/** * Move an item one down or own up int he ordering * * @param string $move Direction to move * @return void */ protected function reorderTask($move = 'down') { // Check for request forgeries Request::checkToken(['get', 'post']); // Incoming $id = Request::getVar('id', array()); $id = $id[0]; $pid = Request::getInt('event', 0); // Ensure we have an ID to work with if (!$id) { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_EVENTS_PAGE_NO_ID'), 'error'); return; } // Ensure we have a parent ID to work with if (!$pid) { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_EVENTS_PAGE_NO_EVENT_ID'), 'error'); return; } // Get the element moving down - item 1 $page1 = new Page($this->database); $page1->load($id); // Get the element directly after it in ordering - item 2 $page2 = clone $page1; $page2->getNeighbor($this->_task); switch ($move) { case 'up': // Switch places: give item 1 the position of item 2, vice versa $orderup = $page2->ordering; $orderdn = $page1->ordering; $page1->ordering = $orderup; $page2->ordering = $orderdn; break; case 'down': // Switch places: give item 1 the position of item 2, vice versa $orderup = $page1->ordering; $orderdn = $page2->ordering; $page1->ordering = $orderdn; $page2->ordering = $orderup; break; } // Save changes $page1->store(); $page2->store(); // Redirect App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&id[]=' . $pid, false)); }
/** * Save an entry * * @return void */ protected function _save() { // Ensure the user is logged in if (User::isGuest()) { return $this->_login(); } // Check for request forgeries Request::checkToken(); // Incoming $comment = Request::getVar('comment', array(), 'post', 'none', 2); // Instantiate a new comment object $row = new \Plugins\Hubzero\Comments\Models\Comment($comment['id']); // pass data to comment object if (!$row->bind($comment)) { App::redirect($this->url, $row->getError(), 'error'); return; } $row->set('uploadDir', $this->params->get('comments_uploadpath', '/site/comments')); $row->set('created', Date::toSql()); if ($row->exists() && !$this->params->get('access-edit-comment')) { App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode($this->url)), Lang::txt('PLG_HUBZERO_COMMENTS_NOTAUTH'), 'warning'); return; } // Store new content if (!$row->store(true)) { $key = 'failed_comment'; $value = $row->content('raw'); User::setState($key, $value); App::redirect($this->url, $row->getError(), 'error'); return; } App::redirect($this->url, Lang::txt('PLG_HUBZERO_COMMENTS_SAVED'), 'message'); }
/** * Save * * @return void */ public function saveTask() { // Check for request forgeries Request::checkToken(); // Incoming $step = Request::getInt('step', '0'); // Where do we go next? if ($this->_identifier && !$this->model->exists()) { throw new Exception(Lang::txt('COM_PROJECTS_PROJECT_CANNOT_LOAD'), 404); return; } // New project? $new = $this->model->exists() ? false : true; $setup = $new || $this->model->inSetup() ? true : false; // Determine setup steps $setupSteps = array('describe', 'team', 'finalize'); if ($this->_setupComplete < 3) { array_pop($setupSteps); } // Next screen requested $this->next = $setup && isset($setupSteps[$step]) ? $setupSteps[$step] : $this->section; // Are we allowed to save this step? $current = array_search($this->section, $setupSteps); if ($new && $current > 0) { throw new Exception(Lang::txt('ALERTNOTAUTH'), 403); return; } // Cannot save a new project unless in setup if ($new && !$setup) { throw new Exception(Lang::txt('COM_PROJECTS_PROJECT_CANNOT_LOAD'), 404); return; } // Get group ID if ($this->_gid) { // Load the group $this->group = \Hubzero\User\Group::getInstance($this->_gid); // Ensure we found the group info if (!is_object($this->group) || !$this->group->get('gidNumber') && !$this->group->get('cn')) { throw new Exception(Lang::txt('COM_PROJECTS_NO_GROUP_FOUND'), 404); return; } $this->_gid = $this->group->get('gidNumber'); $this->model->set('owned_by_group', $this->_gid); // Make sure we have up-to-date group membership information if ($this->model->exists()) { $objO = $this->model->table('Owner'); $objO->reconcileGroups($this->model->get('id')); } } // Check authorization if ($this->model->exists() && !$this->model->access('owner')) { throw new Exception(Lang::txt('ALERTNOTAUTH'), 403); return; } elseif (!$this->model->exists() && $this->_gid) { // Check group authorization to create a project if (!$this->group->is_member_of('members', User::get('id')) && !$this->group->is_member_of('managers', User::get('id'))) { throw new Exception(Lang::txt('COM_PROJECTS_ALERTNOTAUTH_GROUP'), 403); return; } } // Get group ID if ($this->_gid) { // Load the group $this->group = \Hubzero\User\Group::getInstance($this->_gid); // Ensure we found the group info if (!is_object($this->group) || !$this->group->get('gidNumber') && !$this->group->get('cn')) { throw new Exception(Lang::txt('COM_PROJECTS_NO_GROUP_FOUND'), 404); return; } $this->_gid = $this->group->get('gidNumber'); $this->model->set('owned_by_group', $this->_gid); } if ($this->section == 'finalize') { // Complete project setup if ($this->_finalize()) { $this->_setNotification(Lang::txt('COM_PROJECTS_NEW_PROJECT_CREATED'), 'success'); // Some follow-up actions $this->_onAfterProjectCreate(); App::redirect(Route::url($this->model->link())); return; } } else { // Save $this->_process(); } // Record setup stage and move on if ($setup && !$this->getError() && $step > $this->model->get('setup_stage')) { $this->model->set('setup_stage', $step); $this->model->store(); // Did we actually complete setup? if (!$this->model->inSetup()) { // Complete project setup if ($this->_finalize()) { $this->_setNotification(Lang::txt('COM_PROJECTS_NEW_PROJECT_CREATED'), 'success'); // Some follow-up actions $this->_onAfterProjectCreate(); App::redirect(Route::url($this->model->link())); return; } } } // Don't go next in case of error if ($this->getError()) { $this->next = $this->section; $this->_setNotification($this->getError(), 'error'); } else { $this->_setNotification(Lang::txt('COM_PROJECTS_' . strtoupper($this->section) . '_SAVED'), 'success'); } // Redirect $task = $setup ? 'setup' : 'edit'; $append = $new && $this->model->exists() && $this->next == 'describe' ? '#describearea' : ''; App::redirect(Route::url('index.php?option=' . $this->_option . '&task=' . $task . '&alias=' . $this->model->get('alias') . '&active=' . $this->next) . $append); return; }
/** * Save an entry * * @return string HTML */ private function _save() { // Check for request forgeries Request::checkToken(); //verify were authorized if ($this->authorized != 'manager') { $this->setError(Lang::txt('PLG_GROUPS_ANNOUNCEMENTS_ONLY_MANAGERS_CAN_CREATE')); return $this->_list(); } // Incoming $fields = Request::getVar('fields', array(), 'post', 'none', 2); $fields = array_map('trim', $fields); // email announcement $email = isset($fields['email']) && $fields['email'] == 1 ? true : false; //mark as not sent if we want to email again if ($email === true) { $fields['sent'] = 0; } // are we creating the announcement? if (!isset($fields['id']) || $fields['id'] == 0) { $fields['scope'] = 'group'; $fields['scope_id'] = $this->group->get('gidNumber'); $fields['created'] = Date::toSql(); $fields['created_by'] = User::get('id'); } //do we want to mark sticky? $fields['sticky'] = isset($fields['sticky']) && $fields['sticky'] == 1 ? 1 : 0; //do we want to mark as high priority $fields['priority'] = isset($fields['priority']) && $fields['priority'] == 1 ? 1 : 0; //format publish up if (isset($fields['publish_up']) && $fields['publish_up'] != '' && $fields['publish_up'] != '0000-00-00 00:00:00') { $fields['publish_up'] = Date::of(str_replace('@', '', $fields['publish_up']), Config::get('offset'))->toSql(); } //format publish down if (isset($fields['publish_down']) && $fields['publish_down'] != '' && $fields['publish_down'] != '0000-00-00 00:00:00') { $fields['publish_down'] = Date::of(str_replace('@', '', $fields['publish_down']), Config::get('offset'))->toSql(); } if ($fields['publish_up'] > $fields['publish_down']) { $this->setError(Lang::txt('PLG_GROUPS_ANNOUNCEMENTS_INVALID_PUBLISH_DATES')); return $this->_edit($fields); } //announcement model $announcement = new \Hubzero\Item\Announcement($this->database); //attempt to save if (!$announcement->save($fields)) { $this->setError($announcement->getError()); return $this->_edit($fields); } // does user want to email and should we email yet? if ($email === true && $announcement->announcementPublishedForDate()) { // email announcement $announcement->emailAnnouncement(); //set that we sent it and resave $announcement->sent = 1; $announcement->save($announcement); } //success! App::redirect(Route::url('index.php?option=' . $this->option . '&cn=' . $this->group->get('cn') . '&active=announcements'), Lang::txt('PLG_GROUPS_ANNOUNCEMENTS_SUCCESSFULLY_CREATED'), 'success'); return; }
/** * Save blog settings * * @return void */ private function _savesettings() { if (User::isGuest()) { $this->setError(Lang::txt('GROUPS_LOGIN_NOTICE')); return; } if ($this->authorized != 'manager' && $this->authorized != 'admin') { $this->setError(Lang::txt('PLG_GROUPS_BLOG_NOT_AUTHORIZED')); return $this->_browse(); } // Check for request forgeries Request::checkToken(); $settings = Request::getVar('settings', array(), 'post'); $row = \Hubzero\Plugin\Params::blank()->set($settings); // Get parameters $p = new \Hubzero\Config\Registry(Request::getVar('params', array(), 'post')); $row->set('params', $p->toString()); // Store new content if (!$row->save()) { $this->setError($row->getError()); return $this->_settings(); } // Record the activity $recipients = array(['group', $this->group->get('gidNumber')]); foreach ($this->group->get('managers') as $recipient) { $recipients[] = ['user', $recipient]; } Event::trigger('system.logActivity', ['activity' => ['action' => 'updated', 'scope' => 'blog.settings', 'scope_id' => $row->get('id'), 'description' => Lang::txt('PLG_GROUPS_BLOG_ACTIVITY_SETTINGS_UPDATED')], 'recipients' => $recipients]); App::redirect(Route::url('index.php?option=com_groups&cn=' . $this->group->get('cn') . '&active=' . $this->_name . '&action=settings'), Lang::txt('PLG_GROUPS_BLOG_SETTINGS_SAVED'), 'passed'); }
/** * Save an entry * * @return string HTML */ private function _save() { // Permissions check if (!$this->offering->access('manage', 'section')) { return $this->_list(); } // Check for request forgeries Request::checkToken(); $no_html = Request::getInt('no_html', 0); $response = new stdClass(); $response->code = 0; // Incoming $fields = Request::getVar('fields', array(), 'post', 'none', 2); $fields = array_map('trim', $fields); // Get the model and bind the data $model = new \Components\Courses\Models\Announcement(0); if (!$model->bind($fields)) { $this->setError($model->getError()); return $this->_edit($model); } // Incoming dates are in local time. We need to convert to UTC if ($model->get('publish_up') && $model->get('publish_up') != '0000-00-00 00:00:00') { $model->set('publish_up', Date::of($model->get('publish_up'), Config::get('offset'))->toSql()); } // Incoming dates are in local time. We need to convert to UTC if ($model->get('publish_down') && $model->get('publish_down') != '0000-00-00 00:00:00') { $model->set('publish_down', Date::of($model->get('publish_down'), Config::get('offset'))->toSql()); } if (!isset($fields['priority']) || !$fields['priority']) { $model->set('priority', 0); } // Store content if (!$model->store(true)) { $this->setError($model->getError()); if (!$no_html) { return $this->_edit($model); } } if ($no_html) { if ($this->getError()) { $response->code = 1; $response->errors = $this->getErrors(); $response->data = $fields; } ob_clean(); header('Content-type: text/plain'); echo json_encode($response); exit; } // Display listing return $this->_list(); }
/** * Save Group Calendar * * @return string */ private function saveCalendar() { Request::checkToken(); //get request vars $calendarInput = Request::getVar('calendar', array()); // get the calendar $calendar = \Components\Events\Models\Calendar::getInstance($calendarInput['id']); //add scope and scope id to calendar array $calendarInput['scope'] = 'group'; $calendarInput['scope_id'] = $this->group->get('gidNumber'); $calendarInput['url'] = trim($calendarInput['url']); $colors = array('red', 'orange', 'yellow', 'green', 'blue', 'purple', 'brown'); if (!in_array($calendarInput['color'], $colors)) { $calendarInput['color'] = ''; } //is this a remote calendar url if ($calendarInput['url'] != '' && filter_var($calendarInput['url'], FILTER_VALIDATE_URL)) { $calendarInput['readonly'] = 1; $needsRefresh = true; } else { $calendarInput['url'] = ''; $calendarInput['readonly'] = 0; $needsRefresh = false; } // bind input if (!$calendar->bind($calendarInput)) { $this->setError($calendar->getError()); return $this->editCalendar(); } // attempt to save if (!$calendar->store(true)) { $this->setError($calendar->getError()); return $this->editCalendar(); } // should we refresh? if ($needsRefresh) { $calendar->refresh(); } //inform and redirect App::redirect(Route::url('index.php?option=' . $this->option . '&cn=' . $this->group->get('cn') . '&active=calendar&action=calendars'), Lang::txt('You have successfully added a new calendar.'), 'passed'); }
/** * Save blog settings * * @return void */ private function _savesettings() { // Login check if (User::isGuest()) { return $this->_login(); } if ($this->authorized != 'manager' && $this->authorized != 'admin') { $this->setError(Lang::txt('PLG_GROUPS_COLLECTIONS_NOT_AUTH')); return $this->_collections(); } // Check for request forgeries Request::checkToken(); $settings = Request::getVar('settings', array(), 'post'); $row = \Hubzero\Plugin\Params::oneByPlugin($this->group->get('gidNumber'), $this->_type, $this->_name); $row->set('object_id', $this->group->get('gidNumber')); $row->set('folder', $this->_type); $row->set('element', $this->_name); // Get parameters $prms = Request::getVar('params', array(), 'post'); $params = new \Hubzero\Config\Registry($prms); $row->set('params', $params->toString()); // Store new content if (!$row->save()) { $this->setError($row->getError()); return $this->_settings(); } // Record the activity $recipients = array(['group', $this->group->get('gidNumber')]); foreach ($this->group->get('managers') as $recipient) { $recipients[] = ['user', $recipient]; } Event::trigger('system.logActivity', ['activity' => ['action' => 'updated', 'scope' => 'collections.settings', 'scope_id' => $row->get('id'), 'description' => Lang::txt('PLG_GROUPS_COLLECTIONS_ACTIVITY_SETTINGS_UPDATED')], 'recipients' => $recipients]); App::redirect(Route::url('index.php?option=com_groups&cn=' . $this->group->get('cn') . '&active=' . $this->_name), Lang::txt('PLG_GROUPS_COLLECTIONS_SETTINGS_SAVED'), 'passed'); }
/** * Upload a file to the wiki * * @return void */ public function _fileUpload() { // Check if they're logged in if (User::isGuest()) { return $this->_files(); } if (Request::getVar('no_html', 0)) { return $this->_ajaxUpload(); } // Check for request forgeries Request::checkToken(); // Ensure we have an ID to work with $listdir = Request::getInt('listdir', 0, 'post'); if (!$listdir) { $this->setError(Lang::txt('PLG_COURSES_PAGES_ERROR_NO_ID_PROVIDED')); return $this->_files(); } // Incoming file $file = Request::getVar('upload', '', 'files', 'array'); if (!$file['name']) { $this->setError(Lang::txt('PLG_COURSES_PAGES_ERROR_NO_FILE_PROVIDED')); return $this->_files(); } // Build the upload path if it doesn't exist $path = $this->_path(); if (!is_dir($path)) { if (!Filesystem::makeDirectory($path)) { $this->setError(Lang::txt('PLG_COURSES_PAGES_ERROR_UNABLE_TO_MAKE_PATH')); return $this->_files(); } } // Make the filename safe $file['name'] = urldecode($file['name']); $file['name'] = Filesystem::clean($file['name']); $file['name'] = str_replace(' ', '_', $file['name']); // Upload new files if (!Filesystem::upload($file['tmp_name'], $path . DS . $file['name'])) { $this->setError(Lang::txt('PLG_COURSES_PAGES_ERROR_UNABLE_TO_UPLOAD')); } if (!Filesystem::isSafe($path . DS . $file['name'])) { Filesystem::delete($path . DS . $file['name']); $this->setError(Lang::txt('PLG_COURSES_PAGES_ERROR_UNSAFE_FILE')); } // Push through to the media view return $this->_files(); }
/** * Save an entry * * @return mixed An html view on error, redirects on success */ private function _save() { // Check for request forgeries Request::checkToken(); //verify were authorized if ($this->authorized != 'manager') { $this->setError(Lang::txt('PLG_GROUPS_ANNOUNCEMENTS_ONLY_MANAGERS_CAN_CREATE')); return $this->_list(); } // Incoming $fields = Request::getVar('fields', array(), 'post', 'none', 2); $fields = array_map('trim', $fields); // email announcement $email = isset($fields['email']) && $fields['email'] == 1 ? true : false; //mark as not sent if we want to email again if ($email === true) { $fields['sent'] = 0; } // are we creating the announcement? if (!isset($fields['id']) || $fields['id'] == 0) { $fields['id'] = 0; $fields['scope'] = 'group'; $fields['scope_id'] = $this->group->get('gidNumber'); $fields['created'] = Date::toSql(); $fields['created_by'] = User::get('id'); } //do we want to mark sticky? $fields['sticky'] = isset($fields['sticky']) && $fields['sticky'] == 1 ? 1 : 0; //do we want to mark as high priority $fields['priority'] = isset($fields['priority']) && $fields['priority'] == 1 ? 1 : 0; //format publish up if (isset($fields['publish_up']) && $fields['publish_up'] != '' && $fields['publish_up'] != '0000-00-00 00:00:00') { $fields['publish_up'] = Date::of(str_replace('@', '', $fields['publish_up']), Config::get('offset'))->toSql(); } //format publish down if (isset($fields['publish_down']) && $fields['publish_down'] != '' && $fields['publish_down'] != '0000-00-00 00:00:00') { $fields['publish_down'] = Date::of(str_replace('@', '', $fields['publish_down']), Config::get('offset'))->toSql(); } // Bind data $model = \Hubzero\Item\Announcement::oneOrNew($fields['id'])->set($fields); if ($model->get('publish_down') != '0000-00-00 00:00:00' && $model->get('publish_up') > $model->get('publish_down')) { $this->setError(Lang::txt('PLG_GROUPS_ANNOUNCEMENTS_INVALID_PUBLISH_DATES')); return $this->_edit($model); } if (!$model->save()) { $this->setError($model->setError()); return $this->_edit($model); } // Does user want to email and should we email yet? if ($email === true && $model->inPublishWindow()) { // Email announcement self::send($model, $this->group); // Set that we sent it and resave $model->set('sent', 1); $model->save(); } $url = 'index.php?option=' . $this->option . '&cn=' . $this->group->get('cn') . '&active=' . $this->_name; // Record the activity $recipients = array(['group', $this->group->get('gidNumber')]); foreach ($this->group->get('managers') as $recipient) { $recipients[] = ['user', $recipient]; } Event::trigger('system.logActivity', ['activity' => ['action' => $fields['id'] ? 'updated' : 'created', 'scope' => 'announcement', 'scope_id' => $model->get('id'), 'description' => Lang::txt('PLG_GROUPS_ANNOUNCEMENTS_ACTIVITY_' . ($fields['id'] ? 'UPDATED' : 'CREATED'), '<a href="' . Route::url($url) . '">' . \Hubzero\Utility\String::truncate(strip_tags($model->get('content')), 70) . '</a>'), 'details' => array('url' => Route::url($url), 'id' => $this->group->get('gidNumber'), 'alias' => $this->group->get('cn'), 'title' => $this->group->get('description'))], 'recipients' => $recipients]); // Redirect to the main listing App::redirect(Route::url($url), Lang::txt('PLG_GROUPS_ANNOUNCEMENTS_SUCCESSFULLY_SAVED'), 'success'); }
/** * Set the state of a course * * @return void */ public function stateTask() { // Check for request forgeries Request::checkToken(['get', 'post']); $state = $this->_task == 'publish' ? 1 : 0; // Incoming $ids = Request::getVar('id', array()); $ids = !is_array($ids) ? array($ids) : $ids; // Do we have any IDs? $num = 0; if (!empty($ids)) { //foreach course id passed in foreach ($ids as $id) { // Load the course page $model = \Components\Courses\Models\Offering::getInstance($id); // Ensure we found the course info if (!$model->exists()) { continue; } //set the course to be published and update $model->set('state', $state); if (!$model->store()) { $this->setError(Lang::txt('COM_COURSES_ERROR_UNABLE_TO_SET_STATE', $id)); continue; } // Log the course approval $model->log($model->get('id'), 'offering', $state ? 'published' : 'unpublished'); $num++; } } if ($this->getErrors()) { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&course=' . Request::getInt('course', 0), false), implode('<br />', $this->getErrors()), 'error'); } else { // Output messsage and redirect App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&course=' . Request::getInt('course', 0), false), $state ? Lang::txt('COM_COURSES_ITEMS_PUBLISHED', $num) : Lang::txt('COM_COURSES_ITEMS_UNPUBLISHED', $num)); } }
/** * Remove one or more types * * @return void Redirects back to main listing */ public function removeTask() { // Check for request forgeries Request::checkToken(); // Incoming (expecting an array) $ids = Request::getVar('id', array()); $ids = !is_array($ids) ? array($ids) : $ids; // Ensure we have an ID to work with if (empty($ids)) { // Redirect with error message App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_PUBLICATIONS_NO_ITEM_SELECTED'), 'error'); return; } $rt = new \Components\Publications\Tables\MasterType($this->database); foreach ($ids as $id) { // Check if the type is being used $total = $rt->checkUsage($id); if ($total > 0) { // Redirect with error message App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_PUBLICATIONS_TYPE_BEING_USED', $id), 'error'); return; } // Delete the type $rt->delete($id); } // Redirect App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_PUBLICATIONS_ITEMS_REMOVED', count($ids))); }
/** * Send a message * * @return mixed */ public function send($database, $option, $member) { // Ensure the user is logged in if (User::isGuest()) { return false; } // Check for request forgeries Request::checkToken(); // Incoming array of users to message $mbrs = array_map("trim", explode(',', Request::getVar('mbrs', array(), 'post'))); //array to hold members $email_users = array(); // foreach ($mbrs as $mbr) { if (is_numeric($mbr)) { $email_users[] = $mbr; } else { preg_match("/\\((\\d+)\\)/", $mbr, $matches); $email_users[] = $matches[1]; } } // Incoming message and subject $subject = Request::getVar('subject', Lang::txt('PLG_MEMBERS_MESSAGES_SUBJECT_MESSAGE')); $message = Request::getVar('message', ''); $no_html = Request::getInt('no_html', 0); if (!$subject || !$message) { if (!$no_html) { $this->addPluginMessage(Lang::txt('You must select a message recipient and enter a message.'), 'error'); return $this->redirect(Route::url($member->getLink() . '&active=messages&action=new')); } return App::abort(500, Lang::txt('You must select a message recipient and enter a message.')); } // Build the "from" data for the e-mail $from = array(); $from['name'] = $member->get('name'); $from['email'] = $member->get('email'); // Send the message if (!Event::trigger('xmessage.onSendMessage', array('member_message', $subject, $message, $from, $email_users, $option))) { $this->setError(Lang::txt('PLG_MEMBERS_MESSAGES_ERROR_MSG_USER_FAILED')); } // Determine if we're returning HTML or not // (if no - this is an AJAX call) if (!$no_html) { $this->addPluginMessage(Lang::txt('You have successfully sent a message.'), 'passed'); return App::redirect(Route::url($member->getLink() . '&active=messages&task=inbox')); } }
/** * Sets the state of one or more entries * * @param integer The state to set entries to * @return void */ public function stateTask($state = 0) { // Check for request forgeries Request::checkToken(['get', 'post']); // Incoming $ids = Request::getVar('id', array()); // Check for an ID if (count($ids) < 1) { $action = $state == 1 ? Lang::txt('PLG_RESOURCES_SPONSORS_UNPUBLISH') : Lang::txt('PLG_RESOURCES_SPONSORS_PUBLISH'); App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=manage&plugin=sponsors', false), Lang::txt('PLG_RESOURCES_SPONSORS_SELECT_ITEM_TO', $action), 'error'); return; } foreach ($ids as $id) { // Update record(s) $row = \Plugins\Resources\Sponsors\Models\Sponsor::oneOrFail((int) $id); $row->set('state', $state); if (!$row->save()) { $this->setError($row->getError()); return $this->defaultTask(); } } // set message if ($state == 1) { $message = Lang::txt('PLG_RESOURCES_SPONSORS_ITEMS_PUBLISHED', count($ids)); } else { $message = Lang::txt('PLG_RESOURCES_SPONSORS_ITEMS_UNPUBLISHED', count($ids)); } App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=manage&plugin=sponsors', false), $message); }
/** * Process import selections * * @return void */ private function processAction() { // Check if they're logged in if (User::isGuest()) { return $this->loginAction(); } if (!$this->params->get('access-manage')) { throw new Exception(Lang::txt('PLG_MEMBERS_CITATIONS_NOT_AUTHORIZED'), 403); } Request::checkToken(); $cites_require_attention = $this->importer->readRequiresAttention(); $cites_require_no_attention = $this->importer->readRequiresNoAttention(); // action for citations needing attention $citations_action_attention = Request::getVar('citation_action_attention', array()); // action for citations needing no attention $citations_action_no_attention = Request::getVar('citation_action_no_attention', array()); // check to make sure we have citations if (!$cites_require_attention && !$cites_require_no_attention) { App::redirect(Route::url($this->member->getLink() . '&active=' . $this->_name . '&action=import'), Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_MISSING_FILE_CONTINUE'), 'error'); return; } // vars $allow_tags = "yes"; $allow_badges = "yes"; $this->importer->set('user', User::get('id')); $this->importer->setTags($allow_tags == 'yes'); $this->importer->setBadges($allow_badges == 'yes'); $this->importer->set('scope_id', $this->member->get('uidNumber')); $this->importer->set('scope', 'member'); // Process $results = $this->importer->process($citations_action_attention, $citations_action_no_attention); // success message a redirect Notify::success(Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_RESULTS_SAVED', count($results['saved'])), 'plg_citations'); // if we have citations not getting saved if (count($results['not_saved']) > 0) { Notify::warning(Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_RESULTS_NOT_SAVED', count($results['not_saved'])), 'plg_citations'); } if (count($results['error']) > 0) { Notify::error(Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_RESULTS_SAVE_ERROR', count($results['error'])), 'plg_citations'); } //get the session object $session = App::get('session'); //ids of sessions saved and not saved $session->set('citations_saved', $results['saved']); $session->set('citations_not_saved', $results['not_saved']); $session->set('citations_error', $results['error']); //delete the temp files that hold citation data $this->importer->cleanup(true); //redirect App::redirect(Route::url($this->member->getLink() . '&active=' . $this->_name . '&action=saved')); }
/** * Save comment * * @return void, redirect */ protected function _saveComment() { // Check for request forgeries Request::checkToken(); // Check permission if (!$this->model->access('content')) { throw new Exception(Lang::txt('ALERTNOTAUTH'), 403); return; } // Incoming $itemid = Request::getInt('itemid', 0, 'post'); $comment = trim(Request::getVar('comment', '', 'post')); $parent_activity = Request::getInt('parent_activity', 0, 'post'); // Clean-up $comment = \Hubzero\Utility\Sanitize::stripScripts($comment); $comment = \Hubzero\Utility\Sanitize::stripImages($comment); $comment = \Hubzero\Utility\String::truncate($comment, 800); // Instantiate comment $objC = new \Components\Projects\Tables\Comment($this->_database); if ($comment) { $objC->itemid = $itemid; $objC->tbl = 'todo'; $objC->parent_activity = $parent_activity; $objC->comment = $comment; $objC->created = Date::toSql(); $objC->created_by = $this->_uid; if (!$objC->store()) { $this->setError($objC->getError()); } else { $this->_msg = Lang::txt('PLG_PROJECTS_TODO_COMMENT_POSTED'); } // Get new entry ID if (!$objC->id) { $objC->checkin(); } // Record activity if ($objC->id) { $what = Lang::txt('COM_PROJECTS_TODO_ITEM'); $url = Route::url($this->model->link('todo') . '&action=view&todoid=' . $itemid); $aid = $this->model->recordActivity(Lang::txt('COM_PROJECTS_COMMENTED') . ' ' . Lang::txt('COM_PROJECTS_ON') . ' ' . $what, $objC->id, $what, $url, 'quote', 0); } // Store activity ID if ($aid) { $objC->activityid = $aid; $objC->store(); } } // Pass error or success message if ($this->getError()) { \Notify::message($this->getError(), 'error', 'projects'); } elseif (!empty($this->_msg)) { \Notify::message($this->_msg, 'success', 'projects'); } // Redirect App::redirect(Route::url($this->model->link('todo') . '&action=view&todoid=' . $itemid)); return; }
/** * Save an entry * * @return void */ protected function _save() { // Ensure the user is logged in if (User::isGuest()) { return $this->_login(); } // Check for request forgeries Request::checkToken(); // Incoming $comment = Request::getVar('comment', array(), 'post', 'none', 2); // Instantiate a new comment object $row = \Plugins\Hubzero\Comments\Models\Comment::oneOrNew($comment['id'])->set($comment); if ($row->get('id') && !$this->params->get('access-edit-comment')) { App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode($this->url)), Lang::txt('PLG_HUBZERO_COMMENTS_NOTAUTH'), 'warning'); } // Store new content if (!$row->save()) { User::setState('failed_comment', $row->get('content')); App::redirect($this->url, $row->getError(), 'error'); } $upload = Request::getVar('comment_file', '', 'files', 'array'); if (!empty($upload) && $upload['name']) { if ($upload['error']) { $this->setError(\Lang::txt('PLG_HUBZERO_COMMENTS_ERROR_UPLOADING_FILE')); } $file = new \Plugins\Hubzero\Comments\Models\File(); $file->set('comment_id', $row->get('id')); $file->setUploadDir($this->params->get('comments_uploadpath', '/site/comments')); $fileName = $upload['name']; $fileTemp = $upload['tmp_name']; if (!$file->upload($fileName, $fileTemp)) { $this->setError($file->getError()); } else { $file->save(); } } App::redirect($this->url, Lang::txt('PLG_HUBZERO_COMMENTS_SAVED'), 'message'); }
/** * Reorder a plugin * * @param integer $access Access level to set * @return void */ public function orderTask() { // Check for request forgeries Request::checkToken(); $id = Request::getVar('id', array(0), 'post', 'array'); \Hubzero\Utility\Arr::toInteger($id, array(0)); $uid = $id[0]; $inc = $this->_task == 'orderup' ? -1 : 1; $row = new Tables\Assetgroup($this->database); $row->load($uid); $row->move($inc, 'unit_id=' . $this->database->Quote($row->unit_id) . ' AND parent=' . $this->database->Quote($row->parent)); $row->reorder('unit_id=' . $this->database->Quote($row->unit_id) . ' AND parent=' . $this->database->Quote($row->parent)); //$unit = \Components\Courses\Models\Unit::getInstance(Request::getInt('unit', 0)); //$ags = $unit->assetgroups(null, array('parent' => $row->parent)); if ($ags = $row->find(array('w' => array('parent' => $row->parent, 'unit_id' => $row->unit_id)))) { foreach ($ags as $ag) { $a = new \Components\Courses\Models\Assetgroup($ag); $a->store(); } } App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&unit=' . Request::getInt('unit', 0), false)); }
/** * Save blog settings * * @return void */ private function _savesettings() { // Login check if (User::isGuest()) { return $this->_login(); } if ($this->authorized != 'manager' && $this->authorized != 'admin') { $this->setError(Lang::txt('PLG_COLLECTIONS_BLOG_NOT_AUTH')); return $this->_collections(); } // Check for request forgeries Request::checkToken(); $settings = Request::getVar('settings', array(), 'post'); $row = new \Hubzero\Plugin\Params($this->database); $row->loadPlugin($this->group->get('gidNumber'), $this->_type, $this->_name); $row->object_id = $this->group->get('gidNumber'); $row->folder = $this->_type; $row->element = $this->_name; // Get parameters $prms = Request::getVar('params', array(), 'post'); $params = new \Hubzero\Config\Registry($prms); $row->params = $params->toString(); // Check content if (!$row->check()) { $this->setError($row->getError()); return $this->_settings(); } // Store new content if (!$row->store()) { $this->setError($row->getError()); return $this->_settings(); } App::redirect(Route::url('index.php?option=com_groups&cn=' . $this->group->get('cn') . '&active=' . $this->_name), Lang::txt('PLG_GROUPS_COLLECTIONS_SETTINGS_SAVED'), 'passed'); }
/** * Save a question and redirect to the main listing when done * * @return void */ private function _save() { // Login required if (User::isGuest()) { return $this->_browse(); } // Check for request forgeries Request::checkToken(); Lang::load('com_answers'); // Incoming $tags = Request::getVar('tags', ''); $funds = Request::getInt('funds', 0); $reward = Request::getInt('reward', 0); // If offering a reward, do some checks if ($reward) { // Is it an actual number? if (!is_numeric($reward)) { App::abort(500, Lang::txt('COM_ANSWERS_REWARD_MUST_BE_NUMERIC')); return; } // Are they offering more than they can afford? if ($reward > $funds) { App::abort(500, Lang::txt('COM_ANSWERS_INSUFFICIENT_FUNDS')); return; } } // Initiate class and bind posted items to database fields $fields = Request::getVar('question', array(), 'post', 'none', 2); $row = new \Components\Answers\Models\Question($fields['id']); if (!$row->bind($fields)) { $this->setError($row->getError()); return $this->_new($row); } if ($reward && $this->banking) { $row->set('reward', 1); } // Ensure the user added a tag /* if (!$tags) { $this->setError(Lang::txt('COM_ANSWERS_QUESTION_MUST_HAVE_TAG')); return $this->_new($row); } */ // Store new content if (!$row->store(true)) { $row->set('tags', $tags); $this->setError($row->getError()); return $this->_new($row); } // Hold the reward for this question if we're banking if ($reward && $this->banking) { $BTL = new \Hubzero\Bank\Teller($this->database, User::get('id')); $BTL->hold($reward, Lang::txt('COM_ANSWERS_HOLD_REWARD_FOR_BEST_ANSWER'), 'answers', $row->get('id')); } // Add the tags $row->tag($tags); // Add the tag to link to the resource $tag = $this->model->isTool() ? 'tool:' . $this->model->resource->alias : 'resource:' . $this->model->resource->id; $row->addTag($tag, User::get('id'), $this->model->isTool() ? 0 : 1); // Get users who need to be notified on every question $config = Component::params('com_answers'); $apu = $config->get('notify_users', ''); $apu = explode(',', $apu); $apu = array_map('trim', $apu); $receivers = array(); // Get tool contributors if question is about a tool if ($tags) { $tags = explode(',', $tags); if (count($tags) > 0) { require_once PATH_CORE . DS . 'components' . DS . 'com_tools' . DS . 'tables' . DS . 'author.php'; require_once PATH_CORE . DS . 'components' . DS . 'com_tools' . DS . 'tables' . DS . 'version.php'; $TA = new \Components\Tools\Tables\Author($this->database); $objV = new \Components\Tools\Tables\Version($this->database); if ($this->model->isTool()) { $toolname = $this->model->resource->alias; $rev = $objV->getCurrentVersionProperty($toolname, 'revision'); $authors = $TA->getToolAuthors('', 0, $toolname, $rev); if (count($authors) > 0) { foreach ($authors as $author) { $receivers[] = $author->uidNumber; } } } } } if (!empty($apu)) { foreach ($apu as $u) { $user = User::getInstance($u); if ($user) { $receivers[] = $user->get('id'); } } } $receivers = array_unique($receivers); // Send the message if (!empty($receivers)) { // Send a message about the new question to authorized users (specified admins or related content authors) $from = array('email' => Config::get('mailfrom'), 'name' => Config::get('sitename') . ' ' . Lang::txt('COM_ANSWERS_ANSWERS'), 'multipart' => md5(date('U'))); // Build the message subject $subject = Lang::txt('COM_ANSWERS_ANSWERS') . ', ' . Lang::txt('new question about content you author or manage'); // Build the message $eview = new \Hubzero\Mail\View(array('base_path' => PATH_CORE . DS . 'components' . DS . 'com_answers' . DS . 'site', 'name' => 'emails', 'layout' => 'question_plaintext')); $eview->option = 'com_answers'; $eview->sitename = Config::get('sitename'); $eview->question = $row; $eview->id = $row->get('id', 0); $eview->boundary = $from['multipart']; $message['plaintext'] = $eview->loadTemplate(false); $message['plaintext'] = str_replace("\n", "\r\n", $message['plaintext']); // HTML message $eview->setLayout('question_html'); $message['multipart'] = $eview->loadTemplate(); $message['multipart'] = str_replace("\n", "\r\n", $message['multipart']); if (!Event::trigger('xmessage.onSendMessage', array('new_question_admin', $subject, $message, $from, $receivers, 'com_answers'))) { $this->setError(Lang::txt('COM_ANSWERS_MESSAGE_FAILED')); } } // Redirect to the question App::redirect(Route::url('index.php?option=' . $this->option . '&id=' . $this->model->resource->id . '&active=' . $this->_name)); }
/** * Change status * Redirects to list * * @return void */ public function changestatusTask($dir = 0) { // Check for request forgeries Request::checkToken(); // Incoming $ids = Request::getVar('id', array(0), '', 'array'); // Initialize $row = new \Components\Publications\Tables\Category($this->database); foreach ($ids as $id) { if (intval($id)) { // Load row $row->load($id); $row->state = $row->state == 1 ? 0 : 1; // Save if (!$row->store()) { $this->addComponentMessage($row->getError(), 'error'); App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false)); return; } } } // Redirect App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_PUBLICATIONS_CATEGORY_ITEM_STATUS_CHNAGED')); }
/** * Save an entry * * @return void */ protected function _save() { // Ensure the user is logged in if (User::isGuest()) { return $this->_login(); } // Check for request forgeries Request::checkToken(); // Incoming $comment = Request::getVar('comment', array(), 'post', 'none', 2); // Instantiate a new comment object and pass it the data $row = new \Hubzero\Item\Comment($this->database); if (!$row->bind($comment)) { App::redirect($this->url, $row->getError(), 'error'); return; } $row->setUploadDir($this->params->get('comments_uploadpath', '/site/comments')); if ($row->id && !$this->params->get('access-edit-comment')) { App::redirect($this->url, Lang::txt('PLG_COURSES_REVIEWS_NOTAUTH'), 'warning'); return; } // Check content if (!$row->check()) { App::redirect($this->url, $row->getError(), 'error'); return; } // Store new content if (!$row->store()) { App::redirect($this->url, $row->getError(), 'error'); return; } App::redirect($this->url, Lang::txt('PLG_COURSES_REVIEWS_SAVED'), 'message'); }
/** * Remove one or more users from the course manager list * * @return void */ public function updateTask() { // Check for request forgeries Request::checkToken(); // Incoming member ID $id = Request::getInt('offering', 0); if (!$id) { $this->setError(Lang::txt('COM_COURSES_ERROR_NO_ID')); $this->displayTask(); return; } $section = Request::getInt('section', 0); $model = \Components\Courses\Models\Offering::getInstance($id); if ($section) { $model->section($section); } $entries = Request::getVar('entries', array(0), 'post'); foreach ($entries as $key => $data) { // Retrieve user's account info $member = \Components\Courses\Models\Member::getInstance($data['id'], null, null, null); if ($member->get('role_id') == $data['role_id']) { continue; } $member->set('role_id', $data['role_id']); if (!$member->store()) { $this->setError($member->getError()); } } // Push through to the hosts view $this->displayTask($model); }
/** * Remove an entry * * @return void */ public function removeTask() { // Incoming $step = Request::getInt('step', 1); $step = !$step ? 1 : $step; // What step are we on? switch ($step) { case 1: Request::setVar('hidemainmenu', 1); // Incoming $id = Request::getVar('id', array(0)); if (!is_array($id) && !empty($id)) { $id = array($id); } $this->view->ogId = $id; // Set any errors if ($this->getError()) { $this->view->setError($this->getError()); } // Output the HTML $this->view->display(); break; case 2: // Check for request forgeries Request::checkToken() or jexit('Invalid Token'); // Incoming $ogIds = Request::getVar('ogId', 0); //print_r($ogIds); die; // Make sure we have ID(s) to work with if (empty($ogIds)) { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=dispaly', false), Lang::txt('COM_STOREFRONT_NO_ID'), 'error'); return; } $delete = Request::getVar('delete', 0); $msg = "Delete canceled"; $type = 'error'; if ($delete) { // Do the delete $obj = new Archive(); $warnings = array(); foreach ($ogIds as $ogId) { // Delete option group try { $optionGroup = new OptionGroup($ogId); $optionGroup->delete(); // see if there are any warnings to display if ($optionGroupWarnings = $optionGroup->getMessages()) { foreach ($optionGroupWarnings as $optionGroupWarning) { if (!in_array($optionGroupWarning, $warnings)) { $warnings[] = $optionGroupWarning; } } } } catch (\Exception $e) { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=dispaly', false), $e->getMessage(), $type); return; } } $msg = "Option group(s) deleted"; $type = 'message'; } // Set the redirect App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=dispaly', false), $msg, $type); if ($warnings) { foreach ($warnings as $warning) { \Notify::warning($warning); } } break; } }
/** * Upload a resume * * @param object $database Database * @param string $option Component name * @param object $member Profile * @return string */ protected function _upload($database, $option, $member) { $path = $this->build_path($member->get('id')); $emp = Request::getInt('emp', 0); if (!$path) { $this->setError(Lang::txt('PLG_MEMBERS_RESUME_SUPPORT_NO_UPLOAD_DIRECTORY')); return $this->_view($database, $option, $member, $emp); } // Check for request forgeries Request::checkToken(['get', 'post']); // Incoming file $file = Request::getVar('uploadres', '', 'files', 'array'); if (!$file['name']) { $this->setError(Lang::txt('PLG_MEMBERS_RESUME_SUPPORT_NO_FILE')); return $this->_view($database, $option, $member, $emp); } // Incoming $title = Request::getVar('title', ''); $default_title = $member->get('firstname') ? $member->get('firstname') . ' ' . $member->get('lastname') . ' ' . ucfirst(Lang::txt('PLG_MEMBERS_RESUME_RESUME')) : $member->get('name') . ' ' . ucfirst(Lang::txt('PLG_MEMBERS_RESUME_RESUME')); $path = PATH_APP . $path; // Replace file title with user name $file_ext = substr($file['name'], strripos($file['name'], '.')); $file['name'] = $member->get('firstname') ? $member->get('firstname') . ' ' . $member->get('lastname') . ' ' . ucfirst(Lang::txt('PLG_MEMBERS_RESUME_RESUME')) : $member->get('name') . ' ' . ucfirst(Lang::txt('PLG_MEMBERS_RESUME_RESUME')); $file['name'] .= $file_ext; // Make the filename safe $file['name'] = Filesystem::clean($file['name']); $file['name'] = str_replace(' ', '_', $file['name']); $ext = strtolower(Filesystem::extension($file['name'])); if (!in_array($ext, explode(',', $this->params->get('file_ext', 'jpg,jpeg,jpe,bmp,tif,tiff,png,gif,pdf,txt,rtf,doc,docx,ppt')))) { $this->setError(Lang::txt('Disallowed file type.')); return $this->_view($database, $option, $member, $emp); } $row = new \Components\Jobs\Tables\Resume($database); if (!$row->loadResume($member->get('id'))) { $row = new \Components\Jobs\Tables\Resume($database); $row->id = 0; $row->uid = $member->get('id'); $row->main = 1; } else { if (file_exists($path . DS . $row->filename)) { Filesystem::delete($path . DS . $row->filename); // Remove stats for prev resume $jobstats = new \Components\Jobs\Tables\JobStats($database); $jobstats->deleteStats($member->get('id'), 'seeker'); } } // Perform the upload if (!Filesystem::upload($file['tmp_name'], $path . DS . $file['name'])) { $this->setError(Lang::txt('ERROR_UPLOADING')); } else { $fpath = $path . DS . $file['name']; if (!Filesystem::isSafe($fpath)) { Filesystem::delete($fpath); $this->setError(Lang::txt('File rejected because the anti-virus scan failed.')); return $this->_view($database, $option, $member, $emp); } // File was uploaded, create database entry $title = htmlspecialchars($title); $row->created = Date::toSql(); $row->filename = $file['name']; $row->title = $title ? $title : $default_title; if (!$row->check()) { $this->setError($row->getError()); } if (!$row->store()) { $this->setError($row->getError()); } } return $this->_view($database, $option, $member, $emp); }
/** * Remove one or more users from the course manager list * * @return void */ public function updateTask() { // Check for request forgeries Request::checkToken(); // Incoming member ID $id = Request::getInt('id', 0); if (!$id) { $this->setError(Lang::txt('COM_COURSES_ERROR_MISSING_COURSE')); $this->displayTask(); return; } $model = Course::getInstance($id); $entries = Request::getVar('entries', array(0), 'post'); require_once dirname(dirname(__DIR__)) . DS . 'tables' . DS . 'member.php'; foreach ($entries as $key => $data) { // Retrieve user's account info $tbl = new Tables\Member($this->database); $tbl->load($data['user_id'], $data['course_id'], $data['offering_id'], $data['section_id'], 0); if ($tbl->role_id == $data['role_id']) { continue; } $tbl->role_id = $data['role_id']; if (!$tbl->store()) { $this->setError($tbl->getError()); } } // Push through to the hosts view $this->displayTask(); }
/** * Save an entry * * @return void */ public function saveTask() { // Check if they're logged in if (User::isGuest()) { $this->loginTask(); return; } Request::checkToken(); // get the posted vars $id = Request::getInt('id', 0, 'post'); $c = Request::getVar('fields', array(), 'post'); $c['id'] = $id; // clean vars foreach ($c as $key => $val) { if (!is_array($val)) { $val = html_entity_decode(urldecode($val)); $val = Sanitize::stripAll($val); $c[$key] = Sanitize::clean($val); } } // Bind incoming data to object $row = new Citation($this->database); if (!$row->bind($c)) { $this->setError($row->getError()); $this->editTask(); return; } // New entry so set the created date if (!$row->id) { $row->created = Date::toSql(); } if (!filter_var($row->url, FILTER_VALIDATE_URL)) { $row->url = null; } // Check content for missing required data if (!$row->check()) { $this->setError($row->getError()); $this->editTask(); return; } // Store new content if (!$row->store()) { $this->setError($row->getError()); $this->editTask(); return; } // Incoming associations $arr = Request::getVar('assocs', array(), 'post'); $ignored = array(); foreach ($arr as $a) { $a = array_map('trim', $a); // Initiate extended database class $assoc = new Association($this->database); //check to see if we should delete if (isset($a['id']) && $a['tbl'] == '' && $a['oid'] == '') { // Delete the row if (!$assoc->delete($a['id'])) { $this->setError($assoc->getError()); $this->editTask(); return; } } else { if ($a['tbl'] != '' || $a['oid'] != '') { $a['cid'] = $row->id; // bind the data if (!$assoc->bind($a)) { $this->setError($assoc->getError()); $this->editTask(); return; } // Check content if (!$assoc->check()) { $this->setError($assoc->getError()); $this->editTask(); return; } // Store new content if (!$assoc->store()) { $this->setError($assoc->getError()); $this->editTask(); return; } } } } //check if we are allowing tags if ($this->config->get('citation_allow_tags', 'no') == 'yes') { $tags = trim(Request::getVar('tags', '', 'post')); $ct1 = new Tags($row->id); $ct1->setTags($tags, User::get('id'), 0, 1, ''); } //check if we are allowing badges if ($this->config->get('citation_allow_badges', 'no') == 'yes') { $badges = trim(Request::getVar('badges', '', 'post')); $ct2 = new Tags($row->id); $ct2->setTags($badges, User::get('id'), 0, 1, 'badge'); } // Redirect $task = '&task=browse'; if ($this->config->get('citation_single_view', 1)) { $task = '&task=view&id=' . $row->id; } App::redirect(Route::url('index.php?option=' . $this->_option . $task), Lang::txt('COM_CITATIONS_CITATION_SAVED')); }
/** * Save blog settings * * @return void */ private function savesettings() { if (User::isGuest()) { $this->setError(Lang::txt('GROUPS_LOGIN_NOTICE')); return; } if ($this->authorized != 'manager' && $this->authorized != 'admin') { $this->setError(Lang::txt('PLG_GROUPS_FORUM_NOT_AUTHORIZED')); return $this->sections(); } // Check for request forgeries Request::checkToken(); $settings = Request::getVar('settings', array(), 'post'); $row = new \Hubzero\Plugin\Params($this->database); if (!$row->bind($settings)) { $this->setError($row->getError()); return $this->settings(); } // Get parameters $p = new \Hubzero\Config\Registry(Request::getVar('params', '', 'post')); $row->params = $p->toString(); // Check content if (!$row->check()) { $this->setError($row->getError()); return $this->_settings(); } // Store new content if (!$row->store()) { $this->setError($row->getError()); return $this->_settings(); } App::redirect(Route::url('index.php?option=com_groups&cn=' . $this->group->get('cn') . '&active=' . $this->_name . '&action=settings'), Lang::txt('PLG_GROUPS_FORUM_SETTINGS_SAVED')); }
/** * Save a reply * * @return void */ private function savereply() { // Check for request forgeries Request::checkToken(); // Is the user logged in? if (User::isGuest()) { $this->setError(Lang::txt('PLG_PUBLICATIONS_REVIEWS_LOGIN_NOTICE')); return; } $publication =& $this->publication; // Trim and addslashes all posted items $comment = Request::getVar('comment', array(), 'post', 'none', 2); if (!$publication->exists()) { // Cannot proceed $this->setError(Lang::txt('PLG_PUBLICATIONS_REVIEWS_COMMENT_ERROR_NO_REFERENCE_ID')); return; } $database = App::get('db'); $row = \Hubzero\Item\Comment::blank()->set($comment); $message = $row->id ? Lang::txt('PLG_PUBLICATIONS_REVIEWS_EDITS_SAVED') : Lang::txt('PLG_PUBLICATIONS_REVIEWS_COMMENT_POSTED'); // Perform some text cleaning, etc. $row->set('content', \Hubzero\Utility\Sanitize::clean($row->get('content'))); $row->set('anonymous', $row->get('anonymous') ? $row->get('anonymous') : 0); $row->set('state', $row->get('id') ? $row->get('state') : 0); // Save the data if (!$row->save()) { $this->setError($row->getError()); return; } // Redirect App::redirect(Route::url($publication->link('reviews')), $message); }
/** * Set local password * * @return void - redirect to members account page */ private function setlocalpass() { // Logged in? if ($this->user->get('guest')) { App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode(Route::url('index.php?option=' . $this->option . '&task=myaccount&active=account&action=setlocalpass'))), Lang::txt('You must be a logged in to access this area.'), 'warning'); return; } // Get the token from the user state variable $token = User::getState($this->option . 'token'); // First check to make sure they're not trying to jump to this page without first verifying their token if (is_null($token)) { // Tsk tsk, no sneaky business App::redirect(Route::url('index.php?option=' . $this->option . '&id=' . $this->user->get('id') . '&active=account&task=sendtoken'), Lang::txt('You must first verify your email address by inputting the token.'), 'error'); return; } // Get the password input $password1 = Request::getVar('password1', null, 'post', 'string', JREQUEST_ALLOWRAW); $password2 = Request::getVar('password2', null, 'post', 'string', JREQUEST_ALLOWRAW); $change = Request::getVar('change', '', 'post'); // Create the view $view = new \Hubzero\Plugin\View(array('folder' => 'members', 'element' => 'account', 'name' => 'setlocalpassword', 'layout' => 'setlocalpass')); // Add a few more variables to the view $view->option = $this->option; $view->id = $this->user->get('id'); // Get the password rules $password_rules = \Hubzero\Password\Rule::getRules(); // Get the password rule descriptions $view->password_rules = array(); foreach ($password_rules as $rule) { if (!empty($rule['description'])) { $view->password_rules[] = $rule['description']; } } // Blank form request (no data submitted) if (empty($change)) { $view->notifications = $this->getPluginMessage() ? $this->getPluginMessage() : array(); return $view->loadTemplate(); } // Check for request forgeries Request::checkToken(); // Load some needed libraries jimport('joomla.user.helper'); // Initiate profile classs $profile = new \Hubzero\User\Profile(); $profile->load($this->user->get('id')); // Fire the onBeforeStoreUser trigger Event::trigger('user.onBeforeStoreUser', array($this->user->getProperties(), false)); // Validate the password against password rules if (!empty($password1)) { $msg = \Hubzero\Password\Rule::validate($password1, $password_rules, $profile->get('username')); } else { $msg = array(); } // Verify password $passrules = false; if (!$password1 || !$password2) { $this->setError(Lang::txt('MEMBERS_PASS_MUST_BE_ENTERED_TWICE')); } elseif ($password1 != $password2) { $this->setError(Lang::txt('MEMBERS_PASS_NEW_CONFIRMATION_MISMATCH')); } elseif (!empty($msg)) { $this->setError(Lang::txt('Password does not meet site password requirements. Please choose a password meeting all the requirements listed.')); $passrules = true; } // Were there any errors? if ($this->getError()) { $change = array(); $change['_missing']['password'] = $this->getError(); if (!empty($msg) && $passrules) { //$change = $msg; } if (Request::getInt('no_html', 0)) { echo json_encode($change); exit; } else { $view->setError($this->getError()); return $view->loadTemplate(); } } // No errors, so let's move on - encrypt the password and update the profile $result = \Hubzero\User\Password::changePassword($profile->get('uidNumber'), $password1); // Save the changes if (!$result) { $view->setError(Lang::txt('MEMBERS_PASS_CHANGE_FAILED')); return $view->loadTemplate(); } // Fire the onAfterStoreUser trigger Event::trigger('user.onAfterStoreUser', array($this->user->getProperties(), false, null, $this->getError())); // Flush the variables from the session User::setState($this->option . 'token', null); // Redirect if (Request::getInt('no_html', 0)) { echo json_encode(array("success" => true, "redirect" => Route::url($this->member->getLink() . '&active=account'))); exit; } else { // Redirect user to confirm view page App::redirect(Route::url($this->member->getLink() . '&active=account'), Lang::txt('Password reset successful'), 'passed'); } return; }