/**
* Show shouts or shout
*/
public function index()
{
$shout = new Shout_Model();
$form_values = $shout->as_array();
$form_errors = array();
// Check post
if (csrf::valid() && ($post = $this->input->post())) {
$shout->author_id = $this->user->id;
$shout->shout = $post['shout'];
try {
$shout->save();
if (!request::is_ajax()) {
url::redirect(url::current());
}
} catch (ORM_Validation_Exception $e) {
$form_errors = $e->validation->errors();
$form_values = arr::overwrite($form_values, $post);
}
}
$shouts = ORM::factory('shout')->find_all(10);
$view = View_Mod::factory('generic/shout', array('mod_title' => __('Shouts'), 'shouts' => $shouts, 'can_shout' => ORM::factory('shout')->has_access(Shout_Model::ACCESS_WRITE, $this->user), 'errors' => $form_errors, 'values' => $form_values));
if (request::is_ajax()) {
echo $view;
return;
}
widget::add('main', $view);
}
/**
* Edit topic
*
* @param mixed $topic_id
* @param mixed $area_id
*/
public function _topic_edit($topic_id, $area_id = false)
{
$this->history = false;
$errors = array();
$forum_topic = new Forum_Topic_Model((int) $topic_id);
$forum_area = $forum_topic->loaded() ? $forum_topic->forum_area : new Forum_Area_Model((int) $area_id);
if ($forum_topic->loaded()) {
// Editing topic
$editing = true;
if (!$forum_topic->has_access(Forum_Topic_Model::ACCESS_EDIT)) {
url::back('forum');
}
} else {
if ($forum_area->loaded()) {
// New topic
$editing = false;
if (!$forum_area->has_access(Forum_Area_Model::ACCESS_WRITE)) {
url::back('forum');
}
} else {
// New topic in unknown area
$errors[] = __('Area :area or topic :topic not found', array(':area' => (int) $area_id, ':topic' => (int) $topic_id));
}
}
if (empty($errors)) {
$forum_post = new Forum_Post_Model((int) $forum_topic->first_post_id);
$form_errors = array();
$form_values_topic = $forum_topic->as_array();
$form_values_post = $forum_post->as_array();
$form_topics = false;
// Bound area?
if ($forum_area->is_type(Forum_Area_Model::TYPE_BIND)) {
// Get bind config and load topics
$bind = Forum_Area_Model::binds($forum_area->bind);
if ($editing) {
// Can't edit bound topic
$form_topics = array($forum_topic->bind_id => $forum_topic->name);
} else {
// Try to load options from configured model
try {
$bind_topics = ORM::factory($bind['model'])->find_bind_topics($forum_area->bind);
$form_topics = array(0 => __('Choose..')) + $bind_topics;
} catch (Kohana_Exception $e) {
$form_topics = array();
}
}
}
// Admin actions
if ($editing && $forum_topic->has_access(Forum_Topic_Model::ACCESS_DELETE)) {
$this->page_actions[] = array('link' => url::model($forum_topic) . '/delete/?token=' . csrf::token(), 'text' => __('Delete topic'), 'class' => 'topic-delete');
}
// Check post
if ($post = $this->input->post()) {
$post['forum_area_id'] = $forum_area->id;
$topic = $post;
if (isset($bind_topics)) {
$topic['name'] = arr::get($bind_topics, (int) $topic['bind_id'], '');
}
$post_extra = $topic_extra = array('author_id' => $this->user->id, 'author_name' => $this->user->username);
if ($editing) {
$post_extra['modifies'] = (int) $forum_post->modifies + 1;
$post_extra['modified'] = date::unix2sql(time());
}
$post_extra['author_ip'] = $this->input->ip_address();
$post_extra['author_host'] = $this->input->host_name();
// validate post first and save topic if ok
if (csrf::valid() && $forum_post->validate($post, false, $post_extra) && $forum_topic->validate($topic, true, $topic_extra)) {
// post
$forum_post->forum_topic_id = $forum_topic->id;
$forum_post->save();
if (!$editing) {
// topic
$forum_topic->first_post_id = $forum_post->id;
$forum_topic->last_post_id = $forum_post->id;
$forum_topic->last_poster = $this->user->username;
$forum_topic->last_posted = date::unix2sql(time());
$forum_topic->posts = 1;
$forum_topic->save();
// area
$forum_area->last_topic_id = $forum_topic->id;
$forum_area->posts += 1;
$forum_area->topics += 1;
$forum_area->save();
// user
$this->user->posts += 1;
$this->user->save();
// News feed
newsfeeditem_forum::topic($this->user, $forum_topic);
}
// redirect back to topic
URL::redirect(url::model($forum_topic));
} else {
$form_errors = array_merge($post->errors(), is_object($topic) ? $topic->errors() : array());
}
$form_values_topic = arr::overwrite($form_values_topic, is_object($topic) ? $topic->as_array() : $topic);
$form_values_post = arr::overwrite($form_values_post, $post->as_array());
}
}
// Show form
if (empty($errors)) {
$this->breadcrumb[] = html::anchor(url::model($forum_area), text::title($forum_area->name));
$this->page_title = $editing ? text::title($forum_topic->name) : __('New topic');
$this->page_subtitle = __('Area :area', array(':area' => html::anchor(url::model($forum_area), text::title($forum_area->name), array('title' => strip_tags($forum_area->description)))));
widget::add('head', html::script(array('js/jquery.markitup.pack', 'js/markitup.bbcode')));
widget::add('main', View_Mod::factory('forum/topic_edit', array('topic' => $form_values_topic, 'topics' => $form_topics, 'post' => $form_values_post, 'errors' => $form_errors)));
} else {
$this->_error(__('Error'), $errors);
}
$this->_side_views();
}
/**
* User profile
*/
public function _view()
{
$this->tab_id = 'profile';
$owner = $this->user && $this->member->id == $this->user->id;
if ($owner && $this->user->newcomments) {
$this->user->newcomments = 0;
$this->user->save();
}
// Actions
if ($this->member->has_access(User_Model::ACCESS_EDIT)) {
$this->page_actions[] = array('link' => url::user($this->member) . '/edit', 'text' => __('Settings'), 'class' => 'settings');
}
// Picture
widget::add('side', View_Mod::factory('member/member', array('mod_class' => 'member member-' . $this->member->id, 'user' => $this->member)));
// Comments
if ($this->member->has_access(User_Model::ACCESS_COMMENT)) {
$comment = new User_Comment_Model();
$form_values = $comment->as_array();
$form_errors = array();
// check post
if (csrf::valid() && ($post = $this->input->post())) {
$comment->user_id = $this->member->id;
$comment->author_id = $this->user->id;
$comment->comment = $post['comment'];
if (isset($post['private'])) {
$comment->private = 1;
}
try {
$comment->save();
if (!$owner) {
$this->member->newcomments += 1;
$this->member->save();
}
$this->user->commentsleft += 1;
$this->user->save();
if (!request::is_ajax()) {
url::redirect(url::current());
}
} catch (ORM_Validation_Exception $e) {
$form_errors = $e->validation->errors();
$form_values = arr::overwrite($form_values, $post);
}
}
// Handle pagination
$per_page = 25;
$page_num = $this->uri->segment('page') ? $this->uri->segment('page') : 1;
$page_offset = ($page_num - 1) * $per_page;
$total_comments = $this->member->get_comment_count();
$comments = $this->member->find_comments($page_num, $per_page, $this->user);
$pagination = new Pagination(array('items_per_page' => $per_page, 'total_items' => $total_comments));
$view = View::factory('generic/comments', array('delete' => '/member/comment/%d/delete/?token=' . csrf::token(), 'private' => '/member/comment/%d/private/?token=' . csrf::token(), 'comments' => $comments, 'errors' => $form_errors, 'values' => $form_values, 'pagination' => $pagination, 'user' => $this->user));
if (request::is_ajax()) {
echo $view;
return;
}
widget::add('main', $view);
}
// Basic info
$basic_info = array();
if (!empty($this->member->name)) {
$basic_info[__('Name')] = html::specialchars($this->member->name);
}
if (!empty($this->member->city_name)) {
$basic_info[__('City')] = html::specialchars($this->member->city_name);
}
if (!empty($this->member->dob) && $this->member->dob != '0000-00-00') {
$basic_info[__('Date of Birth')] = __(':dob (:years years)', array(':dob' => date::format('DMYYYY', $this->member->dob), ':years' => date::timespan(strtotime($this->member->dob), null, 'years')));
}
if (!empty($this->member->gender)) {
$basic_info[__('Gender')] = $this->member->gender == 'm' ? __('Male') : __('Female');
}
if (!empty($this->member->latitude) && !empty($this->member->longitude)) {
$basic_info[__('Location')] = $this->member->latitude . ', ' . $this->member->longitude;
$basic_info[__('Location')] = html::anchor('#map', __('Toggle map'), array('class' => 'expander', 'title' => __('Show/hide'))) . '<div id="map" style="display: none">' . __('Map loading') . '</div>';
$map = new Gmap('map', array('ScrollWheelZoom' => true));
$map->center($this->member->latitude, $this->member->longitude, 15)->controls('small')->types();
$map->add_marker($this->member->latitude, $this->member->longitude, html::avatar($this->member->avatar, $this->member->username) . html::user($this->member));
widget::add('foot', html::script_source($map->render('gmaps/jquery_event')));
widget::add('foot', html::script_source("\$('a[href*=\"#map\"]:first').click(function() { \$('#map').toggle('normal', gmap_open); return false; });"));
}
// Site info
$site_info = array(__('Registered') => date::format('DMYYYY_HM', $this->member->created) . ' [#' . $this->member->id . ']', __('Logins') => __(':logins (:ago ago)', array(':logins' => number_format($this->member->logins, 0), ':ago' => '<abbr title="' . date::format('DMYYYY_HM', $this->member->last_login) . '">' . date::timespan_short($this->member->last_login) . '</abbr>')), __('Posts') => number_format($this->member->posts, 0), __('Comments') => number_format($this->member->commentsleft, 0));
// Initialize tabs
$tabs = array('basic-info' => array('href' => '#basic-info', 'title' => __('Basic info'), 'tab' => new View('generic/list_info', array('id' => 'basic-info', 'title' => __('Basic info'), 'list' => $basic_info))), 'site-info' => array('href' => '#site-info', 'title' => __('Site info'), 'tab' => new View('generic/list_info', array('id' => 'site-info', 'title' => __('Site info'), 'list' => $site_info))));
widget::add('side', View::factory('generic/tabs', array('id' => 'info-tab', 'tabs' => $tabs)));
$this->_side_views();
}
/**
* Delete entry
*
* @param integer|string $entry_id
*/
public function _entry_delete($entry_id)
{
$this->history = false;
$entry = new Blog_Entry_Model((int) $entry_id);
if ($this->user && $entry->id && csrf::valid($this->input->get('token'), $this->user->id) && ($entry->is_author() || $this->visitor->logged_in('admin'))) {
$entry->delete();
url::redirect('/blogs');
}
url::back('/blogs');
}
/**
* Validate by processing pre-filters, rules, callbacks, and post-filters.
* All fields that have filters, rules, or callbacks will be initialized if
* they are undefined. Validation will only be run if there is data already
* in the array.
*
* @param bool $validate_csrf When TRUE, performs CSRF token validation
* @return bool
*/
public function validate($validate_csrf = TRUE)
{
// CSRF token field
$csrf_token_key = 'form_auth_token';
if (array_key_exists($csrf_token_key, $this)) {
unset($this[$csrf_token_key]);
}
// Delete the CSRF token field if it's in the validation
// rules
if (array_key_exists($csrf_token_key, $this->callbacks)) {
unset($this->callbacks[$csrf_token_key]);
} elseif (array_key_exists($csrf_token_key, $this->rules)) {
unset($this->rules[$csrf_token_key]);
}
// Disable CSRF for XHR
// Same method as django CSRF protection:
// http://michael-coates.blogspot.co.nz/2010/12/djangos-built-in-csrf-defense-for-ajax.html
if (request::is_ajax()) {
$validate_csrf = FALSE;
}
// Perform CSRF validation for all HTTP POST requests
// where CSRF validation is enabled and the request
// was not submitted via the API
if ($_POST and $validate_csrf and !Validation::$is_api_request) {
// Check if CSRF module is loaded
if (in_array(MODPATH . 'csrf', Kohana::config('config.modules'))) {
// Check for presence of CSRF token in HTTP POST payload
$form_auth_token = isset($_POST[$csrf_token_key]) ? $_POST[$csrf_token_key] : text::random('alnum', 10);
// Validate the token
if (!csrf::valid($form_auth_token)) {
Kohana::log('debug', 'Invalid CSRF token: ' . $form_auth_token);
Kohana::log('debug', 'Actual CSRF token: ' . csrf::token());
// Flag CSRF validation as having failed
$this->csrf_validation_failed = TRUE;
// Set the error message
$this->errors[$csrf_token_key] = Kohana::lang('csrf.form_auth_token.error');
return FALSE;
}
}
}
// All the fields that are being validated
$all_fields = array_unique(array_merge(array_keys($this->pre_filters), array_keys($this->rules), array_keys($this->callbacks), array_keys($this->post_filters)));
// Copy the array from the object, to optimize multiple sets
$object_array = $this->getArrayCopy();
foreach ($all_fields as $i => $field) {
if ($field === $this->any_field) {
// Remove "any field" from the list of fields
unset($all_fields[$i]);
continue;
}
if (substr($field, -2) === '.*') {
// Set the key to be an array
Kohana::key_string_set($object_array, substr($field, 0, -2), array());
} else {
// Set the key to be NULL
Kohana::key_string_set($object_array, $field, NULL);
}
}
// Swap the array back into the object
$this->exchangeArray($object_array);
// Reset all fields to ALL defined fields
$all_fields = array_keys($this->getArrayCopy());
foreach ($this->pre_filters as $field => $calls) {
foreach ($calls as $func) {
if ($field === $this->any_field) {
foreach ($all_fields as $f) {
// Process each filter
$this[$f] = is_array($this[$f]) ? arr::map_recursive($func, $this[$f]) : call_user_func($func, $this[$f]);
}
} else {
// Process each filter
$this[$field] = is_array($this[$field]) ? arr::map_recursive($func, $this[$field]) : call_user_func($func, $this[$field]);
}
}
}
if ($this->submitted === FALSE) {
return FALSE;
}
foreach ($this->rules as $field => $calls) {
foreach ($calls as $call) {
// Split the rule into function and args
list($func, $args) = $call;
if ($field === $this->any_field) {
foreach ($all_fields as $f) {
if (isset($this->array_fields[$f])) {
// Use the field key
$f_key = $this->array_fields[$f];
// Prevent other rules from running when this field already has errors
if (!empty($this->errors[$f_key])) {
break;
}
// Don't process rules on empty fields
if (!in_array($func[1], $this->empty_rules, TRUE) and $this[$f_key] == NULL) {
continue;
}
foreach ($this[$f_key] as $k => $v) {
if (!call_user_func($func, $this[$f_key][$k], $args)) {
// Run each rule
$this->errors[$f_key] = is_array($func) ? $func[1] : $func;
}
}
} else {
// Prevent other rules from running when this field already has errors
if (!empty($this->errors[$f])) {
break;
}
// Don't process rules on empty fields
if (!in_array($func[1], $this->empty_rules, TRUE) and $this[$f] == NULL) {
continue;
}
if (!call_user_func($func, $this[$f], $args)) {
// Run each rule
$this->errors[$f] = is_array($func) ? $func[1] : $func;
}
}
}
} else {
if (isset($this->array_fields[$field])) {
// Use the field key
$field_key = $this->array_fields[$field];
// Prevent other rules from running when this field already has errors
if (!empty($this->errors[$field_key])) {
break;
}
// Don't process rules on empty fields
if (!in_array($func[1], $this->empty_rules, TRUE) and $this[$field_key] == NULL) {
continue;
}
foreach ($this[$field_key] as $k => $val) {
if (!call_user_func($func, $this[$field_key][$k], $args)) {
// Run each rule
$this->errors[$field_key] = is_array($func) ? $func[1] : $func;
// Stop after an error is found
break 2;
}
}
} else {
// Prevent other rules from running when this field already has errors
if (!empty($this->errors[$field])) {
break;
}
// Don't process rules on empty fields
if (!in_array($func[1], $this->empty_rules, TRUE) and $this[$field] == NULL) {
continue;
}
if (!call_user_func($func, $this[$field], $args)) {
// Run each rule
$this->errors[$field] = is_array($func) ? $func[1] : $func;
// Stop after an error is found
break;
}
}
}
}
}
foreach ($this->callbacks as $field => $calls) {
foreach ($calls as $func) {
if ($field === $this->any_field) {
foreach ($all_fields as $f) {
// Execute the callback
call_user_func($func, $this, $f);
// Stop after an error is found
if (!empty($errors[$f])) {
break 2;
}
}
} else {
// Execute the callback
call_user_func($func, $this, $field);
// Stop after an error is found
if (!empty($errors[$field])) {
break;
}
}
}
}
foreach ($this->post_filters as $field => $calls) {
foreach ($calls as $func) {
if ($field === $this->any_field) {
foreach ($all_fields as $f) {
if (isset($this->array_fields[$f])) {
// Use the field key
$f = $this->array_fields[$f];
}
// Process each filter
$this[$f] = is_array($this[$f]) ? array_map($func, $this[$f]) : call_user_func($func, $this[$f]);
}
} else {
if (isset($this->array_fields[$field])) {
// Use the field key
$field = $this->array_fields[$field];
}
// Process each filter
$this[$field] = is_array($this[$field]) ? array_map($func, $this[$field]) : call_user_func($func, $this[$field]);
}
}
}
// Return TRUE if there are no errors
return count($this->errors) === 0;
}
/**
* Remove from favorites
*
* @param int|string $event_id
*/
public function _favorite_delete($event_id)
{
$this->history = false;
// for authenticated only
if ($this->user && csrf::valid()) {
// require valid user
$this->event = new Event_Model((int) $event_id);
if ($this->event->id) {
$this->event->delete_favorite($this->user);
}
}
url::back('/members');
}
/**
* Template loading and setup routine.
*/
public function __construct()
{
parent::__construct();
// Get loaded modules
$this->modules = Kohana_Config::instance()->get('core.modules');
// Initialize libraries
$this->cache = Cache::instance();
$this->input = Input::instance();
$this->uri = URI::instance();
$this->visitor = Visitor::instance();
// Validate CSRF token
if (isset($_REQUEST['csrf'])) {
$this->valid_csrf = csrf::valid($_REQUEST['csrf']);
}
// Load current user for easy controller access, null if not logged
$this->user =& $this->visitor->get_user();
// Build the page
$this->template = View::factory($this->template);
// Display the template immediately after the controller method?
if ($this->auto_render === true) {
Event::add('system.post_controller', array($this, '_display'));
}
}
/**
* Edit venue
*
* @param integer|string $venue_id
* @param integer|string $category_id
*/
public function _venue_edit($venue_id = false, $category_id = false)
{
$this->history = false;
$venue = new Venue_Model((int) $venue_id);
// Check access
if (!($venue->loaded() && $venue->has_access(Venue_Model::ACCESS_EDIT)) && !(!$venue->loaded() && $this->visitor->logged_in(array('admin', 'venue moderator', 'venue')))) {
url::back('venues');
}
$errors = $form_errors = array();
$form_values = $venue->as_array();
// check post
if (request::method() == 'post') {
$post = array_merge($this->input->post(), $_FILES);
$extra = array('author_id' => $this->user->id);
// got address, get geocode
if (!empty($post['address']) && !empty($post['city_name'])) {
list($extra['latitude'], $extra['longitude']) = Gmap::address_to_ll(implode(', ', array($post['address'], $post['zip'], $post['city_name'])));
}
if (csrf::valid() && $venue->validate($post, true, $extra)) {
// handle logo upload
if (isset($post->logo) && empty($post->logo['error'])) {
$logo = Image_Model::factory('venues.logo', $post->logo, $this->user->id);
if ($logo->id) {
$venue->add($logo);
$venue->default_image_id = $logo->id;
$venue->save();
}
}
// handle picture uploads
foreach (array($post->picture1, $post->picture2) as $picture) {
if (isset($picture) && empty($picture['error'])) {
$image = Image_Model::factory('venues.image', $picture, $this->user->id);
if ($image->id) {
$venue->add($image);
$venue->save();
}
}
}
// update tags
$venue->remove(ORM::factory('tag'));
if (!empty($post->tags)) {
foreach ($post->tags as $tag_id => $tag) {
$venue->add(ORM::factory('tag', $tag_id));
}
}
url::redirect(url::model($venue));
} else {
$form_errors = $post->errors();
}
$form_values = arr::overwrite($form_values, $post->as_array());
}
// editing old?
if ($venue_id) {
if ($venue->has_access(Venue_Model::ACCESS_DELETE)) {
$this->page_actions[] = array('link' => 'venue/' . url::title($venue->id, $venue->name) . '/delete/?token=' . csrf::token(), 'text' => __('Delete venue'), 'class' => 'venue-delete');
}
$this->page_subtitle = __('Edit venue');
if (!$venue->id) {
$errors = array('venues.error_venue_not_found');
} else {
$venue_category = $venue->venue_category;
}
} else {
$this->page_subtitle = __('Add venue');
if ($category_id) {
$venue_category = new Venue_Category_Model((int) $category_id);
if ($venue_category->id) {
$form_values['venue_category_id'] = $venue_category->id;
} else {
$errors = array('venues.error_venue_category_not_found');
}
}
}
$this->page_actions[] = array('link' => 'venue/' . url::title($venue->id, $venue->name), 'text' => __('Cancel'), 'class' => 'cancel');
$this->breadcrumb[] = html::anchor('/venues/' . url::title($venue_category->id, $venue_category->name), $venue_category->name);
if ($venue->id) {
$this->breadcrumb[] = html::anchor('/venue/' . url::title($venue->id, $venue->name), $venue->name);
}
// show form
if (empty($errors)) {
$form = array();
// tags
if ($venue_category->tag_group_id) {
$form['tags'] = $form_values['tags'] = array();
foreach ($venue_category->tag_group->tags as $tag) {
$form['tags'][$tag->id] = $tag->name;
if ($venue->has($tag)) {
$form_values['tags'][$tag->id] = $tag->name;
}
}
}
$venue_categories = ORM::factory('venue_category')->find_all()->select_list('id', 'name');
$form['venue_category_id'] = $venue_categories;
widget::add('main', View_Mod::factory('venues/venue_edit', array('form' => $form, 'values' => $form_values, 'errors' => $form_errors)));
// city autocomplete
$this->_autocomplete_city();
} else {
$this->_error(Kohana::lang('generic.error'), $errors);
}
$this->_side_views();
}
