static function feed($feed_id, $offset, $limit, $id)
{
if ($feed_id != "newest" && $feed_id != "item") {
return;
}
$comments = ORM::factory("comment")->where("state", "published")->orderby("created", "DESC");
$all_comments = ORM::factory("comment")->where("state", "published")->orderby("created", "DESC");
if ($feed_id == "item") {
$comments->where("item_id", $id);
$all_comments->where("item_id", $id);
}
if (!empty($comments)) {
$feed->view = "comment.mrss";
$comments = $comments->find_all($limit, $offset);
$feed->children = array();
foreach ($comments as $comment) {
$item = $comment->item();
$feed->children[] = new ArrayObject(array("pub_date" => date("D, d M Y H:i:s T", $comment->created), "text" => nl2br(p::purify($comment->text)), "thumb_url" => $item->thumb_url(), "thumb_height" => $item->thumb_height, "thumb_width" => $item->thumb_width, "item_uri" => url::abs_site("{$item->type}s/{$item->id}"), "title" => p::purify($item->title), "author" => p::clean($comment->author_name())), ArrayObject::ARRAY_AS_PROPS);
}
$feed->max_pages = ceil($all_comments->find_all()->count() / $limit);
$feed->title = htmlspecialchars(t("Recent Comments"));
$feed->uri = url::abs_site("albums/" . (empty($id) ? "1" : $id));
$feed->description = t("Recent Comments");
return $feed;
}
}
private function _send_reset()
{
$form = $this->_reset_form();
$valid = $form->validate();
if ($valid) {
$user = ORM::factory("user")->where("name", $form->reset->inputs["name"]->value)->find();
if (!$user->loaded || empty($user->email)) {
$form->reset->inputs["name"]->add_error("no_email", 1);
$valid = false;
}
}
if ($valid) {
$user->hash = md5(rand());
$user->save();
$message = new View("reset_password.html");
$message->confirm_url = url::abs_site("password/do_reset?key={$user->hash}");
$message->user = $user;
Sendmail::factory()->to($user->email)->subject(t("Password Reset Request"))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=iso-8859-1")->message($message->render())->send();
log::success("user", t("Password reset email sent for user %name", array("name" => p::clean($user->name))));
} else {
// Don't include the username here until you're sure that it's XSS safe
log::warning("user", "Password reset email requested for bogus user");
}
message::success(t("Password reset email sent"));
print json_encode(array("result" => "success"));
}
/**
* @see REST_Controller::_update($resource)
*/
public function _update($photo)
{
access::verify_csrf();
access::required("view", $photo);
access::required("edit", $photo);
$form = photo::get_edit_form($photo);
if ($valid = $form->validate()) {
if ($form->edit_photo->filename->value != $photo->name) {
// Make sure that there's not a conflict
if (Database::instance()->from("items")->where("parent_id", $photo->parent_id)->where("id <>", $photo->id)->where("name", $form->edit_photo->filename->value)->count_records()) {
$form->edit_photo->filename->add_error("conflict", 1);
$valid = false;
}
}
}
if ($valid) {
$photo->title = $form->edit_photo->title->value;
$photo->description = $form->edit_photo->description->value;
$photo->rename($form->edit_photo->filename->value);
$photo->save();
module::event("photo_edit_form_completed", $photo, $form);
log::success("content", "Updated photo", "<a href=\"photos/{$photo->id}\">view</a>");
message::success(t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title))));
print json_encode(array("result" => "success", "location" => url::site("photos/{$photo->id}")));
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
}
function header($item_id)
{
$item = ORM::factory("item", $item_id);
access::required("view", $item);
access::required("edit", $item);
print json_encode(array("title" => p::clean($item->title), "description" => empty($item->description) ? "" : p::clean($item->description)));
}
public function save($module_name, $var_name)
{
access::verify_csrf();
module::set_var($module_name, $var_name, Input::instance()->post("value"));
message::success(t("Saved value for %var (%module_name)", array("var" => p::clean($var_name), "module_name" => $module_name)));
print json_encode(array("result" => "success"));
}
static function update_index($task)
{
try {
$completed = $task->get("completed", 0);
$start = microtime(true);
$message = array();
foreach (ORM::factory("item")->join("exif_records", "items.id", "exif_records.item_id", "left")->where("type", "photo")->open_paren()->where("exif_records.item_id", null)->orwhere("exif_records.dirty", 1)->close_paren()->find_all() as $item) {
if (microtime(true) - $start > 1.5) {
break;
}
$completed++;
exif::extract($item);
$message[] = t("Updated Exif meta data for '%title'", array("title" => p::purify($item->title)));
}
$task->log($message);
list($remaining, $total, $percent) = exif::stats();
$task->set("completed", $completed);
if ($remaining == 0 || !($remaining + $completed)) {
$task->done = true;
$task->state = "success";
site_status::clear("exif_index_out_of_date");
$task->percent_complete = 100;
} else {
$task->percent_complete = round(100 * $completed / ($remaining + $completed));
}
$task->status = t2("one record updated, index is %percent% up-to-date", "%count records updated, index is %percent% up-to-date", $completed, array("percent" => $percent));
} catch (Exception $e) {
$task->done = true;
$task->state = "error";
$task->status = $e->getMessage();
$task->log($e->__toString());
}
}
static function available_feeds($item, $tag)
{
$feeds["comment/newest"] = t("All new comments");
if ($item) {
$feeds["comment/item/{$item->id}"] = t("Comments on %title", array("title" => p::clean($item->title)));
}
return $feeds;
}
static function available_feeds($item, $tag) {
if ($tag) {
$feeds["tag/tag/{$tag->id}"] =
t("Tag feed for %tag_name", array("tag_name" => p::clean($tag->name)));
return $feeds;
}
return array();
}
public function ps()
{
var_dump($this);
echo '<br/>';
echo 'c:p:ps<br/>';
p::s();
echo 'from parent<br/>';
parent::s();
echo 'this->pd()<br/>';
$this->pd();
}
public function remove_path()
{
access::verify_csrf();
$path = $this->input->get("path");
$paths = unserialize(module::get_var("server_add", "authorized_paths"));
if (isset($paths[$path])) {
unset($paths[$path]);
message::success(t("Removed path %path", array("path" => p::clean($path))));
module::set_var("server_add", "authorized_paths", serialize($paths));
server_add::check_config($paths);
}
url::redirect("admin/server_add");
}
/**
* Task that rebuilds all dirty images.
* @param Task_Model the task
*/
static function rebuild_dirty_images($task)
{
$message = array();
try {
$result = graphics::find_dirty_images_query();
$completed = $task->get("completed", 0);
$ignored = $task->get("ignored", array());
$remaining = $result->count() - count($ignored);
$i = 0;
foreach ($result as $row) {
if (array_key_exists($row->id, $ignored)) {
continue;
}
$item = ORM::factory("item", $row->id);
if ($item->loaded) {
$success = graphics::generate($item);
if (!$success) {
$ignored[$item->id] = 1;
$message[] = t("Unable to rebuild images for '%title'", array("title" => p::purify($item->title)));
} else {
$message[] = t("Successfully rebuilt images for '%title'", array("title" => p::purify($item->title)));
}
}
$completed++;
$remaining--;
if (++$i == 2) {
break;
}
}
$task->status = t2("Updated: 1 image. Total: %total_count.", "Updated: %count images. Total: %total_count.", $completed, array("total_count" => $remaining + $completed));
if ($completed + $remaining > 0) {
$task->percent_complete = (int) (100 * $completed / ($completed + $remaining));
} else {
$task->percent_complete = 100;
}
$task->set("completed", $completed);
$task->set("ignored", $ignored);
if ($remaining == 0) {
$task->done = true;
$task->state = "success";
site_status::clear("graphics_dirty");
}
} catch (Exception $e) {
$task->done = true;
$task->state = "error";
$task->status = $e->getMessage();
$message[] = $e->__toString();
}
$task->log($message);
}
public function index()
{
access::verify_csrf();
$user = user::active();
user::logout();
log::info("user", t("User %name logged out", array("name" => p::clean($user->name))), html::anchor("user/{$user->id}", p::clean($user->name)));
if ($this->input->get("continue")) {
$item = url::get_item_from_uri($this->input->get("continue"));
if (access::can("view", $item)) {
url::redirect($this->input->get("continue"));
} else {
url::redirect("");
}
}
}
public function index()
{
//access::verify_csrf();
$user = user::active();
user::logout();
log::info("user", t("User %name logged out", array("name" => p::clean($user->name))), html::anchor("user/{$user->id}", p::clean($user->name)));
if ($continue_url = $this->input->get("continue")) {
$item = url::get_item_from_uri($continue_url);
if (access::can("view", $item)) {
// Don't use url::redirect() because it'll call url::site() and munge the continue url.
header("Location: {$continue_url}");
} else {
url::redirect("albums/1");
}
}
}
static function update($item)
{
$data = array();
$record = ORM::factory("search_record")->where("item_id", $item->id)->find();
if (!$record->loaded) {
$record->item_id = $item->id;
}
foreach (module::active() as $module) {
$class_name = "{$module->name}_search";
if (method_exists($class_name, "item_index_data")) {
$data[] = call_user_func(array($class_name, "item_index_data"), $record->item());
}
}
$record->data = join(" ", $data);
$record->dirty = 0;
$record->save();
return t("Search index updated for '%title'", array("title" => p::purify($item->title)));
}
public function print_photo($id)
{
access::verify_csrf();
$item = ORM::factory("item", $id);
access::required("view_full", $item);
if (access::group_can(group::everybody(), "view_full", $item)) {
$full_url = $item->file_url(true);
$thumb_url = $item->thumb_url(true);
} else {
$proxy = ORM::factory("digibug_proxy");
$proxy->uuid = md5(rand());
$proxy->item_id = $item->id;
$proxy->save();
$full_url = url::abs_site("digibug/print_proxy/full/{$proxy->uuid}");
$thumb_url = url::abs_site("digibug/print_proxy/thumb/{$proxy->uuid}");
}
$v = new View("digibug_form.html");
$v->order_parms = array("digibug_api_version" => "100", "company_id" => module::get_var("digibug", "company_id"), "event_id" => module::get_var("digibug", "event_id"), "cmd" => "addimg", "partner_code" => "69", "return_url" => url::abs_site("digibug/close_window"), "num_images" => "1", "image_1" => $full_url, "thumb_1" => $thumb_url, "image_height_1" => $item->height, "image_width_1" => $item->width, "thumb_height_1" => $item->thumb_height, "thumb_width_1" => $item->thumb_width, "title_1" => p::purify($item->title));
print $v;
}
private function _auth($url)
{
$form = user::get_login_form($url);
$valid = $form->validate();
if ($valid) {
$user = ORM::factory("user")->where("name", $form->login->inputs["name"]->value)->find();
if (!$user->loaded || !user::is_correct_password($user, $form->login->password->value)) {
log::warning("user", t("Failed login for %name", array("name" => p::clean($form->login->inputs["name"]->value))));
$form->login->inputs["name"]->add_error("invalid_login", 1);
$valid = false;
}
}
if ($valid) {
user::login($user);
log::info("user", t("User %name logged in", array("name" => p::clean($user->name))));
}
// Either way, regenerate the session id to avoid session trapping
Session::instance()->regenerate();
return array($valid, $form);
}
static function feed($feed_id, $offset, $limit, $id)
{
switch ($feed_id) {
case "latest":
$feed->children = ORM::factory("item")->viewable()->where("type !=", "album")->orderby("created", "DESC")->find_all($limit, $offset);
$all_children = ORM::factory("item")->viewable()->where("type !=", "album")->orderby("created", "DESC");
$feed->max_pages = ceil($all_children->find_all()->count() / $limit);
$feed->title = t("Recent Updates");
$feed->link = url::abs_site("albums/1");
$feed->description = t("Recent Updates");
return $feed;
case "album":
$item = ORM::factory("item", $id);
access::required("view", $item);
$feed->children = $item->viewable()->descendants($limit, $offset, array("type" => "photo"));
$feed->max_pages = ceil($item->viewable()->descendants_count(array("type" => "photo")) / $limit);
$feed->title = p::purify($item->title);
$feed->link = url::abs_site("albums/{$item->id}");
$feed->description = nl2br(p::purify($item->description));
return $feed;
}
}
<head>
<title><?php
echo p::clean($subject);
?>
</title>
</head>
<body>
<h2><?php
echo p::clean($subject);
?>
</h2>
<table>
<tr>
<td colspan="2">
<?php
echo t("To view the changed album %title use the link below.", array("title" => p::purify($item->parent()->title)));
?>
</td>
</tr>
<tr>
<td><?php
echo t("Url:");
?>
</td>
<td>
<a href="<?php
echo $item->parent()->url(array(), true);
?>
">
<?php
echo $item->parent()->url(array(), true);
" class="gThumbnail"
alt="photo" src="<?php
echo $child->thumb_url();
?>
"
width="<?php
echo $child->thumb_width;
?>
"
height="<?php
echo $child->thumb_height;
?>
" />
</a>
<h2><?php
echo p::purify($child->title);
?>
</h2>
<?php
echo $theme->thumb_bottom($child);
?>
<ul class="gMetadata">
<?php
echo $theme->thumb_info($child);
?>
</ul>
</li>
<? endforeach ?>
</ul>
<?php
echo $theme->dynamic_bottom();
/**
* Import a single comment.
*/
static function import_comment(&$queue)
{
$g2_comment_id = array_shift($queue);
try {
$g2_comment = g2(GalleryCoreApi::loadEntitiesById($g2_comment_id));
} catch (Exception $e) {
return t("Failed to import Gallery 2 comment with id: %id\\%exception", array("id" => $g2_comment_id, "exception" => $e->__toString()));
}
$text = $g2_comment->getSubject();
if ($text) {
$text .= " ";
}
$text .= $g2_comment->getComment();
// Just import the fields we know about. Do this outside of the comment API for now so that
// we don't trigger spam filtering events
$comment = ORM::factory("comment");
$comment->author_id = self::map($g2_comment->getCommenterId());
$comment->guest_name = $g2_comment->getAuthor();
$comment->item_id = self::map($g2_comment->getParentId());
$comment->text = self::_transform_bbcode($text);
$comment->state = "published";
$comment->server_http_host = $g2_comment->getHost();
$comment->created = $g2_comment->getDate();
$comment->save();
self::map($g2_comment->getId(), $comment->id);
return t("Imported comment '%comment' for item with id: %id", array("id" => $comment->item_id, "comment" => text::limit_words(nl2br(p::purify($comment->text)), 50)));
}
?>
"
width="20"
height="20" />
<?php
echo p::clean($user->name);
?>
</td>
<td>
<?php
echo p::clean($user->full_name);
?>
</td>
<td>
<?php
echo p::clean($user->email);
?>
</td>
<td>
<?php
echo $user->last_login == 0 ? "" : gallery::date($user->last_login);
?>
</td>
<td class="gActions">
<a href="<?php
echo url::site("admin/users/edit_user_form/{$user->id}");
?>
"
open_text="<?php
echo t("close");
?>
<?php
defined("SYSPATH") or die("No direct script access.");
?>
<fieldset>
<legend> <?php
echo t('Edit Permissions');
?>
</legend>
<table>
<tr>
<th> </th>
<? foreach ($groups as $group): ?>
<th> <?php
echo p::clean($group->name);
?>
</th>
<? endforeach ?>
</tr>
<? foreach ($permissions as $permission): ?>
<tr>
<td> <?php
echo t($permission->display_name);
?>
</td>
<? foreach ($groups as $group): ?>
<? $intent = access::group_intent($group, $permission->name, $item) ?>
<? $allowed = access::group_can($group, $permission->name, $item) ?>
<? $lock = access::locked_by($group, $permission->name, $item) ?>
<? endif ?>
</ul>
<strong><?php
echo $current_letter;
?>
</strong>
<ul>
<? endif ?>
<li>
<span id="gTag-<?php
echo $tag->id;
?>
" class="gEditable tag-name"><?php
echo p::clean($tag->name);
?>
</span>
<span class="understate">(<?php
echo $tag->count;
?>
)</span>
<a href="<?php
echo url::site("admin/tags/form_delete/{$tag->id}");
?>
"
class="gDialogLink delete-link gButtonLink">
<span class="ui-icon ui-icon-trash"><?php
echo t("Delete this tag");
?>
</span></a>
public function delete($id)
{
access::verify_csrf();
$item = model_cache::get("item", $id);
access::required("view", $item);
access::required("edit", $item);
if ($item->is_album()) {
$msg = t("Deleted album <b>%title</b>", array("title" => p::purify($item->title)));
} else {
$msg = t("Deleted photo <b>%title</b>", array("title" => p::purify($item->title)));
}
$parent = $item->parent();
$item->delete();
message::success($msg);
if (Input::instance()->get("page_type") == "album") {
print json_encode(array("result" => "success", "reload" => 1));
} else {
print json_encode(array("result" => "success", "location" => url::site("albums/{$parent->id}")));
}
}
echo $item->url(array(), true);
?>
</a></td>
</tr>
<? if ($item->original("description") != $item->description): ?>
<tr>
<td><?php
echo t("New Description:");
?>
</td>
<td><?php
echo p::clean($item->description);
?>
</td>
</tr>
<? elseif (!empty($item->description)): ?>
<tr>
<td><?php
echo t("Description:");
?>
</td>
<td><?php
echo p::clean($item->description);
?>
</td>
</tr>
<? endif ?>
</table>
</body>
</html>
<? endif ?>
<p>
<?php
echo t("Photos will be uploaded to album: ");
?>
</p>
<ul class="gBreadcrumbs">
<? foreach ($item->parents() as $parent): ?>
<li> <?php
echo p::clean($parent->title);
?>
</li>
<? endforeach ?>
<li class="active"> <?php
echo p::clean($item->title);
?>
</li>
</ul>
<p><?php
echo t("Upload Queue");
?>
</p>
<div id="gAddPhotosCanvas" style="text-align: center;">
<div id="gAddPhotosQueue"></div>
<div id="gEditPhotosQueue"></div>
<span id="gChooseFilesButtonPlaceholder"></span>
</div>
<button id="gUploadCancel" class="ui-state-default ui-corner-all" type="button"
onclick="swfu.cancelQueue();"
?>
"
title="<?php
echo p::clean($child->title);
?>
"
height="<?php
echo $child->thumb_height;
?>
" width="<?php
echo $child->thumb_width;
?>
" /></a><br />
<? endif ?>
<?php
echo p::clean($child->description);
?>
</p>
]]>
</content:encoded>
<media:thumbnail url="<?php
echo $child->thumb_url(true);
?>
"
fileSize="<?php
echo @filesize($child->thumb_path());
?>
"
height="<?php
echo $child->thumb_height;
?>
}
download = function(){
// send request
$('<form action="<?php
echo url::site("admin/maintenance/save_log/{$task->id}?csrf={$csrf}");
?>
" method="post"></form>').
appendTo('body').submit().remove();
};
</script>
<div id="gTaskLogDialog">
<h1> <?php
echo $task->name;
?>
</h1>
<div class="gTaskLog">
<pre><?php
echo p::purify($task->get_log());
?>
</pre>
</div>
<button id="gCloseButton" class="ui-state-default ui-corner-all" onclick="dismiss()"><?php
echo t("Close");
?>
</button>
<button id="gSaveButton" class="ui-state-default ui-corner-all" onclick="download()"><?php
echo t("Save");
?>
</button>
</div>
public function sort()
{
access::verify_csrf();
$itemids = $this->input->post("item");
$item = ORM::factory("item")->in("id", $itemids[0])->find();
access::required("view", $item);
access::required("edit", $item);
$form = organize::get_sort_edit_form($item);
if ($form->validate()) {
$orig = clone $item;
$item->sort_column = $form->column->value;
$item->sort_order = $form->direction->value;
$item->save();
log::success("content", "Updated album", "<a href=\"albums/{$item->id}\">view</a>");
$message = t("Saved album %album_title", array("album_title" => p::purify($item->title)));
print json_encode(array("form" => $form->__toString(), "message" => $message));
} else {
print json_encode(array("form" => $form->__toString()));
}
}
<?php defined("SYSPATH") or die("No direct script access.") ?>
<?= $theme->header_top() ?>
<? if ($header_text = module::get_var("gallery", "header_text")): ?>
<?= $header_text ?>
<? else: ?>
<a href="<?= url::site("albums/1") ?>">
<img width="107" height="48" id="gLogo" alt="<?= t("Gallery: Your photos on your web site") ?>" src="<?= $theme->url("images/logo.png") ?>" />
</a>
<? endif ?>
<div id="gSiteMenu" style="display: none">
<?= $theme->site_menu() ?>
</div>
<?= $theme->header_bottom() ?>
<? if (!empty($parents)): ?>
<ul class="gBreadcrumbs">
<? foreach ($parents as $parent): ?>
<li>
<a href="<?= url::site("albums/{$parent->id}?show=$item->id") ?>">
<?= p::clean($parent->title) ?>
</a>
</li>
<? endforeach ?>
<li class="active"><?= p::clean($item->title) ?></li>
</ul>
<? endif ?>
