private function _send_reset($form) { $user_name = $form->reset->inputs["name"]->value; $user = user::lookup_by_name($user_name); if ($user && !empty($user->email)) { $user->hash = random::hash(); $user->save(); $message = new View("reset_password.html"); $message->confirm_url = url::abs_site("password/do_reset?key={$user->hash}"); $message->user = $user; Sendmail::factory()->to($user->email)->subject(t("Password Reset Request"))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=UTF-8")->message($message->render())->send(); log::success("user", t("Password reset email sent for user %name", array("name" => $user->name))); } else { if (!$user) { // Don't include the username here until you're sure that it's XSS safe log::warning("user", t("Password reset email requested for user %user_name, which does not exist.", array("user_name" => $user_name))); } else { log::warning("user", t("Password reset failed for %user_name (has no email address on record).", array("user_name" => $user->name))); } } // Always pretend that an email has been sent to avoid leaking // information on what user names are actually real. message::success(t("Password reset email sent")); json::reply(array("result" => "success")); }
public function save($module_name, $var_name) { access::verify_csrf(); module::set_var($module_name, $var_name, Input::instance()->post("value")); message::success(t("Saved value for %var (%module_name)", array("var" => $var_name, "module_name" => $module_name))); json::reply(array("result" => "success")); }
public function auth() { if (!identity::active_user()->admin) { access::forbidden(); } access::verify_csrf(); $form = self::_form(); $valid = $form->validate(); $user = identity::active_user(); if ($valid) { module::event("user_auth", $user); if (!request::is_ajax()) { message::success(t("Successfully re-authenticated!")); } url::redirect(Session::instance()->get_once("continue_url")); } else { $name = $user->name; log::warning("user", t("Failed re-authentication for %name", array("name" => $name))); module::event("user_auth_failed", $name); if (request::is_ajax()) { $v = new View("reauthenticate.html"); $v->form = $form; $v->user_name = identity::active_user()->name; json::reply(array("html" => (string) $v)); } else { self::_show_form($form); } } }
public function reset_api_key() { access::verify_csrf(); rest::reset_access_key(); message::success(t("Your REST API key has been reset.")); json::reply(array("result" => "success")); }
public function confirm() { access::verify_csrf(); $messages = array("error" => array(), "warn" => array()); $desired_list = array(); foreach (module::available() as $module_name => $info) { if ($info->locked) { continue; } if ($desired = Input::instance()->post($module_name) == 1) { $desired_list[] = $module_name; } if ($info->active && !$desired && module::is_active($module_name)) { $messages = array_merge($messages, module::can_deactivate($module_name)); } else { if (!$info->active && $desired && !module::is_active($module_name)) { $messages = array_merge($messages, module::can_activate($module_name)); } } } if (empty($messages["error"]) && empty($messages["warn"])) { $this->_do_save(); $result["reload"] = 1; } else { $v = new View("admin_modules_confirm.html"); $v->messages = $messages; $v->modules = $desired_list; $result["dialog"] = (string) $v; $result["allow_continue"] = empty($messages["error"]); } json::reply($result); }
/** * Allows the given item to be displayed again. * * @param int $id the item id */ public function show($id) { $item = model_cache::get("item", $id); $msg = t("Displayed <b>%title</b> item", array("title" => html::purify($item->title))); $this->_check_hide_permissions($item); hide::show($item); message::success($msg); json::reply(array("result" => "success", "reload" => 1)); }
public function star_only_off() { //$item = model_cache::get("item", $id); access::verify_csrf(); $msg = t("Showing all items."); //$this->_check_star_permissions($item); star::star_only_off(); message::success($msg); json::reply(array("result" => "success", "reload" => 1)); }
public function save() { access::verify_csrf(); if (!identity::active_user()->admin) { access::forbidden(); } $locale = Gallery_I18n::instance()->locale(); $input = Input::instance(); $key = $input->post("l10n-message-key"); $root_message = ORM::factory("incoming_translation")->where("key", "=", $key)->where("locale", "=", "root")->find(); if (!$root_message->loaded()) { throw new Exception("@todo bad request data / illegal state"); } $is_plural = Gallery_I18n::is_plural_message(unserialize($root_message->message)); $is_empty = true; if ($is_plural) { $plural_forms = l10n_client::plural_forms($locale); $translation = array(); foreach ($plural_forms as $plural_form) { $value = $input->post("l10n-edit-plural-translation-{$plural_form}"); if (null === $value || !is_string($value)) { throw new Exception("@todo bad request data"); } $translation[$plural_form] = $value; $is_empty = $is_empty && empty($value); } } else { $translation = $input->post("l10n-edit-translation"); $is_empty = empty($translation); if (null === $translation || !is_string($translation)) { throw new Exception("@todo bad request data"); } } $entry = ORM::factory("outgoing_translation")->where("key", "=", $key)->where("locale", "=", $locale)->find(); if ($is_empty) { if ($entry->loaded()) { $entry->delete(); } } else { if (!$entry->loaded()) { $entry->key = $key; $entry->locale = $locale; $entry->message = $root_message->message; $entry->base_revision = null; } $entry->translation = serialize($translation); $entry_from_incoming = ORM::factory("incoming_translation")->where("key", "=", $key)->where("locale", "=", $locale)->find(); if (!$entry_from_incoming->loaded()) { $entry->base_revision = $entry_from_incoming->revision; } $entry->save(); } Gallery_I18n::clear_cache($locale); json::reply(new stdClass()); }
public function auth_ajax() { access::verify_csrf(); list($valid, $form) = $this->_auth("login/auth_ajax"); if ($valid) { json::reply(array("result" => "success")); } else { $view = new View("login_ajax.html"); $view->form = $form; json::reply(array("result" => "error", "html" => (string) $view)); } }
public function doClear($id) { $photo = ORM::factory("item", $id); $rateid = "rate" . $id; $ratable = db::build()->select("id")->from("ratables")->where("ratableKey", "=", $rateid)->execute()->current(); if (db::build()->select("id")->from("ratings")->where("ratable_id", "=", $ratable->id)->execute()->count() < 1) { message::warning(t("No votes have been registered for this item: Nothing cleared!")); json::reply(array("result" => "success", "location" => $photo->url())); return; } $ratings = db::build()->delete("ratings")->where("ratable_id", "=", $ratable->id)->execute(); message::success(t("All ratings and votes for this item have been cleared!")); json::reply(array("result" => "success", "location" => $photo->url())); }
private static function _reauth_check() { $session = Session::instance(); $last_active_auth = $session->get("active_auth_timestamp", 0); $last_admin_area_activity = $session->get("admin_area_activity_timestamp", 0); $admin_area_timeout = module::get_var("gallery", "admin_area_timeout"); $time_remaining = max($last_active_auth, $last_admin_area_activity) + $admin_area_timeout - time(); $result = new stdClass(); $result->result = "success"; if ($time_remaining < 30) { message::success(t("Automatically logged out of the admin area for your security")); $result->location = url::abs_site(""); } json::reply($result); }
public function send($id) { access::verify_csrf(); $user = identity::lookup_user($id); if (!$this->_can_view_profile_pages($user)) { throw new Kohana_404_Exception(); } $form = user_profile::get_contact_form($user); if ($form->validate()) { Sendmail::factory()->to($user->email)->subject(html::clean($form->message->subject->value))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=UTF-8")->reply_to($form->message->reply_to->value)->message(html::purify($form->message->message->value))->send(); message::success(t("Sent message to %user_name", array("user_name" => $user->display_name()))); json::reply(array("result" => "success")); } else { json::reply(array("result" => "error", "html" => (string) $form)); } }
public function save() { access::verify_csrf(); $input = Input::instance(); locales::update_installed($input->post("installed_locales")); $installed_locales = array_keys(locales::installed()); $new_default_locale = $input->post("default_locale"); if (!in_array($new_default_locale, $installed_locales)) { if (!empty($installed_locales)) { $new_default_locale = $installed_locales[0]; } else { $new_default_locale = "en_US"; } } module::set_var("gallery", "default_locale", $new_default_locale); json::reply(array("result" => "success")); }
/** * Add a new comment to the collection. */ public function create($id) { $item = ORM::factory("item", $id); access::required("view", $item); if (!comment::can_comment()) { access::forbidden(); } $form = comment::get_add_form($item); try { $valid = $form->validate(); $comment = ORM::factory("comment"); $comment->item_id = $id; $comment->author_id = identity::active_user()->id; $comment->text = $form->add_comment->text->value; $comment->guest_name = $form->add_comment->inputs["name"]->value; $comment->guest_email = $form->add_comment->email->value; $comment->guest_url = $form->add_comment->url->value; $comment->validate(); } catch (ORM_Validation_Exception $e) { // Translate ORM validation errors into form error messages foreach ($e->validation->errors() as $key => $error) { switch ($key) { case "guest_name": $key = "name"; break; case "guest_email": $key = "email"; break; case "guest_url": $key = "url"; break; } $form->add_comment->inputs[$key]->add_error($error, 1); } $valid = false; } if ($valid) { $comment->save(); $view = new Theme_View("comment.html", "other", "comment-fragment"); $view->comment = $comment; json::reply(array("result" => "success", "view" => (string) $view, "form" => (string) comment::get_add_form($item))); } else { $form = comment::prefill_add_form($form); json::reply(array("result" => "error", "form" => (string) $form)); } }
public function create($item_id) { $item = ORM::factory("item", $item_id); access::required("view", $item); access::required("edit", $item); $form = tag::get_add_form($item); if ($form->validate()) { foreach (explode(",", $form->add_tag->inputs["name"]->value) as $tag_name) { $tag_name = trim($tag_name); if ($tag_name) { $tag = tag::add($item, $tag_name); } } json::reply(array("result" => "success", "cloud" => (string) tag::cloud(30))); } else { json::reply(array("result" => "error", "html" => (string) $form)); } }
public function add_to_basket() { access::verify_csrf(); if (!isset($_POST['id'])) { die("no id"); } $form = self::getAddToBasketForm($_POST['id']); $valid = $form->validate(); if ($valid) { $basket = Session_Basket::getOrCreate(); $basket->add($form->add_to_basket->id->value, $form->add_to_basket->product->value, $form->add_to_basket->quantity->value); $item = ORM::factory("item", $form->add_to_basket->id->value); Session::instance()->set("redirect_home", $item->parent_id); print json::reply(array("result" => "success")); } else { log_error("invalid form!"); } }
/** * the index page of the user homes admin */ public function index() { $form = upload_configuration::get_configure_form(); if (request::method() == "post") { access::verify_csrf(); if ($form->validate()) { upload_configuration::extractForm($form); message::success(t("GWTOrganise Module Configured!")); json::reply(array("result" => "success")); return; } else { json::reply(array("result" => "error", "html" => (string) $form)); return; } } else { upload_configuration::populateForm($form); } print $form; }
/** * Send the ecard. */ public function send($id) { $item = ORM::factory("item", $id); access::required("view", $item); if (!ecard::can_send_ecard()) { access::forbidden(); } $form = ecard::get_send_form($item); try { $valid = $form->validate(); } catch (ORM_Validation_Exception $e) { // Translate ORM validation errors into form error messages foreach ($e->validation->errors() as $key => $error) { $form->edit_item->inputs[$key]->add_error($error, 1); } $valid = false; } if ($valid) { $v = new View("ecard_email.html"); $v->item = $item; $v->subject = module::get_var("ecard", "subject"); $to_name = $form->send_ecard->to_name->value; $from_name = $form->send_ecard->from_name->value; $bcc = module::get_var("ecard", "bcc"); $v->message = t(module::get_var("ecard", "message"), array("toname" => $to_name, "fromname" => $from_name)); $v->custom_message = $form->send_ecard->text->value; $v->image = $item->name; $to = $form->send_ecard->inputs["to_email"]->value; $from = $form->send_ecard->inputs["from_email"]->value; $headers = array("from" => $from_name . "<" . $from . ">", "to" => $to, "subject" => module::get_var("ecard", "subject")); require_once MODPATH . "ecard/lib/mime.php"; $mime = new Mail_mime("\n"); $mime->setHTMLBody($v->render()); $mime->addHTMLImage($item->resize_path(), $item->mime_type, $item->name); $body = $mime->get(array('html_charset' => 'UTF-8', 'text_charset' => 'UTF-8', 'text_encoding' => '8bit', 'head_charset' => 'UTF-8')); self::_notify($headers['to'], $headers['from'], $headers['subject'], $item, $body, $mime->headers(), $bcc); message::success("eCard successfully sent"); json::reply(array("result" => "success")); } else { json::reply(array("result" => "error", "html" => (string) $form)); } }
public function handler() { access::verify_csrf(); $form = $this->_get_form(); $valid = $form->validate(); $name = $form->register_user->inputs["name"]->value; if (register::check_user_name($name)) { $form->register_user->inputs["name"]->add_error("in_use", 1); $valid = false; } if ($valid) { $pending_user = register::create_pending_request($form); $policy = module::get_var("registration", "policy"); if ($policy == "visitor") { if ($pending_user->state == 1) { $user = register::create_new_user($pending_user->id); Session::instance()->set("registration_first_usage"); auth::login($user); Session::instance()->set("registration_first_usage", true); $pending_user->delete(); } else { $user = register::create_new_user($pending_user->id, true); message::success(t("A confirmation email has been sent to your email address.")); } } else { if ($pending_user->state == 1) { site_status::warning(t("There are pending user registration. <a href=\"%url\">Review now!</a>", array("url" => html::mark_clean(url::site("admin/register")), "locale" => module::get_var("gallery", "default_locale"))), "pending_user_registrations"); message::success(t("Your registration request is awaiting administrator approval")); // added by Shad Laws, v2 if (module::get_var("registration", "admin_notify") == 1) { register::send_admin_notify($pending_user); } } else { register::send_confirmation($pending_user); message::success(t("A confirmation email has been sent to your email address.")); } } json::reply(array("result" => "success")); } else { json::reply(array("result" => "error", "html" => (string) $form)); } }
public function update() { access::verify_csrf(); $available_blocks = block_manager::get_available_site_blocks(); $active_blocks = array(); foreach (Input::instance()->get("block", array()) as $block_id) { $active_blocks[md5($block_id)] = explode(":", (string) $block_id); } block_manager::set_active("site_sidebar", $active_blocks); $result = array("result" => "success"); list($available, $active) = $this->_get_blocks(); $v = new View("admin_sidebar_blocks.html"); $v->blocks = $available; $result["available"] = $v->render(); $v = new View("admin_sidebar_blocks.html"); $v->blocks = $active; $result["active"] = $v->render(); $message = t("Updated sidebar blocks"); $result["message"] = (string) $message; json::reply($result); }
public function save($source_id) { access::verify_csrf(); $source = ORM::factory("item", $source_id); $target = ORM::factory("item", Input::instance()->post("target_id")); access::required("view", $source); access::required("view", $target); access::required("edit", $target); model_cache::clear(); $target->album_cover_item_id = $source->is_album() ? $source->album_cover_item_id : $source->id; $target->thumb_dirty = 1; $target->save(); graphics::generate($target); $grand_parent = $target->parent(); if ($grand_parent && access::can("edit", $grand_parent) && $grand_parent->album_cover_item_id == null) { item::make_album_cover($target); } $msg = t("Made <b>%title</b> album's cover for <b>%album</b>", array("title" => html::purify($source->title), "album" => html::purify($target->title))); message::success($msg); json::reply(array("result" => "success")); }
static function reply($data = array()) { Session::instance()->abort_save(); header("X-Gallery-API-Version: " . rest::API_VERSION); switch (Input::instance()->get("output", "json")) { case "json": json::reply($data); break; case "jsonp": if (!($callback = Input::instance()->get("callback", ""))) { throw new Rest_Exception("Bad Request", 400, array("errors" => array("callback" => "missing"))); } if (preg_match('/^[$A-Za-z_][0-9A-Za-z_]*$/', $callback) == 1) { header("Content-type: application/javascript; charset=UTF-8"); print "{$callback}(" . json_encode($data) . ")"; } else { throw new Rest_Exception("Bad Request", 400, array("errors" => array("callback" => "invalid"))); } break; case "html": header("Content-type: text/html; charset=UTF-8"); if ($data) { $html = preg_replace("#([\\w]+?://[\\w]+[^ \\'\"\n\r\t<]*)#ise", "'<a href=\"\\1\" >\\1</a>'", var_export($data, 1)); } else { $html = t("Empty response"); } print "<pre>{$html}</pre>"; if (Session::instance()->get("profiler", false)) { Profiler::enable(); $profiler = new Profiler(); $profiler->render(); } break; default: throw new Rest_Exception("Bad Request", 400); } }
public function update($photo_id) { access::verify_csrf(); $photo = ORM::factory("item", $photo_id); access::required("view", $photo); access::required("edit", $photo); $form = photo::get_edit_form($photo); try { $valid = $form->validate(); $photo->title = $form->edit_item->title->value; $photo->description = $form->edit_item->description->value; $photo->slug = $form->edit_item->slug->value; $photo->name = $form->edit_item->inputs["name"]->value; $photo->validate(); } catch (ORM_Validation_Exception $e) { // Translate ORM validation errors into form error messages foreach ($e->validation->errors() as $key => $error) { $form->edit_item->inputs[$key]->add_error($error, 1); } $valid = false; } if ($valid) { $photo->save(); module::event("item_edit_form_completed", $photo, $form); log::success("content", "Updated photo", "<a href=\"{$photo->url()}\">view</a>"); message::success(t("Saved photo %photo_title", array("photo_title" => html::purify($photo->title)))); if ($form->from_id->value == $photo->id) { // Use the new url; it might have changed. json::reply(array("result" => "success", "location" => $photo->url())); } else { // Stay on the same page json::reply(array("result" => "success")); } } else { json::reply(array("result" => "error", "html" => (string) $form)); } }
public function edit_group($id) { access::verify_csrf(); $group = group::lookup($id); if (empty($group)) { throw new Kohana_404_Exception(); } $form = $this->_get_group_edit_form_admin($group); try { $valid = $form->validate(); $group->name = $form->edit_group->inputs["name"]->value; $group->validate(); } catch (ORM_Validation_Exception $e) { // Translate ORM validation errors into form error messages foreach ($e->validation->errors() as $key => $error) { $form->edit_group->inputs[$key]->add_error($error, 1); } $valid = false; } if ($valid) { $group->save(); message::success(t("Changed group %group_name", array("group_name" => $group->name))); json::reply(array("result" => "success")); } else { $group->reload(); message::error(t("Failed to change group %group_name", array("group_name" => $group->name))); json::reply(array("result" => "error", "html" => (string) $form)); } }
public function add() { access::verify_csrf(); $form = watermark::get_add_form(); if ($form->validate()) { $file = $_POST["file"]; $pathinfo = pathinfo($file); // Forge prefixes files with "uploadfile-xxxxxxx" for uniqueness $name = preg_replace("/uploadfile-[^-]+-(.*)/", '$1', $pathinfo["basename"]); if (!($image_info = getimagesize($file)) || !in_array($image_info[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG))) { message::error(t("Unable to identify this image file")); @unlink($file); return; } rename($file, VARPATH . "modules/watermark/{$name}"); module::set_var("watermark", "name", $name); module::set_var("watermark", "width", $image_info[0]); module::set_var("watermark", "height", $image_info[1]); module::set_var("watermark", "mime_type", $image_info["mime"]); module::set_var("watermark", "position", $form->add_watermark->position->value); module::set_var("watermark", "transparency", $form->add_watermark->transparency->value); $this->_update_graphics_rules(); @unlink($file); message::success(t("Watermark saved")); log::success("watermark", t("Watermark saved")); json::reply(array("result" => "success", "location" => url::site("admin/watermarks"))); } else { // rawurlencode the results because the JS code that uploads the file buffers it in an // iframe which entitizes the HTML and makes it difficult for the JS to process. If we url // encode it now, it passes through cleanly. See ticket #797. json::reply(array("result" => "error", "html" => rawurlencode((string) $form))); } // Override the application/json mime type. The dialog based HTML uploader uses an iframe to // buffer the reply, and on some browsers (Firefox 3.6) it does not know what to do with the // JSON that it gets back so it puts up a dialog asking the user what to do with it. So force // the encoding type back to HTML for the iframe. // See: http://jquery.malsup.com/form/#file-upload header("Content-Type: text/html; charset=" . Kohana::CHARSET); }
public function checkpassword() { // Check that a password is valid, then store in a browser cookie. // Prevent Cross Site Request Forgery access::verify_csrf(); // Convert submitted data to local variables. $album_password = strtolower(Input::instance()->post("albumpassword_password")); // See if the submitted password matches any in the database. $existing_password = ORM::factory("items_albumpassword")->where("password", "=", $album_password)->find_all(); if (count($existing_password) > 0) { // If the password if valid, then store it, and display a success message. // If not, close the dialog and display a rejected message. cookie::delete("g3_albumpassword_id"); cookie::set("g3_albumpassword", $album_password); message::success(t("Password Accepted.")); json::reply(array("result" => "success")); } else { message::error(t("Password Rejected.")); json::reply(array("result" => "success")); } }
/** * Post a status update to Twitter * @param int $item_id */ public function tweet($item_id) { access::verify_csrf(); $item = ORM::factory("item", $item_id); $form = twitter::get_tweet_form($item); if ($form->validate()) { $item_url = url::abs_site($item->relative_url_cache); $user = $this->_get_twitter_user(identity::active_user()->id); $consumer_key = module::get_var("twitter", "consumer_key"); $consumer_secret = module::get_var("twitter", "consumer_secret"); require_once MODPATH . "twitter/vendor/twitteroauth/twitteroauth.php"; $connection = new TwitterOAuth($consumer_key, $consumer_secret, $user->oauth_token, $user->oauth_token_secret); $message = $form->twitter_message->tweet->value; $attach_image = $form->twitter_message->attach_image->value; if ($attach_image == 1) { $filename = APPPATH . "../var/resizes/" . $item->relative_path_cache; $handle = fopen($filename, "rb"); $image = fread($handle, filesize($filename)); fclose($handle); $response = $connection->upload('statuses/update_with_media', array('media[]' => "{$image};type=image/jpeg;filename={$filename}", 'status' => $message)); } else { $response = $connection->post('statuses/update', array('status' => $message)); } if (200 == $connection->http_code) { message::success(t("Tweet sent!")); json::reply(array("result" => "success", "location" => $item->url())); } else { message::error(t("Unable to send, your Tweet has been saved. Please try again later: %http_code, %response_error", array("http_code" => $connection->http_code, "response_error" => $response->error))); log::error("content", "Twitter", t("Unable to send tweet: %http_code", array("http_code" => $connection->http_code))); json::reply(array("result" => "success", "location" => $item->url())); } $tweet->item_id = $item_id; !empty($response->id) ? $tweet->twitter_id = $response->id : ($tweet->twitter_id = NULL); $tweet->tweet = $message; $tweet->id = $form->twitter_message->tweet_id->value; $this->_save_tweet($tweet); } else { json::reply(array("result" => "error", "html" => (string) $form)); } }
public function edit_quota($id) { // Save the specified quota to the database. access::verify_csrf(); $group = ORM::factory("group", $id); if (empty($group)) { throw new Kohana_404_Exception(); } $record = ORM::factory("groups_quota")->where("group_id", "=", $group->id)->find(); $form = $this->_get_edit_group_quota($group); try { $valid = $form->validate(); $record->group_id = $id; $record->storage_limit = $form->edit_quota->inputs["group_quota"]->value * 1024 * 1024; } catch (ORM_Validation_Exception $e) { // Translate ORM validation errors into form error messages foreach ($e->validation->errors() as $key => $error) { $form->edit_quota->inputs[$key]->add_error($error, 1); } $valid = false; } if ($valid) { $record->save(); message::success(t("Limit for group %group_name set", array("group_name" => $group->name))); json::reply(array("result" => "success")); } else { json::reply(array("result" => "error", "html" => (string) $form)); } }
private function _handle_request($method, $id = null) { $schedule = ORM::factory("schedule", $id); $form = scheduler::get_form($method, $schedule); $valid = $form->validate(); if ($valid) { $schedule->name = $form->schedule_group->schedule_name->value; $schedule->interval = $form->schedule_group->interval->value; $schedule->next_run_datetime = $this->_start_date($form->schedule_group->run_date->dow->selected, $form->schedule_group->run_date->time->value); $schedule->task_callback = $form->schedule_group->callback->value; $schedule->save(); if ($method == "define") { message::success(t("Added scheduled task: %name", array("name" => $schedule->name))); } else { message::success(t("Updated scheduled task: %name", array("name" => $schedule->name))); } json::reply(array("result" => "success", "reload" => 1)); } else { json::reply(array("result" => "error", "html" => (string) $form)); } }
public function edit_product($id) { access::verify_csrf(); $product = ORM::factory("bp_product", $id); if (!$product->loaded()) { kohana::show_404(); } $form = bp_product::get_edit_form_admin($product); $valid = $form->validate(); if ($valid) { $new_name = $form->edit_product->inputs["name"]->value; if ($new_name != $product->name && ORM::factory("bp_product")->where("name", "=", $new_name)->where("id", "!=", $product->id)->find()->loaded()) { $form->edit_product->inputs["name"]->add_error("in_use", 1); $valid = false; } else { $product->name = $new_name; } $product->cost = $form->edit_product->cost->value; $product->description = $form->edit_product->description->value; $product->bp_postage_band_id = $form->edit_product->postage_band->value; $product->save(); message::success(t("Changed product %product_name", array("product_name" => html::clean($product->name)))); print json::reply(array("result" => "success")); } else { print $form; } }