public function action_index()
{
echo '<p>This controller is just an example how you check admin permission with different page name or different controller.</p><p>Please view source code.</p>';
echo '<blockquote>';
// check permission
if (\Model_AccountLevelPermission::checkAdminPermission('bloc_comment_perm', 'blog_manage_comment_perm') == false) {
echo '<p>You have no permission to manage this page and action.</p>';
} else {
echo '<p>You have permission to manage this page and action.</p>';
}
echo '</blockquote>';
}
/**
* delete level group.
*
* @param integer $level_group_id
* @return boolean
*/
public static function deleteLevel($level_group_id = '')
{
if (in_array($level_group_id, static::forge()->disallowed_edit_delete)) {
return false;
}
// delete related tables.
\DB::delete(\Model_AccountLevel::getTableName())->where('level_group_id', $level_group_id)->execute();
\DB::delete(\Model_AccountLevelPermission::getTableName())->where('level_group_id', $level_group_id)->execute();
// delete level group
\DB::delete(static::$_table_name)->where('level_group_id', $level_group_id)->execute();
// @todo [fuelstart][levelgroup][plug] after deleted level group plug.
$plugin = new \Library\Plugins();
if ($plugin->hasAction('LevelGroupAfterDeleted') !== false) {
$plugin->doAction('LevelGroupAfterDeleted', $level_group_id);
}
unset($plugin);
return true;
}
public function action_index()
{
// check permission
if (\Model_AccountLevelPermission::checkAdminPermission('cacheman_perm', 'cacheman_clearcache_perm') == false) {
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string()))));
\Response::redirect(\Uri::create('admin'));
}
// read flash message for display errors.
$form_status = \Session::get_flash('form_status');
if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) {
$output['form_status'] = $form_status['form_status'];
$output['form_status_message'] = $form_status['form_status_message'];
}
unset($form_status);
// if form submitted
if (\Input::method() == 'POST') {
$act = \Input::post('act');
if ($act == 'clear') {
\Extension\Cache::deleteCache('ALL');
\Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('cacheman_all_cleared')));
}
// go back
\Response::redirect(\Uri::create('admin/cacheman'));
}
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('cacheman'));
// <head> output ----------------------------------------------------------------------------------------------
// breadcrumb -------------------------------------------------------------------------------------------------
$page_breadcrumb = [];
$page_breadcrumb[0] = ['name' => \Lang::get('admin_admin_home'), 'url' => \Uri::create('admin')];
$page_breadcrumb[1] = ['name' => \Lang::get('cacheman'), 'url' => \Uri::create('admin/cacheman')];
$output['page_breadcrumb'] = $page_breadcrumb;
unset($page_breadcrumb);
// breadcrumb -------------------------------------------------------------------------------------------------
return $this->generatePage('admin/templates/cacheman/index_v', $output, false);
}
<?php
}
// endfi;
?>
</tbody>
</table>
</div>
<div class="row cmds">
<div class="col-sm-6">
<select name="act" class="form-control select-inline chosen-select">
<option value="" selected="selected"></option>
<?php
if (\Model_AccountLevelPermission::checkAdminPermission('blog_perm', 'blog_manage_perm')) {
?>
<option value="del"><?php
echo \Lang::get('admin_delete');
?>
</option><?php
}
?>
</select>
<button type="submit" class="bb-button btn btn-warning"><?php
echo \Lang::get('admin_submit');
?>
</button>
<?php
echo \Extension\Html::anchor('admin', \Lang::get('admin_cancel'), array('class' => 'btn btn-default'));
public function action_viewlogins($account_id = '')
{
// set redirect url
$redirect = $this->getAndSetSubmitRedirection();
// check permission
if (\Model_AccountLevelPermission::checkAdminPermission('account_perm', 'account_viewlogin_log_perm') == false) {
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string()))));
\Response::redirect($redirect);
}
// viewing guest logins?
if ($account_id == '0') {
\Response::redirect($redirect);
}
// load language
\Lang::load('account');
\Lang::load('accountlogins');
// read flash message for display errors.
$form_status = \Session::get_flash('form_status');
if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) {
$output['form_status'] = $form_status['form_status'];
$output['form_status_message'] = $form_status['form_status_message'];
}
unset($form_status);
// get accounts data for this account.
$account = \Model_Accounts::find($account_id);
if ($account == null) {
// not found account.
\Response::redirect($redirect);
}
$output['account'] = $account;
$output['account_id'] = $account_id;
unset($account);
// set sort variable for sortable in views.
$next_sort = \Security::strip_tags(trim(\Input::get('sort')));
if ($next_sort == null || $next_sort == 'DESC') {
$next_sort = 'ASC';
} else {
$next_sort = 'DESC';
}
$output['next_sort'] = $next_sort;
unset($next_sort);
// list logins -----------------------------------------------------------------------------------------------------
$option['limit'] = \Model_Config::getval('content_admin_items_perpage');
$option['offset'] = trim(\Input::get('page')) != null ? ((int) \Input::get('page') - 1) * $option['limit'] : 0;
if (\Security::strip_tags(trim(\Input::get('orders'))) != null) {
$option['orders'] = \Security::strip_tags(trim(\Input::get('orders')));
}
if (\Security::strip_tags(trim(\Input::get('sort'))) != null) {
$option['sort'] = \Security::strip_tags(trim(\Input::get('sort')));
}
$list_logins = \Model_AccountLogins::listLogins(array('account_id' => $account_id), $option);
// pagination config
$config['pagination_url'] = \Uri::main() . \Uri::getCurrentQuerystrings(true, true, false);
$config['total_items'] = $list_logins['total'];
$config['per_page'] = $option['limit'];
$config['uri_segment'] = 'page';
$config['num_links'] = 3;
$config['show_first'] = true;
$config['show_last'] = true;
$config['first-inactive'] = "\n\t\t<li class=\"disabled\">{link}</li>";
$config['first-inactive-link'] = '<a href="#">{page}</a>';
$config['first-marker'] = '«';
$config['last-inactive'] = "\n\t\t<li class=\"disabled\">{link}</li>";
$config['last-inactive-link'] = '<a href="#">{page}</a>';
$config['last-marker'] = '»';
$config['previous-marker'] = '‹';
$config['next-marker'] = '›';
$pagination = \Pagination::forge('viewlogins_pagination', $config);
$output['list_logins'] = $list_logins;
$output['pagination'] = $pagination;
unset($config, $list_logins, $option, $pagination);
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('account_view_login_history'));
// <head> output ----------------------------------------------------------------------------------------------
// breadcrumb -------------------------------------------------------------------------------------------------
$page_breadcrumb = [];
$page_breadcrumb[0] = ['name' => \Lang::get('admin_admin_home'), 'url' => \Uri::create('admin')];
$page_breadcrumb[1] = ['name' => \Lang::get('account_accounts'), 'url' => \Uri::create('admin/account')];
$page_breadcrumb[2] = ['name' => \Lang::get('account_view_login_history'), 'url' => \Uri::main()];
$output['page_breadcrumb'] = $page_breadcrumb;
unset($page_breadcrumb);
// breadcrumb -------------------------------------------------------------------------------------------------
return $this->generatePage('admin/templates/account/viewlogins_v', $output, false);
}
public function action_index()
{
// check permission
if (\Model_AccountLevelPermission::checkAdminPermission('config_global', 'config_global') == false) {
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string()))));
\Response::redirect(\Uri::create('admin'));
}
// get timezone list for select box
\Config::load('timezone', 'timezone');
$output['timezone_list'] = \Config::get('timezone.timezone', array());
// read flash message for display errors.
$form_status = \Session::get_flash('form_status');
if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) {
$output['form_status'] = $form_status['form_status'];
$output['form_status_message'] = $form_status['form_status_message'];
}
unset($form_status);
$allowed_field = array();
// load config to form.
$result = \DB::select('*')->from(\Model_Config::getTableName())->as_object('Model_Config')->where('config_core', '1')->execute();
if ((is_array($result) || is_object($result)) && !empty($result)) {
foreach ($result as $row) {
$allowed_field[] = $row->config_name;
$output[$row->config_name] = $row->config_value;
}
}
unset($result, $row);
// if form submitted
if (\Input::method() == 'POST') {
// store data to variable for update to db.
$data = array();
foreach (\Input::post() as $key => $value) {
if (in_array($key, $allowed_field)) {
$data[$key] = $value;
}
}
unset($allowed_field);
// check again for some required default value config data.
// tab website
$data['site_name'] = \Security::htmlentities($data['site_name']);
$data['page_title_separator'] = \Security::htmlentities($data['page_title_separator']);
// tab account
if (!isset($data['member_allow_register']) || $data['member_allow_register'] != '1') {
$data['member_allow_register'] = '0';
}
if (!isset($data['member_register_notify_admin']) || $data['member_register_notify_admin'] != '1') {
$data['member_register_notify_admin'] = '0';
}
if (!isset($data['simultaneous_login']) || $data['simultaneous_login'] != '1') {
$data['simultaneous_login'] = '******';
}
if (!is_numeric($data['member_max_login_fail'])) {
$data['member_max_login_fail'] = '10';
}
if (!is_numeric($data['member_login_fail_wait_time'])) {
$data['member_login_fail_wait_time'] = '30';
}
if (!is_numeric($data['member_login_remember_length'])) {
$data['member_login_remember_length'] = '30';
}
if (!is_numeric($data['member_confirm_wait_time'])) {
$data['member_confirm_wait_time'] = '10';
}
if (!isset($data['member_email_change_need_confirm']) || $data['member_email_change_need_confirm'] != '1') {
$data['member_email_change_need_confirm'] = '0';
}
if (!isset($data['allow_avatar']) || $data['allow_avatar'] != '1') {
$data['allow_avatar'] = '0';
}
if (!is_numeric($data['avatar_size'])) {
$data['avatar_size'] = '200';
}
if (empty($data['avatar_allowed_types'])) {
$data['avatar_allowed_types'] = 'jpg|jpeg';
}
if ($data['avatar_path'] == null) {
unset($data['avatar_path']);
}
// tab email
if ($data['mail_protocol'] == null) {
$data['mail_protocol'] = 'mail';
}
if (!is_numeric($data['mail_smtp_port'])) {
$data['mail_smtp_port'] = '0';
}
// tab content
if (!is_numeric($data['content_items_perpage'])) {
$data['content_items_perpage'] = '10';
}
if (!is_numeric($data['content_admin_items_perpage'])) {
$data['content_admin_items_perpage'] = '10';
}
// tab media
if (empty($data['media_allowed_types'])) {
$data['media_allowed_types'] = 'avi|doc|docx|flv|gif|jpeg|jpg|mid|midi|mov|mp3|mpeg|mpg|pdf|png|swf|xls|xlsx|zip';
}
// tab ftp
if (!is_numeric($data['ftp_port'])) {
$data['ftp_port'] = '21';
}
if (!isset($data['ftp_passive']) || $data['ftp_passive'] != 'false') {
$data['ftp_passive'] = 'true';
}
// validate form.
$validate = \Validation::forge();
if (!\Extension\NoCsrf::check()) {
// validate token failed
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
} elseif (!$validate->run()) {
// validate failed
$output['form_status'] = 'error';
$output['form_status_message'] = $validate->show_errors();
} else {
// try to save config.
$result = \Model_Config::saveData($data);
// save change site name to sites table
$site_id = \Model_Sites::getSiteId(false);
$entry = \Model_Sites::find($site_id);
$entry->site_name = $data['site_name'];
$entry->save();
unset($entry, $site_id);
if ($result === true) {
\Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('admin_saved')));
\Response::redirect(\Uri::main());
} else {
$output['form_status'] = 'error';
$output['form_status_message'] = $result;
}
}
// re-populate form.
foreach ($data as $key => $value) {
$output[$key] = html_entity_decode($value);
}
}
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('config_global_configuration'));
// <head> output ----------------------------------------------------------------------------------------------
// breadcrumb -------------------------------------------------------------------------------------------------
$page_breadcrumb = [];
$page_breadcrumb[0] = ['name' => \Lang::get('admin_admin_home'), 'url' => \Uri::create('admin')];
$page_breadcrumb[1] = ['name' => \Lang::get('config_global_configuration'), 'url' => \Uri::create('admin/config')];
$output['page_breadcrumb'] = $page_breadcrumb;
unset($page_breadcrumb);
// breadcrumb -------------------------------------------------------------------------------------------------
return $this->generatePage('admin/templates/config/index_v', $output, false);
}
public function action_multiple()
{
$ids = \Input::post('id');
$act = trim(\Input::post('act'));
// set redirect url
$redirect = $this->getAndSetSubmitRedirection();
if (\Extension\NoCsrf::check()) {
if ($act == 'del') {
// check permission.
if (\Model_AccountLevelPermission::checkAdminPermission('siteman_perm', 'siteman_delete_perm') == false) {
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string()))));
\Response::redirect($redirect);
}
if (is_array($ids)) {
foreach ($ids as $id) {
\Model_Sites::deleteSite($id);
}
// clear cache
\Extension\Cache::deleteCache('model.sites-getSiteId');
\Extension\Cache::deleteCache('model.sites-isSiteEnabled');
\Extension\Cache::deleteCache('controller.AdminController-generatePage-fs_list_sites');
}
} elseif ($act == 'enable') {
// check permission.
if (\Model_AccountLevelPermission::checkAdminPermission('siteman_perm', 'siteman_edit_perm') == false) {
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string()))));
\Response::redirect($redirect);
}
if (is_array($ids)) {
foreach ($ids as $id) {
if ($id == '1') {
continue;
}
\DB::update(\Model_Sites::getTableName())->where('site_id', $id)->set(['site_status' => 1])->execute();
}
// clear cache
\Extension\Cache::deleteCache('model.sites-getSiteId');
\Extension\Cache::deleteCache('model.sites-isSiteEnabled');
\Extension\Cache::deleteCache('controller.AdminController-generatePage-fs_list_sites');
unset($entry);
}
} elseif ($act == 'disable') {
// check permission.
if (\Model_AccountLevelPermission::checkAdminPermission('siteman_perm', 'siteman_edit_perm') == false) {
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string()))));
\Response::redirect($redirect);
}
if (is_array($ids)) {
foreach ($ids as $id) {
if ($id == '1') {
continue;
}
\DB::update(\Model_Sites::getTableName())->where('site_id', $id)->set(['site_status' => 0])->execute();
}
// clear cache
\Extension\Cache::deleteCache('model.sites-getSiteId');
\Extension\Cache::deleteCache('model.sites-isSiteEnabled');
\Extension\Cache::deleteCache('controller.AdminController-generatePage-fs_list_sites');
unset($entry);
}
}
}
// go back
\Response::redirect($redirect);
}
/**
* fetch permissions from core files (app/classes/controller/admin)
*
* @return array
*/
public static function fetchPermissionsFile()
{
return \Model_AccountLevelPermission::fetchPermissionsFile();
}
public function action_save()
{
// set redirect url
$redirect = $this->getAndSetSubmitRedirection();
// check permission
if (\Model_AccountLevelPermission::checkAdminPermission('acperm_perm', 'acperm_manage_level_perm') == false) {
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string()))));
\Response::redirect($redirect);
}
// if form submitted
if (\Input::method() == 'POST') {
if (\Extension\NoCsrf::check()) {
$data['permission_core'] = (int) trim(\Input::post('permission_core'));
if ($data['permission_core'] != '1') {
$data['permission_core'] = '0';
}
$data['module_system_name'] = \Security::strip_tags(trim(\Input::post('module_system_name')));
if ($data['module_system_name'] == null || $data['permission_core'] == '1') {
$data['module_system_name'] = null;
}
$data['level_group_id'] = \Input::post('level_group_id');
$data['permission_page'] = \Input::post('permission_page');
$data['permission_action'] = \Input::post('permission_action');
\Model_AccountLevelPermission::savePermissions($data);
// set success message
\Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('admin_saved')));
} else {
// nocsrf error, set error msg.
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('fslang_invalid_csrf_token')));
}
}
// go back
\Response::redirect($redirect);
}
public function action_multiple()
{
$ids = \Input::post('id');
$act = trim(\Input::post('act'));
if (\Extension\NoCsrf::check()) {
if ($act == 'del') {
// check permission.
if (\Model_AccountLevelPermission::checkAdminPermission('blog_perm', 'blog_manage_perm') == false) {
\Response::redirect(\Uri::create('admin'));
}
if (is_array($ids)) {
foreach ($ids as $id) {
\Blog\Model_Blog::find($id)->delete();
}
}
}
}
// go back
if (\Input::referrer() != null && \Input::referrer() != \Uri::main()) {
\Response::redirect(\Input::referrer());
} else {
\Response::redirect('blog/admin');
}
}
/**
* check admin permission
*
* @param string $page_name
* @param string $action
* @param integer $account_id
* @return boolean
*/
function checkAdminPermission($page_name = '', $action = '', $account_id = '')
{
return \Model_AccountLevelPermission::checkAdminPermission($page_name, $action, $account_id);
}
public function action_multiple()
{
$ids = \Input::post('id');
$act = trim(\Input::post('act'));
// set redirect url
$redirect = $this->getAndSetSubmitRedirection();
if (\Extension\NoCsrf::check()) {
if ($act == 'del') {
// check permission.
if (\Model_AccountLevelPermission::checkAdminPermission('accountlv_perm', 'accountlv_delete_perm') == false) {
\Response::redirect($redirect);
}
if (is_array($ids)) {
foreach ($ids as $id) {
if (in_array($id, $this->disallowed_edit_delete)) {
continue;
}
\Model_AccountLevelGroup::deleteLevel($id);
}
}
}
}
// go back
\Response::redirect($redirect);
}
}
// endif;
?>
<?php
unset($site_path, $site_protocol);
?>
</tbody>
</table>
</div>
<div class="row cmds">
<div class="col-sm-6">
<?php
if (\Model_AccountLevelPermission::checkAdminPermission('account_perm', 'account_deletelogin_log_perm')) {
?>
<select name="act" class="form-control select-inline chosen-select">
<option value="" selected="selected"></option>
<option value="del"><?php
echo __('admin_delete');
?>
</option>
<option value="truncate"><?php
echo __('account_delete_all_user_logins');
?>
</option>
</select>
<button type="submit" class="bb-button btn btn-warning"><?php
echo __('admin_submit');
/**
* admin login
*
* @param array $data
* @return mixed
*/
public static function adminLogin(array $data = array())
{
if (!isset($data['account_password']) || !isset($data['account_username']) && !isset($data['account_email'])) {
return false;
}
\Lang::load('account');
// set required var.
if (!isset($data['account_username'])) {
$data['account_username'] = null;
}
if (!isset($data['account_email'])) {
$data['account_email'] = null;
}
$result = \DB::select()->as_object()->from(static::$_table_name)->where('account_username', $data['account_username'])->or_where('account_email', $data['account_email'])->execute();
if (count($result) > 0) {
// found
$row = $result->current();
// clear cache
\Extension\Cache::deleteCache('model.accounts-checkAccount-' . \Model_Sites::getSiteId() . '-' . $row->account_id);
// check enabled account.
if ($row->account_status == '1') {
// enabled
// check password
if (static::instance()->checkPassword($data['account_password'], $row->account_password, $row) === true) {
// check password passed
if (\Model_AccountLevelPermission::checkAdminPermission('account_admin_login', 'account_admin_login', $row->account_id) === true) {
// generate session id for check simultaneous login
$session_id = \Session::key('session_id');
// if login set to remember, set expires.
if (\Input::post('remember') == 'yes') {
$expires = \Model_Config::getval('member_login_remember_length') * 24 * 60 * 60;
} else {
$expires = 0;
}
// get member cookie to check if this user ever logged in at frontend.
$cookie_member = static::instance()->getAccountCookie();
if (isset($cookie_member['account_id']) && isset($cookie_member['account_username']) && isset($cookie_member['account_email']) && isset($cookie_member['account_display_name']) && isset($cookie_member['account_online_code'])) {
// already logged in at front end.
$session_id = $cookie_member['account_online_code'];
} else {
// never logged in at front end.
// set cookie (member cookie)
$cookie_account['account_id'] = $row->account_id;
$cookie_account['account_username'] = $row->account_username;
$cookie_account['account_email'] = $row->account_email;
$cookie_account['account_display_name'] = $row->account_display_name;
$cookie_account['account_online_code'] = $session_id;
$cookie_account = \Crypt::encode(serialize($cookie_account));
Extension\Cookie::set('member_account', $cookie_account, $expires);
unset($cookie_account);
}
// set cookie (admin cookie)
$cookie_account['account_id'] = $row->account_id;
$cookie_account['account_username'] = $row->account_username;
$cookie_account['account_email'] = $row->account_email;
$cookie_account['account_display_name'] = $row->account_display_name;
$cookie_account['account_online_code'] = $session_id;
$cookie_account = \Crypt::encode(serialize($cookie_account));
Extension\Cookie::set('admin_account', $cookie_account, 0);
// admin cookie always expire when close browser. (set to 0)
unset($cookie_account, $expires);
// update last login in accounts table
\DB::update(static::$_table_name)->where('account_id', $row->account_id)->set(['account_last_login' => time(), 'account_last_login_gmt' => \Extension\Date::localToGmt()])->execute();
// add/update last login session.
$account_session['account_id'] = $row->account_id;
$account_session['session_id'] = $session_id;
$account_site = new \Model_AccountSites();
$account_site->addLoginSession($account_session);
unset($account_session);
// record login
$account_logins = new \Model_AccountLogins();
$account_logins->recordLogin($row->account_id, 1, 'account_login_success');
// @todo [fuelstart][account][plug] login success plug.
$plugin = new \Library\Plugins();
if ($plugin->hasAction('AccountLoginSuccess') !== false) {
$plugin->doAction('AccountLoginSuccess', $row->account_id, $row);
}
unset($account_logins, $account_site, $plugin, $result, $row, $session_id);
// login success
return true;
} else {
// permission deny. this user did not allowed to login admin page.
// record failed login
\Model_AccountLogins::forge()->recordLogin($row->account_id, 0, 'account_not_allow_to_login_to_admin_page');
return \Lang::get('admin_you_have_no_permission_to_access_this_page');
}
} else {
// check password failed, wrong password
$account_logins = new \Model_AccountLogins();
$account_logins->recordLogin($row->account_id, 0, 'account_wrong_username_or_password');
unset($result, $row);
return \Lang::get('account_wrong_username_or_password');
}
} else {
// account disabled
$account_logins = new \Model_AccountLogins();
$account_logins->recordLogin($row->account_id, 0, 'account_was_disabled');
unset($result);
return \Lang::get('account_was_disabled') . ' : ' . $row->account_status_text;
}
}
// not found account. login failed
unset($result, $row);
return \Lang::get('account_wrong_username_or_password');
}
public function action_save($account_id = '')
{
// set redirect url
$redirect = $this->getAndSetSubmitRedirection();
// check permission
if (\Model_AccountLevelPermission::checkAdminPermission('acperm_perm', 'acperm_manage_user_perm') == false) {
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string()))));
\Response::redirect($redirect);
}
// if account id not set
if (!is_numeric($account_id)) {
$cookie_account = \Model_Accounts::forge()->getAccountCookie('admin');
$account_id = 0;
if (isset($cookie_account['account_id'])) {
$account_id = $cookie_account['account_id'];
}
unset($cookie_account);
}
$output['account_id'] = $account_id;
// check target account
$account_check_result = $this->checkAccountData($account_id);
$output['account_check_result'] = is_object($account_check_result) || is_array($account_check_result) ? true : $account_check_result;
unset($account_check_result);
if ($output['account_check_result'] === true) {
// if form submitted
if (\Input::method() == 'POST') {
if (\Extension\NoCsrf::check()) {
$data['permission_core'] = (int) trim(\Input::post('permission_core'));
if ($data['permission_core'] != '1') {
$data['permission_core'] = '0';
}
$data['module_system_name'] = \Security::strip_tags(trim(\Input::post('module_system_name')));
if ($data['module_system_name'] == null || $data['permission_core'] == '1') {
$data['module_system_name'] = null;
}
$data['account_id'] = \Input::post('account_id');
$data['permission_page'] = \Input::post('permission_page');
$data['permission_action'] = \Input::post('permission_action');
\Model_AccountPermission::savePermissions($account_id, $data);
// set success message
\Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('admin_saved')));
} else {
// nocsrf error, set error msg.
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('fslang_invalid_csrf_token')));
}
// endif nocsrf check
}
// endif form submitted
} else {
// failed to check account. set error msg.
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => $output['account_check_result']));
}
// endif check account result.
// go back
\Response::redirect($redirect);
}
</tr>
<?php
}
// endif;
?>
</tbody>
</table>
</div>
<div class="row cmds">
<div class="col-sm-6">
<select name="act" class="form-control select-inline chosen-select">
<option value="" selected="selected"></option>
<?php
if (\Model_AccountLevelPermission::checkAdminPermission('accountlv_perm', 'accountlv_delete_perm')) {
?>
<option value="del"><?php
echo __('admin_delete');
?>
</option><?php
}
?>
</select>
<button type="submit" class="bb-button btn btn-warning"><?php
echo __('admin_submit');
?>
</button>
<?php
echo \Extension\Html::anchor('admin', __('admin_cancel'), array('class' => 'btn btn-default'));
</option><?php
}
?>
<?php
if (\Model_AccountLevelPermission::checkAdminPermission('siteman_perm', 'siteman_edit_perm')) {
?>
<option value="disable"><?php
echo __('admin_disable');
?>
</option><?php
}
?>
<?php
if (\Model_AccountLevelPermission::checkAdminPermission('siteman_perm', 'siteman_delete_perm')) {
?>
<option value="del"><?php
echo __('admin_delete');
?>
</option><?php
}
?>
</select>
<button type="submit" class="bb-button btn btn-warning"><?php
echo __('admin_submit');
?>
</button>
<?php
echo \Extension\Html::anchor('admin', __('admin_cancel'), array('class' => 'btn btn-default'));