private function tag_search($tool_id, $tag) { $tag = valid::filter_php_url($tag); $view = new View('public_blog/blogs/multiple_posts'); $blog_posts = $this->db->query("\n SELECT blog_posts.*, \n DATE_FORMAT(created, '%M %e, %Y, %l:%i%p') as created_on, blog_post_tags.value,\n GROUP_CONCAT(DISTINCT blog_post_tags.value ORDER BY blog_post_tags.value separator ',') as tag_string,\n FIND_IN_SET('{$tag}', GROUP_CONCAT(DISTINCT blog_post_tags.value)) as tag_match,\n COUNT(DISTINCT blog_post_comments.id) as comments\n FROM blog_posts\n LEFT JOIN blog_post_tags ON blog_posts.id = blog_post_tags.blog_post_id\n LEFT JOIN blog_post_comments ON blog_posts.id = blog_post_comments.blog_post_id\n WHERE blog_posts.blog_id = '{$tool_id}'\n AND blog_posts.fk_site = '{$this->site_id}' \n AND blog_posts.status = 'publish'\n GROUP BY blog_posts.id HAVING tag_match > '0'\n ORDER BY created DESC\n "); $view->blog_posts = $blog_posts; $view->tag = $tag; $view->tag_search = $blog_posts->count(); #Javascript #$view->request_js_files('expander/expander.js'); return $view; }
public function add($tool_id = NULL) { valid::id_key($tool_id); if (!empty($_POST['name'])) { $_POST['url'] = empty($_POST['url']) ? $_POST['name'] : $_POST['url']; $new_cat = ORM::factory('forum_cat'); $new_cat->forum_id = $tool_id; $new_cat->fk_site = $this->site_id; $new_cat->name = trim($_POST['name']); $new_cat->url = valid::filter_php_url($_POST['url']); $new_cat->save(); die("{$new_cat->id}|{$new_cat->name}|New Category Added."); } die('nothing sent'); }
<h2 class="faq_header"><?php echo $format->name; ?> </h2> <dl class="faq_list"> <?php $x = 0; foreach ($format->format_items as $item) { $url_question = valid::filter_php_url($item->title); ?> <span id="format_item_<?php echo $item->id; ?> " class="format_item" rel="<?php echo $item->id; ?> "> <dt class="minus"> <?php echo ++$x; ?> . <a href="#<?php echo $url_question; ?> " class="toggle"><?php echo $item->title; ?>
</span> <br/>votes </div> <div class="comments"> <span><?php echo --$post->comment_count; ?> </span> replies </div> <div class="summary"> <div class="title"> <a href="<?php echo url::site("{$page_name}/view/{$post->id}") . '/' . valid::filter_php_url($post->title); ?> " class="forum_load_main"><?php echo $post->title; ?> </a> </div> <div> <a href="#" class="preview" rel="<?php echo $post->id; ?> ">preview</a> created by <a href="/<?php echo $this->account_page; ?> /profile/<?php
echo $item->id; ?> "><?php echo $item->title; ?> </a></li> <?php } ?> </ul> <div class="tabs_content_wrapper"> <?php foreach ($format->format_items as $item) { $url_title = valid::filter_php_url($item->title); ?> <div id="format_item_<?php echo $item->id; ?> " class="format_item" rel="<?php echo $item->id; ?> "> <?php echo $item->body; ?> </div> <?php } ?>
<?php foreach ($comments as $comment) { ?> <div class="each_comment_wrapper"> <div class="title"> <a href="<?php echo url::site("{$this->page_name}/view/{$comment->forum_cat_post->id}") . '/' . valid::filter_php_url($comment->forum_cat_post->title); ?> " class="forum_load_main"><?php echo $comment->forum_cat_post->title; ?> </a> </div> <div class="votes"> <span><?php echo $comment->vote_count; ?> </span> </div> <div id="comment_<?php echo $comment->id; ?> " class="comment_body"> <?php echo $comment->body; ?> </div>
public function add_folder() { if (!isset($_GET['dir'])) { $_GET['dir'] = ''; } $short_dir = str_replace(':', '/', $_GET['dir']); $dir = self::validate_dir($_GET['dir']); if ($_POST) { $folder_name = trim($_POST['folder_name']); $folder_name = valid::filter_php_url($folder_name); if (is_dir("{$dir}/{$folder_name}")) { die('folder already exists'); } if (mkdir("{$dir}/{$folder_name}")) { die('Folder created.'); } die('Could not create folder.'); } $view = new View('files/add_folder'); $view->short_dir = $short_dir; $view->short_url_dir = $_GET['dir']; $view->filter = ''; die($view); }
public function new_website($page_name) { if (ROOTACCOUNT != $this->site_name) { die('return a 404 not found'); } if (!$_POST) { return $this->plusjade_dashboard($page_name, 'Nothing Sent.'); } $site_name = valid::filter_php_url(trim($_POST['site_name'])); $site = ORM::factory('site'); if ($site->subdomain_exists($site_name)) { return $this->plusjade_dashboard($page_name, 'site name already exists'); } # attempt to create the website $status = Site_Controller::_create_website($site_name, 'base', $this->account_user->get_user()->id); return $this->plusjade_dashboard($page_name, $status); }
public function claim() { if (!$this->client->can_edit($this->site_id)) { die('Please login'); } # create a new user account for plusjade account_user tool. if ($_POST) { $post = new Validation($_POST); $post->pre_filter('trim'); $post->add_rules('email', 'required', 'valid::email'); $post->add_rules('username', 'required', 'valid::alpha_numeric'); $post->add_rules('password', 'required', 'matches[password2]', 'valid::alpha_dash'); $values = array('email' => '', 'username' => '', 'password' => '', 'password2' => ''); $values = arr::overwrite($values, $post->as_array()); if (!$post->validate()) { $errors = $values; $errors = arr::overwrite($errors, $post->errors('form_error_messages')); die(self::display_create($values, $errors)); } # Create new user $account_user = ORM::factory('account_user'); $username = valid::filter_php_url(trim($_POST['username'])); if ($account_user->username_exists($username, self::plusjade_site_id)) { die(self::display_create($_POST, 'username already exists')); } unset($_POST['password2']); $account_user->fk_site = self::plusjade_site_id; # load vars to user table foreach ($_POST as $key => $val) { $account_user->{$key} = $val; } # set edit rights for this site. $account_user->add(ORM::factory('site', $this->site_id)); if (!$account_user->save()) { die(self::display_create($values, 'There was a problem creating your account.')); } # mark site as claimed. database it as well. yaml::edit_site_value($this->site_name, 'site_config', 'claimed', 'TRUE'); $site = ORM::factory('site', $this->site_id); $site->claimed = 'yes'; $site->save(); # setup the auth session. $this->client->force_login($account_user); die(View::factory('site/claim_success')); } die(self::display_create()); }
echo "<input type='radio' name='{$field_name}' value='{$choice->value}' id='opt_{$unique}' checked='checked'> "; } else { echo "<input type='radio' name='{$field_name}' value='{$choice->value}' id='opt_{$unique}' {$required}>"; } echo "<label for='opt_{$unique}'>{$choice->value}</label> <br/>"; ++$unique; $required = ''; } } break; case 'checkbox': # TODO this is not finished. $choices = json_decode($item->meta); if (!empty($choices) and is_array($choices)) { foreach ($choices as $choice) { $url_value = valid::filter_php_url($choice->value); echo "<input type='checkbox' name='{$field_name}:{$url_value}' id='opt_{$unique}'> <label for='opt_{$unique}'>{$choice->value}</label> <br/>"; ++$unique; } } break; } if (isset($errors[$field_name])) { echo "<span class='error_msg'>{$errors[$field_name]}</span>"; } ?> </fieldset> <?php } ?>
private static function forms($format) { if ($_POST) { $values = array(); $post = new Validation($_POST); $post->pre_filter('trim'); # setup the form requirements. # TODO add more specific rule filters based on type. # e.g. validate, phone, email, website input where applicable. foreach ($format->format_items as $item) { $field_name = "{$item->id}:" . valid::filter_php_url($item->title); $values[$field_name] = ''; if (!empty($item->album)) { $post->add_rules("{$field_name}", 'required'); } } # on error if (!$post->validate()) { $view = new View("public_format/forms/list"); $view->errors = $post->errors(); $view->values = $_POST; $view->format = $format; # this is only necessary for ajax mode, which we shouldnt need often. return $view; } # on success send the email and display status message. $replyto = 'unknown'; ob_start(); echo "This message was sent by a customer from a form on your website!\r\n"; echo "DO NOT REPLY TO THIS EMAIL.\r\nUse the given contact information below\r\n"; echo "Thank you! - (Jade) \r\n----------------------------------\r\n\r\n"; unset($_POST['post_handler']); foreach ($_POST as $name => $value) { if ('email' == $name[1] and !empty($value)) { $replyto = $value; } $name = explode(':', $name); echo "{$name[1]}: {$value}\r\n--------------------\r\n"; } $view = new View("public_format/forms/status"); $view->success = FALSE; # REMEMBER, this is for dev host only. # $view->output = ob_get_clean(); # return $view; # to do FIX THE HEADERS. $to = empty($format->params) ? '*****@*****.**' : $format->params; $subject = 'Customer message from: ' . url::site(); $headers = "From: noreply@plusjade.com \r\n" . 'Reply-To: ' . $replyto . "\r\n" . 'X-Mailer: PHP/' . phpversion(); if (mail($to, $subject, ob_get_clean(), $headers)) { $view->success = TRUE; } return $view; die; } $view = new View("public_format/forms/list"); return $view; }
private function validate_page_name($label, $page_name, $directory = 'ROOT', $omit = NULL) { $label = trim($label); if (empty($label)) { die('Name is required'); } $page_name = trim($page_name); if (empty($page_name)) { $page_name = strtolower($label); } # Sanitize page_name $page_name = valid::filter_php_url($page_name); # Validate Unique Page_name relative to page directory $filter_array = self::get_folder_filenames($directory, NULL, $omit); if (in_array($page_name, $filter_array)) { die('Page name already exists'); } return $page_name; }
private function save_tags($tags, $blog_post_id, $blog_id) { $tags = trim($tags); if (empty($tags)) { return FALSE; } $db = Database::instance(); # sort by space. $tags = explode(' ', $tags); foreach ($tags as $tag) { $tag = trim($tag); $data = array('fk_site' => $this->site_id, 'blog_post_id' => $blog_post_id, 'blog_id' => $blog_id, 'value' => valid::filter_php_url($tag)); $db->insert('blog_post_tags', $data); } return TRUE; }
public function add_theme() { if (empty($_POST['theme']) or 'safe_mode' == trim($_POST['theme'])) { die('No theme sent'); } $theme = valid::filter_php_url($_POST['theme']); $full_path = $this->assets->themes_dir($theme); if (is_dir($full_path)) { die('Theme already exists'); } if (is_dir(DOCROOT . '_assets/themes/_clone')) { if (Jdirectory::copy(DOCROOT . '_assets/themes/_clone', $full_path)) { die($theme); } } # need this to update the DOM die('Could not add theme.'); }