public function create()
 {
     $article = new Article();
     if ($this->post) {
         $article->title = $this->PostData('title');
         $article->permalink = $this->PostData('permalink');
         $article->summary = $this->PostData('summary');
         $article->published = $this->PostData('published');
         if ($this->PostData('publish_now') == 1) {
             $article->publish_at = time();
         } else {
             $article->set_publish_at($this->PostData('publish_at'));
         }
         $article->user_id = Site::CurrentUser()->id;
         if ($article->save()) {
             $page = new ArticlePage();
             $page->article_id = $article->id;
             $page->title = $article->title;
             $page->content = $this->PostData('fullbody');
             $page->save();
             Site::Flash("notice", "The article has been added");
             Redirect("admin/articles/{$article->id}");
         }
         $this->assign("body", $this->PostData('fullbody'));
     }
     $this->assign("article", $article);
     $this->tinymce = true;
     $this->title = "Add Article";
     $this->render("article/create.tpl");
 }
 public function user_index($nickname = null)
 {
     if (!$nickname) {
         $nickname = $this->GetData('nickname');
     }
     $user = User::find_by_nickname($nickname);
     $newaward = new LoyaltyAward();
     if ($this->post) {
         $newaward->user_id = $user->id;
         $newaward->points = $this->PostData("points");
         $newaward->justification = $this->PostData("justification");
         $newaward->awarded_by_id = Site::CurrentUser()->id;
         if (!$this->csrf) {
             Site::InstantFlash('error', 'Invalid form submission');
         } elseif ($newaward->save()) {
             Site::Flash("notice", "The loyalty points have been awarded");
             Redirect("admin/users/" . $user->permalink() . "/loyalty");
         } else {
             Site::InstantFlash('error', 'Unable to award loyalty points');
         }
     }
     $page = 1;
     if ($this->GetData('page')) {
         $page = $this->GetData('page');
     }
     $id = mysql_real_escape_string($user->id);
     $awards = LoyaltyAward::paginate("users.id = '{$id}'", "loyalty_awards.id DESC", $page, 50);
     $this->assign("user", $user);
     $this->assign("awards", $awards);
     $this->assign('newaward', $newaward);
     $this->title = "{$user->nickname} :: Loyalty";
     $this->render("loyalty_award/user_index.tpl");
 }
Esempio n. 3
0
 protected function selectLayout()
 {
     if (strpos($_SERVER['REQUEST_URI'], "/admin") === 0) {
         if (Site::CurrentUser() and Site::CurrentUser()->isAdmin() > 0) {
             return "admin";
         }
     }
     return "layout";
 }
 public function acknowledge($id = null)
 {
     $script = self::load_script($id);
     if ($script->getAlert('bool') && !$script->acknowledged) {
         $script->acknowledged = true;
         $nickname = Site::CurrentUser()->nickname;
         $script->addlog("Alert acknowledged by {$nickname}");
         $script->save();
     }
     Site::flash("notice", "The script alert has been acknowledged.");
     RedirectBack("admin/scripts");
 }
 public function delete($id = null)
 {
     if (!$id) {
         $id = $this->GetData('id');
     }
     $redemption = DiscountRedemption::find_by_id($id);
     if (!$redemption || $redemption->user->id != Site::CurrentUser()->id) {
         throw new Error404();
     }
     $redemption->destroy();
     Site::Flash("notice", "Discount code removed successfully.");
     RedirectBack("bookings/pay/{$cart_id}/");
 }
 public function index()
 {
     $page = 1;
     if ($this->GetData('page')) {
         $page = $this->GetData('page');
     }
     $user = Site::CurrentUser();
     $id = mysql_real_escape_string($user->id);
     $referrals = AffiliateReferral::paginate("referer.id = '{$id}'", "affiliate_referrals.created_at DESC, affiliate_referrals.id DESC", $page, 25);
     $this->assign('user', $user);
     $this->assign('referrals', $referrals);
     $this->title = 'Referrals';
     $this->render('affiliate_referral/index.tpl');
 }
 public function discounts()
 {
     $page = 1;
     if ($this->GetData('page')) {
         $page = $this->GetData('page');
     }
     $user = Site::CurrentUser();
     $id = mysql_real_escape_string($user->id);
     $discounts = LoyaltyDiscount::paginate("users.id = '{$id}'", "loyalty_discounts.id DESC", $page, 10);
     $this->assign('user', $user);
     $this->assign('discounts', $discounts);
     $this->title = 'Loyalty Points :: Discount Codes';
     $this->render('loyalty_award/discounts.tpl');
 }
 protected static function load_news($permalink = null, $published = true)
 {
     if (!$permalink) {
         $permalink = $_GET['permalink'];
     }
     if (Site::CurrentUser() && Site::CurrentUser()->isAdmin() > 0) {
         $published = false;
     }
     $news = News::find_by_permalink($permalink, $published);
     if ($news) {
         return $news;
     } else {
         Error404();
     }
 }
 protected static function load_article($permalink = null)
 {
     if (!$permalink) {
         $permalink = $_GET['permalink'];
     }
     $object = Article::find_by_permalink($permalink);
     if ($object) {
         if (Site::CurrentUser() && Site::CurrentUser()->isAdmin()) {
             return $object;
         } elseif (!$object->published || $object->publish_at > time()) {
             throw new Error404('Article has not been published');
         }
         return $object;
     } else {
         throw new Error404('Unable to find the article');
     }
 }
 protected static function load_event($permalink = null)
 {
     if (!$permalink) {
         $permalink = $_GET['event_permalink'];
     }
     $event = Event::find_by_permalink($permalink);
     if ($event) {
         if (!$event->visible) {
             self::restrict("admin");
         }
         if (!$event->check_user(Site::CurrentUser())) {
             Error404();
         }
         return $event;
     } else {
         Error404();
     }
 }
Esempio n. 11
0
 public function run($action)
 {
     $controller = get_class($this);
     $user = Site::CurrentUser();
     if ($user) {
         $group = $user->aclgroup;
     } else {
         $group = ACLGroup::find_by_code('guest');
     }
     if (!$group) {
         throw new Error500('Unable to find ACL group');
     }
     $rule = $this->getRule($group, $controller, $action);
     if (!$rule) {
         throw new Error403('You do not have permission to access this resource');
     }
     switch ($rule->action) {
         case 'araDeny':
             if ($rule->error) {
                 Site::InstantFlash('error', $rule->error);
             } elseif ($rule->notice) {
                 Site::InstantFlash('notice', $rule->notice);
             }
             throw new Error403('You do not have permission to access this resource');
         case 'araRedirect':
             if ($rule->error) {
                 Site::Flash('error', $rule->error);
             } elseif ($rule->notice) {
                 Site::Flash('notice', $rule->notice);
             }
             $uri = $_SERVER["REQUEST_URI"];
             if (substr($uri, 0, 1) == '/') {
                 $uri = substr($uri, 1);
             }
             Site::Flash('redirect', $uri);
             Redirect($rule->url);
             break;
         case 'araAllow':
             $params = func_get_args();
             array_shift($params);
             call_user_func_array(array($this, $action), $params);
             break;
     }
 }
Esempio n. 12
0
 public static function render($title = null, $headcontent = null)
 {
     self::init();
     global $site;
     global $config;
     $smarty = new SmartySite();
     $smarty->assign("title", $title);
     $smarty->assign("site", $site);
     $smarty->assign("content", "|--|CONTENT|--|");
     $smarty->assign("headcontent", $headcontent);
     $smarty->assign("next_event", Event::next_event());
     $all_events = Event::find_all("events.visible = true", "events.startdate DESC");
     $events = array();
     foreach ($all_events as $event) {
         if ($event->check_user(Site::CurrentUser())) {
             $events[] = $event;
         }
     }
     $smarty->assign("all_events", $events);
     $output = $smarty->fetch("application/layout.tpl");
     $output = explode("|--|CONTENT|--|", $output);
     return array("header" => $output[0], "footer" => $output[1]);
 }
 public function create()
 {
     $news = new News();
     if ($this->post) {
         $news->title = $this->PostData('title');
         $news->permalink = $this->PostData('permalink');
         $news->summary = $this->PostData('summary');
         $news->body = $this->PostData('body');
         $news->fullbody = $this->PostData('fullbody');
         $news->published = $this->PostData('published');
         $news->tag_id = $this->PostData('tag_id');
         $news->ipb_id = $this->PostData('ipb_id');
         $news->image = $this->PostData('image');
         if ($this->PostData('publish_now') == 1) {
             $news->publish_at = time();
         } else {
             $news->set_publish_at($this->PostData('publish_at'));
         }
         $news->user_id = Site::CurrentUser()->id;
         if ($news->Save()) {
             $news->update_tags($this->PostData('tags'));
             Site::Flash("notice", "The news has been added");
             Redirect("admin/news");
         }
     }
     $this->assign("news", $news);
     $tags = array('' => 'None');
     $allTags = Tag::find_all("tags.system = TRUE", "tags.tag ASC");
     foreach ($allTags as $tag) {
         $tags[$tag->id] = $tag->tag;
     }
     $this->assign("tags", $tags);
     $this->tinymce = true;
     $this->title = "Add News";
     $this->render("news/create.tpl");
 }
 public function award()
 {
     if ($this->post) {
         $achievement = $this->load_achievement($this->PostData('achievement_id'));
         $user_temp = $this->PostData('users');
         if (!is_array($user_temp)) {
             $user_temp = explode(',', $user_temp);
         }
         $error_on = array();
         $success = 0;
         foreach ($user_temp as $name_temp) {
             $user_id = mysql_real_escape_string($name_temp);
             $user = User::find_by_id($user_id);
             if ($user) {
                 if ($achievement->award($user, $this->PostData("category_id"))) {
                     $success++;
                 } else {
                     $error_on[] = $name;
                 }
             } else {
                 $error_on[] = $name;
             }
         }
         if (count($user_temp) == 1) {
             if ($success == 1) {
                 Site::InstantFlash("notice", "{$user->nickname} has been awarded {$achievement->name}");
             } else {
                 Site::InstantFlash("error", "Unable to award achievement");
             }
         } else {
             if ($success == 0) {
                 Site::InstantFlash("error", "Unable to award achievements to any of the users listed");
             } elseif (count($error_on) > 0) {
                 Site::InstantFlash("error", "Awarded achievement to {$success} user" . ($success != 1 ? "s" : "") . ", failed to award to " . implode(", ", $error_on));
             } else {
                 Site::InstantFlash("notice", "Awarded achievements to all users listed.");
             }
         }
     }
     $filters = array();
     $pageQuery = '';
     if ($this->GetData('query')) {
         $pageQuery = $this->GetData('query');
         $query = mysql_real_escape_string($this->GetData('query'));
         $filters[] = "users.nickname LIKE '%{$query}%'";
     }
     $filter = implode('AND', $filters);
     $achievement_id = null;
     if ($this->GetData('achievement_id')) {
         $achievement_id = $this->GetData('achievement_id');
     }
     $page = 1;
     if ($this->GetData('page')) {
         $page = $this->GetData('page');
     }
     $users = User::paginate($filter, 'users.nickname ASC', $page, 50);
     $achievements = Achievement::find_all("", "achievements.created_at ASC");
     $achlist = array();
     foreach ($achievements as $ach) {
         $achlist[$ach->id] = "{$ach->id}. {$ach->name}";
     }
     // Yay - Magic Numbers!
     $category_id = 11;
     $categories = array();
     $all_categories = array();
     $all_categories = AchievementCategory::find_all();
     foreach ($all_categories as $category) {
         $event = Event::find("achievement_category_id={$category->id}");
         if (!$event || $event->check_user(Site::CurrentUser()) && $event->display_achievements) {
             $categories[$category->id] = $category->category_name;
             if ($category->default_category) {
                 $category_id = $category->id;
             }
         }
     }
     if ($this->GetData('category_id')) {
         $category_id = $this->GetData('category_id');
     }
     $this->assign("achievements", $achlist);
     $this->assign("categories", $categories);
     $this->assign("category_id", $category_id);
     $this->assign("achievement_id", $achievement_id);
     $this->assign("users", $users);
     $this->assign('pagequery', $pageQuery);
     $this->title = "Award Achievement";
     $this->render("achievement/award.tpl");
 }
 protected static function load_event($permalink = null)
 {
     if (!$permalink) {
         $permalink = $_GET['permalink'];
     }
     $event = Event::find_by_permalink($permalink);
     if ($event) {
         if (!$event->visible) {
             if (!Site::CurrentUser()->isAdmin()) {
                 throw new Error403();
             }
         }
         if (!$event->check_user(Site::CurrentUser())) {
             Error404();
         }
         return $event;
     } else {
         Error404();
     }
 }
Esempio n. 16
0
function RenderPage($title, $content, $layout = "layout", $nosql = false, $vars = array())
{
    global $site;
    global $config;
    $smarty = new SmartySite();
    $smarty->assign("title", $title);
    $smarty->assign("content", $content);
    $smarty->assign("headcontent", "");
    $smarty->assign("site", $site);
    foreach ($vars as $name => $value) {
        $smarty->assign($name, $value);
    }
    if (isset($_SESSION['csrf'])) {
        $smarty->assign("csrf", $_SESSION['csrf']);
    }
    if (!$nosql) {
        $revert = false;
        if (isset($config['dev_sql']) && $config['dev_sql']) {
            $config['dev_sql'] = false;
            $revert = true;
        }
        $smarty->assign("next_event", Event::next_event());
        $events = array('future' => Event::find_all("(events.visible = true OR events.advertised = true) AND events.enddate > NOW()", "events.enddate ASC"), 'past' => Event::find_all("(events.visible = true OR events.advertised = true) AND events.enddate <= NOW()", "events.enddate DESC"));
        foreach ($events as $type => $collection) {
            ${$type} = array();
            foreach ($collection as $key => $event) {
                if ($event->check_user(Site::CurrentUser())) {
                    array_push(${$type}, $event);
                }
            }
            $smarty->assign("{$type}Events", ${$type});
        }
        $smallEvents = array();
        $largeEvents = array();
        foreach ($future as $event) {
            if ($event->capacity < 50) {
                $smallEvents[] = $event;
            } else {
                $largeEvents[] = $event;
            }
        }
        $smallEvents = array_slice($smallEvents, 0, 3);
        $largeEvents = array_slice($largeEvents, 1, 1);
        $smarty->assign('smallEvents', $smallEvents);
        $smarty->assign('largeEvents', $largeEvents);
        if ($revert) {
            $config['dev_sql'] = true;
        }
    }
    // Determine SSL or not
    $protocol = "http";
    if (isset($_SERVER['SERVER_PORT']) and $_SERVER['SERVER_PORT'] == 443) {
        $protocol = "https";
    }
    $baseuri = "{$protocol}://{$_SERVER['HTTP_HOST']}";
    $smarty->assign("protocol", $protocol);
    $smarty->assign("baseuri", $baseuri);
    $smarty->display("application/{$layout}.tpl");
    if (isset($config['dev_sql']) && $config['dev_sql']) {
        file_put_contents("logs/sql.log", "\r\n", FILE_APPEND);
    }
    die;
}
 protected static function load_signup($id = null)
 {
     if (!$id) {
         $id = $_GET['signup_id'];
     }
     $id = mysql_real_escape_string($id);
     $signup = EventSignup::find_by_id($id);
     if ($signup and $signup->user_id == Site::CurrentUser()->id) {
         return $signup;
     } else {
         Error404();
     }
 }
 public function show($permalink = null)
 {
     if (isset($_GET['permalink'])) {
         $permalink = $_GET['permalink'];
     }
     $survey = Survey::find_by_permalink($permalink);
     if (!$survey or !$survey->active && Site::CurrentUser()->isAdmin() == 0) {
         Error404();
     }
     if ($survey->event->id) {
         $event_id = mysql_real_escape_string($survey->event_id);
         $user_id = mysql_real_escape_string(Site::CurrentUser()->id);
         $result = EventSignup::find("events.id = '{$event_id}' AND users.id = '{$user_id}' AND event_signups.paid");
         if (!$result) {
             Site::Flash("error", "You must have attended {$survey->event->name} to take this survey");
             RedirectBack();
         }
     }
     $user_id = mysql_real_escape_string(Site::CurrentUser()->id);
     $survey_id = mysql_real_escape_string($survey->id);
     $response = SurveyResponse::find("surveys.id = '{$survey_id}' AND users.id = '{$user_id}'");
     if ($response) {
         Site::Flash("error", "You have already completed this survey");
         Redirect("surveys");
     }
     $response = new SurveyResponse();
     $response->survey = $survey;
     $response->survey_id = $survey->id;
     $response->user = Site::CurrentUser();
     $response->user_id = Site::CurrentUser()->id;
     $answers = array();
     $choices = array();
     $valid = true;
     $errors = array();
     if ($this->post) {
         foreach ($survey->questions() as $question) {
             $answer = new SurveyAnswer();
             $answer->survey_question_id = $question->id;
             if (in_array($question->type, array("sqtTextbox", "sqtTextArea"))) {
                 // Free-text input
                 if (isset($_POST['question'][$question->id])) {
                     $answer->value = $_POST['question'][$question->id];
                 } elseif (!$question->required) {
                     continue;
                 }
             } else {
                 if (isset($_POST['question'][$question->id])) {
                     $chosen = array();
                     if ($question->type == "sqtCheckbox") {
                         // Checkboxes
                         $chosen = $_POST['question'][$question->id];
                     } else {
                         // Radio/Select
                         $chosen = array($_POST['question'][$question->id]);
                     }
                     foreach ($chosen as $id) {
                         $option = SurveyQuestionOption::find_by_id($id);
                         if (!$option or $option->question->id != $question->id) {
                             if (!$question->required) {
                                 continue;
                             }
                             $valid = false;
                             $answer->add_error("Answer for question {$question->position} is invalid");
                             $errors[] = $question->id;
                             break;
                         }
                         $choice = new SurveyAnswerChoice();
                         $choice->survey_question_option_id = $option->id;
                         $choices[$question->id][$option->id] = $choice;
                     }
                 } elseif ($question->required) {
                     $valid = false;
                     $answer->add_error("You must enter an answer for question {$question->position}");
                     $errors[] = $question->id;
                 } else {
                     continue;
                 }
             }
             $result = $answer->validate();
             if (!$result) {
                 $valid = false;
             }
             $answers[$question->id] = $answer;
         }
         if ($valid) {
             // This is valid, let's save everything!
             if ($response->save()) {
                 foreach ($answers as $answer) {
                     $answer->survey_response_id = $response->id;
                     $answer->save();
                     $answers[$answer->survey_question_id] = $answer;
                 }
                 foreach ($choices as $question_id => $answer_choices) {
                     foreach ($answer_choices as $choice) {
                         $choice->survey_answer_id = $answers[$question_id]->id;
                         $choice->save();
                     }
                 }
                 $account = TwitterAccount::find_by_code('site');
                 if ($account) {
                     $message = "{$response->user->nickname} has completed the {$survey->name} Survey";
                     $account->add_tweet($message);
                 }
                 Redirect("surveys/{$survey->permalink}/complete");
             }
             $valid = false;
         }
     }
     $this->assign("answers", $answers);
     $this->assign("choices", $choices);
     $this->assign("valid", $valid);
     $this->assign("survey", $survey);
     $this->assign("response", $response);
     $this->assign("errors", $errors);
     $this->title = $survey->name;
     $this->render("survey/show.tpl");
 }
 public function steam_link()
 {
     global $config;
     $openid = new LightOpenID($config['steam']['url']);
     if (!$openid->mode) {
         $openid->identity = $config['steam']['endpoint'];
         header('Location: ' . $openid->authUrl());
         die;
     } elseif ($openid->mode == 'cancel') {
         Site::Flash('error', 'Steam connection attempt cancelled');
         Redirect('account/steam');
     } else {
         if ($openid->validate()) {
             $pattern = "/^http:\\/\\/steamcommunity\\.com\\/openid\\/id\\/(7[0-9]{15,25}+)\$/";
             preg_match($pattern, $openid->identity, $matches);
             $user = Site::CurrentUser();
             $user->steamid64bit = $matches[1];
             if ($user->save()) {
                 Site::Flash('notice', 'Your Steam account has been connected to your epic.LAN account');
                 Redirect('account/steam');
             }
         }
         Site::Flash('error', 'Unable to connect your Steam account to your epic.LAN account');
         Redirect('account/steam');
     }
 }
 protected static function load_event($permalink = null, $allowed = false)
 {
     if (!$permalink) {
         $permalink = $_GET['permalink'];
     }
     $event = Event::find_by_permalink($permalink);
     if ($event) {
         if (!$allowed && !$event->check_user(Site::CurrentUser())) {
             Error404();
         }
         if ($event->active) {
             return $event;
         } else {
             Site::Flash("error", "It is not possible to book for this event");
             Redirect($event->permalink);
         }
     } else {
         Error404();
     }
 }
 public function complete()
 {
     if (isset($_GET['merchant_return_link'])) {
         $id = $_GET['id'];
         Redirect("payments/{$id}/complete");
     }
     $id = mysql_real_escape_string($_GET['id']);
     $user_id = mysql_real_escape_string(Site::CurrentUser()->id);
     $cart = Cart::find("carts.user_id = '{$user_id}' AND carts.id = '{$id}'");
     if ($cart) {
         // Validate Cart
         foreach ($cart->items() as $item) {
             if ($item->object == null) {
                 Error404();
             }
         }
         $signups = $cart->get_signups();
         if (count($signups) == 1) {
             $this->assign("signup", current($signups));
         }
         $redemptions = array();
         if ($cart->full_cart_discount()) {
             $id = mysql_real_escape_string($cart->id);
             $redemptions = DiscountRedemption::find_all("discount_redemptions.cart_id = '{$id}' and discount_redemptions.cart_item_id is null");
         }
         $this->assign("cart", $cart);
         $this->assign("cart_discounts", $redemptions);
         $this->title = "Payment Complete";
         $this->render("paymenttransaction/complete.tpl");
     } else {
         Error404();
     }
 }
 protected function getCart($id = null)
 {
     if (!$id) {
         $id = $this->GetData('id');
     }
     $id = mysql_real_escape_string($id);
     $user_id = mysql_real_escape_string(Site::CurrentUser()->id);
     $cart = Cart::find("carts.id = '{$id}' and carts.user_id = '{$user_id}'");
     if (!$cart) {
         throw new Error404('Unable to find cart');
     }
     return $cart;
 }