authenticatedPostBack() 공개 메소드

It validates the postback by looking at a transient value that was rendered using $this->Open() and submitted with the form. Ref: http://en.wikipedia.org/wiki/Cross-site_request_forgery
public authenticatedPostBack ( boolean $throw = false ) : boolean
$throw boolean Whether or not to throw an exception if this is a postback AND the transient key doesn't validate.
리턴 boolean Returns true if the postback could be authenticated or false otherwise.
예제 #1
0
 /**
  *
  * @param Gdn_Controller $Sender
  * @throws Exception
  */
 public function __construct($Sender = null)
 {
     if (property_exists($Sender, 'Conversation')) {
         $this->Conversation = $Sender->Conversation;
     }
     // Allowed to use this module?
     $this->AddUserAllowed = $Sender->ConversationModel->addUserAllowed($this->Conversation->ConversationID);
     $this->Form = Gdn::factory('Form', 'AddPeople');
     // If the form was posted back, check for people to add to the conversation
     if ($this->Form->authenticatedPostBack()) {
         // Defer exceptions until they try to use the form so we don't fill our logs
         if (!$this->AddUserAllowed || !checkPermission('Conversations.Conversations.Add')) {
             throw permissionException();
         }
         $NewRecipientUserIDs = array();
         $NewRecipients = explode(',', $this->Form->getFormValue('AddPeople', ''));
         $UserModel = Gdn::factory("UserModel");
         foreach ($NewRecipients as $Name) {
             if (trim($Name) != '') {
                 $User = $UserModel->getByUsername(trim($Name));
                 if (is_object($User)) {
                     $NewRecipientUserIDs[] = $User->UserID;
                 }
             }
         }
         $Sender->ConversationModel->addUserToConversation($this->Conversation->ConversationID, $NewRecipientUserIDs);
         $Sender->informMessage(t('Your changes were saved.'));
         $Sender->RedirectUrl = url('/messages/' . $this->Conversation->ConversationID);
     }
     $this->_ApplicationFolder = $Sender->Application;
     $this->_ThemeFolder = $Sender->Theme;
 }
예제 #2
0
 /**
  * Prompts new admins how to get started using new install.
  *
  * @since 2.0.0
  * @access public
  */
 public function gettingStarted()
 {
     $this->permission('Garden.Settings.Manage');
     $this->setData('Title', t('Getting Started'));
     $this->addSideMenu('dashboard/settings/gettingstarted');
     $this->TextEnterEmails = t('TextEnterEmails', 'Type email addresses separated by commas here');
     if ($this->Form->authenticatedPostBack()) {
         // Do invitations to new members.
         $Message = $this->Form->getFormValue('InvitationMessage');
         $Message = trim($Message);
         $Recipients = $this->Form->getFormValue('Recipients');
         if ($Recipients == $this->TextEnterEmails) {
             $Recipients = '';
         }
         $Recipients = explode(',', $Recipients);
         $CountRecipients = 0;
         foreach ($Recipients as $Recipient) {
             if (trim($Recipient) != '') {
                 $CountRecipients++;
                 if (!validateEmail($Recipient)) {
                     $this->Form->addError(sprintf(t('%s is not a valid email address'), $Recipient));
                 }
             }
         }
         if ($CountRecipients == 0) {
             $this->Form->addError(t('You must provide at least one recipient'));
         }
         if ($this->Form->errorCount() == 0) {
             $Email = new Gdn_Email();
             $Email->subject(t('Check out my new community!'));
             $emailTemplate = $Email->getEmailTemplate();
             $emailTemplate->setMessage($Message, true)->setButton(externalUrl('/'), t('Check it out'));
             $Email->setEmailTemplate($emailTemplate);
             foreach ($Recipients as $Recipient) {
                 if (trim($Recipient) != '') {
                     $Email->to($Recipient);
                     try {
                         $Email->send();
                     } catch (Exception $ex) {
                         $this->Form->addError($ex);
                     }
                 }
             }
         }
         if ($this->Form->errorCount() == 0) {
             $this->informMessage(t('Your invitations were sent successfully.'));
         }
     }
     $this->render();
 }
 /**
  * Enable or disable the use of categories in Vanilla.
  *
  * @param bool $enabled Whether or not to enable/disable categories.
  * @throws Exception Throws an exception if accessed through an invalid post back.
  */
 public function enableCategories($enabled)
 {
     $this->permission('Garden.Settings.Manage');
     if ($this->Form->authenticatedPostBack()) {
         $enabled = (bool) $enabled;
         saveToConfig('Vanilla.Categories.Use', $enabled);
         $this->setData('Enabled', $enabled);
         if ($this->deliveryType() !== DELIVERY_TYPE_DATA) {
             $this->RedirectUrl = url('/vanilla/settings/managecategories');
         }
     } else {
         throw forbiddenException('GET');
     }
     return $this->render('Blank', 'Utility', 'Dashboard');
 }
 /**
  * Leave a conversation that a user is participating in.
  *
  * @param int $conversationID The ID of the conversation to leave.
  */
 public function leave($conversationID)
 {
     if (!Gdn::session()->UserID) {
         throw new Gdn_UserException('You must be signed in.', 403);
     }
     // Make sure the user has participated in the conversation before.
     $row = Gdn::sql()->getWhere('UserConversation', ['ConversationID' => $conversationID, 'UserID' => Gdn::session()->UserID])->firstRow();
     if (!$row) {
         throw notFoundException('Conversation');
     }
     if ($this->Form->authenticatedPostBack(true)) {
         $this->ConversationModel->clear($conversationID, Gdn::session()->UserID);
         $this->RedirectUrl = url('/messages/all');
     }
     $this->title(t('Leave Conversation'));
     $this->render();
 }
예제 #5
0
 /**
  * Manage options for a mobile theme.
  *
  * @since 2.0.0
  * @access public
  * @todo Why is this in a giant try/catch block?
  */
 public function mobileThemeOptions()
 {
     $this->permission('Garden.Settings.Manage');
     try {
         $this->addJsFile('addons.js');
         $this->setHighlightRoute('dashboard/settings/mobilethemeoptions');
         $ThemeManager = Gdn::themeManager();
         $EnabledThemeName = $ThemeManager->mobileTheme();
         $EnabledThemeInfo = $ThemeManager->getThemeInfo($EnabledThemeName);
         $this->setData('ThemeInfo', $EnabledThemeInfo);
         if ($this->Form->authenticatedPostBack()) {
             // Save the styles to the config.
             $StyleKey = $this->Form->getFormValue('StyleKey');
             $ConfigSaveData = array('Garden.MobileThemeOptions.Styles.Key' => $StyleKey, 'Garden.MobileThemeOptions.Styles.Value' => $this->data("ThemeInfo.Options.Styles.{$StyleKey}.Basename"));
             // Save the text to the locale.
             $Translations = array();
             foreach ($this->data('ThemeInfo.Options.Text', array()) as $Key => $Default) {
                 $Value = $this->Form->getFormValue($this->Form->escapeString('Text_' . $Key));
                 $ConfigSaveData["ThemeOption.{$Key}"] = $Value;
                 //$this->Form->setFormValue('Text_'.$Key, $Value);
             }
             saveToConfig($ConfigSaveData);
             $this->fireEvent['AfterSaveThemeOptions'];
             $this->informMessage(t("Your changes have been saved."));
         }
         $this->setData('ThemeOptions', c('Garden.MobileThemeOptions'));
         $StyleKey = $this->data('ThemeOptions.Styles.Key');
         if (!$this->Form->authenticatedPostBack()) {
             foreach ($this->data('ThemeInfo.Options.Text', array()) as $Key => $Options) {
                 $Default = val('Default', $Options, '');
                 $Value = c("ThemeOption.{$Key}", '#DEFAULT#');
                 if ($Value === '#DEFAULT#') {
                     $Value = $Default;
                 }
                 $this->Form->setFormValue($this->Form->escapeString('Text_' . $Key), $Value);
             }
         }
         $this->setData('ThemeFolder', $EnabledThemeName);
         $this->title(t('Mobile Theme Options'));
         $this->Form->addHidden('StyleKey', $StyleKey);
     } catch (Exception $Ex) {
         $this->Form->addError($Ex);
     }
     $this->render('themeoptions');
 }
예제 #6
0
 /**
  * Revoke an invitation.
  *
  * @since 2.0.0
  * @param int $InvitationID Unique identifier.
  * @throws Exception Throws an exception when the invitation isn't found or the user doesn't have permission to delete it.
  */
 public function uninvite($InvitationID)
 {
     $this->permission('Garden.SignIn.Allow');
     if (!$this->Form->authenticatedPostBack()) {
         throw forbiddenException('GET');
     }
     $InvitationModel = new InvitationModel();
     $Session = Gdn::session();
     try {
         $Valid = $InvitationModel->delete($InvitationID, $this->UserModel);
         if ($Valid) {
             $this->informMessage(t('The invitation was removed successfully.'));
             $this->jsonTarget(".js-invitation[data-id=\"{$InvitationID}\"]", '', 'SlideUp');
         }
     } catch (Exception $ex) {
         $this->Form->addError(strip_tags($ex->getMessage()));
     }
     if ($this->Form->errorCount() == 0) {
         $this->render('Blank', 'Utility');
     }
 }
예제 #7
0
 /**
  * Set the icon for an addon.
  *
  * @param int $AddonID Specified addon id.
  * @throws Exception Addon not found.
  */
 public function icon($AddonID = '')
 {
     $Session = Gdn::session();
     if (!$Session->isValid()) {
         $this->Form->addError('You must be authenticated in order to use this form.');
     }
     $Addon = $this->AddonModel->getID($AddonID);
     if (!$Addon) {
         throw notFoundException('Addon');
     }
     if ($Session->UserID != $Addon['InsertUserID']) {
         $this->permission('Addons.Addon.Manage');
     }
     $this->addModule('AddonHelpModule', 'Panel');
     $this->Form->setModel($this->AddonModel);
     $this->Form->addHidden('AddonID', $AddonID);
     if ($this->Form->authenticatedPostBack()) {
         $UploadImage = new Gdn_UploadImage();
         try {
             // Validate the upload
             $imageLocation = $UploadImage->validateUpload('Icon');
             $TargetImage = $this->saveIcon($imageLocation);
         } catch (Exception $ex) {
             $this->Form->addError($ex);
         }
         // If there were no errors, remove the old picture and insert the picture
         if ($this->Form->errorCount() == 0) {
             if ($Addon['Icon']) {
                 $UploadImage->delete($Addon['Icon']);
             }
             $this->AddonModel->save(array('AddonID' => $AddonID, 'Icon' => $TargetImage));
         }
         // If there were no problems, redirect back to the addon
         if ($this->Form->errorCount() == 0) {
             $this->RedirectUrl = Url('/addon/' . AddonModel::slug($Addon));
         }
     }
     $this->render();
 }
 /**
  * Edit a user account.
  *
  * @since 2.0.0
  * @access public
  * @param int $UserID Unique ID.
  */
 public function edit($UserID)
 {
     $this->permission('Garden.Users.Edit');
     // Page setup
     $this->addJsFile('user.js');
     $this->title(t('Edit User'));
     $this->addSideMenu('dashboard/user');
     // Only admins can reassign roles
     $RoleModel = new RoleModel();
     $AllRoles = $RoleModel->getArray();
     $RoleData = $RoleModel->getAssignable();
     $UserModel = new UserModel();
     $User = $UserModel->getID($UserID, DATASET_TYPE_ARRAY);
     // Determine if username can be edited
     $CanEditUsername = (bool) c("Garden.Profile.EditUsernames") || Gdn::session()->checkPermission('Garden.Users.Edit');
     $this->setData('_CanEditUsername', $CanEditUsername);
     // Determine if emails can be edited
     $CanEditEmail = Gdn::session()->checkPermission('Garden.Users.Edit');
     $this->setData('_CanEditEmail', $CanEditEmail);
     // Decide if they have ability to confirm users
     $Confirmed = (bool) valr('Confirmed', $User);
     $CanConfirmEmail = UserModel::RequireConfirmEmail() && Gdn::session()->checkPermission('Garden.Users.Edit');
     $this->setData('_CanConfirmEmail', $CanConfirmEmail);
     $this->setData('_EmailConfirmed', $Confirmed);
     $User['ConfirmEmail'] = (int) $Confirmed;
     // Determine whether user being edited is privileged (can escalate permissions)
     $UserModel = new UserModel();
     $EditingPrivilegedUser = $UserModel->checkPermission($User, 'Garden.Settings.Manage');
     // Determine our password reset options
     // Anyone with user editing my force reset over email
     $this->ResetOptions = array(0 => t('Keep current password.'), 'Auto' => t('Force user to reset their password and send email notification.'));
     // Only admins may manually reset passwords for other admins
     if (checkPermission('Garden.Settings.Manage') || !$EditingPrivilegedUser) {
         $this->ResetOptions['Manual'] = t('Manually set user password. No email notification.');
     }
     // Set the model on the form.
     $this->Form->setModel($UserModel);
     // Make sure the form knows which item we are editing.
     $this->Form->addHidden('UserID', $UserID);
     try {
         $AllowEditing = true;
         $this->EventArguments['AllowEditing'] =& $AllowEditing;
         $this->EventArguments['TargetUser'] =& $User;
         // These are all the 'effective' roles for this edit action. This list can
         // be trimmed down from the real list to allow subsets of roles to be
         // edited.
         $this->EventArguments['RoleData'] =& $RoleData;
         $UserRoleData = $UserModel->getRoles($UserID)->resultArray();
         $RoleIDs = array_column($UserRoleData, 'RoleID');
         $RoleNames = array_column($UserRoleData, 'Name');
         $UserRoleData = arrayCombine($RoleIDs, $RoleNames);
         $this->EventArguments['UserRoleData'] =& $UserRoleData;
         $this->fireEvent("BeforeUserEdit");
         $this->setData('AllowEditing', $AllowEditing);
         $this->Form->setData($User);
         if ($this->Form->authenticatedPostBack()) {
             if (!$CanEditUsername) {
                 $this->Form->setFormValue("Name", $User['Name']);
             }
             // Allow mods to confirm/unconfirm emails
             $this->Form->removeFormValue('Confirmed');
             $Confirmation = $this->Form->getFormValue('ConfirmEmail', null);
             $Confirmation = !is_null($Confirmation) ? (bool) $Confirmation : null;
             if ($CanConfirmEmail && is_bool($Confirmation)) {
                 $this->Form->setFormValue('Confirmed', (int) $Confirmation);
             }
             $ResetPassword = $this->Form->getValue('ResetPassword', false);
             // If we're an admin or this isn't a privileged user, allow manual setting of password
             $AllowManualReset = checkPermission('Garden.Settings.Manage') || !$EditingPrivilegedUser;
             if ($ResetPassword == 'Manual' && $AllowManualReset) {
                 // If a new password was specified, add it to the form's collection
                 $NewPassword = $this->Form->getValue('NewPassword', '');
                 $this->Form->setFormValue('Password', $NewPassword);
             }
             // Role changes
             // These are the new roles the editing user wishes to apply to the target
             // user, adjusted for his ability to affect those roles
             $RequestedRoles = $this->Form->getFormValue('RoleID');
             if (!is_array($RequestedRoles)) {
                 $RequestedRoles = array();
             }
             $RequestedRoles = array_flip($RequestedRoles);
             $UserNewRoles = array_intersect_key($RoleData, $RequestedRoles);
             // These roles will stay turned on regardless of the form submission contents
             // because the editing user does not have permission to modify them
             $ImmutableRoles = array_diff_key($AllRoles, $RoleData);
             $UserImmutableRoles = array_intersect_key($ImmutableRoles, $UserRoleData);
             // Apply immutable roles
             foreach ($UserImmutableRoles as $IMRoleID => $IMRoleName) {
                 $UserNewRoles[$IMRoleID] = $IMRoleName;
             }
             // Put the data back into the forum object as if the user had submitted
             // this themselves
             $this->Form->setFormValue('RoleID', array_keys($UserNewRoles));
             if ($this->Form->save(array('SaveRoles' => true)) !== false) {
                 if ($this->Form->getValue('ResetPassword', '') == 'Auto') {
                     $UserModel->PasswordRequest($User['Email']);
                     $UserModel->setField($UserID, 'HashMethod', 'Reset');
                 }
                 $this->informMessage(t('Your changes have been saved.'));
             }
             $UserRoleData = $UserNewRoles;
         }
     } catch (Exception $Ex) {
         $this->Form->addError($Ex);
     }
     $this->setData('User', $User);
     $this->setData('Roles', $RoleData);
     $this->setData('UserRoles', $UserRoleData);
     $this->render();
 }
예제 #9
0
 /**
  * Create or update a comment.
  *
  * @since 2.0.0
  * @access public
  *
  * @param int $DiscussionID Unique ID to add the comment to. If blank, this method will throw an error.
  */
 public function comment($DiscussionID = '')
 {
     // Get $DiscussionID from RequestArgs if valid
     if ($DiscussionID == '' && count($this->RequestArgs)) {
         if (is_numeric($this->RequestArgs[0])) {
             $DiscussionID = $this->RequestArgs[0];
         }
     }
     // If invalid $DiscussionID, get from form.
     $this->Form->setModel($this->CommentModel);
     $DiscussionID = is_numeric($DiscussionID) ? $DiscussionID : $this->Form->getFormValue('DiscussionID', 0);
     // Set discussion data
     $this->DiscussionID = $DiscussionID;
     $this->Discussion = $Discussion = $this->DiscussionModel->getID($DiscussionID);
     // Is this an embedded comment being posted to a discussion that doesn't exist yet?
     $vanilla_type = $this->Form->getFormValue('vanilla_type', '');
     $vanilla_url = $this->Form->getFormValue('vanilla_url', '');
     $vanilla_category_id = $this->Form->getFormValue('vanilla_category_id', '');
     $Attributes = array('ForeignUrl' => $vanilla_url);
     $vanilla_identifier = $this->Form->getFormValue('vanilla_identifier', '');
     $isEmbeddedComments = $vanilla_url != '' && $vanilla_identifier != '';
     // Only allow vanilla identifiers of 32 chars or less - md5 if larger
     if (strlen($vanilla_identifier) > 32) {
         $Attributes['vanilla_identifier'] = $vanilla_identifier;
         $vanilla_identifier = md5($vanilla_identifier);
     }
     if (!$Discussion && $isEmbeddedComments) {
         $Discussion = $Discussion = $this->DiscussionModel->getForeignID($vanilla_identifier, $vanilla_type);
         if ($Discussion) {
             $this->DiscussionID = $DiscussionID = $Discussion->DiscussionID;
             $this->Form->setValue('DiscussionID', $DiscussionID);
         }
     }
     // If so, create it!
     if (!$Discussion && $isEmbeddedComments) {
         // Add these values back to the form if they exist!
         $this->Form->addHidden('vanilla_identifier', $vanilla_identifier);
         $this->Form->addHidden('vanilla_type', $vanilla_type);
         $this->Form->addHidden('vanilla_url', $vanilla_url);
         $this->Form->addHidden('vanilla_category_id', $vanilla_category_id);
         $PageInfo = fetchPageInfo($vanilla_url);
         if (!($Title = $this->Form->getFormValue('Name'))) {
             $Title = val('Title', $PageInfo, '');
             if ($Title == '') {
                 $Title = t('Undefined discussion subject.');
                 if (!empty($PageInfo['Exception']) && $PageInfo['Exception'] === "Couldn't connect to host.") {
                     $Title .= ' ' . t('Page timed out.');
                 }
             }
         }
         $Description = val('Description', $PageInfo, '');
         $Images = val('Images', $PageInfo, array());
         $LinkText = t('EmbededDiscussionLinkText', 'Read the full story here');
         if (!$Description && count($Images) == 0) {
             $Body = formatString('<p><a href="{Url}">{LinkText}</a></p>', array('Url' => $vanilla_url, 'LinkText' => $LinkText));
         } else {
             $Body = formatString('
         <div class="EmbeddedContent">{Image}<strong>{Title}</strong>
            <p>{Excerpt}</p>
            <p><a href="{Url}">{LinkText}</a></p>
            <div class="ClearFix"></div>
         </div>', array('Title' => $Title, 'Excerpt' => $Description, 'Image' => count($Images) > 0 ? img(val(0, $Images), array('class' => 'LeftAlign')) : '', 'Url' => $vanilla_url, 'LinkText' => $LinkText));
         }
         if ($Body == '') {
             $Body = $vanilla_url;
         }
         if ($Body == '') {
             $Body = t('Undefined discussion body.');
         }
         // Validate the CategoryID for inserting.
         $Category = CategoryModel::categories($vanilla_category_id);
         if (!$Category) {
             $vanilla_category_id = c('Vanilla.Embed.DefaultCategoryID', 0);
             if ($vanilla_category_id <= 0) {
                 // No default category defined, so grab the first non-root category and use that.
                 $vanilla_category_id = $this->DiscussionModel->SQL->select('CategoryID')->from('Category')->where('CategoryID >', 0)->get()->firstRow()->CategoryID;
                 // No categories in the db? default to 0
                 if (!$vanilla_category_id) {
                     $vanilla_category_id = 0;
                 }
             }
         } else {
             $vanilla_category_id = $Category['CategoryID'];
         }
         $EmbedUserID = c('Garden.Embed.UserID');
         if ($EmbedUserID) {
             $EmbedUser = Gdn::userModel()->getID($EmbedUserID);
         }
         if (!$EmbedUserID || !$EmbedUser) {
             $EmbedUserID = Gdn::userModel()->getSystemUserID();
         }
         $EmbeddedDiscussionData = array('InsertUserID' => $EmbedUserID, 'DateInserted' => Gdn_Format::toDateTime(), 'DateUpdated' => Gdn_Format::toDateTime(), 'CategoryID' => $vanilla_category_id, 'ForeignID' => $vanilla_identifier, 'Type' => $vanilla_type, 'Name' => $Title, 'Body' => $Body, 'Format' => 'Html', 'Attributes' => dbencode($Attributes));
         $this->EventArguments['Discussion'] =& $EmbeddedDiscussionData;
         $this->fireEvent('BeforeEmbedDiscussion');
         $DiscussionID = $this->DiscussionModel->SQL->insert('Discussion', $EmbeddedDiscussionData);
         $ValidationResults = $this->DiscussionModel->validationResults();
         if (count($ValidationResults) == 0 && $DiscussionID > 0) {
             $this->Form->addHidden('DiscussionID', $DiscussionID);
             // Put this in the form so reposts won't cause new discussions.
             $this->Form->setFormValue('DiscussionID', $DiscussionID);
             // Put this in the form values so it is used when saving comments.
             $this->setJson('DiscussionID', $DiscussionID);
             $this->Discussion = $Discussion = $this->DiscussionModel->getID($DiscussionID, DATASET_TYPE_OBJECT, array('Slave' => false));
             // Update the category discussion count
             if ($vanilla_category_id > 0) {
                 $this->DiscussionModel->updateDiscussionCount($vanilla_category_id, $DiscussionID);
             }
         }
     }
     // If no discussion was found, error out
     if (!$Discussion) {
         $this->Form->addError(t('Failed to find discussion for commenting.'));
     }
     /**
      * Special care is taken for embedded comments.  Since we don't currently use an advanced editor for these
      * comments, we may need to apply certain filters and fixes to the data to maintain its intended display
      * with the input format (e.g. maintaining newlines).
      */
     if ($isEmbeddedComments) {
         $inputFormatter = $this->Form->getFormValue('Format', c('Garden.InputFormatter'));
         switch ($inputFormatter) {
             case 'Wysiwyg':
                 $this->Form->setFormValue('Body', nl2br($this->Form->getFormValue('Body')));
                 break;
         }
     }
     $PermissionCategoryID = val('PermissionCategoryID', $Discussion);
     // Setup head
     $this->addJsFile('jquery.autosize.min.js');
     $this->addJsFile('autosave.js');
     $this->addJsFile('post.js');
     // Setup comment model, $CommentID, $DraftID
     $Session = Gdn::session();
     $CommentID = isset($this->Comment) && property_exists($this->Comment, 'CommentID') ? $this->Comment->CommentID : '';
     $DraftID = isset($this->Comment) && property_exists($this->Comment, 'DraftID') ? $this->Comment->DraftID : '';
     $this->EventArguments['CommentID'] = $CommentID;
     $this->EventArguments['DraftID'] = $DraftID;
     // Determine whether we are editing
     $Editing = $CommentID > 0 || $DraftID > 0;
     $this->EventArguments['Editing'] = $Editing;
     // If closed, cancel & go to discussion
     if ($Discussion && $Discussion->Closed == 1 && !$Editing && !$Session->checkPermission('Vanilla.Discussions.Close', true, 'Category', $PermissionCategoryID)) {
         redirect(DiscussionUrl($Discussion));
     }
     // Add hidden IDs to form
     $this->Form->addHidden('DiscussionID', $DiscussionID);
     $this->Form->addHidden('CommentID', $CommentID);
     $this->Form->addHidden('DraftID', $DraftID, true);
     // Check permissions
     if ($Discussion && $Editing) {
         // Permission to edit
         if ($this->Comment->InsertUserID != $Session->UserID) {
             $this->permission('Vanilla.Comments.Edit', true, 'Category', $Discussion->PermissionCategoryID);
         }
         // Make sure that content can (still) be edited.
         $EditContentTimeout = c('Garden.EditContentTimeout', -1);
         $CanEdit = $EditContentTimeout == -1 || strtotime($this->Comment->DateInserted) + $EditContentTimeout > time();
         if (!$CanEdit) {
             $this->permission('Vanilla.Comments.Edit', true, 'Category', $Discussion->PermissionCategoryID);
         }
         // Make sure only moderators can edit closed things
         if ($Discussion->Closed) {
             $this->permission('Vanilla.Comments.Edit', true, 'Category', $Discussion->PermissionCategoryID);
         }
         $this->Form->setFormValue('CommentID', $CommentID);
     } elseif ($Discussion) {
         // Permission to add
         $this->permission('Vanilla.Comments.Add', true, 'Category', $Discussion->PermissionCategoryID);
     }
     if ($this->Form->authenticatedPostBack()) {
         // Save as a draft?
         $FormValues = $this->Form->formValues();
         $FormValues = $this->CommentModel->filterForm($FormValues);
         if (!$Editing) {
             unset($FormValues['CommentID']);
         }
         if ($DraftID == 0) {
             $DraftID = $this->Form->getFormValue('DraftID', 0);
         }
         $Type = GetIncomingValue('Type');
         $Draft = $Type == 'Draft';
         $this->EventArguments['Draft'] = $Draft;
         $Preview = $Type == 'Preview';
         if ($Draft) {
             $DraftID = $this->DraftModel->save($FormValues);
             $this->Form->addHidden('DraftID', $DraftID, true);
             $this->Form->setValidationResults($this->DraftModel->validationResults());
         } elseif (!$Preview) {
             // Fix an undefined title if we can.
             if ($this->Form->getFormValue('Name') && val('Name', $Discussion) == t('Undefined discussion subject.')) {
                 $Set = array('Name' => $this->Form->getFormValue('Name'));
                 if (isset($vanilla_url) && $vanilla_url && strpos(val('Body', $Discussion), t('Undefined discussion subject.')) !== false) {
                     $LinkText = t('EmbededDiscussionLinkText', 'Read the full story here');
                     $Set['Body'] = formatString('<p><a href="{Url}">{LinkText}</a></p>', array('Url' => $vanilla_url, 'LinkText' => $LinkText));
                 }
                 $this->DiscussionModel->setField(val('DiscussionID', $Discussion), $Set);
             }
             $Inserted = !$CommentID;
             $CommentID = $this->CommentModel->save($FormValues);
             // The comment is now half-saved.
             if (is_numeric($CommentID) && $CommentID > 0) {
                 if (in_array($this->deliveryType(), array(DELIVERY_TYPE_ALL, DELIVERY_TYPE_DATA))) {
                     $this->CommentModel->save2($CommentID, $Inserted, true, true);
                 } else {
                     $this->jsonTarget('', url("/post/comment2.json?commentid={$CommentID}&inserted={$Inserted}"), 'Ajax');
                 }
                 // $Discussion = $this->DiscussionModel->getID($DiscussionID);
                 $Comment = $this->CommentModel->getID($CommentID, DATASET_TYPE_OBJECT, array('Slave' => false));
                 $this->EventArguments['Discussion'] = $Discussion;
                 $this->EventArguments['Comment'] = $Comment;
                 $this->fireEvent('AfterCommentSave');
             } elseif ($CommentID === SPAM || $CommentID === UNAPPROVED) {
                 $this->StatusMessage = t('CommentRequiresApprovalStatus', 'Your comment will appear after it is approved.');
             }
             $this->Form->setValidationResults($this->CommentModel->validationResults());
             if ($CommentID > 0 && $DraftID > 0) {
                 $this->DraftModel->delete($DraftID);
             }
         }
         // Handle non-ajax requests first:
         if ($this->_DeliveryType == DELIVERY_TYPE_ALL) {
             if ($this->Form->errorCount() == 0) {
                 // Make sure that this form knows what comment we are editing.
                 if ($CommentID > 0) {
                     $this->Form->addHidden('CommentID', $CommentID);
                 }
                 // If the comment was not a draft
                 if (!$Draft) {
                     // Redirect to the new comment.
                     if ($CommentID > 0) {
                         redirect("discussion/comment/{$CommentID}/#Comment_{$CommentID}");
                     } elseif ($CommentID == SPAM) {
                         $this->setData('DiscussionUrl', DiscussionUrl($Discussion));
                         $this->View = 'Spam';
                     }
                 } elseif ($Preview) {
                     // If this was a preview click, create a comment shell with the values for this comment
                     $this->Comment = new stdClass();
                     $this->Comment->InsertUserID = $Session->User->UserID;
                     $this->Comment->InsertName = $Session->User->Name;
                     $this->Comment->InsertPhoto = $Session->User->Photo;
                     $this->Comment->DateInserted = Gdn_Format::date();
                     $this->Comment->Body = val('Body', $FormValues, '');
                     $this->Comment->Format = val('Format', $FormValues, c('Garden.InputFormatter'));
                     $this->addAsset('Content', $this->fetchView('preview'));
                 } else {
                     // If this was a draft save, notify the user about the save
                     $this->informMessage(sprintf(t('Draft saved at %s'), Gdn_Format::date()));
                 }
             }
         } else {
             // Handle ajax-based requests
             if ($this->Form->errorCount() > 0) {
                 // Return the form errors
                 $this->errorMessage($this->Form->errors());
             } else {
                 // Make sure that the ajax request form knows about the newly created comment or draft id
                 $this->setJson('CommentID', $CommentID);
                 $this->setJson('DraftID', $DraftID);
                 if ($Preview) {
                     // If this was a preview click, create a comment shell with the values for this comment
                     $this->Comment = new stdClass();
                     $this->Comment->InsertUserID = $Session->User->UserID;
                     $this->Comment->InsertName = $Session->User->Name;
                     $this->Comment->InsertPhoto = $Session->User->Photo;
                     $this->Comment->DateInserted = Gdn_Format::date();
                     $this->Comment->Body = val('Body', $FormValues, '');
                     $this->Comment->Format = val('Format', $FormValues, c('Garden.InputFormatter'));
                     $this->View = 'preview';
                 } elseif (!$Draft) {
                     // If the comment was not a draft
                     // If Editing a comment
                     if ($Editing) {
                         // Just reload the comment in question
                         $this->Offset = 1;
                         $Comments = $this->CommentModel->getIDData($CommentID, array('Slave' => false));
                         $this->setData('Comments', $Comments);
                         $this->setData('Discussion', $Discussion);
                         // Load the discussion
                         $this->ControllerName = 'discussion';
                         $this->View = 'comments';
                         // Also define the discussion url in case this request came from the post screen and needs to be redirected to the discussion
                         $this->setJson('DiscussionUrl', DiscussionUrl($this->Discussion) . '#Comment_' . $CommentID);
                     } else {
                         // If the comment model isn't sorted by DateInserted or CommentID then we can't do any fancy loading of comments.
                         $OrderBy = valr('0.0', $this->CommentModel->orderBy());
                         //                     $Redirect = !in_array($OrderBy, array('c.DateInserted', 'c.CommentID'));
                         //							$DisplayNewCommentOnly = $this->Form->getFormValue('DisplayNewCommentOnly');
                         //                     if (!$Redirect) {
                         //                        // Otherwise load all new comments that the user hasn't seen yet
                         //                        $LastCommentID = $this->Form->getFormValue('LastCommentID');
                         //                        if (!is_numeric($LastCommentID))
                         //                           $LastCommentID = $CommentID - 1; // Failsafe back to this new comment if the lastcommentid was not defined properly
                         //
                         //                        // Don't reload the first comment if this new comment is the first one.
                         //                        $this->Offset = $LastCommentID == 0 ? 1 : $this->CommentModel->GetOffset($LastCommentID);
                         //                        // Do not load more than a single page of data...
                         //                        $Limit = c('Vanilla.Comments.PerPage', 30);
                         //
                         //                        // Redirect if the new new comment isn't on the same page.
                         //                        $Redirect |= !$DisplayNewCommentOnly && PageNumber($this->Offset, $Limit) != PageNumber($Discussion->CountComments - 1, $Limit);
                         //                     }
                         //                     if ($Redirect) {
                         //                        // The user posted a comment on a page other than the last one, so just redirect to the last page.
                         //                        $this->RedirectUrl = Gdn::request()->Url("discussion/comment/$CommentID/#Comment_$CommentID", true);
                         //                     } else {
                         //                        // Make sure to load all new comments since the page was last loaded by this user
                         //								if ($DisplayNewCommentOnly)
                         $this->Offset = $this->CommentModel->GetOffset($CommentID);
                         $Comments = $this->CommentModel->GetIDData($CommentID, array('Slave' => false));
                         $this->setData('Comments', $Comments);
                         $this->setData('NewComments', true);
                         $this->ClassName = 'DiscussionController';
                         $this->ControllerName = 'discussion';
                         $this->View = 'comments';
                         //                     }
                         // Make sure to set the user's discussion watch records
                         $CountComments = $this->CommentModel->getCount($DiscussionID);
                         $Limit = is_object($this->data('Comments')) ? $this->data('Comments')->numRows() : $Discussion->CountComments;
                         $Offset = $CountComments - $Limit;
                         $this->CommentModel->SetWatch($this->Discussion, $Limit, $Offset, $CountComments);
                     }
                 } else {
                     // If this was a draft save, notify the user about the save
                     $this->informMessage(sprintf(t('Draft saved at %s'), Gdn_Format::date()));
                 }
                 // And update the draft count
                 $UserModel = Gdn::userModel();
                 $CountDrafts = $UserModel->getAttribute($Session->UserID, 'CountDrafts', 0);
                 $this->setJson('MyDrafts', t('My Drafts'));
                 $this->setJson('CountDrafts', $CountDrafts);
             }
         }
     } elseif ($this->Request->isPostBack()) {
         throw new Gdn_UserException(t('Invalid CSRF token.', 'Invalid CSRF token. Please try again.'), 401);
     } else {
         // Load form
         if (isset($this->Comment)) {
             $this->Form->setData((array) $this->Comment);
         }
     }
     // Include data for FireEvent
     if (property_exists($this, 'Discussion')) {
         $this->EventArguments['Discussion'] = $this->Discussion;
     }
     if (property_exists($this, 'Comment')) {
         $this->EventArguments['Comment'] = $this->Comment;
     }
     $this->fireEvent('BeforeCommentRender');
     if ($this->deliveryType() == DELIVERY_TYPE_DATA) {
         if ($this->data('Comments') instanceof Gdn_DataSet) {
             $Comment = $this->data('Comments')->firstRow(DATASET_TYPE_ARRAY);
             if ($Comment) {
                 $Photo = $Comment['InsertPhoto'];
                 if (strpos($Photo, '//') === false) {
                     $Photo = Gdn_Upload::url(changeBasename($Photo, 'n%s'));
                 }
                 $Comment['InsertPhoto'] = $Photo;
             }
             $this->Data = array('Comment' => $Comment);
         }
         $this->RenderData($this->Data);
     } else {
         require_once $this->fetchViewLocation('helper_functions', 'Discussion');
         // Render default view.
         $this->render();
     }
 }
예제 #10
0
 /**
  *
  *
  * @throws Exception
  */
 public function setHourOffset()
 {
     $Form = new Gdn_Form();
     if ($Form->authenticatedPostBack()) {
         if (!Gdn::session()->isValid()) {
             throw permissionException('Garden.SignIn.Allow');
         }
         $HourOffset = $Form->getFormValue('HourOffset');
         Gdn::userModel()->setField(Gdn::session()->UserID, 'HourOffset', $HourOffset);
         $this->setData('Result', true);
         $this->setData('HourOffset', $HourOffset);
         $time = time();
         $this->setData('UTCDateTime', gmdate('r', $time));
         $this->setData('UserDateTime', gmdate('r', $time + $HourOffset * 3600));
     } else {
         throw forbiddenException('GET');
     }
     $this->render('Blank');
 }
예제 #11
0
 /**
  *
  *
  * @param $Sender
  * @param $PocketID
  * @return bool
  * @throws Gdn_UserException
  */
 protected function _delete($Sender, $PocketID)
 {
     $Sender->setData('Title', sprintf(t('Delete %s'), t('Pocket')));
     $Form = new Gdn_Form();
     if ($Form->authenticatedPostBack()) {
         Gdn::sql()->delete('Pocket', array('PocketID' => $PocketID));
         $Sender->StatusMessage = sprintf(T('The %s has been deleted.'), strtolower(t('Pocket')));
         $Sender->RedirectUrl = Url('settings/pockets');
     }
     $Sender->Form = $Form;
     $Sender->render('Delete', '', 'plugins/Pockets');
     return true;
 }
예제 #12
0
 /**
  *
  *
  * @throws Exception
  */
 public function setHourOffset()
 {
     $Form = new Gdn_Form();
     if ($Form->authenticatedPostBack()) {
         if (!Gdn::session()->isValid()) {
             throw permissionException('Garden.SignIn.Allow');
         }
         $HourOffset = $Form->getFormValue('HourOffset');
         Gdn::userModel()->setField(Gdn::session()->UserID, 'HourOffset', $HourOffset);
         // If we receive a time zone, only accept it if we can verify it as a valid identifier.
         $timeZone = $Form->getFormValue('TimeZone');
         if (!empty($timeZone)) {
             try {
                 $tz = new DateTimeZone($timeZone);
                 Gdn::userModel()->saveAttribute(Gdn::session()->UserID, ['TimeZone' => $tz->getName(), 'SetTimeZone' => null]);
             } catch (\Exception $ex) {
                 Logger::log(Logger::ERROR, $ex->getMessage(), ['timeZone' => $timeZone]);
                 Gdn::userModel()->saveAttribute(Gdn::session()->UserID, ['TimeZone' => null, 'SetTimeZone' => $timeZone]);
                 $timeZone = '';
             }
         } elseif ($currentTimeZone = Gdn::session()->getAttribute('TimeZone')) {
             // Check to see if the current timezone agrees with the posted offset.
             try {
                 $tz = new DateTimeZone($currentTimeZone);
                 $currentHourOffset = $tz->getOffset(new DateTime()) / 3600;
                 if ($currentHourOffset != $HourOffset) {
                     // Clear out the current timezone or else it will override the browser's offset.
                     Gdn::userModel()->saveAttribute(Gdn::session()->UserID, ['TimeZone' => null, 'SetTimeZone' => null]);
                 } else {
                     $timeZone = $tz->getName();
                 }
             } catch (Exception $ex) {
                 Logger::log(Logger::ERROR, "Clearing out bad timezone: {timeZone}", ['timeZone' => $currentTimeZone]);
                 // Clear out the bad timezone.
                 Gdn::userModel()->saveAttribute(Gdn::session()->UserID, ['TimeZone' => null, 'SetTimeZone' => null]);
             }
         }
         $this->setData('Result', true);
         $this->setData('HourOffset', $HourOffset);
         $this->setData('TimeZone', $timeZone);
         $time = time();
         $this->setData('UTCDateTime', gmdate('r', $time));
         $this->setData('UserDateTime', gmdate('r', $time + $HourOffset * 3600));
     } else {
         throw forbiddenException('GET');
     }
     $this->render('Blank');
 }