public function admin()
{
switch ($_REQUEST['iop']) {
case 'delete_image':
if (!$this->folder->id || !Current_User::secured('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
Current_User::disallow();
}
$this->loadImage(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT));
$this->image->delete();
PHPWS_Core::goBack();
break;
case 'post_image_upload':
if (!$this->folder->id || !Current_User::authorized('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
Current_User::disallow();
}
if (!$this->postImageUpload()) {
\Cabinet::setMessage('Failed to upload image. Check directory permissions.');
}
Layout::nakedDisplay();
//\PHPWS_Core::goBack();
break;
case 'upload_image_form':
if (!$this->folder->id || !Current_User::secured('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
Current_User::disallow();
}
$this->loadImage(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT));
$this->edit();
echo Layout::wrap($this->content, 'Image Upload', true);
exit;
}
}
public function admin()
{
switch ($_REQUEST['mop']) {
case 'delete_multimedia':
if (!$this->folder->id || !Current_User::authorized('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
Current_User::disallow();
}
$this->loadMultimedia(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT));
$this->multimedia->delete();
PHPWS_Core::goBack();
break;
case 'post_multimedia_upload':
if (!$this->folder->id || !Current_User::authorized('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
Current_User::disallow();
}
$this->postMultimediaUpload();
\PHPWS_Core::goBack();
break;
case 'upload_multimedia_form':
if (!Current_User::secured('filecabinet', 'edit_folders', $this->multimedia->folder_id, 'folder')) {
Current_User::disallow();
}
$this->loadMultimedia(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT));
if (!$this->multimedia->id) {
$this->multimedia->folder_id = filter_input(INPUT_GET, 'folder_id', FILTER_VALIDATE_INT);
}
$this->edit();
echo json_encode(array('title' => $this->title, 'content' => $this->content));
exit;
case 'edit_rtmp':
if (!Current_User::secured('filecabinet', 'edit_folders', $this->multimedia->folder_id, 'folder')) {
Current_User::disallow();
}
$this->loadMultimedia(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT));
$this->editRTMP();
echo json_encode(array('title' => $this->title, 'content' => $this->content));
exit;
case 'post_rtmp':
if (!Current_User::authorized('filecabinet', 'edit_folders', $this->multimedia->folder_id, 'folder')) {
Current_User::disallow();
}
if (!$this->postRTMP()) {
$this->editRTMP();
}
\PHPWS_Core::goBack();
break;
}
return $this->content;
}
public function admin()
{
switch ($_REQUEST['dop']) {
case 'delete_document':
if (!$this->folder->id || !Current_User::secured('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
Current_User::disallow();
}
$this->document->delete();
PHPWS_Core::returnToBookmark();
break;
case 'post_document_upload':
if (!$this->folder->id || !Current_User::authorized('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
Current_User::disallow();
}
$this->postDocumentUpload();
javascript('close_refresh');
Layout::nakedDisplay();
//\PHPWS_Core::goBack();
break;
case 'upload_document_form':
if (!$this->folder->id || !Current_User::secured('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
Current_User::disallow();
}
$this->loadDocument(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT));
$this->edit();
echo Layout::wrap($this->content, 'Document Upload', true);
exit;
case 'add_access':
if (!Current_User::authorized('filecabinet')) {
Current_User::disallow();
}
$keyword = null;
$this->loadDocument();
// document exists, try making a shortcut
if ($this->document->id) {
PHPWS_Core::initModClass('access', 'Shortcut.php');
$shortcut = new Access_Shortcut();
if (isset($_GET['keyword'])) {
$keyword = $_GET['keyword'];
}
if (empty($keyword)) {
$keyword = $this->document->title;
}
$result = $shortcut->setKeyword($keyword);
$new_keyword = $shortcut->keyword;
// if setKeyword returns a false or error, we have them pick a different name
if (!$result || PHPWS_Error::isError($result)) {
$message = dgettext('filecabinet', 'Access shortcut name already in use. Please enter another.');
$success = false;
} else {
$shortcut->setUrl('filecabinet', $this->document->getViewLink());
$shortcut->save();
$success = true;
$message = '<p>' . dgettext('filecabinet', 'Access shortcut successful!') . '</p>';
$message .= '<a href="' . PHPWS_Core::getHomeHttp() . $shortcut->keyword . '">' . PHPWS_Core::getHomeHttp() . $shortcut->keyword . '</a>';
}
} else {
$message = dgettext('filecabinet', 'File not found');
// not really a success but prevents a repost prompt
$success = true;
}
echo json_encode(array('success' => $success, 'message' => $message, 'keyword' => $new_keyword));
exit;
}
}
public static function adminAction()
{
PHPWS_Core::initModClass('users', 'Group.php');
$title = $message = $content = null;
if (!Current_User::allow('users')) {
PHPWS_User::disallow(dgettext('users', 'Tried to perform an admin function in Users.'));
return;
}
$message = User_Action::getMessage();
$panel = User_Action::cpanel();
$panel->enableSecure();
if (isset($_REQUEST['command'])) {
$command = $_REQUEST['command'];
} else {
$command = $panel->getCurrentTab();
}
if (isset($_REQUEST['user_id'])) {
$user = new PHPWS_User((int) $_REQUEST['user_id']);
} else {
$user = new PHPWS_User();
}
if (isset($_REQUEST['group_id'])) {
$group = new PHPWS_Group((int) $_REQUEST['group_id']);
} else {
$group = new PHPWS_Group();
}
switch ($command) {
/** Form cases * */
/** User Forms * */
case 'new_user':
if (PHPWS_Settings::get('users', 'allow_new_users') || Current_User::isDeity()) {
$panel->setCurrentTab('new_user');
$title = dgettext('users', 'Create User');
$content = User_Form::userForm($user);
} else {
Current_User::disallow();
}
break;
case 'search_members':
self::searchMembers();
exit;
break;
case 'manage_users':
$title = dgettext('users', 'Manage Users');
$content = User_Form::manageUsers();
break;
case 'editUser':
$title = dgettext('users', 'Edit User');
$user = new PHPWS_User($_REQUEST['user_id']);
$content = User_Form::userForm($user);
break;
case 'deleteUser':
if (!Current_User::secured('users', 'delete_users')) {
Current_User::disallow();
return;
}
$user->kill();
PHPWS_Core::goBack();
break;
case 'deify_user':
if (!Current_User::authorized('users') || !Current_User::isDeity()) {
Current_User::disallow();
return;
}
$user->deity = 1;
$user->save();
PHPWS_Core::goBack();
break;
case 'mortalize_user':
if (!Current_User::authorized('users') || !Current_User::isDeity()) {
Current_User::disallow();
return;
}
$user->deity = 0;
$user->save();
PHPWS_Core::goBack();
break;
case 'authorization':
case 'postAuthorization':
case 'dropAuthScript':
if (!Current_User::isDeity()) {
Current_User::disallow();
}
if ($command == 'dropAuthScript' && isset($_REQUEST['script_id'])) {
User_Action::dropAuthorization($_REQUEST['script_id']);
} elseif ($command == 'postAuthorization') {
User_Action::postAuthorization();
$message = dgettext('users', 'Authorization updated.');
}
$title = dgettext('users', 'Authorization');
$content = User_Form::authorizationSetup();
break;
case 'editScript':
$title = dgettext('users', 'Edit Authorization Script');
// no reason to edit scripts yet
break;
case 'setUserPermissions':
if (!Current_User::authorized('users', 'edit_permissions')) {
PHPWS_User::disallow();
return;
}
if (!$user->id) {
PHPWS_Core::errorPage('404');
}
PHPWS_Core::initModClass('users', 'Group.php');
$title = dgettext('users', 'Set User Permissions') . ' : ' . $user->getUsername();
$content = User_Form::setPermissions($user->getUserGroup());
break;
case 'deactivateUser':
if (!Current_User::authorized('users')) {
PHPWS_User::disallow();
return;
}
User_Action::activateUser($_REQUEST['user_id'], false);
PHPWS_Core::goBack();
break;
case 'activateUser':
if (!Current_User::authorized('users')) {
PHPWS_User::disallow();
return;
}
User_Action::activateUser($_REQUEST['user_id'], true);
PHPWS_Core::goBack();
break;
/** End User Forms * */
/* * ******************** Group Forms *********************** */
/** End User Forms * */
/* * ******************** Group Forms *********************** */
case 'setGroupPermissions':
if (!Current_User::authorized('users', 'edit_permissions')) {
PHPWS_User::disallow();
return;
}
PHPWS_Core::initModClass('users', 'Group.php');
$title = dgettext('users', 'Set Group Permissions') . ' : ' . $group->getName();
$content = User_Form::setPermissions($_REQUEST['group_id'], 'group');
break;
case 'new_group':
$title = dgettext('users', 'Create Group');
$content = User_Form::groupForm($group);
break;
case 'edit_group':
$title = dgettext('users', 'Edit Group');
$content = User_Form::groupForm($group);
break;
case 'remove_group':
$group->kill();
$title = dgettext('users', 'Manage Groups');
$content = User_Form::manageGroups();
break;
case 'manage_groups':
$panel->setCurrentTab('manage_groups');
PHPWS_Core::killSession('Last_Member_Search');
$title = dgettext('users', 'Manage Groups');
$content = User_Form::manageGroups();
break;
case 'manageMembers':
PHPWS_Core::initModClass('users', 'Group.php');
$title = dgettext('users', 'Manage Members') . ' : ' . $group->getName();
$content = User_Form::manageMembers($group);
break;
case 'postMembers':
if (!Current_User::authorized('users', 'add_edit_groups')) {
Current_User::disallow();
return;
}
$title = dgettext('users', 'Manage Members') . ' : ' . $group->getName();
$content = User_Form::manageMembers($group);
break;
/* * *********************** End Group Forms ****************** */
/* * *********************** Misc Forms *********************** */
/* * *********************** End Group Forms ****************** */
/* * *********************** Misc Forms *********************** */
case 'settings':
if (!Current_User::authorized('users', 'settings')) {
Current_User::disallow();
return;
}
$title = dgettext('users', 'Settings');
$content = User_Form::settings();
break;
/** End Misc Forms * */
/** Action cases * */
/** End Misc Forms * */
/** Action cases * */
case 'deify':
if (!Current_User::isDeity()) {
Current_User::disallow();
return;
}
$user = new PHPWS_User($_REQUEST['user']);
if (isset($_GET['authorize'])) {
if ($_GET['authorize'] == 1 && Current_User::isDeity()) {
$user->setDeity(true);
$user->save();
User_Action::sendMessage(dgettext('users', 'User deified.'), 'manage_users');
break;
} else {
User_Action::sendMessage(dgettext('users', 'User remains a lowly mortal.'), 'manage_users');
break;
}
} else {
$content = User_Form::deify($user);
}
break;
case 'mortalize':
if (!Current_User::isDeity()) {
Current_User::disallow();
return;
}
$user = new PHPWS_User($_REQUEST['user']);
if (isset($_GET['authorize'])) {
if ($_GET['authorize'] == 1 && Current_User::isDeity()) {
$user->setDeity(false);
$user->save();
$content = dgettext('users', 'User transformed into a lowly mortal.') . '<hr />' . User_Form::manageUsers();
break;
} else {
$content = dgettext('users', 'User remains a deity.') . '<hr />' . User_Form::manageUsers();
break;
}
} else {
$content = User_Form::mortalize($user);
}
break;
case 'postUser':
if (isset($_POST['user_id'])) {
if (!Current_User::authorized('users', 'edit_users')) {
PHPWS_User::disallow();
return;
}
} else {
// posting new user
if (!Current_User::authorized('users')) {
PHPWS_User::disallow();
return;
}
}
$result = User_Action::postUser($user);
if ($result === true) {
$new_user = !(bool) $user->id;
$user->setActive(true);
$user->setApproved(true);
if (PHPWS_Error::logIfError($user->save())) {
$title = dgettext('users', 'Sorry');
$content = dgettext('users', 'An error occurred when trying to save the user. Check your logs.');
break;
}
if ($new_user) {
User_Action::assignDefaultGroup($user);
if (isset($_POST['group_add']) && is_array($_POST['group_add'])) {
foreach ($_POST['group_add'] as $group_id) {
$group = new PHPWS_Group($group_id);
$group->addMember($user->_user_group);
$group->save();
}
}
}
$panel->setCurrentTab('manage_users');
if (isset($_POST['notify_user'])) {
self::notifyUser($user, $_POST['password1']);
}
if (isset($_POST['user_id'])) {
User_Action::sendMessage(dgettext('users', 'User updated.'), 'manage_users');
} elseif (Current_User::allow('users', 'edit_permissions')) {
if (isset($_POST['notify_user'])) {
User_Action::sendMessage(dgettext('users', 'New user created and notified.'), 'setUserPermissions&user_id=' . $user->id);
} else {
User_Action::sendMessage(dgettext('users', 'New user created.'), 'setUserPermissions&user_id=' . $user->id);
}
} else {
User_Action::sendMessage(dgettext('users', 'User created.'), 'new_user');
}
} else {
$message = implode('<br />', $result);
if (isset($_POST['user_id'])) {
$title = dgettext('users', 'Edit User');
} else {
$title = dgettext('users', 'Create User');
}
$content = User_Form::userForm($user);
}
break;
case 'postPermission':
if (!Current_User::authorized('users', 'edit_permissions')) {
PHPWS_User::disallow();
return;
}
User_Action::postPermission();
User_Action::sendMessage(dgettext('users', 'Permissions updated'), $panel->getCurrentTab());
break;
case 'postGroup':
if (!Current_User::authorized('users', 'add_edit_groups')) {
PHPWS_User::disallow();
return;
}
PHPWS_Core::initModClass('users', 'Group.php');
$result = User_Action::postGroup($group);
if (PHPWS_Error::isError($result)) {
$message = $result->getMessage();
$title = isset($group->id) ? dgettext('users', 'Edit Group') : dgettext('users', 'Create Group');
$content = User_form::groupForm($group);
} else {
$result = $group->save();
if (PHPWS_Error::logIfError($result)) {
$message = dgettext('users', 'An error occurred when trying to save the group.');
} else {
$message = dgettext('users', 'Group created.');
}
User_Action::sendMessage($message, 'manage_groups');
}
break;
case 'addMember':
if (!Current_User::authorized('users', 'add_edit_groups')) {
PHPWS_User::disallow();
return;
}
PHPWS_Core::initModClass('users', 'Group.php');
$group->addMember($_REQUEST['member']);
$group->save();
unset($_SESSION['Last_Member_Search']);
User_Action::sendMessage(dgettext('users', 'Member added.'), 'manageMembers&group_id=' . $group->id);
break;
case 'dropMember':
if (!Current_User::authorized('users', 'add_edit_groups')) {
PHPWS_User::disallow();
return;
}
PHPWS_Core::initModClass('users', 'Group.php');
$group->dropMember($_REQUEST['member']);
$group->save();
unset($_SESSION['Last_Member_Search']);
User_Action::sendMessage(dgettext('users', 'Member removed.'), 'manageMembers&group_id=' . $group->id);
break;
case 'update_settings':
if (!Current_User::authorized('users', 'settings')) {
PHPWS_User::disallow();
return;
}
$title = dgettext('users', 'Settings');
$result = User_Action::update_settings();
if ($result === true) {
$message = dgettext('users', 'User settings updated.');
} else {
$message = $result;
}
$content = User_Form::settings();
break;
case 'check_permission_tables':
if (!Current_User::authorized('users', 'settings')) {
PHPWS_User::disallow();
return;
}
$title = dgettext('users', 'Register Module Permissions');
$content = User_Action::checkPermissionTables();
break;
default:
PHPWS_Core::errorPage('404');
break;
}
$template['CONTENT'] = $content;
$template['TITLE'] = $title;
$template['MESSAGE'] = $message;
$final = PHPWS_Template::process($template, 'users', 'main.tpl');
$panel->setContent($final);
Layout::add(PHPWS_ControlPanel::display($panel->display()));
}
