예제 #1
0
 function form_open($action = '', $attributes = array(), $hidden = array())
 {
     $CI =& get_instance();
     // If no action is provided then set to the current url
     if (!$action) {
         $action = current_url($action);
     } elseif (strpos($action, '://') === FALSE) {
         $action = if_secure_site_url($action);
     }
     $attributes = _attributes_to_string($attributes);
     if (stripos($attributes, 'method=') === FALSE) {
         $attributes .= ' method="post"';
     }
     if (stripos($attributes, 'accept-charset=') === FALSE) {
         $attributes .= ' accept-charset="' . strtolower(config_item('charset')) . '"';
     }
     $form = '<form action="' . $action . '"' . $attributes . ">\n";
     // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
     if ($CI->config->item('csrf_protection') === TRUE && strpos($action, if_secure_base_url()) !== FALSE && !stripos($form, 'method="get"')) {
         $hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash();
     }
     // Add MY CSRF token if MY CSRF library is loaded
     if ($CI->load->is_loaded('tokens') && strpos($action, if_secure_base_url()) !== FALSE && !stripos($form, 'method="get"')) {
         $hidden[$CI->tokens->name] = $CI->tokens->token();
     }
     if (is_array($hidden)) {
         foreach ($hidden as $name => $value) {
             $form .= '<input type="hidden" name="' . $name . '" value="' . html_escape($value) . '" style="display:none;" />' . "\n";
         }
     }
     return $form;
 }
/**
 * Form Declaration
 *
 * Creates the opening portion of the form.
 *
 * Modified to accomodate HTTPS actions
 *
 * @param  string  the URI segments of the form destination
 * @param  array   a key/value pair of attributes
 * @param  array   a key/value pair hidden data
 */
function form_open($action = '', $attributes = '', $hidden = array())
{
    $CI =& get_instance();
    if ($attributes == '') {
        $attributes = 'method="post"';
    }
    // If an action is not a full URL then turn it into one
    if ($action && strpos($action, '://') === FALSE) {
        $action = if_secure_site_url($action);
    }
    // If no action is provided then set to the current url
    $action or $action = if_secure_site_url($CI->uri->uri_string());
    $form = '<form action="' . $action . '"';
    $form .= _attributes_to_string($attributes, TRUE);
    $form .= '>';
    // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
    if ($CI->config->item('csrf_protection') === TRUE and !(strpos($action, if_secure_base_url()) === FALSE or strpos($form, 'method="get"'))) {
        $hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash();
    }
    // Add MY CSRF token if MY CSRF library is loaded
    if ($CI->load->is_loaded('tokens') and !(strpos($action, if_secure_base_url()) === FALSE or strpos($form, 'method="get"'))) {
        $hidden[$CI->tokens->name] = $CI->tokens->token();
    }
    if (is_array($hidden) and count($hidden) > 0) {
        $form .= sprintf("<div style=\"display:none\">%s</div>", form_hidden($hidden));
    }
    return $form;
}
 /**
  * New function creates a URL to the file that was uploaded.
  */
 public function file_url($full_path)
 {
     // Get all URI segments of the file upload location
     $path_parts = explode('/', $full_path);
     // Initialize variable to track if upload_dir has been reached when looping through $path_parts
     $target_dir = FALSE;
     // Initialize variable to hold our image path to pass to base_url()
     $file_url = '';
     // Loop through $path_parts
     for ($x = 0; $x <= count($path_parts) - 1; $x++) {
         // If this parth part is the upload_dir, or if the upload_dir has already been reached
         if ($path_parts[$x] == $this->upload_dir or $target_dir === TRUE) {
             // Build on to the path to pass to base_url()
             $file_url .= $target_dir ? '/' . $path_parts[$x] : $path_parts[$x];
             $target_dir = TRUE;
         }
     }
     // Return the URL to the image
     return if_secure_base_url($file_url);
 }
 *
 * @package     Community Auth
 * @author      Robert B Gottier
 * @copyright   Copyright (c) 2011 - 2015, Robert B Gottier. (http://brianswebdesign.com/)
 * @license     BSD - http://www.opensource.org/licenses/BSD-3-Clause
 * @link        http://community-auth.com
 */
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Community Auth Installation</title>
<meta name="robots" content="noindex,nofollow" />
<base href="<?php 
echo if_secure_base_url();
?>
" />
<?php 
// Always add the main stylesheet
echo link_tag(array('href' => 'css/style.css', 'media' => 'screen', 'rel' => 'stylesheet')) . "\n";
// jQuery is always loaded
echo script_tag('//ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js') . "\n";
// Add any additional javascript
if (isset($javascripts)) {
    for ($x = 0; $x <= count($javascripts) - 1; $x++) {
        echo script_tag($javascripts["{$x}"]) . "\n";
    }
}
?>
</head>
 /**
  * Delete image from filesystem and database
  */
 public function delete_image()
 {
     // Make sure anyone is logged in
     if ($this->require_min_level(1)) {
         // Load resources
         $this->load->helper('file');
         // Make sure the form token matches
         if ($this->tokens->match) {
             // Make sure we have the appropriate post variable
             if ($image_data = $this->input->post('src')) {
                 // Make sure the user's directory appears in the posted 'src'
                 $user_dir = $this->auth_user_id . '-' . md5(config_item('encryption_key') . $this->auth_user_id);
                 if (strpos($image_data, $user_dir) !== FALSE) {
                     // Remove scheme and domain from the src
                     $file_location = str_replace(if_secure_base_url(), '', $image_data);
                     // Add path to base file location
                     $uploaded_file = FCPATH . $file_location;
                     // Delete the file from the file system
                     unlink($uploaded_file);
                     // Remove the file from the base file location to get path to directory
                     $dir_location = FCPATH . pathinfo($file_location, PATHINFO_DIRNAME);
                     // rmdir() will remove the directory if it is empty
                     @rmdir($dir_location);
                     // Check the database for existing images data
                     $query_data = $this->uploads_model->get_custom_uploader_images($this->auth_user_id);
                     // Unserialize the existing images data
                     $arr = unserialize($query_data->images_data);
                     /**
                      * If the deleted image was the only image, delete the record
                      * and delete the directory that was holding the images. If 
                      * there is more than one image, we just update the record.
                      */
                     if (count($arr) > 1) {
                         $temp = FALSE;
                         // For each image in the existing images data
                         foreach ($arr as $k => $v) {
                             // If this isn't the image that we are deleting now
                             if ($v != $image_data) {
                                 // Save it to a temp array
                                 $temp[] = $v;
                             }
                         }
                         // Send the new images data to the model for record update
                         if ($model_response = $this->uploads_model->save_image_data($this->auth_user_id, serialize($temp))) {
                             $response = array('status' => 'Image Deleted', 'token' => $this->tokens->token(), 'ci_csrf_token' => $this->security->get_csrf_hash());
                         } else {
                             $response['status'] = 'Error: Model Response = FALSE on SAVE';
                         }
                     } else {
                         if ($model_response = $this->uploads_model->delete_image_record($this->auth_user_id)) {
                             $response = array('status' => 'Image Deleted', 'token' => $this->tokens->token(), 'ci_csrf_token' => $this->security->get_csrf_hash());
                         } else {
                             $response['status'] = 'Error: Model Response = FALSE on DELETE';
                         }
                     }
                 } else {
                     $response['status'] = 'Error: Image Path Not Verified';
                 }
             } else {
                 $response['status'] = 'Error: No Image Data';
             }
         } else {
             $response['status'] = 'Error: No Token Match';
         }
         echo json_encode($response);
     }
 }