예제 #1
0
 /**
  * Update the module configuration
  * @author:     Albert Pérez Monfort (aperezm@xtec.cat)
  * @return:	True if success or false in other case
  */
 public function updateconfig($args)
 {
     // Get parameters from whatever input we need.
     $showHideFiles = FormUtil::getPassedValue('showHideFiles', isset($args['showHideFiles']) ? $args['showHideFiles'] : 0, 'POST');
     $folderPath = FormUtil::getPassedValue('folderPath', isset($args['folderPath']) ? $args['folderPath'] : null, 'POST');
     $usersFolder = FormUtil::getPassedValue('usersFolder', isset($args['usersFolder']) ? $args['usersFolder'] : null, 'POST');
     $allowedExtensions = FormUtil::getPassedValue('allowedExtensions', isset($args['allowedExtensions']) ? $args['allowedExtensions'] : null, 'POST');
     $defaultQuota = FormUtil::getPassedValue('defaultQuota', isset($args['defaultQuota']) ? $args['defaultQuota'] : null, 'POST');
     $filesMaxSize = FormUtil::getPassedValue('filesMaxSize', isset($args['filesMaxSize']) ? $args['filesMaxSize'] : null, 'POST');
     $maxWidth = FormUtil::getPassedValue('maxWidth', isset($args['maxWidth']) ? $args['maxWidth'] : null, 'POST');
     $maxHeight = FormUtil::getPassedValue('maxHeight', isset($args['maxHeight']) ? $args['maxHeight'] : null, 'POST');
     $editableExtensions = FormUtil::getPassedValue('editableExtensions', isset($args['editableExtensions']) ? $args['editableExtensions'] : null, 'POST');
     // Security check
     if (!SecurityUtil::checkPermission('Files::', '::', ACCESS_ADMIN)) {
         return LogUtil::registerPermissionError();
     }
     // Confirm authorisation code
     if (!SecurityUtil::confirmAuthKey()) {
         return LogUtil::registerAuthidError(ModUtil::url('Files', 'admin', 'main'));
     }
     $moduleVars = array('showHideFiles' => $showHideFiles, 'allowedExtensions' => $allowedExtensions, 'defaultQuota' => $defaultQuota, 'filesMaxSize' => $filesMaxSize, 'maxWidth' => $maxWidth, 'maxHeight' => $maxHeight, 'editableExtensions' => $editableExtensions);
     if ($GLOBALS['PNConfig']['Multisites']['multi'] != 1) {
         if (!file_exists($folderPath)) {
             ModUtil::setVars('Files', $moduleVars);
             LogUtil::registerError($this->__f('The directory <strong>%s</strong> does not exist', $folderPath));
             return System::redirect(ModUtil::url('Files', 'admin', 'main'));
         }
         $folderPath = substr($folderPath, -1) == '/' ? substr($folderPath, 0, strlen($folderPath) - 1) : $folderPath;
         $moduleVars['folderPath'] = $folderPath;
     }
     if (!file_exists($folderPath . '/' . $usersFolder) || $usersFolder == '' || $usersFolder == null) {
         ModUtil::setVars('Files', $moduleVars);
         LogUtil::registerError($this->__f('The directory <strong>%s</strong> for users does not exist', $usersFolder));
         return System::redirect(ModUtil::url('Files', 'admin', 'main'));
     }
     $usersFolder = substr($usersFolder, -1) == '/' ? substr($usersFolder, 0, strlen($usersFolder) - 1) : $usersFolder;
     $usersFolder = substr($usersFolder, 0, 1) == '/' ? substr($usersFolder, 1, strlen($usersFolder)) : $usersFolder;
     $moduleVars['usersFolder'] = $usersFolder;
     ModUtil::setVars('Files', $moduleVars);
     LogUtil::registerStatus($this->__('The configuration has been updated'));
     // This function generated no output, and so now it is complete we redirect
     // the user to an appropriate page for them to carry on their work
     return System::redirect(ModUtil::url('Files', 'admin', 'main'));
 }
예제 #2
0
function mediashareSourceZipUpdate()
{
    if (!SecurityUtil::confirmAuthKey()) {
        return LogUtil::registerAuthidError();
    }
    $mediaIds = FormUtil::getPassedValue('mediaId');
    foreach ($mediaIds as $mediaId) {
        $mediaId = (int) $mediaId;
        $title = FormUtil::getPassedValue("title-{$mediaId}");
        $keywords = FormUtil::getPassedValue("keywords-{$mediaId}");
        $description = FormUtil::getPassedValue("description-{$mediaId}");
        // Check access
        if (!mediashareAccessItem($mediaId, mediashareAccessRequirementEditMedia, '')) {
            return LogUtil::registerPermissionError();
        }
        $args = array('mediaId' => $mediaId, 'title' => $title, 'keywords' => $keywords, 'description' => $description);
        if (!pnModAPIFunc('mediashare', 'edit', 'updateItem', $args)) {
            return false;
        }
    }
    return true;
}
예제 #3
0
파일: pnedit.php 프로젝트: ro0f/Mediashare
function mediashareUpdateAccess($args)
{
    if (!SecurityUtil::confirmAuthKey()) {
        return LogUtil::registerAuthidError();
    }
    $albumId = mediashareGetIntUrl('aid', $args, 1);
    if (!($groups = pnModAPIFunc('mediashare', 'edit', 'getAccessGroups'))) {
        return false;
    }
    $access = array();
    foreach ($groups as $group) {
        $accessView = FormUtil::getPassedValue('accessView' . $group['groupId']) != null;
        $accessEditAlbum = FormUtil::getPassedValue('accessEditAlbum' . $group['groupId']) != null;
        $accessEditMedia = FormUtil::getPassedValue('accessEditMedia' . $group['groupId']) != null;
        $accessAddAlbum = FormUtil::getPassedValue('accessAddAlbum' . $group['groupId']) != null;
        $accessAddMedia = FormUtil::getPassedValue('accessAddMedia' . $group['groupId']) != null;
        $access[] = array('groupId' => $group['groupId'], 'accessView' => $accessView, 'accessEditAlbum' => $accessEditAlbum, 'accessEditMedia' => $accessEditMedia, 'accessAddAlbum' => $accessAddAlbum, 'accessAddMedia' => $accessAddMedia);
    }
    if (!pnModAPIFunc('mediashare', 'edit', 'updateAccessSettings', array('albumId' => $albumId, 'access' => $access))) {
        return false;
    }
    return pnRedirect(pnModURL('mediashare', 'edit', 'view', array('aid' => $albumId)));
}
예제 #4
0
/**
 * confirm an authorisation key is valid
 *
 * See description of <code>pnSecGenAuthKey</code> for information on
 * this function
 *
 * @deprecated
 * @see SecurityUtil::confirmAuthKey()
 * @return bool true if the key is valid, false if it is not
 */
function pnSecConfirmAuthKey()
{
    LogUtil::log(__f('Warning! Function %1$s is deprecated. Please use %2$s instead.', array(__FUNCTION__, 'SecurityUtil::confirmAuthKey()')), E_USER_DEPRECATED);

    return SecurityUtil::confirmAuthKey();
}
예제 #5
0
/**
 * This is a standard function to update the configuration parameters of the
 * module given the information passed back by the modification form
 * @author Mark West
 * @see Admin_Messages_admin_modifyconfig()
 * @param int $itemsperpage the number messages per page in the admin panel
 * @return bool true if successful, false otherwise
 */
function Admin_Messages_admin_updateconfig()
{
    // Security check
    if (!SecurityUtil::checkPermission('Admin_Messages::', '::', ACCESS_ADMIN)) {
        return LogUtil::registerPermissionError();
    }
    // Confirm authorisation code.
    if (!SecurityUtil::confirmAuthKey()) {
        return LogUtil::registerAuthidError(ModUtil::url('Admin_Messages', 'admin', 'view'));
    }
    // Update module variables.
    $itemsperpage = (int) FormUtil::getPassedValue('itemsperpage', 25, 'POST');
    if ($itemsperpage < 1) {
        $itemsperpage = 25;
    }
    ModUtil::setVar('Admin_Messages', 'itemsperpage', $itemsperpage);
    $allowsearchinactive = (bool) FormUtil::getPassedValue('allowsearchinactive', false, 'POST');
    ModUtil::setVar('Admin_Messages', 'allowsearchinactive', $allowsearchinactive);
    // Let any other modules know that the modules configuration has been updated
    ModUtil::callHooks('module', 'updateconfig', 'Admin_Messages', array('module' => 'Admin_Messages'));
    // the module configuration has been updated successfuly
    LogUtil::registerStatus(__('Done! Saved module configuration.'));
    // This function generated no output, and so now it is complete we redirect
    // the user to an appropriate page for them to carry on their work
    return System::redirect(ModUtil::url('Admin_Messages', 'admin', 'view'));
}
예제 #6
0
파일: User.php 프로젝트: robbrandt/Avatar
 /**
  * Avatar_user_upload()
  *
  * This is the upload function.
  * It takes the uploaded file, performs the relevant checks to see if
  * the file meets the upload policy, and sets the uploaded file as the
  * new avatar of the user.
  */
 public function upload($args)
 {
     // permission check
     if (!SecurityUtil::checkPermission('Avatar::', '::', ACCESS_COMMENT)) {
         return LogUtil::registerPermissionError();
     }
     if (!SecurityUtil::confirmAuthKey()) {
         return LogUtil::registerAuthidError();
     }
     // get the file
     $uploadfile = $_FILES['filelocale'];
     if (!is_uploaded_file($_FILES['filelocale']['tmp_name'])) {
         return LogUtil::registerError($this->__('Error! No file selected.'));
     }
     $tmp_file = tempnam(System::getVar('temp'), 'Avatar');
     move_uploaded_file($_FILES['filelocale']['tmp_name'], $tmp_file);
     $modvars = ModUtil::getVar('Avatar');
     $avatarpath = ModUtil::getVar('Users', 'avatarpath');
     // check for file size limit
     if (!$modvars['allow_resize'] && filesize($tmp_file) > $modvars['maxsize']) {
         unlink($tmp_file);
         return LogUtil::registerError($this->__f('Error! Filesize error, max %s bytes are allowed.', $modvars['maxsize']));
     }
     // Get image information
     $imageinfo = getimagesize($tmp_file);
     // file is not an image
     if (!$imageinfo) {
         unlink($tmp_file);
         return LogUtil::registerError($this->__('Error! The file is not an image.'));
     }
     $extension = image_type_to_extension($imageinfo[2], false);
     // check for image type
     if (!in_array($extension, explode(';', $modvars['allowed_extensions']))) {
         unlink($tmp_file);
         return LogUtil::registerError($this->__f('Error! UnSecurityUtil::checkPermission* file extension. Allowed extensions: %s.', $modvars['allowed_extensions']));
     }
     // check for image dimensions limit
     if ($imageinfo[0] > $modvars['maxwidth'] || $imageinfo[1] > $modvars['maxheight']) {
         if (!$modvars['allow_resize']) {
             unlink($tmp_file);
             return LogUtil::registerError($this->__f('Error! Image height (max. %1$s px) or width (max. %2$s px) error.', array($modvars['maxheight'], $modvars['maxwidth'])));
         } else {
             // resize the image
             // get the new dimensions
             $width = $imageinfo[0];
             $height = $imageinfo[1];
             if ($width > $modvars['maxwidth']) {
                 $height = $modvars['maxwidth'] / $width * $height;
                 $width = $modvars['maxwidth'];
             }
             if ($height > $modvars['maxheight']) {
                 $width = $modvars['maxheight'] / $height * $width;
                 $height = $modvars['maxheight'];
             }
             // get the correct functions based on the image type
             switch ($imageinfo[2]) {
                 case 1:
                     $createfunc = 'imagecreatefromgif';
                     $savefunc = 'imagegif';
                     break;
                 case 2:
                     $createfunc = 'ImageCreateFromJpeg';
                     $savefunc = 'imagejpeg';
                     break;
                 case 3:
                     $createfunc = 'imagecreatefrompng';
                     $savefunc = 'imagepng';
                     break;
                 case 4:
                     $createfunc = 'imagecreatefromwbmp';
                     $savefunc = 'imagewbmp';
                     break;
             }
             $srcImage = $createfunc($tmp_file);
             $destImage = imagecreatetruecolor($width, $height);
             imagecopyresampled($destImage, $srcImage, 0, 0, 0, 0, $width, $height, $imageinfo[0], $imageinfo[1]);
             $savefunc($destImage, $tmp_file);
             // free the memory
             imagedestroy($srcImage);
             imagedestroy($destImage);
         }
     }
     // everything's OK, so move'em
     $uid = UserUtil::getVar('uid');
     $avatarfilenamewithoutextension = 'pers_' . $uid;
     $avatarfilename = $avatarfilenamewithoutextension . '.' . $extension;
     $user_avatar = DataUtil::formatForOS($avatarpath . '/' . $avatarfilename);
     $pnphpbb_avatar = DataUtil::formatForOS($modvars['forumdir'] . '/' . $avatarfilename);
     // delete old user avatar with this extension
     // this allows the users to have a avatar available for each extension that is allowed
     if ($modvars['allow_multiple'] == false) {
         // users are not allowed to store more than one avatar
         foreach (explode(';', $modvars['allowed_extensions']) as $ext) {
             unlink($file = DataUtil::formatForOS($avatarpath . '/' . $avatarfilenamewithoutextension . '.' . $ext));
         }
     } else {
         if (file_exists($user_avatar) && is_writable($user_avatar)) {
             unlink($user_avatar);
         }
     }
     if (!@copy($tmp_file, $user_avatar)) {
         unlink($tmp_file);
         return LogUtil::registerError($this->__('Error! Fail to copy the file in avatar\'s directory.'));
     } else {
         chmod($user_avatar, 0644);
     }
     if (ModUtil::available('pnPHPbb') && avatarpath != '') {
         unlink($pnphpbb_avatar);
         if (!@copy($tmp_file, $pnphpbb_avatar)) {
             unlink($tmp_file);
             return LogUtil::registerError($this->__('Error! Fail to copy the file in phpbb\'s directory.'));
         } else {
             chmod($pnphpbb_avatar, 0644);
         }
     }
     unlink($tmp_file);
     if (!ModUtil::apiFunc('Avatar', 'user', 'setavatar', array('uid' => $uid, 'avatar' => $avatarfilename))) {
         return LogUtil::registerError($this->__('Error while selecting the avatar.'));
     }
     return System::redirect(ModUtil::url('Avatar', 'user', 'main'));
 }
예제 #7
0
 /**
  * Move a list file
  * @author:	Albert Pérez Monfort & Robert Barrera
  * @param:	args 	Array with the list of files and the folder where it generates
  * @return:	True if success and false if not
  */
 public function moveListFile($args)
 {
     $listFileName = FormUtil::getPassedValue('listFileName', isset($args['listFileName']) ? $args['listFileName'] : null, 'REQUEST');
     $folder = FormUtil::getPassedValue('folder', isset($args['folder']) ? $args['folder'] : null, 'REQUEST');
     $folder = str_replace("|", "/", $folder);
     $confirm = FormUtil::getPassedValue('confirm', isset($args['confirm']) ? $args['confirm'] : null, 'POST');
     $external = FormUtil::getPassedValue('external', isset($args['external']) ? $args['external'] : null, 'POST');
     $hook = FormUtil::getPassedValue('hook', isset($args['hook']) ? $args['hook'] : null, 'POST');
     // security check
     if (!SecurityUtil::checkPermission('Files::', "::", ACCESS_ADD)) {
         return LogUtil::registerError($this->__('Error! You are not authorized to access this module.'), 403);
     }
     $initFolderPath = ModUtil::func('Files', 'user', 'getInitFolderPath');
     // protection. User can not navigate out their root folder
     if ($folder == ".." || $folder == "." || strpos($folder, "..") !== false) {
         $errorMsg = $this->__('Invalid folder') . ': ' . $folder;
         $this->view->assign('errorMsg', $errorMsg);
         return $this->view->fetch('Files_user_errorMsg.tpl');
     }
     if (!$confirm) {
         $url = $initFolderPath;
         $directoris = ModUtil::func('Files', 'user', 'getListDirRecursive', array('dir' => $url));
         foreach ($directoris as $dir) {
             foreach ($listFileName as $file) {
                 $file = $folder != "" ? $folder . "/" . $file : $file;
                 if (is_dir($url . "/" . $file) && strpos($dir, $file) === 0) {
                     $array_dir[] = $dir;
                     $directoris = array_diff($directoris, $array_dir);
                 }
             }
         }
         // create output object
         $this->view->assign('listFileName', DataUtil::formatForDisplay($listFileName));
         $this->view->assign('directoris', DataUtil::formatForDisplay($directoris));
         $this->view->assign('folder', DataUtil::formatForDisplay($folder));
         $this->view->assign('hook', $hook);
         if ($external == 1) {
             $this->view->assign('external', 1);
             $content = $this->view->fetch('Files_user_moveListFile.tpl');
             echo $content;
             exit;
         } else {
             $this->view->assign('external', 0);
             return $this->view->fetch('Files_user_moveListFile.tpl');
         }
     }
     $returnType = $external == 1 ? 'external' : 'user';
     $returnFunc = $external == 1 ? 'getFiles' : 'main';
     // confirm authorisation code
     if (!SecurityUtil::confirmAuthKey()) {
         return LogUtil::registerAuthidError(ModUtil::url('Files', $returnType, $returnFunc, array('folder' => $folder, 'hook' => $hook)));
     }
     $url_old = $folder != "" ? $initFolderPath . "/" . $folder . "/" : $initFolderPath . "/";
     $url_new = $confirm != "root_inital_value" ? $initFolderPath . '/' . $confirm . '/' : $initFolderPath . '/';
     // move action
     foreach ($listFileName as $file) {
         if (!rename($url_old . $file, $url_new . $file)) {
             LogUtil::registerError($this->__('Error moving') . ': ' . $file);
             $folder = str_replace("/", "|", $folder);
             return System::redirect(ModUtil::url('Files', $returnType, $returnFunc, array('folder' => $folder, 'hook' => $hook)));
         }
         //check if the file is an image and move its thumbnail
         if (FileUtil::getExtension($file) == ('jpg' || 'gif' || 'png') && file_exists($url_old . '.tbn/' . $file)) {
             if (!file_exists($url_new . '.tbn')) {
                 mkdir($url_new . '.tbn');
             }
             if (!rename($url_old . '.tbn/' . $file, $url_new . '.tbn/' . $file)) {
                 LogUtil::registerError($this->__('Error moving') . ': ' . $file);
                 $folder = str_replace("/", "|", $folder);
                 return System::redirect(ModUtil::url('Files', $returnType, $returnFunc, array('folder' => $folder, 'hook' => $hook)));
             }
         }
     }
     // protect the folders with the .htaccess and .locked files
     ModUtil::func('Files', 'user', 'createProtectFiles', array('folder' => str_replace($initFolderPath . '/', '', $url_new)));
     LogUtil::registerStatus($this->__('Successfully moved'));
     $folder = str_replace("/", "|", $folder);
     return System::redirect(ModUtil::url('Files', $returnType, $returnFunc, array('folder' => $folder, 'hook' => $hook)));
 }