/** * Create or edit record. * * @return string|boolean Output. */ public function edit() { if (!SecurityUtil::checkPermission('ExampleDoctrine::', '::', ACCESS_ADD)) { return LogUtil::registerPermissionError(ModUtil::url('ExampleDoctrine', 'user', 'index')); } $id = $this->request->query->getInt('id'); if ($id) { // load user with id $user = $this->entityManager->find('ExampleDoctrine_Entity_User', $id); if (!$user) { return LogUtil::registerError($this->__f('User with id %s not found', $id)); } } else { $user = new ExampleDoctrine_Entity_User(); } /* @var $form Symfony\Component\Form\Form */ $form = $this->serviceManager->getService('symfony.formfactory')->create(new ExampleDoctrine_Form_UserType(), $user); if ($this->request->getMethod() == 'POST') { $form->bindRequest($this->request); if ($form->isValid()) { $data = $form->getData(); $this->entityManager->persist($data); $this->entityManager->flush(); return $this->redirect(ModUtil::url('ExampleDoctrine', 'user', 'view')); } } return $this->view->assign('form', $form->createView())->fetch('exampledoctrine_user_edit.tpl'); }
public function updateConfig($args) { // Security check if (!SecurityUtil::checkPermission('SiriusXtecAuth::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } $items = array( 'ldap_active' => FormUtil::getPassedValue('ldap_active', false, 'POST')?true:false, 'users_creation' => FormUtil::getPassedValue('users_creation', false, 'POST')?true:false, 'new_users_activation' => FormUtil::getPassedValue('new_users_activation', false, 'POST')?true:false, 'iw_write' => FormUtil::getPassedValue('iw_write', false, 'POST')?true:false, 'iw_lastnames' => FormUtil::getPassedValue('iw_lastnames', false, 'POST')?true:false, 'new_users_groups' => FormUtil::getPassedValue('new_users_groups', array(), 'POST'), 'ldap_server' => FormUtil::getPassedValue('ldap_server', false, 'POST'), 'ldap_basedn' => FormUtil::getPassedValue('ldap_basedn', false, 'POST'), 'ldap_searchattr' => FormUtil::getPassedValue('ldap_searchattr', false, 'POST'), 'loginXtecApps' => FormUtil::getPassedValue('loginXtecApps', false, 'POST'), 'logoutXtecApps' => FormUtil::getPassedValue('logoutXtecApps', false, 'POST'), 'gtafProtocol' => FormUtil::getPassedValue('gtafProtocol', false, 'POST'), 'e13Protocol' => FormUtil::getPassedValue('e13Protocol', false, 'POST'), 'gtafURL' => FormUtil::getPassedValue('gtafURL', false, 'POST'), 'e13URL' => FormUtil::getPassedValue('e13URL', false, 'POST'), 'loginTime' => FormUtil::getPassedValue('loginTime', false, 'POST'), 'logoutTime' => FormUtil::getPassedValue('logoutTime', false, 'POST')); ModUtil::setVars($this->name,$items); LogUtil::registerStatus($this->__('S\'ha actualitzat la configuració del mòdul.')); return System::redirect(ModUtil::url('SiriusXtecAuth', 'admin', 'main')); }
public function install() { if (!SecurityUtil::checkPermission('Files::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } // set content of the files .htaccess and .locked $htaccessContent = "# Avoid direct web access to folder files\r\nOrder deny,allow\r\nDeny from all\r\n"; $lockedContent = "# Avoid direct web access with the file file.php\r\n"; // Create module table if (!DBUtil::createTable('Files')) { return false; } //Create indexes $pntable = DBUtil::getTables(); $c = $pntable['Files_column']; DBUtil::createIndex($c['userId'], 'Files', 'userId'); // create security files FileUtil::writeFile(ModUtil::getVar('Files', 'folderPath') . '/.htaccess', $htaccessContent, true); FileUtil::writeFile(ModUtil::getVar('Files', 'folderPath') . '/.locked', $lockedContent, true); FileUtil::writeFile(ModUtil::getVar('Files', 'folderPath') . '/' . ModUtil::getVar('Files', 'usersFolder') . '/.htaccess', $htaccessContent, true); FileUtil::writeFile(ModUtil::getVar('Files', 'folderPath') . '/' . ModUtil::getVar('Files', 'usersFolder') . '/.locked', $lockedContent, true); //Create module vars ModUtil::setVar('Files', 'showHideFiles', '0'); ModUtil::setVar('Files', 'allowedExtensions', 'gif,png,jpg,odt,doc,pdf,zip'); ModUtil::setVar('Files', 'defaultQuota', 1); ModUtil::setVar('Files', 'groupsQuota', 's:0:"";'); ModUtil::setVar('Files', 'filesMaxSize', '1000000'); ModUtil::setVar('Files', 'maxWidth', '250'); ModUtil::setVar('Files', 'maxHeight', '250'); ModUtil::setVar('Files', 'editableExtensions', 'php,htm,html,htaccess,css,js,tpl'); // Set up module hook ModUtil::registerHook('item', 'display', 'GUI', 'Files', 'user', 'Files'); return true; }
function FlashChatBridge_user_showChat() { // perform permission check if (!SecurityUtil::checkPermission('FlashChatBridge::', '::', ACCESS_READ)) { return LogUtil::registerPermissionError(); } $popup = FormUtil::getPassedValue('popup', false); // Security check $render =& pnRender::getInstance('FlashChatBridge', false); $UserVars = pnUserGetVars(SessionUtil::getVar('uid')); $client_type = FormUtil::getPassedValue('client_type', 'standard'); $settings = pnModGetVar('FlashChatBridge'); $settings['init_user'] = $UserVars['uname']; $settings['init_password'] = $UserVars['pass']; if ($settings['autosize'] == 1) { $settings['width'] = "100%"; $settings['height'] = "100%"; } if ($popup) { $settings['width'] = "100%"; $settings['height'] = "100%"; $render->assign('settings', $settings); $chat = $render->fetch("flashchatbridge_user_chat_{$client_type}.htm"); $render->assign('chat', $chat); echo $render->fetch('flashchatbridge_user_popup.htm'); exit; } else { $render->assign('settings', $settings); return $render->fetch("flashchatbridge_user_chat_{$client_type}.htm"); } }
/** * Initialize form handler. * * This method takes care of all necessary initialisation of our data and form states. * * @return boolean False in case of initialization errors, otherwise true. */ public function initialize(Zikula_Form_View $view) { // permission check if (!SecurityUtil::checkPermission('MUBoard::', '::', ACCESS_ADMIN)) { return $view->registerError(LogUtil::registerPermissionError()); } // retrieve module vars $modVars = ModUtil::getVar('MUBoard'); // initialise list entries for the 'number images' setting $modVars['numberImagesItems'] = array(array('value' => '1', 'text' => '1'), array('value' => '2', 'text' => '2'), array('value' => '3', 'text' => '3')); // initialise list entries for the 'number files' setting $modVars['numberFilesItems'] = array(array('value' => '1', 'text' => '1'), array('value' => '2', 'text' => '2'), array('value' => '3', 'text' => '3')); // initialise list entries for the 'sorting postings' setting $modVars['sortingPostingsItems'] = array(array('value' => 'descending', 'text' => 'Descending'), array('value' => 'ascending', 'text' => 'Ascending')); // initialise list entries for the 'icon set' setting $modVars['iconSetItems'] = array(array('value' => '1', 'text' => '1'), array('value' => '2', 'text' => '2'), array('value' => '3', 'text' => '3')); // initialise list entries for the 'template' setting $modVars['templateItems'] = array(array('value' => 'normal', 'text' => 'Normal'), array('value' => 'jquery', 'text' => 'JQuery')); // assign all module vars $this->view->assign('config', $modVars); // custom initialisation aspects $this->initializeAdditions(); // everything okay, no initialization errors occured return true; }
public function install() { if (!SecurityUtil::checkPermission('IWdocmanager::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } // Checks if module IWmain is installed. If not returns error if (!ModUtil::available('IWmain')) { return LogUtil::registerError(__('Module IWmain is required. You have to install the IWmain module previously to install it.')); } // Check if the version needed is correct $versionNeeded = '3.0.0'; if (!ModUtil::func('IWmain', 'admin', 'checkVersion', array('version' => $versionNeeded))) { return false; } if (!DBUtil::createTable('IWdocmanager')) return false; if (!DBUtil::createTable('IWdocmanager_categories')) return false; //Create indexes $table = DBUtil::getTables(); $c = $table['IWdocmanager_column']; DBUtil::createIndex($c['author'], 'IWdocmanager', 'author'); DBUtil::createIndex($c['categoryId'], 'IWdocmanager', 'categoryId'); //Create module vars $this->setVar('documentsFolder', 'documents') ->setVar('notifyMail', '') ->setVar('editTime', '45') ->setVar('deleteTime', '20'); return true; }
function delete() { // security check if (!SecurityUtil::checkPermission('AddressBook::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } $ot = FormUtil::getPassedValue('ot', 'categories', 'GETPOST'); $id = (int) FormUtil::getPassedValue('id', 0, 'GETPOST'); $url = ModUtil::url('AddressBook', 'admin', 'view', array('ot' => $ot)); $class = 'AddressBook_DBObject_' . ucfirst($ot); if (!class_exists($class)) { return z_exit(__f('Error! Unable to load class [%s]', $ot)); } $object = new $class(); $data = $object->get($id); if (!$data) { LogUtil::registerError(__f('%1$s with ID of %2$s doesn\'\\t seem to exist', array($ot, $id))); return System::redirect($url); } $object->delete(); if ($ot == "customfield") { $sql = "ALTER TABLE addressbook_address DROP adr_custom_" . $id; try { DBUtil::executeSQL($sql, -1, -1, true, true); } catch (Exception $e) { } } LogUtil::registerStatus($this->__('Done! Item deleted.')); return System::redirect($url); }
/** * editsmilies * * */ public function editsmilies() { if (!SecurityUtil::checkPermission('BBSmile::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(System::getHomepageUrl()); } $submit = $this->getPassedValue('submit', null, 'POST'); if (!$submit) { $smilies = $this->getVar('smilie_array'); $this->view->assign('smilies', $smilies); return $this->view->fetch('admin/editsmiles.tpl'); } // submit is set $this->checkCsrfToken(); // Get input $keys = $this->getPassedValue('key', array(), 'POST'); $shorts = $this->getPassedValue('short', array(), 'POST'); $imgsrcs = $this->getPassedValue('imgsrc', array(), 'POST'); $alts = $this->getPassedValue('alt', array(), 'POST'); $aliases = $this->getPassedValue('alias', array(), 'POST'); $types = $this->getPassedValue('smilietype', array(), 'POST'); $active = $this->getPassedValue('active', array(), 'POST'); $smilies = array(); // Create an array with the input and deaktivate all smilies for ($i = 0; $i < sizeof($keys); $i++) { $smilies[$keys[$i]] = array('type' => $types[$i], 'short' => $shorts[$i], 'imgsrc' => $imgsrcs[$i], 'alt' => $alts[$i], 'alias' => $aliases[$i], 'active' => 0); } // And now set the active flag for all selected smilies for ($i = 0; $i < sizeof($active); $i++) { $smilies[$active[$i]]['active'] = 1; } $this->setVar('smilie_array', $smilies); LogUtil::registerStatus($this->__('The edited smilies have been saved.')); $this->redirect(ModUtil::url('BBSmile', 'admin', 'main')); }
/** * update the used disk for the user * @author: Albert Pérez Monfort * @return: True if success and false otherwise */ public function updateUsedSpace() { // security check if (!SecurityUtil::checkPermission( 'Files::', '::', ACCESS_ADD)) { return LogUtil::registerPermissionError(); } // get user used space $usedSpace = ModUtil::apiFunc('Files', 'user', 'get'); if(!$usedSpace){ // user row doesn't exists and it is created ModUtil::apiFunc('Files', 'user', 'createUserFilesInfo'); } $check = ModUtil::func('Files', 'user', 'checkingModule'); if ($check['status'] != 'ok') { $this->view->assign('check', $check); return $this->view->fetch('Files_user_failedConf.tpl'); } $initFolderPath = $check['initFolderPath']; $spaceUsed = ModUtil::apiFunc('Files', 'user', 'calcUsedSpace', array('folderToCalc' => $initFolderPath)); $item = array('diskUse' => DataUtil::formatForStore($spaceUsed)); $pntable =& DBUtil::getTables(); $c = $pntable['Files_column']; $where = "$c[userId]=" . UserUtil::getVar('uid'); if (!DBUtil::updateObject($item, 'Files', $where, 'fileId')) { return LogUtil::registerError ($this->__('Error! Could not update the used disk.')); } // Let the calling process know that we have finished successfully return true; }
/** * @param $args * * @return false|void */ public function unregisterWidgets($args) { if (!SecurityUtil::checkPermission('Dashboard::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } return Dashboard_Util::unregisterWidgets($args['module']); }
/** * Function to delete an ids log entry */ public function deleteidsentry() { // verify auth-key $this->checkCsrfToken(); // Security check if (!SecurityUtil::checkPermission('SecurityCenter::', '::', ACCESS_DELETE)) { return LogUtil::registerPermissionError(); } // get paramters $id = (int)FormUtil::getPassedValue('id', 0, 'GETPOST'); // sanity check if (!is_numeric($id)) { return LogUtil::registerError($this->__f("Error! Received a non-numeric object ID '%s'.", $id)); } $class = 'SecurityCenter_DBObject_Intrusion'; $object = new $class(); $data = $object->get($id); // check for valid object if (!$data) { return LogUtil::registerError($this->__f('Error! Invalid %s received.', "object ID [$id]")); } else { // delete object $object->delete(); } // redirect back to view function $this->redirect(ModUtil::url('SecurityCenter', 'admin', 'viewidslog')); }
/** * Desinstal·lació del mòdul Cataleg * * @return bool true si ha anat tot bé, false en qualsevol altre cas. */ public function uninstall() { if (!SecurityUtil::checkPermission('Cataleg::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } // Esborrar taules del mòdul if (!DBUtil::dropTable('cataleg')|| !DBUtil::dropTable('cataleg_eixos')|| !DBUtil::dropTable('cataleg_prioritats')|| !DBUtil::dropTable('cataleg_unitatsImplicades')|| !DBUtil::dropTable('cataleg_subprioritats')|| !DBUtil::dropTable('cataleg_activitats')|| !DBUtil::dropTable('cataleg_activitatsZona')|| !DBUtil::dropTable('cataleg_unitats')|| !DBUtil::dropTable('cataleg_responsables')|| !DBUtil::dropTable('cataleg_contactes')|| !DBUtil::dropTable('cataleg_auxiliar')|| !DBUtil::dropTable('cataleg_centresActivitat')|| !DBUtil::dropTable('cataleg_centres')|| !DBUtil::dropTable('cataleg_gestioActivitatDefaults')|| !DBUtil::dropTable('cataleg_importTaules')|| !DBUtil::dropTable('cataleg_importAssign')|| !DBUtil::dropTable('cataleg_gtafEntities')|| !DBUtil::dropTable('cataleg_gtafGroups') ) return false; //Esborrar variables del mòdul $this->delVars(); // unregister hook handlers HookUtil::unregisterSubscriberBundles($this->version->getHookSubscriberBundles()); return true; }
function mediashare_mediahandlerapi_scanMediaHandlers() { // Check access if (!SecurityUtil::checkPermission('mediashare::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } $dom = ZLanguage::getModuleDomain('mediashare'); // Clear existing handler table if (!DBUtil::truncateTable('mediashare_mediahandlers')) { return LogUtil::registerError(__f('Error in %1$s: %2$s.', array('mediahandlerapi.scanMediaHandlers', __f("Could not clear the '%s' table.", 'mediahandlers', $dom)), $dom)); } // Scan for handlers APIs $files = FileUtil::getFiles('modules/mediashare', false, true, 'php', 'f'); foreach ($files as $file) { if (preg_match('/^pnmedia_([-a-zA-Z0-9_]+)api.php$/', $file, $matches)) { $handlerName = $matches[1]; $handlerApi = "media_{$handlerName}"; // Force load - it is used during pninit pnModAPILoad('mediashare', $handlerApi, true); if (!($handler = pnModAPIFunc('mediashare', $handlerApi, 'buildHandler'))) { return false; } $fileTypes = $handler->getMediaTypes(); foreach ($fileTypes as $fileType) { $fileType['handler'] = $handlerName; $fileType['title'] = $handler->getTitle(); if (!pnModAPIFunc('mediashare', 'mediahandler', 'addMediaHandler', $fileType)) { return false; } } } } return true; }
function mediashare_sourcesapi_scanSources() { // Check access if (!SecurityUtil::checkPermission('mediashare::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } $dom = ZLanguage::getModuleDomain('mediashare'); // Clear existing sources table if (!DBUtil::truncateTable('mediashare_sources')) { return LogUtil::registerError(__f('Error in %1$s: %2$s.', array('sourcesapi.scanSources', __f("Could not clear the '%s' table.", 'sources', $dom)), $dom)); } // Scan for sources APIs $files = FileUtil::getFiles('modules/mediashare', false, true, 'php', 'f'); foreach ($files as $file) { if (preg_match('/^pnsource_([-a-zA-Z0-9_]+)api.php$/', $file, $matches)) { $sourceName = $matches[1]; $sourceApi = "source_{$sourceName}"; // Force load - it is used during pninit pnModAPILoad('mediashare', $sourceApi, true); if (!($title = pnModAPIFunc('mediashare', $sourceApi, 'getTitle'))) { return false; } if (!pnModAPIFunc('mediashare', 'sources', 'addSource', array('title' => $title, 'name' => $sourceName))) { return false; } } } return true; }
/** * Dispatch a module view request. * * @return mixed */ public function dispatch() { if (!SecurityUtil::checkPermission('Extensions::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } // Get input. $moduleName = $this->request->getGet()->filter('_module', null, FILTER_SANITIZE_STRING); $pluginName = $this->request->getGet()->filter('_plugin', null, FILTER_SANITIZE_STRING); $action = $this->request->getGet()->filter('_action', null, FILTER_SANITIZE_STRING); // Load plugins. if (!$moduleName) { $type = 'SystemPlugin'; PluginUtil::loadAllSystemPlugins(); } else { $type = 'ModulePlugin'; PluginUtil::loadAllModulePlugins(); } if ($moduleName) { $serviceId = PluginUtil::getServiceId("{$type}_{$moduleName}_{$pluginName}_Plugin"); } else { $serviceId = PluginUtil::getServiceId("{$type}_{$pluginName}_Plugin"); } $this->throwNotFoundUnless($this->serviceManager->hasService($serviceId)); $this->plugin = $this->serviceManager->getService($serviceId); // Sanity checks. $this->throwNotFoundUnless($this->plugin->isInstalled(), __f('Plugin "%s" is not installed', $this->plugin->getMetaDisplayName())); $this->throwForbiddenUnless($this->plugin instanceof Zikula_Plugin_ConfigurableInterface, __f('Plugin "%s" is not configurable', $this->plugin->getMetaDisplayName())); $this->pluginController = $this->plugin->getConfigurationController(); $this->throwNotFoundUnless($this->pluginController->getReflection()->hasMethod($action)); return $this->pluginController->{$action}(); }
/** * display theme changing user interface */ public function main() { // check if theme switching is allowed if (!System::getVar('theme_change')) { LogUtil::registerError($this->__('Notice: Theme switching is currently disabled.')); $this->redirect(ModUtil::url('Users', 'user', 'main')); } if (!SecurityUtil::checkPermission('Theme::', '::', ACCESS_COMMENT)) { return LogUtil::registerPermissionError(); } // get our input $startnum = FormUtil::getPassedValue('startnum', isset($args['startnum']) ? $args['startnum'] : 1, 'GET'); // we need this value multiple times, so we keep it $itemsperpage = $this->getVar('itemsperpage'); // get some use information about our environment $currenttheme = ThemeUtil::getInfo(ThemeUtil::getIDFromName(UserUtil::getTheme())); // get all themes in our environment $allthemes = ThemeUtil::getAllThemes(ThemeUtil::FILTER_USER); $previewthemes = array(); $currentthemepic = null; foreach ($allthemes as $key => $themeinfo) { $themename = $themeinfo['name']; if (file_exists($themepic = 'themes/'.DataUtil::formatForOS($themeinfo['directory']).'/images/preview_medium.png')) { $themeinfo['previewImage'] = $themepic; $themeinfo['largeImage'] = 'themes/'.DataUtil::formatForOS($themeinfo['directory']).'/images/preview_large.png'; } else { $themeinfo['previewImage'] = 'system/Theme/images/preview_medium.png'; $themeinfo['largeImage'] = 'system/Theme/images/preview_large.png'; } if ($themename == $currenttheme['name']) { $currentthemepic = $themepic; unset($allthemes[$key]); } else { $previewthemes[$themename] = $themeinfo; } } $previewthemes = array_slice($previewthemes, $startnum-1, $itemsperpage); $this->view->setCaching(Zikula_View::CACHE_DISABLED); $this->view->assign('currentthemepic', $currentthemepic) ->assign('currenttheme', $currenttheme) ->assign('themes', $previewthemes) ->assign('defaulttheme', ThemeUtil::getInfo(ThemeUtil::getIDFromName(System::getVar('Default_Theme')))); // assign the values for the pager plugin $this->view->assign('pager', array('numitems' => sizeof($allthemes), 'itemsperpage' => $itemsperpage)); // Return the output that has been generated by this function return $this->view->fetch('theme_user_main.tpl'); }
/** * Create or edit record. * * @return string|boolean Output. */ public function edit() { if (!SecurityUtil::checkPermission('ExampleDoctrine::', '::', ACCESS_ADD)) { return LogUtil::registerPermissionError(ModUtil::url('ExampleDoctrine', 'user', 'main')); } $form = FormUtil::newForm('ExampleDoctrine', $this); return $form->execute('exampledoctrine_user_edit.tpl', new ExampleDoctrine_Handler_Edit()); }
function mediashare_vfs_db_dump() { $fileref = $_GET['ref']; // Retrieve image information if (!($media = pnModAPIFunc('mediashare', 'vfs_db', 'getMedia', array('fileref' => $fileref)))) { return false; } // Check access if (!mediashareAccessAlbum($media['albumId'], mediashareAccessRequirementView, null)) { return LogUtil::registerPermissionError(); } // Some Mediashare users have reported this to make their setup work. The buffer may contain something // due to a buggy template or block while (@ob_end_clean()) { } if (pnConfigGetVar('UseCompression') == 1) { // With the "while (@ob_end_clean());" stuff above we are guranteed that no z-buffering is done // But(!) the "ob_start("ob_gzhandler");" made by pnAPI.php means a "Content-Encoding: gzip" is set. // So we need to reset this header since no compression is done header("Content-Encoding: identity"); } // Check cached versus modified date $lastModifiedDate = date('D, d M Y H:i:s T', $media['modifiedDate']); $currentETag = $media['modifiedDate']; global $HTTP_SERVER_VARS; $cachedDate = isset($HTTP_SERVER_VARS['HTTP_IF_MODIFIED_SINCE']) ? $HTTP_SERVER_VARS['HTTP_IF_MODIFIED_SINCE'] : null; $cachedETag = isset($HTTP_SERVER_VARS['HTTP_IF_NONE_MATCH']) ? $HTTP_SERVER_VARS['HTTP_IF_NONE_MATCH'] : null; // If magic quotes are on then all query/post variables are escaped - so strip slashes to make a compare possible // - only cachedETag is expected to contain quotes if (get_magic_quotes_gpc()) { $cachedETag = stripslashes($cachedETag); } if ((empty($cachedDate) || $lastModifiedDate == $cachedDate) && '"' . $currentETag . '"' == $cachedETag) { header("HTTP/1.1 304 Not Modified"); header("Status: 304 Not Modified"); header("Expires: " . date('D, d M Y H:i:s T', time() + 180 * 24 * 3600)); // My PHP insists on Expires in 1981 as default! header('Pragma: cache'); // My PHP insists on putting a pragma "no-cache", so this is an attempt to avoid that header('Cache-Control: public'); header("ETag: \"{$media['modifiedDate']}\""); return true; } header("Expires: " . date('D, d M Y H:i:s T', time() + 180 * 24 * 3600)); // My PHP insists on Expires in 1981 as default! header('Pragma: cache'); // My PHP insists on putting a pragma "no-cache", so this is an attempt to avoid that header('Cache-Control: public'); header("ETag: \"{$media['modifiedDate']}\""); // Ensure correct content-type and a filename for eventual download header("Content-Type: {$media['mimeType']}"); header("Content-Disposition: inline; filename=\"{$media['title']}\""); header("Last-Modified: {$lastModifiedDate}"); header("Content-Length: " . strlen($media['data'])); echo $media['data']; return true; }
public function removeWidget() { $this->checkCsrfToken(); if (!SecurityUtil::checkPermission('Dashboard::', '::', ACCESS_READ)) { return LogUtil::registerPermissionError(); } $id = $this->request->request->get('id', null); if (null === $id) { throw new Exception($this->__('id not specified')); } Dashboard_Util::removeUserWidget($id); return $this->redirect(ModUtil::url('Dashboard', 'user', 'view')); }
/** * delete an avatar * */ public function deleteavatar($args) { if (!SecurityUtil::checkPermission('Avatar::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } $osdir = DataUtil::formatForOS(ModUtil::getVar('Users', 'avatarpath')); $avatarfile = $osdir . '/' . DataUtil::formatForOS($args['avatar']); if (unlink($avatarfile) == false) { return LogUtil::registerError($this->__f('Error! Unable to delete avatar \'%s\'.', $avatarfile)); } LogUtil::registerStatus($this->__f('Done! The Avatar \'%s\' has been deleted.', $avatarfile)); return true; }
/** * Step 1 - Check if the needed files exists and if they are writeable * @author Albert Pérez Monfort (aperezm@xtec.cat) * @return if they exist and are writeable user can jump to step 2 */ public function update() { $filesRealPath = FormUtil::getPassedValue('filesRealPath', isset($args['filesRealPath']) ? $args['filesRealPath'] : null, 'POST'); $usersFolder = FormUtil::getPassedValue('usersFolder', isset($args['usersFolder']) ? $args['usersFolder'] : null, 'POST'); if (!SecurityUtil::checkPermission('Files::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } $multisites = false; if (isset($GLOBALS['PNConfig']['Multisites']['multi']) && $GLOBALS['PNConfig']['Multisites']['multi'] == 1) { // create the needed folders for the site $siteDNS = isset($_GET['siteDNS']) ? DataUtil::formatForOS($_GET['siteDNS']) : null; $filesRealPath = $GLOBALS['PNConfig']['Multisites']['filesRealPath'] . '/' . $siteDNS . $GLOBALS['PNConfig']['Multisites']['siteFilesFolder']; if (!FileUtil::mkdirs($filesRealPath . '/' . $usersFolder, 0777, true)) { LogUtil::registerError($this->__('Directory creation error') . ': ' . $usersFolder); return false; } $multisites = true; } // check if the needed files are located in the correct places and they are writeable $file1 = false; $file2 = false; $fileWriteable1 = false; $fileWriteable2 = false; $path = $filesRealPath; if (file_exists($path)) { $file1 = true; } if (is_writeable($path)) { $fileWriteable1 = true; } $path = $filesRealPath . '/' . $usersFolder; if (file_exists($path)) { $file2 = true; } if (is_writeable($path)) { $fileWriteable2 = true; } if ($fileWriteable1 && $fileWriteable2) { ModUtil::setVar('Files', 'folderPath', $filesRealPath); ModUtil::setVar('Files', 'usersFolder', $usersFolder); } $this->view->assign('filesRealPath', $filesRealPath); $this->view->assign('usersFolder', $usersFolder); $this->view->assign('file1', $file1); $this->view->assign('file2', $file2); $this->view->assign('multisites', $multisites); $this->view->assign('fileWriteable1', $fileWriteable1); $this->view->assign('fileWriteable2', $fileWriteable2); $this->view->assign('step', 'check'); return $this->view->fetch('Files_init.htm'); }
/** * Add 'anotherfunction' Event handler . * * @param Zikula_Event $event Handler. * * @return void */ public function anotherfunction(Zikula_Event $event) { // check if this is for this handler $subject = $event->getSubject(); if (!($event['method'] == 'anotherfunction' && $subject instanceof Users_Controller_Admin)) { return; } if (!SecurityUtil::checkPermission('Users::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } $view = Zikula_View_plugin::getModulePluginInstance($this->moduleName, $this->pluginName); $event->setData($view->fetch('anotherfunction.tpl')); $event->stop(); }
/** * Initialize form handler. * * This method takes care of all necessary initialisation of our data and form states. * * @param Zikula_Form_View $view The form view instance. * * @return boolean False in case of initialization errors, otherwise true. */ public function initialize(Zikula_Form_View $view) { // permission check if (!SecurityUtil::checkPermission($this->name . '::', '::', ACCESS_ADMIN)) { return $view->registerError(LogUtil::registerPermissionError()); } // retrieve module vars $modVars = $this->getVars(); // assign all module vars $this->view->assign('config', $modVars); // custom initialisation aspects $this->initializeAdditions(); // everything okay, no initialization errors occured return true; }
/** * Initialize form handler. * * This method takes care of all necessary initialisation of our data and form states. * * @return boolean False in case of initialization errors, otherwise true. */ public function initialize(Zikula_Form_View $view) { // permission check if (!SecurityUtil::checkPermission('MUBoard::', '::', ACCESS_ADMIN)) { return $view->registerError(LogUtil::registerPermissionError()); } $dom = ZLanguage::getModuleDomain('MUBoard'); // initialise list entries for the 'number images' setting $vars['dizkustableItems'] = array(array('value' => '1', 'text' => __('All', $dom)), array('value' => '2', 'text' => __('Categories', $dom) . ' ' . __('and', $dom) . ' ' . __('Forums', $dom)), array('value' => '3', 'text' => __('Topics', $dom) . ' ' . __('and', $dom) . ' ' . __('Answers', $dom)), array('value' => '4', 'text' => __('Ranks', $dom) . ' ' . __('and', $dom) . ' ' . __('Users', $dom))); // assign all module vars $this->view->assign('import', $vars); // custom initialisation aspects $this->initializeAdditions(); // everything okay, no initialization errors occured return true; }
/** * Event handler here. * * @param Zikula_Event $event Event handler. * * @return void */ public function handler(Zikula_Event $event) { // check if this is for this handler $subject = $event->getSubject(); if (!($event['method'] == 'extensions' && $subject instanceof Users_Controller_Admin)) { return; } if (!SecurityUtil::checkPermission('Users::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } // Zikula Modules and Themes versions $view = Zikula_View::getInstance('Users'); $view->assign('mods', ModuleUtil::getModules()); $view->assign('themes', ThemeUtil::getAllThemes()); $event->setData($view->fetch('users_admin_extensions.tpl')); $event->stop(); }
/** * Load the url received. If not a ref or url is received loads the url stored in the modules vars * * @author Albert Pï¿œrez Monfort (intraweb@xtec.cat) * @param ref (optional) Reference of the page * @param url (optional) URL to load. Default the value stored in the module vars * @param w (optional) Width of the iframe. Default the value stored in the module vars * @param h (optional) Height of the iframe. Default the value stored in the module vars * @param s 0 - No scrolling 1 - Scrolling is auto Default the value stored in the module vars * @param u % - Percentage of the width screen px - Pixels Default the value stored in the module vars * @return The page called loaded into a iframe or an error advicement if the ref received is wrong */ public function main($args) { // Get module parameters $webbox = array('ref' => FormUtil::getPassedValue('ref', isset($args['ref']) ? $args['ref'] : null, 'GET'), 'url' => FormUtil::getPassedValue('url', isset($args['url']) ? $args['url'] : ModUtil::getVar('IWwebbox', 'url'), 'GET'), 'width' => FormUtil::getPassedValue('w', isset($args['w']) ? $args['w'] : ModUtil::getVar('IWwebbox', 'width'), 'GET'), 'height' => FormUtil::getPassedValue('h', isset($args['h']) ? $args['h'] : ModUtil::getVar('IWwebbox', 'height'), 'GET'), 'scrolls' => FormUtil::getPassedValue('s', isset($args['s']) ? $args['s'] : ModUtil::getVar('IWwebbox', 'scrolls'), 'GET'), 'widthunit' => FormUtil::getPassedValue('u', isset($args['u']) ? $args['u'] : ModUtil::getVar('IWwebbox', 'widthunit'), 'GET')); // Replace "*" to "&" and "**" to "?" if they are in the URL $webbox['url'] = str_replace('*', '&', str_replace('**', '?', $webbox['url'])); // Security check if (!SecurityUtil::checkPermission('IWwebbox::', '::', ACCESS_READ)) { return LogUtil::registerPermissionError(); } // Get the values associated to the parameter ref, if it is set if ($webbox['ref']) { $record = ModUtil::apiFunc('IWwebbox', 'user', 'getref', array('ref' => $webbox['ref'])); // if ref parameter is empty returns an advertisement if ($record['ref'] == '') { return LogUtil::registerError($this->__('URL not found. Please check the reference')); } $webbox = array('url' => $record['url'], 'width' => $record['width'], 'height' => $record['height'], 'scrolls' => $record['scrolls'], 'widthunit' => $record['widthunit']); } // Adapt the scrolls value to the required format $webbox['scrolls'] = ($webbox['scrolls']) ? 'auto' : 'no'; // Create output object $view = Zikula_View::getInstance('IWwebbox', false); // Assign values to template $view->assign($webbox); // Return the output generated return $view->fetch('IWwebbox_user_main.htm'); }
public function updateconfig() { $this->checkCsrfToken(); if (!SecurityUtil::checkPermission('Dashboard::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } $settings = $this->request->request->get('settings'); if ($settings === null) { $this->redirect(ModUtil::url('Dashboard', 'admin', 'config')); } foreach ($settings as $key => $value) { if ($value != $this->getVar($key)) { $this->setVar($key, $value); } } LogUtil::registerStatus($this->__('Done! Saved configuration.')); $this->redirect(ModUtil::url('Dashboard', 'admin', 'config')); }
/** * 123FlashChat Admin main page * @return HTML */ function FlashChatBridge_admin_flashchatadmin() { // Security check if (!SecurityUtil::checkPermission('FlashChatBridge::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } $render =& pnRender::getInstance('FlashChatBridge', false); $UserVars = pnUserGetVars(SessionUtil::getVar('uid')); $settings = pnModGetVar('FlashChatBridge'); $settings['init_user'] = $UserVars['uname']; $settings['init_password'] = $UserVars['pass']; if ($settings['autosize'] == 1) { $settings['width'] = "100%"; $settings['height'] = "100%"; } $render->assign('settings', $settings); return $render->fetch('flashchatbridge_admin_flashchatadmin.htm'); }
public function update($args) { $sid = FormUtil::getPassedValue('sid', isset($args['sid']) ? $args['sid'] : null, 'GET'); $nom_espai = FormUtil::getPassedValue('nom_espai', isset($args['nom_espai']) ? $args['nom_espai'] : null, 'GET'); $descriu = FormUtil::getPassedValue('descriu', isset($args['descriu']) ? $args['descriu'] : null, 'GET'); $actiu = FormUtil::getPassedValue('actiu', isset($args['actiu']) ? $args['actiu'] : null, 'GET'); $mdid = FormUtil::getPassedValue('mdid', isset($args['mdid']) ? $args['mdid'] : null, 'GET'); $color = FormUtil::getPassedValue('color', isset($args['color']) ? $args['color'] : null, 'GET'); $vertical = FormUtil::getPassedValue('vertical', isset($args['vertical']) ? $args['vertical'] : null, 'GET'); //Check params if ((!isset($sid)) || (!isset($nom_espai))) { return LogUtil::registerError($this->__('Error! Could not do what you wanted. Please check your input.')); } // Check valid space $exist = ModUtil::apiFunc('IWbookings', 'user', 'get', array('sid' => $sid)); //Comprovem que la consulta anterior ha tornat amb resultats if ($exist == false) { return LogUtil::registerError($this->__('The room or equipment was not found')); } //Comprovacions de seguretat if (!SecurityUtil::checkPermission('IWbookings::', "::", ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } $where = "sid = " . $sid; $item = array('space_name' => $nom_espai, 'description' => $descriu, 'active' => $actiu, 'mdid' => $mdid, 'vertical' => $vertical, 'color' => $color); if (!DBUTil::updateObject($item, 'IWbookings_spaces', $where)) { return LogUtil::registerError($this->__('An error has occurred while modifying the room or equipment')); } //Informem que el proc�s s'ha acabat amb �xit return true; }
/** * Gets from the database all the items in the submenus * @author: Albert Pï¿œrez Monfort (aperezm@xtec.cat) * @param: id parent of the menu which want the submenus * @return: And array with the items information */ public function getAllSubMenuItems($args) { $values = array(); // Security check if (!SecurityUtil::checkPermission('IWvhmenu::', '::', ACCESS_READ)) { return LogUtil::registerPermissionError(); } $table = DBUtil::getTables(); $c = $table['IWvhmenu_column']; $where = "$c[id_parent]=$args[id_parent] AND $c[active]=1"; $orderby = "$c[iorder]"; // get the objects from the db $items = DBUtil::selectObjectArray('IWvhmenu', $where, $orderby); // Check for an error with the database code, and if so set an appropriate // error message and return if ($items === false) { return LogUtil::registerError($this->__('Error! Could not load items.')); } // Return the items return $items; }