*/
require_once "../../models/config.php";
require_once "../models/pm_functions.php";
set_error_handler('logAllErrors');
// User must be logged in
if (!isUserLoggedIn()) {
addAlert("danger", "You must be logged in to access this resource.");
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
$validate = new Validator();
// Add alerts for any failed input validation
foreach ($validate->errors as $error) {
addAlert("danger", $error);
}
$msg_id = $validate->optionalPostVar("msg_id");
$sender_id = $validate->requiredPostVar("sender_id");
$title = $validate->requiredPostVar("title");
if (!$msg_id) {
$receiver_name = $validate->requiredPostVar("receiver_name");
$receiver_info = fetchUserIdByDisplayname($receiver_name);
$receiver_id = $receiver_info['id'];
} else {
$receiver_id = $validate->requiredPostVar("receiver_name");
}
$message = $validate->requiredPostVar("message");
$csrf_token = $validate->requiredPostVar("csrf_token");
// Validate csrf token
if (!$csrf_token or !$loggedInUser->csrf_validate(trim($csrf_token))) {
addAlert("danger", lang("ACCESS_DENIED"));
if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true") {
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
require_once "../models/config.php";
set_error_handler('logAllErrors');
// Request method: GET or POST
$ajax = null;
if (count($_POST)) {
$ajax = checkRequestMode("post");
} else {
$ajax = checkRequestMode("get");
}
$validate = new Validator();
$confirm = $validate->optionalPostVar('token');
$initial = $validate->optionalPostVar('initial');
// User has a token and want to reset there password
// Fix code to set lost_password_request to 0 when new pass is set
if (!empty($confirm)) {
// Add alerts for any failed input validation
foreach ($validate->errors as $error) {
addAlert("danger", $error);
}
// Grab up the token and remove any whitespace
$token = $validate->requiredPostVar('token');
// Validate the token to make sure its valid
if ($token == "" || !validateLostPasswordToken($token)) {
$errors[] = lang("FORGOTPASS_INVALID_TOKEN");
} else {
// Set up variables for new password
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
require_once "../models/config.php";
set_error_handler('logAllErrors');
// Request method: POST
$ajax = checkRequestMode("post");
// User must be logged in
checkLoggedInUser($ajax);
$validator = new Validator();
// Required: csrf_token, user_id
$csrf_token = $validator->requiredPostVar('csrf_token');
$user_id = $validator->requiredNumericPostVar('user_id');
$display_name = trim($validator->optionalPostVar('display_name'));
$email = str_normalize($validator->optionalPostVar('email'));
$title = trim($validator->optionalPostVar('title'));
$rm_groups = $validator->optionalPostVar('remove_groups');
$add_groups = $validator->optionalPostVar('add_groups');
$enabled = $validator->optionalPostVar('enabled');
$primary_group_id = $validator->optionalPostVar('primary_group_id');
// For updating passwords. The user's current password must also be included (passwordcheck) if they are resetting their own password.
$password = $validator->optionalPostVar('password');
$passwordc = $validator->optionalPostVar('passwordc');
$passwordcheck = $validator->optionalPostVar('passwordcheck');
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
// Validate csrf token
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
require_once "../models/config.php";
set_error_handler('logAllErrors');
// Request method: POST
$ajax = checkRequestMode("post");
// User must be logged in
checkLoggedInUser($ajax);
// Update an action_permit mapping for a user or group.
// POST: action_id, permit, [user_id, group_id]
$validator = new Validator();
$action_id = $validator->requiredPostVar('action_id');
$permit = $validator->requiredPostVar('permit');
$group_id = $validator->optionalPostVar('group_id');
$user_id = $validator->optionalPostVar('user_id');
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
if (count($validator->errors) > 0) {
apiReturnError($ajax, getReferralPage());
}
//Forms posted
if ($group_id) {
if (!updateGroupActionPermit($action_id, $group_id, $permit)) {
apiReturnError($ajax, getReferralPage());
}
} else {
if ($user_id) {
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
// Create a new user.
require_once "../models/config.php";
set_error_handler('logAllErrors');
// Request method: POST
$ajax = checkRequestMode("post");
$validator = new Validator();
// POST: user_name, display_name, email, title, password, passwordc, [admin, add_groups, skip_activation, csrf_token]
// Check if request is from public or backend
$admin = $validator->optionalPostVar('admin');
if ($admin == "true") {
// Admin mode must be from a logged in user
checkLoggedInUser($ajax);
$csrf_token = $validator->requiredPostVar('csrf_token');
// Validate csrf token
checkCSRF($ajax, $csrf_token);
} else {
global $can_register;
if (!userIdExists('1')) {
addAlert("danger", lang("MASTER_ACCOUNT_NOT_EXISTS"));
apiReturnError($ajax, SITE_ROOT);
}
// If registration is disabled, send them back to the home page with an error message
if (!$can_register) {
addAlert("danger", lang("ACCOUNT_REGISTRATION_DISABLED"));
}
// Update a group, specified by id, with the given group name, is_default setting, and home page id.
// POST: group_id, [group_name, is_default, home_page_id]
$validator = new Validator();
$group_id = $validator->requiredPostVar('group_id');
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
if (!$group_id) {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
// Fetch data for this group
$group = fetchGroupDetails($group_id);
$group_name = $validator->optionalPostVar('group_name');
if (!$group_name) {
$group_name = $group['name'];
}
$is_default = $validator->optionalPostVar('is_default');
if ($is_default === null) {
$is_default = $group['is_default'];
}
$home_page_id = $validator->optionalPostVar('home_page_id');
if (!$home_page_id) {
$home_page_id = $group['home_page_id'];
}
if (!updateGroup($group_id, $group_name, $is_default, $home_page_id)) {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
* @link http://www.github.com/lilfade/UF-PMSystem/
*/
include '../../models/db-settings.php';
include '../../models/config.php';
require_once "../models/pm_functions.php";
set_error_handler('logAllErrors');
// User must be logged in
if (!isUserLoggedIn()) {
addAlert("danger", "You must be logged in to access this resource.");
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
$validator = new Validator();
$msg_id = $validator->requiredPostVar('msg_id');
$user_id = $loggedInUser->user_id;
$field = $validator->optionalPostVar('table');
// receiver_deleted or sender_deleted depending on inbox or outbox
$uid = $validator->optionalPostVar('action');
//receiver_id or sender_id depending on inbox or outbox
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
// Delete the pm from the user's view but not from the database entirely. This is not a true delete
if (!removePM($msg_id, $user_id, $field, $uid)) {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
} else {
addAlert("success", lang("PM_RECEIVER_DELETION_SUCCESSFUL", array('1')));
}
restore_error_handler();
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
// This is the config file in the install directory.
require_once "config.php";
// Process POSTed site settings
$validator = new Validator();
$site_url_root = $validator->requiredPostVar('site_url');
$site_name = $validator->requiredPostVar('site_name');
$site_email = $validator->requiredPostVar('site_email');
$user_title = $validator->requiredPostVar('user_title');
// Check and see if email login should be enabled or disabled by default
if ($validator->optionalPostVar('select_email') == 'on') {
$selected_email = 1;
} else {
$selected_email = 0;
}
// Check and see if general registration should be enabled or disabled by default
if ($validator->optionalPostVar('can_register') == 'on') {
$selected_register = 1;
} else {
$selected_register = 0;
}
// Check and see if email activation should be enabled or disabled by default
if ($validator->optionalPostVar('email_activation') == 'on') {
$selected_activation = 1;
} else {
$selected_activation = 0;
