private function tryProcessPostData($postData)
{
$reqfields = array('link_path', 'link_target', 'link_priority');
if (!$postData->hasValues($reqfields)) {
$this->errorMessage = 'Please specify:
<ul>
<li>Path</li>
<li>Target</li>
<li>Priority</li>
</ul>';
return;
}
$fields = $reqfields;
extract($postData->filter($fields));
$link_priority = intval($link_priority);
if ($link_priority < 0 || $link_priority > 1000) {
$this->errorMessage = 'Priority must be between 0 and 1000';
return;
}
$dbc = Application::dbConnection();
$entry = $dbc->links()->addLink('regex', $link_path, $link_target, Authorization::user()->id);
if (!$entry) {
$this->errorMessage = 'An internal error occurred while creating the short URL. Please try again or ask an administrator for help.';
return;
}
$success = $dbc->links()->setPriority($entry->id, $link_priority);
if (!$success) {
$url = self::getURL('links/details', array('link' => $entry->id));
$this->errorMessage = 'The link was created, but the priority could not be set. Please <a href="' . WebRenderer::escapeAttr($url) . '">try again</a>';
return;
}
self::redirectTo('links/details', array('link' => $entry->id));
exit;
}
public function init($params)
{
self::requireNonce();
self::requirePermission('session.switch_user');
if ($this->revert) {
if (Authorization::switched()) {
Authorization::switchBack();
}
self::redirectTo('home');
exit;
} else {
if ($this->uid === false) {
self::redirectTo('home');
exit;
}
$dbc = Application::dbConnection();
$this->userInfo = $dbc->users()->getUser($this->uid);
if ($this->userInfo) {
if ($this->confirmed) {
if (Authorization::switched()) {
Authorization::switchBack();
}
$s = Authorization::switchUser($this->userInfo);
if ($s) {
self::redirectTo('home');
exit;
}
$this->errorMessage = 'Switching failed.';
}
}
}
}
/**
* Retrieves a user from the current authorization context which should be
* used for permission checks.
*/
public static function currentUser()
{
if (Authorization::switched()) {
return Authorization::realUser();
}
return Authorization::user();
}
private function tryProcessPostData($postData)
{
$reqfields = array('target_link');
if (!$postData->hasValues($reqfields)) {
$this->errorMessage = 'Please enter a target link.';
return;
}
$fields = $reqfields;
$fields[] = 'use_custom_path';
$fields[] = 'custom_path';
$fields[] = 'override_wildcards';
extract($postData->filter($fields));
if ($override_wildcards) {
if (!self::hasPermission('link.override_wildcards')) {
$this->errorMessage = 'You are not permitted to override wildcards.';
return;
}
}
$dbc = Application::dbConnection();
$opts = $dbc->options()->getOptions(array('linkgen_chars', 'linkgen_length', 'custom_links_regex'));
extract($opts);
if ($use_custom_path) {
if (!$custom_path) {
$this->errorMessage = 'Please enter a valid short path or uncheck the custom path option.';
return;
}
if (!self::hasPermission('link.custom_path')) {
$this->errorMessage = 'You are not permitted to use custom paths.';
return;
}
if (!preg_match("/{$custom_links_regex}/", $custom_path)) {
$this->errorMessage = 'The chosen short path is not allowed due to administrative restrictions.';
return;
}
$shortpath = $custom_path;
} else {
$linkgen_length = intval($linkgen_length);
$shortpath = $dbc->links()->findAvailablePath($linkgen_length, $linkgen_chars);
}
$conflict = $dbc->links()->checkConflictsStatic($shortpath);
$this->allowOverrideWildcards = !!$conflict && self::hasPermission('link.override_wildcards');
if ($conflict) {
if ($conflict->type === 'static') {
$this->errorMessage = 'Another link with the same path or a conflicting path already exists.';
return;
}
if ($conflict->type === 'regex' && !$override_wildcards) {
$url = self::getURL('links/details', array('link' => $conflict->id))->build();
$this->errorMessage = 'This path would override <a href="' . WebRenderer::escapeAttr($url) . '">a defined wildcard</a>.';
return;
}
}
$entry = $dbc->links()->addLink('static', $shortpath, $target_link, Authorization::user()->id);
if (!$entry) {
$this->errorMessage = 'An internal error occurred while creating the short URL. Please try again or ask an administrator for help.';
return;
}
self::redirectTo('links/details', array('link' => $entry->id));
exit;
}
public function init($params)
{
Page::requireNonce();
Authorization::logout();
self::redirectTo('login');
exit;
}
public function init($params)
{
self::requireLogin();
$dbc = Application::dbConnection();
$this->settings = $dbc->options()->getOptions(array('allow_name_changes'));
$this->userInfo = Authorization::user();
$postData = \tniessen\tinyIt\HttpParams::_POST();
if ($postData && !$postData->isEmpty()) {
$this->currentParams = $postData;
$this->tryProcessPostData($postData);
$this->userInfo = Authorization::user('reload');
}
}
public function init($params)
{
self::requireLogin();
$dbc = Application::dbConnection();
if ($uid = $this->userId) {
$this->userInfo = $dbc->users()->getUser($uid);
if ($this->userInfo) {
if ($this->userId !== Authorization::user()->id) {
if (self::hasPermission('session.switch_user')) {
$this->canSwitchUser = true;
}
}
if ($this->deleteMode) {
self::requireNonce();
$allowed = self::hasPermission('user.delete_accounts');
$allowed |= $uid === Authorization::user()->id && self::hasPermission('user.delete_self');
if ($allowed) {
$dbc->links()->removeLinksByUser($uid);
if ($dbc->users()->removeUser($uid)) {
self::redirectTo('users/list');
exit;
} else {
$this->errorMessage = 'Internal error while deleting user';
}
} else {
$this->errorMessage = 'You are not permitted to delete this user account.';
}
} else {
if (isset($params['setGroup'])) {
$newgroup = intval($params['setGroup']);
$ok = true;
if ($newgroup) {
$g = $dbc->groups()->getGroup($newgroup);
if (!$g) {
$ok = false;
$this->errorMessage = 'The selected group was not found.';
}
}
if ($ok) {
$dbc->users()->setGroup($uid, $newgroup);
$this->userInfo = $dbc->users()->getUser($uid);
}
}
}
if ($this->userInfo->group_id) {
$this->groupInfo = $dbc->groups()->getGroup($this->userInfo->group_id);
}
$this->availableGroups = $dbc->groups()->getGroups(0, 100);
}
}
}
private function tryProcessPostData($postData)
{
$reqfields = array('username', 'password');
if (!$postData->hasValues($reqfields)) {
$this->errorMessage = 'Please submit username and password.';
return;
}
$fields = $reqfields;
extract($postData->filter($fields));
$uid = Authorization::login($username, $password);
if ($uid === false) {
$this->errorMessage = 'Incorrect user / password';
return;
}
$this->redirectTo('home');
exit;
}
public function init($params)
{
if (Authorization::loggedIn()) {
self::redirectTo('home');
exit;
}
$dbc = Application::dbConnection();
if (!$dbc->options()->getOption('allow_registration')) {
self::redirectTo('login');
exit;
}
$postData = \tniessen\tinyIt\HttpParams::_POST();
if ($postData && !$postData->isEmpty()) {
$this->currentParams = $postData;
$this->tryProcessPostData($postData);
}
}
public function init($params)
{
self::requireLogin();
$dbc = Application::dbConnection();
if ($lid = $this->linkId) {
$this->linkInfo = $dbc->links()->getLink($lid);
if ($this->linkInfo) {
if ($this->editMode) {
$allowed = self::hasPermission('link.edit_links');
$allowed |= $this->linkInfo->owner_id === Authorization::user()->id && self::hasPermission('link.edit_own_links');
if ($allowed) {
$postData = \tniessen\tinyIt\HttpParams::_POST();
if ($postData && !$postData->isEmpty()) {
$this->currentParams = $postData;
$this->tryProcessEditPostData($postData);
}
} else {
$this->editMode = false;
$this->errorMessage = 'You are not permitted to edit this link.';
}
} elseif ($this->deleteMode) {
self::requireNonce();
$allowed = self::hasPermission('link.delete_links');
$allowed |= $this->linkInfo->owner_id === Authorization::user()->id && self::hasPermission('link.delete_own_links');
if ($allowed) {
if ($dbc->links()->removeLink($lid)) {
self::redirectTo('links/list');
exit;
} else {
$this->errorMessage = 'Internal error while deleting link';
}
} else {
$this->errorMessage = 'You are not permitted to delete this link.';
}
}
if ($oid = $this->linkInfo->owner_id) {
$this->linkInfo->userInfo = $dbc->users()->getUser($oid);
}
if ($this->linkInfo->type === 'static') {
$this->linkInfo->fullURL = Application::getBaseURL()->build() . $this->linkInfo->path;
}
}
}
}
<h4 class="modal-title">Delete link</h4>
</div>
<div class="modal-body">
<p>Do you really want to delete this link?</p>
<p><code><?php
echo $r->escapeHtml($l->path);
?>
</code> redirecting to <code><?php
echo $r->escapeHtml($l->target);
?>
</code></p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
<a href="<?php
$params = array('link' => $l->id, 'delete' => true, 'nonce' => \tniessen\tinyIt\Security\Authorization::getNonce());
$url = $pageURL('links/details', $params);
echo $r->escapeAttr($url);
?>
" class="btn btn-danger">Delete</a>
</div>
</div>
</div>
</div>
<?php
} else {
?>
<div class="page-header">
<h1>Link details</h1>
</div>
<div class="alert alert-danger">
<li><a href="<?php
echo $r->escapeAttr($pageURL('settings/own/account'));
?>
">Account settings</a></li>
<li class="divider"></li>
<?php
if ($ru = \tniessen\tinyIt\Security\Authorization::realUser()) {
?>
<li><a href="<?php
$url = $pageURL('switch-user', array('revert' => true, 'nonce' => $theNonce));
echo $r->escapeAttr($url);
?>
">Switch back to <?php
echo $r->escapeHtml($ru->display_name);
?>
</a></li>
<?php
}
?>
<li><a href="<?php
$nonce = \tniessen\tinyIt\Security\Authorization::getNonce();
$url = $pageURL('logout', array('nonce' => $nonce));
echo $r->escapeAttr($url);
?>
">Logout</a></li>
</ul>
</li>
</ul>
</div><!-- .navbar-collapse -->
</div><!-- .container-fluid -->
</div><!-- .navbar -->
<?php
$r->render('dashboard', array('title' => 'Home'));
?>
<div class="page-header">
<h1>Welcome <small><?php
echo $r->escapeHtml(\tniessen\tinyIt\Security\Authorization::user()->display_name);
?>
</small></h1>
</div>
<div class="jumbotron">
<h1>What do you want to do?</h1>
<p>Choose one of these possibilities to begin or use the navigation menu at the top.</p>
<ul>
<li><a href="<?php
echo $r->escapeAttr($pageURL('links/shorten'));
?>
">Shorten a link</a></li>
<li><a href="<?php
echo $r->escapeAttr($pageURL('links/list'));
?>
">View shortened links</a></li>
<li><a href="<?php
echo $r->escapeAttr($pageURL('users/list'));
?>
">Manage users</a></li>
<li><a href="<?php
echo $r->escapeAttr($pageURL('settings/own/account'));
?>
">Change account settings</a></li>
</ul>
/**
* Requires an authorized session and a valid `nonce` GET parameter.
*
* If the client did not send a valid nonce along with the request, this
* function will redirect the client to another page.
*
* This function will call Page::requireLogin prior to any other actions.
*
* @param string $redirectTo
*/
public static final function requireNonce($redirectTo = 'home')
{
self::requireLogin();
$data = \tniessen\tinyIt\HttpParams::_GET();
$okay = $data->has('nonce') && Authorization::isNonce($data->get('nonce'));
if (!$okay) {
self::redirectTo($redirectTo);
exit;
}
}
if ($theUser->id === $u->id) {
?>
<a href="<?php
echo $r->escapeAttr($pageURL('settings/own/account'));
?>
" class="btn btn-default">
<span class="glyphicon glyphicon-pencil"></span> Edit
</a>
<?php
}
?>
<?php
if ($r->opt('canSwitchUser')) {
?>
<a href="<?php
$params = array('user' => $u->id, 'nonce' => \tniessen\tinyIt\Security\Authorization::getNonce());
$url = $pageURL('switch-user', $params);
echo $r->escapeAttr($url);
?>
" class="btn btn-default">
<span class="glyphicon glyphicon-arrow-right"></span> Switch
</a>
<?php
}
?>
<?php
if ($page::hasPermission('user.set_group')) {
?>
<button type="button" class="btn btn-default" data-toggle="modal" data-target=".select-group-modal">
Set group
</button>
