public function set($fields = array()) { if (!$this->_db->insert('posts', $fields)) { throw new Exception('There was a problem posting'); } $notification = new Notification(); $timestamp = date('Y-m-d H:i:s'); $notification->set(array('uid' => $fields['uid'], 'fid' => $fields['fid'], 'type' => 'new_post', 'timestamp' => $timestamp)); $notification->set(array('uid' => $fields['fid'], 'fid' => $fields['uid'], 'type' => 'posted', 'timestamp' => $timestamp)); }
/** * Delete a sms client * * @access public * @param int $id * @return void */ public function delete($id) { $client = new Smsclient(); if ($client->delete($id)) { Notification::set(Smsclients::SUCCESS, "Succesfully deleted the client"); } else { Notification::set(Smsclients::DANGER, "Something went wrong"); } redirect(base_url() . "smsclients/index"); }
public function update($id) { $region = (new Region())->findById($id); if ($this->input->post('name')) { $region->populate($this->input->post()); if ($region->save()) { Notification::set(Regions::SUCCESS, "The region has been added"); redirect("/regions/"); } } $this->data["region"] = $region; $this->load->view("regions/update.tpl", $this->data); }
/** * main toggle admin function */ public static function main() { // handle option form submit if (Request::post('toggle_options')) { if (Security::check(Request::post('csrf'))) { Option::update('toggle_duration', (int) Request::post('toggle_duration')); Option::update('toggle_easing', Request::post('toggle_easing')); Notification::set('success', __('Configuration has been saved with success!', 'toggle')); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'toggle')); die; } Request::redirect('index.php?id=toggle'); } // Display view View::factory('toggle/views/backend/index')->display(); }
/** * Main Emails admin function */ public static function main() { // Init vars $email_templates_path = STORAGE . DS . 'emails' . DS; $email_templates_list = array(); // Check for get actions // ------------------------------------- if (Request::get('action')) { // Switch actions // ------------------------------------- switch (Request::get('action')) { // Plugin action // ------------------------------------- case "edit_email_template": if (Request::post('edit_email_template') || Request::post('edit_email_template_and_exit')) { if (Security::check(Request::post('csrf'))) { // Save Email Template File::setContent(STORAGE . DS . 'emails' . DS . Request::post('email_template_name') . '.email.php', Request::post('content')); Notification::set('success', __('Your changes to the email template <i>:name</i> have been saved.', 'emails', array(':name' => Request::post('email_template_name')))); if (Request::post('edit_email_template_and_exit')) { Request::redirect('index.php?id=emails'); } else { Request::redirect('index.php?id=emails&action=edit_email_template&filename=' . Request::post('email_template_name')); } } } $content = File::getContent($email_templates_path . Request::get('filename') . '.email.php'); // Display view View::factory('box/emails/views/backend/edit')->assign('content', $content)->display(); break; } } else { // Get email templates $email_templates_list = File::scan($email_templates_path, '.email.php'); // Display view View::factory('box/emails/views/backend/index')->assign('email_templates_list', $email_templates_list)->display(); } }
/** * Themes plugin admin */ public static function main() { // Get current themes $current_site_theme = Option::get('theme_site_name'); $current_admin_theme = Option::get('theme_admin_name'); // Init vars $themes_site = Themes::getSiteThemes(); $themes_admin = Themes::getAdminThemes(); $templates = Themes::getTemplates(); $chunks = Themes::getChunks(); $styles = Themes::getStyles(); $scripts = Themes::getScripts(); $errors = array(); $chunk_path = THEMES_SITE . DS . $current_site_theme . DS; $template_path = THEMES_SITE . DS . $current_site_theme . DS; $style_path = THEMES_SITE . DS . $current_site_theme . DS . 'css' . DS; $script_path = THEMES_SITE . DS . $current_site_theme . DS . 'js' . DS; // Save site theme if (Request::post('save_site_theme')) { if (Security::check(Request::post('csrf'))) { Option::update('theme_site_name', Request::post('themes')); // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Styles and Javascript version Stylesheet::stylesVersionIncrement(); Javascript::javascriptVersionIncrement(); Request::redirect('index.php?id=themes'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Save site theme if (Request::post('save_admin_theme')) { if (Security::check(Request::post('csrf'))) { Option::update('theme_admin_name', Request::post('themes')); // Clean Monstra TMP folder. Monstra::cleanTmp(); Request::redirect('index.php?id=themes'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Its mean that you can add your own actions for this plugin Action::run('admin_themes_extra_actions'); // Check for get actions // ------------------------------------- if (Request::get('action')) { // Switch actions // ------------------------------------- switch (Request::get('action')) { // Add chunk // ------------------------------------- case "add_chunk": if (Request::post('add_file') || Request::post('add_file_and_exit')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('name')) == '') { $errors['file_empty_name'] = __('Required field', 'themes'); } if (file_exists($chunk_path . Security::safeName(Request::post('name'), null, false) . '.chunk.php')) { $errors['file_exists'] = __('This chunk already exists', 'themes'); } if (count($errors) == 0) { // Save chunk File::setContent($chunk_path . Security::safeName(Request::post('name'), null, false) . '.chunk.php', Request::post('content')); Notification::set('success', __('Your changes to the chunk <i>:name</i> have been saved.', 'themes', array(':name' => Security::safeName(Request::post('name'), null, false)))); if (Request::post('add_file_and_exit')) { Request::redirect('index.php?id=themes'); } else { Request::redirect('index.php?id=themes&action=edit_chunk&filename=' . Security::safeName(Request::post('name'), null, false)); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Save fields if (Request::post('name')) { $name = Request::post('name'); } else { $name = ''; } if (Request::post('content')) { $content = Request::post('content'); } else { $content = ''; } // Display view View::factory('box/themes/views/backend/add')->assign('name', $name)->assign('content', $content)->assign('errors', $errors)->assign('action', 'chunk')->display(); break; // Add template // ------------------------------------- // Add template // ------------------------------------- case "add_template": if (Request::post('add_file') || Request::post('add_file_and_exit')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('name')) == '') { $errors['file_empty_name'] = __('Required field', 'themes'); } if (file_exists($template_path . Security::safeName(Request::post('name'), null, false) . '.template.php')) { $errors['file_exists'] = __('This template already exists', 'themes'); } if (count($errors) == 0) { // Save chunk File::setContent($template_path . Security::safeName(Request::post('name'), null, false) . '.template.php', Request::post('content')); Notification::set('success', __('Your changes to the chunk <i>:name</i> have been saved.', 'themes', array(':name' => Security::safeName(Request::post('name'), null, false)))); if (Request::post('add_file_and_exit')) { Request::redirect('index.php?id=themes'); } else { Request::redirect('index.php?id=themes&action=edit_template&filename=' . Security::safeName(Request::post('name'), null, false)); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Save fields if (Request::post('name')) { $name = Request::post('name'); } else { $name = ''; } if (Request::post('content')) { $content = Request::post('content'); } else { $content = ''; } // Display view View::factory('box/themes/views/backend/add')->assign('name', $name)->assign('content', $content)->assign('errors', $errors)->assign('action', 'template')->display(); break; // Add styles // ------------------------------------- // Add styles // ------------------------------------- case "add_styles": if (Request::post('add_file') || Request::post('add_file_and_exit')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('name')) == '') { $errors['file_empty_name'] = __('Required field', 'themes'); } if (file_exists($style_path . Security::safeName(Request::post('name'), null, false) . '.css')) { $errors['file_exists'] = __('This styles already exists', 'themes'); } if (count($errors) == 0) { // Save chunk File::setContent($style_path . Security::safeName(Request::post('name'), null, false) . '.css', Request::post('content')); Notification::set('success', __('Your changes to the styles <i>:name</i> have been saved.', 'themes', array(':name' => Security::safeName(Request::post('name'), null, false)))); // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Styles version Stylesheet::stylesVersionIncrement(); if (Request::post('add_file_and_exit')) { Request::redirect('index.php?id=themes'); } else { Request::redirect('index.php?id=themes&action=edit_styles&filename=' . Security::safeName(Request::post('name'), null, false)); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Save fields if (Request::post('name')) { $name = Request::post('name'); } else { $name = ''; } if (Request::post('content')) { $content = Request::post('content'); } else { $content = ''; } // Display view View::factory('box/themes/views/backend/add')->assign('name', $name)->assign('content', $content)->assign('errors', $errors)->assign('action', 'styles')->display(); break; // Add script // ------------------------------------- // Add script // ------------------------------------- case "add_script": if (Request::post('add_file') || Request::post('add_file_and_exit')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('name')) == '') { $errors['file_empty_name'] = __('Required field', 'themes'); } if (file_exists($script_path . Security::safeName(Request::post('name'), null, false) . '.js')) { $errors['file_exists'] = __('This script already exists', 'themes'); } if (count($errors) == 0) { // Save chunk File::setContent($script_path . Security::safeName(Request::post('name'), null, false) . '.js', Request::post('content')); Notification::set('success', __('Your changes to the script <i>:name</i> have been saved.', 'themes', array(':name' => Security::safeName(Request::post('name'), null, false)))); // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Javascript version Javascript::javascriptVersionIncrement(); if (Request::post('add_file_and_exit')) { Request::redirect('index.php?id=themes'); } else { Request::redirect('index.php?id=themes&action=edit_script&filename=' . Security::safeName(Request::post('name'), null, false)); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Save fields if (Request::post('name')) { $name = Request::post('name'); } else { $name = ''; } if (Request::post('content')) { $content = Request::post('content'); } else { $content = ''; } // Display view View::factory('box/themes/views/backend/add')->assign('name', $name)->assign('content', $content)->assign('errors', $errors)->assign('action', 'script')->display(); break; // Edit chunk // ------------------------------------- // Edit chunk // ------------------------------------- case "edit_chunk": // Save current chunk action if (Request::post('edit_file') || Request::post('edit_file_and_exit')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('name')) == '') { $errors['file_empty_name'] = __('Required field', 'themes'); } if (file_exists($chunk_path . Security::safeName(Request::post('name'), null, false) . '.chunk.php') and Security::safeName(Request::post('chunk_old_name'), null, false) !== Security::safeName(Request::post('name'), null, false)) { $errors['file_exists'] = __('This chunk already exists', 'themes'); } // Save fields if (Request::post('content')) { $content = Request::post('content'); } else { $content = ''; } if (count($errors) == 0) { $chunk_old_filename = $chunk_path . Request::post('chunk_old_name') . '.chunk.php'; $chunk_new_filename = $chunk_path . Security::safeName(Request::post('name'), null, false) . '.chunk.php'; if (!empty($chunk_old_filename)) { if ($chunk_old_filename !== $chunk_new_filename) { rename($chunk_old_filename, $chunk_new_filename); $save_filename = $chunk_new_filename; } else { $save_filename = $chunk_new_filename; } } else { $save_filename = $chunk_new_filename; } // Save chunk File::setContent($save_filename, Request::post('content')); Notification::set('success', __('Your changes to the chunk <i>:name</i> have been saved.', 'themes', array(':name' => basename($save_filename, '.chunk.php')))); if (Request::post('edit_file_and_exit')) { Request::redirect('index.php?id=themes'); } else { Request::redirect('index.php?id=themes&action=edit_chunk&filename=' . Security::safeName(Request::post('name'), null, false)); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } if (Request::post('name')) { $name = Request::post('name'); } else { $name = File::name(Request::get('filename')); } $content = File::getContent($chunk_path . Request::get('filename') . '.chunk.php'); // Display view View::factory('box/themes/views/backend/edit')->assign('content', $content)->assign('name', $name)->assign('errors', $errors)->assign('action', 'chunk')->display(); break; // Edit Template // ------------------------------------- // Edit Template // ------------------------------------- case "edit_template": // Save current chunk action if (Request::post('edit_file') || Request::post('edit_file_and_exit')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('name')) == '') { $errors['file_empty_name'] = __('Required field', 'themes'); } if (file_exists($template_path . Security::safeName(Request::post('name'), null, false) . '.template.php') and Security::safeName(Request::post('template_old_name'), null, false) !== Security::safeName(Request::post('name'), null, false)) { $errors['template_exists'] = __('This template already exists', 'themes'); } // Save fields if (Request::post('content')) { $content = Request::post('content'); } else { $content = ''; } if (count($errors) == 0) { $template_old_filename = $template_path . Request::post('template_old_name') . '.template.php'; $template_new_filename = $template_path . Security::safeName(Request::post('name'), null, false) . '.template.php'; if (!empty($template_old_filename)) { if ($template_old_filename !== $template_new_filename) { rename($template_old_filename, $template_new_filename); $save_filename = $template_new_filename; } else { $save_filename = $template_new_filename; } } else { $save_filename = $template_new_filename; } // Save chunk File::setContent($save_filename, Request::post('content')); Notification::set('success', __('Your changes to the template <i>:name</i> have been saved.', 'themes', array(':name' => basename($save_filename, '.template.php')))); if (Request::post('edit_file_and_exit')) { Request::redirect('index.php?id=themes'); } else { Request::redirect('index.php?id=themes&action=edit_template&filename=' . Security::safeName(Request::post('name'), null, false)); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } if (Request::post('name')) { $name = Request::post('name'); } else { $name = File::name(Request::get('filename')); } $content = File::getContent($chunk_path . Request::get('filename') . '.template.php'); // Display view View::factory('box/themes/views/backend/edit')->assign('content', $content)->assign('name', $name)->assign('errors', $errors)->assign('action', 'template')->display(); break; // Edit Styles // ------------------------------------- // Edit Styles // ------------------------------------- case "edit_styles": // Save current chunk action if (Request::post('edit_file') || Request::post('edit_file_and_exit')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('name')) == '') { $errors['file_empty_name'] = __('Required field', 'themes'); } if (file_exists($style_path . Security::safeName(Request::post('name'), null, false) . '.css') and Security::safeName(Request::post('styles_old_name'), null, false) !== Security::safeName(Request::post('name'), null, false)) { $errors['file_exists'] = __('This styles already exists', 'themes'); } // Save fields if (Request::post('content')) { $content = Request::post('content'); } else { $content = ''; } if (count($errors) == 0) { $styles_old_filename = $style_path . Request::post('styles_old_name') . '.css'; $styles_new_filename = $style_path . Security::safeName(Request::post('name'), null, false) . '.css'; if (!empty($styles_old_filename)) { if ($styles_old_filename !== $styles_new_filename) { rename($styles_old_filename, $styles_new_filename); $save_filename = $styles_new_filename; } else { $save_filename = $styles_new_filename; } } else { $save_filename = $styles_new_filename; } // Save chunk File::setContent($save_filename, Request::post('content')); Notification::set('success', __('Your changes to the styles <i>:name</i> have been saved.', 'themes', array(':name' => basename($save_filename, '.css')))); // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Styles version Stylesheet::stylesVersionIncrement(); if (Request::post('edit_file_and_exit')) { Request::redirect('index.php?id=themes'); } else { Request::redirect('index.php?id=themes&action=edit_styles&filename=' . Security::safeName(Request::post('name'), null, false)); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } if (Request::post('name')) { $name = Request::post('name'); } else { $name = File::name(Request::get('filename')); } $content = File::getContent($style_path . Request::get('filename') . '.css'); // Display view View::factory('box/themes/views/backend/edit')->assign('content', $content)->assign('name', $name)->assign('errors', $errors)->assign('action', 'styles')->display(); break; // Edit Script // ------------------------------------- // Edit Script // ------------------------------------- case "edit_script": // Save current chunk action if (Request::post('edit_file') || Request::post('edit_file_and_exit')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('name')) == '') { $errors['file_empty_name'] = __('Required field', 'themes'); } if (file_exists($script_path . Security::safeName(Request::post('name'), null, false) . '.js') and Security::safeName(Request::post('script_old_name'), null, false) !== Security::safeName(Request::post('name'), null, false)) { $errors['file_exists'] = __('This script already exists', 'themes'); } // Save fields if (Request::post('content')) { $content = Request::post('content'); } else { $content = ''; } if (count($errors) == 0) { $script_old_filename = $script_path . Request::post('script_old_name') . '.js'; $script_new_filename = $script_path . Security::safeName(Request::post('name'), null, false) . '.js'; if (!empty($script_old_filename)) { if ($script_old_filename !== $script_new_filename) { rename($script_old_filename, $script_new_filename); $save_filename = $script_new_filename; } else { $save_filename = $script_new_filename; } } else { $save_filename = $script_new_filename; } // Save chunk File::setContent($save_filename, Request::post('content')); Notification::set('success', __('Your changes to the script <i>:name</i> have been saved.', 'themes', array(':name' => basename($save_filename, '.js')))); // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Javascript version Javascript::javascriptVersionIncrement(); if (Request::post('edit_file_and_exit')) { Request::redirect('index.php?id=themes'); } else { Request::redirect('index.php?id=themes&action=edit_script&filename=' . Security::safeName(Request::post('name'), null, false)); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } if (Request::post('name')) { $name = Request::post('name'); } else { $name = File::name(Request::get('filename')); } $content = File::getContent($script_path . Request::get('filename') . '.js'); // Display view View::factory('box/themes/views/backend/edit')->assign('content', $content)->assign('name', $name)->assign('errors', $errors)->assign('action', 'script')->display(); break; // Delete chunk // ------------------------------------- // Delete chunk // ------------------------------------- case "delete_chunk": if (Security::check(Request::get('token'))) { File::delete($chunk_path . Request::get('filename') . '.chunk.php'); Notification::set('success', __('Chunk <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename'))))); Request::redirect('index.php?id=themes'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } break; // Delete styles // ------------------------------------- // Delete styles // ------------------------------------- case "delete_styles": if (Security::check(Request::get('token'))) { File::delete($style_path . Request::get('filename') . '.css'); Notification::set('success', __('Styles <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename'))))); // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Styles version Stylesheet::stylesVersionIncrement(); Request::redirect('index.php?id=themes'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } break; // Delete script // ------------------------------------- // Delete script // ------------------------------------- case "delete_script": if (Security::check(Request::get('token'))) { File::delete($script_path . Request::get('filename') . '.js'); Notification::set('success', __('Script <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename'))))); // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Javascript version Javascript::javascriptVersionIncrement(); Request::redirect('index.php?id=themes'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } break; // Delete template // ------------------------------------- // Delete template // ------------------------------------- case "delete_template": if (Security::check(Request::get('token'))) { File::delete($template_path . Request::get('filename') . '.template.php'); Notification::set('success', __('Template <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename'))))); Request::redirect('index.php?id=themes'); } break; // Clone styles // ------------------------------------- // Clone styles // ------------------------------------- case "clone_styles": if (Security::check(Request::get('token'))) { File::setContent(THEMES_SITE . DS . $current_site_theme . DS . 'css' . DS . Request::get('filename') . '_clone_' . date("Ymd_His") . '.css', File::getContent(THEMES_SITE . DS . $current_site_theme . DS . 'css' . DS . Request::get('filename') . '.css')); // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Styles version Stylesheet::stylesVersionIncrement(); Request::redirect('index.php?id=themes'); } break; // Clone script // ------------------------------------- // Clone script // ------------------------------------- case "clone_script": if (Security::check(Request::get('token'))) { File::setContent(THEMES_SITE . DS . $current_site_theme . DS . 'js' . DS . Request::get('filename') . '_clone_' . date("Ymd_His") . '.js', File::getContent(THEMES_SITE . DS . $current_site_theme . DS . 'js' . DS . Request::get('filename') . '.js')); // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Javascript version Javascript::javascriptVersionIncrement(); Request::redirect('index.php?id=themes'); } break; // Clone template // ------------------------------------- // Clone template // ------------------------------------- case "clone_template": if (Security::check(Request::get('token'))) { File::setContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') . '_clone_' . date("Ymd_His") . '.template.php', File::getContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') . '.template.php')); Request::redirect('index.php?id=themes'); } break; // Clone chunk // ------------------------------------- // Clone chunk // ------------------------------------- case "clone_chunk": if (Security::check(Request::get('token'))) { File::setContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') . '_clone_' . date("Ymd_His") . '.chunk.php', File::getContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') . '.chunk.php')); Request::redirect('index.php?id=themes'); } break; } } else { // Display view View::factory('box/themes/views/backend/index')->assign('themes_site', $themes_site)->assign('themes_admin', $themes_admin)->assign('templates', $templates)->assign('chunks', $chunks)->assign('styles', $styles)->assign('scripts', $scripts)->assign('current_site_theme', $current_site_theme)->assign('current_admin_theme', $current_admin_theme)->display(); } }
/** * @access public * @param int $id * @return void */ public function delete($id) { if (!is_numeric($id)) { Notification::set(StationDetails::WARNING, "No access allowed"); redirect("/graph"); } }
/** * Resend invitation e-mail * * @access public * @param int $id * @return void */ public function resendInvite($id) { if ($this->_send_user_invitation($id)) { Notification::set(User::SUCCESS, "The e-mail has been send"); } redirect("/user"); }
/** * Snippets admin function */ public static function main() { // Init vars $snippets_path = STORAGE . DS . 'snippets' . DS; $snippets_list = array(); $errors = array(); // Check for get actions // ------------------------------------- if (Request::get('action')) { // Switch actions // ------------------------------------- switch (Request::get('action')) { // Add snippet // ------------------------------------- case "add_snippet": if (Request::post('add_snippets') || Request::post('add_snippets_and_exit')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('name')) == '') { $errors['snippets_empty_name'] = __('Required field', 'snippets'); } if (file_exists($snippets_path . Security::safeName(Request::post('name')) . '.snippet.php')) { $errors['snippets_exists'] = __('This snippet already exists', 'snippets'); } if (count($errors) == 0) { // Save snippet File::setContent($snippets_path . Security::safeName(Request::post('name')) . '.snippet.php', Request::post('content')); Notification::set('success', __('Your changes to the snippet <i>:name</i> have been saved.', 'snippets', array(':name' => Security::safeName(Request::post('name'))))); if (Request::post('add_snippets_and_exit')) { Request::redirect('index.php?id=snippets'); } else { Request::redirect('index.php?id=snippets&action=edit_snippet&filename=' . Security::safeName(Request::post('name'))); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Save fields if (Request::post('name')) { $name = Request::post('name'); } else { $name = ''; } if (Request::post('content')) { $content = Request::post('content'); } else { $content = ''; } // Display view View::factory('box/snippets/views/backend/add')->assign('content', $content)->assign('name', $name)->assign('errors', $errors)->display(); break; // Edit snippet // ------------------------------------- // Edit snippet // ------------------------------------- case "edit_snippet": // Save current snippet action if (Request::post('edit_snippets') || Request::post('edit_snippets_and_exit')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('name')) == '') { $errors['snippets_empty_name'] = __('Required field', 'snippets'); } if (file_exists($snippets_path . Security::safeName(Request::post('name')) . '.snippet.php') and Security::safeName(Request::post('snippets_old_name')) !== Security::safeName(Request::post('name'))) { $errors['snippets_exists'] = __('This snippet already exists', 'snippets'); } // Save fields if (Request::post('content')) { $content = Request::post('content'); } else { $content = ''; } if (count($errors) == 0) { $snippet_old_filename = $snippets_path . Request::post('snippets_old_name') . '.snippet.php'; $snippet_new_filename = $snippets_path . Security::safeName(Request::post('name')) . '.snippet.php'; if (!empty($snippet_old_filename)) { if ($snippet_old_filename !== $snippet_new_filename) { rename($snippet_old_filename, $snippet_new_filename); $save_filename = $snippet_new_filename; } else { $save_filename = $snippet_new_filename; } } else { $save_filename = $snippet_new_filename; } // Save snippet File::setContent($save_filename, Request::post('content')); Notification::set('success', __('Your changes to the snippet <i>:name</i> have been saved.', 'snippets', array(':name' => basename($save_filename, '.snippet.php')))); if (Request::post('edit_snippets_and_exit')) { Request::redirect('index.php?id=snippets'); } else { Request::redirect('index.php?id=snippets&action=edit_snippet&filename=' . Security::safeName(Request::post('name'))); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } if (Request::post('name')) { $name = Request::post('name'); } else { $name = File::name(Request::get('filename')); } $content = File::getContent($snippets_path . Request::get('filename') . '.snippet.php'); // Display view View::factory('box/snippets/views/backend/edit')->assign('content', $content)->assign('name', $name)->assign('errors', $errors)->display(); break; case "delete_snippet": if (Security::check(Request::get('token'))) { File::delete($snippets_path . Request::get('filename') . '.snippet.php'); Notification::set('success', __('Snippet <i>:name</i> deleted', 'snippets', array(':name' => File::name(Request::get('filename'))))); Request::redirect('index.php?id=snippets'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } break; } } else { // Get snippets $snippets_list = File::scan($snippets_path, '.snippet.php'); // Display view View::factory('box/snippets/views/backend/index')->assign('snippets_list', $snippets_list)->display(); } }
// Generate new hash $new_hash = Text::random('alnum', 12); // Update user hash $users->updateWhere("[login='******']", array('hash' => $new_hash)); $mail = new PHPMailer(); $mail->CharSet = 'utf-8'; $mail->ContentType = 'text/html'; $mail->SetFrom(Option::get('system_email')); $mail->AddReplyTo(Option::get('system_email')); $mail->AddAddress($user['email'], $user['login']); $mail->Subject = __('Your login details for :site_name', 'users', array(':site_name' => $site_name)); $mail->MsgHTML(View::factory('box/emails/views/emails/email_layout')->assign('site_url', $site_url)->assign('site_name', $site_name)->assign('user_id', $user['id'])->assign('user_login', $user['login'])->assign('new_hash', $new_hash)->assign('email_template', 'reset-password')->render()); $mail->Send(); // Set notification Notification::set('success', __('Your login details for :site_name has been sent', 'users', array(':site_name' => $site_name))); Notification::set('reset_password', 'reset_password'); // Redirect to password-reset page Request::redirect(Site::url() . '/admin'); } Notification::setNow('reset_password', 'reset_password'); } // If admin user is login = true then set is_admin = true if (Session::exists('admin') && Session::get('admin') == true) { $is_admin = true; } else { $is_admin = false; } // Logout user from system if (Request::get('logout') && Request::get('logout') == 'do') { Session::destroy(); }
/** * System plugin admin */ public static function main() { if (Session::exists('user_role') && in_array(Session::get('user_role'), array('admin'))) { $filters = Filter::$filters; $plugins = Plugin::$plugins; $components = Plugin::$components; $actions = Action::$actions; // Get pages table $pages = new Table('pages'); // Get system timezone $system_timezone = Option::get('timezone'); // Get languages files $language_files = File::scan(PLUGINS_BOX . DS . 'system' . DS . 'languages' . DS, '.lang.php'); foreach ($language_files as $language) { $parts = explode('.', $language); $languages_array[$parts[0]] = I18n::$locales[$parts[0]]; } // Get all pages $pages_array = array(); $pages_list = $pages->select('[slug!="error404" and parent="" and status="published"]'); foreach ($pages_list as $page) { $pages_array[$page['slug']] = Html::toText($page['title']); } // Create Sitemap // ------------------------------------- if (Request::get('sitemap') == 'create') { if (Security::check(Request::get('token'))) { Notification::set('success', __('Sitemap created', 'system')); Sitemap::create(); Request::redirect('index.php?id=system'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Delete temporary files // ------------------------------------- if (Request::get('temporary_files') == 'delete') { if (Security::check(Request::get('token'))) { Monstra::cleanTmp(); if (count(File::scan(MINIFY, array('css', 'js', 'php'))) == 0 && count(Dir::scan(CACHE)) == 0) { Notification::set('success', __('Temporary files deleted', 'system')); Request::redirect('index.php?id=system'); } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Set maintenance state on or off // ------------------------------------- if (Request::get('maintenance')) { if (Security::check(Request::get('token'))) { if ('on' == Request::get('maintenance')) { Option::update('maintenance_status', 'on'); Request::redirect('index.php?id=system'); } if ('off' == Request::get('maintenance')) { Option::update('maintenance_status', 'off'); Request::redirect('index.php?id=system'); } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Edit settings // ------------------------------------- if (Request::post('edit_settings')) { if (Security::check(Request::post('csrf'))) { // Add trailing slashes $_site_url = Request::post('system_url'); Option::update(array('sitename' => Request::post('site_name'), 'keywords' => Request::post('site_keywords'), 'description' => Request::post('site_description'), 'slogan' => Request::post('site_slogan'), 'defaultpage' => Request::post('site_default_page'), 'siteurl' => $_site_url, 'timezone' => Request::post('system_timezone'), 'system_email' => Request::post('system_email'), 'language' => Request::post('system_language'), 'maintenance_message' => Request::post('site_maintenance_message'))); Notification::set('success', __('Your changes have been saved.', 'system')); Request::redirect('index.php?id=system'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Its mean that you can add your own actions for this plugin Action::run('admin_system_extra_actions'); // Display view View::factory('box/system/views/backend/index')->assign('pages_array', $pages_array)->assign('languages_array', $languages_array)->display(); } else { Request::redirect('index.php?id=users&action=edit&user_id=' . Session::get('user_id')); } }
/** * Get posts * * <code> * // Get all posts * echo Blog::getPosts(); * * // Get last 5 posts * echo Blog::getPosts(5); * </code> * * @param integer $num Number of posts to show * @return string */ public static function getPosts($nums = 10) { // Get page param $page = Request::get('page') ? (int) Request::get('page') : 1; if (Request::get('tag')) { $query = '[parent="' . Blog::$parent_page_name . '" and status="published" and contains(tags, "' . Request::get('tag') . '")]'; Notification::set('tag', Request::get('tag')); } else { $query = '[parent="' . Blog::$parent_page_name . '" and status="published"]'; Notification::clean(); } // Get Elements Count $elements = count(Pages::$pages->select($query, 'all')); // Get Pages Count $pages = ceil($elements / $nums); if ($page < 1) { $page = 1; } elseif ($page > $pages) { $page = $pages; } $start = ($page - 1) * $nums; // If there is no posts if ($start < 0) { $start = 0; } // Get posts and sort by DESC $posts = Pages::$pages->select($query, $nums, $start, array('slug', 'title', 'author', 'date'), 'date', 'DESC'); // Loop foreach ($posts as $key => $post) { $post_short = explode("{cut}", Text::toHtml(File::getContent(STORAGE . DS . 'pages' . DS . $post['id'] . '.page.txt'))); $posts[$key]['content'] = Filter::apply('content', $post_short[0]); } // Display view return View::factory('blog/views/frontend/index')->assign('posts', $posts)->render() . View::factory('blog/views/frontend/pager')->assign('pages', $pages)->assign('page', $page)->render(); }
/** * @access protected * @return boolean */ public function delete($id) { $this->allow("admin"); $feedback = new UserFeedback(); $obj = $feedback->findById($id); if ($obj) { if ($feedback->delete($id)) { redirect("/feedback"); } } Notification::set(Feedback::DANGER, "Something went wrong. Please try again."); redirect("/feedback"); }
/** * Plugins admin */ public static function main() { // Get siteurl $site_url = Option::get('siteurl'); // Get installed plugin from $plugins array $installed_plugins = Plugin::$plugins; // Get installed users plugins $_users_plugins = array(); foreach (Plugin::$plugins as $plugin) { if ($plugin['privilege'] !== 'box') { $_users_plugins[] = $plugin['id']; } } // Get plugins table $plugins = new Table('plugins'); // Delete plugin // ------------------------------------- if (Request::get('delete_plugin')) { if (Security::check(Request::get('token'))) { // Nobody cant remove box plugins if ($installed_plugins[Text::lowercase(str_replace("Plugin", "", Request::get('delete_plugin')))]['privilege'] !== 'box') { // Run plugin uninstaller file $plugin_name = Request::get('delete_plugin'); if (File::exists(PLUGINS . DS . $plugin_name . DS . 'install' . DS . $plugin_name . '.uninstall.php')) { include PLUGINS . DS . $plugin_name . DS . 'install' . DS . $plugin_name . '.uninstall.php'; } // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Styles and Javascript version Stylesheet::stylesVersionIncrement(); Javascript::javascriptVersionIncrement(); // Delete plugin form plugins table $plugins->deleteWhere('[name="' . Request::get('delete_plugin') . '"]'); // Redirect Request::redirect('index.php?id=plugins'); } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Install new plugin // ------------------------------------- if (Request::get('install')) { if (Security::check(Request::get('token'))) { // Load plugin install xml file $plugin_xml = XML::loadFile(PLUGINS . DS . basename(Text::lowercase(Request::get('install')), '.manifest.xml') . DS . 'install' . DS . Request::get('install')); // Add plugin to plugins table $plugins->insert(array('name' => basename(Request::get('install'), '.manifest.xml'), 'location' => (string) $plugin_xml->plugin_location, 'status' => (string) $plugin_xml->plugin_status, 'priority' => (int) $plugin_xml->plugin_priority)); // Clean Monstra TMP folder. Monstra::cleanTmp(); Stylesheet::stylesVersionIncrement(); Javascript::javascriptVersionIncrement(); // Run plugin installer file $plugin_name = str_replace(array("Plugin", ".manifest.xml"), "", Request::get('install')); if (File::exists(PLUGINS . DS . basename(Text::lowercase(Request::get('install')), '.manifest.xml') . DS . 'install' . DS . $plugin_name . '.install.php')) { include PLUGINS . DS . basename(Text::lowercase(Request::get('install')), '.manifest.xml') . DS . 'install' . DS . $plugin_name . '.install.php'; } Request::redirect('index.php?id=plugins'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Delete plugin from server // ------------------------------------- if (Request::get('delete_plugin_from_server')) { if (Security::check(Request::get('token'))) { // Clean Monstra TMP folder. Monstra::cleanTmp(); Stylesheet::stylesVersionIncrement(); Javascript::javascriptVersionIncrement(); Dir::delete(PLUGINS . DS . basename(Request::get('delete_plugin_from_server'), '.manifest.xml')); Request::redirect('index.php?id=plugins'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Upload & extract plugin archive // ------------------------------------- if (Request::post('upload_file')) { if (Security::check(Request::post('csrf'))) { if ($_FILES['file']) { if (in_array(File::ext($_FILES['file']['name']), array('zip'))) { $tmp_dir = ROOT . DS . 'tmp' . DS . uniqid('plugin_'); $error = 'Plugin was not uploaded'; if (Dir::create($tmp_dir)) { $file_locations = Zip::factory()->extract($_FILES['file']['tmp_name'], $tmp_dir); if (!empty($file_locations)) { $manifest = ''; foreach ($file_locations as $filepath) { if (substr($filepath, -strlen('.manifest.xml')) === '.manifest.xml') { $manifest = $filepath; break; } } if (!empty($manifest) && basename(dirname($manifest)) === 'install') { $manifest_file = pathinfo($manifest, PATHINFO_BASENAME); $plugin_name = str_replace('.manifest.xml', '', $manifest_file); if (Dir::create(PLUGINS . DS . $plugin_name)) { $tmp_plugin_dir = dirname(dirname($manifest)); Dir::copy($tmp_plugin_dir, PLUGINS . DS . $plugin_name); Notification::set('success', __('Plugin was uploaded', 'plugins')); $error = false; } } } } else { $error = 'System error'; } } else { $error = 'Forbidden plugin file type'; } } else { $error = 'Plugin was not uploaded'; } if ($error) { Notification::set('error', __($error, 'plugins')); } if (Request::post('dragndrop')) { Request::shutdown(); } else { Request::redirect($site_url . '/admin/index.php?id=plugins#installnew'); } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Installed plugins $plugins_installed = array(); // New plugins $plugins_new = array(); // Plugins to install $plugins_to_intall = array(); // Scan plugins directory for .manifest.xml $plugins_new = File::scan(PLUGINS, '.manifest.xml'); // Get installed plugins from plugins table $plugins_installed = $plugins->select(null, 'all', null, array('location', 'priority'), 'priority', 'ASC'); // Update $plugins_installed array. extract plugins names foreach ($plugins_installed as $plg) { $_plg[] = basename($plg['location'], 'plugin.php') . 'manifest.xml'; } // Diff $plugins_to_install = array_diff($plugins_new, $_plg); // Create array of plugins to install $count = 0; foreach ($plugins_to_install as $plugin) { $plg_path = PLUGINS . DS . Text::lowercase(basename($plugin, '.manifest.xml')) . DS . 'install' . DS . $plugin; if (file_exists($plg_path)) { $plugins_to_intall[$count]['path'] = $plg_path; $plugins_to_intall[$count]['plugin'] = $plugin; $count++; } } // Draw template View::factory('box/plugins/views/backend/index')->assign('installed_plugins', $installed_plugins)->assign('plugins_to_intall', $plugins_to_intall)->assign('_users_plugins', $_users_plugins)->assign('fileuploader', array('uploadUrl' => $site_url . '/admin/index.php?id=plugins', 'csrf' => Security::token(), 'errorMsg' => __('Upload server error', 'filesmanager')))->display(); }
/** * Enable a station * * @access public * @param int $id (station id) * @return void */ public function enable($id) { $station = (new Station())->findById($id); if ($station->getId() !== null) { $station->setActive(1); if ($station->save() !== false) { Notification::set(Stations::SUCCESS, "The station is activated"); } else { Notification::set(Stations::WARNING, "Something went wrong. Please try agian"); } } redirect("/stations/"); }
/** * Pages admin function */ public static function main() { $current_theme = Option::get('theme_site_name'); $site_url = Option::get('siteurl'); $templates_path = THEMES_SITE; $errors = array(); $pages = new Table('pages'); PagesAdmin::$pages = $pages; $users = new Table('users'); $user = $users->select('[id=' . Session::get('user_id') . ']', null); // Page author if (!empty($user['firstname'])) { $author = empty($user['lastname']) ? $user['firstname'] : $user['firstname'] . ' ' . $user['lastname']; } else { $author = Session::get('user_login'); } $author = Html::toText($author); // Status array $status_array = array('published' => __('Published', 'pages'), 'draft' => __('Draft', 'pages')); // Access array $access_array = array('public' => __('Public', 'pages'), 'registered' => __('Registered', 'pages')); // Check for get actions // --------------------------------------------- if (Request::get('action')) { // Switch actions // ----------------------------------------- switch (Request::get('action')) { // Clone page // ------------------------------------- case "clone_page": if (Security::check(Request::get('token'))) { // Generate rand page name $rand_page_name = Request::get('name') . '_clone_' . date("Ymd_His"); // Get original page $orig_page = $pages->select('[slug="' . Request::get('name') . '"]', null); // Generate rand page title $rand_page_title = $orig_page['title'] . ' [copy]'; // Clone page if ($pages->insert(array('slug' => $rand_page_name, 'template' => $orig_page['template'], 'parent' => $orig_page['parent'], 'robots_index' => $orig_page['robots_index'], 'robots_follow' => $orig_page['robots_follow'], 'status' => $orig_page['status'], 'access' => isset($orig_page['access']) ? $orig_page['access'] : 'public', 'expand' => isset($orig_page['expand']) ? $orig_page['expand'] : '0', 'title' => $rand_page_title, 'meta_title' => $orig_page['meta_title'], 'description' => $orig_page['description'], 'keywords' => $orig_page['keywords'], 'tags' => $orig_page['tags'], 'date' => $orig_page['date'], 'author' => $orig_page['author']))) { // Get cloned page ID $last_id = $pages->lastId(); // Save cloned page content File::setContent(STORAGE . DS . 'pages' . DS . $last_id . '.page.txt', File::getContent(STORAGE . DS . 'pages' . DS . $orig_page['id'] . '.page.txt')); // Send notification Notification::set('success', __('The page <i>:page</i> cloned.', 'pages', array(':page' => Security::safeName(Request::get('name'), '-', true)))); } // Run add extra actions Action::run('admin_pages_action_clone'); // Redirect Request::redirect('index.php?id=pages'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } break; // Add page // ------------------------------------- // Add page // ------------------------------------- case "add_page": // Add page if (Request::post('add_page') || Request::post('add_page_and_exit')) { if (Security::check(Request::post('csrf'))) { // Get parent page if (Request::post('pages') == '0') { $parent_page = ''; } else { $parent_page = Request::post('pages'); } // Validate //-------------- if (trim(Request::post('page_name')) == '') { $errors['pages_empty_name'] = __('Required field', 'pages'); } if (trim(Request::post('page_title')) == '') { $errors['pages_empty_title'] = __('Required field', 'pages'); } if (count($pages->select('[slug="' . Security::safeName(Request::post('page_name'), '-', true) . '"]')) != 0) { $errors['pages_exists'] = __('This page already exists', 'pages'); } // Prepare date if (Valid::date(Request::post('page_date'))) { $date = strtotime(Request::post('page_date')); } else { $date = time(); } if (Request::post('robots_index')) { $robots_index = 'noindex'; } else { $robots_index = 'index'; } if (Request::post('robots_follow')) { $robots_follow = 'nofollow'; } else { $robots_follow = 'follow'; } // If no errors then try to save if (count($errors) == 0) { // Insert new page if ($pages->insert(array('slug' => Security::safeName(Request::post('page_name'), '-', true), 'template' => Request::post('templates'), 'parent' => $parent_page, 'status' => Request::post('status'), 'access' => Request::post('access'), 'expand' => '0', 'robots_index' => $robots_index, 'robots_follow' => $robots_follow, 'title' => Request::post('page_title'), 'meta_title' => Request::post('page_meta_title'), 'description' => Request::post('page_description'), 'keywords' => Request::post('page_keywords'), 'tags' => Request::post('page_tags'), 'date' => $date, 'author' => $author))) { // Get inserted page ID $last_id = $pages->lastId(); // Save content File::setContent(STORAGE . DS . 'pages' . DS . $last_id . '.page.txt', XML::safe(Request::post('editor'))); // Send notification Notification::set('success', __('Your changes to the page <i>:page</i> have been saved.', 'pages', array(':page' => Security::safeName(Request::post('page_title'), '-', true)))); } // Run add extra actions Action::run('admin_pages_action_add'); // Redirect if (Request::post('add_page_and_exit')) { Request::redirect('index.php?id=pages'); } else { Request::redirect('index.php?id=pages&action=edit_page&name=' . Security::safeName(Request::post('page_name'), '-', true)); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Get all pages $pages_list = $pages->select('[slug!="error404" and parent=""]'); $pages_array[] = '-none-'; foreach ($pages_list as $page) { $pages_array[$page['slug']] = $page['title']; } // Get all templates $templates_list = File::scan($templates_path, '.template.php'); foreach ($templates_list as $file) { $templates_array[basename($file, '.template.php')] = basename($file, '.template.php'); } // Save fields if (Request::post('page_name')) { $post_name = Request::post('page_name'); } else { $post_name = ''; } if (Request::post('page_title')) { $post_title = Request::post('page_title'); } else { $post_title = ''; } if (Request::post('page_meta_title')) { $post_meta_title = Request::post('page_meta_title'); } else { $post_meta_title = ''; } if (Request::post('page_keywords')) { $post_keywords = Request::post('page_keywords'); } else { $post_keywords = ''; } if (Request::post('page_description')) { $post_description = Request::post('page_description'); } else { $post_description = ''; } if (Request::post('page_tags')) { $post_tags = Request::post('page_tags'); } else { $post_tags = ''; } if (Request::post('editor')) { $post_content = Request::post('editor'); } else { $post_content = ''; } if (Request::post('templates')) { $post_template = Request::post('templates'); } else { $post_template = 'index'; } if (Request::post('status')) { $post_status = Request::post('status'); } else { $post_status = 'published'; } if (Request::post('access')) { $post_access = Request::post('access'); } else { $post_access = 'public'; } if (Request::post('pages')) { $parent_page = Request::post('pages'); } else { if (Request::get('parent_page')) { $parent_page = Request::get('parent_page'); } else { $parent_page = ''; } } if (Request::post('robots_index')) { $post_robots_index = true; } else { $post_robots_index = false; } if (Request::post('robots_follow')) { $post_robots_follow = true; } else { $post_robots_follow = false; } //-------------- // Generate date $date = Date::format(time(), 'Y-m-d H:i:s'); // Set Tabs State - page Notification::setNow('page', 'page'); // Display view View::factory('box/pages/views/backend/add')->assign('post_name', $post_name)->assign('post_title', $post_title)->assign('post_meta_title', $post_meta_title)->assign('post_description', $post_description)->assign('post_keywords', $post_keywords)->assign('post_tags', $post_tags)->assign('post_content', $post_content)->assign('pages_array', $pages_array)->assign('parent_page', $parent_page)->assign('templates_array', $templates_array)->assign('post_template', $post_template)->assign('post_status', $post_status)->assign('post_access', $post_access)->assign('status_array', $status_array)->assign('access_array', $access_array)->assign('date', $date)->assign('post_robots_index', $post_robots_index)->assign('post_robots_follow', $post_robots_follow)->assign('errors', $errors)->display(); break; // Edit page // ------------------------------------- // Edit page // ------------------------------------- case "edit_page": if (Request::post('edit_page') || Request::post('edit_page_and_exit')) { if (Security::check(Request::post('csrf'))) { // Get pages parent if (Request::post('pages') == '0') { $parent_page = ''; } else { $parent_page = Request::post('pages'); } // Save field $post_parent = Request::post('pages'); // Validate //-------------- if (trim(Request::post('page_name')) == '') { $errors['pages_empty_name'] = __('Required field', 'pages'); } if (count($pages->select('[slug="' . Security::safeName(Request::post('page_name'), '-', true) . '"]')) != 0 and Security::safeName(Request::post('page_old_name'), '-', true) !== Security::safeName(Request::post('page_name'), '-', true)) { $errors['pages_exists'] = __('This page already exists', 'pages'); } if (trim(Request::post('page_title')) == '') { $errors['pages_empty_title'] = __('Required field', 'pages'); } // Save fields if (Request::post('page_name')) { $post_name = Request::post('page_name'); } else { $post_name = ''; } if (Request::post('page_title')) { $post_title = Request::post('page_title'); } else { $post_title = ''; } if (Request::post('page_meta_title')) { $post_meta_title = Request::post('page_meta_title'); } else { $post_meta_title = ''; } if (Request::post('page_keywords')) { $post_keywords = Request::post('page_keywords'); } else { $post_keywords = ''; } if (Request::post('page_description')) { $post_description = Request::post('page_description'); } else { $post_description = ''; } if (Request::post('page_tags')) { $post_tags = Request::post('page_tags'); } else { $post_tags = ''; } if (Request::post('editor')) { $post_content = Request::post('editor'); } else { $post_content = ''; } if (Request::post('templates')) { $post_template = Request::post('templates'); } else { $post_template = 'index'; } if (Request::post('status')) { $post_status = Request::post('status'); } else { $post_status = 'published'; } if (Request::post('access')) { $post_access = Request::post('access'); } else { $post_access = 'public'; } if (Request::post('robots_index')) { $post_robots_index = true; } else { $post_robots_index = false; } if (Request::post('robots_follow')) { $post_robots_follow = true; } else { $post_robots_follow = false; } //-------------- // Prepare date if (Valid::date(Request::post('page_date'))) { $date = strtotime(Request::post('page_date')); } else { $date = time(); } if (Request::post('robots_index')) { $robots_index = 'noindex'; } else { $robots_index = 'index'; } if (Request::post('robots_follow')) { $robots_follow = 'nofollow'; } else { $robots_follow = 'follow'; } if (count($errors) == 0) { // Update parents in all childrens if (Security::safeName(Request::post('page_name'), '-', true) !== Security::safeName(Request::post('page_old_name'), '-', true) and Request::post('old_parent') == '') { $_pages = $pages->select('[parent="' . Text::translitIt(trim(Request::post('page_old_name'))) . '"]'); if (!empty($_pages)) { foreach ($_pages as $_page) { $pages->updateWhere('[parent="' . $_page['parent'] . '"]', array('parent' => Security::safeName(Request::post('page_name'), '-', true))); } } if ($pages->updateWhere('[slug="' . Request::get('name') . '"]', array('slug' => Security::safeName(Request::post('page_name'), '-', true), 'template' => Request::post('templates'), 'parent' => $parent_page, 'title' => Request::post('page_title'), 'meta_title' => Request::post('page_meta_title'), 'description' => Request::post('page_description'), 'keywords' => Request::post('page_keywords'), 'tags' => Request::post('page_tags'), 'robots_index' => $robots_index, 'robots_follow' => $robots_follow, 'status' => Request::post('status'), 'access' => Request::post('access'), 'date' => $date, 'author' => $author))) { File::setContent(STORAGE . DS . 'pages' . DS . Request::post('page_id') . '.page.txt', XML::safe(Request::post('editor'))); Notification::set('success', __('Your changes to the page <i>:page</i> have been saved.', 'pages', array(':page' => Security::safeName(Request::post('page_title'), '-', true)))); } // Run edit extra actions Action::run('admin_pages_action_edit'); } else { if ($pages->updateWhere('[slug="' . Request::get('name') . '"]', array('slug' => Security::safeName(Request::post('page_name'), '-', true), 'template' => Request::post('templates'), 'parent' => $parent_page, 'title' => Request::post('page_title'), 'meta_title' => Request::post('page_meta_title'), 'description' => Request::post('page_description'), 'keywords' => Request::post('page_keywords'), 'tags' => Request::post('page_tags'), 'robots_index' => $robots_index, 'robots_follow' => $robots_follow, 'status' => Request::post('status'), 'access' => Request::post('access'), 'date' => $date, 'author' => $author))) { File::setContent(STORAGE . DS . 'pages' . DS . Request::post('page_id') . '.page.txt', XML::safe(Request::post('editor'))); Notification::set('success', __('Your changes to the page <i>:page</i> have been saved.', 'pages', array(':page' => Security::safeName(Request::post('page_title'), '-', true)))); } // Run edit extra actions Action::run('admin_pages_action_edit'); } // Redirect if (Request::post('edit_page_and_exit')) { Request::redirect('index.php?id=pages'); } else { Request::redirect('index.php?id=pages&action=edit_page&name=' . Security::safeName(Request::post('page_name'), '-', true)); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Get all pages $pages_list = $pages->select(); $pages_array[] = '-none-'; // Foreach pages find page whithout parent foreach ($pages_list as $page) { if (isset($page['parent'])) { $c_p = $page['parent']; } else { $c_p = ''; } if ($c_p == '') { // error404 is system "constant" and no child for it if ($page['slug'] !== 'error404' && $page['slug'] !== Request::get('name')) { $pages_array[$page['slug']] = $page['title']; } } } // Get all templates $templates_list = File::scan($templates_path, '.template.php'); foreach ($templates_list as $file) { $templates_array[basename($file, '.template.php')] = basename($file, '.template.php'); } $page = $pages->select('[slug="' . Request::get('name') . '"]', null); if ($page) { $page_content = File::getContent(STORAGE . DS . 'pages' . DS . $page['id'] . '.page.txt'); // Safe fields or load fields if (Request::post('page_name')) { $slug_to_edit = Request::post('page_name'); } else { $slug_to_edit = $page['slug']; } if (Request::post('page_title')) { $title_to_edit = Request::post('page_title'); } else { $title_to_edit = $page['title']; } if (Request::post('page_meta_title')) { $meta_title_to_edit = Request::post('page_meta_title'); } else { $meta_title_to_edit = isset($page['meta_title']) ? $page['meta_title'] : ''; } if (Request::post('page_description')) { $description_to_edit = Request::post('page_description'); } else { $description_to_edit = $page['description']; } if (Request::post('page_keywords')) { $keywords_to_edit = Request::post('page_keywords'); } else { $keywords_to_edit = $page['keywords']; } if (Request::post('page_tags')) { $tags_to_edit = Request::post('page_tags'); } else { $tags_to_edit = isset($page['tags']) ? $page['tags'] : ''; } if (Request::post('editor')) { $to_edit = Request::post('editor'); } else { $to_edit = Text::toHtml($page_content); } if (Request::post('robots_index')) { $post_robots_index = true; } else { if ($page['robots_index'] == 'noindex') { $post_robots_index = true; } else { $post_robots_index = false; } } if (Request::post('robots_follow')) { $post_robots_follow = true; } else { if ($page['robots_follow'] == 'nofollow') { $post_robots_follow = true; } else { $post_robots_follow = false; } } if (Request::post('pages')) { // Get pages parent if (Request::post('pages') == '-none-') { $parent_page = ''; } else { $parent_page = Request::post('pages'); } // Save field $parent_page = Request::post('pages'); } else { $parent_page = $page['parent']; } if (Request::post('templates')) { $template = Request::post('templates'); } else { $template = $page['template']; } if (Request::post('status')) { $status = Request::post('status'); } else { $status = $page['status']; } if (Request::post('access')) { $access = Request::post('access'); } else { $access = isset($page['access']) ? $page['access'] : 'public'; } // Generate date $date = Request::post('date') ? Request::post('date') : Date::format($page['date'], 'Y-m-d H:i:s'); Notification::setNow('page', 'page'); // Display view View::factory('box/pages/views/backend/edit')->assign('slug_to_edit', $slug_to_edit)->assign('title_to_edit', $title_to_edit)->assign('meta_title_to_edit', $meta_title_to_edit)->assign('description_to_edit', $description_to_edit)->assign('keywords_to_edit', $keywords_to_edit)->assign('tags_to_edit', $tags_to_edit)->assign('page', $page)->assign('to_edit', $to_edit)->assign('pages_array', $pages_array)->assign('parent_page', $parent_page)->assign('templates_array', $templates_array)->assign('template', $template)->assign('status_array', $status_array)->assign('access_array', $access_array)->assign('status', $status)->assign('access', $access)->assign('date', $date)->assign('post_robots_index', $post_robots_index)->assign('post_robots_follow', $post_robots_follow)->assign('errors', $errors)->display(); } break; // Delete page // ------------------------------------- // Delete page // ------------------------------------- case "delete_page": // Error 404 page can not be removed if (Request::get('slug') !== 'error404') { if (Security::check(Request::get('token'))) { // Get specific page $page = $pages->select('[slug="' . Request::get('name') . '"]', null); // Delete page and update <parent> fields if ($pages->deleteWhere('[slug="' . $page['slug'] . '" ]')) { $_pages = $pages->select('[parent="' . $page['slug'] . '"]'); if (!empty($_pages)) { foreach ($_pages as $_page) { $pages->updateWhere('[slug="' . $_page['slug'] . '"]', array('parent' => '')); } } File::delete(STORAGE . DS . 'pages' . DS . $page['id'] . '.page.txt'); Notification::set('success', __('Page <i>:page</i> deleted', 'pages', array(':page' => Html::toText($page['title'])))); } // Run delete extra actions Action::run('admin_pages_action_delete'); // Redirect Request::redirect('index.php?id=pages'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } break; // Update page access // ------------------------------------- // Update page access // ------------------------------------- case "update_access": if (Request::get('slug') !== 'error404') { if (Security::check(Request::get('token'))) { $pages->updateWhere('[slug="' . Request::get('slug') . '"]', array('access' => Request::get('access'))); // Run delete extra actions Action::run('admin_pages_action_update_access'); // Send notification Notification::set('success', __('Your changes to the page <i>:page</i> have been saved.', 'pages', array(':page' => Request::get('slug')))); // Redirect Request::redirect('index.php?id=pages'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } break; // Update page status // ------------------------------------- // Update page status // ------------------------------------- case "update_status": if (Request::get('name') !== 'error404') { if (Security::check(Request::get('token'))) { $pages->updateWhere('[slug="' . Request::get('slug') . '"]', array('status' => Request::get('status'))); // Run delete extra actions Action::run('admin_pages_action_update_status'); // Send notification Notification::set('success', __('Your changes to the page <i>:page</i> have been saved.', 'pages', array(':page' => Request::get('slug')))); // Redirect Request::redirect('index.php?id=pages'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } break; } // Its mean that you can add your own actions for this plugin Action::run('admin_pages_extra_actions'); } else { // Index action // ------------------------------------- // Init vars $pages_array = array(); $count = 0; // Get pages $pages_list = $pages->select(null, 'all', null, array('slug', 'title', 'status', 'date', 'author', 'expand', 'access', 'parent', 'template', 'tags')); // Loop foreach ($pages_list as $page) { $pages_array[$count]['title'] = $page['title']; $pages_array[$count]['meta_title'] = isset($page['meta_title']) ? $page['meta_title'] : ''; $pages_array[$count]['parent'] = $page['parent']; $pages_array[$count]['_status'] = $page['status']; $pages_array[$count]['_access'] = $page['access']; $pages_array[$count]['status'] = $status_array[$page['status']]; $pages_array[$count]['access'] = isset($access_array[$page['access']]) ? $access_array[$page['access']] : $access_array['public']; // hack for old Monstra Versions $pages_array[$count]['date'] = $page['date']; $pages_array[$count]['author'] = $page['author']; $pages_array[$count]['expand'] = $page['expand']; $pages_array[$count]['slug'] = $page['slug']; $pages_array[$count]['tags'] = $page['tags']; $pages_array[$count]['template'] = $page['template']; if (isset($page['parent'])) { $c_p = $page['parent']; } else { $c_p = ''; } if ($c_p != '') { $_page = $pages->select('[slug="' . $page['parent'] . '"]', null); if (isset($_page['title'])) { $_title = $_page['title']; } else { $_title = ''; } $pages_array[$count]['sort'] = $_title . ' ' . $page['title']; } else { $pages_array[$count]['sort'] = $page['title']; } $_title = ''; $count++; } // Sort pages $pages = Arr::subvalSort($pages_array, 'sort'); // Display view View::factory('box/pages/views/backend/index')->assign('pages', $pages)->assign('site_url', $site_url)->display(); } }
/** * Users admin */ public static function main() { // Users roles $roles = array('admin' => __('Admin', 'users'), 'editor' => __('Editor', 'users'), 'user' => __('User', 'users')); // Get uses table $users = new Table('users'); if (Option::get('users_frontend_registration') === 'true') { $users_frontend_registration = true; } else { $users_frontend_registration = false; } if (Request::post('users_frontend_submit')) { if (Security::check(Request::post('csrf'))) { if (Request::post('users_frontend_registration')) { $users_frontend_registration = 'true'; } else { $users_frontend_registration = 'false'; } if (Option::update('users_frontend_registration', $users_frontend_registration)) { Notification::set('success', __('Your changes have been saved.', 'users')); } else { Notification::set('error', __('Your changes was not saved.', 'users')); } Request::redirect('index.php?id=users'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Check for get actions // --------------------------------------------- if (Request::get('action')) { // Switch actions // ----------------------------------------- switch (Request::get('action')) { // Add // ------------------------------------- case "add": if (Session::exists('user_role') && in_array(Session::get('user_role'), array('admin'))) { // Errors $errors = array(); if (Request::post('register')) { if (Security::check(Request::post('csrf'))) { $user_login = trim(Request::post('login')); $user_password = trim(Request::post('password')); $user_email = trim(Request::post('email')); if ($user_login == '') { $errors['users_empty_login'] = __('Required field', 'users'); } if ($user_password == '') { $errors['users_empty_password'] = __('Required field', 'users'); } if ($user_email == '') { $errors['users_empty_email'] = __('Required field', 'users'); } if ($users->select("[login='******']")) { $errors['users_this_user_already_exists'] = __('This user already exists', 'users'); } if ($users->select("[email='" . $user_email . "']")) { $errors['users_this_email_already_exists'] = __('This email already exists', 'users'); } if (count($errors) == 0) { if ($users->insert(array('login' => Security::safeName($user_login), 'password' => Security::encryptPassword(Request::post('password')), 'email' => Request::post('email'), 'hash' => Text::random('alnum', 12), 'date_registered' => time(), 'role' => Request::post('role')))) { Notification::set('success', __('New user have been registered.', 'users')); } else { Notification::set('error', __('New user was not registered.', 'users')); } Request::redirect('index.php?id=users'); } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Display view View::factory('box/users/views/backend/add')->assign('roles', $roles)->assign('errors', $errors)->display(); } else { Request::redirect('index.php?id=users&action=edit&user_id=' . Session::get('user_id')); } break; // Edit // ------------------------------------- // Edit // ------------------------------------- case "edit": // Get current user record $user = $users->select("[id='" . (int) Request::get('user_id') . "']", null); if (isset($user['firstname'])) { $user_firstname = $user['firstname']; } else { $user_firstname = ''; } if (isset($user['lastname'])) { $user_lastname = $user['lastname']; } else { $user_lastname = ''; } if (isset($user['email'])) { $user_email = $user['email']; } else { $user_email = ''; } if (isset($user['twitter'])) { $user_twitter = $user['twitter']; } else { $user_twitter = ''; } if (isset($user['skype'])) { $user_skype = $user['skype']; } else { $user_skype = ''; } if (isset($user['about_me'])) { $user_about_me = $user['about_me']; } else { $user_about_me = ''; } if (Session::exists('user_role') && in_array(Session::get('user_role'), array('admin', 'editor'))) { if (Request::post('edit_profile') and ((int) Session::get('user_id') == (int) Request::get('user_id') or in_array(Session::get('user_role'), array('admin')))) { if (Security::check(Request::post('csrf'))) { if (Security::safeName(Request::post('login')) != '') { if ($users->update(Request::post('user_id'), array('login' => Security::safeName(Request::post('login')), 'firstname' => Request::post('firstname'), 'lastname' => Request::post('lastname'), 'email' => Request::post('email'), 'skype' => Request::post('skype'), 'twitter' => Request::post('twitter'), 'about_me' => Request::post('about_me'), 'role' => Request::post('role')))) { Notification::set('success', __('Your changes have been saved.', 'users')); } else { Notification::set('error', __('Your changes was not saved.', 'users')); } Request::redirect('index.php?id=users&action=edit&user_id=' . Request::post('user_id')); } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } if (Request::post('edit_profile_password')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('new_password')) != '') { if ($users->update(Request::post('user_id'), array('password' => Security::encryptPassword(trim(Request::post('new_password')))))) { Notification::set('success', __('Your changes have been saved.', 'users')); } else { Notification::set('error', __('Your changes was not saved.', 'users')); } Request::redirect('index.php?id=users&action=edit&user_id=' . Request::post('user_id')); } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } if ((int) Session::get('user_id') == (int) Request::get('user_id') or in_array(Session::get('user_role'), array('admin')) && count($user) != 0) { // Display view View::factory('box/users/views/backend/edit')->assign('user', $user)->assign('user_firstname', $user_firstname)->assign('user_lastname', $user_lastname)->assign('user_email', $user_email)->assign('user_twitter', $user_twitter)->assign('user_skype', $user_skype)->assign('user_about_me', $user_about_me)->assign('roles', $roles)->display(); } else { echo __('Monstra says: This is not your profile...', 'users'); } } break; // Delete // ------------------------------------- // Delete // ------------------------------------- case "delete": if (Session::exists('user_role') && in_array(Session::get('user_role'), array('admin')) && (int) $_SESSION['user_id'] != (int) Request::get('user_id')) { if (Security::check(Request::get('token'))) { $user = $users->select('[id="' . Request::get('user_id') . '"]', null); if ($users->delete(Request::get('user_id'))) { Notification::set('success', __('User <i>:user</i> have been deleted.', 'users', array(':user' => $user['login']))); } else { Notification::set('error', __('User <i>:user</i> was not deleted.', 'users', array(':user' => $user['login']))); } Request::redirect('index.php?id=users'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } break; } } else { if (Session::exists('user_role') && in_array(Session::get('user_role'), array('admin'))) { // Dislay view View::factory('box/users/views/backend/index')->assign('roles', $roles)->assign('users_list', $users->select())->assign('users_frontend_registration', $users_frontend_registration)->display(); } else { Request::redirect('index.php?id=users&action=edit&user_id=' . Session::get('user_id')); } } }
/** * Main function */ public static function main() { // Array of forbidden types $forbidden_types = array('html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'php', 'phtml', 'php3', 'php4', 'php5', 'phps', 'shtml', 'jhtml', 'pl', 'py', 'cgi', 'sh', 'ksh', 'bsh', 'c', 'htaccess', 'htpasswd', 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl', 'empty'); // Array of image types $image_types = array('jpg', 'png', 'bmp', 'gif', 'tif'); // Get Site url $site_url = Option::get('siteurl'); // Init vars if (Request::get('path')) { $path = Request::get('path'); } else { $path = 'uploads/'; } // Add slash if not exists if (substr($path, -1, 1) != '/') { $path .= '/'; Request::redirect($site_url . '/admin/index.php?id=filesmanager&path=' . $path); } // Upload corectly! if ($path == 'uploads' || $path == 'uploads//') { $path = 'uploads/'; Request::redirect($site_url . '/admin/index.php?id=filesmanager&path=' . $path); } // Only 'uploads' folder! if (strpos($path, 'uploads') === false) { $path = 'uploads/'; Request::redirect($site_url . '/admin/index.php?id=filesmanager&path=' . $path); } // Set default path value if path is empty if ($path == '') { $path = 'uploads/'; Request::redirect($site_url . '/admin/index.php?id=filesmanager&path=' . $path); } $files_path = ROOT . DS . 'public' . DS . $path; $current = explode('/', $path); // Delete file // ------------------------------------- if (Request::get('id') == 'filesmanager' && Request::get('delete_file')) { if (Security::check(Request::get('token'))) { File::delete($files_path . Request::get('delete_file')); if (!is_file($files_path . Request::get('delete_file'))) { Notification::set('success', __('File was deleted', 'filesmanager')); } else { Notification::set('error', __('File was not deleted', 'filesmanager')); } Request::redirect($site_url . '/admin/index.php?id=filesmanager&path=' . $path); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Delete dir // ------------------------------------- if (Request::get('id') == 'filesmanager' && Request::get('delete_dir')) { if (Security::check(Request::get('token'))) { Dir::delete($files_path . Request::get('delete_dir')); if (!is_dir($files_path . Request::get('delete_dir'))) { Notification::set('success', __('Directory was deleted', 'filesmanager')); } else { Notification::set('error', __('Directory was not deleted', 'filesmanager')); } Request::redirect($site_url . '/admin/index.php?id=filesmanager&path=' . $path); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Rename file/dir // ------------------------------------- if (Request::post('rename_type')) { if (Security::check(Request::post('csrf'))) { $rename_type = Request::post('rename_type'); $rename_from = Request::post('rename_from'); $rename_to = Request::post('rename_to'); if (empty($rename_to)) { Notification::set('error', __('Can not be empty', 'filesmanager')); Request::redirect($site_url . '/admin/index.php?id=filesmanager&path=' . $path); } $ext = $rename_type === 'file' ? '.' . File::ext($rename_from) : ''; $rename_to = $files_path . Security::safeName($rename_to, null, false) . $ext; if (is_dir($rename_to)) { Notification::set('error', __('Directory exists', 'filesmanager')); Request::redirect($site_url . '/admin/index.php?id=filesmanager&path=' . $path); } if (is_file($rename_to)) { Notification::set('error', __('File exists', 'filesmanager')); Request::redirect($site_url . '/admin/index.php?id=filesmanager&path=' . $path); } $success = rename($files_path . $rename_from, $rename_to); if ($success) { Notification::set('success', __('Renamed successfully', 'filesmanager')); } else { Notification::set('error', __('Failure', 'filesmanager')); } Request::redirect($site_url . '/admin/index.php?id=filesmanager&path=' . $path); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Upload file // ------------------------------------- if (Request::post('upload_file')) { if (Security::check(Request::post('csrf'))) { $error = false; if ($_FILES['file']) { if (!in_array(File::ext($_FILES['file']['name']), $forbidden_types)) { $filepath = $files_path . Security::safeName(basename($_FILES['file']['name'], File::ext($_FILES['file']['name'])), null, false) . '.' . File::ext($_FILES['file']['name']); $uploaded = move_uploaded_file($_FILES['file']['tmp_name'], $filepath); if ($uploaded !== false && is_file($filepath)) { Notification::set('success', __('File was uploaded', 'filesmanager')); } else { $error = 'File was not uploaded'; } } else { $error = 'Forbidden file type'; } } else { $error = 'File was not uploaded'; } if ($error) { Notification::set('error', __($error, 'filesmanager')); } if (Request::post('dragndrop')) { Request::shutdown(); } else { Request::redirect($site_url . '/admin/index.php?id=filesmanager&path=' . $path); } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Create Directory // ------------------------------------- if (Request::post('directory_name')) { if (Security::check(Request::post('csrf'))) { $abs_path = $files_path . Security::safeName(Request::post('directory_name'), null, false); $error = false; if (!is_dir($abs_path)) { try { mkdir($abs_path); } catch (Exception $e) { $error = true; } } else { $error = true; } if ($error) { Alert::error(__('Directory was not created', 'filesmanager')); } else { Alert::success(__('Directory was created', 'filesmanager')); } } } // Get information about current path $_list = FilesmanagerAdmin::fdir($files_path); $files_list = array(); // Get files if (isset($_list['files'])) { foreach ($_list['files'] as $files) { $files_list[] = $files; } } $dir_list = array(); // Get dirs if (isset($_list['dirs'])) { foreach ($_list['dirs'] as $dirs) { if (strpos($dirs, '.') === false && strpos($dirs, '..') === false) { $dir_list[] = $dirs; } } } // Display view View::factory('box/filesmanager/views/backend/index')->assign('path', $path)->assign('current', $current)->assign('files_list', $files_list)->assign('dir_list', $dir_list)->assign('forbidden_types', $forbidden_types)->assign('image_types', $image_types)->assign('site_url', $site_url)->assign('upload_max_filesize', FilesmanagerAdmin::uploadSize())->assign('files_path', $files_path)->assign('fileuploader', array('uploadUrl' => $site_url . '/admin/index.php?id=filesmanager&path=' . $path, 'csrf' => Security::token(), 'errorMsg' => __('Upload server error', 'filesmanager')))->display(); }
private function _disallow() { Notification::set(self::WARNING, "You cannot access this part"); redirect("/"); return false; }
/** * Backup admin */ public static function main() { $backups_path = ROOT . DS . 'backups'; // Create backup // ------------------------------------- if (Request::post('create_backup')) { if (Security::check(Request::post('csrf'))) { @set_time_limit(0); @ini_set("memory_limit", "512M"); $zip = Zip::factory(); // Add storage folder $zip->readDir(STORAGE . DS, false); // Add public folder $zip->readDir(ROOT . DS . 'public' . DS, false); // Add plugins folder $zip->readDir(PLUGINS . DS, false, null, array(PLUGINS . DS . 'box')); if ($zip->archive($backups_path . DS . Date::format(time(), "Y-m-d-H-i-s") . '.zip')) { Notification::set('success', __('Backup was created', 'backup')); } else { Notification::set('error', __('Backup was not created', 'backup')); } Request::redirect(Option::get('siteurl') . '/admin/index.php?id=backup'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Delete backup // ------------------------------------- if (Request::get('id') == 'backup' && Request::get('delete_file')) { if (Security::check(Request::get('token'))) { if (File::delete($backups_path . DS . Request::get('delete_file'))) { Notification::set('success', __('Backup was deleted', 'backup')); } else { Notification::set('error', __('Backup was not deleted', 'backup')); } Request::redirect(Option::get('siteurl') . '/admin/index.php?id=backup'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Download backup // ------------------------------------- if (Request::get('download')) { if (Security::check(Request::get('token'))) { File::download($backups_path . DS . Request::get('download')); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Restore backup // ------------------------------------- if (Request::get('restore')) { if (Security::check(Request::get('token'))) { $tmp_dir = ROOT . DS . 'tmp' . DS . uniqid('backup_'); if (Dir::create($tmp_dir)) { $file_locations = Zip::factory()->extract($backups_path . DS . Request::get('restore'), $tmp_dir); if (!empty($file_locations)) { Dir::copy($tmp_dir, ROOT . DS); Notification::set('success', __('Backup was restored', 'backup')); } else { Notification::set('error', __('Unzip error', 'backup')); } } else { Notification::set('error', __('Backup was not restored', 'backup')); } Request::redirect(Option::get('siteurl') . '/admin/index.php?id=backup'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Display view View::factory('box/backup/views/backend/index')->assign('backups_list', File::scan($backups_path, '.zip'))->display(); }
/** * main events admin function */ public static function main() { $path = ROOT . DS . 'public' . DS . 'uploads' . DS; // Request: add event if (Request::post('add_event')) { if (Security::check(Request::post('csrf'))) { if (EventsRepository::insert(EventsAdmin::_getEventData())) { Notification::set('success', __('Event was added with success!', 'events')); } else { Notification::set('error', __('Table->insert() returned an error. Event could not be saved.', 'events')); } Request::redirect('index.php?id=events#events/' . EventsRepository::getStatus(EventsRepository::getLastId()) . '-events'); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'events')); die; } } // Request: edit event if (Request::post('edit_event')) { if (Security::check(Request::post('csrf'))) { $id = (int) Request::post('edit_event'); if (EventsRepository::update($id, EventsAdmin::_getEventData())) { Notification::set('success', __('Event was updated with success!', 'events')); } else { Notification::set('error', __('Table->update() returned an error. Event could not be saved.', 'events')); } Request::redirect('index.php?id=events#events/' . EventsRepository::getStatus($id) . '-events'); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'events')); die; } } // Request: restore event if (Request::post('restore_trash_event')) { if (Security::check(Request::post('csrf'))) { $id = (int) Request::post('restore_trash_event'); if (EventsRepository::update($id, array('deleted' => 0))) { Notification::set('success', __('Event has been restored from trash with success!', 'events')); } else { Notification::set('error', __('Table->update() returned an error. Event could not be restored.', 'events')); } Request::redirect('index.php?id=events#trash/trash-events'); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'events')); die; } } // Request: delete event if (Request::post('delete_event')) { if (Security::check(Request::post('csrf'))) { $id = (int) Request::post('delete_event'); if (EventsRepository::update($id, array('deleted' => 1))) { Notification::set('success', __('Event has been moved to trash with success!', 'events')); } else { Notification::set('error', __('Table->update() returned an error. Event could not be deleted.', 'events')); } $record = EventsRepository::getById($id); Request::redirect('index.php?id=events#events/' . EventsRepository::getStatus($id) . '-events'); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'events')); die; } } // Request: delete trash event if (Request::post('delete_trash_event')) { if (Security::check(Request::post('csrf'))) { $id = (int) Request::post('delete_trash_event'); if (EventsRepository::delete($id)) { Notification::set('success', __('Event has been deleted permanently with success!', 'events')); } else { Notification::set('error', __('Table->delete() returned an error. Event could not be deleted.', 'events')); } Request::redirect('index.php?id=events#trash/trash-events'); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'events')); die; } } // Request: update event status ['published','draft'] if (Request::get('eventaction') and Request::get('eventaction') == 'update_status') { if (Security::check(Request::get('token'))) { $id = (int) Request::get('event_id'); if (EventsRepository::update($id, array('status' => Request::get('status')))) { Notification::set('success', __('Event status has been updated with success!', 'events')); } else { Notification::set('error', __('Table->update() returned an error. Event status could not be updated.', 'events')); } Request::redirect('index.php?id=events#events/' . EventsRepository::getStatus($id) . '-events'); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'events')); die; } } // Request: add category if (Request::post('add_category')) { if (Security::check(Request::post('csrf'))) { if (CategoriesRepository::insert(EventsAdmin::_getCategoryData())) { Notification::set('success', __('Category was added with success!', 'events')); } else { Notification::set('error', __('Table->insert() returned an error. Category could not be saved.', 'events')); } Request::redirect('index.php?id=events#categories'); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'events')); die; } } // Request: edit category if (Request::post('edit_category')) { if (Security::check(Request::post('csrf'))) { $id = (int) Request::post('edit_category'); if (CategoriesRepository::update($id, EventsAdmin::_getCategoryData())) { Notification::set('success', __('Category was updated with success!', 'events')); } else { Notification::set('error', __('Table->update() returned an error. Category could not be saved.', 'events')); } Request::redirect('index.php?id=events#categories'); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'events')); die; } } // Request: restore category if (Request::post('restore_trash_category')) { if (Security::check(Request::post('csrf'))) { $id = (int) Request::post('restore_trash_category'); if (CategoriesRepository::update($id, array('deleted' => 0))) { Notification::set('success', __('Category has been restored from trash with success!', 'events')); } else { Notification::set('error', __('Table->update() returned an error. Category could not be restored.', 'events')); } Request::redirect('index.php?id=events#trash/trash-categories'); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'events')); die; } } // Request: delete category if (Request::post('delete_category')) { if (Security::check(Request::post('csrf'))) { $id = (int) Request::post('delete_category'); if (!CategoriesRepository::hasEvents($id)) { if (CategoriesRepository::update($id, array('deleted' => 1))) { Notification::set('success', __('Category has been moved to trash with success!', 'events')); } else { Notification::set('error', __('Table->update() returned an error. Category could not be deleted.', 'events')); } } else { Notification::set('error', __('Deletion failed. This category is assigned to at least one event. Remove this category from every event to delete it.', 'events')); } Request::redirect('index.php?id=events#categories'); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'events')); die; } } // Request: delete trash category if (Request::post('delete_trash_category')) { if (Security::check(Request::post('csrf'))) { $id = (int) Request::post('delete_trash_category'); if (CategoriesRepository::delete($id)) { Notification::set('success', __('Category has been deleted permanently with success!', 'events')); } else { Notification::set('error', __('Table->delete() returned an error. Category could not be deleted.', 'events')); } Request::redirect('index.php?id=events#trash/trash-categories'); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'events')); die; } } // Request: add location if (Request::post('add_location')) { if (Security::check(Request::post('csrf'))) { if (LocationsRepository::insert(EventsAdmin::_getLocationData())) { Notification::set('success', __('Location was added with success!', 'events')); } else { Notification::set('error', __('Table->insert() returned an error. Location could not be saved.', 'events')); } Request::redirect('index.php?id=events#locations'); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'events')); die; } } // Request: edit location if (Request::post('edit_location')) { if (Security::check(Request::post('csrf'))) { $id = (int) Request::post('edit_location'); if (LocationsRepository::update($id, EventsAdmin::_getLocationData())) { Notification::set('success', __('Location was updated with success!', 'events')); } else { Notification::set('error', __('Table->update() returned an error. Location could not be saved.', 'events')); } Request::redirect('index.php?id=events#locations'); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'events')); die; } } // Request: restore location if (Request::post('restore_trash_location')) { if (Security::check(Request::post('csrf'))) { $id = (int) Request::post('restore_trash_location'); if (LocationsRepository::update($id, array('deleted' => 0))) { Notification::set('success', __('Location has been restored from trash with success!', 'events')); } else { Notification::set('error', __('Table->update() returned an error. Location could not be restored.', 'events')); } Request::redirect('index.php?id=events#trash/trash-locations'); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'events')); die; } } // Request: delete location if (Request::post('delete_location')) { if (Security::check(Request::post('csrf'))) { $id = (int) Request::post('delete_location'); if (!LocationsRepository::hasEvents($id)) { if (LocationsRepository::update($id, array('deleted' => 1))) { Notification::set('success', __('Location has been moved to trash with success!', 'events')); } else { Notification::set('error', __('Table->update() returned an error. Location could not be deleted.', 'events')); } } else { Notification::set('error', __('Deletion failed. This location is assigned to at least one event. Remove this location from every event to delete it.', 'events')); } Request::redirect('index.php?id=events#locations'); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'events')); die; } } // Request: delete trash location if (Request::post('delete_trash_location')) { if (Security::check(Request::post('csrf'))) { $id = (int) Request::post('delete_trash_location'); if (LocationsRepository::delete($id)) { Notification::set('success', __('Location has been deleted permanently with success!', 'events')); } else { Notification::set('error', __('Table->delete() returned an error. Location could not be deleted.', 'events')); } Request::redirect('index.php?id=events#trash/trash-locations'); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'events')); die; } } // get upload directories $directory_list = Dir::scan($path); $directories = array(DS => DS); if (!empty($directory_list)) { foreach ($directory_list as $directory_name) { $directories[$directory_name] = DS . $directory_name; } ksort($directories); } // Get files $file_list = File::scan($path . Option::get('events_image_directory')); $files = array('' => ''); if (!empty($file_list)) { foreach ($file_list as $file_name) { $files[$file_name] = $file_name; } ksort($files); } if (Request::get('action')) { switch (Request::get('action')) { // Request: configuration case "configuration": // Request: options if (Request::post('events_options_update') or Request::post('events_options_update_and_exit')) { if (Security::check(Request::post('csrf'))) { Option::update('events_image_directory', (string) Request::post('events_image_directory')); Option::update('events_placeholder_archive', (string) Request::post('events_placeholder_archive')); Notification::set('success', __('Configuration has been saved with success!', 'events')); Request::redirect('index.php?id=events' . (Request::post('events_options_update') ? '&action=configuration' : '')); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'events')); die; } } // Request: action: resize images if (Request::post('events_action_resize_images') or Request::post('events_action_resize_images_and_exit')) { if (Security::check(Request::post('csrf'))) { $n = 0; $size = (int) Request::post('events_action_resize_size'); $image_dir = $path . Option::get('events_image_directory'); $image_dir_res = $path . Option::get('events_image_directory') . DS . 'resized'; $images = File::scan($image_dir); if (!empty($images)) { // create 'resized' directory if not exists if (!Dir::exists($image_dir_res)) { Dir::create($image_dir_res); } foreach ($images as $file_name) { if (File::exists($image_dir_res . DS . $file_name)) { if (Request::post('events_action_resize_overwrite')) { File::delete($image_dir_res . DS . $file_name); } else { continue; } } list($width, $height) = getimagesize($image_dir . DS . $file_name); $image_orientation = $width > $height ? Image::HEIGHT : Image::WIDTH; Image::factory($image_dir . DS . $file_name)->resize($size, $size, $image_orientation)->save($image_dir_res . DS . $file_name); $n++; } Notification::set('success', __($n . ' images have been resized and saved with success!', 'events')); } else { Notification::set('error', __('There are no images to resize in configured image directory.', 'events')); } Request::redirect('index.php?id=events' . (Request::post('events_action_resize_images') ? '&action=configuration' : '')); } else { Notification::set('error', __('Request was denied. Invalid security token. Please refresh the page and try again.', 'events')); die; } } // Display configuration view View::factory('events/views/backend/configuration')->assign('directories', $directories)->display(); break; // Request: statistics // Request: statistics case "stats": // category-events $categories = CategoriesRepository::getAll(); $categories_active = CategoriesRepository::getActive(); $categories_data = array(); foreach ($categories_active as $c) { $categories_data[$c['id']] = array('title' => '"' . $c['title'] . '"', 'color' => '"#' . $c['color'] . '"', 'highlight' => '"' . EventsAdmin::adjustBrightness('#' . $c['color'], 25) . '"', 'count' => $categories[$c['id']]['count']); } // location-events $locations = LocationsRepository::getAll(); $locations_active = LocationsRepository::getActive(); $locations_data = array(); foreach ($locations_active as $l) { $locations_data[$l['id']] = array('title' => '"' . $l['title'] . '"', 'count' => $locations[$l['id']]['count']); } $locations_data = EventsAdmin::_sortArrayByFields($locations_data, array('count' => SORT_DESC, 'title' => array(SORT_ASC, SORT_STRING))); // year-events and year-visitors $years_data = array(); $categories_years_events = array(); foreach (EventsRepository::getYearEvents() as $year => $events) { $years_data[$year] = array('number_events' => count($events), 'number_visitors' => array_sum(array_column($events, 'number_visitors'))); foreach ($events as $event) { $categories_years_events[$event['category']][$year][] = $event; } } $categories_years_data = array(); $categories_years_visitors = array(); foreach ($categories_years_events as $category => $years) { foreach ($years as $year => $events) { foreach ($years_data as $total_year => $total_count) { if ($year == $total_year) { $categories_years_data[$category][$year] = count($events); $categories_years_visitors[$category][$year] = array_sum(array_column($events, 'number_visitors')); } else { if (array_key_exists($total_year, $categories_years_data[$category])) { $categories_years_data[$category][$year] = count($events); $categories_years_visitors[$category][$year] = array_sum(array_column($events, 'number_visitors')); } else { $categories_years_data[$category][$total_year] = 0; $categories_years_visitors[$category][$total_year] = 0; } } } } } // locations $locations_list = array(); $coordinates = array(); $longitudes = array(); $latitudes = array(); // get location data ready to use with OSM JavaScript foreach (LocationsRepository::getActive() as $location) { if ($location['address']) { $locations_list[] = '"' . $location['address'] . '"'; $coordinates[] = $location['lon'] . ',' . $location['lat']; $longitudes[] = $location['lon']; $latitudes[] = $location['lat']; } } // calculate map center $longitudes = EventsAdmin::_removeOutliers($longitudes, 0.5); $latitudes = EventsAdmin::_removeOutliers($latitudes, 0.5); $coordinates_average = array('lon' => array_sum($longitudes) / count($longitudes), 'lat' => array_sum($latitudes) / count($latitudes)); // event visitors and staff $participants = array(); $events = EventsRepository::getVisitorsAndStaff(); foreach ($events as $event) { if (!CategoriesRepository::hiddenInArchive($event['category'])) { $participants[$event['category']][] = array('title' => $event['title'], 'visitors' => (int) $event['number_visitors'], 'staff' => (int) $event['number_staff']); } } // Display statistics view View::factory('events/views/backend/statistics')->assign('categories', $categories)->assign('categories_active', $categories_active)->assign('categories_data', $categories_data)->assign('locations', $locations)->assign('locations_active', $locations_active)->assign('locations_data', $locations_data)->assign('years_data', $years_data)->assign('categories_years_data', $categories_years_data)->assign('categories_years_visitors', $categories_years_visitors)->assign('coordinates', $coordinates)->assign('coordinates_average', $coordinates_average)->assign('participants', $participants)->display(); break; } } else { // Display index view View::factory('events/views/backend/index')->assign('categories', CategoriesRepository::getAll())->assign('categories_active', CategoriesRepository::getActive())->assign('categories_select', CategoriesRepository::getActiveForSelect())->assign('categories_deleted', CategoriesRepository::getDeleted())->assign('locations', LocationsRepository::getAll())->assign('locations_active', LocationsRepository::getActive())->assign('locations_select', LocationsRepository::getActiveForSelect())->assign('locations_deleted', LocationsRepository::getDeleted())->assign('events_active', EventsRepository::getActive())->assign('events_upcoming', EventsRepository::getUpcoming())->assign('events_past', EventsRepository::getPast())->assign('events_draft', EventsRepository::getDraft())->assign('events_deleted', EventsRepository::getDeleted())->assign('imagepath', DS . 'public' . DS . 'uploads' . DS . Option::get('events_image_directory') . DS)->assign('files', $files)->display(); } }
include "../patches.php"; $patch = new Patch(19); if (!$patch->exists()) { $createSql = "CREATE TABLE IF NOT EXISTS `notifications` (\n\t\t\t `id` int(11) unsigned NOT NULL AUTO_INCREMENT,\n\t\t\t `timestamp` datetime NOT NULL,\n\t\t\t `from_user_id` int(11) unsigned NULL,\n\t\t\t `to_user_id` int(11) unsigned NULL,\n\t\t\t `title` varchar(255) NOT NULL,\n\t\t\t `content` text NOT NULL,\n\t\t\t PRIMARY KEY (`id`),\n\t\t\t FOREIGN KEY (`from_user_id`) REFERENCES users(`id`) ON DELETE CASCADE,\n\t\t\t FOREIGN KEY (`to_user_id`) REFERENCES users(`id`) ON DELETE CASCADE\n\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8;"; db()->execute($createSql); $sql = "ALTER TABLE users ADD COLUMN `last_notification` int(11) NOT NULL DEFAULT 0 AFTER `registered_on`"; db()->execute($sql); $content = "Welcome to the new notification center! I'm going to use this to let you know "; $content .= "about awesome new updates that are happening to BotQueue. Eventually, you will "; $content .= "receive updates to comments and messages from other users through this system. "; $content .= "I'm still working on the placement of the notification icon in the full screen "; $content .= "mode, because I want the icon to be to the left of the username."; $content .= "\n\n"; $content .= "If you have any issues, or even suggestions, please let me know in either the "; $content .= "<a href=\"https://groups.google.com/forum/#!forum/botqueue\">google group</a> or at "; $content .= "<a href=\"https://github.com/Hoektronics/BotQueue/issues\">GitHub issues</a>."; $content .= "\n\n"; $content .= "Thank you for using BotQueue!"; $content .= "\n\n"; $content .= " ~ Justin Nesselrotte"; $notification = new Notification(); $notification->set('from_user_id', null); // From the system $notification->set('to_user_id', null); // To everyone $notification->set('timestamp', date("2014-12-24 00:00:00")); $notification->set('title', 'New notification system'); $notification->set('content', $content); $notification->save(); $patch->finish("Added notifications table"); }
public function addFriend($fid) { $uid = $this->data()->id; $request = new Request(); $requestInfo = array('uid' => $uid, 'fid' => $fid); if ($request->delete('friend', $requestInfo)) { $timestamp = date('Y-m-d H:i:s'); $fields = array('uid' => $uid, 'fid' => $fid, 'timestamp' => $timestamp); if (!$this->_db->insert('friends', $fields)) { throw new Exception('There was a problem adding friend'); } $id = $this->_db->get('friends', "uid = '{$uid}' AND fid = '{$fid}'")->first()->id; $fields2 = array('uid' => $fid, 'fid' => $uid, 'timestamp' => $timestamp); if (!$this->_db->insert('friends', $fields2)) { $this->_db->delete('friends', "id = '{$id}'"); throw new Exception('There was a problem adding friend'); } $notification = new Notification(); $notification->set(array('uid' => $uid, 'fid' => $fid, 'type' => 'friend_added', 'timestamp' => $timestamp)); $notification->set(array('uid' => $fid, 'fid' => $uid, 'type' => 'friend_added', 'timestamp' => $timestamp)); return true; } return false; }
/** * Authenticate * * @access protected * @return boolean */ protected function _authenticate() { if (!$this->_validate()) { return false; } $remember = false; $user = $this->input->post("identity"); $pass = $this->input->post("password"); if ($this->ion_auth->login($user, $pass, $remember)) { return true; } //Check if the error returned contained a not_active string if (stristr($this->ion_auth->errors(), "not_active") == false) { Notification::set(Auth::DANGER, "You have entered a wrong username or password."); } else { Notification::set(Auth::DANGER, "Your account has been deactivated. Contact info@kukua.cc"); } return false; }
/** * Get Password Reset */ public static function getPasswordReset() { // Is User Loged in ? if (!Session::get('user_id')) { $errors = array(); $site_url = Option::get('siteurl'); $site_name = Option::get('sitename'); // Reset Password from hash if (Request::get('hash')) { // Get user with specific hash $user = Users::$users->select("[hash='" . Request::get('hash') . "']", null); // If user exists if (count($user) > 0 && $user['hash'] == Request::get('hash')) { // Generate new password $new_password = Text::random('alnum', 6); // Update user profile // Set new hash and new password Users::$users->updateWhere("[login='******'login'] . "']", array('hash' => Text::random('alnum', 12), 'password' => Security::encryptPassword($new_password))); $mail = new PHPMailer(); $mail->CharSet = 'utf-8'; $mail->ContentType = 'text/html'; $mail->SetFrom(Option::get('system_email')); $mail->AddReplyTo(Option::get('system_email')); $mail->AddAddress($user['email'], $user['login']); $mail->Subject = __('Your new password for :site_name', 'users', array(':site_name' => $site_name)); $mail->MsgHTML(View::factory('box/emails/views/emails/email_layout')->assign('site_url', $site_url)->assign('site_name', $site_name)->assign('user_id', $user['id'])->assign('user_login', $user['login'])->assign('new_password', $new_password)->assign('email_template', 'new-password')->render()); $mail->Send(); // Set notification Notification::set('success', __('New password has been sent', 'users')); // Redirect to password-reset page Request::redirect(Site::url() . '/users/login'); } } // Reset Password Form Submit if (Request::post('reset_password_submit')) { $user_login = trim(Request::post('login')); // Check csrf if (Security::check(Request::post('csrf'))) { if (Option::get('captcha_installed') == 'true' && !CryptCaptcha::check(Request::post('answer'))) { $errors['users_captcha_wrong'] = __('Captcha code is wrong', 'users'); } if ($user_login == '') { $errors['users_empty_field'] = __('Required field', 'users'); } if ($user_login != '' && !Users::$users->select("[login='******']")) { $errors['users_user_doesnt_exists'] = __('This user doesnt exist', 'users'); } if (count($errors) == 0) { // Get user $user = Users::$users->select("[login='******']", null); // Generate new hash $new_hash = Text::random('alnum', 12); // Update user hash Users::$users->updateWhere("[login='******']", array('hash' => $new_hash)); $mail = new PHPMailer(); $mail->CharSet = 'utf-8'; $mail->ContentType = 'text/html'; $mail->SetFrom(Option::get('system_email')); $mail->AddReplyTo(Option::get('system_email')); $mail->AddAddress($user['email'], $user['login']); $mail->Subject = __('Your login details for :site_name', 'users', array(':site_name' => $site_name)); $mail->MsgHTML(View::factory('box/emails/views/emails/email_layout')->assign('site_url', $site_url)->assign('site_name', $site_name)->assign('user_id', $user['id'])->assign('user_login', $user['login'])->assign('new_hash', $new_hash)->assign('email_template', 'reset-password')->render()); $mail->Send(); // Set notification Notification::set('success', __('Your login details for :site_name has been sent', 'users', array(':site_name' => $site_name))); // Redirect to password-reset page Request::redirect(Site::url() . '/users/password-reset'); } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } View::factory('box/users/views/frontend/password_reset')->assign('errors', $errors)->assign('user_login', trim(Request::post('login')))->display(); } }