/**
* Update the module configuration
* @author: Albert Pérez Monfort (aperezm@xtec.cat)
* @return: True if success or false in other case
*/
public function updateconfig($args)
{
// Get parameters from whatever input we need.
$showHideFiles = FormUtil::getPassedValue('showHideFiles', isset($args['showHideFiles']) ? $args['showHideFiles'] : 0, 'POST');
$folderPath = FormUtil::getPassedValue('folderPath', isset($args['folderPath']) ? $args['folderPath'] : null, 'POST');
$usersFolder = FormUtil::getPassedValue('usersFolder', isset($args['usersFolder']) ? $args['usersFolder'] : null, 'POST');
$allowedExtensions = FormUtil::getPassedValue('allowedExtensions', isset($args['allowedExtensions']) ? $args['allowedExtensions'] : null, 'POST');
$defaultQuota = FormUtil::getPassedValue('defaultQuota', isset($args['defaultQuota']) ? $args['defaultQuota'] : null, 'POST');
$filesMaxSize = FormUtil::getPassedValue('filesMaxSize', isset($args['filesMaxSize']) ? $args['filesMaxSize'] : null, 'POST');
$maxWidth = FormUtil::getPassedValue('maxWidth', isset($args['maxWidth']) ? $args['maxWidth'] : null, 'POST');
$maxHeight = FormUtil::getPassedValue('maxHeight', isset($args['maxHeight']) ? $args['maxHeight'] : null, 'POST');
$editableExtensions = FormUtil::getPassedValue('editableExtensions', isset($args['editableExtensions']) ? $args['editableExtensions'] : null, 'POST');
// Security check
if (!SecurityUtil::checkPermission('Files::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
// Confirm authorisation code
if (!SecurityUtil::confirmAuthKey()) {
return LogUtil::registerAuthidError(ModUtil::url('Files', 'admin', 'main'));
}
$moduleVars = array('showHideFiles' => $showHideFiles, 'allowedExtensions' => $allowedExtensions, 'defaultQuota' => $defaultQuota, 'filesMaxSize' => $filesMaxSize, 'maxWidth' => $maxWidth, 'maxHeight' => $maxHeight, 'editableExtensions' => $editableExtensions);
if ($GLOBALS['PNConfig']['Multisites']['multi'] != 1) {
if (!file_exists($folderPath)) {
ModUtil::setVars('Files', $moduleVars);
LogUtil::registerError($this->__f('The directory <strong>%s</strong> does not exist', $folderPath));
return System::redirect(ModUtil::url('Files', 'admin', 'main'));
}
$folderPath = substr($folderPath, -1) == '/' ? substr($folderPath, 0, strlen($folderPath) - 1) : $folderPath;
$moduleVars['folderPath'] = $folderPath;
}
if (!file_exists($folderPath . '/' . $usersFolder) || $usersFolder == '' || $usersFolder == null) {
ModUtil::setVars('Files', $moduleVars);
LogUtil::registerError($this->__f('The directory <strong>%s</strong> for users does not exist', $usersFolder));
return System::redirect(ModUtil::url('Files', 'admin', 'main'));
}
$usersFolder = substr($usersFolder, -1) == '/' ? substr($usersFolder, 0, strlen($usersFolder) - 1) : $usersFolder;
$usersFolder = substr($usersFolder, 0, 1) == '/' ? substr($usersFolder, 1, strlen($usersFolder)) : $usersFolder;
$moduleVars['usersFolder'] = $usersFolder;
ModUtil::setVars('Files', $moduleVars);
LogUtil::registerStatus($this->__('The configuration has been updated'));
// This function generated no output, and so now it is complete we redirect
// the user to an appropriate page for them to carry on their work
return System::redirect(ModUtil::url('Files', 'admin', 'main'));
}
function mediashareSourceZipUpdate()
{
if (!SecurityUtil::confirmAuthKey()) {
return LogUtil::registerAuthidError();
}
$mediaIds = FormUtil::getPassedValue('mediaId');
foreach ($mediaIds as $mediaId) {
$mediaId = (int) $mediaId;
$title = FormUtil::getPassedValue("title-{$mediaId}");
$keywords = FormUtil::getPassedValue("keywords-{$mediaId}");
$description = FormUtil::getPassedValue("description-{$mediaId}");
// Check access
if (!mediashareAccessItem($mediaId, mediashareAccessRequirementEditMedia, '')) {
return LogUtil::registerPermissionError();
}
$args = array('mediaId' => $mediaId, 'title' => $title, 'keywords' => $keywords, 'description' => $description);
if (!pnModAPIFunc('mediashare', 'edit', 'updateItem', $args)) {
return false;
}
}
return true;
}
function mediashareUpdateAccess($args)
{
if (!SecurityUtil::confirmAuthKey()) {
return LogUtil::registerAuthidError();
}
$albumId = mediashareGetIntUrl('aid', $args, 1);
if (!($groups = pnModAPIFunc('mediashare', 'edit', 'getAccessGroups'))) {
return false;
}
$access = array();
foreach ($groups as $group) {
$accessView = FormUtil::getPassedValue('accessView' . $group['groupId']) != null;
$accessEditAlbum = FormUtil::getPassedValue('accessEditAlbum' . $group['groupId']) != null;
$accessEditMedia = FormUtil::getPassedValue('accessEditMedia' . $group['groupId']) != null;
$accessAddAlbum = FormUtil::getPassedValue('accessAddAlbum' . $group['groupId']) != null;
$accessAddMedia = FormUtil::getPassedValue('accessAddMedia' . $group['groupId']) != null;
$access[] = array('groupId' => $group['groupId'], 'accessView' => $accessView, 'accessEditAlbum' => $accessEditAlbum, 'accessEditMedia' => $accessEditMedia, 'accessAddAlbum' => $accessAddAlbum, 'accessAddMedia' => $accessAddMedia);
}
if (!pnModAPIFunc('mediashare', 'edit', 'updateAccessSettings', array('albumId' => $albumId, 'access' => $access))) {
return false;
}
return pnRedirect(pnModURL('mediashare', 'edit', 'view', array('aid' => $albumId)));
}
/**
* confirm an authorisation key is valid
*
* See description of <code>pnSecGenAuthKey</code> for information on
* this function
*
* @deprecated
* @see SecurityUtil::confirmAuthKey()
* @return bool true if the key is valid, false if it is not
*/
function pnSecConfirmAuthKey()
{
LogUtil::log(__f('Warning! Function %1$s is deprecated. Please use %2$s instead.', array(__FUNCTION__, 'SecurityUtil::confirmAuthKey()')), E_USER_DEPRECATED);
return SecurityUtil::confirmAuthKey();
}
/**
* This is a standard function to update the configuration parameters of the
* module given the information passed back by the modification form
* @author Mark West
* @see Admin_Messages_admin_modifyconfig()
* @param int $itemsperpage the number messages per page in the admin panel
* @return bool true if successful, false otherwise
*/
function Admin_Messages_admin_updateconfig()
{
// Security check
if (!SecurityUtil::checkPermission('Admin_Messages::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
// Confirm authorisation code.
if (!SecurityUtil::confirmAuthKey()) {
return LogUtil::registerAuthidError(ModUtil::url('Admin_Messages', 'admin', 'view'));
}
// Update module variables.
$itemsperpage = (int) FormUtil::getPassedValue('itemsperpage', 25, 'POST');
if ($itemsperpage < 1) {
$itemsperpage = 25;
}
ModUtil::setVar('Admin_Messages', 'itemsperpage', $itemsperpage);
$allowsearchinactive = (bool) FormUtil::getPassedValue('allowsearchinactive', false, 'POST');
ModUtil::setVar('Admin_Messages', 'allowsearchinactive', $allowsearchinactive);
// Let any other modules know that the modules configuration has been updated
ModUtil::callHooks('module', 'updateconfig', 'Admin_Messages', array('module' => 'Admin_Messages'));
// the module configuration has been updated successfuly
LogUtil::registerStatus(__('Done! Saved module configuration.'));
// This function generated no output, and so now it is complete we redirect
// the user to an appropriate page for them to carry on their work
return System::redirect(ModUtil::url('Admin_Messages', 'admin', 'view'));
}
/**
* Avatar_user_upload()
*
* This is the upload function.
* It takes the uploaded file, performs the relevant checks to see if
* the file meets the upload policy, and sets the uploaded file as the
* new avatar of the user.
*/
public function upload($args)
{
// permission check
if (!SecurityUtil::checkPermission('Avatar::', '::', ACCESS_COMMENT)) {
return LogUtil::registerPermissionError();
}
if (!SecurityUtil::confirmAuthKey()) {
return LogUtil::registerAuthidError();
}
// get the file
$uploadfile = $_FILES['filelocale'];
if (!is_uploaded_file($_FILES['filelocale']['tmp_name'])) {
return LogUtil::registerError($this->__('Error! No file selected.'));
}
$tmp_file = tempnam(System::getVar('temp'), 'Avatar');
move_uploaded_file($_FILES['filelocale']['tmp_name'], $tmp_file);
$modvars = ModUtil::getVar('Avatar');
$avatarpath = ModUtil::getVar('Users', 'avatarpath');
// check for file size limit
if (!$modvars['allow_resize'] && filesize($tmp_file) > $modvars['maxsize']) {
unlink($tmp_file);
return LogUtil::registerError($this->__f('Error! Filesize error, max %s bytes are allowed.', $modvars['maxsize']));
}
// Get image information
$imageinfo = getimagesize($tmp_file);
// file is not an image
if (!$imageinfo) {
unlink($tmp_file);
return LogUtil::registerError($this->__('Error! The file is not an image.'));
}
$extension = image_type_to_extension($imageinfo[2], false);
// check for image type
if (!in_array($extension, explode(';', $modvars['allowed_extensions']))) {
unlink($tmp_file);
return LogUtil::registerError($this->__f('Error! UnSecurityUtil::checkPermission* file extension. Allowed extensions: %s.', $modvars['allowed_extensions']));
}
// check for image dimensions limit
if ($imageinfo[0] > $modvars['maxwidth'] || $imageinfo[1] > $modvars['maxheight']) {
if (!$modvars['allow_resize']) {
unlink($tmp_file);
return LogUtil::registerError($this->__f('Error! Image height (max. %1$s px) or width (max. %2$s px) error.', array($modvars['maxheight'], $modvars['maxwidth'])));
} else {
// resize the image
// get the new dimensions
$width = $imageinfo[0];
$height = $imageinfo[1];
if ($width > $modvars['maxwidth']) {
$height = $modvars['maxwidth'] / $width * $height;
$width = $modvars['maxwidth'];
}
if ($height > $modvars['maxheight']) {
$width = $modvars['maxheight'] / $height * $width;
$height = $modvars['maxheight'];
}
// get the correct functions based on the image type
switch ($imageinfo[2]) {
case 1:
$createfunc = 'imagecreatefromgif';
$savefunc = 'imagegif';
break;
case 2:
$createfunc = 'ImageCreateFromJpeg';
$savefunc = 'imagejpeg';
break;
case 3:
$createfunc = 'imagecreatefrompng';
$savefunc = 'imagepng';
break;
case 4:
$createfunc = 'imagecreatefromwbmp';
$savefunc = 'imagewbmp';
break;
}
$srcImage = $createfunc($tmp_file);
$destImage = imagecreatetruecolor($width, $height);
imagecopyresampled($destImage, $srcImage, 0, 0, 0, 0, $width, $height, $imageinfo[0], $imageinfo[1]);
$savefunc($destImage, $tmp_file);
// free the memory
imagedestroy($srcImage);
imagedestroy($destImage);
}
}
// everything's OK, so move'em
$uid = UserUtil::getVar('uid');
$avatarfilenamewithoutextension = 'pers_' . $uid;
$avatarfilename = $avatarfilenamewithoutextension . '.' . $extension;
$user_avatar = DataUtil::formatForOS($avatarpath . '/' . $avatarfilename);
$pnphpbb_avatar = DataUtil::formatForOS($modvars['forumdir'] . '/' . $avatarfilename);
// delete old user avatar with this extension
// this allows the users to have a avatar available for each extension that is allowed
if ($modvars['allow_multiple'] == false) {
// users are not allowed to store more than one avatar
foreach (explode(';', $modvars['allowed_extensions']) as $ext) {
unlink($file = DataUtil::formatForOS($avatarpath . '/' . $avatarfilenamewithoutextension . '.' . $ext));
}
} else {
if (file_exists($user_avatar) && is_writable($user_avatar)) {
unlink($user_avatar);
}
}
if (!@copy($tmp_file, $user_avatar)) {
unlink($tmp_file);
return LogUtil::registerError($this->__('Error! Fail to copy the file in avatar\'s directory.'));
} else {
chmod($user_avatar, 0644);
}
if (ModUtil::available('pnPHPbb') && avatarpath != '') {
unlink($pnphpbb_avatar);
if (!@copy($tmp_file, $pnphpbb_avatar)) {
unlink($tmp_file);
return LogUtil::registerError($this->__('Error! Fail to copy the file in phpbb\'s directory.'));
} else {
chmod($pnphpbb_avatar, 0644);
}
}
unlink($tmp_file);
if (!ModUtil::apiFunc('Avatar', 'user', 'setavatar', array('uid' => $uid, 'avatar' => $avatarfilename))) {
return LogUtil::registerError($this->__('Error while selecting the avatar.'));
}
return System::redirect(ModUtil::url('Avatar', 'user', 'main'));
}
/**
* Move a list file
* @author: Albert Pérez Monfort & Robert Barrera
* @param: args Array with the list of files and the folder where it generates
* @return: True if success and false if not
*/
public function moveListFile($args)
{
$listFileName = FormUtil::getPassedValue('listFileName', isset($args['listFileName']) ? $args['listFileName'] : null, 'REQUEST');
$folder = FormUtil::getPassedValue('folder', isset($args['folder']) ? $args['folder'] : null, 'REQUEST');
$folder = str_replace("|", "/", $folder);
$confirm = FormUtil::getPassedValue('confirm', isset($args['confirm']) ? $args['confirm'] : null, 'POST');
$external = FormUtil::getPassedValue('external', isset($args['external']) ? $args['external'] : null, 'POST');
$hook = FormUtil::getPassedValue('hook', isset($args['hook']) ? $args['hook'] : null, 'POST');
// security check
if (!SecurityUtil::checkPermission('Files::', "::", ACCESS_ADD)) {
return LogUtil::registerError($this->__('Error! You are not authorized to access this module.'), 403);
}
$initFolderPath = ModUtil::func('Files', 'user', 'getInitFolderPath');
// protection. User can not navigate out their root folder
if ($folder == ".." || $folder == "." || strpos($folder, "..") !== false) {
$errorMsg = $this->__('Invalid folder') . ': ' . $folder;
$this->view->assign('errorMsg', $errorMsg);
return $this->view->fetch('Files_user_errorMsg.tpl');
}
if (!$confirm) {
$url = $initFolderPath;
$directoris = ModUtil::func('Files', 'user', 'getListDirRecursive', array('dir' => $url));
foreach ($directoris as $dir) {
foreach ($listFileName as $file) {
$file = $folder != "" ? $folder . "/" . $file : $file;
if (is_dir($url . "/" . $file) && strpos($dir, $file) === 0) {
$array_dir[] = $dir;
$directoris = array_diff($directoris, $array_dir);
}
}
}
// create output object
$this->view->assign('listFileName', DataUtil::formatForDisplay($listFileName));
$this->view->assign('directoris', DataUtil::formatForDisplay($directoris));
$this->view->assign('folder', DataUtil::formatForDisplay($folder));
$this->view->assign('hook', $hook);
if ($external == 1) {
$this->view->assign('external', 1);
$content = $this->view->fetch('Files_user_moveListFile.tpl');
echo $content;
exit;
} else {
$this->view->assign('external', 0);
return $this->view->fetch('Files_user_moveListFile.tpl');
}
}
$returnType = $external == 1 ? 'external' : 'user';
$returnFunc = $external == 1 ? 'getFiles' : 'main';
// confirm authorisation code
if (!SecurityUtil::confirmAuthKey()) {
return LogUtil::registerAuthidError(ModUtil::url('Files', $returnType, $returnFunc, array('folder' => $folder, 'hook' => $hook)));
}
$url_old = $folder != "" ? $initFolderPath . "/" . $folder . "/" : $initFolderPath . "/";
$url_new = $confirm != "root_inital_value" ? $initFolderPath . '/' . $confirm . '/' : $initFolderPath . '/';
// move action
foreach ($listFileName as $file) {
if (!rename($url_old . $file, $url_new . $file)) {
LogUtil::registerError($this->__('Error moving') . ': ' . $file);
$folder = str_replace("/", "|", $folder);
return System::redirect(ModUtil::url('Files', $returnType, $returnFunc, array('folder' => $folder, 'hook' => $hook)));
}
//check if the file is an image and move its thumbnail
if (FileUtil::getExtension($file) == ('jpg' || 'gif' || 'png') && file_exists($url_old . '.tbn/' . $file)) {
if (!file_exists($url_new . '.tbn')) {
mkdir($url_new . '.tbn');
}
if (!rename($url_old . '.tbn/' . $file, $url_new . '.tbn/' . $file)) {
LogUtil::registerError($this->__('Error moving') . ': ' . $file);
$folder = str_replace("/", "|", $folder);
return System::redirect(ModUtil::url('Files', $returnType, $returnFunc, array('folder' => $folder, 'hook' => $hook)));
}
}
}
// protect the folders with the .htaccess and .locked files
ModUtil::func('Files', 'user', 'createProtectFiles', array('folder' => str_replace($initFolderPath . '/', '', $url_new)));
LogUtil::registerStatus($this->__('Successfully moved'));
$folder = str_replace("/", "|", $folder);
return System::redirect(ModUtil::url('Files', $returnType, $returnFunc, array('folder' => $folder, 'hook' => $hook)));
}