function likeEvent($like = 1) { global $current_user; $current_user = new CurrentUser(); if (!$current_user->id) { return; } $id = $_POST['id']; if ($like) { $res = MongoDatabase::eventLike($id, $current_user->id); } else { $res = MongoDatabase::eventUnlike($id, $current_user->id); } $this->data['result'] = $res; $event_owner = $res['event_owner']; if ($res && $like && $id && $event_owner != $current_user->id) { // перетаскиваем запись к себе на стену $followerIds = $current_user->getFollowers(); $followerIds[$current_user->id] = $current_user->id; MongoDatabase::pushEvents($current_user->id, $followerIds, $id, time(), $event_owner); } if (!$like && $id && $event_owner != $current_user->id) { // разонравилась. удаляем эту запись с моей стены $followerIds = $current_user->getFollowers(); $followerIds[$current_user->id] = $current_user->id; MongoDatabase::removeWallItem(array_keys($followerIds), $id, $event_owner); } }
function __construct($id = NULL) { $fields = array('label' => new Type\CharField(), 'cat' => new Type\CharField(), 'active' => new Type\BooleanField(), 'parent' => new Type\ForeignKey('FelixOnline\\Core\\Category'), 'email' => new Type\CharField(), 'twitter' => new Type\CharField(), 'description' => new Type\TextField(), 'order' => new Type\IntegerField(), 'hidden' => new Type\BooleanField(), 'secret' => new Type\BooleanField()); parent::__construct($fields, $id); $currentuser = new CurrentUser(); if ($this->getSecret() && !$currentuser->isLoggedIn() && !Utility::isInCollege()) { throw new \FelixOnline\Exceptions\ModelNotFoundException("This is a secret category and you don't have permission to access it", "Category", $id); } }
function get($count = 50, $id = "", $info = "all") { //Connect $sql = new DataBase(); $sql->connect(); $query = "\r\n\t\tSELECT DISTINCT acc.*\r\n\t\tFROM accounts acc\r\n\t\tWHERE acc.profile_id = '" . CurrentUser::getId() . "'"; if (!empty($id)) { $query .= " AND acc.id = '" . $id . "'"; } $query .= " ORDER BY acc.account_type_id, acc.name LIMIT " . $count; //Execute $sql->query($query); //Objects $json = array(); //Data while ($data = mysql_fetch_array($sql->result)) { if ($info == "all") { $array = array("id" => $data["id"], "name" => $data["name"], "profile_id" => $data["profile_id"], "initial_balance" => $data["initial_balance"], "account_type_id" => $data["account_type_id"], "balance" => $data["balance"], "status" => $data["status"]); array_push($json, $array); } else { $json = $data[$info]; } } //Return return $json; $sql->close(); }
function removeFriend() { $id = max(0, (int) $_POST['id']); $current_user = new CurrentUser(); if ($current_user->authorized) { if ($current_user->id != $id) { $user_following = $current_user->getFollowing(); $friend = Users::getById($id); /* @var $friend User */ $friend_followers = $friend->getFollowers(); if (isset($user_following[$id])) { unset($user_following[$id]); } if (isset($friend_followers[$current_user->id])) { unset($friend_followers[$current_user->id]); } $current_user->setFollowing($user_following); $friend->setFollowers($friend_followers); $friend->onDeletedFromFriend($current_user->id); $current_user->onDeleteFriend($id); $friend->save(); $current_user->save(); } } }
public static function getInstance() { if (!self::$instance) { self::$instance = new CurrentUser(); } return self::$instance; }
public function setCanDo($inValue = false) { if (!is_bool($inValue)) { return false; } $user = CurrentUser::getUserSession(); $permissionEngine = PermissionEngine::getInstance(); return $permissionEngine->toggleCanDo($this, $user->getRoleID(), $inValue); }
public function setLike() { $user = new CurrentUser(); if ($user->isLoggedIn()) { $alreadyLiked = false; while ($row = mysqli_fetch_array($this->result)) { if ($row['UserID'] == $user->getCookieID()) { $alreadyLiked = true; } } if ($alreadyLiked) { return; } else { self::DBConnect("likes", $this->ID, $user->getCookieID()); } } else { echo "not logged in"; } }
public function __construct(Request $request) { if (count($request->getParameters(true)) > 1) { $this->response = Response::fourOhFour(); return; } $user = CurrentUser::getUserSession(); if (!$user->isLoggedIn()) { $this->response = new Response(200, "@home/notLoggedIn.twig", "Welcome", "home"); return; } $this->response = new Response(200, "@home/main.twig", "Hi {$user->getFirstName()}", "home", $user); }
/** * Test login & logout * @test */ public function test_login_logout() { CurrentUser::login("testuser", "testpassword"); $this->assertEquals("testuser", $_SESSION['login']); $this->assertNull($_SESSION['token']); $this->assertNotNull(CurrentUser::$account); $this->assertEquals("testuser", CurrentUser::$account->login); $this->assertFalse(CurrentUser::$admin); CurrentUser::logout(); //TODO: Failure because I do require_once. Autoload may solve the issue $this->assertNull($_SESSION['login']); $this->assertNull(CurrentUser::$account); $this->assertNull($_SESSION['token']); $this->assertFalse(CurrentUser::$admin); }
function __construct() { CurrentUser::authorize_cookie(); // разбираем запрос Log::timing('request'); $this->processRequest(); Log::timing('request'); // пишем модулями записи Log::timing('write'); $this->processWrite(); Log::timing('write'); // ищем конфигурацию страницы для выдачи юзеру Log::timing('prepare config'); $this->preparePageConfiguration(); Log::timing('prepare config'); // тянем данные $this->executeModules(); // подключаем шаблонизатор $this->applyTemplates(); }
public static function authorize_cookie() { $cookie_key = Config::need('COOKIE_KEY', 'u'); $hash_coookie_key = $cookie_key . '_sh'; $uid_coookie_key = $cookie_key . '_id'; if (isset($_COOKIE[$uid_coookie_key]) && isset($_COOKIE[$hash_coookie_key])) { $user_id = $_COOKIE[$uid_coookie_key]; $user = Users::getByIdLoaded($user_id); if (!$user) { return false; } if ($user->data['session'] == $_COOKIE[$hash_coookie_key]) { self::$id = $user_id; Database::query('UPDATE `user` SET `lastAccessTime`=' . time() . ' WHERE `id`=' . $user_id); self::$authorized = true; return true; } } else { return false; } }
function get($count = 10, $from = "", $to = "", $account = "", $id = "") { //Connect $sql = new DataBase(); $sql->connect(); //Query $query = "\r\n\t\t\tSELECT DISTINCT transaction.*\r\n\t\t\tFROM transactions transaction\r\n\t\t\tWHERE transaction.profile_id = " . CurrentUser::getId() . " "; if (!empty($from)) { $query .= "AND transaction.date >= '" . $from . "' "; } if (!empty($to)) { $query .= "AND transaction.date <= '" . $to . "' "; } if (!empty($account)) { $query .= "AND (transaction.account_from_id = '" . $account . "' || transaction.account_to_id = '" . $account . "') "; } if (!empty($id)) { $query .= "AND transaction.id = '" . $id . "' "; } $query .= "ORDER BY transaction.date DESC "; if ($count != "all") { $query .= "LIMIT " . $count; } $sql->query($query); //Objects $json = array(); //Instances $tags = new Tags(); $accounts = new Accounts(); //Data while ($data = mysql_fetch_array($sql->result)) { $array = array("id" => $data["id"], "description" => $data["description"], "amount" => $data['transaction_type_id'] == 3 && $data["account_from_id"] != $account ? $data["amount"] * -1 : $data["amount"], "type" => $data["transaction_type_id"], "date" => $data["date"], "account_from" => $data["account_from_id"], "account_to" => $data["account_to_id"], "account_type" => $accounts->get(1, $data["account_from_id"], "account_type_id"), "profile_id" => $data["profile_id"], 'tags' => $tags->getTransactionTags(1000, $data["id"])); array_push($json, $array); } //Close connection //$sql->close(); //Return return $json; }
private function doLogIn() { if (!AntiForgeryToken::getInstance()->validate()) { return Response::fiveHundred(); } if (!Honeypot::getInstance()->validate()) { return Response::fiveHundred(); } $hookEngine = HookEngine::getInstance(); $hookEngine->runAction('userIsLoggingIn'); $user = CurrentUser::getUserSession(); if ($user->isLoggedIn()) { return Response::redirect(new Link("")); } $username = Request::getPostParameter("username"); $password = Request::getPostParameter("password"); if (!$username) { return $this->showErrorMessage(); } if (!$password) { return $this->showErrorMessage(); } $lockoutEngine = LockoutEngine::getInstance(); if ($lockoutEngine->isLockedOut($_SERVER['REMOTE_ADDR'])) { return Response::redirect(new Link("users/login")); } $logger = Logger::getInstance(); $username = preg_replace('/\\s+/', '', strip_tags($username)); if (!$user->logIn($username, $password)) { $logger->logIt(new LogEntry(0, logEntryType::warning, 'Someone failed to log into ' . $username . '\'s account from IP:' . $_SERVER['REMOTE_ADDR'], 0, new DateTime())); return $this->showErrorMessage(); } $user = CurrentUser::getUserSession(); $logger->logIt(new LogEntry(0, logEntryType::info, 'A new session was opened for ' . $user->getFullName() . ', who has an IP of ' . $_SERVER['REMOTE_ADDR'] . '.', $user->getUserID(), new DateTime())); $hookEngine->runAction('userLoggedIn'); return Response::redirect(new Link("")); }
public function __construct() { CurrentUser::$user = isset($_SESSION['id']) ? UsersManager::getById($_SESSION['id']) : null; }
/** * Create admin page * * @author Thibaud Rohmer */ public function __construct() { /// Check that current user is an admin or an uploader if (!(CurrentUser::$admin || CurrentUser::$uploader)) { return; } /// Get actions available for Uploaders too if (isset($_GET['a'])) { switch ($_GET['a']) { case "Abo": $this->page = new AdminAbout(); break; case "Upl": if (isset($_POST['path'])) { AdminUpload::upload(); CurrentUser::$path = File::r2a(stripslashes($_POST['path'])); } break; case "Mov": if (isset($_POST['pathFrom'])) { try { CurrentUser::$path = File::r2a(dirname(stripslashes($_POST['pathFrom']))); } catch (Exception $e) { CurrentUser::$path = Settings::$photos_dir; } } Admin::move(); if (isset($_POST['move']) && $_POST['move'] == "rename") { try { if (is_dir(File::r2a(stripslashes($_POST['pathFrom'])))) { CurrentUser::$path = dirname(File::r2a(stripslashes($_POST['pathFrom']))) . "/" . stripslashes($_POST['pathTo']); } } catch (Exception $e) { CurrentUser::$path = Settings::$photos_dir; } } break; case "Del": if (isset($_POST['del'])) { if (!is_array($_POST['del'])) { CurrentUser::$path = dirname(File::r2a(stripslashes($_POST['del']))); } else { CurrentUser::$path = dirname(File::r2a(stripslashes($_POST['del'][0]))); } Admin::delete(); } break; } } /// Check that current user is an admin if (!CurrentUser::$admin) { return; } /// Get action if (isset($_GET['a'])) { switch ($_GET['a']) { case "Sta": $this->page = new AdminStats(); break; case "VTk": $this->page = new GuestToken(); break; case "DTk": if (isset($_POST['tokenkey'])) { GuestToken::delete($_POST['tokenkey']); } $this->page = new GuestToken(); break; case "Acc": if (isset($_POST['edit'])) { Account::edit($_POST['login'], $_POST['old_password'], $_POST['password'], $_POST['name'], $_POST['email'], NULL, $_POST['language']); } if (isset($_POST['login'])) { $this->page = new Account($_POST['login']); } else { $this->page = CurrentUser::$account; } break; case "GC": Group::create($_POST['group']); $this->page = new Group(); break; case "AAc": Account::create($_POST['login'], $_POST['password'], $_POST['verif']); $this->page = new Group(); break; case "AGA": $a = new Account($_POST['acc']); $a->add_group($_POST['group']); $a->save(); $this->page = CurrentUser::$account; break; case "AGR": $a = new Account($_POST['acc']); $a->remove_group($_POST['group']); $a->save(); $this->page = CurrentUser::$account; break; case "ADe": Account::delete($_POST['name']); $this->page = new Group(); break; case "GEd": Group::edit($_POST); $this->page = new Group(); break; case "GDe": Group::delete($_GET['g']); $this->page = new Group(); break; case "CDe": CurrentUser::$path = File::r2a($_POST['image']); Comments::delete($_POST['id']); $this->page = new MainPage(); break; case "JS": break; case "EdA": $this->page = new Group(); break; case "GAl": if (isset($_POST['path'])) { Settings::gener_all(File::r2a(stripslashes($_POST['path']))); } case "Set": if (isset($_POST['name'])) { Settings::set(); } $this->page = new Settings(); break; } } if (!isset($this->page)) { $this->page = new AdminAbout(); } /// Create menu $this->menu = new AdminMenu(); }
public function toggleCurrentUserSupportForStatus(Status $toSupport) { $permissionEngine = PermissionEngine::getInstance(); if (!$permissionEngine->currentUserCanDo("canSupportStatuses")) { return false; } $database = Database::getInstance(); if (!$database->isConnected()) { return false; } $user = CurrentUser::getUserSession(); $userID = $database->escapeString($user->getUserID()); $statusID = $database->escapeString($toSupport->getID()); $results = $database->getData("supporterID", "statusSupporter", "supporterID={$userID} AND statusID={$statusID}"); if ($results === false) { return false; } if ($results != null) { return $this->removeSupport($statusID, $userID); } return $this->addSupport($statusID, $userID); }
<?php ini_set('display_errors', 1); $end = array_pop(explode('/', $_SERVER['REQUEST_URI'])); list($image_id, $size) = explode('-', $end); $image_id = (int) $image_id; $size = (int) $size; if ($image_id) { $core_path = 'core/'; require_once $core_path . 'config.php'; require_once $core_path . 'include.php'; $authorized = CurrentUser::authorize_cookie(); if ($authorized) { $owner = Database::sql2single('SELECT `creator_id` FROM `album_events` WHERE `picture`=' . $image_id); if ($owner == CurrentUser::$id) { header('Content-type: image/jpeg'); header('Content-Disposition: inline; filename=protected_' . $image_id . '-' . $size . '.jpg'); header('X-Accel-Redirect: /images_private/' . str_replace(ImgStore::ROOT_PRIVATE_FOLDER, '', ImgStore::getFileLocalPath($image_id, $size, $private = true))); exit(0); } else { die('Изображение является приватным и доступно только владельцу'); } } else { die('Изображение является приватным и доступно только владельцу'); } }
public function generateNewForgotPassword($userID) { if (CurrentUser::getUserSession()->isLoggedIn()) { return false; } if (!is_numeric($userID)) { return false; } $database = Database::getInstance(); if (!$database->isConnected()) { return false; } $randomString = new generateRandomString(50, true, 37, 136); $existingTokens = $database->getData('token', 'forgotPassword'); if ($existingTokens === false) { return false; } if ($existingTokens === null) { $existingTokens = array(); } do { $token = $randomString->run(); } while (in_array(array('token' => $token), $existingTokens)); $date = new DateTime(); $date = $date->format('Y-m-d H:i:s'); $token = $database->escapeString($token); $date = $database->escapeString($date); $userID = $database->escapeString($userID); $result = $database->insertData('forgotPassword', 'token, requestDate, userID', "'{$token}', '{$date}', {$userID}"); if ($result === false) { return false; } return $this->getForgotPasswordByToken($token); }
public function getCurrentUserValue($optionName) { $userID = intval(CurrentUser::getUserSession()->getID()); return $this->getUserValue($optionName, $userID); }
private static function getVariables() { ObjectCache::getInstance(); $site = Site::getInstance(); define('GUEST_ROLE_ID', (int) $site->getGuestRoleID()->getValue()); define('SITE_EMAIL', $site->getEmail()); define('SITE_TITLE', $site->getTitle()); date_default_timezone_set($site->getTimeZone()); if ($site->isInMaintenanceMode()) { if (!PermissionEngine::getInstance()->currentUserCanDo('bypasssMaintenanceMode')) { return; } } $blockEngine = BlockEngine::getInstance(); $user = CurrentUser::getUserSession(); $hookEngine = HookEngine::getInstance(); $router = Router::getInstance(); $hookEngine->runAction('addStaticRoutes'); $moduleInCharge = $router->whichModuleHandlesRequest(); $response = self::getResponse($moduleInCharge); http_response_code($response->getResponseCode()); $headers = $response->getHeaders(); foreach ($headers as $header => $value) { header($header . ": " . $value, true); } define('PAGE_TYPE', $response->getPageType()); $blocks = $blockEngine->getBlocks($site->getTheme(), PAGE_TYPE, $user->getRoleID()); if ($blocks === null) { $blocks = array(); } self::render($site, $response, $blocks); }
function __construct() { /// Initialize variables Settings::init(); /// Initialize CurrentUser try { CurrentUser::init(); } catch (Exception $e) { $page = new RegisterPage(true); $page->toHTML(); return; } /// Check what to do switch (CurrentUser::$action) { case "Judge": // Same as page // Same as page case "Page": $page = new MainPage(); $page->toHTML(); break; case "Log": $page = new LoginPage(); $page->toHTML(); break; case "Reg": $page = new RegisterPage(); $page->toHTML(); break; case "JS": $page = new JS(); break; case "Img": Provider::Image(CurrentUser::$path); break; case "BDl": Provider::Image(CurrentUser::$path, false, true, true, true); break; case "Big": Provider::Image(CurrentUser::$path, false, true); break; case "Thb": Provider::Image(CurrentUser::$path, true); break; case "Zip": Provider::Zip(CurrentUser::$path); break; case "Acc": if (CurrentUser::$admin && isset($_POST['login'])) { $acc = new Account($_POST['login']); } else { $acc = CurrentUser::$account; } $acc->toHTML(); break; case "Adm": $page = new Admin(); $page->toHTML(); break; } }
public function currentUserCanDo($inPermissionName) { $perm = $this->getPermission($inPermissionName); if (!$perm) { return false; } if (!$this->checkPermission($perm, CurrentUser::getUserSession()->getRoleID())) { return false; } return true; }
function register() { $error = array(); if (!valid_email_address($_POST['email'])) { $error['email'] = 'неправильный E-mail'; } if (!trim($_POST['password'])) { $error['password'] = '******'; } if (!isset($_POST['agree'])) { $error['agree'] = 'Примите условия пользовательского соглашения'; } if (count($error)) { Site::passWrite('error_register', $error); return; } else { try { $fields = array(); $data['email'] = strtolower(trim($_POST['email'])); $data['nickname'] = $this->getUniqueNickname(strtolower(trim($_POST['nickname'])), $_POST['email']); $data['password'] = md5(trim($_POST['password'])); $data['registerTime'] = $data['lastAccessTime'] = time(); $data['role'] = User::ROLE_UNVERIFIED; $data['hash'] = md5(time() . '-' . rand(1, 10)); foreach ($data as $f => $v) { $fields[] = '`' . $f . '`=' . Database::escape($v); } Database::query('INSERT INTO `user` SET ' . implode(',', $fields)); $uid = Database::lastInsertId(); try { Site::passWrite('success', true); } catch (Exception $e) { $error['email'] = $e->getMessage(); Site::passWrite('error_register', $error); return; } $this->sendRegisterEmail($data['email'], '', $uid . '-' . $data['hash']); Badges::progressAction($uid, Badges::ACTION_TYPE_REGISTER); } catch (Exception $e) { $error['email'] = 'E-mail уже используется, укажите другой'; Site::passWrite('error_register', $error); return; } CurrentUser::set_cookie($uid); } }
private function authenticate(AuthenticationMethod $authentication, $autoconnect) { $user_id = AuthenticationService::authenticate($authentication, $autoconnect); $current_user = CurrentUser::from_session(); if ($user_id && $this->maintain_config->is_under_maintenance() && !$current_user->check_auth($this->maintain_config->get_auth(), MaintenanceConfig::ACCESS_WHEN_MAINTAIN_ENABLED_AUTHORIZATIONS)) { $session = AppContext::get_session(); Session::delete($session); $this->view->put('ERROR_MESSAGE', MessageHelper::display(LangLoader::get_message('user.not_authorized_during_maintain', 'status-messages-common'), MessageHelper::NOTICE)); $this->has_error = true; } else { if ($user_id) { AppContext::get_response()->redirect($this->get_redirect_url()); } if ($authentication->has_error()) { $this->view->put('ERROR_MESSAGE', MessageHelper::display($authentication->get_error_msg(), MessageHelper::NOTICE)); $this->has_error = true; } } }
/////////////////////////////////////DELETE case 'delete': //Instances and Variables $ID = $_GET['id']; //$transactions = new Transactions; $accounts = new Accounts(); //Connect $sql = new DataBase(); $sql->connect(); //Verify if exists $tr = $transactions->get('all', '', '', '', $ID); $data = $tr; if (count($tr) == 0) { RestUtils::sendResponse('406', array('data' => 'transactionId', 'message' => 'Essa transação não existe.')); } if ($tr[0]['profile_id'] != CurrentUser::getId()) { RestUtils::sendResponse('406', array('data' => 'transactionId', 'message' => 'Essa transação não pertence ao perfil.')); } //Remove $sql->query("DELETE FROM transactions_has_tags WHERE transaction_id = '" . $ID . "'"); $sql->query("DELETE FROM transactions WHERE id = '" . $ID . "'"); //Remove in Ammount if ($data[0]['account_to'] != '') { $balance = $accounts->get(1, $data[0]['account_from'], 'balance'); $balance += $data[0]['amount']; $sql->query("UPDATE accounts SET balance='" . $balance . "' WHERE id = '" . $data[0]['account_from'] . "'"); $balance = $accounts->get(1, $data[0]['account_to'], 'balance'); $balance -= $data[0]['amount']; $sql->query("UPDATE accounts SET balance='" . $balance . "' WHERE id = '" . $data[0]['account_to'] . "'"); } else { $balance = $accounts->get(1, $data[0]['account_from'], 'balance');
//Set the cookies based on rememberme if (!$rememberme) { setcookie('token', $new_token, time() + 6912000, "/"); setcookie('user_id', $user_id, time() + 6912000, "/"); } else { setcookie('token', $new_token, time() + 6912000, "/"); setcookie('user_id', $user_id, time() + 6912000, "/"); } $_COOKIE['user_id'] = $user_id; $_COOKIE['token'] = $new_token; $_SESSION['user_id'] = $user_id; $user = new CurrentUser(array( 'user_id' => $user_id) ); $user->log_login(); http_response_code(200); ///Success echo json_encode($user, JSON_PRETTY_PRINT); /*echo 'succes';*/ } else { /* echo 'bad';*/ throw new OutOfBoundsException('OutOfBoundsException raised on request'); } } else { throw new OutOfRangeException('OutOfRangeException occured on request');
/** * test view function * @test * @depends test_generate_key */ public function test_view() { //prepare self::login_as_admin(); self::delete_tokens_file(); $paths = array(); $keys = array(); $paths[1] = Settings::$photos_dir . "/tokenfolder"; $paths[2] = Settings::$photos_dir . "/tokenfolder2"; $paths[3] = Settings::$photos_dir . "/tokenfolder/subfolder"; for ($i = 1; $i <= 3; $i++) { if (!file_exists($paths[$i])) { mkdir($paths[$i]); } $keys[$i] = Guesttoken::generate_key(); GuestToken::create($paths[$i], $keys[$i]); } CurrentUser::logout(); //test for ($i = 1; $i <= 3; $i++) { $this->assertTrue(GuestToken::view($keys[$i], $paths[$i])); } $this->assertFalse(GuestToken::view($keys[3], $paths[1])); $this->assertFalse(GuestToken::view($keys[3], $paths[2])); $this->assertFalse(GuestToken::view($keys[2], $paths[1])); $this->assertTrue(GuestToken::view($keys[1], $paths[3])); }
/** * Log the user out * * @return void * @author Thibaud Rohmer */ public static function logout() { CurrentUser::$account = NULL; CurrentUser::$admin = false; CurrentUser::$uploader = false; session_unset(); }
/** * The current (logged in) user. * @return CurrentUser The current user instance */ public function user() { static $result = null; if (empty($result)) { $result = CurrentUser::instance(); } return $result; }
public function __construct(Request $request) { if (count($request->getParameters(true)) > 2) { $this->response = Response::fourOhFour(); return; } $currentUser = CurrentUser::getUserSession(); if (!$currentUser->isLoggedIn()) { $this->response = Response::fourOhFour(); return; } $hookEngine = HookEngine::getInstance(); $hookEngine->runAction('userIsLoggingOut'); $currentUser->logOut(); session_regenerate_id(true); $hookEngine->runAction('userLoggedOut'); NoticeEngine::getInstance()->addNotice(new Notice("neutral", "You're now logged out.")); $this->response = Response::redirect(new Link("")); }