/** * Return a reference depending on this reference name * * @param int $args['ref'] Id of the reference that have to be returned * @return array array of items, or false on failure */ public function getref($args) { if (!isset($args['ref'])) { return LogUtil::registerError(__('Error! Could not do what you wanted. Please check your input.')); } return DBUtil::selectObjectByID('IWwebbox', $args['ref'], 'ref', '', ''); }
/** * get a specific item * * @param $args['pageid'] id of example item to get * * @return mixed item array, or false on failure */ public function get($args) { // Argument check if ((!isset($args['pageid']) || !is_numeric($args['pageid'])) && !isset($args['title'])) { return LogUtil::registerArgsError(); } // define the permission filter to apply $permFilter = array(); $permFilter[] = array('component_left' => 'Pages', 'instance_left' => 'title', 'instance_right' => 'pageid', 'level' => ACCESS_READ); if (isset($args['pageid']) && is_numeric($args['pageid'])) { $item = DBUtil::selectObjectByID('pages', $args['pageid'], 'pageid', '', $permFilter); } else { $item = DBUtil::selectObjectByID('pages', $args['title'], 'urltitle', '', $permFilter); } // need to do this here as the category expansion code can't know the // root category which we need to build the relative path component if ($item && isset($args['catregistry']) && $args['catregistry']) { ObjectUtil::postProcessExpandedObjectCategories($item, $args['catregistry']); } if (ModUtil::getVar('Pages', 'enablecategorization') && !empty($item['__CATEGORIES__'])) { if (!CategoryUtil::hasCategoryAccess($item['__CATEGORIES__'], 'Pages')) { return false; } } return $item; }
/** * get a specific admin messages item * @author Mark West * @param int $args['mid'] id of message to get * @return mixed item array, or false on failure */ function Admin_Messages_userapi_get($args) { // Argument check if (!isset($args['mid']) || !is_numeric($args['mid'])) { return LogUtil::registerArgsError(); } // define the permission filter to apply $permFilter = array(array('realm' => 0, 'component_left' => 'Admin_Messages', 'instance_left' => 'title', 'instance_right' => 'mid', 'level' => ACCESS_READ)); return DBUtil::selectObjectByID('message', $args['mid'], 'mid', '', $permFilter); }
/** * Get an user files information * @author: Albert Pérez Monfort * @param: UserId * @return: And array with the users */ public function get($args) { $userId = (isset($args['userId'])) ? $args['userId'] : UserUtil::getVar('uid'); // security check if (!SecurityUtil::checkPermission( 'Files::', '::', ACCESS_ADD)) { return LogUtil::registerPermissionError(); } $item = DBUtil::selectObjectByID('Files', $userId, 'userId'); // error message and return if ($item === false) { return LogUtil::registerError ($this->__('Error! Could not load items.')); } return $item; }
public function get($args) { $mdid = FormUtil::getPassedValue('mdid', isset($args['mdid']) ? $args['mdid'] : null, 'GET'); if (!SecurityUtil::checkPermission('IWtimeframes::', "::", ACCESS_READ)) { return LogUtil::registerError($this->__('Not authorized to manage timeFrames.'), 403); } if (!isset($mdid) || !is_numeric($mdid)) { return LogUtil::registerError($this->__('Error! Could not do what you wanted. Please check your input.')); } $item = DBUtil::selectObjectByID('IWtimeframes_definition', $mdid, 'mdid'); return $item; }
public function get($args) { if (!isset($args['gid']) || !is_numeric($args['gid'])) { return LogUtil::registerError($this->__('Error! Could not do what you wanted. Please check your input.')); } $items = DBUtil::selectObjectByID('groups', $args['gid'], 'gid'); // Check for an error with the database code, and if so set an appropriate // error message and return if ($items === false) { return LogUtil::registerError($this->__('Error! Could not load items.')); } // Return the items return $items; }
/** * Get a specific group item. * * @param int args['gid'] id of group item to get. * @param int args['startnum'] record number to start get from (group membership). * @param int args['numitems'] number of items to get (group membership). * * @return mixed item array, or false on failure. */ public function get($args) { // Argument check if (!isset($args['gid'])) { return LogUtil::registerArgsError(); } // Optional arguments. if (!isset($args['startnum']) || !is_numeric($args['startnum'])) { $args['startnum'] = 1; } if (!isset($args['numitems']) || !is_numeric($args['numitems'])) { $args['numitems'] = -1; } // Get datbase setup $dbtable = DBUtil::getTables(); $groupmembershipcolumn = $dbtable['group_membership_column']; // Get item $result = DBUtil::selectObjectByID('groups', $args['gid'], 'gid'); // Check for an error with the database code if (!$result) { return false; } // Get group membership $where = "WHERE {$groupmembershipcolumn['gid']}= '" . (int) DataUtil::formatForStore($args['gid']) . "'"; $uidsArray = DBUtil::selectObjectArray('group_membership', $where, '', $args['startnum'] - 1, $args['numitems'], 'uid'); // Check for an error with the database code if ($uidsArray === false) { return false; } // Security check if (!SecurityUtil::checkPermission('Groups::', $result['gid'] . '::', ACCESS_READ)) { return false; } // Create the item array $result['nbuser'] = count($uidsArray); $result['members'] = $uidsArray; $uid = UserUtil::getVar('uid'); if ($uid != 0) { $result['status'] = ModUtil::apiFunc('Groups', 'user', 'isuserpending', array('gid' => $args['gid'], 'uid' => $uid)); } else { $result['status'] = false; } // Return the item array return $result; }
function mediashare_sourcesapi_OnOffsources($args) { $dom = ZLanguage::getModuleDomain('mediashare'); if ($args['id'] === false) { return false; } $source = DBUtil::selectObjectByID('mediashare_sources', $args['id']); if ($args['active'] === flase) { $source['active'] = 0; } else { $source['active'] = $args['active']; // todo turn off same mimeTypes } $result = DBUTil::updateObject($source, 'mediashare_sources'); if ($result === false) { return LogUtil::registerError(__f('Error in %1$s: %2$s.', array('mediahandlerapi.addHandler', 'Could not change source status.'), $dom)); } //turn off same mimeTypes return true; }
/** * upgrade the module from an old version * * This function must consider all the released versions of the module! * If the upgrade fails at some point, it returns the last upgraded version. * * @param string $oldVersion version number string to upgrade from * @return mixed true on success, last valid version string or false if fails */ public function upgrade($oldversion) { // Upgrade dependent on old version number switch ($oldversion) { case '2.1': // change value of defaultgroup from name to gid $gid = \DBUtil::selectObjectByID('groups', $this->getVar('defaultgroup'), 'name'); $this->setVar('defaultgroup', $gid['gid']); case '2.2': case '2.3': case '2.3.0': case '2.3.1': // Set read-only primaryadmingroup so it is accessible by other modules. $this->setVar('primaryadmingroup', 2); case '2.3.2': // future upgrade routines } // Update successful return true; }
public function restoreVersion($args) { $versionId = $args['id']; $version = DBUtil::selectObjectByID('content_history', $versionId); if (empty($version)) { return LogUtil::registerError($this->__f('Error! Unknown version ID [%s]', $versionId)); } $version['data'] = unserialize($version['data']); $versionData = $version['data']; $page = $versionData['page']; $pageId = $page['id']; $content = $page['content']; $pageTranslations = $versionData['pageTranslations']; $contentTranslations = $versionData['contentTranslations']; unset($page['layoutData']); unset($page['isTranslated']); unset($page['layoutTemplate']); unset($page['content']); $currentPage = ModUtil::apiFunc('Content', 'Page', 'getPage', array('id' => $pageId, 'editing' => false, 'filter' => array('checkActive' => false), 'enableEscape' => true, 'translate' => false, 'includeContent' => false, 'includeCategories' => false)); if ($currentPage === false) { // is a deleted page $retval = ModUtil::apiFunc('Content', 'Page', 'reinsertPage', array('page' => $page)); if ($retval === false) { return LogUtil::registerError($this->__('Error! Could not reinsert page')); } $pageId = $page['id'] = $retval['id']; $page['urlname'] = $retval['urlname']; } unset($page['parentPageId']); unset($page['position']); unset($page['level']); unset($page['setLeft']); unset($page['setRight']); unset($page['cr_date']); unset($page['cr_uid']); unset($page['lu_date']); unset($page['lu_uid']); unset($page['translatedTitle']); unset($page['translated']); unset($page['uname']); $ok = ModUtil::apiFunc('Content', 'Page', 'updatePage', array('page' => $page, 'pageId' => $pageId, 'revisionText' => '_CONTENT_HISTORYPAGERESTORED' . "|revisionNo={$version['revisionNo']}")); if ($ok === false) { return false; } $currentContentItems = ModUtil::apiFunc('Content', 'Content', 'getSimplePageContent', array('pageId' => $pageId)); if ($currentContentItems === false) { return false; } $currentContentItemsIdMap = array(); foreach ($currentContentItems as $currentContentItem) { $currentContentItemsIdMap[$currentContentItem['id']] = $currentContentItem; } // Iterate through old content items // - if not exist today, then create new, otherwise update existing foreach (array_keys($content) as $i) { foreach (array_keys($content[$i]) as $j) { $contentItem = $content[$i][$j]; //echo "($i,$j : {$content[$i][$j]['type']}) "; if (isset($currentContentItemsIdMap[$contentItem['id']])) { //echo "Update $contentItem[id]! "; $ok = ModUtil::apiFunc('Content', 'Content', 'updateContent', array('content' => $contentItem, 'id' => $contentItem['id'], 'addVersion' => false)); if (!$ok) { return false; } unset($currentContentItemsIdMap[$contentItem['id']]); } else { //echo "Insert $contentItem[id]! "; $newContentItem = array(); $aKeys = array_keys($contentItem); $aVals = array_values($contentItem); // copy all direct keys/values for ($x = 0; $x < count($aKeys); $x++) { $newContentItem[$aKeys[$x]] = $aVals[$x]; } $id = ModUtil::apiFunc('Content', 'Content', 'newContent', array('content' => $newContentItem, 'pageId' => $pageId, 'contentAreaIndex' => $contentItem['areaIndex'], 'position' => $contentItem['position'], 'addVersion' => false)); if ($id === false) { return false; } if ($id != $contentItem['id']) { return LogUtil::registerError($this->__("Error! Re-created old content item but did not restore old ID.")); } unset($currentContentItemsIdMap[$contentItem['id']]); } } } // Iterate through new items // - if not exist in old items then delete it foreach (array_keys($currentContentItemsIdMap) as $id) { //echo "Delete $id! "; $ok = ModUtil::apiFunc('Content', 'Content', 'deleteContent', array('contentId' => $id, 'addVersion' => false)); if (!$ok) { return false; } } // Delete all translations and replace with old translations $ok = ModUtil::apiFunc('Content', 'Page', 'deleteTranslation', array('pageId' => $pageId, 'addVersion' => false)); if ($ok === false) { return false; } foreach ($pageTranslations as $translation) { $language = $translation['language']; $ok = ModUtil::apiFunc('Content', 'Page', 'updateTranslation', array('pageId' => $pageId, 'language' => $language, 'translated' => $translation)); if ($ok === false) { return false; } } foreach ($contentTranslations as $translation) { $language = $translation['language']; $contentId = $translation['contentId']; $translatedData = unserialize($translation['data']); $ok = ModUtil::apiFunc('Content', 'Content', 'updateTranslation', array('contentId' => $contentId, 'language' => $language, 'translated' => $translatedData, 'addVersion' => false)); if ($ok === false) { return false; } } return true; }
/** * Return a category object by ID. * * @param intiger $cid The category-ID to retrieve. * * @return The resulting folder object */ public static function getCategoryByID($cid) { if (!$cid) { return false; } $permFilter = array(); $permFilter[] = array('realm' => 0, 'component_left' => 'Categories', 'component_middle' => '', 'component_right' => 'Category', 'instance_left' => 'id', 'instance_middle' => 'path', 'instance_right' => 'ipath', 'level' => ACCESS_OVERVIEW); $result = DBUtil::selectObjectByID('categories_category', (int) $cid, 'id', null, $permFilter); if ($result) { $result['display_name'] = DataUtil::formatForDisplayHTML(unserialize($result['display_name'])); $result['display_desc'] = DataUtil::formatForDisplayHTML(unserialize($result['display_desc'])); } return $result; }
/** * Get all user variables, maps new style attributes to old style user data. * * @param integer $id The user id of the user (required). * @param boolean $force True to force loading from database and ignore the cache. * @param string $idfield Field to use as id (possible values: uid, uname or email). * @param bool $getRegistration Indicates whether a "regular" user record or a pending registration * is to be returned. False (default) for a user record and true * for a registration. If false and the user record is a pending * registration, then the record is not returned and false is returned * instead; likewise, if true and the user record is not a registration, * then false is returned; (Defaults to false). * * @return array|bool An associative array with all variables for a user (or pending registration); * false on error. */ public static function getVars($id, $force = false, $idfield = '', $getRegistration = false) { if (empty($id)) { return false; } // assign a value for the parameter idfield if it is necessary and prevent from possible typing mistakes if ($idfield == '' || $idfield != 'uid' && $idfield != 'uname' && $idfield != 'email') { $idfield = 'uid'; if (!is_numeric($id)) { $idfield = 'uname'; if (strpos($id, '@')) { $idfield = 'email'; } } } static $cache = array(), $unames = array(), $emails = array(); // caching $user = null; if ($force == false) { if ($idfield == 'uname' && isset($unames[$id])) { if ($unames[$id] !== false) { $user = $cache[$unames[$id]]; } else { return false; } } if ($idfield == 'email' && isset($emails[$id])) { if ($emails[$id] !== false) { $user = $cache[$emails[$id]]; } else { return false; } } if (isset($cache[$id])) { $user = $cache[$id]; } } if (!isset($user) || $force) { // load the Users database information ModUtil::dbInfoLoad('Users', 'Users'); // get user info, don't cache as this information must be up-to-date // NOTE: Do not use a permission filter, or you will enter an infinite nesting loop where getVars calls checkPermission (from within // DBUtil), which will call getVars to find out who you are, which will call checkPermission, etc., etc. // Do your permission check in the API that is using UserUtil. $user = DBUtil::selectObjectByID('users', $id, $idfield, null, null, null, false); // If $idfield is email, make sure that we are getting a unique record. if ($user && $idfield == 'email') { $emailCount = self::getEmailUsageCount($id); if ($emailCount > 1 || $emailCount === false) { $user = false; } } // update cache // user can be false (error) or empty array (no such user) if ($user === false || empty($user)) { switch ($idfield) { case 'uid': $cache[$id] = false; break; case 'uname': $unames[$id] = false; break; case 'email': $emails[$id] = false; break; } if ($user === false) { return LogUtil::registerError(__('Error! Could not load data.')); } return false; } else { // This check should come at the very end, here, so that if $force is true the vars get // reloaded into cache no matter what $getRegistration is set to. If not, and this is // called from setVar(), and setVar() changed the 'activated' value, then we'd have trouble. if ($getRegistration && $user['activated'] != Users_Constant::ACTIVATED_PENDING_REG || !$getRegistration && $user['activated'] == Users_Constant::ACTIVATED_PENDING_REG) { return false; } $user = self::postProcessGetRegistration($user); $cache[$user['uid']] = $user; $unames[$user['uname']] = $user['uid']; $emails[$user['email']] = $user['uid']; } } elseif ($getRegistration && $user['activated'] != Users_Constant::ACTIVATED_PENDING_REG || !$getRegistration && $user['activated'] == Users_Constant::ACTIVATED_PENDING_REG) { return false; } return $user; }
/** * Delete a group. * * @param gid the group id. * * @return Zikula_Response_Ajax */ public function deletegroup() { $this->checkAjaxToken(); $gid = $this->request->getPost()->get('gid'); $group = DBUtil::selectObjectByID('groups', $gid, 'gid'); $this->throwForbiddenUnless(SecurityUtil::checkPermission('Groups::', $gid . '::', ACCESS_DELETE)); // Check if it is the default group... $defaultgroup = $this->getVar('defaultgroup'); if ($group['gid'] == $defaultgroup) { throw new Zikula_Exception_Fatal($this->__('Error! You cannot delete the default user group.')); } if (ModUtil::apiFunc('Groups', 'admin', 'delete', array('gid' => $gid)) == true) { return new Zikula_Response_Ajax(array('gid' => $gid)); } throw new Zikula_Exception_Fatal($this->__f('Error! Could not delete the \'%s\' group.', $gid)); }
/** * Get Quote * @author The Zikula Development Team * @author Greg Allan * @param 'args['qid']' quote id * @return array item array */ public function get($args) { // argument check if (!isset($args['qid']) || !is_numeric($args['qid'])) { return LogUtil::registerArgsError(); } // define the permissions filter to use $permFilter = array(); $permFilter[] = array('realm' => 0, 'component_left' => 'Quotes', 'component_middle' => '', 'component_right' => '', 'instance_left' => 'author', 'instance_middle' => '', 'instance_right' => 'qid', 'level' => ACCESS_READ); // get the quote $quote = DBUtil::selectObjectByID('quotes', $args['qid'], 'qid', null, $permFilter); // return the fetched object or false return $quote ? $quote : false; }
function edititem() { // Confirm the forms authorisation key $this->checkCsrfToken(); // get passed values $ot = FormUtil::getPassedValue('ot', 'address', 'POST'); $startnum = FormUtil::getPassedValue('startnum', 1, 'GET'); $letter = FormUtil::getPassedValue('letter', 0); $sort = FormUtil::getPassedValue('sort', ModUtil::getVar('AddressBook', 'addressbooktype') == 1 ? 'sortname ASC' : 'sortcompany ASC'); $search = FormUtil::getPassedValue('search', 0); $category = FormUtil::getPassedValue('category', 0); $private = FormUtil::getPassedValue('private', 0); $returnid = FormUtil::getPassedValue('returnid', 0, 'POST'); // build standard return url if (!empty($returnid)) { $url = ModUtil::url('AddressBook', 'user', 'display', array('id' => $returnid, 'ot' => $ot, 'startnum' => $startnum, 'letter' => $letter, 'sort' => $sort, 'search' => $search, 'category' => $category, 'private' => $private)); } else { $url = ModUtil::url('AddressBook', 'user', 'view', array('ot' => $ot, 'startnum' => $startnum, 'letter' => $letter, 'sort' => $sort, 'search' => $search, 'category' => $category, 'private' => $private)); } $object = new AddressBook_DBObject_Address(); //$data =& $object->getDataFromInput(); $data = $object->getDataFromInput(); // permission check if (UserUtil::isLoggedIn()) { $user_id = UserUtil::getVar('uid'); } else { $user_id = 0; } if (!(SecurityUtil::checkPermission('AddressBook::', '::', ACCESS_EDIT) || $user_id > 0 && $user_id == $data['user_id'])) { return LogUtil::registerPermissionError(); } // validation if (!$object->validate()) { return System::redirect(ModUtil::url('AddressBook', 'user', 'edit')); } // check for duplication request and return to the form if (FormUtil::getPassedValue('btn_duplicate', null, 'POST')) { $url = ModUtil::url('AddressBook', 'user', 'edit', array('ot' => $ot, 'id' => $data['id'], 'duplicate' => 1, 'startnum' => $startnum, 'letter' => $letter, 'sort' => $sort, 'search' => $search, 'category' => $category, 'private' => $private)); return System::redirect($url); } // check for company update - part 1: get the old data if (isset($data['id']) && $data['id']) { $oldObject = DBUtil::selectObjectByID('addressbook_address', $data['id']); if ($oldObject['company'] && ($oldObject['company'] != $data['company'] || $oldObject['address1'] != $data['address1'] || $oldObject['address2'] != $data['address2'] || $oldObject['zip'] != $data['zip'] || $oldObject['city'] != $data['city'] || $oldObject['state'] != $data['state'] || $oldObject['country'] != $data['country'])) { $companyHasChanged = true; $url = ModUtil::url('AddressBook', 'user', 'change_company', array('ot' => $ot, 'id' => $data['id'], 'oldvalue' => $oldObject['company'], 'startnum' => $startnum, 'letter' => $letter, 'sort' => $sort, 'search' => $search, 'category' => $category, 'private' => $private)); } } // save or update the object $object->save(); // create a status message LogUtil::registerStatus($this->__('Done! The address was saved.')); // clear respective cache ModUtil::apiFunc('AddressBook', 'user', 'clearItemCache', $data); // clear the the session from FailedObjects FormUtil::clearValidationFailedObjects('address'); // check for save and duplicate request and return to the form if (FormUtil::getPassedValue('btn_save_duplicate', null, 'POST')) { $url = ModUtil::url('AddressBook', 'user', 'edit', array('ot' => $ot, 'id' => $data['id'], 'duplicate' => 1, 'startnum' => $startnum, 'letter' => $letter, 'sort' => $sort, 'search' => $search, 'category' => $category, 'private' => $private)); } // return to standard return url return System::redirect($url); }
/** * get a specific item * @param $args['fid'] id of example item to get * @return mixed item array, or false on failure */ public function get($args) { // optional arguments if (isset($args['objectid'])) { $args['fid'] = $args['objectid']; } if ((!isset($args['fid']) || !is_numeric($args['fid'])) && !isset($args['title'])) { return LogUtil::registerArgsError(); } // define the permission filter to apply $permFilter = array(array('realm' => 0, 'component_left' => 'Feeds', 'component_right' => 'item', 'instance_left' => 'name', 'instance_right' => 'fid', 'level' => ACCESS_READ)); if (isset($args['fid']) && is_numeric($args['fid'])) { return DBUtil::selectObjectByID('feeds', $args['fid'], 'fid', '', $permFilter); } else { return DBUtil::selectObjectByID('feeds', $args['title'], 'urltitle', '', $permFilter); } }
/** * Gets a menu item * @author: Albert Pérez Monfort (aperezm@xtec.cat) * @param: id of the item to get * @return: An array with the item information */ public function get($args) { // Security check if (!SecurityUtil::checkPermission('IWmenu::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } // Needed arguments. if (!isset($args['mid'])) { return LogUtil::registerError($this->__('Error! Could not do what you wanted. Please check your input.')); } // get the objects from the db $items = DBUtil::selectObjectByID('IWmenu', $args['mid'], 'mid'); // Check for an error with the database code, and if so set an appropriate // error message and return if ($items === false) { return LogUtil::registerError($this->__('Error! Could not load items.')); } // Return the items return $items; }
public function getModuleConfigfromID($args) { $this->throwForbiddenUnless(SecurityUtil::checkPermission('Scribite::', '::', ACCESS_ADMIN), LogUtil::getErrorMsgPermission()); // Argument check if (!isset($args['mid'])) { return LogUtil::registerError($this->__('Error! Could not do what you wanted. Please check your input.')); } $item = DBUtil::selectObjectByID('scribite', $args['mid'], 'mid'); return $item; }
/** * Retorna el nom d'un element auxiliar contingut a la taula cataleg_auxiliar * a partir del seu auxId * * @param array $args Array amb els paràmetres de la funció * * ### Paràmetres de l'array $args: * * string **auxId** Identificador de l'element auxiliar * * @return string Nom de l'auxiliar */ public function getNomAux($auxId) { if (!SecurityUtil::checkPermission('Cataleg::', "::", ACCESS_READ)) { return false; } //Comprovem que el paràmetre hagi arribat correctament if (!isset($auxId) || !is_numeric($auxId)) { return LogUtil::registerError($this->__('No s\'han pogut obtenir les dades sol·licitades (getNomAux)')); } $registre = DBUtil::selectObjectByID('cataleg_auxiliar', $auxId, 'auxId'); // Retornem el nom corresponent al auxId sol·licitat return $registre['nom']; }
/** * Save new settings. * * @return boolean */ public function updateconfig() { $this->checkCsrfToken(); // Security check if (!SecurityUtil::checkPermission('Permissions::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } $error = false; $filter = (bool)FormUtil::getPassedValue('filter', false, 'POST'); $this->setVar('filter', $filter); $rowview = (int)FormUtil::getPassedValue('rowview', 25, 'POST'); $this->setVar('rowview', $rowview); $rowedit = (int)FormUtil::getPassedValue('rowedit', 35, 'POST'); $this->setVar('rowedit', $rowedit); $lockadmin = (bool)FormUtil::getPassedValue('lockadmin', false, 'POST'); $this->setVar('lockadmin', $lockadmin); $adminid = (int)FormUtil::getPassedValue('adminid', 1, 'POST'); if ($adminid <> 0) { $perm = DBUtil::selectObjectByID('group_perms', $adminid, 'pid'); if ($perm == false) { $adminid = 0; $error = true; } } $this->setVar('adminid', $adminid); // the module configuration has been updated successfuly if ($error == true) { LogUtil::registerStatus($this->__('Error! Could not save configuration: unknown permission rule ID.')); $this->redirect(ModUtil::url('Permissions', 'admin', 'modifyconfig')); } LogUtil::registerStatus($this->__('Done! Saved module configuration.')); $this->redirect(ModUtil::url('Permissions', 'admin', 'view')); }
/** * Update a dynamic user data item. * * Parameters passed in the $args array: * ------------------------------------- * int dudid The id of the item to be updated. * string label The name of the item to be updated. * * @param array $args All parameters passed to this function. * * @return bool True on success, false on failure. */ public function update($args) { // Argument check if (!isset($args['label']) || stristr($args['label'], '-') || !isset($args['dudid']) || !is_numeric($args['dudid'])) { return LogUtil::registerArgsError(); } // The user API function is called. $item = ModUtil::apiFunc('Profile', 'user', 'get', array('propid' => $args['dudid'])); if ($item == false) { return LogUtil::registerError($this->__('Error! No such personal info item found.')); } // Clean the label $permsep = System::getVar('shorturlsseparator'); // TODO - Original line: $args['label'] = str_replace($permsep, '', DataUtil::formatPermalink($args['label'])); // The above was converting the label to lower case, preventing update $args['label'] = str_replace($permsep, '', $args['label']); // Security check if (!SecurityUtil::checkPermission('Profile::Item', "$item[prop_label]::$args[dudid]", ACCESS_EDIT)) { return LogUtil::registerPermissionError(); } if (!SecurityUtil::checkPermission('Profile::Item', "$args[label]::$args[dudid]", ACCESS_EDIT)) { return LogUtil::registerPermissionError(); } // If there's a new label, check if it already exists if ($args['label'] <> $item['prop_label']) { $vitem = ModUtil::apiFunc('Profile', 'user', 'get', array('proplabel' => $args['label'])); if ($vitem) { return LogUtil::registerError($this->__("Error! There is already an personal info item with the label '%s'.", DataUtil::formatForDisplay($args['label']))); } } if (isset($args['prop_weight'])) { if ($args['prop_weight'] == 0) { unset($args['prop_weight']); } elseif ($args['prop_weight'] <> $item['prop_weight']) { $result = DBUtil::selectObjectByID('user_property', $args['prop_weight'], 'prop_weight'); $result['prop_weight'] = $item['prop_weight']; $dbtable = DBUtil::getTables(); $column = $dbtable['user_property_column']; $where = "$column[prop_weight] = '$args[prop_weight]' AND $column[prop_id] <> '$args[dudid]'"; DBUtil::updateObject($result, 'user_property', $where, 'prop_id'); } } // create the object to update $obj = array(); $obj['prop_id'] = $args['dudid']; $obj['prop_dtype'] = (isset($args['dtype']) ? $args['dtype'] : $item['prop_dtype']); $obj['prop_weight'] = (isset($args['prop_weight']) ? $args['prop_weight'] : $item['prop_weight']); // assumes if displaytype is set, all the validation info is if (isset($args['displaytype'])) { // a checkbox can't be required if ($args['displaytype'] == 2 && $args['required']) { $args['required'] = 0; } // Produce the validation array $args['listoptions'] = str_replace(Chr(10), '', str_replace(Chr(13), '', $args['listoptions'])); $validationinfo = array('required' => $args['required'], 'viewby' => $args['viewby'], 'displaytype' => $args['displaytype'], 'listoptions' => $args['listoptions'], 'note' => $args['note']); $obj['prop_validation'] = serialize($validationinfo); } // let to modify the label for normal fields only if ($item['prop_dtype'] == 1) { $obj['prop_label'] = $args['label']; } // before update it search for option ID change // to update the respective user's data if ($obj['prop_validation'] != $item['prop_validation']) { ModUtil::apiFunc('Profile', 'dud', 'updatedata', array('item' => $item['prop_validation'], 'newitem' => $obj['prop_validation'])); } $res = DBUtil::updateObject($obj, 'user_property', '', 'prop_id'); // Check for an error with the database code if (!$res) { return LogUtil::registerError($this->__('Error! Could not save your changes.')); } // Let the calling process know that we have finished successfully return true; }
/** * Decrement sequence number of a permission. * * @param string $args ['type'] the type of the permission to decrement (user or group). * @param int $args ['pid'] the ID of the permission to decrement. * * @return boolean true on success, false on failure. */ public function dec($args) { // Security check if (!SecurityUtil::checkPermission('Permissions::', "group::{$args['pid']}", ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } // Argument check if (!isset($args['pid'])) { return LogUtil::registerArgsError(); } // Work out which tables to operate against $dbtable = DBUtil::getTables(); $permcolumn = $dbtable['group_perms_column']; if (!is_null($args['permgrp']) && $args['permgrp'] != SecurityUtil::PERMS_ALL) { $where = " AND ({$permcolumn['gid']}=" . SecurityUtil::PERMS_ALL . " OR {$permcolumn['gid']}='" . (int) DataUtil::formatForStore($args['permgrp']) . "')"; $showpartly = true; } else { $where = ''; $showpartly = false; } // Get info on current perm $result = DBUtil::selectObjectByID('group_perms', $args['pid'], 'pid'); if (!$result) { return LogUtil::registerError($this->__f('Error! Permission rule ID %s does not exist.', $args['pid'])); } $sequence = $result['sequence']; $maxsequence = $this->maxsequence(array('column' => 'sequence')); if ($sequence != $maxsequence) { $altsequence = $sequence + 1; // Get info on displaced perm // Filter-view: added extra check to select-query $where = "WHERE {$permcolumn['sequence']} = '" . (int) DataUtil::formatForStore($altsequence) . "' {$where}"; $result = DBUtil::selectObject('group_perms', $where); if (!$result) { if ($showpartly) { // Filter-view // Changing the sequence by moving while in partial view may only be done if there // are no invisible permissions inbetween that might be affected by the move. LogUtil::registerError($this->__('Error! Permission rule-swapping in partial view can only be done if both affected permission rules are visible. Please switch to full view.')); } else { LogUtil::registerError($this->__('Error! No permission rule directly below that one.')); } return false; } $altpid = $result['pid']; // Swap sequence numbers $where = "WHERE {$permcolumn['pid']} = '" . (int) DataUtil::formatForStore($altpid) . "'"; $obj = array('sequence' => $sequence); DBUtil::updateObject($obj, 'group_perms', $where, 'pid'); $where = "WHERE {$permcolumn['pid']} = '" . DataUtil::formatForStore($args['pid']) . "'"; $obj = array('sequence' => $altsequence); DBUtil::updateObject($obj, 'group_perms', $where, 'pid'); } return true; }
public function deltema($args) { //$ftid = FormUtil::getPassedValue('ftid', isset($args['ftid']) ? $args['ftid'] : null, 'POST'); //$fid = FormUtil::getPassedValue('fid', isset($args['fid']) ? $args['fid'] : null, 'POST'); $fid = $this->request->getPost()->get('fid', ''); $ftid = $this->request->getPost()->get('ftid', ''); //$ftid = isset($args['ftid']) ? $args['ftid'] : null; //$fid = isset($args['fid']) ? $args['fid'] : null; $force = isset($args['force']) ? $args['force'] : false; // Security check if (!SecurityUtil::checkPermission('IWforums::', '::', ACCESS_READ)) { return LogUtil::registerPermissionError(); } // Arguments check if (!isset($ftid) || !isset($fid)) { return LogUtil::registerError("Function deltema: ".$this->__('Error! Could not do what you wanted. Please check your input.')); } //Cridem la funcié get que retorna les dades $link = ModUtil::apiFunc('IWforums', 'user', 'get_tema', array('ftid' => $ftid, 'fid' => $fid)); //Comprovem que el registre efectivament existeix i, per tant, es podrà esborrar if ($link == false) { return LogUtil::registerError($this->__('No messages have been found')); } //check if user can access the forum if (is_null($fid)) { $topic = DBUtil::selectObjectByID('IWforums_temes', $ftid, 'ftid'); $fid = $topic['fid']; } $access = ModUtil::func('IWforums', 'user', 'access', array('fid' => $fid)); if (($access < 4) && (!$force)) { return LogUtil::registerError($this->__('You can\'t access the forum')); } $pntable = DBUtil::getTables(); $t = $pntable['IWforums_temes']; $c = $pntable['IWforums_temes_column']; $t2 = $pntable['IWforums_msg']; $c2 = $pntable['IWforums_msg_column']; //get messages files //$files = ModUtil::apiFunc('IWforums', 'user', 'get_adjunts', array('fid' => $fid)); $files = ModUtil::apiFunc('IWforums', 'user', 'get_adjunts', array('ftid' => $ftid, 'mode' => 't')); //delete messages files foreach ($files as $file) { //if (false){ $filePath = ModUtil::getVar('IWmain', 'documentRoot') . '/' . ModUtil::getVar('IWforums', 'urladjunts') . '/' . $file['adjunt']; if (file_exists($filePath)) unlink($filePath); //} } // Messages deletion $where = "$c2[ftid]=$ftid"; if (!DBUtil::deleteWhere('IWforums_msg', $where)) { return LogUtil::registerError($this->__('An error has occurred while deleting the message')); } // record deletion if (!DBUtil::deleteWhere('IWforums_temes', $where)) { return LogUtil::registerError($this->__('An error has occurred while deleting the message')); } //Retornem true ja que el procés ha finalitzat amb éxit return true; }
public function checkPermission($args = array()) { // A guest will have no permission if (!UserUtil::isLoggedIn()) { return false; } // own comments = ok $uid = UserUtil::getVar('uid'); $auid = isset($args['uid']) ? $args['uid'] : 0; if ($uid == $auid) { return true; } // parameter check if (!isset($args['commentid'])) { $args['commentid'] = ''; } if (!isset($args['level'])) { $args['level'] = ACCESS_COMMENT; } if (!isset($args['module']) || !isset($args['objectid'])) { return false; } $inst = "$args[module]:$args[objectid]:$args[commentid]"; // regular securityUtil::checkPermission check. Return true on success if (SecurityUtil::checkPermission('EZComments::', $inst, $args['level'])) { return true; } if (($args['owneruid'] == $uid) && ($args['owneruid'] > 1)) return true; if (!empty($args['commentid'])) { // otherwise: get the comment, check the uid and return the result $comment = DBUtil::selectObjectByID('EZComments', $args['commentid']); if (($comment['owneruid'] == $uid) || ($comment['uid'] == $uid)) { return true; } } // otherwise return false because no security check had a positive result return false; }
/** * Log search query for search statistics. */ public function log($args) { $searchterms = DataUtil::formatForStore($args['q']); $obj = DBUtil::selectObjectByID('search_stat', $searchterms, 'search'); $newobj['count'] = isset($obj['count']) ? $obj['count'] + 1 : 1; $newobj['date'] = date('Y-m-d H:i:s'); $newobj['search'] = $searchterms; if (!isset($obj) || empty($obj)) { $res = DBUtil::insertObject($newobj, 'search_stat'); } else { $res = DBUtil::updateObject($newobj, 'search_stat', '', 'search'); } if (!$res) { return false; } return true; }
/** * get a note * @author: Albert Pérez Monfort (aperezm@xtec.cat) * @param: id of the note * @return: An array with the note information */ public function getNote($args) { $fmid = (isset($args['fmid'])) ? $args['fmid'] : null; // Security check if (!SecurityUtil::checkPermission('IWforms::', '::', ACCESS_READ)) { return LogUtil::registerPermissionError(); } // Needed argument if ($fmid == null || !is_numeric($fmid)) { return LogUtil::registerError($this->__('Error! Could not do what you wanted. Please check your input.')); } $items = DBUtil::selectObjectByID('IWforms', $fmid, 'fmid'); // Check for an error with the database code, and if so set an appropriate // error message and return if ($items === false) { return LogUtil::registerError($this->__('Error! Could not load items.')); } // Return the items return $items; }
/** * Delete a permission * * @param pid the permission id * @return mixed the id of the permission that has been deleted or Ajax error */ public function deletepermission() { $this->checkAjaxToken(); $this->throwForbiddenUnless(SecurityUtil::checkPermission('Permissions::', '::', ACCESS_ADMIN)); $pid = (int) $this->request->getPost()->get('pid'); // check if this is the overall admin permssion and return if this shall be deleted $perm = DBUtil::selectObjectByID('group_perms', $pid, 'pid'); if ($perm['pid'] == 1 && $perm['level'] == ACCESS_ADMIN && $perm['component'] == '.*' && $perm['instance'] == '.*') { throw new Zikula_Exception_Fatal($this->__('Notice: You cannot delete the main administration permission rule.')); } if (ModUtil::apiFunc('Permissions', 'admin', 'delete', array('pid' => $pid)) == true) { if ($pid == $this->getVar('adminid')) { $this->setVar('adminid', 0); $this->setVar('lockadmin', false); } return new Zikula_Response_Ajax(array('pid' => $pid)); } throw new Zikula_Exception_Fatal($this->__f('Error! Could not delete permission rule with ID %s.', $pid)); }
/** * Profile_Manager function to retrieve the dynamic data to the user object. * * Parameters passed in the $args array: * ------------------------------------- * numeric uid The user id of the user for which the data is to be inserted. * array dynadata The user data to insert, indexed by prop_attribute_name; required, however can be passed by a GET, POST, REQUEST, COOKIE, or SESSION variable. * * @param array $args All parameters passed to this function. * * @return array The dynadata array as an array element in the '__ATTRIBUTES__' index of a new array, merged with existing user * attributes if the uid is supplied and is a valid user, unchanged (not merged) if the uid is not supplied or does * not refer to an existing user, or an empty array if the dynadata is not supplied or is empty. */ public function insertdyndata($args) { if (!isset($args['dynadata'])) { throw new Zikula_Exception_Fatal($this->__f('Missing dynamic data array in call to %1$s', array('checkrequired'))); } $dynadata = $args['dynadata']; // Validate if there's no dynadata // do not touch the __ATTRIBUTES__ field if (empty($dynadata)) { return array(); } // Validate if it's an existing user if (!isset($args['uid'])) { return array('__ATTRIBUTES__' => $dynadata); } // Needs to merge the existing attributes to not delete any of them $user = DBUtil::selectObjectByID('users', $args['uid'], 'uid'); if ($user === false || !isset($user['__ATTRIBUTES__'])) { return array('__ATTRIBUTES__' => $dynadata); } // attach the dynadata as attributes to the user object return array('__ATTRIBUTES__' => array_merge($user['__ATTRIBUTES__'], $dynadata)); }
/** * Delete a block. * * @param int $args ['bid'] the ID of the block to delete. * * @return bool true on success, false on failure. */ public function delete($args) { // Argument check if (!isset($args['bid']) || !is_numeric($args['bid'])) { return LogUtil::registerArgsError(); } $block = DBUtil::selectObjectByID('blocks', $args['bid'], 'bid'); // Security check if (!SecurityUtil::checkPermission('Blocks::', "{$block['bkey']}:{$block['title']}:{$block['bid']}", ACCESS_DELETE)) { return LogUtil::registerPermissionError(); } // delete block placements for this block $res = DBUtil::deleteObjectByID('block_placements', $args['bid'], 'bid'); if (!$res) { return LogUtil::registerError($this->__('Error! Could not perform the deletion.')); } // delete the block itself $res = DBUtil::deleteObjectByID('blocks', $args['bid'], 'bid'); if (!$res) { return LogUtil::registerError($this->__('Error! Could not perform the deletion.')); } return true; }
public function cloneContent($args) { $contentId = (int) $args['id']; $cloneTranslation = isset($newPage['translation']) ? $newPage['translation'] : true; $addVersion = isset($args['addVersion']) ? $args['addVersion'] : true; $contentData = DBUtil::selectObjectByID('content_content', $contentId); if ($contentData === false) { return false; } $contentData['position']++; unset($contentData['id']); if (!$this->contentMoveContentDown($contentData['position'], $contentData['areaIndex'], $contentData['pageId'])) { return false; } DBUtil::insertObject($contentData, 'content_content'); $newContentId = $contentData['id']; $this->cloneContentAdditions($contentId, $newContentId, $cloneTranslation); if ($addVersion) { $ok = ModUtil::apiFunc('Content', 'History', 'addPageVersion', array('pageId' => $pageId, 'action' => '_CONTENT_HISTORYCONTENTADDED')); if ($ok === false) { return false; } } Content_Util::clearCache(); return $newContentId; }