/**
* Constructor.
*
* @param mixed $message Response status/error message, may be string or array.
* @param mixed $payload Payload.
*/
public function __construct($message, $payload = null)
{
$this->messages = (array) $message;
$this->payload = $payload;
if ($this->newCsrfToken) {
$this->authid = SecurityUtil::generateAuthKey(ModUtil::getName());
$this->csrfToken = SecurityUtil::generateCsrfToken();
}
}
/**
* Constructor.
*
* @param mixed $message Response status/error message, may be string or array.
* @param mixed $payload Payload.
*/
public function __construct($message, $payload = null)
{
$this->messages = (array) $message;
$this->payload = $payload;
if ($this->newCsrfToken) {
$this->csrfToken = \SecurityUtil::generateCsrfToken();
}
parent::__construct('', $this->statusCode);
}
/**
* Constructor.
*
* @param mixed $payload Application data.
* @param mixed $message Response status/error message, may be string or array.
* @param array $options Options.
*/
public function __construct($payload, $message = null, array $options = array())
{
$this->payload = $payload;
$this->messages = (array) $message;
$this->options = $options;
if ($this->newCsrfToken) {
if (System::isLegacyMode()) {
$this->authid = SecurityUtil::generateAuthKey(ModUtil::getName());
}
$this->csrfToken = SecurityUtil::generateCsrfToken();
}
}
/**
* Constructor.
*
* @param mixed $payload Application data.
* @param mixed $message Response status/error message, may be string or array.
* @param array $options Options.
*/
public function __construct($payload, $message = null, array $options = array())
{
$this->payload = $payload;
$this->messages = (array) $message;
$this->options = $options;
if ($this->newCsrfToken) {
$this->csrfToken = \SecurityUtil::generateCsrfToken();
}
if (\System::isLegacyMode()) {
$this->authid = \SecurityUtil::generateAuthKey(\ModUtil::getName());
}
parent::__construct('', $this->statusCode);
}
/**
* Show the manage module site
* @author: Sara Arjona Téllez (sarjona@xtec.cat)
* @return The configuration information
*/
public function main() {
// Security check
if (!SecurityUtil::checkPermission('IWqv::', "::", ACCESS_ADMIN)) {
throw new Zikula_Exception_Forbidden();
}
// Get module vars
$skins = ModUtil::getVar('IWqv', 'skins');
$langs = ModUtil::getVar('IWqv', 'langs');
$maxdelivers = ModUtil::getVar('IWqv', 'maxdelivers');
$basedisturl = ModUtil::getVar('IWqv', 'basedisturl');
return $this->view->assign('security', SecurityUtil::generateCsrfToken())
->assign('skins', $skins)
->assign('langs', $langs)
->assign('maxdelivers', $maxdelivers)
->assign('basedisturl', $basedisturl)
->fetch('IWqv_admin_conf.htm');
}
/**
* Zikula_View function to display the login box
*
* Example
* {userlogin size=14 maxlength=25 maxlengthpass=20}
*
* Parameters:
* size Size of text boxes (default=14)
* maxlength Maximum length of text box for unamees (default=25)
* maxlengthpass Maximum length of text box for password (default=20)
* class Name of class assigned to the login form
* value The default value of the username input box
* js Use javascript to automatically clear the default value (defaults to true)
*
* @param array $params All attributes passed to this function from the template.
* @param Zikula_View $view Reference to the Zikula_View object.
*
* @see function.userlogin.php::smarty_function_userlogin()
*
* @return string The welcome message.
*/
function smarty_function_userlogin($params, Zikula_View $view)
{
$assign = isset($params['assign']) ? $params['assign'] : false;
if (!UserUtil::isLoggedIn()) {
// set some defaults
$size = isset($params['size']) ? $params['size'] : 14;
$maxlength = isset($params['maxlength']) ? $params['maxlength'] : 25;
$maxlengthpass = isset($params['maxlenthpass']) ? $params['maxlenthpass'] : 20;
$class = isset($params['class']) ? ' class="' . $params['class'] . '"' : '';
if (ModUtil::getVar(Users_Constant::MODNAME, Users_Constant::MODVAR_LOGIN_METHOD, Users_Constant::LOGIN_METHOD_UNAME) == Users_Constant::LOGIN_METHOD_EMAIL) {
$value = isset($params['value']) ? DataUtil::formatForDisplay($params['value']) : __('E-mail address');
$userNameLabel = __('E-mail address');
$methodName = 'email';
} else {
$value = isset($params['value']) ? DataUtil::formatForDisplay($params['value']) : __('User name');
$userNameLabel = __('User name');
$methodName = 'uname';
}
if (!isset($params['js']) || $params['js']) {
$js = ' onblur="if (this.value==\'\')this.value=\'' . $value . '\';" onfocus="if (this.value==\'' . $value . '\')this.value=\'\';"';
} else {
$js = '';
}
// determine the current url so we can return the user to the correct place after login
$returnurl = System::getCurrentUri();
$csrftoken = SecurityUtil::generateCsrfToken();
$loginbox = '<form' . $class . ' style="display:inline" action="' . DataUtil::formatForDisplay(ModUtil::url('Users', 'user', 'login')) . '" method="post"><div>' . "\n" . '<input type="hidden" name="csrftoken" value="' . $csrftoken . '" />' . "\n" . '<input type="hidden" name="authentication_method[modname]" value="Users" />' . "\n" . '<input type="hidden" name="authentication_method[method]" value="' . $methodName . '" />' . "\n" . '<label for="userlogin_plugin_uname">' . $userNameLabel . '</label> ' . "\n" . '<input type="text" name="authentication_info[login_id]" id="userlogin_plugin_uname" size="' . $size . '" maxlength="' . $maxlength . '" value="' . $value . '"' . $js . ' />' . "\n" . '<label for="userlogin_plugin_pass">' . __('Password') . '</label> ' . "\n" . '<input type="password" name="authentication_info[pass]" id="userlogin_plugin_pass" size="' . $size . '" maxlength="' . $maxlengthpass . '" />' . "\n";
if (System::getVar('seclevel') != 'high') {
$loginbox .= '<input type="checkbox" value="1" name="rememberme" id="userlogin_plugin_rememberme" />' . "\n" . '<label for="userlogin_plugin_rememberme">' . __('Remember me') . '</label> ' . "\n";
}
$loginbox .= '<input type="hidden" name="returnurl" value="' . DataUtil::formatForDisplay($returnurl) . '" />' . "\n" . '<input type="submit" value="' . __('Log in') . '" />' . "\n" . '</div></form>' . "\n";
} else {
$loginbox = '';
}
if ($assign) {
$view->assign($assign, $loginbox);
} else {
return $loginbox;
}
}
/**
* Insert a CSRF protection nonce.
*
* Available parameters:
* - assign: Assign rather the output.
*
* Example:
* <input type="hidden" name="csrftoken" value="{insert name='csrftoken'}" />
*
* @param array $params All attributes passed to this function from the template.
* @param Zikula_View $view Reference to the Zikula_View object.
*
* @return string
*/
function smarty_insert_csrftoken($params, $view)
{
// NOTE: assign parameter is handled by the smarty_core_run_insert_handler(...) function in lib/vendor/Smarty/internals/core.run_insert_handler.php
return SecurityUtil::generateCsrfToken($view->getContainer());
}
/**
* Authenticate a user's credentials against an authentication module, logging him into the Zikula system.
*
* If the user is already logged in, then this function should behave as if {@link authenticateUserUsing()} was called.
*
* This function is used to check that a user is who he says he is, and that he has a valid user account with the
* Zikula system. If so, the user is logged in to the Zikula system (if he is not already logged in). This function
* should be used only to log a user into the Zikula system.
*
* This function differs from {@link checkPasswordUsing()} in that it attempts to look up a Zikula account
* record for the user, and takes the user's account status into account when returning a value. Additionally,
* the user is logged into the Zikula system if his credentials are verified with the authentication module specified.
*
* This function differs from {@link authenticateUserUsing()} in that it attempts to log the user into the Zikula system,
* if he is not already logged in. If he is already logged in, then it should behave similarly to authenticateUserUsing().
*
* ATTENTION: The authentication module function(s) called during this process may redirect the user to an external server
* to perform authorization and/or authentication. The function calling loginUsing must already have anticipated
* the reentrant nature of this process, must already have saved pertinent user state, must have supplied a
* reentrant URL pointing to a function that will handle reentry into the login process silently, and must clear
* any save user state immediately following the return of this function.
*
* @param array $authenticationMethod Auth module name.
* @param array $authenticationInfo Auth info array.
* @param boolean $rememberMe Whether or not to remember login.
* @param string $reentrantURL If the authentication module needs to redirect to an external authentication server (e.g., OpenID), then
* this is the URL to return to in order to re-enter the log-in process. The pertinent user
* state must have already been saved by the function calling loginUsing(), and the URL must
* point to a Zikula_AbstractController function that is equipped to detect reentry, restore the
* saved user state, and get the user back to the point where loginUsing is re-executed. This
* is only optional if the authentication module identified by $authenticationMethod reports that it is not
* reentrant (e.g., Users is guaranteed to not be reentrant), or if $checkPassword is false.
* @param boolean $checkPassword Whether or not to check the password.
* @param boolean $preauthenticatedUser Whether ot not is a preauthenticated user.
*
* @return array|bool The user account record of the user that has logged in successfully, otherwise false
*/
public static function loginUsing(array $authenticationMethod, array $authenticationInfo, $rememberMe = false, $reentrantURL = null, $checkPassword = true, $preauthenticatedUser = null)
{
$userObj = false;
if (self::preAuthenticationValidation($authenticationMethod, $authenticationInfo, $reentrantURL)) {
// Authenticate the loginID and userEnteredPassword against the specified authentication module.
// This should return the uid of the user logging in. Note that there are two routes here, both get a uid.
// We do the authentication check first, before checking any account status information, because if the
// person logging in cannot supply the proper credentials, then we should not show any detailed account status
// to them. Instead they should just get the generic "no such user found or bad password" message.
if ($checkPassword) {
$authenticatedUid = self::internalAuthenticateUserUsing($authenticationMethod, $authenticationInfo, $reentrantURL, true);
} elseif (isset($preauthenticatedUser)) {
if (is_numeric($preauthenticatedUser)) {
$authenticatedUid = $preauthenticatedUser;
} elseif (is_array($preauthenticatedUser)) {
$authenticatedUid = $preauthenticatedUser['uid'];
$userObj = $preauthenticatedUser;
} else {
throw new Zikula_Exception_Fatal();
}
} else {
$authArgs = array('authentication_info' => $authenticationInfo, 'authentication_method' => $authenticationMethod);
$authenticatedUid = ModUtil::apiFunc($authenticationMethod['modname'], 'Authentication', 'getUidForAuththenticationInfo', $authArgs, 'Zikula_Api_AbstractAuthentication');
}
$session = ServiceUtil::get('request')->getSession();
$userObj = self::internalUserAccountValidation($authenticatedUid, true, isset($userObj) ? $userObj : null);
if ($userObj && is_array($userObj)) {
// BEGIN ACTUAL LOGIN
// Made it through all the checks. We can actually log in now.
// Give any interested module one last chance to prevent the login from happening.
$eventArgs = array('authentication_method' => $authenticationMethod, 'uid' => $userObj['uid']);
$event = new GenericEvent($userObj, $eventArgs);
$event = EventUtil::dispatch('user.login.veto', $event);
if ($event->isPropagationStopped()) {
// The login attempt has been vetoed by one or more modules.
$eventData = $event->getData();
if (isset($eventData['retry']) && $eventData['retry']) {
$sessionVarName = 'Users_Controller_User_login';
$sessionNamespace = 'Zikula_Users';
$redirectURL = ModUtil::url('Users', 'user', 'login', array('csrftoken' => SecurityUtil::generateCsrfToken()));
} elseif (isset($eventData['redirect_func'])) {
if (isset($eventData['redirect_func']['session'])) {
$sessionVarName = $eventData['redirect_func']['session']['var'];
$sessionNamespace = isset($eventData['redirect_func']['session']['namespace']) ? $eventData['redirect_func']['session']['namespace'] : '';
}
$redirectURL = ModUtil::url($eventData['redirect_func']['modname'], $eventData['redirect_func']['type'], $eventData['redirect_func']['func'], $eventData['redirect_func']['args']);
}
if (isset($redirectURL)) {
if (isset($sessionVarName)) {
SessionUtil::requireSession();
$sessionVars = $session->get('users/Users_User_Controller_login', array());
$sessionVars = array('returnpage' => isset($sessionVars['returnpage']) ? $sessionVars['returnpage'] : '', 'authentication_info' => $authenticationInfo, 'authentication_method' => $authenticationMethod, 'rememberme' => $rememberMe, 'user_obj' => $userObj);
$session->set("{$sessionNamespace}/{$sessionVarName}", $sessionVars);
}
$userObj = false;
throw new Zikula_Exception_Redirect($redirectURL);
} else {
throw new Zikula_Exception_Forbidden();
}
} else {
// The login has not been vetoed
// This is what really does the Zikula login
self::setUserByUid($userObj['uid'], $rememberMe, $authenticationMethod);
}
}
}
return $userObj;
}
/**
* Modify Theme settings.
*/
public function modifyconfig()
{
// Security check
if (!SecurityUtil::checkPermission('Theme::', '::', ACCESS_EDIT)) {
return LogUtil::registerPermissionError();
}
// assign a list of modules suitable for html_options
$usermods = ModUtil::getUserMods();
$mods = array();
foreach ($usermods as $usermod) {
$mods[$usermod['name']] = $usermod['displayname'];
}
// register the renderer object allow access to various view values
$this->view->register_object('render', $this->view);
// check for a .htaccess file
if (file_exists('.htaccess')) {
$this->view->assign('htaccess', 1);
} else {
$this->view->assign('htaccess', 0);
}
// assign the output variables and fetch the template
return $this->view->assign('mods', $mods)
// assign all module vars
->assign($this->getVars())
// assign an csrftoken for the clear cache/compile links
->assign('csrftoken', SecurityUtil::generateCsrfToken($this->serviceManager, true))
// assign the core config var
->assign('theme_change', System::getVar('theme_change'))
// extracted list of non-cached mods
->assign('modulesnocache', array_flip(explode(',', $this->getVar('modulesnocache'))))
->fetch('theme_admin_modifyconfig.tpl');
}
/**
* View all blocks.
*
* @return string HTML output string.
*/
public function view()
{
// Security check
if (!SecurityUtil::checkPermission('Blocks::', '::', ACCESS_EDIT)) {
return LogUtil::registerPermissionError();
}
$sfilter = SessionUtil::getVar('filter', array(), '/Blocks');
$filter = FormUtil::getPassedValue('filter', $sfilter);
$clear = FormUtil::getPassedValue('clear', 0);
if ($clear) {
$filter = array();
SessionUtil::setVar('filter', $filter, '/Blocks');
}
// sort and sortdir GET parameters override filter values
$sort = isset($filter['sort']) && !empty($filter['sort']) ? strtolower($filter['sort']) : 'bid';
$sortdir = isset($filter['sortdir']) && !empty($filter['sortdir']) ? strtoupper($filter['sortdir']) : 'ASC';
$filter['sort'] = FormUtil::getPassedValue('sort', $sort, 'GET');
$filter['sortdir'] = FormUtil::getPassedValue('sortdir', $sortdir, 'GET');
if ($filter['sortdir'] != 'ASC' && $filter['sortdir'] != 'DESC') {
$filter['sortdir'] = 'ASC';
}
$filter['blockposition_id'] = isset($filter['blockposition_id']) ? $filter['blockposition_id'] : 0;
$filter['modid'] = isset($filter['modid']) ? $filter['modid'] : 0;
$filter['language'] = isset($filter['language']) ? $filter['language'] : '';
$filter['active_status'] = isset($filter['active_status']) ? $filter['active_status'] : 0;
// generate an authorisation key for the links
$token = SecurityUtil::generateCsrfToken($this->serviceManager, true);
// set some default variables
$rownum = 1;
$lastpos = '';
// Get all blocks
$blocks = ModUtil::apiFunc('Blocks', 'user', 'getall', $filter);
// we can easily count the number of blocks using count() rather than
// calling the api function
$numrows = count($blocks);
// create an empty arrow to hold the processed items
$blockitems = array();
// get all possible block positions
$blockspositions = ModUtil::apiFunc('Blocks', 'user', 'getallpositions');
// build assoc array for easier usage later on
foreach ($blockspositions as $blocksposition) {
$allbposarray[$blocksposition['pid']] = $blocksposition['name'];
}
// loop round each item calculating the additional information
$blocksitems = array();
foreach ($blocks as $key => $block) {
// set the module that holds the block
$modinfo = ModUtil::getInfo($block['mid']);
$block['modname'] = $modinfo['displayname'];
// set the blocks language
if (empty($block['language'])) {
$block['language'] = $this->__('All');
} else {
$block['language'] = ZLanguage::getLanguageName($block['language']);
}
$thisblockspositions = ModUtil::apiFunc('Blocks', 'user', 'getallblockspositions', array('bid' => $block['bid']));
$bposarray = array();
foreach ($thisblockspositions as $singleblockposition) {
$bposarray[] = $allbposarray[$singleblockposition['pid']];
}
$block['positions'] = implode(', ', $bposarray);
unset($bposarray);
// calculate what options the user has over this block
$block['options'] = array();
if ($block['active']) {
$block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'deactivate', array('bid' => $block['bid'], 'csrftoken' => $token)), 'image' => 'folder_grey.png', 'title' => $this->__f('Deactivate \'%s\'', $block['title']), 'noscript' => true);
} else {
$block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'activate', array('bid' => $block['bid'], 'csrftoken' => $token)), 'image' => 'folder_green.png', 'title' => $this->__f('Activate \'%s\'', $block['title']), 'noscript' => true);
}
$block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'modify', array('bid' => $block['bid'])), 'image' => 'xedit.png', 'title' => $this->__f('Edit \'%s\'', $block['title']), 'noscript' => false);
$block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'delete', array('bid' => $block['bid'])), 'image' => '14_layer_deletelayer.png', 'title' => $this->__f('Delete \'%s\'', $block['title']), 'noscript' => false);
$blocksitems[] = $block;
}
$this->view->assign('blocks', $blocksitems);
// get the block positions
$items = ModUtil::apiFunc('Blocks', 'user', 'getallpositions');
// Loop through each returned item adding in the options that the user has over the item
foreach ($items as $key => $item) {
if (SecurityUtil::checkPermission('Blocks::', "{$item['name']}::", ACCESS_READ)) {
$options = array();
if (SecurityUtil::checkPermission('Blocks::', "{$item['name']}::\$", ACCESS_EDIT)) {
$options[] = array('url' => ModUtil::url('Blocks', 'admin', 'modifyposition', array('pid' => $item['pid'])), 'image' => 'xedit.png', 'title' => $this->__f('Edit blockposition \'%s\'', $item['name']));
if (SecurityUtil::checkPermission('Blocks::', "{$item['name']}::", ACCESS_DELETE)) {
$options[] = array('url' => ModUtil::url('Blocks', 'admin', 'deleteposition', array('pid' => $item['pid'])), 'image' => '14_layer_deletelayer.png', 'title' => $this->__f('Delete blockposition \'%s\'', $item['name']));
}
}
// Add the calculated menu options to the item array
$items[$key]['options'] = $options;
}
}
// Assign the items to the template
ksort($items);
$this->view->assign('positions', $items);
$this->view->assign('filter', $filter)->assign('sort', $filter['sort'])->assign('sortdir', $filter['sortdir']);
// Return the output that has been generated by this function
return $this->view->fetch('blocks_admin_view.tpl');
}
/**
* view permissions
* @return string HTML string
*/
public function view()
{
// Security check
if (!SecurityUtil::checkPermission('Permissions::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
// Get parameters from whatever input we need.
$permgrp = FormUtil::getPassedValue('permgrp', -1, 'REQUEST');
$testuser = FormUtil::getPassedValue('test_user', null, 'POST');
$testcomponent = FormUtil::getPassedValue('test_component', null, 'POST');
$testinstance = FormUtil::getPassedValue('test_instance', null, 'POST');
$testlevel = FormUtil::getPassedValue('test_level', null, 'POST');
$testresult = '';
if (!empty($testuser) &&
!empty($testcomponent) &&
!empty($testinstance)
) {
// we have everything we need for an effective permission check
$testuid = UserUtil::getIdFromName($testuser);
if ($testuid <> false) {
if (SecurityUtil::checkPermission($testcomponent, $testinstance, $testlevel, $testuid)) {
$testresult = '<span id="permissiontestinfogreen">' . $this->__('permission granted.') . '</span>';
} else {
$testresult = '<span id="permissiontestinfored">' . $this->__('permission not granted.') . '</span>';
}
} else {
$testresult = '<span id="permissiontestinfored">' . $this->__('unknown user.') . '</span>';
}
}
$this->view->assign('testuser', $testuser)
->assign('testcomponent', $testcomponent)
->assign('testinstance', $testinstance)
->assign('testlevel', $testlevel)
->assign('testresult', $testresult);
// decide the default view
$enableFilter = $this->getVar('filter', 1);
$rowview = $this->getVar('rowview', 25);
// Work out which tables to operate against, and
// various other bits and pieces
$dbtable = DBUtil::getTables();
$permcolumn = $dbtable['group_perms_column'];
$ids = $this->getGroupsInfo();
$where = '';
if ($enableFilter == 1) {
$permgrpparts = explode('+', $permgrp);
if ($permgrpparts[0] == 'g') {
if (is_array($permgrpparts) && $permgrpparts[1] != SecurityUtil::PERMS_ALL) {
$where = "WHERE (" . $permcolumn['gid'] . "='" . SecurityUtil::PERMS_ALL . "' OR " . $permcolumn['gid'] . "='" . DataUtil::formatForStore($permgrpparts[1]) . "')";
$permgrp = $permgrpparts[1];
$this->view->assign('filtertype', 'group');
} else {
$permgrp = SecurityUtil::PERMS_ALL;
$where = '';
}
} elseif ($permgrpparts[0] == 'c') {
if (is_array($permgrpparts) && $permgrpparts[1] != SecurityUtil::PERMS_ALL) {
$where = "WHERE (" . $permcolumn['component'] . "='.*' OR " . $permcolumn['component'] . " LIKE '" . DataUtil::formatForStore($permgrpparts[1]) . "%')";
$permgrp = $permgrpparts[1];
$this->view->assign('filtertype', 'component');
} else {
$permgrp = SecurityUtil::PERMS_ALL;
$where = '';
}
} else {
$this->view->assign('filtertype', '');
}
$this->view->assign('permgrps', $ids);
$this->view->assign('permgrp', $permgrp);
$this->view->assign('enablefilter', true);
} else {
$this->view->assign('enablefilter', false);
$this->view->assign('filtertype', '');
$this->view->assign('permgrp', SecurityUtil::PERMS_ALL);
}
$accesslevels = SecurityUtil::accesslevelnames();
$orderBy = "ORDER BY $permcolumn[sequence]";
$objArray = DBUtil::selectObjectArray('group_perms', $where, $orderBy, -1, -1, false);
$numrows = DBUtil::_getFetchedObjectCount();
$permissions = array();
$components = array(-1 => $this->__('All components'));
if ($numrows > 0) {
$csrftoken = SecurityUtil::generateCsrfToken($this->serviceManager, true);
$rownum = 1;
$ak = array_keys($objArray);
foreach ($ak as $v) {
$obj = $objArray[$v];
$id = $obj['gid'];
$up = array('url' => ModUtil::url('Permissions', 'admin', 'inc',
array('pid' => $obj['pid'],
'permgrp' => $permgrp,
'csrftoken' => $csrftoken)),
'title' => $this->__('Up'));
$down = array('url' => ModUtil::url('Permissions', 'admin', 'dec',
array('pid' => $obj['pid'],
'permgrp' => $permgrp,
'csrftoken' => $csrftoken)),
'title' => $this->__('Down'));
switch ($rownum) {
case 1:
$arrows = array('up' => 0, 'down' => 1);
break;
case $numrows:
$arrows = array('up' => 1, 'down' => 0);
break;
default:
$arrows = array('up' => 1, 'down' => 1);
break;
}
$rownum++;
$options = array();
$inserturl = ModUtil::url('Permissions', 'admin', 'listedit',
array('permgrp' => $permgrp,
'action' => 'insert',
'insseq' => $obj['sequence']));
$editurl = ModUtil::url('Permissions', 'admin', 'listedit',
array('chgpid' => $obj['pid'],
'permgrp' => $permgrp,
'action' => 'modify'));
$deleteurl = ModUtil::url('Permissions', 'admin', 'delete',
array('pid' => $obj['pid'],
'permgrp' => $permgrp));
$permissions[] = array('sequence' => $obj['sequence'],
'arrows' => $arrows,
// Realms not currently functional so hide the output - jgm
//'realms' => $realms[$realm],
'group' => $ids[$id],
'groupid' => $id,
'component' => $obj['component'],
'instance' => $obj['instance'],
'accesslevel' => $accesslevels[$obj['level']],
'accesslevelid' => $obj['level'],
'options' => $options,
'up' => $up,
'down' => $down,
'permid' => $obj['pid'],
'inserturl' => $inserturl,
'editurl' => $editurl,
'deleteurl' => $deleteurl);
}
}
// read all perms to extract components
$allPerms = DBUtil::selectObjectArray('group_perms', '', $orderBy, -1, -1, false);
foreach ($allPerms as $singlePerm) {
// extract components, we keep everything up to the first colon
$compparts = explode(':', $singlePerm['component']);
$components[$compparts[0]] = $compparts[0];
}
$this->view->assign('groups', $this->getGroupsInfo());
$this->view->assign('permissions', $permissions);
$this->view->assign('components', $components);
$lockadmin = ($this->getVar('lockadmin')) ? 1 : 0;
$this->view->assign('lockadmin', $lockadmin);
$this->view->assign('adminid', $this->getVar('adminid'));
// Assign the permission levels
$this->view->assign('permissionlevels', SecurityUtil::accesslevelnames());
return $this->view->fetch('permissions_admin_view.tpl');
}
/**
* Lists all plugins.
* @return string HTML output string
*/
public function viewPlugins()
{
// Security check
if (!SecurityUtil::checkPermission('Extensions::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
$state = FormUtil::getPassedValue('state', -1, 'GETPOST');
$sort = FormUtil::getPassedValue('sort', null, 'GETPOST');
$module = FormUtil::getPassedValue('bymodule', null, 'GETPOST');
$systemplugins = FormUtil::getPassedValue('systemplugins', false, 'GETPOST')? true : null;
$this->view->assign('state', $state);
// generate an auth key to use in urls
$csrfToken = SecurityUtil::generateCsrfToken($this->serviceManager, true);
$plugins = array();
$pluginClasses = ($systemplugins) ? PluginUtil::loadAllSystemPlugins() : PluginUtil::loadAllModulePlugins();
foreach ($pluginClasses as $className) {
$instance = PluginUtil::loadPlugin($className);
$pluginstate = PluginUtil::getState($instance->getServiceId(), PluginUtil::getDefaultState());
// Tweak UI if the plugin is AlwaysOn
if ($instance instanceof Zikula_Plugin_AlwaysOnInterface) {
$pluginstate['state'] = PluginUtil::ENABLED;
$pluginstate['version'] = $instance->getMetaVersion();
}
// state filer
if ($state >= 0 && $pluginstate['state'] != $state) {
continue;
}
// module filter
if (!empty($module) && $instance->getModuleName() != $module) {
continue;
}
$actions = array();
// Translate state
switch ($pluginstate['state']) {
case PluginUtil::NOTINSTALLED:
$status = $this->__('Not installed');
$statusimage = 'redled.png';
$actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'initialisePlugin',
array('plugin' => $className,
'state' => $state,
'bymodule' => $module,
'sort' => $sort,
'systemplugins' => $systemplugins,
'csrftoken' => $csrfToken)
),
'image' => 'folder_new.png',
'title' => $this->__('Install'));
break;
case PluginUtil::ENABLED:
$status = $this->__('Active');
$statusimage = 'greenled.png';
$pluginLink = array();
if (!$systemplugins) {
$pluginLink['_module'] = $instance->getModuleName();
}
$pluginLink['_plugin'] = $instance->getPluginName();
$pluginLink['_action'] = 'configure';
if ($instance instanceof Zikula_Plugin_ConfigurableInterface) {
$actions[] = array('url' => ModUtil::url('Extensions', 'adminplugin', 'dispatch', $pluginLink),
'image' => 'configure.png',
'title' => $this->__('Configure plugin'));
}
// Dont allow to disable/uninstall plugins that are AlwaysOn
if (!$instance instanceof Zikula_Plugin_AlwaysOnInterface) {
$actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'deactivatePlugin',
array('plugin' => $className,
'state' => $state,
'bymodule' => $module,
'sort' => $sort,
'systemplugins' => $systemplugins,
'csrftoken' => $csrfToken)
),
'image' => 'folder_red.png',
'title' => $this->__('Deactivate'));
$actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'removePlugin',
array('plugin' => $className,
'state' => $state,
'bymodule' => $module,
'sort' => $sort,
'systemplugins' => $systemplugins,
'csrftoken' => $csrfToken)
),
'image' => '14_layer_deletelayer.png',
'title' => $this->__('Remove plugin'));
}
break;
case PluginUtil::DISABLED:
$status = $this->__('Inactive');
$statusimage = 'yellowled.png';
$actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'activatePlugin',
array('plugin' => $className,
'state' => $state,
'bymodule' => $module,
'sort' => $sort,
'systemplugins' => $systemplugins,
'csrftoken' => $csrfToken)
),
'image' => 'folder_green.png',
'title' => $this->__('Activate'));
$actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'removePlugin',
array('plugin' => $className,
'state' => $state,
'bymodule' => $module,
'sort' => $sort,
'systemplugins' => $systemplugins,
'csrftoken' => $csrfToken)
),
'image' => '14_layer_deletelayer.png',
'title' => $this->__('Remove plugin'));
break;
}
// upgrade ?
if ($pluginstate['state'] != PluginUtil::NOTINSTALLED
&& $pluginstate['version'] != $instance->getMetaVersion()) {
$status = $this->__('New version');
$statusimage = 'redled.png';
$actions = array();
$actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'upgradePlugin',
array('plugin' => $className,
'state' => $state,
'bymodule' => $module,
'sort' => $sort,
'systemplugins' => $systemplugins,
'csrftoken' => $csrfToken)
),
'image' => 'folder_favorites.png',
'title' => $this->__('Upgrade'));
$actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'removePlugin',
array('plugin' => $className,
'state' => $state,
'bymodule' => $module,
'sort' => $sort,
'systemplugins' => $systemplugins,
'csrftoken' => $csrfToken)
),
'image' => '14_layer_deletelayer.png',
'title' => $this->__('Remove plugin'));
}
$info = array('instance' => $instance,
'status' => $status,
'statusimage' => $statusimage,
'actions' => $actions,
'version' => $pluginstate['state'] == PluginUtil::NOTINSTALLED ?
$instance->getMetaVersion() : $pluginstate['version']);
// new version of plugin?
if ($pluginstate['state'] != PluginUtil::NOTINSTALLED
&& $pluginstate['version'] != $instance->getMetaVersion()) {
$info['newversion'] = $instance->getMetaVersion();
}
$plugins[] = $info;
}
// sort plugins array
if (empty($sort) || $sort == 'module') {
usort($plugins, array($this, 'viewPluginsSorter_byModule'));
} elseif ($sort == 'name') {
usort($plugins, array($this, 'viewPluginsSorter_byName'));
}
$this->view->assign('plugins', $plugins)
->assign('module', $module)
->assign('sort', $sort)
->assign('state', $state)
->assign('systemplugins', $systemplugins)
->assign('_type', ($systemplugins) ? 'system' : 'module');
// Return the output that has been generated by this function
return $this->view->fetch('extensions_admin_viewPlugins.tpl');
}
/**
* CSRF protection
*
* @return string HTML input field.
*/
public function getCsrfTokenHtml()
{
$key = SecurityUtil::generateCsrfToken($this->serviceManager);
$html = "<input type=\"hidden\" name=\"csrftoken\" value=\"{$key}\" id=\"FormCsrfToken_{$this->formId}\" />";
return $html;
}
/**
* BlankTheme plugin to display the admin navigation menu.
*
* Available parameters:
* - id (string) ID of wrapper div (default: 'nav_admin')
* - ulclass (string) CSS class name of the UL (default: 'cssplay_prodrop')
* - current (string) Current screen ID (optional)
* - currentclass (string) CSS class name of the current tab, list item (default: 'selected')
*
* Example:
* {bt_adminlinks id='myId' ulclass='myUlClass' current='config' currentclass='myActiveClass'}
*
* @author Mateo Tibaquirá [mateo]
* @author Erik Spaan [espaan]
* @since 08/11/2007
*
* @param array $params All parameters passed to this function from the template.
* @param Zikula_View_Theme &$view Reference to the View_Theme object.
*
* @return string Admin menu output.
*/
function smarty_function_bt_adminlinks($params, Zikula_View_Theme &$view)
{
$dom = ZLanguage::getThemeDomain('BlankTheme');
$id = isset($params['id']) ? $params['id'] : 'nav_admin';
$ulclass = isset($params['ulclass']) ? $params['ulclass'] : 'cssplay_prodrop';
$current = isset($params['current']) ? $params['current'] : '';
$cclass = isset($params['currentclass']) ? $params['currentclass'] : 'selected';
/*** Build the menu-array ***/
/* menu option: {id, translatable link text, link, array of sublinks} */
$menu = array();
/* Homepage link */
$menu[] = array('home', __('Home', $dom), System::getHomepageURL());
if (SecurityUtil::checkPermission('Admin::', '::', ACCESS_EDIT))
{
/* Config menu */
// System basis
$linkoptions = array(
array(null, __('Site settings', $dom), ModUtil::url('Settings', 'admin', 'main'),
array(
array(null, __('Localization', $dom), ModUtil::url('Settings', 'admin', 'multilingual')),
array(null, __('HTML settings', $dom), ModUtil::url('SecurityCenter', 'admin', 'allowedhtml'))
)
),
array(null, __('Permissions', $dom), ModUtil::url('Permissions', 'admin', 'main')),
array(null, __('Categories', $dom), ModUtil::url('Categories', 'admin', 'main'),
array(
array(null, __('Category registry', $dom), ModUtil::url('Categories', 'admin', 'editregistry')),
array(null, __('New category', $dom), ModUtil::url('Categories', 'admin', 'newcat'))
)
),
array(null, __('Admin panel', $dom), ModUtil::url('Admin', 'admin', 'main'),
array(
array(null, __('Settings', $dom), ModUtil::url('Admin', 'admin', 'modifyconfig')),
array(null, __('Help', $dom), ModUtil::url('Admin', 'admin', 'help'))
)
),
array(null, __('System mailer', $dom), ModUtil::url('Mailer', 'admin', 'main')),
array(null, __('Search options', $dom), ModUtil::url('Search', 'admin', 'main')),
);
// Legal
if (ModUtil::available('Legal')) {
$linkoptions[] = array(null, __('Legal settings', $dom), ModUtil::url('Legal', 'admin', 'main'));
}
$menu[] = array('config', __('Config', $dom), '#', $linkoptions);
/* System menu */
// Search for installed hooks
$linkoptions = array();
if (ModUtil::available('EZComments')) {
$linkoptions[] = array(null, __('Comments', $dom), ModUtil::url('EZComments', 'admin', 'modifyconfig'));
}
if (ModUtil::available('MultiHook')) {
$linkoptions[] = array(null, __('MultiHook', $dom), ModUtil::url('MultiHook', 'admin', 'modifyconfig'));
}
if (ModUtil::available('BBCode')) {
$linkoptions[] = array(null, __('BBCode', $dom), ModUtil::url('bbcode', 'admin', 'config'));
}
if (ModUtil::available('BBSmile')) {
$linkoptions[] = array(null, __('Smilies', $dom), ModUtil::url('bbsmile', 'admin', 'modifyconfig'));
}
if (ModUtil::available('Ratings')) {
$linkoptions[] = array(null, __('Ratings', $dom), ModUtil::url('Ratings', 'admin', 'modifyconfig'));
}
if (empty($linkoptions)) {
$linkoptions[] = array(null, __('No known hooks are installed', $dom), '#');
}
$theme = System::getVar('Default_Theme');
$menu[] = array('system', __('System', $dom), '#',
array(
array(null, __('Extensions', $dom), ModUtil::url('Extensions', 'admin', 'main'),
array(
array(null, __('System plugins', $dom), ModUtil::url('Extensions', 'admin', 'viewPlugins', array('systemplugins' => 1))),
array(null, __('Module plugins', $dom), ModUtil::url('Extensions', 'admin', 'viewPlugins'))
)
),
array(null, __('Hooks', $dom), '#',
$linkoptions
),
array(null, __('Blocks', $dom), ModUtil::url('Blocks', 'admin', 'main'),
array(
array(null, __('New block', $dom), ModUtil::url('Blocks', 'admin', 'newblock')),
array(null, __('New position', $dom), ModUtil::url('Blocks', 'admin', 'newposition'))
)
),
array(null, __('Themes', $dom), ModUtil::url('Theme', 'admin', 'main')),
array(null, __('Security center', $dom), ModUtil::url('SecurityCenter', 'admin', 'modifyconfig'),
array(
array(null, __('View IDS log', $dom), ModUtil::url('SecurityCenter', 'admin', 'viewidslog')),
array(null, __('HTMLPurifier settings', $dom), ModUtil::url('SecurityCenter', 'admin', 'purifierconfig'))
)
)
)
);
// SysInfo check
if (ModUtil::available('SysInfo')) {
$menu[] = array(null, __('System information', $dom), ModUtil::url('SysInfo', 'admin', 'main'));
}
/* Users/Groups menu */
// build the Users management submenu options
$subusr = array();
$profileModule = System::getVar('profilemodule', '');
if (!empty($profileModule) && ModUtil::available($profileModule)) {
$subusr[] = array(null, __('Profile module', $dom), ModUtil::url($profileModule, 'admin', 'main'));
}
$subusr[] = array(null, __('Users settings', $dom), ModUtil::url('Users', 'admin', 'config'));
$subusr[] = array(null, __('Import users', $dom), ModUtil::url('Users', 'admin', 'import'));
$subusr[] = array(null, __('Export users', $dom), ModUtil::url('Users', 'admin', 'exporter'));
$menu[] = array('users', __('Users', $dom), '#',
array(
array(null, __('Manage groups', $dom), ModUtil::url('Groups', 'admin', 'main'),
array(
array(null, __('Groups settings', $dom), ModUtil::url('Groups', 'admin', 'modifyconfig'))
)
),
array(null, __('Manage users', $dom), ModUtil::url('Users', 'admin', 'main'),
$subusr
),
array(null, __('Create user', $dom), ModUtil::url('Users', 'admin', 'newUser')),
array(null, __('Find users', $dom), ModUtil::url('Users', 'admin', 'search')),
array(null, __('Find and e-mail users', $dom), ModUtil::url('Users', 'admin', 'mailUsers'))
)
);
/* Common Utils */
$linkoptions = array(
array(null, __("Edit default theme", $dom), ModUtil::url('Theme', 'admin', 'modify', array('themename' => $theme)))
);
// File handling
if (ModUtil::available('Files')) {
$linkoptions[] = array(null, __('File manager', $dom), ModUtil::url('Files', 'admin', 'main'));
}
// WYSIWYG handling
if (ModUtil::available('Scribite') || ModUtil::available('LuMicuLa')) {
$subopt = array();
if (ModUtil::available('Scribite')) {
$subopt[] = array(null, 'Scribite', ModUtil::url('Scribite', 'admin', 'main'));
}
if (ModUtil::available('LuMicuLa')) {
$subopt[] = array(null, 'LuMicuLa', ModUtil::url('LuMicuLa', 'admin', 'main'));
}
}
if (isset($subopt)) {
$linkoptions[] = array(null, __('WYSIWYG editors', $dom), '#', $subopt);
}
// Thumbnails handling
if (ModUtil::available('Thumbnail')) {
$linkoptions[] = array(null, __('Thumbnails', $dom), ModUtil::url('Thumbnail', 'admin', 'main'));
}
$menu[] = array('utils', __('Utils', $dom), '#', $linkoptions);
/* Common Routines links */
$token = SecurityUtil::generateCsrfToken(null, true);
$linkoptions = array(
array(null, __('Template engine', $dom), ModUtil::url('Theme', 'admin', 'modifyconfig', array(), null, 'render_compile_dir'),
array(
array(null, __('Delete compiled render templates', $dom), ModUtil::url('Theme', 'admin', 'render_clear_compiled', array('csrftoken' => $token))),
array(null, __('Delete cached render templates', $dom), ModUtil::url('Theme', 'admin', 'render_clear_cache', array('csrftoken' => $token)))
)
),
array(null, __('Theme engine', $dom), ModUtil::url('Theme', 'admin', 'modifyconfig'),
array(
array(null, __('Delete compiled theme templates', $dom), ModUtil::url('Theme', 'admin', 'clear_compiled', array('csrftoken' => $token))),
array(null, __('Delete cached theme templates', $dom), ModUtil::url('Theme', 'admin', 'clear_cache', array('csrftoken' => $token)))
)
),
array(null, __('Clear combination cache', $dom), ModUtil::url('Theme', 'admin', 'clear_cssjscombinecache', array('csrftoken' => $token))),
array(null, __('Delete theme configurations', $dom), ModUtil::url('Theme', 'admin', 'clear_config', array('csrftoken' => $token)))
);
if (ModUtil::available('SysInfo')) {
$linkoptions[] = array(null, __('Filesystem check', $dom), ModUtil::url('SysInfo', 'admin', 'filesystem'));
$linkoptions[] = array(null, __('Temporary folder check', $dom), ModUtil::url('SysInfo', 'admin', 'ztemp'));
}
$menu[] = array('routines', __('Routines', $dom), '#', $linkoptions);
}
/* Permission Admin:: | :: | ACCESS_EDIT ends here */
/* Create content menu */
$linkoptions = array();
// Content Modules
if (ModUtil::available('Clip') && SecurityUtil::checkPermission('Clip::', '::', ACCESS_EDIT)) {
$suboptions = array(
array(null, __('Clip Editor Panel', $dom), ModUtil::url('Clip', 'editor', 'main')),
array(null, __('Create publication type', $dom), ModUtil::url('Clip', 'admin', 'pubtype'))
);
$linkoptions[] = array(null, __('Clip Admin Panel', $dom), ModUtil::url('Clip', 'admin', 'main'), $suboptions);
}
if (ModUtil::available('News') && (SecurityUtil::checkPermission('News::', '::', ACCESS_EDIT) || SecurityUtil::checkPermission('Stories::Story', '::', ACCESS_EDIT))) {
$suboptions = array(
array(null, __('View list', $dom), ModUtil::url('News', 'admin', 'view')),
array(null, __('Settings', $dom), ModUtil::url('News', 'admin', 'modifyconfig'))
);
$linkoptions[] = array(null, __('Add an article', $dom), ModUtil::url('News', 'admin', 'new'), $suboptions);
}
if (ModUtil::available('Pages') && SecurityUtil::checkPermission('Pages::', '::', ACCESS_EDIT)) {
$suboptions = array(
array(null, __('View list', $dom), ModUtil::url('Pages', 'admin', 'view')),
array(null, __('Settings', $dom), ModUtil::url('Pages', 'admin', 'modifyconfig'))
);
$linkoptions[] = array(null, __('Add a page', $dom), ModUtil::url('Pages', 'admin', 'new'), $suboptions);
}
if (ModUtil::available('Content') && SecurityUtil::checkPermission('Content::', '::', ACCESS_EDIT)) {
$suboptions = array(
array(null, __('Settings', $dom), ModUtil::url('Content', 'admin', 'settings'))
);
$linkoptions[] = array(null, __('Edit contents', $dom), ModUtil::url('Content', 'edit', 'main'), $suboptions);
}
// Downloads modules
if (ModUtil::available('MediaAttach') && SecurityUtil::checkPermission('MediaAttach::', '::', ACCESS_EDIT)) {
$suboptions = array(
array(null, __('View list', $dom), ModUtil::url('MediaAttach', 'admin', 'view')),
array(null, __('Settings', $dom), ModUtil::url('MediaAttach', 'admin', 'main'))
);
$linkoptions[] = array(null, __('Add a download', $dom), ModUtil::url('MediaAttach', 'admin', 'view', array(), null, 'myuploadform_switch'), $suboptions);
}
if (ModUtil::available('Downloads') && SecurityUtil::checkPermission('Downloads::', '::', ACCESS_EDIT)) {
$suboptions = array(
array(null, __('Add category', $dom), ModUtil::url('Downloads', 'admin', 'category_menu')),
array(null, __('Settings', $dom), ModUtil::url('Downloads', 'admin', 'main'))
);
$linkoptions[] = array(null, __('Add a download', $dom), ModUtil::url('Downloads', 'admin', 'newdownload'), $suboptions);
}
// Community modules
if (ModUtil::available('Polls') && SecurityUtil::checkPermission('Polls::', '::', ACCESS_EDIT)) {
$suboptions = array(
array(null, __('View list', $dom), ModUtil::url('Polls', 'admin', 'view')),
array(null, __('Settings', $dom), ModUtil::url('Polls', 'admin', 'modifyconfig'))
);
$linkoptions[] = array(null, __('Add a poll', $dom), ModUtil::url('Polls', 'admin', 'new'), $suboptions);
}
if (ModUtil::available('FAQ') && SecurityUtil::checkPermission('FAQ::', '::', ACCESS_EDIT)) {
$suboptions = array(
array(null, __('View list', $dom), ModUtil::url('FAQ', 'admin', 'view')),
array(null, __('Settings', $dom), ModUtil::url('FAQ', 'admin', 'modifyconfig'))
);
$linkoptions[] = array(null, __('Add a FAQ', $dom), ModUtil::url('FAQ', 'admin', 'new'), $suboptions);
}
if (ModUtil::available('Feeds') && SecurityUtil::checkPermission('Feeds::', '::', ACCESS_EDIT)) {
$suboptions = array(
array(null, __('View list', $dom), ModUtil::url('Feeds', 'admin', 'view')),
array(null, __('Settings', $dom), ModUtil::url('Feeds', 'admin', 'modifyconfig'))
);
$linkoptions[] = array(null, __('Add a feed', $dom), ModUtil::url('Feeds', 'admin', 'new'), $suboptions);
}
if (ModUtil::available('Reviews') && SecurityUtil::checkPermission('Reviews::', '::', ACCESS_EDIT)) {
$suboptions = array(
array(null, __('View list', $dom), ModUtil::url('Reviews', 'admin', 'view')),
array(null, __('Settings', $dom), ModUtil::url('Reviews', 'admin', 'modifyconfig'))
);
$linkoptions[] = array(null, __('Add a review', $dom), ModUtil::url('Reviews', 'admin', 'new'), $suboptions);
}
if (ModUtil::available('WebLinks') && SecurityUtil::checkPermission('Web_Links::', '::', ACCESS_EDIT)) {
$linkoptions[] = array(null, __('Add a web link', $dom), ModUtil::url('WebLinks', 'admin', 'main', array('op' => 'LinksAddLink')));
}
// Calendar modules
if (ModUtil::available('TimeIt') && SecurityUtil::checkPermission('TimeIt::', '::', ACCESS_EDIT)) {
$suboptions = array(
array(null, __('Settings', $dom), ModUtil::url('TimeIt', 'admin', 'modifyconfig'))
);
$linkoptions[] = array(null, __('Add a calendar event', $dom), ModUtil::url('TimeIt', 'admin', 'new'), $suboptions);
}
if (ModUtil::available('crpCalendar') && SecurityUtil::checkPermission('crpCalendar::', '::', ACCESS_EDIT)) {
$suboptions = array(
array(null, __('View list', $dom), ModUtil::url('crpCalendar', 'admin', 'view')),
array(null, __('Settings', $dom), ModUtil::url('crpCalendar', 'admin', 'modifyconfig'))
);
$linkoptions[] = array(null, __('Add a calendar event', $dom), ModUtil::url('crpCalendar', 'admin', 'new'), $suboptions);
}
// Legacy modules
if (ModUtil::available('AdminMessages') && SecurityUtil::checkPermission('AdminMessages::', '::', ACCESS_EDIT)) {
$suboptions = array(
array(null, __('View list', $dom), ModUtil::url('AdminMessages', 'admin', 'view')),
array(null, __('Settings', $dom), ModUtil::url('AdminMessages', 'admin', 'modifyconfig'))
);
$linkoptions[] = array(null, __('Add an admin message', $dom), ModUtil::url('AdminMessages', 'admin', 'new'), $suboptions);
}
if (!$linkoptions) {
$linkoptions[] = array(null, __('No known modules are installed', $dom), '#');
}
$menu[] = array('content', __('Create content', $dom), '#', $linkoptions);
/* Logout link */
$menu[] = array('logout', __('Log out', $dom), ModUtil::url('Users', 'user', 'logout'));
/* Create the menu based on the array above */
$output = '<div id="'.$id.'"><ul' . ((!empty($ulclass))?' class="'.$ulclass.'"':'') . '>';
foreach ($menu as $option) {
$output .= bt_adminlinks_drawmenu($option, $current, $cclass);
}
$output .= '</ul></div>';
return $output;
}
/**
* {@inheritdoc}
*/
public function generateCsrfToken($intention)
{
return \SecurityUtil::generateCsrfToken();
}
/**
* View all blocks.
*
* @return string HTML output string.
*/
public function view()
{
// Security check
if (!SecurityUtil::checkPermission('Blocks::', '::', ACCESS_EDIT)) {
return LogUtil::registerPermissionError();
}
$sfilter = SessionUtil::getVar('filter', array(), '/Blocks');
$filter = FormUtil::getPassedValue('filter', $sfilter);
$clear = FormUtil::getPassedValue('clear', 0);
if ($clear) {
$filter = array();
SessionUtil::setVar('filter', $filter, '/Blocks');
}
// sort and sortdir GET parameters override filter values
$sort = (isset($filter['sort']) && !empty($filter['sort'])) ? strtolower($filter['sort']) : 'bid';
$sortdir = (isset($filter['sortdir']) && !empty($filter['sortdir'])) ? strtoupper($filter['sortdir']) : 'ASC';
$filter['sort'] = FormUtil::getPassedValue('sort', $sort, 'GET');
$filter['sortdir'] = FormUtil::getPassedValue('sortdir', $sortdir, 'GET');
if ($filter['sortdir'] != 'ASC' && $filter['sortdir'] != 'DESC') {
$filter['sortdir'] = 'ASC';
}
$filter['blockposition_id'] = isset($filter['blockposition_id']) ? $filter['blockposition_id'] : 0;
$filter['module_id'] = isset($filter['module_id']) ? $filter['module_id'] : 0;
$filter['language'] = isset($filter['language']) ? $filter['language'] : '';
$filter['active_status'] = isset($filter['active_status']) ? $filter['active_status'] : 0;
$this->view->assign('filter', $filter)
->assign('sort', $filter['sort'])
->assign('sortdir', $filter['sortdir']);
// generate an authorisation key for the links
$csrftoken = SecurityUtil::generateCsrfToken($this->serviceManager, true);
$this->view->assign('csrftoken', $csrftoken);
// Get all blocks
$blocks = ModUtil::apiFunc('Blocks', 'user', 'getall', $filter);
// get all possible block positions and build assoc array for easier usage later on
$blockspositions = ModUtil::apiFunc('Blocks', 'user', 'getallpositions');
foreach ($blockspositions as $blocksposition) {
$allbposarray[$blocksposition['pid']] = $blocksposition['name'];
}
// loop round each item calculating the additional information
$blocksitems = array();
foreach ($blocks as $key => $block) {
$block = $block->toArray();
// set the module that holds the block
$modinfo = ModUtil::getInfo($block['mid']);
$block['modname'] = $modinfo['displayname'];
// set the block's language
if (empty($block['language'])) {
$block['language'] = $this->__('All');
} else {
$block['language'] = ZLanguage::getLanguageName($block['language']);
}
// set the block's position(s)
$bposarray = array();
$thisblockspositions = ModUtil::apiFunc('Blocks', 'user', 'getallblockspositions', array('bid' => $block['bid']));
foreach ($thisblockspositions as $singleblockposition) {
$bposarray[] = $allbposarray[$singleblockposition['pid']];
}
$block['positions'] = implode(', ', $bposarray);
unset($bposarray);
// push block to array
$blocksitems[] = $block;
}
$this->view->assign('blocks', $blocksitems);
// get the block positions and assign them to the template
$positions = ModUtil::apiFunc('Blocks', 'user', 'getallpositions');
$this->view->assign('positions', $positions);
// Return the output that has been generated by this function
return $this->view->fetch('blocks_admin_view.tpl');
}
/**
* Display the login form, or process a user log-in request.
*
* This displays the main log-in screen to the user, allowing him to select a method of authenticating himself
* to the system (if more than one authentication method is available), and to provide his credentials in
* order to log into the site.
*
* Upon submitting his credentials (either through the log-in form mentioned above, or through another form
* such as the log-in block, this processes the credentials as a log-in request.
*
* If the user is already logged in, then he is redirected the main Users module page.
*
* Parameters passed via the $args array:
* --------------------------------------
* array authentication_info An array containing the authentication information entered by the user.
* array authentication_method An array containing two elements: 'modname', the authentication module name, and 'method', the
* selected authentication method as defined by the module.
* boolean rememberme True if the user should remain logged in at that computer for future visits; otherwise false.
* string returnpage The URL of the page to return to if the log-in attempt is successful. (This URL must not be urlencoded.)
*
* Parameters passed via GET:
* --------------------------
* string returnpage The urlencoded URL of the page to return to if the log-in attempt is successful.
*
* Parameters passed via POST:
* ---------------------------
* array authentication_info An array containing the authentication information entered by the user.
* array authentication_method An array containing two elements: 'modname', the authentication module name, and 'method', the
* selected authentication method as defined by the module.
* boolean rememberme True if the user should remain logged in at that computer for future visits; otherwise false.
* string returnpage The URL of the page to return to if the log-in attempt is successful. (This URL must not be urlencoded.)
*
* Parameters passed via SESSION:
* ------------------------------
* Namespace: Zikula_Users
* Variable: Users_Controller_User_login
* Type: array
* Contents: An array containing the information passed in via the $args array or the GET or POST variables, and additionaly, the
* element 'user_obj'if the user record has been loaded. (The returnpage element must not be urlencoded when stored
* on the session.)
*
* @return boolean|string True on successful authentication and login, the rendered output of the appropriate
* template to display the log-in form.
*
* @throws Zikula_Exception_Redirect If the user is already logged in, or upon successful login with the redirect
* option set to send the user to the appropriate page, or...
*/
public function login($args)
{
// we shouldn't get here if logged in already....
$this->redirectIf(UserUtil::isLoggedIn(), ModUtil::url($this->name, 'user', 'main'));
$loggedIn = false;
$isFunctionCall = false;
$isReentry = false;
// Need to check for $args first, since isPost() and isGet() will have been set on the original call
if (isset($args) && is_array($args) && !empty($args)) {
// We are coming in or back (reentering) from someplace else via a direct call to this function. It is likely that
// we are coming back from a user.login.veto event handler that redirected the user to a page where he had to provide
// more information.
$authenticationInfo = isset($args['authentication_info']) ? $args['authentication_info'] : array();
$selectedAuthenticationMethod = isset($args['authentication_method']) ? $args['authentication_method'] : array();
$rememberMe = isset($args['rememberme']) ? $args['rememberme'] : false;
$returnPage = isset($args['returnpage']) ? $args['returnpage'] : $this->request->query->get('returnpage', '');
$eventType = isset($args['event_type']) ? $args['event_type'] : false;
$isFunctionCall = true;
} elseif (isset($args) && !is_array($args)) {
// Coming from a function call, but bad $args
throw new Zikula_Exception_Fatal(LogUtil::getErrorMsgArgs());
} elseif ($this->request->isPost()) {
// We got here from a POST, either from the login, the login block, or some reasonable facsimile thereof.
if (System::getVar('anonymoussessions', false)) {
$this->checkCsrfToken();
}
$authenticationInfo = $this->request->request->get('authentication_info', array());
$selectedAuthenticationMethod = $this->request->request->get('authentication_method', array());
$rememberMe = $this->request->request->get('rememberme', false);
$returnPage = $this->request->request->get('returnpage', urldecode($this->request->query->get('returnpage', '')));
if (empty($returnPage)) {
// Check if returnurl was set instead of returnpage
$returnPage = $this->request->request->get('returnurl', urldecode($this->request->query->get('returnurl', '')));
}
$eventType = $this->request->request->get('event_type', false);
} elseif ($this->request->isGet()) {
$reentry = false;
$reentrantTokenReceived = $this->request->query->get('reentranttoken', '');
$sessionVars = $this->request->getSession()->get('Users_Controller_User_login', array(), 'Zikula_Users');
$this->request->getSession()->del('Users_Controller_User_login', 'Zikula_Users');
$reentrantToken = isset($sessionVars['reentranttoken']) ? $sessionVars['reentranttoken'] : false;
if (!empty($reentrantTokenReceived) && ($reentrantTokenReceived == $reentrantToken)) {
// We are coming back (reentering) from someplace else. It is likely that we are coming back from an external
// authentication process initiated by an authentication module such as OpenID.
$authenticationInfo = isset($sessionVars['authentication_info']) ? $sessionVars['authentication_info'] : array();
$selectedAuthenticationMethod = isset($sessionVars['authentication_method']) ? $sessionVars['authentication_method'] : array();
$rememberMe = isset($sessionVars['rememberme']) ? $sessionVars['rememberme'] : false;
$returnPage = isset($sessionVars['returnpage']) ? $sessionVars['returnpage'] : $this->request->query->get('returnpage', '');
$eventType = isset($sessionVars['event_type']) ? $sessionVars['event_type'] : false;
$user = isset($sessionVars['user_obj']) ? $sessionVars['user_obj'] : null;
$isReentry = true;
} else {
$authenticationInfo = array();
$selectedAuthenticationMethod = array();
$rememberMe = false;
$returnPage = urldecode($this->request->query->get('returnpage', $this->request->query->get('returnurl', '')));
$eventType = 'login_screen';
$user = array();
$event = new Zikula_Event('module.users.ui.login.started');
$this->eventManager->notify($event);
}
} else {
throw new Zikula_Exception_Forbidden();
}
if (!isset($reentrantToken)) {
$reentrantToken = substr(SecurityUtil::generateCsrfToken(), 0, 10);
}
// Any authentication information for use in this pass through login is gathered, so ensure any session variable
// is cleared, even if we are coming in through a post or a function call that didn't gather info from the session.
$this->request->getSession()->del('Users_Controller_User_login', 'Zikula_Users');
$authenticationMethodList = new Users_Helper_AuthenticationMethodList($this);
if ($this->request->isPost() || $isFunctionCall || $isReentry) {
// A form submission, or a simulated submission as a function call.
if (isset($authenticationInfo) && is_array($authenticationInfo) && !empty($authenticationInfo)) {
if (!isset($selectedAuthenticationMethod) || !is_array($selectedAuthenticationMethod) || empty($selectedAuthenticationMethod)
|| !isset($selectedAuthenticationMethod['modname']) || empty($selectedAuthenticationMethod['modname'])
|| !isset($selectedAuthenticationMethod['method']) || empty($selectedAuthenticationMethod['method'])
) {
throw new Zikula_Exception_Fatal($this->__('Error! Invalid authentication method information.'));
}
if (ModUtil::available($selectedAuthenticationMethod['modname'])
&& ModUtil::apiFunc($selectedAuthenticationMethod['modname'], 'authentication', 'isEnabledForAuthentication', $selectedAuthenticationMethod)
) {
// The authentication method is reasonably valid, moving on to validate the user-entered credentials
$validateAuthenticationInfoArgs = array(
'authenticationMethod' => $selectedAuthenticationMethod,
'authenticationInfo' => $authenticationInfo,
);
if (ModUtil::func($selectedAuthenticationMethod['modname'], 'authentication', 'validateAuthenticationInformation', $validateAuthenticationInfoArgs)) {
// The authentication method and the authentication information have been validated at the UI level.
//
// Moving on to the actual authentication process. Save the submitted information in case the authentication
// method is external and reentrant.
//
// We're using sessions here, even though anonymous sessions might be turned off for anonymous users.
// If the user is trying to log in, then he's going to get a session if he's successful,
// so using sessions on the anonymous user just before logging in should be ok.
SessionUtil::requireSession();
$sessionVars = array(
'event_type' => $eventType,
'returnpage' => $returnPage,
'authentication_info' => $authenticationInfo,
'authentication_method' => $selectedAuthenticationMethod,
'rememberme' => $rememberMe,
'reentranttoken' => $reentrantToken,
);
$this->request->getSession()->set('Users_Controller_User_login', $sessionVars, 'Zikula_Users');
// The authentication method selected might be reentrant (it might send the user out to an external web site
// for authentication, and then send us back to finish the job). We need to tell the external system to where
// we would like to return.
$reentrantUrl = ModUtil::url($this->name, 'user', 'login', array('reentranttoken' => $reentrantToken), null, null, true, true);
// There may be hook providers that need to be validated, so we cannot yet log in. The hook providers will
// need a user object to make sure they know who they're dealing with. Authenticate (so we are sure that
// the user is who he says he is) and get a user.
//
// The chosen authentication method might be reentrant, and this is the point were the user might be directed
// outside the Zikula system for external authentication.
$user = UserUtil::authenticateUserUsing($selectedAuthenticationMethod, $authenticationInfo, $reentrantUrl, true);
// If we have gotten to this point in the same call to login(), then the authentication method was not external
// and reentrant, so we should not need the session variable any more. If it is external and reentrant, and the
// user was required to exit the Zikula system for authentication on the external system, then we will not get
// to this point until the reentrant call back to login() (at which point the variable should, again, not be needed
// anymore).
$this->request->getSession()->del('Users_Controller_User_login', 'Zikula_Users');
// Did we get a good user? If so, then we can proceed to hook validation.
if (isset($user) && $user && is_array($user) && isset($user['uid']) && is_numeric($user['uid'])) {
$validators = new Zikula_Hook_ValidationProviders();
if ($eventType) {
$event = new Zikula_Event("module.users.ui.validate_edit.{$eventType}", $user, array(), $validators);
$validators = $this->eventManager->notify($event)->getData();
$hook = new Zikula_ValidationHook("users.ui_hooks.{$eventType}.validate_edit", $validators);
$this->notifyHooks($hook);
$validators = $hook->getValidators();
}
if (!$validators->hasErrors()) {
// Process the edit hooks BEFORE we log in, so that any changes to the user record are recorded before we re-check
// the user's ability to log in. If we don't do this, then user.login.veto might trap and cancel the login attempt again.
if ($eventType) {
$event = new Zikula_Event("module.users.ui.process_edit.{$eventType}", $user, array());
$this->eventManager->notify($event);
$hook = new Zikula_ProcessHook("users.ui_hooks.{$eventType}.process_edit", $user['uid']);
$this->notifyHooks($hook);
}
if (!isset($user['lastlogin']) || empty($user['lastlogin']) || ($user['lastlogin'] == '1970-01-01 00:00:00')) {
$isFirstLogin = true;
} else {
$isFirstLogin = false;
}
// Because we are passing a $user and setting checkPassword false, this call back into the authentication
// chain should not trigger an external re-authentication, so it should not need preparation for reentry.
$loggedIn = UserUtil::loginUsing($selectedAuthenticationMethod, $authenticationInfo, $rememberMe, $reentrantUrl, false, $user);
if (!$loggedIn) {
// Because the user was preauthentication, this should never happen, but just in case...
if (!$this->request->getSession()->hasMessages(Zikula_Session::MESSAGE_ERROR)) {
$this->registerError($this->__('Your log-in request was not completed.'));
}
$eventArgs = array(
'authentication_method' => $selectedAuthenticationMethod,
'authentication_info' => $authenticationInfo,
'redirecturl' => '',
);
$failedEvent = new Zikula_Event('module.users.ui.login.failed', $user, $eventArgs);
$failedEvent = $this->eventManager->notify($failedEvent);
$redirectUrl = $failedEvent->hasArg('redirecturl') ? $failedEvent->getArg('redirecturl') : '';
if (!empty($redirectUrl)) {
$this->redirect($redirectUrl);
}
}
} else {
if (!$this->request->getSession()->hasMessages(Zikula_Session::MESSAGE_ERROR)) {
$this->registerError($this->__('Your log-in request was not completed.'));
}
$eventArgs = array(
'authentication_method' => $selectedAuthenticationMethod,
'authentication_info' => $authenticationInfo,
'redirecturl' => '',
);
$failedEvent = new Zikula_Event('module.users.ui.login.failed', $user, $eventArgs);
$failedEvent = $this->eventManager->notify($failedEvent);
$redirectUrl = $failedEvent->hasArg('redirecturl') ? $failedEvent->getArg('redirecturl') : '';
if (!empty($redirectUrl)) {
$this->redirect($redirectUrl);
}
}
} else {
if (!$this->request->getSession()->hasMessages(Zikula_Session::MESSAGE_ERROR)) {
$this->registerError($this->__('There is no user account matching that information, or the password you gave does not match the password on file for that account.'));
}
$eventArgs = array(
'authentication_method' => $selectedAuthenticationMethod,
'authentication_info' => $authenticationInfo,
'redirecturl' => '',
);
$failedEvent = new Zikula_Event('module.users.ui.login.failed', null, $eventArgs);
$failedEvent = $this->eventManager->notify($failedEvent);
$redirectUrl = $failedEvent->hasArg('redirecturl') ? $failedEvent->getArg('redirecturl') : '';
if (!empty($redirectUrl)) {
$this->redirect($redirectUrl);
}
}
} else {
if (!$this->request->getSession()->hasMessages(Zikula_Session::MESSAGE_ERROR)) {
$this->registerError($this->__('The credentials you entered were not valid. Please reenter the requested information and try again.'));
}
}
} else {
if ($authenticationMethodList->countEnabledForAuthentication() <= 1) {
$this->registerError($this->__('The selected log-in method is not currently available. Please contact the site administrator for assistance.'));
} else {
$this->registerError($this->__('The selected log-in method is not currently available. Please choose another or contact the site administrator for assistance.'));
}
}
} elseif (isset($authenticationInfo) && (!is_array($authenticationInfo))) {
throw new Zikula_Exception_Fatal($this->__('Error! Invalid authentication information received.'));
}
}
if (!$loggedIn) {
// Either a GET request type to initially display the login form, or a failed login attempt
// which means the login form should be displayed anyway.
if ((!isset($selectedAuthenticationMethod) || empty($selectedAuthenticationMethod))
&& ($authenticationMethodList->countEnabledForAuthentication() <= 1)
) {
$authenticationMethod = $authenticationMethodList->getAuthenticationMethodForDefault();
$selectedAuthenticationMethod = array(
'modname' => $authenticationMethod->modname,
'method' => $authenticationMethod->method,
);
}
// TODO - The order and availability should be set by configuration
$authenticationMethodDisplayOrder = array();
foreach ($authenticationMethodList as $authenticationMethod) {
if ($authenticationMethod->isEnabledForAuthentication()) {
$authenticationMethodDisplayOrder[] = array(
'modname' => $authenticationMethod->modname,
'method' => $authenticationMethod->method,
);
}
}
$templateArgs = array(
'returnpage' => isset($returnPage) ? $returnPage : '',
'authentication_info' => isset($authenticationInfo) ? $authenticationInfo : array(),
'selected_authentication_method' => $selectedAuthenticationMethod,
'authentication_method_display_order' => $authenticationMethodDisplayOrder,
'user_obj' => isset($user) ? $user : array(),
);
return $this->view->assign($templateArgs)
->fetch('users_user_login.tpl');
} else {
$eventArgs = array(
'authentication_method' => $selectedAuthenticationMethod,
'redirecturl' => $returnPage,
);
if (isset($isFirstLogin)) {
$eventArgs['is_first_login'] = $isFirstLogin;
}
$event = new Zikula_Event('module.users.ui.login.succeeded', $user, $eventArgs);
$event = $this->eventManager->notify($event);
$returnPage = $event->hasArg('redirecturl') ? $event->getArg('redirecturl') : $returnPage;
if (empty($returnPage)) {
$returnPage = System::getHomepageUrl();
}
// A successful login.
if ($this->getVar(Users_Constant::MODVAR_LOGIN_WCAG_COMPLIANT, 1) == 1) {
// WCAG compliant login
$this->redirect($returnPage);
} else {
// meta refresh
$this->printRedirectPage($this->__('You are being logged-in. Please wait...'), $returnPage);
return true;
}
}
}
// Start output of page
//
define('SHOW_ONLINE', true);
$page_title = $lang['Index'];
include $phpbb_root_path . 'includes/page_header.' . $phpEx;
$template->set_filenames(array('body' => 'index_body.tpl'));
// Begin PNphpBB2 Categories Hierarchie Mod
if ($nav_cat_desc != "") {
$nav_cat_desc = $nav_separator . $nav_cat_desc;
}
$mark = $viewcat == -1 ? '' : '&' . POST_CAT_URL . '=' . $viewcat;
// End PNphpBB2 Categories Hierarchie Mod
$template->assign_vars(array('TOTAL_POSTS' => sprintf($l_total_post_s, $total_posts), 'TOTAL_USERS' => sprintf($l_total_user_s, $total_users), 'NEWEST_USER' => sprintf($lang['Newest_user'], '<a href="' . append_sid("profile.{$phpEx}?mode=viewprofile&" . POST_USERS_URL . "={$newest_uid}") . '">', DataUtil::formatForDisplay($newest_user), '</a>'), 'FORUM_IMG' => $images['forum'], 'FORUM_NEW_IMG' => $images['forum_new'], 'FORUM_LOCKED_IMG' => $images['forum_locked'], 'WHOSONLINE' => $images['whosonline'], 'L_POSTED' => $lang['Posted'], 'L_LEGEND' => $lang['Legend'], 'L_FORUM' => $lang['Forum'], 'L_TOPICS' => $lang['Topics'], 'L_REPLIES' => $lang['Replies'], 'L_VIEWS' => $lang['Views'], 'L_POSTS' => $lang['Posts'], 'L_LASTPOST' => $lang['Last_Post'], 'L_NO_NEW_POSTS' => $lang['No_new_posts'], 'L_NEW_POSTS' => $lang['New_posts'], 'L_NO_NEW_POSTS_LOCKED' => $lang['No_new_posts_locked'], 'L_NEW_POSTS_LOCKED' => $lang['New_posts_locked'], 'L_ONLINE_EXPLAIN' => $lang['Online_explain'], 'L_MODERATOR' => $lang['Moderators'], 'L_FORUM_LOCKED' => $lang['Forum_is_locked'], 'L_MARK_FORUMS_READ' => $lang['Mark_all_forums'], 'U_MARK_READ' => append_sid("index.{$phpEx}?mark=forums{$mark}")));
// ZphpBB2 =>
if (!$userdata['session_logged_in']) {
$template->assign_vars(array('ZLOGIN_CSRFTOKEN' => SecurityUtil::generateCsrfToken(), 'ZLOGIN_RETURNPAGE' => DataUtil::formatForDisplay(System::getCurrentUri())));
}
// <= ZphpBB2
// Begin PNphpBB2 Module
if (!$board_config['pnphpbb2_members_online'] && (!$board_config['pnphpbb2_members_online_annon'] || $userdata['session_logged_in'])) {
$template->assign_block_vars('switch_members_online', array());
}
// End PNphpBB2 Module
// Begin PNphpBB2 Module (Announcements)
if ($board_config['pnphpbb2_enable_announce'] == 1) {
//
$announcement_duration = 7;
if (isset($board_config['pnphpbb2_announcement_duration'])) {
$announcement_duration = $board_config['pnphpbb2_announcement_duration'];
}
$time_floor = $announcement_duration == 0 ? 0 : time() - ($announcement_duration - 1) * 24 * 3600;
/**
* View all items managed by this module.
*
* @return string The rendered template output.
*/
public function view()
{
if (!SecurityUtil::checkPermission('Profile::', '::', ACCESS_EDIT)) {
return LogUtil::registerPermissionError();
}
// Get parameters from whatever input we need.
$startnum = (int)$this->request->getGet()->get('startnum', null);
$numitems = 20;
$items = ModUtil::apiFunc('Profile', 'user', 'getall',
array('startnum' => $startnum,
'numitems' => $numitems));
$count = ModUtil::apiFunc('Profile', 'user', 'countitems');
$csrftoken = SecurityUtil::generateCsrfToken();
$x = 1;
$duditems = array();
foreach ($items as $item) {
// display the proper icom and link to enable or disable the field
switch (true) {
// 0 <= DUD types can't be disabled
case ($item['prop_dtype'] <= 0):
$statusval = 1;
$status = array('url' => '',
'image' => 'greenled.png', 'title' => $this->__('Required'));
break;
case ($item['prop_weight'] <> 0):
$statusval = 1;
$status = array('url' => ModUtil::url('Profile', 'admin', 'deactivate',
array('dudid' => $item['prop_id'],
'weight' => $item['prop_weight'],
'csrftoken' => $csrftoken)),
'image' => 'greenled.png',
'title' => $this->__('Deactivate'));
break;
default:
$statusval = 0;
$status = array('url' => ModUtil::url('Profile', 'admin', 'activate',
array('dudid' => $item['prop_id'],
'csrftoken' => $csrftoken)),
'image' => 'redled.png',
'title' => $this->__('Activate'));
}
// analizes the DUD type
switch ($item['prop_dtype']) {
case '-2': // non-editable field
$data_type_text = $this->__('Not editable field');
break;
case '-1': // Third party (non-editable)
$data_type_text = $this->__('Third-party (not editable)');
break;
case '0': // Third party (mandatory)
$data_type_text = $this->__('Third-party') . ($item['prop_required'] ? ', '.$this->__('Required') : '');
break;
default:
case '1': // Normal property
$data_type_text = $this->__('Normal') . ($item['prop_required'] ? ', '.$this->__('Required') : '');
break;
case '2': // Third party (normal field)
$data_type_text = $this->__('Third-party') . ($item['prop_required'] ? ', '.$this->__('Required') : '');
break;
}
// Options for the item.
$options = array();
if (SecurityUtil::checkPermission('Profile::item', "$item[prop_label]::$item[prop_id]", ACCESS_EDIT)) {
$options[] = array('url' => ModUtil::url('Profile', 'admin', 'modify', array('dudid' => $item['prop_id'])),
'image' => 'xedit.png',
'class' => '',
'title' => $this->__('Edit'));
if ($item['prop_weight'] > 1) {
$options[] = array('url' => ModUtil::url('Profile', 'admin', 'decrease_weight', array('dudid' => $item['prop_id'])),
'image' => '2uparrow.png',
'class' => 'profile_up',
'title' => $this->__('Up'));
}
if ($x < $count) {
$options[] = array('url' => ModUtil::url('Profile', 'admin', 'increase_weight', array('dudid' => $item['prop_id'])),
'image' => '2downarrow.png',
'class' => 'profile_down',
'title' => $this->__('Down'));
}
if (SecurityUtil::checkPermission('Profile::item', "$item[prop_label]::$item[prop_id]", ACCESS_DELETE) && $item['prop_dtype'] > 0) {
$options[] = array('url' => ModUtil::url('Profile', 'admin', 'delete', array('dudid' => $item['prop_id'])),
'image' => '14_layer_deletelayer.png',
'class' => '',
'title' => $this->__('Delete'));
}
}
$item['status'] = $status;
$item['statusval'] = $statusval;
$item['options'] = $options;
$item['dtype'] = $data_type_text;
$duditems[] = $item;
$x++;
}
$this->view->setCaching(false)
->assign('startnum', $startnum)
->assign('duditems', $duditems);
// assign the values for the smarty plugin to produce a pager in case of there
// being many items to display.
$this->view->assign('pager', array('numitems' => $count,
'itemsperpage' => $numitems));
// Return the output that has been generated by this function
return $this->view->fetch('profile_admin_view.tpl');
}
