public function ShowAction($id = '') { global $CONFIG; $id += 0; if (!$id) { throw new ApplicationException("404 File Not Found"); } $size = reqs('size'); $is_preview = reqi('preview'); if ($is_preview) { $item = $this->model->one($id); if ($item['is_image']) { $this->model->transmit_file($id, $size, 'inline'); } else { #if it's not an image and requested preview - return std image $filepath = $CONFIG['site_root'] . '/img/att_file.png'; # TODO move to web.config or to model? header('Content-type: ' . UploadUtils::get_mime4ext($item['ext'])); $fp = fopen($filepath, 'rb'); fpassthru($fp); } } else { $this->model->transmit_file($id, $size, 'inline'); } }
public function get_filter() { global $CONFIG; #each filter remembered in session linking to controller.action $session_key = '_filter_' . $this->fw->G['controller.action']; $sfilter = $_SESSION[$session_key]; if (!is_array($sfilter)) { $sfilter = array(); } $f = req('f'); if (!is_array($f)) { $f = array(); } #if not forced filter if (!reqs('dofilter')) { $f = array_merge($sfilter, $f); } #paging if (!preg_match("/^\\d+\$/", $f['pagenum'])) { $f['pagenum'] = 0; } if (!preg_match("/^\\d+\$/", $f['pagesize'])) { $f['pagesize'] = $CONFIG['MAX_PAGE_ITEMS']; } #save in session for later use $_SESSION[$session_key] = $f; $this->list_filter = $f; return $f; }
public function SaveAction() { $mail_to = $this->fw->G['SUPPORT_EMAIL']; $mail_subject = reqs('subject'); $redirect_to = reqs('redirect'); $sys_fields = Utils::qh('form_format redirect subject submit RAWURL XSS'); $msg_body = ''; foreach ($_POST as $key => $value) { if (array_key_exists($key, $sys_fields)) { continue; } $msg_body .= $key . ' = ' . $value . "\n"; } $this->fw->send_email($mail_to, $mail_subject, $msg_body); //need to add root_domain, so no one can use our redirector for bad purposes fw::redirect($this->fw->G['ROOT_DOMAIN'] . $redirect_to); }
public function SaveAction() { global $CONFIG; #special case login if (req('save_type') == 'facebook') { $this->SaveFacebook(); return; } try { $login = trim($_REQUEST['item']['login']); $pwd = $_REQUEST['item']['pwdh']; if ($_REQUEST["item"]["chpwd"] == "1") { $pwd = $_REQUEST['item']['pwd']; } $pwd = substr(trim($pwd), 0, 32); if (!strlen($login) || !strlen($pwd)) { $this->ferr("REGISTER", True); throw new ApplicationException(""); } $hU = db_row("select * from users where email=" . dbq($login) . " and pwd=" . dbq($pwd)); if (!isset($hU['access_level']) || $hU['status'] != 0) { throw new ApplicationException(lng("User Authentication Error")); } $this->model->do_login($hU['id']); $gourl = reqs('gourl'); if ($gourl && !preg_match("/^http/i", $gourl)) { #if url set and not external url (hack!) given fw::redirect($gourl); } else { fw::redirect($CONFIG['LOGGED_DEFAULT_URL']); } } catch (ApplicationException $ex) { $this->fw->G['err_ctr'] = reqi('err_ctr') + 1; $this->set_form_error($ex->getMessage()); $this->route_redirect("Index"); } }
public function SaveMultiAction() { $acb = req('cb'); if (!is_array($acb)) { $acb = array(); } $is_delete = reqs('delete') > ''; $ctr = 0; foreach ($acb as $id => $value) { if ($is_delete) { $this->model->delete($id); $ctr += 1; } } $this->fw->flash("multidelete", $ctr); fw::redirect($this->base_url); }
public function SelectAction() { $category_icode = reqs("category"); $att_categories_id = reqi("att_categories_id"); $AttCat = $this->fw->model('AttCategories'); if ($category_icode > '') { $att_cat = $AttCat->one_by_icode($category_icode); if (count($att_cat)) { $att_categories_id = $att_cat['id']; } } $rows = $this->model->ilist_by_category($att_categories_id); foreach ($rows as $key => $row) { $row['direct_url'] = $this->model->get_url_direct($row); } $ps = array('att_dr' => $rows, 'select_att_categories_id' => $AttCat->get_select_options($att_categories_id)); return $ps; }
public function AjaxAutocompleteAction() { $query = reqs('q'); $ps = $this->model_related->get_autocomplete_items($query); return $ps; }