public function emailid($user_id)
{
// Display a form that a vistor can use to contact a registered user.
// If this page is disabled, show a 404 error.
if (module::get_var("contactowner", "contact_user_link") != true) {
kohana::show_404();
}
// Locate the record for the user specified by $user_id,
// use this to determine the user's name.
$userDetails = ORM::factory("user")->where("id", $user_id)->find_all();
// Make a new form with a couple of text boxes.
$form = new Forge("contactowner/sendemail", "", "post", array("id" => "gContactOwnerSendForm"));
$sendmail_fields = $form->group("contactOwner");
$sendmail_fields->input("email_to")->label(t("To:"))->value($userDetails[0]->name);
$sendmail_fields->input("email_from")->label(t("From:"))->value(user::active()->email);
$sendmail_fields->input("email_subject")->label(t("Subject:"))->value("");
$sendmail_fields->textarea("email_body")->label(t("Message:"))->value("");
$sendmail_fields->hidden("email_to_id")->value($user_id);
// Add a save button to the form.
$sendmail_fields->submit("SendMessage")->value(t("Send"));
// Set up and display the actual page.
$template = new Theme_View("page.html", "Contact");
$template->content = new View("contactowner_emailform.html");
$template->content->sendmail_form = $form;
print $template;
}
public function rename($id)
{
access::verify_csrf();
$tag = ORM::factory("tag", $id);
if (!$tag->loaded) {
kohana::show_404();
}
$form = tag::get_rename_form($tag);
$valid = $form->validate();
if ($valid) {
$new_name = $form->rename_tag->inputs["name"]->value;
$new_tag = ORM::factory("tag")->where("name", $new_name)->find();
if ($new_tag->loaded) {
$form->rename_tag->inputs["name"]->add_error("in_use", 1);
$valid = false;
}
}
if ($valid) {
$old_name = $tag->name;
$tag->name = $new_name;
$tag->save();
$message = t("Renamed tag %old_name to %new_name", array("old_name" => $old_name, "new_name" => $tag->name));
message::success($message);
log::success("tags", $message);
print json_encode(array("result" => "success", "location" => url::site("admin/tags"), "tag_id" => $tag->id, "new_tagname" => html::clean($tag->name)));
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
}
public function rename($id)
{
access::verify_csrf();
$tag = ORM::factory("tag", $id);
if (!$tag->loaded) {
kohana::show_404();
}
// Don't use a form as the form is dynamically created in the js
$post = new Validation($_POST);
$post->add_rules("name", "required", "length[1,64]");
$valid = $post->validate();
if ($valid) {
$new_name = $this->input->post("name");
$new_tag = ORM::factory("tag")->where("name", $new_name)->find();
if ($new_tag->loaded) {
$error_msg = t("There is already a tag with that name");
$valid = false;
}
} else {
$error_msg = $post->errors();
$error_msg = $error_msg[0];
}
if ($valid) {
$old_name = $tag->name;
$tag->name = $new_name;
$tag->save();
$message = t("Renamed tag %old_name to %new_name", array("old_name" => $old_name, "new_name" => $tag->name));
message::success($message);
log::success("tags", $message);
print json_encode(array("result" => "success", "location" => url::site("admin/tags"), "tag_id" => $tag->id, "new_tagname" => html::clean($tag->name)));
} else {
print json_encode(array("result" => "error", "message" => (string) $error_msg));
}
}
public function children()
{
if (!user::active()->admin) {
access::forbidden();
}
$paths = unserialize(module::get_var("server_add", "authorized_paths"));
$path_valid = false;
$path = $this->input->post("path");
$checked = $this->input->post("checked") == "true";
foreach (array_keys($paths) as $valid_path) {
if ($path_valid = strpos($path, $valid_path) === 0) {
break;
}
}
if (empty($path_valid)) {
throw new Exception("@todo BAD_PATH");
}
if (!is_readable($path) || is_link($path)) {
kohana::show_404();
}
$tree = new View("server_add_tree.html");
$tree->data = $this->_get_children($path);
$tree->checked = $checked;
$tree->tree_id = "tree_" . md5($path);
print $tree;
}
public function print_proxy($type, $id)
{
// If its a request for the full size then make sure we are coming from an
// authorized address
if ($type == "full") {
$remote_addr = ip2long($this->input->server("REMOTE_ADDR"));
if ($remote_addr === false) {
Kohana::show_404();
}
$config = Kohana::config("addthis");
$authorized = false;
foreach ($config["ranges"] as $ip_range) {
$low = ip2long($ip_range["low"]);
$high = ip2long($ip_range["high"]);
$authorized = $low !== false && $high !== false && $low <= $remote_addr && $remote_addr <= $high;
if ($authorized) {
break;
}
}
if (!$authorized) {
Kohana::show_404();
}
}
$proxy = ORM::factory("addthis_proxy", array("uuid" => $id));
if (!$proxy->loaded || !$proxy->item->loaded) {
Kohana::show_404();
}
$file = $type == "full" ? $proxy->item->file_path() : $proxy->item->thumb_path();
if (!file_exists($file)) {
kohana::show_404();
}
// We don't need to save the session for this request
Session::abort_save();
if (!TEST_MODE) {
// Dump out the image
header("Content-Type: {$proxy->item}->mime_type");
Kohana::close_buffers(false);
$fd = fopen($file, "rb");
fpassthru($fd);
fclose($fd);
// If the request was for the image and not the thumb, then delete the proxy.
if ($type == "full") {
$proxy->delete();
}
}
$this->_clean_expired();
}
public function __call($controller_name, $args)
{
if (request::method() == "post") {
access::verify_csrf();
}
if ($controller_name == "index") {
$controller_name = "dashboard";
}
$controller_name = "Admin_{$controller_name}_Controller";
if ($args) {
$method = array_shift($args);
} else {
$method = "index";
}
if (!method_exists($controller_name, $method)) {
return kohana::show_404();
}
call_user_func_array(array(new $controller_name(), $method), $args);
}
public function rename($id)
{
access::verify_csrf();
$tag = ORM::factory("tag", $id);
if (!$tag->loaded) {
kohana::show_404();
}
$in_place_edit = InPlaceEdit::factory($tag->name)->action("admin/tags/rename/{$tag->id}")->rules(array("required", "length[1,64]"))->messages(array("in_use" => t("There is already a tag with that name")))->callback(array($this, "check_for_duplicate"));
if ($in_place_edit->validate()) {
$old_name = $tag->name;
$tag->name = $in_place_edit->value();
$tag->save();
$message = t("Renamed tag %old_name to %new_name", array("old_name" => $old_name, "new_name" => $tag->name));
message::success($message);
log::success("tags", $message);
print json_encode(array("result" => "success"));
} else {
print json_encode(array("result" => "error", "form" => $in_place_edit->render()));
}
}
public function print_proxy($type, $id)
{
$proxy = ORM::factory("digibug_proxy", array("uuid" => $id));
if (!$proxy->loaded || !$proxy->item->loaded) {
Kohana::show_404();
}
$file = $type == "full" ? $proxy->item->file_path() : $proxy->item->thumb_path();
if (!file_exists($file)) {
kohana::show_404();
}
// We don't need to save the session for this request
Session::abort_save();
// Dump out the image
header("Content-Type: {$proxy->item}->mime_type");
Kohana::close_buffers(false);
$fd = fopen($file, "rb");
fpassthru($fd);
fclose($fd);
// If the request was for the image and not the thumb, then delete the proxy.
if ($type == "full") {
$proxy->delete();
}
$this->_clean_expired();
}
/**
* @see REST_Controller::_form_add($parameters)
*/
public function _form_add($album_id)
{
$album = ORM::factory("item", $album_id);
access::required("edit", $album);
switch ($this->input->get("type")) {
case "album":
print album::get_add_form($album);
break;
case "photo":
print photo::get_add_form($album);
break;
default:
kohana::show_404();
}
}
public function edit_product_form($id)
{
$product = ORM::factory("bp_product", $id);
if (!$product->loaded()) {
kohana::show_404();
}
$form = bp_product::get_edit_form_admin($product);
print $form;
}
/**
* @see REST_Controller::_form_add($parameters)
*/
public function _form_add($album_id)
{
$album = ORM::factory("item", $album_id);
access::required("view", $album);
access::required("add", $album);
switch ($this->input->get("type")) {
case "album":
print album::get_add_form($album) . html::script("modules/gallery/js/albums_form_add.js");
break;
case "photo":
print photo::get_add_form($album);
break;
default:
kohana::show_404();
}
}
public function __call($function, $args)
{
// request_uri: http://example.com/gallery3/var/trunk/albums/foo/bar.jpg
$request_uri = $this->input->server("REQUEST_URI");
// var_uri: http://example.com/gallery3/var/
$var_uri = url::file("var/");
// Make sure that the request is for a file inside var
$offset = strpos($request_uri, $var_uri);
if ($offset === false) {
kohana::show_404();
}
$file = substr($request_uri, strlen($var_uri));
// Make sure that we don't leave the var dir
if (strpos($file, "..") !== false) {
kohana::show_404();
}
// We only handle var/resizes and var/albums
$paths = explode("/", $file);
$type = $paths[0];
if ($type != "resizes" && $type != "albums" && $type != "thumbs") {
kohana::show_404();
}
// If the last element is .album.jpg, pop that off since it's not a real item
if ($paths[count($paths) - 1] == ".album.jpg") {
array_pop($paths);
}
if ($paths[count($paths) - 1] == "") {
array_pop($paths);
}
// Find all items that match the level and name, then iterate over those to find a match.
// In most cases we'll get it in one. Note that for the level calculation, we just count the
// size of $paths. $paths includes the type ("thumbs", etc) but it doesn't include the root,
// so it's a wash.
$count = count($paths);
$compare_file = VARPATH . $file;
$item = null;
foreach (ORM::factory("item")->where("name", $paths[$count - 1])->where("level", $count)->find_all() as $match) {
if ($type == "albums") {
$match_file = $match->file_path();
} else {
if ($type == "resizes") {
$match_file = $match->resize_path();
} else {
$match_file = $match->thumb_path();
}
}
if ($match_file == $compare_file) {
$item = $match;
break;
}
}
if (!$item) {
kohana::show_404();
}
// Make sure we have access to the item
if (!access::can("view", $item)) {
kohana::show_404();
}
// Make sure we have view_full access to the original
if ($type == "albums" && !access::can("view_full", $item)) {
kohana::show_404();
}
// Don't try to load a directory
if ($type == "albums" && $item->is_album()) {
kohana::show_404();
}
if (!file_exists($match_file)) {
kohana::show_404();
}
// Dump out the image
header("Content-Type: {$item->mime_type}");
Kohana::close_buffers(false);
$fd = fopen($match_file, "rb");
fpassthru($fd);
fclose($fd);
}
public function edit_group_form($id)
{
$group = group::lookup($id);
if (empty($group)) {
kohana::show_404();
}
print $this->_get_group_edit_form_admin($group);
}
public function edit_postage_band_form($id)
{
$postage = ORM::factory("postage_band", $id);
if (!$postage->loaded()) {
kohana::show_404();
}
$form = postage_band::get_edit_form_admin($postage);
print $form;
}
public function __call($function, $args)
{
// request_uri: http://example.com/gallery3/var/trunk/albums/foo/bar.jpg
$request_uri = $this->input->server("REQUEST_URI");
$request_uri = preg_replace("/\\?.*/", "", $request_uri);
// Unescape %7E (~), %20 ( ) and %27 (')
// @todo: figure out why we have to do this and unescape everything appropriate
$request_uri = str_replace(array("%7E", "%20", "%27"), array("~", " ", "'"), $request_uri);
// var_uri: http://example.com/gallery3/var/
$var_uri = url::file("var/");
// Make sure that the request is for a file inside var
$offset = strpos($request_uri, $var_uri);
if ($offset === false) {
kohana::show_404();
}
$file_uri = substr($request_uri, strlen($var_uri));
// Make sure that we don't leave the var dir
if (strpos($file_uri, "..") !== false) {
kohana::show_404();
}
list($type, $path) = explode("/", $file_uri, 2);
if ($type != "resizes" && $type != "albums" && $type != "thumbs") {
kohana::show_404();
}
// If the last element is .album.jpg, pop that off since it's not a real item
$path = preg_replace("|/.album.jpg\$|", "", $path);
// We now have the relative path to the item. Search for it in the path cache
$item = ORM::factory("item")->where("relative_path_cache", $path)->find();
if (!$item->loaded) {
// We didn't turn it up. It's possible that the relative_path_cache is out of date here.
// There was fallback code, but bharat deleted it in 8f1bca74. If it turns out to be
// necessary, it's easily resurrected.
// If we're looking for a .jpg then it's it's possible that we're requesting the thumbnail
// for a movie. In that case, the .flv or .mp4 file would have been converted to a .jpg.
// So try some alternate types:
if (preg_match('/.jpg$/', $path)) {
foreach (array("flv", "mp4") as $ext) {
$movie_path = preg_replace('/.jpg$/', ".{$ext}", $path);
$item = ORM::factory("item")->where("relative_path_cache", $movie_path)->find();
if ($item->loaded) {
break;
}
}
}
}
if (!$item->loaded) {
kohana::show_404();
}
if ($type == "albums") {
$file = $item->file_path();
} else {
if ($type == "resizes") {
$file = $item->resize_path();
} else {
$file = $item->thumb_path();
}
}
// Make sure we have access to the item
if (!access::can("view", $item)) {
kohana::show_404();
}
// Make sure we have view_full access to the original
if ($type == "albums" && !access::can("view_full", $item)) {
kohana::show_404();
}
// Don't try to load a directory
if ($type == "albums" && $item->is_album()) {
kohana::show_404();
}
if (!file_exists($file)) {
kohana::show_404();
}
// We don't need to save the session for this request
Session::abort_save();
// Dump out the image. If the item is a movie, then its thumbnail will be a JPG.
if (in_array($item->mime_type, array("video/x-flv", "video/mp4"))) {
header("Content-type: image/jpeg");
} else {
header("Content-Type: {$item->mime_type}");
}
Kohana::close_buffers(false);
$fd = fopen($file, "rb");
fpassthru($fd);
fclose($fd);
}
public function edit_group_form($id)
{
$group = ORM::factory("group", $id);
if (!$group->loaded) {
kohana::show_404();
}
print group::get_edit_form_admin($group);
}
public function __call($function, $args)
{
// request_uri: http://example.com/gallery3/var/trunk/albums/foo/bar.jpg
$request_uri = $this->input->server("REQUEST_URI");
$request_uri = preg_replace("/\\?.*/", "", $request_uri);
// Unescape %7E ("~") and %20 (" ")
$request_uri = str_replace(array("%7E", "%20"), array("~", " "), $request_uri);
// var_uri: http://example.com/gallery3/var/
$var_uri = url::file("var/");
// Make sure that the request is for a file inside var
$offset = strpos($request_uri, $var_uri);
if ($offset === false) {
kohana::show_404();
}
$file_uri = substr($request_uri, strlen($var_uri));
// Make sure that we don't leave the var dir
if (strpos($file_uri, "..") !== false) {
kohana::show_404();
}
list($type, $path) = explode("/", $file_uri, 2);
if ($type != "resizes" && $type != "albums" && $type != "thumbs") {
kohana::show_404();
}
// If the last element is .album.jpg, pop that off since it's not a real item
$path = preg_replace("|/.album.jpg\$|", "", $path);
// We now have the relative path to the item. Search for it in the path cache
$item = ORM::factory("item")->where("relative_path_cache", $path)->find();
if (!$item->loaded) {
// We didn't turn it up. This may mean that the path cache is out of date, so look it up
// the hard way.
//
// Find all items that match the level and name, then iterate over those to find a match.
// In most cases we'll get it in one. Note that for the level calculation, we just count the
// size of $paths.
$paths = explode("/", $path);
$count = count($paths);
foreach (ORM::factory("item")->where("name", $paths[$count - 1])->where("level", $count + 1)->find_all() as $match) {
if ($match->relative_path() == $path) {
$item = $match;
break;
}
}
}
if (!$item->loaded) {
kohana::show_404();
}
if ($type == "albums") {
$file = $item->file_path();
} else {
if ($type == "resizes") {
$file = $item->resize_path();
} else {
$file = $item->thumb_path();
}
}
// Make sure we have access to the item
if (!access::can("view", $item)) {
kohana::show_404();
}
// Make sure we have view_full access to the original
if ($type == "albums" && !access::can("view_full", $item)) {
kohana::show_404();
}
// Don't try to load a directory
if ($type == "albums" && $item->is_album()) {
kohana::show_404();
}
if (!file_exists($file)) {
kohana::show_404();
}
// Dump out the image
header("Content-Type: {$item->mime_type}");
Kohana::close_buffers(false);
$fd = fopen($file, "rb");
fpassthru($fd);
fclose($fd);
}
public function edit_email_template_form($id)
{
$email_template = ORM::factory("bp_email_template", $id);
if (!$email_template->loaded()) {
kohana::show_404();
}
$form = bp_email_template::get_edit_form_admin($email_template);
print $form;
}