/** * Show Permission denied page */ public function actionPermissionDenied() { // TODO: logout user, redirect to admin login form and the error should be dislayed in the form ErrorHandler::logError('Permission denied!<br />- You do not have enough privilege to access the page you requested or<br />- The requested page is accessible but a service on that page cannot be performed on your behalf.'); Yii::app()->layout = 'permission'; $this->render('PermissionDenied'); }
/** * Edit user * User query string Id parameter as the User ID, if Id=0 or not provided * the action will create a new user */ public function actionEdit() { $userId = $this->get('Id', 0); if ($userId == 0) { $user = new FUser(); $user->Status = FUser::STATUS_MEMBER; } else { $user = FUser::model()->findByPk($userId); } if (!is_null($user)) { $user->Password = ''; // We don't show user password } else { ErrorHandler::logError(Yii::t('User', 'Invalid user Id.')); } $this->render('Edit', array('user' => $user)); }
public function actionSave() { $module = $this->post('Module', ''); if (Yii::app()->request->isPostRequest) { $this->message = 'Your new configuration is updated successfully.'; //POST data foreach ($_POST as $key => $value) { $param = Setting::model()->find('Name = :Param AND Module = :Module', array(':Param' => $key, ':Module' => $module)); if (is_null($param)) { continue; } $param->Value = $value; if (!$param->validate()) { ErrorHandler::logError($param->getError('Value')); $this->message = ''; } else { $param->save(); } } //FILE upload if any foreach ($_FILES as $key => $file) { /** * If enctype='multipart/form-data' has file fiels, $_FILES always * has information related to file fields. We have to check if * each field has file uploaded or not */ if ($file['error'] == UPLOAD_ERR_NO_FILE) { continue; } $param = Setting::model()->find('Name = :Param', array(':Param' => $key)); if (is_null($param)) { continue; } //Not match any setting param /** * Set param value to $file as normally an upload file param should have * a writer Service to save file and return filepath as the final value */ $param->Value = $file; if (!$param->validate()) { ErrorHandler::logError($param->getError('Value')); $this->message = ''; } else { $param->save(); } } //Cms::service('Cms/Settings/db2php', array('Module' => $module)); } $params = array(); if ($module) { $params = array('module' => $module); } $this->redirect($this->createUrl("/Core/settings", $params)); }
/** * Displays Forbidden Error (403 Error) * * @static * @return bool */ public static function displayForbiddenError() { $config = Config::getInstance(); try { $errorPath = $config->getParam("errorPath"); $dir = $errorPath . DS . "view" . DS; $customDir = $errorPath . DS . "view" . DS . "customTemplates" . DS; $listDir = @scandir($customDir, 1); if (count($listDir) == 2) { $template = "defaultForbiddenError.php"; $template = $dir . $template; } else { $template = (string) $config->getParam("customForbiddenTemplate"); $template = $customDir . $dir; } if (file_exists($template)) { require_once $template; } else { print "<h1>Error: 403</h1>"; } $caller = debug_backtrace(); $caller = $caller[1]; if (isset($caller["file"])) { $file = $caller["file"]; } else { $file = ""; } if (isset($caller["line"])) { $line = $caller["line"]; } else { $line = 0; } $get = print_r($_GET, TRUE); $post = print_r($_POST, TRUE); $files = print_r($_FILES, TRUE); $session = print_r($_SESSION, TRUE); $message = "403 Forbidden for {$_SERVER["REQUEST_URI"]} IP={$_SERVER["REMOTE_ADDR"]} Parameters: ( GET={$get} | POST={$post} | FILE={$files} | SESSION={$session}"; return ErrorHandler::logError("forbidden", $line, $message, $file); } catch (Exception $ex) { return false; } }