vars)) {
return false;
}
$post = $this->_model->getPost($vars['id']);
if (!$post) {
return false;
}
$flags = $post->flags;
// cannot write sticky blogs currently
$flags = $flags & ~(int) Blog::FLAG_STICKY;
if (!isset($vars['vis'])) {
$vars['vis'] = 'pri';
}
switch ($vars['vis']) {
case 'pub':
$flags = $flags & ~(int) Blog::FLAG_VIEW_PROTECTED & ~(int) Blog::FLAG_VIEW_PRIVATE;
break;
case 'prt':
$flags = $flags & ~(int) Blog::FLAG_VIEW_PRIVATE | (int) Blog::FLAG_VIEW_PROTECTED;
break;
default:
$flags = $flags & ~(int) Blog::FLAG_VIEW_PROTECTED | (int) Blog::FLAG_VIEW_PRIVATE;
break;
}
$tripId = isset($vars['tr']) && strcmp($vars['tr'], '') != 0 ? (int) $vars['tr'] : false;
$this->_model->updatePost($post->blog_id, $flags, $tripId);
// 'Touch' the corresponding trip!
if ($tripId) {
$TripModel = new Trip();
$TripModel->touchTrip($tripId);
}
/*// to sql datetime format.
if ((isset($vars['sty']) && (int)$vars['sty'] != 0) || (isset($vars['stm']) && (int)$vars['stm'] != 0) || (isset($vars['std']) && (int)$vars['std'] != 0)) {
$start = mktime(0, 0, 0, (int)$vars['stm'], (int)$vars['std'], (int)$vars['sty']);
$start = date('YmdHis', $start);
} else {
$start = false;
} */
// to sql datetime format.
if (isset($vars['date']) && (strlen($vars['date']) <= 10 && strlen($vars['date']) > 8)) {
list($day, $month, $year) = preg_split('/[\\/.-]/', $vars['date']);
if (substr($month, 0, 1) == '0') {
$month = substr($month, 1, 2);
}
if (substr($day, 0, 1) == '0') {
$day = substr($day, 1, 2);
}
$start = mktime(0, 0, 0, (int) $month, (int) $day, (int) $year);
$start = date('YmdHis', $start);
} else {
$start = false;
}
// Check if the location already exists in our DB and add it if necessary
if ($vars['geonameid'] && $vars['latitude'] && $vars['longitude'] && $vars['geonamename'] && $vars['geonamecountrycode'] && $vars['admincode']) {
$geoname_ok = $this->_model->checkGeonamesCache($vars['geonameid']);
} else {
$geoname_ok = false;
}
$geonameId = $geoname_ok ? $vars['geonameid'] : false;
$this->_model->updatePostData($post->blog_id, $vars['t'], $vars['txt'], $start, $geonameId);
if (!$this->_model->updateTags($post->blog_id, explode(',', $vars['tags']))) {
$vars['errors'] = array('tagerror');
return false;
}
$this->_model->updateBlogToCategory($post->blog_id, $vars['cat']);
PPostHandler::clearVars();
return 'blog/edit/' . $post->blog_id . '/finish';
}
private function editTrip($tripId)
{
$callbackId = $this->editProcess();
PPostHandler::clearVars($callbackId);
$this->_model->prepareEditData($tripId, $callbackId);
$P = PVars::getObj('page');
$vw = new ViewWrap($this->_view);
$P->content .= $vw->editTrip($callbackId);
PPostHandler::clearVars($callbackId);
}
/**
* Fetches matching threads/posts from the Sphinx index
*
* @return mixed Either false if there was a problem with the search box content or a list of matches.
*/
public function searchProcess()
{
if (!($User = APP_User::login())) {
return false;
}
$vars =& PPostHandler::getVars();
$vars_ok = $this->_checkVarsSearch($vars);
if ($vars_ok) {
$keyword = htmlspecialchars($vars['fs-keyword']);
PPostHandler::clearVars();
return PVars::getObj('env')->baseuri . $this->forums_uri . 'search/' . $keyword;
}
return false;
}
/**
* Loading register form template
*
* @param void
*/
public function registerForm()
{
// instantiate signup model
$Signup = new Signup();
// retrieve the callback ID
$callbackId = $Signup->registerProcess();
// get the saved post vars
$vars =& PPostHandler::getVars($callbackId);
$javascript = false;
if (isset($vars['javascriptactive'])) {
}
if (isset($vars['javascriptactive']) && $vars['javascriptactive'] === 'true') {
$javascript = true;
}
$selYear = 0;
if (isset($vars['birthyear'])) {
$selYear = $vars['birthyear'];
}
$birthYearOptions = $this->buildBirthYearOptions($selYear);
require 'templates/registerform.php';
PPostHandler::clearVars($callbackId);
}
/**
* Processing creation of a comment
*
* This is a POST callback function.
*
* Sets following errors in POST vars:
* title - invalid(empty) title.
* textlen - too short or long text.
* inserror - db error while inserting.
*/
public function shoutProcess($table = false, $table_id = false)
{
$callbackId = PFunctions::hex2base64(sha1(__METHOD__));
if (PPostHandler::isHandling()) {
if (!$_SESSION['IdMember']) {
return false;
}
$vars =& PPostHandler::getVars();
$request = PRequest::get()->request;
if (!$table) {
$table = $vars['table'];
}
if (!$table_id) {
$table_id = $vars['table_id'];
}
// validate
if (!isset($vars['ctxt']) || strlen($vars['ctxt']) == 0 || strlen($vars['ctxt']) > 5000) {
$vars['errors'] = array('textlen');
return false;
}
$shoutId = $this->dao->nextId('shouts');
$query = '
INSERT INTO `shouts`
SET
`id`=' . $shoutId . ',
`table`=\'' . $table . '\',
`table_id`=\'' . $table_id . '\',
`member_id_foreign`=' . $_SESSION['IdMember'] . ',
`title`=\'' . (isset($vars['ctit']) ? $this->dao->escape($vars['ctit']) : '') . '\',
`text`=\'' . $this->dao->escape($vars['ctxt']) . '\',
`created`=NOW()';
$s = $this->dao->query($query);
if (!$s) {
$vars['errors'] = array('inserror');
return false;
}
PPostHandler::clearVars();
return PVars::getObj('env')->baseuri . implode('/', $request) . '#c' . $shoutId;
} else {
PPostHandler::setCallback($callbackId, __CLASS__, __FUNCTION__);
return $callbackId;
}
}