It validates the postback by looking at a transient value that was rendered using $this->Open()
and submitted with the form. Ref: http://en.wikipedia.org/wiki/Cross-site_request_forgery
| public authenticatedPostBack ( boolean $throw = false ) : boolean | ||
| $throw | boolean | Whether or not to throw an exception if this is a postback AND the transient key doesn't validate. |
| return | boolean | Returns true if the postback could be authenticated or false otherwise. |
/**
*
* @param Gdn_Controller $Sender
* @throws Exception
*/
public function __construct($Sender = null)
{
if (property_exists($Sender, 'Conversation')) {
$this->Conversation = $Sender->Conversation;
}
// Allowed to use this module?
$this->AddUserAllowed = $Sender->ConversationModel->addUserAllowed($this->Conversation->ConversationID);
$this->Form = Gdn::factory('Form', 'AddPeople');
// If the form was posted back, check for people to add to the conversation
if ($this->Form->authenticatedPostBack()) {
// Defer exceptions until they try to use the form so we don't fill our logs
if (!$this->AddUserAllowed || !checkPermission('Conversations.Conversations.Add')) {
throw permissionException();
}
$NewRecipientUserIDs = array();
$NewRecipients = explode(',', $this->Form->getFormValue('AddPeople', ''));
$UserModel = Gdn::factory("UserModel");
foreach ($NewRecipients as $Name) {
if (trim($Name) != '') {
$User = $UserModel->getByUsername(trim($Name));
if (is_object($User)) {
$NewRecipientUserIDs[] = $User->UserID;
}
}
}
$Sender->ConversationModel->addUserToConversation($this->Conversation->ConversationID, $NewRecipientUserIDs);
$Sender->informMessage(t('Your changes were saved.'));
$Sender->RedirectUrl = url('/messages/' . $this->Conversation->ConversationID);
}
$this->_ApplicationFolder = $Sender->Application;
$this->_ThemeFolder = $Sender->Theme;
}
/**
* Prompts new admins how to get started using new install.
*
* @since 2.0.0
* @access public
*/
public function gettingStarted()
{
$this->permission('Garden.Settings.Manage');
$this->setData('Title', t('Getting Started'));
$this->addSideMenu('dashboard/settings/gettingstarted');
$this->TextEnterEmails = t('TextEnterEmails', 'Type email addresses separated by commas here');
if ($this->Form->authenticatedPostBack()) {
// Do invitations to new members.
$Message = $this->Form->getFormValue('InvitationMessage');
$Message = trim($Message);
$Recipients = $this->Form->getFormValue('Recipients');
if ($Recipients == $this->TextEnterEmails) {
$Recipients = '';
}
$Recipients = explode(',', $Recipients);
$CountRecipients = 0;
foreach ($Recipients as $Recipient) {
if (trim($Recipient) != '') {
$CountRecipients++;
if (!validateEmail($Recipient)) {
$this->Form->addError(sprintf(t('%s is not a valid email address'), $Recipient));
}
}
}
if ($CountRecipients == 0) {
$this->Form->addError(t('You must provide at least one recipient'));
}
if ($this->Form->errorCount() == 0) {
$Email = new Gdn_Email();
$Email->subject(t('Check out my new community!'));
$emailTemplate = $Email->getEmailTemplate();
$emailTemplate->setMessage($Message, true)->setButton(externalUrl('/'), t('Check it out'));
$Email->setEmailTemplate($emailTemplate);
foreach ($Recipients as $Recipient) {
if (trim($Recipient) != '') {
$Email->to($Recipient);
try {
$Email->send();
} catch (Exception $ex) {
$this->Form->addError($ex);
}
}
}
}
if ($this->Form->errorCount() == 0) {
$this->informMessage(t('Your invitations were sent successfully.'));
}
}
$this->render();
}
/**
* Enable or disable the use of categories in Vanilla.
*
* @param bool $enabled Whether or not to enable/disable categories.
* @throws Exception Throws an exception if accessed through an invalid post back.
*/
public function enableCategories($enabled)
{
$this->permission('Garden.Settings.Manage');
if ($this->Form->authenticatedPostBack()) {
$enabled = (bool) $enabled;
saveToConfig('Vanilla.Categories.Use', $enabled);
$this->setData('Enabled', $enabled);
if ($this->deliveryType() !== DELIVERY_TYPE_DATA) {
$this->RedirectUrl = url('/vanilla/settings/managecategories');
}
} else {
throw forbiddenException('GET');
}
return $this->render('Blank', 'Utility', 'Dashboard');
}
/**
* Leave a conversation that a user is participating in.
*
* @param int $conversationID The ID of the conversation to leave.
*/
public function leave($conversationID)
{
if (!Gdn::session()->UserID) {
throw new Gdn_UserException('You must be signed in.', 403);
}
// Make sure the user has participated in the conversation before.
$row = Gdn::sql()->getWhere('UserConversation', ['ConversationID' => $conversationID, 'UserID' => Gdn::session()->UserID])->firstRow();
if (!$row) {
throw notFoundException('Conversation');
}
if ($this->Form->authenticatedPostBack(true)) {
$this->ConversationModel->clear($conversationID, Gdn::session()->UserID);
$this->RedirectUrl = url('/messages/all');
}
$this->title(t('Leave Conversation'));
$this->render();
}
/**
* Manage options for a mobile theme.
*
* @since 2.0.0
* @access public
* @todo Why is this in a giant try/catch block?
*/
public function mobileThemeOptions()
{
$this->permission('Garden.Settings.Manage');
try {
$this->addJsFile('addons.js');
$this->setHighlightRoute('dashboard/settings/mobilethemeoptions');
$ThemeManager = Gdn::themeManager();
$EnabledThemeName = $ThemeManager->mobileTheme();
$EnabledThemeInfo = $ThemeManager->getThemeInfo($EnabledThemeName);
$this->setData('ThemeInfo', $EnabledThemeInfo);
if ($this->Form->authenticatedPostBack()) {
// Save the styles to the config.
$StyleKey = $this->Form->getFormValue('StyleKey');
$ConfigSaveData = array('Garden.MobileThemeOptions.Styles.Key' => $StyleKey, 'Garden.MobileThemeOptions.Styles.Value' => $this->data("ThemeInfo.Options.Styles.{$StyleKey}.Basename"));
// Save the text to the locale.
$Translations = array();
foreach ($this->data('ThemeInfo.Options.Text', array()) as $Key => $Default) {
$Value = $this->Form->getFormValue($this->Form->escapeString('Text_' . $Key));
$ConfigSaveData["ThemeOption.{$Key}"] = $Value;
//$this->Form->setFormValue('Text_'.$Key, $Value);
}
saveToConfig($ConfigSaveData);
$this->fireEvent['AfterSaveThemeOptions'];
$this->informMessage(t("Your changes have been saved."));
}
$this->setData('ThemeOptions', c('Garden.MobileThemeOptions'));
$StyleKey = $this->data('ThemeOptions.Styles.Key');
if (!$this->Form->authenticatedPostBack()) {
foreach ($this->data('ThemeInfo.Options.Text', array()) as $Key => $Options) {
$Default = val('Default', $Options, '');
$Value = c("ThemeOption.{$Key}", '#DEFAULT#');
if ($Value === '#DEFAULT#') {
$Value = $Default;
}
$this->Form->setFormValue($this->Form->escapeString('Text_' . $Key), $Value);
}
}
$this->setData('ThemeFolder', $EnabledThemeName);
$this->title(t('Mobile Theme Options'));
$this->Form->addHidden('StyleKey', $StyleKey);
} catch (Exception $Ex) {
$this->Form->addError($Ex);
}
$this->render('themeoptions');
}
/**
* Revoke an invitation.
*
* @since 2.0.0
* @param int $InvitationID Unique identifier.
* @throws Exception Throws an exception when the invitation isn't found or the user doesn't have permission to delete it.
*/
public function uninvite($InvitationID)
{
$this->permission('Garden.SignIn.Allow');
if (!$this->Form->authenticatedPostBack()) {
throw forbiddenException('GET');
}
$InvitationModel = new InvitationModel();
$Session = Gdn::session();
try {
$Valid = $InvitationModel->delete($InvitationID, $this->UserModel);
if ($Valid) {
$this->informMessage(t('The invitation was removed successfully.'));
$this->jsonTarget(".js-invitation[data-id=\"{$InvitationID}\"]", '', 'SlideUp');
}
} catch (Exception $ex) {
$this->Form->addError(strip_tags($ex->getMessage()));
}
if ($this->Form->errorCount() == 0) {
$this->render('Blank', 'Utility');
}
}
/**
* Set the icon for an addon.
*
* @param int $AddonID Specified addon id.
* @throws Exception Addon not found.
*/
public function icon($AddonID = '')
{
$Session = Gdn::session();
if (!$Session->isValid()) {
$this->Form->addError('You must be authenticated in order to use this form.');
}
$Addon = $this->AddonModel->getID($AddonID);
if (!$Addon) {
throw notFoundException('Addon');
}
if ($Session->UserID != $Addon['InsertUserID']) {
$this->permission('Addons.Addon.Manage');
}
$this->addModule('AddonHelpModule', 'Panel');
$this->Form->setModel($this->AddonModel);
$this->Form->addHidden('AddonID', $AddonID);
if ($this->Form->authenticatedPostBack()) {
$UploadImage = new Gdn_UploadImage();
try {
// Validate the upload
$imageLocation = $UploadImage->validateUpload('Icon');
$TargetImage = $this->saveIcon($imageLocation);
} catch (Exception $ex) {
$this->Form->addError($ex);
}
// If there were no errors, remove the old picture and insert the picture
if ($this->Form->errorCount() == 0) {
if ($Addon['Icon']) {
$UploadImage->delete($Addon['Icon']);
}
$this->AddonModel->save(array('AddonID' => $AddonID, 'Icon' => $TargetImage));
}
// If there were no problems, redirect back to the addon
if ($this->Form->errorCount() == 0) {
$this->RedirectUrl = Url('/addon/' . AddonModel::slug($Addon));
}
}
$this->render();
}
/**
* Edit a user account.
*
* @since 2.0.0
* @access public
* @param int $UserID Unique ID.
*/
public function edit($UserID)
{
$this->permission('Garden.Users.Edit');
// Page setup
$this->addJsFile('user.js');
$this->title(t('Edit User'));
$this->addSideMenu('dashboard/user');
// Only admins can reassign roles
$RoleModel = new RoleModel();
$AllRoles = $RoleModel->getArray();
$RoleData = $RoleModel->getAssignable();
$UserModel = new UserModel();
$User = $UserModel->getID($UserID, DATASET_TYPE_ARRAY);
// Determine if username can be edited
$CanEditUsername = (bool) c("Garden.Profile.EditUsernames") || Gdn::session()->checkPermission('Garden.Users.Edit');
$this->setData('_CanEditUsername', $CanEditUsername);
// Determine if emails can be edited
$CanEditEmail = Gdn::session()->checkPermission('Garden.Users.Edit');
$this->setData('_CanEditEmail', $CanEditEmail);
// Decide if they have ability to confirm users
$Confirmed = (bool) valr('Confirmed', $User);
$CanConfirmEmail = UserModel::RequireConfirmEmail() && Gdn::session()->checkPermission('Garden.Users.Edit');
$this->setData('_CanConfirmEmail', $CanConfirmEmail);
$this->setData('_EmailConfirmed', $Confirmed);
$User['ConfirmEmail'] = (int) $Confirmed;
// Determine whether user being edited is privileged (can escalate permissions)
$UserModel = new UserModel();
$EditingPrivilegedUser = $UserModel->checkPermission($User, 'Garden.Settings.Manage');
// Determine our password reset options
// Anyone with user editing my force reset over email
$this->ResetOptions = array(0 => t('Keep current password.'), 'Auto' => t('Force user to reset their password and send email notification.'));
// Only admins may manually reset passwords for other admins
if (checkPermission('Garden.Settings.Manage') || !$EditingPrivilegedUser) {
$this->ResetOptions['Manual'] = t('Manually set user password. No email notification.');
}
// Set the model on the form.
$this->Form->setModel($UserModel);
// Make sure the form knows which item we are editing.
$this->Form->addHidden('UserID', $UserID);
try {
$AllowEditing = true;
$this->EventArguments['AllowEditing'] =& $AllowEditing;
$this->EventArguments['TargetUser'] =& $User;
// These are all the 'effective' roles for this edit action. This list can
// be trimmed down from the real list to allow subsets of roles to be
// edited.
$this->EventArguments['RoleData'] =& $RoleData;
$UserRoleData = $UserModel->getRoles($UserID)->resultArray();
$RoleIDs = array_column($UserRoleData, 'RoleID');
$RoleNames = array_column($UserRoleData, 'Name');
$UserRoleData = arrayCombine($RoleIDs, $RoleNames);
$this->EventArguments['UserRoleData'] =& $UserRoleData;
$this->fireEvent("BeforeUserEdit");
$this->setData('AllowEditing', $AllowEditing);
$this->Form->setData($User);
if ($this->Form->authenticatedPostBack()) {
if (!$CanEditUsername) {
$this->Form->setFormValue("Name", $User['Name']);
}
// Allow mods to confirm/unconfirm emails
$this->Form->removeFormValue('Confirmed');
$Confirmation = $this->Form->getFormValue('ConfirmEmail', null);
$Confirmation = !is_null($Confirmation) ? (bool) $Confirmation : null;
if ($CanConfirmEmail && is_bool($Confirmation)) {
$this->Form->setFormValue('Confirmed', (int) $Confirmation);
}
$ResetPassword = $this->Form->getValue('ResetPassword', false);
// If we're an admin or this isn't a privileged user, allow manual setting of password
$AllowManualReset = checkPermission('Garden.Settings.Manage') || !$EditingPrivilegedUser;
if ($ResetPassword == 'Manual' && $AllowManualReset) {
// If a new password was specified, add it to the form's collection
$NewPassword = $this->Form->getValue('NewPassword', '');
$this->Form->setFormValue('Password', $NewPassword);
}
// Role changes
// These are the new roles the editing user wishes to apply to the target
// user, adjusted for his ability to affect those roles
$RequestedRoles = $this->Form->getFormValue('RoleID');
if (!is_array($RequestedRoles)) {
$RequestedRoles = array();
}
$RequestedRoles = array_flip($RequestedRoles);
$UserNewRoles = array_intersect_key($RoleData, $RequestedRoles);
// These roles will stay turned on regardless of the form submission contents
// because the editing user does not have permission to modify them
$ImmutableRoles = array_diff_key($AllRoles, $RoleData);
$UserImmutableRoles = array_intersect_key($ImmutableRoles, $UserRoleData);
// Apply immutable roles
foreach ($UserImmutableRoles as $IMRoleID => $IMRoleName) {
$UserNewRoles[$IMRoleID] = $IMRoleName;
}
// Put the data back into the forum object as if the user had submitted
// this themselves
$this->Form->setFormValue('RoleID', array_keys($UserNewRoles));
if ($this->Form->save(array('SaveRoles' => true)) !== false) {
if ($this->Form->getValue('ResetPassword', '') == 'Auto') {
$UserModel->PasswordRequest($User['Email']);
$UserModel->setField($UserID, 'HashMethod', 'Reset');
}
$this->informMessage(t('Your changes have been saved.'));
}
$UserRoleData = $UserNewRoles;
}
} catch (Exception $Ex) {
$this->Form->addError($Ex);
}
$this->setData('User', $User);
$this->setData('Roles', $RoleData);
$this->setData('UserRoles', $UserRoleData);
$this->render();
}
/**
* Create or update a comment.
*
* @since 2.0.0
* @access public
*
* @param int $DiscussionID Unique ID to add the comment to. If blank, this method will throw an error.
*/
public function comment($DiscussionID = '')
{
// Get $DiscussionID from RequestArgs if valid
if ($DiscussionID == '' && count($this->RequestArgs)) {
if (is_numeric($this->RequestArgs[0])) {
$DiscussionID = $this->RequestArgs[0];
}
}
// If invalid $DiscussionID, get from form.
$this->Form->setModel($this->CommentModel);
$DiscussionID = is_numeric($DiscussionID) ? $DiscussionID : $this->Form->getFormValue('DiscussionID', 0);
// Set discussion data
$this->DiscussionID = $DiscussionID;
$this->Discussion = $Discussion = $this->DiscussionModel->getID($DiscussionID);
// Is this an embedded comment being posted to a discussion that doesn't exist yet?
$vanilla_type = $this->Form->getFormValue('vanilla_type', '');
$vanilla_url = $this->Form->getFormValue('vanilla_url', '');
$vanilla_category_id = $this->Form->getFormValue('vanilla_category_id', '');
$Attributes = array('ForeignUrl' => $vanilla_url);
$vanilla_identifier = $this->Form->getFormValue('vanilla_identifier', '');
$isEmbeddedComments = $vanilla_url != '' && $vanilla_identifier != '';
// Only allow vanilla identifiers of 32 chars or less - md5 if larger
if (strlen($vanilla_identifier) > 32) {
$Attributes['vanilla_identifier'] = $vanilla_identifier;
$vanilla_identifier = md5($vanilla_identifier);
}
if (!$Discussion && $isEmbeddedComments) {
$Discussion = $Discussion = $this->DiscussionModel->getForeignID($vanilla_identifier, $vanilla_type);
if ($Discussion) {
$this->DiscussionID = $DiscussionID = $Discussion->DiscussionID;
$this->Form->setValue('DiscussionID', $DiscussionID);
}
}
// If so, create it!
if (!$Discussion && $isEmbeddedComments) {
// Add these values back to the form if they exist!
$this->Form->addHidden('vanilla_identifier', $vanilla_identifier);
$this->Form->addHidden('vanilla_type', $vanilla_type);
$this->Form->addHidden('vanilla_url', $vanilla_url);
$this->Form->addHidden('vanilla_category_id', $vanilla_category_id);
$PageInfo = fetchPageInfo($vanilla_url);
if (!($Title = $this->Form->getFormValue('Name'))) {
$Title = val('Title', $PageInfo, '');
if ($Title == '') {
$Title = t('Undefined discussion subject.');
if (!empty($PageInfo['Exception']) && $PageInfo['Exception'] === "Couldn't connect to host.") {
$Title .= ' ' . t('Page timed out.');
}
}
}
$Description = val('Description', $PageInfo, '');
$Images = val('Images', $PageInfo, array());
$LinkText = t('EmbededDiscussionLinkText', 'Read the full story here');
if (!$Description && count($Images) == 0) {
$Body = formatString('<p><a href="{Url}">{LinkText}</a></p>', array('Url' => $vanilla_url, 'LinkText' => $LinkText));
} else {
$Body = formatString('
<div class="EmbeddedContent">{Image}<strong>{Title}</strong>
<p>{Excerpt}</p>
<p><a href="{Url}">{LinkText}</a></p>
<div class="ClearFix"></div>
</div>', array('Title' => $Title, 'Excerpt' => $Description, 'Image' => count($Images) > 0 ? img(val(0, $Images), array('class' => 'LeftAlign')) : '', 'Url' => $vanilla_url, 'LinkText' => $LinkText));
}
if ($Body == '') {
$Body = $vanilla_url;
}
if ($Body == '') {
$Body = t('Undefined discussion body.');
}
// Validate the CategoryID for inserting.
$Category = CategoryModel::categories($vanilla_category_id);
if (!$Category) {
$vanilla_category_id = c('Vanilla.Embed.DefaultCategoryID', 0);
if ($vanilla_category_id <= 0) {
// No default category defined, so grab the first non-root category and use that.
$vanilla_category_id = $this->DiscussionModel->SQL->select('CategoryID')->from('Category')->where('CategoryID >', 0)->get()->firstRow()->CategoryID;
// No categories in the db? default to 0
if (!$vanilla_category_id) {
$vanilla_category_id = 0;
}
}
} else {
$vanilla_category_id = $Category['CategoryID'];
}
$EmbedUserID = c('Garden.Embed.UserID');
if ($EmbedUserID) {
$EmbedUser = Gdn::userModel()->getID($EmbedUserID);
}
if (!$EmbedUserID || !$EmbedUser) {
$EmbedUserID = Gdn::userModel()->getSystemUserID();
}
$EmbeddedDiscussionData = array('InsertUserID' => $EmbedUserID, 'DateInserted' => Gdn_Format::toDateTime(), 'DateUpdated' => Gdn_Format::toDateTime(), 'CategoryID' => $vanilla_category_id, 'ForeignID' => $vanilla_identifier, 'Type' => $vanilla_type, 'Name' => $Title, 'Body' => $Body, 'Format' => 'Html', 'Attributes' => dbencode($Attributes));
$this->EventArguments['Discussion'] =& $EmbeddedDiscussionData;
$this->fireEvent('BeforeEmbedDiscussion');
$DiscussionID = $this->DiscussionModel->SQL->insert('Discussion', $EmbeddedDiscussionData);
$ValidationResults = $this->DiscussionModel->validationResults();
if (count($ValidationResults) == 0 && $DiscussionID > 0) {
$this->Form->addHidden('DiscussionID', $DiscussionID);
// Put this in the form so reposts won't cause new discussions.
$this->Form->setFormValue('DiscussionID', $DiscussionID);
// Put this in the form values so it is used when saving comments.
$this->setJson('DiscussionID', $DiscussionID);
$this->Discussion = $Discussion = $this->DiscussionModel->getID($DiscussionID, DATASET_TYPE_OBJECT, array('Slave' => false));
// Update the category discussion count
if ($vanilla_category_id > 0) {
$this->DiscussionModel->updateDiscussionCount($vanilla_category_id, $DiscussionID);
}
}
}
// If no discussion was found, error out
if (!$Discussion) {
$this->Form->addError(t('Failed to find discussion for commenting.'));
}
/**
* Special care is taken for embedded comments. Since we don't currently use an advanced editor for these
* comments, we may need to apply certain filters and fixes to the data to maintain its intended display
* with the input format (e.g. maintaining newlines).
*/
if ($isEmbeddedComments) {
$inputFormatter = $this->Form->getFormValue('Format', c('Garden.InputFormatter'));
switch ($inputFormatter) {
case 'Wysiwyg':
$this->Form->setFormValue('Body', nl2br($this->Form->getFormValue('Body')));
break;
}
}
$PermissionCategoryID = val('PermissionCategoryID', $Discussion);
// Setup head
$this->addJsFile('jquery.autosize.min.js');
$this->addJsFile('autosave.js');
$this->addJsFile('post.js');
// Setup comment model, $CommentID, $DraftID
$Session = Gdn::session();
$CommentID = isset($this->Comment) && property_exists($this->Comment, 'CommentID') ? $this->Comment->CommentID : '';
$DraftID = isset($this->Comment) && property_exists($this->Comment, 'DraftID') ? $this->Comment->DraftID : '';
$this->EventArguments['CommentID'] = $CommentID;
$this->EventArguments['DraftID'] = $DraftID;
// Determine whether we are editing
$Editing = $CommentID > 0 || $DraftID > 0;
$this->EventArguments['Editing'] = $Editing;
// If closed, cancel & go to discussion
if ($Discussion && $Discussion->Closed == 1 && !$Editing && !$Session->checkPermission('Vanilla.Discussions.Close', true, 'Category', $PermissionCategoryID)) {
redirect(DiscussionUrl($Discussion));
}
// Add hidden IDs to form
$this->Form->addHidden('DiscussionID', $DiscussionID);
$this->Form->addHidden('CommentID', $CommentID);
$this->Form->addHidden('DraftID', $DraftID, true);
// Check permissions
if ($Discussion && $Editing) {
// Permission to edit
if ($this->Comment->InsertUserID != $Session->UserID) {
$this->permission('Vanilla.Comments.Edit', true, 'Category', $Discussion->PermissionCategoryID);
}
// Make sure that content can (still) be edited.
$EditContentTimeout = c('Garden.EditContentTimeout', -1);
$CanEdit = $EditContentTimeout == -1 || strtotime($this->Comment->DateInserted) + $EditContentTimeout > time();
if (!$CanEdit) {
$this->permission('Vanilla.Comments.Edit', true, 'Category', $Discussion->PermissionCategoryID);
}
// Make sure only moderators can edit closed things
if ($Discussion->Closed) {
$this->permission('Vanilla.Comments.Edit', true, 'Category', $Discussion->PermissionCategoryID);
}
$this->Form->setFormValue('CommentID', $CommentID);
} elseif ($Discussion) {
// Permission to add
$this->permission('Vanilla.Comments.Add', true, 'Category', $Discussion->PermissionCategoryID);
}
if ($this->Form->authenticatedPostBack()) {
// Save as a draft?
$FormValues = $this->Form->formValues();
$FormValues = $this->CommentModel->filterForm($FormValues);
if (!$Editing) {
unset($FormValues['CommentID']);
}
if ($DraftID == 0) {
$DraftID = $this->Form->getFormValue('DraftID', 0);
}
$Type = GetIncomingValue('Type');
$Draft = $Type == 'Draft';
$this->EventArguments['Draft'] = $Draft;
$Preview = $Type == 'Preview';
if ($Draft) {
$DraftID = $this->DraftModel->save($FormValues);
$this->Form->addHidden('DraftID', $DraftID, true);
$this->Form->setValidationResults($this->DraftModel->validationResults());
} elseif (!$Preview) {
// Fix an undefined title if we can.
if ($this->Form->getFormValue('Name') && val('Name', $Discussion) == t('Undefined discussion subject.')) {
$Set = array('Name' => $this->Form->getFormValue('Name'));
if (isset($vanilla_url) && $vanilla_url && strpos(val('Body', $Discussion), t('Undefined discussion subject.')) !== false) {
$LinkText = t('EmbededDiscussionLinkText', 'Read the full story here');
$Set['Body'] = formatString('<p><a href="{Url}">{LinkText}</a></p>', array('Url' => $vanilla_url, 'LinkText' => $LinkText));
}
$this->DiscussionModel->setField(val('DiscussionID', $Discussion), $Set);
}
$Inserted = !$CommentID;
$CommentID = $this->CommentModel->save($FormValues);
// The comment is now half-saved.
if (is_numeric($CommentID) && $CommentID > 0) {
if (in_array($this->deliveryType(), array(DELIVERY_TYPE_ALL, DELIVERY_TYPE_DATA))) {
$this->CommentModel->save2($CommentID, $Inserted, true, true);
} else {
$this->jsonTarget('', url("/post/comment2.json?commentid={$CommentID}&inserted={$Inserted}"), 'Ajax');
}
// $Discussion = $this->DiscussionModel->getID($DiscussionID);
$Comment = $this->CommentModel->getID($CommentID, DATASET_TYPE_OBJECT, array('Slave' => false));
$this->EventArguments['Discussion'] = $Discussion;
$this->EventArguments['Comment'] = $Comment;
$this->fireEvent('AfterCommentSave');
} elseif ($CommentID === SPAM || $CommentID === UNAPPROVED) {
$this->StatusMessage = t('CommentRequiresApprovalStatus', 'Your comment will appear after it is approved.');
}
$this->Form->setValidationResults($this->CommentModel->validationResults());
if ($CommentID > 0 && $DraftID > 0) {
$this->DraftModel->delete($DraftID);
}
}
// Handle non-ajax requests first:
if ($this->_DeliveryType == DELIVERY_TYPE_ALL) {
if ($this->Form->errorCount() == 0) {
// Make sure that this form knows what comment we are editing.
if ($CommentID > 0) {
$this->Form->addHidden('CommentID', $CommentID);
}
// If the comment was not a draft
if (!$Draft) {
// Redirect to the new comment.
if ($CommentID > 0) {
redirect("discussion/comment/{$CommentID}/#Comment_{$CommentID}");
} elseif ($CommentID == SPAM) {
$this->setData('DiscussionUrl', DiscussionUrl($Discussion));
$this->View = 'Spam';
}
} elseif ($Preview) {
// If this was a preview click, create a comment shell with the values for this comment
$this->Comment = new stdClass();
$this->Comment->InsertUserID = $Session->User->UserID;
$this->Comment->InsertName = $Session->User->Name;
$this->Comment->InsertPhoto = $Session->User->Photo;
$this->Comment->DateInserted = Gdn_Format::date();
$this->Comment->Body = val('Body', $FormValues, '');
$this->Comment->Format = val('Format', $FormValues, c('Garden.InputFormatter'));
$this->addAsset('Content', $this->fetchView('preview'));
} else {
// If this was a draft save, notify the user about the save
$this->informMessage(sprintf(t('Draft saved at %s'), Gdn_Format::date()));
}
}
} else {
// Handle ajax-based requests
if ($this->Form->errorCount() > 0) {
// Return the form errors
$this->errorMessage($this->Form->errors());
} else {
// Make sure that the ajax request form knows about the newly created comment or draft id
$this->setJson('CommentID', $CommentID);
$this->setJson('DraftID', $DraftID);
if ($Preview) {
// If this was a preview click, create a comment shell with the values for this comment
$this->Comment = new stdClass();
$this->Comment->InsertUserID = $Session->User->UserID;
$this->Comment->InsertName = $Session->User->Name;
$this->Comment->InsertPhoto = $Session->User->Photo;
$this->Comment->DateInserted = Gdn_Format::date();
$this->Comment->Body = val('Body', $FormValues, '');
$this->Comment->Format = val('Format', $FormValues, c('Garden.InputFormatter'));
$this->View = 'preview';
} elseif (!$Draft) {
// If the comment was not a draft
// If Editing a comment
if ($Editing) {
// Just reload the comment in question
$this->Offset = 1;
$Comments = $this->CommentModel->getIDData($CommentID, array('Slave' => false));
$this->setData('Comments', $Comments);
$this->setData('Discussion', $Discussion);
// Load the discussion
$this->ControllerName = 'discussion';
$this->View = 'comments';
// Also define the discussion url in case this request came from the post screen and needs to be redirected to the discussion
$this->setJson('DiscussionUrl', DiscussionUrl($this->Discussion) . '#Comment_' . $CommentID);
} else {
// If the comment model isn't sorted by DateInserted or CommentID then we can't do any fancy loading of comments.
$OrderBy = valr('0.0', $this->CommentModel->orderBy());
// $Redirect = !in_array($OrderBy, array('c.DateInserted', 'c.CommentID'));
// $DisplayNewCommentOnly = $this->Form->getFormValue('DisplayNewCommentOnly');
// if (!$Redirect) {
// // Otherwise load all new comments that the user hasn't seen yet
// $LastCommentID = $this->Form->getFormValue('LastCommentID');
// if (!is_numeric($LastCommentID))
// $LastCommentID = $CommentID - 1; // Failsafe back to this new comment if the lastcommentid was not defined properly
//
// // Don't reload the first comment if this new comment is the first one.
// $this->Offset = $LastCommentID == 0 ? 1 : $this->CommentModel->GetOffset($LastCommentID);
// // Do not load more than a single page of data...
// $Limit = c('Vanilla.Comments.PerPage', 30);
//
// // Redirect if the new new comment isn't on the same page.
// $Redirect |= !$DisplayNewCommentOnly && PageNumber($this->Offset, $Limit) != PageNumber($Discussion->CountComments - 1, $Limit);
// }
// if ($Redirect) {
// // The user posted a comment on a page other than the last one, so just redirect to the last page.
// $this->RedirectUrl = Gdn::request()->Url("discussion/comment/$CommentID/#Comment_$CommentID", true);
// } else {
// // Make sure to load all new comments since the page was last loaded by this user
// if ($DisplayNewCommentOnly)
$this->Offset = $this->CommentModel->GetOffset($CommentID);
$Comments = $this->CommentModel->GetIDData($CommentID, array('Slave' => false));
$this->setData('Comments', $Comments);
$this->setData('NewComments', true);
$this->ClassName = 'DiscussionController';
$this->ControllerName = 'discussion';
$this->View = 'comments';
// }
// Make sure to set the user's discussion watch records
$CountComments = $this->CommentModel->getCount($DiscussionID);
$Limit = is_object($this->data('Comments')) ? $this->data('Comments')->numRows() : $Discussion->CountComments;
$Offset = $CountComments - $Limit;
$this->CommentModel->SetWatch($this->Discussion, $Limit, $Offset, $CountComments);
}
} else {
// If this was a draft save, notify the user about the save
$this->informMessage(sprintf(t('Draft saved at %s'), Gdn_Format::date()));
}
// And update the draft count
$UserModel = Gdn::userModel();
$CountDrafts = $UserModel->getAttribute($Session->UserID, 'CountDrafts', 0);
$this->setJson('MyDrafts', t('My Drafts'));
$this->setJson('CountDrafts', $CountDrafts);
}
}
} elseif ($this->Request->isPostBack()) {
throw new Gdn_UserException(t('Invalid CSRF token.', 'Invalid CSRF token. Please try again.'), 401);
} else {
// Load form
if (isset($this->Comment)) {
$this->Form->setData((array) $this->Comment);
}
}
// Include data for FireEvent
if (property_exists($this, 'Discussion')) {
$this->EventArguments['Discussion'] = $this->Discussion;
}
if (property_exists($this, 'Comment')) {
$this->EventArguments['Comment'] = $this->Comment;
}
$this->fireEvent('BeforeCommentRender');
if ($this->deliveryType() == DELIVERY_TYPE_DATA) {
if ($this->data('Comments') instanceof Gdn_DataSet) {
$Comment = $this->data('Comments')->firstRow(DATASET_TYPE_ARRAY);
if ($Comment) {
$Photo = $Comment['InsertPhoto'];
if (strpos($Photo, '//') === false) {
$Photo = Gdn_Upload::url(changeBasename($Photo, 'n%s'));
}
$Comment['InsertPhoto'] = $Photo;
}
$this->Data = array('Comment' => $Comment);
}
$this->RenderData($this->Data);
} else {
require_once $this->fetchViewLocation('helper_functions', 'Discussion');
// Render default view.
$this->render();
}
}
/**
*
*
* @throws Exception
*/
public function setHourOffset()
{
$Form = new Gdn_Form();
if ($Form->authenticatedPostBack()) {
if (!Gdn::session()->isValid()) {
throw permissionException('Garden.SignIn.Allow');
}
$HourOffset = $Form->getFormValue('HourOffset');
Gdn::userModel()->setField(Gdn::session()->UserID, 'HourOffset', $HourOffset);
$this->setData('Result', true);
$this->setData('HourOffset', $HourOffset);
$time = time();
$this->setData('UTCDateTime', gmdate('r', $time));
$this->setData('UserDateTime', gmdate('r', $time + $HourOffset * 3600));
} else {
throw forbiddenException('GET');
}
$this->render('Blank');
}
/**
*
*
* @param $Sender
* @param $PocketID
* @return bool
* @throws Gdn_UserException
*/
protected function _delete($Sender, $PocketID)
{
$Sender->setData('Title', sprintf(t('Delete %s'), t('Pocket')));
$Form = new Gdn_Form();
if ($Form->authenticatedPostBack()) {
Gdn::sql()->delete('Pocket', array('PocketID' => $PocketID));
$Sender->StatusMessage = sprintf(T('The %s has been deleted.'), strtolower(t('Pocket')));
$Sender->RedirectUrl = Url('settings/pockets');
}
$Sender->Form = $Form;
$Sender->render('Delete', '', 'plugins/Pockets');
return true;
}
/**
*
*
* @throws Exception
*/
public function setHourOffset()
{
$Form = new Gdn_Form();
if ($Form->authenticatedPostBack()) {
if (!Gdn::session()->isValid()) {
throw permissionException('Garden.SignIn.Allow');
}
$HourOffset = $Form->getFormValue('HourOffset');
Gdn::userModel()->setField(Gdn::session()->UserID, 'HourOffset', $HourOffset);
// If we receive a time zone, only accept it if we can verify it as a valid identifier.
$timeZone = $Form->getFormValue('TimeZone');
if (!empty($timeZone)) {
try {
$tz = new DateTimeZone($timeZone);
Gdn::userModel()->saveAttribute(Gdn::session()->UserID, ['TimeZone' => $tz->getName(), 'SetTimeZone' => null]);
} catch (\Exception $ex) {
Logger::log(Logger::ERROR, $ex->getMessage(), ['timeZone' => $timeZone]);
Gdn::userModel()->saveAttribute(Gdn::session()->UserID, ['TimeZone' => null, 'SetTimeZone' => $timeZone]);
$timeZone = '';
}
} elseif ($currentTimeZone = Gdn::session()->getAttribute('TimeZone')) {
// Check to see if the current timezone agrees with the posted offset.
try {
$tz = new DateTimeZone($currentTimeZone);
$currentHourOffset = $tz->getOffset(new DateTime()) / 3600;
if ($currentHourOffset != $HourOffset) {
// Clear out the current timezone or else it will override the browser's offset.
Gdn::userModel()->saveAttribute(Gdn::session()->UserID, ['TimeZone' => null, 'SetTimeZone' => null]);
} else {
$timeZone = $tz->getName();
}
} catch (Exception $ex) {
Logger::log(Logger::ERROR, "Clearing out bad timezone: {timeZone}", ['timeZone' => $currentTimeZone]);
// Clear out the bad timezone.
Gdn::userModel()->saveAttribute(Gdn::session()->UserID, ['TimeZone' => null, 'SetTimeZone' => null]);
}
}
$this->setData('Result', true);
$this->setData('HourOffset', $HourOffset);
$this->setData('TimeZone', $timeZone);
$time = time();
$this->setData('UTCDateTime', gmdate('r', $time));
$this->setData('UserDateTime', gmdate('r', $time + $HourOffset * 3600));
} else {
throw forbiddenException('GET');
}
$this->render('Blank');
}
