public static function instance()
{
if (self::$instance == null) {
self::$instance = new WDPermissionManager();
}
return self::$instance;
}
public function build($runData)
{
$pl = $runData->getParameterList();
$threadId = $pl->getParameterValue("threadId");
$site = $runData->getTemp("site");
$user = $runData->getUser();
$db = Database::connection();
$db->begin();
$thread = DB_ForumThreadPeer::instance()->selectByPrimaryKey($threadId);
if ($thread == null || $thread->getSiteId() !== $site->getSiteId()) {
throw new ProcessException(_("No thread found... Is it deleted?"), "no_thread");
}
// check if thread blocked
if ($thread->getBlocked()) {
// check if moderator or admin
$c = new Criteria();
$c->add("site_id", $site->getSiteId());
$c->add("user_id", $user->getUserId());
$rel = DB_ModeratorPeer::instance()->selectOne($c);
if (!$rel || strpos($rel->getPermissions(), 'f') == false) {
$rel = DB_AdminPeer::instance()->selectOne($c);
if (!$rel) {
throw new WDPermissionException(_("Sorry, this thread is blocked. Nobody can add new posts nor edit existing ones."));
}
}
}
$category = $thread->getCategory();
WDPermissionManager::instance()->hasForumPermission('edit_thread', $runData->getUser(), $category, $thread);
$runData->contextAdd("thread", $thread);
$db->commit();
}
public function build($runData)
{
$pl = $runData->getParameterList();
$postId = $pl->getParameterValue("postId", "AMODULE");
$user = $runData->getUser();
$site = $runData->getTemp("site");
if ($postId == null || !is_numeric($postId)) {
throw new ProcessException(_("No post specified."), "no_post");
}
$post = DB_ForumPostPeer::instance()->selectByPrimaryKey($postId);
if ($post == null || $post->getSiteId() != $site->getSiteId()) {
throw new ProcessException(_("No post specified."), "no_post");
}
$category = $post->getForumThread()->getCategory();
try {
WDPermissionManager::instance()->hasForumPermission('moderate_forum', $runData->getUser(), $category);
} catch (Exception $e) {
throw new WDPermissionException(_("Sorry, you are not allowed to delete posts. Only site administrators and moderators are the ones who can."));
}
// OK for now...
//check if there any child posts
$c = new Criteria();
$c->add("parent_id", $postId);
$chpc = DB_ForumPostPeer::instance()->selectCount($c);
if ($chpc > 0) {
$runData->contextAdd("hasChildren", true);
}
$runData->contextAdd("post", $post);
$runData->ajaxResponseAdd("postId", $postId);
}
public function build($runData)
{
$pl = $runData->getParameterList();
$threadId = $pl->getParameterValue("threadId");
$site = $runData->getTemp("site");
$db = Database::connection();
$db->begin();
$thread = DB_ForumThreadPeer::instance()->selectByPrimaryKey($threadId);
if ($thread == null || $thread->getSiteId() !== $site->getSiteId()) {
throw new ProcessException(_("No thread found... Is it deleted?"), "no_thread");
}
$category = $thread->getForumCategory();
WDPermissionManager::instance()->hasForumPermission('moderate_forum', $runData->getUser(), $category);
$runData->contextAdd("thread", $thread);
$runData->contextAdd("category", $thread->getForumCategory());
// and select categories to move into too.
$c = new Criteria();
$c->add("site_id", $site->getSiteId());
$c->addOrderDescending("visible");
$c->addOrderAscending("sort_index");
$groups = DB_ForumGroupPeer::instance()->select($c);
$res = array();
foreach ($groups as $g) {
$c = new Criteria();
$c->add("group_id", $g->getGroupId());
$c->addOrderAscending("sort_index");
$categories = DB_ForumCategoryPeer::instance()->select($c);
foreach ($categories as $cat) {
$res[] = array('group' => $g, 'category' => $cat);
}
}
$runData->contextAdd("categories", $res);
$db->commit();
}
public function build($runData)
{
$user = $runData->getUser();
$pl = $runData->getParameterList();
$pageId = $pl->getParameterValue("pageId");
$site = $runData->getTemp("site");
if (!$pageId || !is_numeric($pageId)) {
throw new ProcessException(_("The page can not be found or does not exist."), "no_page");
}
$page = DB_PagePeer::instance()->selectByPrimaryKey($pageId);
if ($page == null || $page->getSiteId() != $site->getSiteId()) {
throw new ProcessException(_("Error getting page information."), "no_page");
}
$category = $page->getCategory();
WDPermissionManager::instance()->hasPagePermission('edit', $user, $category, $page);
// get the tags now
$c = new Criteria();
$c->add("page_id", $pageId);
$c->addOrderAscending("tag");
$tags = DB_PageTagPeer::instance()->select($c);
$t2 = array();
foreach ($tags as $t) {
$t2[] = $t->getTag();
}
$t3 = implode(' ', $t2);
$runData->contextAdd("tags", $t3);
}
public function build($runData)
{
$site = $runData->getTemp("site");
$pl = $runData->getParameterList();
$categoryId = $pl->getParameterValue("c");
if ($categoryId == null || !is_numeric($categoryId)) {
throw new ProcessException(_("No forum category has been specified."));
}
// check for suggested title
$sTitle = $pl->getParameterValue("title");
$c = new Criteria();
$c->add("category_id", $categoryId);
$c->add("site_id", $site->getSiteId());
$category = DB_ForumCategoryPeer::instance()->selectOne($c);
if ($category == null) {
throw new ProcessException(_("No forum category has been specified."));
}
WDPermissionManager::instance()->hasForumPermission('new_thread', $runData->getUser(), $category);
// keep the session - i.e. put an object into session storage not to delete it!!!
$runData->sessionAdd("keep", true);
$this->category = $category;
$runData->contextAdd("category", $category);
$userId = $runData->getUserId();
if ($userId == null) {
$userString = $runData->createIpString();
$runData->contextAdd("anonymousString", $userString);
}
if ($sTitle) {
$runData->contextAdd("title", $sTitle);
}
}
public function isAllowed($runData)
{
if ($runData->getTemp("site")->getSiteId() != 1) {
throw new WDPermissionException("No permission");
}
WDPermissionManager::instance()->hasPermission('manage_site', $runData->getUser(), $runData->getTemp("site"));
return true;
}
public function cloneSiteEvent($runData)
{
$pl = $runData->getParameterList();
$site = $runData->getTemp("site");
$siteId = $site->getSiteId();
WDPermissionManager::instance()->canBecomeAdmin($runData->getUser());
$name = trim($pl->getParameterValue("name"));
$unixName = trim($pl->getParameterValue("unixname"));
$tagline = trim($pl->getParameterValue("tagline"));
$description = trim($pl->getParameterValue("description"));
$private = (bool) $pl->getParameterValue("private");
// validate form data:
$errors = array();
if (strlen($name) < 1) {
$errors['name'] = _("Site name must be present.");
} elseif (strlen8($name) > 30) {
$errors['name'] = _("Site name should not be longer than 30 characters.");
}
// site unix name *************
if ($unixName === null || strlen($unixName) < 3) {
$errors['unixname'] = _("Web address must be present and should be at least 3 characters long.");
} elseif (strlen($unixName) > 30) {
$errors['unixname'] = _("Web address name should not be longer than 30 characters.");
} elseif (preg_match("/^[a-z0-9\\-]+\$/", $unixName) == 0) {
$errors['unixname'] = _('Only lowercase alphanumeric and "-" (dash) characters allowed in the web address.');
} elseif (preg_match("/\\-\\-/", $unixName) !== 0) {
$errors['unixname'] = _('Only lowercase alphanumeric and "-" (dash) characters allowed in the web address. Double-dash (--) is not allowed.');
} else {
$unixName = WDStringUtils::toUnixName($unixName);
if (!$runData->getUser()->getSuperAdmin()) {
// handle forbidden names
$forbiddenUnixNames = explode("\n", file_get_contents(WIKIDOT_ROOT . '/conf/forbidden_site_names.conf'));
foreach ($forbiddenUnixNames as $f) {
if (preg_match($f, $unixName) > 0) {
$errors['unixname'] = _('For some reason this web address is not allowed or is reserved for future use.');
}
}
}
// check if the domain is not taken.
$c = new Criteria();
$c->add("unix_name", $unixName);
$ss = DB_SitePeer::instance()->selectOne($c);
if ($ss) {
$errors['unixname'] = _('Sorry, this web address is already used by another site.');
}
}
if (strlen8($tagline) > 50) {
$errors['tagline'] = _("Tagline should not be longer than 50 characters");
}
if (count($errors) > 0) {
$runData->ajaxResponseAdd("formErrors", $errors);
throw new ProcessException("Form errors", "form_errors");
}
// and now... CREATE THE SITE!!!!!!!!!!!!!!!!
$siteProps = array('name' => $name, 'subtitle' => $tagline, 'unixname' => $unixName, 'description' => $description, 'private' => $private);
$dup = new Duplicator();
$dup->cloneSite($site, $siteProps);
}
/**
* Get files from page
*
* Argument array keys:
* site: site to get page from
* page: page to get (full_name) files from
*
* @param struct $args
* @return struct
*/
public function files($args)
{
$this->parseArgs($args, array("performer", "site", "page"));
WDPermissionManager::instance()->canAccessSite($this->performer, $this->site);
$c = new Criteria();
$c->add("page_id", $this->page->getPageId());
$files = DB_FilePeer::instance()->select($c);
return $this->repr($files);
}
public function saveEvent($runData)
{
$site = $runData->getTemp("site");
$pl = $runData->getParameterList();
$pageId = $pl->getParameterValue("pageId");
if (!is_numeric($pageId)) {
throw new ProcessException(_("Page does not exist."));
}
$page = DB_PagePeer::instance()->selectByPrimaryKey($pageId);
if (!$page) {
throw new ProcessException(_("Page does not exist."));
}
// check permissions
$category = $page->getCategory();
WDPermissionManager::instance()->hasPagePermission('edit', $runData->getUser(), $category, $page);
$data = $pl->getParameterValue("data");
$json = new JSONService();
$listData = $json->decode($data);
//it's time to do some checking
$listData->label = trim($listData->label);
if (!$listData->label) {
throw new ProcessException(_('The SimpleTodo module must have an id (e.g. id="list1").'));
}
$dataArray['label'] = $listData->label;
$listData->title = trim($listData->title);
if (!$listData->title) {
throw new ProcessException(_('Your title field is empty, please correct that.'));
}
$dataArray['title'] = $listData->title;
for ($i = 0; $i < count($listData->data); $i++) {
$listData->data[$i]->text = trim($listData->data[$i]->text);
$listData->data[$i]->link = trim($listData->data[$i]->link);
if (!is_bool($listData->data[$i]->checked)) {
throw new ProcessException(_('Something is wrong witch checkbox (it is not a boolean value).'));
}
if (empty($listData->data[$i]->text)) {
throw new ProcessException(_('One of your text fields is empty, please correct that.'));
}
$dataArray['data'][$i]['text'] = $listData->data[$i]->text;
$dataArray['data'][$i]['link'] = $listData->data[$i]->link;
$dataArray['data'][$i]['checked'] = $listData->data[$i]->checked;
}
$c = new Criteria();
$c->add('label', $listData->label);
$c->add('site_id', $site->getSiteId());
$list = DB_SimpletodoListPeer::instance()->selectOne($c);
if (!$list) {
$list = new DB_SimpletodoList();
$list->setSiteId($site->getSiteId());
$list->setLabel($dataArray['label']);
}
$list->setTitle($dataArray['title']);
$itemData = $json->encode($dataArray['data']);
$list->setData($itemData);
$list->save();
}
public function isAllowed($runData)
{
$pl = $runData->getParameterList();
if ($key = $pl->getParameterValue("key")) {
if (GlobalProperties::$SECRET_MANAGE_SUPERADMIN == $key) {
return true;
}
}
WDPermissionManager::instance()->hasPermission('manage_site', $runData->getUser(), $runData->getTemp("site"));
return true;
}
/**
* Get categories from a site
*
* Argument array keys:
* site: site to get categories from
*
* @param struct $args
* @return struct
*/
public function categories($args)
{
$this->parseArgs($args, array("performer", "site"));
WDPermissionManager::instance()->canAccessSite($this->performer, $this->site);
$c = new Criteria();
$c->add("site_id", $this->site->getSiteId());
$ret = array();
foreach (DB_CategoryPeer::instance()->selectByCriteria($c) as $category) {
$ret[] = $this->repr($category);
}
return $ret;
}
public function build($runData)
{
$pl = $runData->getParameterList();
$threadId = $pl->getParameterValue("threadId");
$site = $runData->getTemp("site");
$db = Database::connection();
$db->begin();
$thread = DB_ForumThreadPeer::instance()->selectByPrimaryKey($threadId);
if ($thread == null || $thread->getSiteId() !== $site->getSiteId()) {
throw new ProcessException(_("No thread found... Is it deleted?"), "no_thread");
}
$category = $thread->getForumCategory();
WDPermissionManager::instance()->hasForumPermission('moderate_forum', $runData->getUser(), $category);
$runData->contextAdd("thread", $thread);
$db->commit();
}
public function build($runData)
{
$pageId = $runData->getParameterList()->getParameterValue("page_id");
$page = DB_PagePeer::instance()->selectByPrimaryKey($pageId);
if ($page == null || $page->getSiteId() != $runData->getTemp("site")->getSiteId()) {
throw new ProcessException(_("Error getting page information."), "no_page");
}
$user = $runData->getUser();
// check permissions now
$category = $page->getCategory();
// now check for permissions!!!
WDPermissionManager::instance()->hasPagePermission('edit', $user, $category, $page);
if ($page->getParentPageId() !== null) {
$parentPage = DB_PagePeer::instance()->selectByPrimaryKey($page->getParentPageId());
$runData->contextAdd("parentPageName", $parentPage->getUnixName());
}
}
public function build($runData)
{
$pl = $runData->getParameterList();
$fileId = $pl->getParameterValue("file_id");
$file = DB_FilePeer::instance()->selectByPrimaryKey($fileId);
if ($file == null || $file->getSiteId() != $runData->getTemp("site")->getSiteId()) {
throw new ProcessException(_("Error getting file information."), "no_file");
}
$page = DB_PagePeer::instance()->selectByPrimaryKey($file->getPageId());
if ($page == null || $page->getSiteId() != $runData->getTemp("site")->getSiteId()) {
throw new ProcessException(_("Error getting file information."), "no_page");
}
// check permissions
$category = $page->getCategory();
// now check for permissions!!!
$user = $runData->getUser();
WDPermissionManager::instance()->hasPagePermission('rename_file', $user, $category);
$runData->contextAdd("file", $file);
}
public function build($runData)
{
$user = $runData->getUser();
if (self::$_counter == 0) {
// check permissions
$page = $runData->getTemp("page");
if ($page) {
$category = $page->getCategory();
//s$runData->getTemp("category");
try {
WDPermissionManager::instance()->hasPagePermission('create', $user, $category);
self::$_canEdit = true;
} catch (Exception $e) {
}
}
}
$runData->contextAdd('canEdit', self::$_canEdit);
$runData->contextAdd('listCounter', self::$_counter);
self::$_counter++;
$pl = $runData->getParameterList();
$label = $pl->getParameterValue("id");
$label = trim($label);
if (!$label) {
throw new ProcessException(_('The SimpleTodo module must have an id.'));
}
if (!in_array($label, self::$_labelArray)) {
array_push(self::$_labelArray, $label);
} else {
throw new ProcessException(_('The id attribute sholud be unique.'));
}
$runData->contextAdd("label", $label);
$site = $runData->getTemp("site");
$c = new Criteria();
$c->add('label', $label);
$c->add('site_id', $site->getSiteId());
$list = DB_SimpletodoListPeer::instance()->selectOne($c);
if ($list) {
$json = new JSONService();
$listData = $json->decode($list->getData());
$runData->contextAdd("title", $list->getTitle());
$runData->contextAdd("data", $listData);
}
}
public function sendEvent($runData)
{
$pl = $runData->getParameterList();
$source = $pl->getParameterValue("source");
$subject = $pl->getParameterValue("subject");
if ($subject == null || $subject === '') {
$subject = "(No subject)";
}
$db = Database::connection();
$db->begin();
$toUserId = $pl->getParameterValue("to_user_id");
// TODO: validation. also check if user exists
$toUser = DB_OzoneUserPeer::instance()->selectByPrimaryKey($toUserId);
if ($toUser == null) {
$message = _("The recipient does not exist.");
throw new ProcessException($message, "no_recipient");
}
// check if allowed
$fromUser = $runData->getUser();
WDPermissionManager::instance()->hasPmPermission($fromUser, $toUser);
// compile content
$wt = new WikiTransformation();
$wt->setMode('pm');
$body = $wt->processSource($source);
$message = new DB_PrivateMessage();
$message->setDate(new ODate());
$message->setFromUserId($runData->getUserId());
$message->setToUserId($toUserId);
$message->setSubject($subject);
$message->setBody($body);
$message->setFlag(0);
// 0 for inbox
$message->save();
NotificationMaker::instance()->privateMessageNotification($message);
//also make a copy for "sent" folder
$message->setNew(true);
$message->setMessageId(null);
$message->setFlag(1);
//1 for sent
$message->save();
$db->commit();
}
public function build($runData)
{
$pl = $runData->getParameterList();
$postId = $pl->getParameterValue("postId", "AMODULE");
$user = $runData->getUser();
$site = $runData->getTemp("site");
if ($postId == null || !is_numeric($postId)) {
throw new ProcessException(_("No post specified."), "no_post");
}
$post = DB_ForumPostPeer::instance()->selectByPrimaryKey($postId);
if ($post == null || $post->getSiteId() != $site->getSiteId()) {
throw new ProcessException(_("No post specified."), "no_post");
}
$category = $post->getForumThread()->getCategory();
WDPermissionManager::instance()->hasForumPermission('edit_post', $runData->getUser(), $category, null, $post);
// check if thread blocked
$thread = $post->getForumThread();
if ($thread->getBlocked()) {
// check if moderator or admin
$c = new Criteria();
$c->add("site_id", $site->getSiteId());
$c->add("user_id", $user->getUserId());
$rel = DB_ModeratorPeer::instance()->selectOne($c);
if (!$rel || strpos($rel->getPermissions(), 'f') == false) {
$rel = DB_AdminPeer::instance()->selectOne($c);
if (!$rel) {
throw new WDPermissionException(_("Sorry, this thread is blocked. Nobody can add new posts nor edit existing ones."));
}
}
}
// OK for now...
// keep the session - i.e. put an object into session storage not to delete it!!!
$runData->sessionAdd("keep", true);
$runData->contextAdd("post", $post);
$runData->ajaxResponseAdd("postId", $postId);
$userId = $runData->getUserId();
if ($userId == null) {
$userString = $runData->createIpString();
$runData->contextAdd("anonymousString", $userString);
}
}
public function build($runData)
{
$site = $runData->getTemp("site");
$pl = $runData->getParameterList();
$pageId = $pl->getParameterValue("pageId");
$page = DB_PagePeer::instance()->selectByPrimaryKey($pageId);
if ($page == null || $page->getSiteId() != $site->getSiteId()) {
throw new ProcessException(_("Problem selecting destination page."), "no_page");
}
$category = $page->getCategory();
// now check for permissions!!!
$user = $runData->getUser();
WDPermissionManager::instance()->hasPagePermission('attach_file', $user, $category, $page);
$totalSize = FileHelper::totalSiteFilesSize($site->getSiteId());
$allowed = $site->getSettings()->getFileStorageSize();
$maxUpload = min($allowed - $totalSize, $site->getSettings()->getMaxUploadFileSize());
$runData->contextAdd("totalSiteSize", FileHelper::formatSize($totalSize));
$runData->contextAdd("totalSiteAllowedSize", FileHelper::formatSize($allowed));
$runData->contextAdd("availableSiteSize", FileHelper::formatSize($allowed - $totalSize));
$runData->contextAdd("maxUpload", $maxUpload);
$runData->contextAdd("maxUploadString", FileHelper::formatSize($maxUpload));
}
public function build($runData)
{
// only check for permissions
$pl = $runData->getParameterList();
$pageId = $pl->getParameterValue("pageId");
$page = DB_PagePeer::instance()->selectByPrimaryKey($pageId);
if ($page == null || $page->getSiteId() != $runData->getTemp("site")->getSiteId()) {
throw new ProcessException(_("Error getting page information."), "no_page");
}
$delete = $pl->getParameterValue("delete");
$user = $runData->getUser();
if ($delete) {
$newName = 'deleted:' . $page->getUnixName();
$runData->contextAdd("delete", true);
} else {
$newName = $page->getUnixName();
}
$category = $page->getCategory();
$runData->contextAdd("page", $page);
$runData->contextAdd("newName", $newName);
// now check for permissions!!!
WDPermissionManager::instance()->hasPagePermission('move', $user, $category, $page);
$canDelete = true;
try {
WDPermissionManager::instance()->hasPagePermission('delete', $user, $category, $page);
} catch (Exception $e) {
$canDelete = false;
}
$runData->contextAdd("canDelete", $canDelete);
// check if belongs to a special category...
$categoryName = $category->getName();
if ($categoryName == "forum") {
$runData->contextAdd("isForum", true);
}
if ($categoryName == "admin") {
$runData->contextAdd("isAdmin", true);
}
}
public function toAdminsEvent($runData)
{
$userId = $runData->getParameterList()->getParameterValue("user_id");
$siteId = $runData->getTemp("site")->getSiteId();
$site = $runData->getTemp("site");
$db = Database::connection();
$db->begin();
$user = DB_OzoneUserPeer::instance()->selectByPrimaryKey($userId);
if ($user == null) {
$runData->ajaxResponseAdd("status", "no_user");
$runData->ajaxResponseAdd("message", _("The user does not exist? This should not happen."));
$db->commit();
return;
}
// check if a member
$c = new Criteria();
$c->add("user_id", $userId);
$c->add("site_id", $siteId);
$mem = DB_MemberPeer::instance()->selectOne($c);
if ($mem == null) {
$runData->ajaxResponseAdd("status", "not_member");
$runData->ajaxResponseAdd("message", _("The user is not a member of this site (anymore)."));
$db->commit();
return;
}
// check if not already a moderator
$mod = DB_ModeratorPeer::instance()->selectOne($c);
if ($mod != null) {
$runData->ajaxResponseAdd("status", "already_moderator");
$runData->ajaxResponseAdd("message", _("The user is already a moderator of this site."));
$db->commit();
return;
}
// check if not already an admin. The roles should not duplicate.
$mod = DB_AdminPeer::instance()->selectOne($c);
if ($mod != null) {
$runData->ajaxResponseAdd("status", "already_admin");
$runData->ajaxResponseAdd("message", _("The user is already an administrator of this site."));
$db->commit();
return;
}
WDPermissionManager::instance()->canBecomeAdmin($user);
// ok, add now!
$mod = new DB_Admin();
$mod->setSiteId($siteId);
$mod->setUserId($userId);
$mod->save();
// and create a notification too...
NotificationMaker::instance()->addedToAdmins($site, $user);
$runData->ajaxResponseAdd("userName", $user->getNickName());
$db->commit();
}
public function isAllowed($runData)
{
WDPermissionManager::instance()->hasPermission('account', $runData->getUser());
return true;
}
public function deletePageEvent($runData)
{
$pl = $runData->getParameterList();
$pageId = $pl->getParameterValue("page_id");
$site = $runData->getTemp("site");
$db = Database::connection();
$db->begin();
$c = new Criteria();
$c->add("page_id", $pageId);
$c->setForUpdate(true);
$page = DB_PagePeer::instance()->selectOne($c);
if ($page == null || $page->getSiteId() != $site->getSiteId()) {
throw new ProcessException(_("Error getting page information."), "no_page");
}
$user = $runData->getUser();
$category = $page->getCategory();
WDPermissionManager::instance()->hasPagePermission('delete', $user, $category, $page);
// ok, delete... sad but true.
$deleter = Deleter::instance();
$deleter->deletePage($page, $site);
$db->commit();
if (GlobalProperties::$UI_SLEEP) {
sleep(1);
}
}
public function isAllowed($runData)
{
WDPermissionManager::instance()->hasPermission('manage_site', $runData->getUser(), $runData->getTemp("site"));
return true;
}
public function createSiteEvent($runData)
{
WDPermissionManager::instance()->canBecomeAdmin($runData->getUser());
$pl = $runData->getParameterList();
$name = trim($pl->getParameterValue("name"));
$unixName = trim($pl->getParameterValue("unixname"));
$tagline = trim($pl->getParameterValue("tagline"));
$templateId = $pl->getParameterValue("template");
$private = (bool) $pl->getParameterValue("private");
// validate form data:
$errors = array();
if (strlen($name) < 1) {
$errors['name'] = _("Site name must be present.");
} elseif (strlen8($name) > 30) {
$errors['name'] = _("Site name should not be longer than 30 characters.");
}
// site unix name *************
if ($unixName === null || strlen($unixName) < 3) {
$errors['unixname'] = _("Web address must be present and should be at least 3 characters long.");
} elseif (strlen($unixName) > 30) {
$errors['unixname'] = _("Web address name should not be longer than 30 characters.");
} elseif (preg_match("/^[a-z0-9\\-]+\$/", $unixName) == 0) {
$errors['unixname'] = _('Only lowercase alphanumeric and "-" (dash) characters allowed in the web address.');
} elseif (preg_match("/\\-\\-/", $unixName) !== 0) {
$errors['unixname'] = _('Only lowercase alphanumeric and "-" (dash) characters allowed in the web address. Double-dash (--) is not allowed.');
} else {
$unixName = WDStringUtils::toUnixName($unixName);
if (!$runData->getUser()->getSuperAdmin()) {
// handle forbidden names
$forbiddenUnixNames = explode("\n", file_get_contents(WIKIDOT_ROOT . '/conf/forbidden_site_names.conf'));
foreach ($forbiddenUnixNames as $f) {
if (preg_match($f, $unixName) > 0) {
$errors['unixname'] = _('For some reason this web address is not allowed or is reserved for future use.');
}
}
}
// check if the domain is not taken.
$c = new Criteria();
$c->add("unix_name", $unixName);
$ss = DB_SitePeer::instance()->selectOne($c);
if ($ss) {
$errors['unixname'] = _('Sorry, this web address is already used by another site.');
}
}
// template
if (!$templateId) {
$errors['template'] = _('Please choose a template for your site');
}
if (strlen8($tagline) > 50) {
$errors['tagline'] = _("Tagline should not be longer than 50 characters");
}
// TOS
if (!$pl->getParameterValue("tos")) {
$errors['tos'] = _("Please read and agree to the Terms of Service.");
}
if (count($errors) > 0) {
$runData->ajaxResponseAdd("formErrors", $errors);
throw new ProcessException("Form errors", "form_errors");
}
// and now... CREATE THE SITE!!!!!!!!!!!!!!!!
$dup = new Duplicator();
$dup->setOwner($runData->getUser());
$db = Database::connection();
$db->begin();
$templateSite = DB_SitePeer::instance()->selectByPrimaryKey($templateId);
if (!preg_match(';^template\\-;', $templateSite->getUnixName())) {
throw new ProcessException('Error');
}
$site = new DB_Site();
$site->setName($name);
$site->setSubtitle($tagline);
$site->setUnixName($unixName);
$site->setLanguage($templateSite->getLanguage());
$site->setDateCreated(new ODate());
$site->setPrivate($private);
if ($private) {
// change file flag too
$flagDir = WIKIDOT_ROOT . '/web/files--sites/' . $site->getUnixName() . '/flags';
$flagFile = $flagDir . '/private';
mkdirfull($flagDir);
//just to make sure
if (!file_exists($flagFile)) {
file_put_contents($flagFile, "private");
}
}
$site->save();
$dup->addExcludedCategory("forum");
// should be initialized independently
$dup->addExcludedCategory("profile");
$dup->duplicateSite($templateSite, $site);
// index the site too
$ind = Indexer::instance();
$c = new Criteria();
$c->add("site_id", $site->getSiteId());
$pages = DB_PagePeer::instance()->select($c);
foreach ($pages as $p) {
$ind->indexPage($p);
}
$db->commit();
// clear captcha code
$runData->sessionDel("captchaCode");
$runData->ajaxResponseAdd("siteUnixName", $unixName);
}
public function applyByPasswordEvent($runData)
{
$site = $runData->getTemp("site");
$pl = $runData->getParameterList();
$comment = $pl->getParameterValue("comment");
$userId = $runData->getUserId();
$settings = $site->getSettings();
$db = Database::connection();
$db->begin();
if (!$settings->getAllowMembershipByPassword()) {
throw new ProcessException(_("Applying is disabled for this site."), "not_enabled");
}
$user = $runData->getUser();
if ($user == null) {
throw new ProcessException(_("Sorry, you are not logged in. Anonymous users can not apply ;-)"));
}
// check for permissions
WDPermissionManager::instance()->hasPermission("become_member", $user, $site);
$c = new Criteria();
$c->add("site_id", $site->getSiteId());
$c->add("user_id", $userId);
$a = DB_MemberPeer::instance()->selectOne($c);
if ($a != null) {
$runData->ajaxResponseAdd('status', 'already_member');
$runData->ajaxResponseAdd("message", _("You already are a member of this site."));
$db->commit();
return;
}
$password = $pl->getParameterValue("password");
if ($password === $settings->getMembershipPassword()) {
// create member...
// check if not >=10 members
if ($site->getPrivate()) {
$settings = $site->getSettings();
$maxMembers = $settings->getMaxPrivateMembers();
$c = new Criteria();
$c->add("site_id", $site->getSiteId());
$cmem = DB_MemberPeer::instance()->selectCount($c);
if ($cmem >= $maxMembers) {
throw new ProcessException(sprintf(_('Sorry, at the moment max %d member limit apply for private Wikis. The Site would have to be upgraded to allow more members.'), $maxMembers));
}
}
$mem = new DB_Member();
$mem->setUserId($userId);
$mem->setSiteId($site->getSiteId());
$mem->setDateJoined(new ODate());
$mem->save();
$ml = new DB_MembershipLink();
$ml->setUserId($userId);
$ml->setSiteId($site->getSiteId());
$ml->setDate(new ODate());
$ml->setType('BY_PASSWORD');
$ml->save();
$runData->ajaxResponseAdd("message", _("Congratulations! You are now a member of this site!"));
// remove application (if any) and invitations
$c = new Criteria();
$c->add("site_id", $site->getSiteId());
$c->add("user_id", $userId);
DB_MemberApplicationPeer::instance()->delete($c);
DB_MemberInvitationPeer::instance()->delete($c);
AdminNotificationMaker::instance()->newMemberByPassword($site, $user);
} else {
$runData->ajaxResponseAdd('status', 'wrong_password');
$runData->ajaxResponseAdd("message", _("Sorry, wrong password..."));
$db->commit();
return;
}
$db->commit();
}
public function deleteFileEvent($runData)
{
$pl = $runData->getParameterList();
$fileId = $pl->getParameterValue("file_id");
$destinationPageName = $pl->getParameterValue("destination_page_name");
$site = $runData->getTemp("site");
$db = Database::connection();
$db->begin();
$file = DB_FilePeer::instance()->selectByPrimaryKey($fileId);
if ($file == null || $file->getSiteId() != $site->getSiteId()) {
throw new ProcessException("File does not exist.", "no_file");
}
$page = DB_PagePeer::instance()->selectByPrimaryKey($file->getPageId());
if ($page == null) {
throw new ProcessException(_("Page does not exist."), "no_page");
}
$category = $page->getCategory();
// now check for permissions!!!
$user = $runData->getUser();
WDPermissionManager::instance()->hasPagePermission('delete_file', $user, $category, $page);
// remove file! and create another revision too...
@unlink($file->getFilePath());
// delete resized images if exist
if ($file->getHasResized()) {
$cmd = "rm -r " . escapeshellarg($file->getResizedDir());
exec($cmd);
}
DB_FilePeer::instance()->deleteByPrimaryKey($file->getFileId());
// create a new revision
$revision = $page->getCurrentRevision();
$revision->setNew(true);
$revision->setRevisionId(null);
$revision->resetFlags();
$revision->setFlagFile(true);
$revision->setRevisionNumber($revision->getRevisionNumber() + 1);
$now = new ODate();
$revision->setDateLastEdited($now);
$userId = $runData->getUserId();
if ($userId == null) {
$userString = $runData->createIpString();
}
if ($userId) {
$revision->setUserId($userId);
$page->setLastEditUserId($userId);
} else {
$revision->setUserId(0);
$page->setLastEditUserId(0);
$revision->setUserString($userString);
$page->setLastEditUserString($userString);
}
$revision->setComments('File "' . $file->getFilename() . '" deleted.');
$revision->save();
$page->setRevisionId($revision->getRevisionId());
$page->setDateLastEdited($now);
$page->setRevisionNumber($revision->getRevisionNumber());
$page->save();
$od = new Outdater();
$od->pageEvent('file_change', $page);
$db->commit();
}
public function build($runData)
{
$pl = $runData->getParameterList();
$postId = $pl->getParameterValue("postId");
$threadId = $pl->getParameterValue("threadId");
$user = $runData->getUser();
$site = $runData->getTemp("site");
$title = '';
$db = Database::connection();
$db->begin();
$thread = DB_ForumThreadPeer::instance()->selectByPrimaryKey($threadId);
if ($thread == null || $thread->getSiteId() !== $site->getSiteId()) {
throw new ProcessException(_("No thread found... Is it deleted?"), "no_thread");
}
// check if thread blocked
if ($thread->getBlocked()) {
// check if moderator or admin
if ($runData->getUser()) {
$c = new Criteria();
$c->add("site_id", $site->getSiteId());
$c->add("user_id", $user->getUserId());
$rel = DB_ModeratorPeer::instance()->selectOne($c);
}
if (!$rel || strpos($rel->getPermissions(), 'f') == false) {
$rel = DB_AdminPeer::instance()->selectOne($c);
if (!$rel) {
throw new WDPermissionException(_("Sorry, this thread is blocked. Nobody can add new posts nor edit existing ones."));
}
}
}
// now check if user is allowed
$category = $thread->getCategory();
WDPermissionManager::instance()->hasForumPermission('new_post', $runData->getUser(), $category);
if ($postId !== null && is_numeric($postId)) {
$post = DB_ForumPostPeer::instance()->selectByPrimaryKey($postId);
if ($post == null || $post->getThreadId() !== $thread->getThreadId()) {
throw new ProcessException(_("Original post does not exist! Please reload the page to make it up-to-date."), "no_post");
}
// try to determine true parent id based on the nesting level.
// TODO!
$maxNest = $thread->getForumCategory()->getEffectiveMaxNestLevel();
// now check the nest level of the post... woooo...
$parentId6 = $post->getParentId();
$nestLevel6 = 0;
$parents = array();
while ($parentId6 != null) {
$parent6 = DB_ForumPostPeer::instance()->selectByPrimaryKey($parentId6);
$parents[] = $parent6;
$parentId6 = $parent6->getParentId();
$nestLevel6++;
}
if ($nestLevel6 >= $maxNest) {
// change parent id to the maxNest-1 in the chain
$parent = $parents[$nestLevel6 - ($maxNest - 1) - 1];
if ($parent) {
$parentId = $parent->getPostId();
$parentChanged = true;
}
} else {
$parentId = $post->getPostId();
}
$title = preg_replace('/^Re:\\s?/', '', $post->getTitle());
$title = 'Re: ' . $title;
} else {
// only if NOT a page discussion
if ($thread->getPageId() == null) {
$title = 'Re: ' . $thread->getTitle();
}
}
$runData->contextAdd("thread", $thread);
if ($parentId) {
$runData->ajaxResponseAdd("parentId", $parentId);
$runData->contextAdd("parentId", $parentId);
if ($parentChanged) {
$runData->ajaxResponseAdd("parentChanged", true);
}
}
$runData->contextAdd("title", $title);
// keep the session - i.e. put an object into session storage not to delete it!!!
$runData->sessionAdd("keep", true);
$userId = $runData->getUserId();
if ($userId == null) {
$userString = $runData->createIpString();
$runData->contextAdd("anonymousString", $userString);
}
$db->commit();
}
public function build($runData)
{
$pl = $runData->getParameterList();
$site = $runData->getTemp("site");
$pageId = $pl->getParameterValue("page_id");
$mode = $pl->getParameterValue("mode");
$runData->ajaxResponseAdd("mode", $mode);
$user = $runData->getUser();
$userId = $runData->getUserId();
if ($userId == null) {
$userString = $runData->createIpString();
$runData->contextAdd("anonymousString", $userString);
}
$db = Database::connection();
$db->begin();
if ($pageId === null || $pageId === '') {
// means probably creating a new page
// no context is needed
$runData->sessionStart();
$mode = "page";
$runData->contextAdd("mode", $mode);
$runData->contextAdd("newPage", true);
// first create if a page not already exists!
$unixName = $pl->getParameterValue("wiki_page");
$unixName = WDStringUtils::toUnixName($unixName);
// purify! (for sure)
if (!$unixName) {
throw new ProcessException(_("The page can not be found or does not exist."), "no_page");
}
$page = DB_PagePeer::instance()->selectByName($site->getSiteId(), $unixName);
if ($page != null) {
// page exists!!! error!
throw new ProcessException(_("The page you want to create already exists. Please refresh the page in your browser to see it."));
/* $runData->ajaxResponseAdd("pageExists", true);
$runData->ajaxResponseAdd("locked", true); //well, it is somehow locked...
$runData->setModuleTemplate("edit/NewPageExistsWinModule");
$db->commit();
return; */
}
// extract category name
if (strpos($unixName, ':') != false) {
// ok, there is category!
$exp = explode(':', $unixName);
$categoryName = $exp[0];
$suggestedTitle = ucwords(str_replace("-", " ", $exp[1]));
} else {
// no category name, "_default" assumed
$categoryName = "_default";
$suggestedTitle = ucwords(str_replace("-", " ", $unixName));
}
$stitle = $pl->getParameterValue("title");
if ($stitle) {
$suggestedTitle = $stitle;
}
$category = DB_CategoryPeer::instance()->selectByName($categoryName, $site->getSiteId());
if ($category == null) {
// get the default!
//$category = DB_CategoryPeer::instance()->selectByName('_default', $site->getSiteId());
$category = $this->createTempCategory($categoryName, $site);
}
// now check for permissions!!!
WDPermissionManager::instance()->hasPagePermission('create', $user, $category);
$autoincrement = false;
if (preg_match(';^([a-z0-9]+:)?' . self::$AUTOINCREMENT_PAGE . '$;', $unixName)) {
$autoincrement = true;
}
if (!$autoincrement) {
$lock = new DB_PageEditLock();
$lock->setPageUnixName($unixName);
$lock->setSiteId($site->getSiteId());
$lock->setUserId($runData->getUserId());
$lock->setUserString($runData->getSession()->getIpAddress());
$lock->setDateStarted(new ODate());
$lock->setDateLastAccessed(new ODate());
$lock->setMode("page");
if ($pl->getParameterValue("force_lock") != null) {
$lock->deleteConflicts();
} else {
// check for conflicts
$conflicts = $lock->getConflicts();
if ($conflicts != null) {
$runData->ajaxResponseAdd("locked", true);
$runData->setModuleTemplate("edit/NewPageLockedWinModule");
$runData->contextAdd("locks", $conflicts);
return;
}
}
$secret = md5(time() . rand(1000, 9999));
$lock->setSecret($secret);
$lock->setSessionId($runData->getSession()->getSessionId());
$lock->save();
$runData->ajaxResponseAdd('lock_id', $lock->getLockId());
$runData->ajaxResponseAdd('lock_secret', $secret);
} else {
$runData->contextAdd('disableLocks', true);
$runData->ajaxResponseAdd('disableLocks', true);
}
$runData->contextAdd("title", $suggestedTitle);
/* Select available templates, but only if the category does not have a live template. */
$templatePage = $category->getTemplatePage();
if ($templatePage && ($form = Wikidot_Form::fromSource($templatePage->getSource()))) {
$runData->contextAdd("form", new Wikidot_Form_Renderer($form));
} elseif (!$templatePage || !preg_match(';^={4,}$;sm', $templatePage->getSource())) {
$templatesCategory = DB_CategoryPeer::instance()->selectByName("template", $site->getSiteId());
if ($templatesCategory != null) {
$c = new Criteria();
$c->add("category_id", $templatesCategory->getCategoryId());
$c->addOrderAscending("title");
$templates = DB_PagePeer::instance()->select($c);
$runData->contextAdd("templates", $templates);
}
// check if there is a default template...
if ($category != null) {
if ($category->getTemplateId() != null) {
$runData->contextAdd("templateId", $category->getTemplateId());
}
}
} else {
/* Has default template, try to populate the edit box with initial content. */
$templateSource = $templatePage->getSource();
$split = preg_split(';^={4,}$;sm', $templateSource);
if (count($split) >= 2) {
/* Fine, there is some initial content. */
$templateSource = trim(preg_replace(";^.*?\n={4,};s", '', $templateSource));
} else {
$templateSource = '';
}
$runData->contextAdd('source', $templateSource);
}
$db->commit();
return;
}
// now if editing an existing page...
if (!$pageId || !is_numeric($pageId)) {
throw new ProcessException(_("The page can not be found or does not exist."), "no_page");
}
$page = DB_PagePeer::instance()->selectByPrimaryKey($pageId);
if (!$page || $page->getSiteId() !== $site->getSiteId()) {
throw new ProcessException(_("The page can not be found or does not exist."), "no_page");
}
$category = $page->getCategory();
if ($category == null) {
throw new ProcessException(_("Internal error - page category does not exist!!!"));
}
// now check for permissions!
WDPermissionManager::instance()->hasPagePermission('edit', $user, $category, $page);
// now check if form is defined
$templatePage = $category->getTemplatePage();
if (preg_match('/^[^:]*:[^_]|^[^_:][^:]*$/', $page->getUnixName()) && $templatePage && ($form = Wikidot_Form::fromSource($templatePage->getSource()))) {
$form->setDataFromYaml($page->getSource());
$runData->contextAdd("form", new Wikidot_Form_Renderer($form));
// check if mode is sections if page is editable in this mode
} elseif ($mode == "section") {
$compiledContent = $page->getCompiled()->getText();
$editable = WDEditUtils::sectionsEditable($compiledContent);
if ($editable == false) {
throw new ProcessException(_("Sections are not editable due to unclear section structure. This sometimes happen when nested headings are used (inside other page elements) or the page include other pages."), "sections_uneditable");
}
// ok, get ranges for edit now.
$pageSource = $page->getSource();
$rangeMap = WDEditUtils::sectionMapping($pageSource);
$sectionId = $pl->getParameterValue("section");
if (!isset($rangeMap[$sectionId])) {
throw new ProcessException(_("Sections are not editable due to unclear section structure. This sometimes happen when nested headings are used (inside other page elements) or the page include other pages."), "sections_uneditable");
}
$rangeStart = $rangeMap[$sectionId]['start'];
$rangeEnd = $rangeMap[$sectionId]['end'];
$runData->ajaxResponseAdd('section', $sectionId);
$runData->ajaxResponseAdd('rangeStart', $rangeStart);
$runData->ajaxResponseAdd('rangeEnd', $rangeEnd);
}
// if we have not returned yet it means that the lock does not exist or is expired
// if session is not started - start it!
$runData->sessionStart();
// create new page lock
$lock = new DB_PageEditLock();
$lock->setPageId($page->getPageId());
$lock->setPageUnixName($page->getUnixName());
$lock->setSiteId($site->getSiteId());
$lock->setUserId($runData->getUserId());
$lock->setUserString($runData->getSession()->getIpAddress());
$lock->setDateStarted(new ODate());
$lock->setDateLastAccessed(new ODate());
$lock->setMode($mode);
if ($mode == "section") {
$lock->setRangeStart($rangeStart);
$lock->setRangeEnd($rangeEnd);
}
// delete outdated...
DB_PageEditLockPeer::instance()->deleteOutdated($pageId);
// check for conflicts
if ($pl->getParameterValue("force_lock") != null) {
$lock->deleteConflicts();
} else {
$blocklocks = $lock->getConflicts();
if ($blocklocks != null) {
// conflicting locks exist.
$runData->setModuleTemplate("edit/LockExistsWinModule");
$runData->ajaxResponseAdd("locked", true);
$runData->contextAdd("locks", $blocklocks);
return;
}
}
$secret = md5(time() . rand(1000, 9999));
$lock->setSecret($secret);
$lock->setSessionId($runData->getSession()->getSessionId());
$lock->save();
$runData->ajaxResponseAdd('lock_id', $lock->getLockId());
$runData->ajaxResponseAdd('lock_secret', $secret);
// also put current page revision in case one wants to regain lock after expired.
$runData->ajaxResponseAdd('page_revision_id', $page->getRevisionId());
// keep the session - i.e. put an object into session storage not to delete it!!!
$runData->sessionAdd("keep", true);
if ($mode == "page") {
$pageSource = $page->getSource();
$runData->contextAdd("source", $pageSource);
}
if ($mode == "append") {
$runData->contextAdd("source", "");
// source not required...
}
if ($mode == "section") {
// slice the source...
$sliced = explode("\n", $pageSource);
$s = array_slice($sliced, $rangeStart, $rangeEnd - $rangeStart + 1);
$runData->contextAdd("source", trim(implode("\n", $s)));
}
$runData->contextAdd("title", $page->getTitleRaw());
$runData->contextAdd("pageId", $page->getPageId());
$runData->contextAdd("mode", $mode);
$runData->ajaxResponseAdd("timeLeft", 15 * 60);
$db->commit();
}
public function deletePostEvent($runData)
{
$pl = $runData->getParameterList();
$site = $runData->getTemp("site");
$postId = $pl->getParameterValue("postId");
if ($postId == null || !is_numeric($postId)) {
throw new ProcessException(_("No such post."), "no_post");
}
$db = Database::connection();
$db->begin();
$post = DB_ForumPostPeer::instance()->selectByPrimaryKey($postId);
if ($post == null || $post->getSiteId() != $site->getSiteId()) {
throw new ProcessException(_("No such post."), "no_post");
}
$thread = $post->getForumThread();
$category = $thread->getForumCategory();
try {
WDPermissionManager::instance()->hasForumPermission('moderate_forum', $runData->getUser(), $category);
} catch (Exception $e) {
throw new WDPermissionException(_("Sorry, you are not allowed to delete posts. Only site administrators and moderators are the ones who can."));
}
$c = new Criteria();
$c->add("parent_id", $postId);
$toDelete = array();
$chposts = DB_ForumPostPeer::instance()->select($c);
while ($chposts && count($chposts) > 0) {
$toDelete = array_merge($toDelete, $chposts);
$c = new Criteria();
foreach ($chposts as $f) {
$c->addOr("parent_id", $f->getPostId());
}
$chposts = DB_ForumPostPeer::instance()->select($c);
}
DB_ForumPostPeer::instance()->deleteByPrimaryKey($post->getPostId());
foreach ($toDelete as $f) {
DB_ForumPostPeer::instance()->deleteByPrimaryKey($f->getPostId());
}
// now recalculate a few things...
$thread->calculateNumberPosts();
$thread->findLastPost();
$thread->save();
$category->calculateNumberPosts();
$category->findLastPost();
$category->save();
// outdate
$o = new Outdater();
$o->forumEvent("thread_save", $thread);
// index thread
Indexer::instance()->indexThread($thread);
EventLogger::instance()->logPostDelete($thread, $post->getTitle());
$db->commit();
if (GlobalProperties::$UI_SLEEP) {
sleep(1);
}
}
