public static function kickout_non_admin($url = 'index.php') { self::create_user(); if ($_SESSION[Config::$sitename]['user']['logged_in'] == false || $_SESSION[Config::$sitename]['user']['is_admin'] == false) { URL::redirect($url); } }
public function internalAction() { $this->_view->_title = 'Internal Group Management'; if (isset($_GET['team']) && trim($_GET['team']) != '') { if (isset($_POST['group_form']) && !empty($_POST['group_form'])) { $this->_view->colUser = $this->_model->listTeamUser($_GET['team'], $_POST['group_form']); } else { if (!isset($_GET['date_from']) && !isset($_GET['date_to'])) { $arrayDefault = array('date_from' => date("d/m/Y"), 'date_to' => date("d/m/Y")); $this->_view->colUser = $this->_model->listTeamUser($_GET['team'], $arrayDefault); $this->_view->duration = $this->_model->getDuration('2', $arrayDefault, 'standard_duration'); $this->_view->chart = $this->_model->createChart($_GET['team'], $arrayDefault); } else { if (isset($_GET['date_from']) && isset($_GET['date_to'])) { $arrayDate = array('date_from' => $_GET['date_from'], 'date_to' => $_GET['date_to']); $this->_view->colUser = $this->_model->listTeamUser($_GET['team'], $arrayDate); $this->_view->duration = $this->_model->getDuration('2', $arrayDate, 'standard_duration'); $this->_view->chart = $this->_model->createChart($_GET['team'], $arrayDate); } else { $this->_view->colUser = $this->_model->listTeamUser($_GET['team']); } } } } else { URL::redirect(URL::createLink('default', 'index', 'index')); } // CREATE CHART if (isset($_POST['group_form'])) { $this->_view->duration = $this->_model->getDuration('2', $_POST['group_form'], 'standard_duration'); $this->_view->chart = $this->_model->createChart($_GET['team'], $_POST['group_form']); } $this->_view->render('group/internal'); }
public function loginAction() { $userInfo = Session::get('user'); if ($userInfo['login'] == true && $userInfo['time'] + TIME_LOGIN >= time()) { URL::redirect('default', 'user', 'index'); } $this->_view->_title = 'Login'; if (@$this->_arrParam['form']['token'] > 0) { $validate = new Validate($this->_arrParam['form']); $email = $this->_arrParam['form']['email']; $password = md5($this->_arrParam['form']['password']); $query = "SELECT `id` FROM `user` WHERE `email` = '{$email}' AND `password` = '{$password}'"; $validate->addRule('email', 'existRecord', array('database' => $this->_model, 'query' => $query)); $validate->run(); if ($validate->isValid() == true) { $infoUser = $this->_model->infoItem($this->_arrParam); $arraySession = array('login' => true, 'info' => $infoUser, 'time' => time(), 'group_acp' => $infoUser['group_acp']); Session::set('user', $arraySession); URL::redirect('default', 'user', 'index'); } else { $this->_view->errors = $validate->showErrorsPublic(); } } $this->_view->render('index/login'); }
public function short_url__redirect() { $shortcode = Request::get('shortcode'); $url = $this->core->expand($shortcode); if ($url != NULL) { URL::redirect($url); } }
public static function checkRefreshPage($value, $module, $controller, $action, $params = null) { if (Session::get('token') == $value) { Session::delete('token'); URL::redirect($module, $controller, $action); } else { Session::set('token', $value); } }
public function deleteAction() { $permission = isset($_SESSION['user']) && $_SESSION['user']['info']['admin_control'] == true ? true : false; if ($permission == true) { $this->_view->_title = 'Delete | User'; $this->_view->message = ''; if (isset($_GET['id'])) { $this->_view->message = $this->_model->processDelete($_GET['id']); } $this->_view->render('user/delete', true); } else { URL::redirect(URL::createLink('default', 'error', 'index', array('type' => 'not-url'))); } }
public function editAction() { $permission = isset($_SESSION['user']) && $_SESSION['user']['info']['admin_control'] == true ? true : false; if ($permission == true) { $this->_view->_title = 'Edit | Team'; if (isset($_GET['id'])) { $this->_view->_arrayTeam = $this->_model->arrayEdit($_GET['id']); } if (isset($_POST['editTeam']) && isset($_GET['id'])) { $this->_view->_result = $this->_model->processEdit($_POST['editTeam'], $_GET['id']); URL::redirect(URL::createLink('default', 'team', 'edit', array('id' => $_GET['id']))); } $this->_view->render('team/edit', true); } else { URL::redirect(URL::createLink('default', 'error', 'index', array('type' => 'not-url'))); } }
private function callMethod() { $actionName = $this->_params['action'] . 'Action'; if (method_exists($this->_controllerObject, $actionName) == true) { $module = $this->_params['module']; $controller = $this->_params['controller']; $action = $this->_params['action']; $requestURL = $module . "-" . $controller . "-" . $action; $userInfo = Session::get('user'); $logged = $userInfo['login'] == true && $userInfo['time'] + TIME_LOGIN >= time(); // MODULE ADMIN if ($module == 'admin') { if ($logged == true) { if ($userInfo['group_acp'] == 1) { //if(in_array($requestURL, $userInfo['info']['privilege'])==true){ $this->_controllerObject->{$actionName}(); //}else{ // URL::redirect('default', 'index', 'notice', array('type' => 'not-permission')); //} } else { URL::redirect('default', 'index', 'notice', array('type' => 'not-permission')); } } else { $this->callLoginAction($module); } // MODULE DEFAULT } else { if ($module == 'default') { if ($controller == 'user') { if ($logged == true) { $this->_controllerObject->{$actionName}(); } else { $this->callLoginAction($module); } } else { $this->_controllerObject->{$actionName}(); } } } //$this->_controllerObject->$actionName(); } else { //$this->_error(); URL::redirect('default', 'index', 'notice', array('type' => 'not-url')); } }
public function require_password() { $password_list = trim($this->fetchParam('allowed', '', null, false, false)); $passwords = explode('|', $password_list); $password_url = $this->fetch('password_url', null, null, false, false); $no_access_url = $this->fetch('no_access_url', '/', null, false, false); $return_variable = $this->fetch('return_variable', 'return', null, false, false); // no passwords set? this is OK if (!$password_list) { return; } // determine form URL $form_url = Helper::pick($password_url, $no_access_url); if (!$this->tasks->hasPassword(URL::getCurrent(), $passwords)) { URL::redirect(URL::appendGetVariable($form_url, $return_variable, URL::getCurrent()), 302); exit; } }
public function orderAction() { $cart = Session::get('cart'); $bookID = $this->_arrParam['book_id']; $price = $this->_arrParam['price']; if (empty($cart)) { $cart['quantity'][$bookID] = 1; $cart['price'][$bookID] = $price; } else { if (array_key_exists($bookID, $cart['quantity'])) { $cart['quantity'][$bookID] += 1; $cart['price'][$bookID] = $price * $cart['quantity'][$bookID]; } else { $cart['quantity'][$bookID] = 1; $cart['price'][$bookID] = $price; } } Session::set('cart', $cart); URL::redirect('default', 'book', 'detail', array('book_id' => $bookID)); }
public function protect__password() { // grab values $token = filter_input(INPUT_POST, 'token', FILTER_SANITIZE_STRING); $return = filter_input(INPUT_POST, 'return', FILTER_SANITIZE_STRING); $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING); $referrer = $_SERVER['HTTP_REFERER']; // validate token if (!$this->tokens->validate($token)) { $this->flash->set('error', 'Invalid token passed, please try again.'); URL::redirect($referrer); } // check password matches a password from return text if (!$this->tasks->isValidPassword($return, $password)) { $this->flash->set('error', 'Incorrect password.'); URL::redirect($referrer); } // store this password in the session $this->tasks->addPassword($return, $password); // redirect to the URL URL::redirect($return); }
private function callMethod() { $actionName = $this->_params['action'] . 'Action'; if (method_exists($this->_controllerObject, $actionName) == true) { $module = $this->_params['module']; $controller = $this->_params['controller']; $action = $this->_params['action']; $requestURL = $module . "-" . $controller . "-" . $action; $userInfo = Session::get('user'); $logged = $userInfo['login'] == true && $userInfo['time'] + TIME_LOGIN >= time(); // MODULE ADMIN if ($logged == true) { $this->_controllerObject->{$actionName}(); } else { $this->callLoginAction(); } //$this->_controllerObject->$actionName(); } else { //$this->_error(); URL::redirect(URL::createLink('default', 'error', 'index', array('type' => 'not-url'))); } }
public function indexAction() { $this->_view->_title = 'Personal Management'; $totalItems = $this->_model->countItem($this->_arrParam, null); $configPagination = array('totalItemsPerPage' => 5, 'pageRange' => 2); $this->setPagination($configPagination); $this->_view->pagination = new Pagination($totalItems, $this->_pagination); //$this->_view->Items = $this->_model->listItems($this->_arrParam, null); // Process Maintenance Data //$this->_view->arrayMaintenance = $this->_model->processMaintenance(); // Process Newton Data //$this->_view->arrayNewtonDetail = $this->_model->processNewtonDetail(); //$this->_view->arrayNewton = $this->_model->processNewton(); // Process Newcoding Detail //$this->_view->arrayNewCodingDetail = $this->_model->processNewCodingDetail(); //$this->_view->arrayNewCoding = $this->_model->processNewCoding(); // Process Domestic Data //$this->_view->arrayDomestic = $this->_model->processDomestic(); // Process FC Data //$this->_view->arrayFcDetail = $this->_model->processFcDetail(); //$this->_view->arrayFc = $this->_model->processFc(); // Process Other //$this->_view->arrayOther = $this->_model->processOther(); // Process Research //$this->_view->arrayResearch = $this->_model->processResearch(); // Process Worktime //$this->_view->arrayWorktime = $this->_model->processWorkTime(); $this->_model->importMaintenance(); $this->_model->importNewton(); $this->_model->importDomestic(); $this->_model->importFC(); $this->_model->importOther(); $this->_model->importResearch(); $this->_model->importNewCoding(); $this->_model->importWorkTime(); URL::redirect(URL::createLink('default', 'index', 'index')); $this->_view->render('import/index', true); }
function show() { $cols = $this->cols(); $rows = $this->rows(); $table = $this->table(); $link = $this->link(); echo '<form action="#" method="get">'; echo '<span>'; foreach ($_GET as $key => $value) { echo '<input type="hidden" name="' . $key . '" value="' . $value . '"/>'; } echo '</span>'; echo '<table cellspacing="0" cellpadding="0" class="db">'; $order = isset($_GET['orderby']) ? $_GET['orderby'] : 'bug_id DESC'; echo '<tr class="header">'; foreach ($cols as $name => $column) { if ($column['title'] == "") { $title = humantitle($name); } else { $title = $column['title']; } echo '<th>'; $by = $order == $name ? $name . ' DESC' : $name; echo '<a href="' . URL::redirect('#', array('orderby' => $by)) . '" class="header">'; echo '<div class="full">' . $title . '</div>'; echo '</a>'; echo '</th>'; } echo '</tr>'; echo '<tr class="filter">'; foreach ($cols as $name => $cfg) { echo '<td>'; switch ($cfg['filter']) { case 'search': echo '<input type="text" name="filter_' . $name . '" class="full" />'; echo '<span><input type="hidden" name="f_' . $name . '_type" value="search" /></span>'; break; case 'submit': echo '<input class="full" type="submit" value="Filter" />'; break; default: case 'select': echo '<select name="filter_' . $name . '" class="full">'; echo '<option value="">No Filter</option>'; $query = "SELECT DISTINCT {$name} FROM {$table} ORDER BY {$name}"; $result = mysql_query($query) or die('MySQL Error: ' . mysql_error()); while ($row = mysql_fetch_array($result)) { echo '<option value="' . $row[$name] . '"' . ($_GET['filter_' . $name] == $row[$name] ? ' selected="selected"' : '') . '>' . $this->rename($name, $row[$name]) . '</option>'; } echo '</select>'; break; } echo '</td>'; } echo '</tr>'; for ($i = 0; $i < count($rows); $i++) { echo '<tr class="row r_' . $x++ % 2 . '">'; foreach ($rows[$i] as $name => $value) { $value = $this->rename($name, $value); if ($_GET['f_' . $name . '_type'] == 'search') { $value = str_replace($_GET['filter_' . $name], '<span class="found">' . $_GET['filter_' . $name] . '</span>', $value); } echo '<td class="row"'; if ($cols[$name]['css'] != "") { echo ' style="' . $cols[$name]['css'] . '"'; } echo '><a class="normal" href="?show=' . $link . '&id=' . $rows[$i][$this->idcol] . '"><div class="full">' . $value . '</div></a></td>'; } echo '</tr>'; } echo '<tr class="footer"><td colspan="' . count($cols) . '">'; $this->pager->display(); echo '</td></tr>'; echo '</table>'; echo '</form>'; }
public function member__reset_password() { $site_root = Config::getSiteRoot(); $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING); $password_confirm = filter_input(INPUT_POST, 'password_confirmation', FILTER_SANITIZE_STRING); $token = filter_input(INPUT_POST, 'token', FILTER_SANITIZE_STRING); $hash = filter_input(INPUT_POST, 'hash', FILTER_SANITIZE_STRING); $referrer = $_SERVER['HTTP_REFERER']; // validate form token if (!$this->tokens->validate($token)) { $this->flash->set('reset_password_error', 'Invalid token.'); URL::redirect($referrer); } // bail if cache doesnt exist or if its too old. // this should have been caught on the page itself, // but if it got submitted somehow, just redirect and the error logic will be in the plugin. if (!$this->cache->exists($hash) || $this->cache->getAge($hash) > $this->fetchConfig('reset_password_age_limit', 20, 'is_numeric') * 60) { URL::redirect($referrer); } // password check if (is_null($password) || $password == '') { $this->flash->set('reset_password_error', 'Password cannot be blank.'); URL::redirect($referrer); } // password confirmation check if (!is_null($password_confirm) && $password !== $password_confirm) { $this->flash->set('reset_password_error', 'Passwords did not match.'); URL::redirect($referrer); } // get username $cache = $this->cache->getYAML($hash); $username = $cache['username']; // change password $member = Member::load($username); $member->set('password', $password); $member->save(); // delete used cache $this->cache->delete($hash); // redirect URL::redirect(array_get($cache, 'return', $this->fetchConfig('member_home', $site_root, null, false, false))); }
public function logout() { URL::redirect($this->logout_url()); }
public function reset_password_form() { $data = array(); $errors = array(); // parse parameters and vars $attr_string = ''; $site_root = Config::getSiteRoot(); $logged_in_redirect = $this->fetchParam('logged_in_redirect', $this->fetchConfig('member_home', $site_root), null, false, false); $attr = $this->fetchParam('attr', false); $hash = filter_input(INPUT_GET, 'H', FILTER_SANITIZE_URL); // is user already logged in? forward as needed if (Auth::isLoggedIn()) { URL::redirect($logged_in_redirect, 302); } // no hash in URL? if (!$hash) { $errors[] = Localization::fetch('reset_password_url_invalid'); $data['url_invalid'] = true; } if (count($errors) == 0) { // cache file doesn't exist or is too old if (!$this->cache->exists($hash) || $this->cache->getAge($hash) > $this->fetchConfig('reset_password_age_limit') * 60) { $errors[] = Localization::fetch('reset_password_url_expired'); $data['expired'] = true; } // flash errors if ($flash_error = $this->flash->get('reset_password_error')) { $errors[] = $flash_error; } } // set up attributes if ($attr) { $attributes_array = Helper::explodeOptions($attr, true); foreach ($attributes_array as $key => $value) { $attr_string .= ' ' . $key . '="' . $value . '"'; } } // errors $data['errors'] = $errors; // set up form HTML $html = '<form method="post" action="' . Path::tidy($site_root . "/TRIGGER/member/reset_password") . '" ' . $attr_string . '>'; $html .= '<input type="hidden" name="token" value="' . $this->tokens->create() . '">'; $html .= '<input type="hidden" name="hash" value="' . $hash . '">'; $html .= Parse::template($this->content, $data); $html .= '</form>'; // return that HTML return $html; }
<?php # new_task.php # 1. logic $project = new Project(); $project->load(['slug' => Route::param('slug')]); if (Input::posted()) { $task = new Task(); $task->fill(Input::all()); $task->user_id = Auth::user_id(); $task->project_id = $project->id; if (Input::get('name') != "" || Input::get('description') != "") { $task->save(); } } URL::redirect('/' . $project->slug);
private function loginmember($visitor_ip) { global $db, $prefix, $user_prefix, $sec_code, $CPG_SESS; $username = Fix_Quotes($_POST['ulogin']); $result = $db->sql_query('SELECT user_id, username, user_password, user_level, theme FROM ' . $user_prefix . "_users WHERE username='******' AND user_id>1"); if ($db->sql_numrows($result) < 1) { URL::redirect(URL::index('Your_Account&error=1&uname=' . urlencode(base64_encode($username))), true); } $setinfo = $db->sql_fetchrow($result, SQL_ASSOC); if ($setinfo['user_password'] != '' && $setinfo['user_level'] > 0) { $pass = md5($_POST['user_password']); if ($setinfo['user_password'] != $pass) { URL::redirect(URL::index('Your_Account&error=2'), true); } if ($sec_code & 2) { $gfxid = isset($_POST['gfxid']) ? $_POST['gfxid'] : 0; $code = $CPG_SESS['gfx'][$gfxid]; $gfx_check = isset($_POST['gfx_check']) ? $_POST['gfx_check'] : ''; if (strlen($gfx_check) < 2 || $code != $gfx_check) { URL::redirect(URL::index('Your_Account&error=2'), true); } } $db->sql_query('DELETE FROM ' . $prefix . "_session WHERE host_addr={$visitor_ip} AND guest=1"); unset($CPG_SESS['session_start']); $CPG_SESS['theme'] = $setinfo['theme']; return $this->setmemcookie($setinfo['user_id'], $pass, false); } else { if ($setinfo['user_level'] == 0) { URL::redirect(URL::index('Your_Account&profile=' . $setinfo['user_id'])); } else { if ($setinfo['user_level'] == -1) { URL::redirect(URL::index('Your_Account&profile=' . $setinfo['user_id'])); } } URL::redirect(URL::index('Your_Account&error=2'), true); } }
| http://www.dragonflycms.com | | Dragonfly is released under the terms and conditions of the GNU | | GPL version 2 or any later version | +-------------------------------------------------------------------+ */ if (!defined('ADMIN_PAGES')) { exit; } if (!can_admin('referers')) { die('Access Denied'); } $pagetitle .= ' ' . _BC_DELIM . ' ' . _HTTPREFERERS; global $bgcolor3, $db, $prefix; if (isset($_GET['del']) && $_GET['del'] == 'all') { $db->sql_query('DELETE FROM ' . $prefix . '_referer'); URL::redirect(URL::admin()); } else { require_once 'header.php'; GraphicAdmin('_AMENU6'); $result = $db->sql_query('SELECT url FROM ' . $prefix . '_referer'); $bgcolor = ''; if ($db->sql_numrows($result) > 0) { $cpgtpl->assign_vars(array('U_DELREFERERS' => URL::admin('&del=all'))); while (list($url) = $db->sql_fetchrow($result)) { $bgcolor = $bgcolor == '' ? ' style="background: ' . $bgcolor3 . '"' : ''; $cpgtpl->assign_block_vars('referer', array('URL' => $url, 'CLR' => $bgcolor)); } $cpgtpl->set_filenames(array('body' => 'admin/referers.html')); $cpgtpl->display('body'); $cpgtpl->__destruct(); } else {
$db->sql_query("UPDATE " . $dl_prefix . "_screenshots \n\t\t\t\tSET did={$next_id} \n\t\t\t\tWHERE did={$mng_id}"); if (can_admin($module_name)) { $time = time(); $time_year = generate_date($time, 'Y'); $time_month = generate_date($time, 'm'); $db->sql_query("INSERT INTO " . $dl_prefix . "_stats \n\t\t\t\t(id, year, month, hits, views) \n\t\t\t\tVALUES \n\t\t\t\t('{$next_id}', '{$time_year}', '{$time_month}', 0, 0)"); } if ($fields['version']) { $db->sql_query("INSERT INTO " . $dl_prefix . "_history \n\t\t\t\t(id, vers, author, date, comment) \n\t\t\t\tVALUES \n\t\t\t\t({$next_id}, '{$fields['version']}', '{$fields['submitter']}', " . time() . ", 'Initial Version')"); } if (!can_admin($module_name)) { $d_queue = $db->sql_count($dl_prefix . '_downloads', "lid!='{$next_id}' AND active=2"); cpg_error('Your download has been queued for review by an administrator<br /><br />At this time, we have <strong>' . $d_queue . '</strong> other downloads awaiting approval', _TB_INFO, URL::index('&file=manage&s=1', true, true)); } DL_Cat::count_dl(); URL::redirect(URL::index('&file=details&id=' . $next_id)); } } } $cats = array(); DL_Cat::list_all($cats); if (count($cats) < 1) { cpg_error('There are no categories in which you can add a download'); } if (can_admin($module_name) || $dl_config['user_catparent']) { $selects = DL_Cat::selectbox($in['cat'], 'in[cat]', false); } else { $selects = '<select class="set" name="in[cat]" id="in[cat]"> <option selected="selected" label="none" value="none">select a category</option>'; foreach ($cats as $cat) { if ($cat['level'] == 1) {
**********************************************/ if (!defined('CPG_NUKE')) { exit; } global $textcolor1, $textcolor2; if (isset($_GET['sid'])) { $sid = intval($_GET['sid']); } else { URL::redirect(URL::index()); } $result = $db->sql_query('SELECT s.*, c.title as cattitle, t.topicimage, t.topictext FROM ' . $prefix . '_stories s LEFT JOIN ' . $prefix . '_stories_cat c ON c.catid=s.catid LEFT JOIN ' . $prefix . '_topics t ON t.topicid=s.topic WHERE s.sid=' . $sid); if ($db->sql_numrows($result) != 1) { URL::redirect(URL::index()); } $story = $db->sql_fetchrow($result); $db->sql_freeresult($result); $db->sql_query('UPDATE ' . $prefix . '_stories SET counter=counter+1 WHERE sid=' . $sid); $pagetitle .= _NewsLANG . ' ' . _BC_DELIM . ' ' . $story['title']; require_once 'includes/nbbcode.php'; $datetime = formatDateTime($story['time'], _DATESTRING); $hometext = decode_bb_all($story['hometext'], 1, true); $bodytext = decode_bb_all($story['bodytext'], 1, true); $notes = decode_bb_all($story['notes'], 1, true); if ($story['catid'] > 0) { $story['title'] = '<a href="' . URL::index('&catid=' . $story['catid']) . '"><span class="storycat">' . $story['cattitle'] . '</span></a>: ' . $story['title']; }
/** * Edit topic * * @param mixed $topic_id * @param mixed $area_id */ public function _topic_edit($topic_id, $area_id = false) { $this->history = false; $errors = array(); $forum_topic = new Forum_Topic_Model((int) $topic_id); $forum_area = $forum_topic->loaded() ? $forum_topic->forum_area : new Forum_Area_Model((int) $area_id); if ($forum_topic->loaded()) { // Editing topic $editing = true; if (!$forum_topic->has_access(Forum_Topic_Model::ACCESS_EDIT)) { url::back('forum'); } } else { if ($forum_area->loaded()) { // New topic $editing = false; if (!$forum_area->has_access(Forum_Area_Model::ACCESS_WRITE)) { url::back('forum'); } } else { // New topic in unknown area $errors[] = __('Area :area or topic :topic not found', array(':area' => (int) $area_id, ':topic' => (int) $topic_id)); } } if (empty($errors)) { $forum_post = new Forum_Post_Model((int) $forum_topic->first_post_id); $form_errors = array(); $form_values_topic = $forum_topic->as_array(); $form_values_post = $forum_post->as_array(); $form_topics = false; // Bound area? if ($forum_area->is_type(Forum_Area_Model::TYPE_BIND)) { // Get bind config and load topics $bind = Forum_Area_Model::binds($forum_area->bind); if ($editing) { // Can't edit bound topic $form_topics = array($forum_topic->bind_id => $forum_topic->name); } else { // Try to load options from configured model try { $bind_topics = ORM::factory($bind['model'])->find_bind_topics($forum_area->bind); $form_topics = array(0 => __('Choose..')) + $bind_topics; } catch (Kohana_Exception $e) { $form_topics = array(); } } } // Admin actions if ($editing && $forum_topic->has_access(Forum_Topic_Model::ACCESS_DELETE)) { $this->page_actions[] = array('link' => url::model($forum_topic) . '/delete/?token=' . csrf::token(), 'text' => __('Delete topic'), 'class' => 'topic-delete'); } // Check post if ($post = $this->input->post()) { $post['forum_area_id'] = $forum_area->id; $topic = $post; if (isset($bind_topics)) { $topic['name'] = arr::get($bind_topics, (int) $topic['bind_id'], ''); } $post_extra = $topic_extra = array('author_id' => $this->user->id, 'author_name' => $this->user->username); if ($editing) { $post_extra['modifies'] = (int) $forum_post->modifies + 1; $post_extra['modified'] = date::unix2sql(time()); } $post_extra['author_ip'] = $this->input->ip_address(); $post_extra['author_host'] = $this->input->host_name(); // validate post first and save topic if ok if (csrf::valid() && $forum_post->validate($post, false, $post_extra) && $forum_topic->validate($topic, true, $topic_extra)) { // post $forum_post->forum_topic_id = $forum_topic->id; $forum_post->save(); if (!$editing) { // topic $forum_topic->first_post_id = $forum_post->id; $forum_topic->last_post_id = $forum_post->id; $forum_topic->last_poster = $this->user->username; $forum_topic->last_posted = date::unix2sql(time()); $forum_topic->posts = 1; $forum_topic->save(); // area $forum_area->last_topic_id = $forum_topic->id; $forum_area->posts += 1; $forum_area->topics += 1; $forum_area->save(); // user $this->user->posts += 1; $this->user->save(); // News feed newsfeeditem_forum::topic($this->user, $forum_topic); } // redirect back to topic URL::redirect(url::model($forum_topic)); } else { $form_errors = array_merge($post->errors(), is_object($topic) ? $topic->errors() : array()); } $form_values_topic = arr::overwrite($form_values_topic, is_object($topic) ? $topic->as_array() : $topic); $form_values_post = arr::overwrite($form_values_post, $post->as_array()); } } // Show form if (empty($errors)) { $this->breadcrumb[] = html::anchor(url::model($forum_area), text::title($forum_area->name)); $this->page_title = $editing ? text::title($forum_topic->name) : __('New topic'); $this->page_subtitle = __('Area :area', array(':area' => html::anchor(url::model($forum_area), text::title($forum_area->name), array('title' => strip_tags($forum_area->description))))); widget::add('head', html::script(array('js/jquery.markitup.pack', 'js/markitup.bbcode'))); widget::add('main', View_Mod::factory('forum/topic_edit', array('topic' => $form_values_topic, 'topics' => $form_topics, 'post' => $form_values_post, 'errors' => $form_errors))); } else { $this->_error(__('Error'), $errors); } $this->_side_views(); }
} else { list($pos) = $db->sql_ufetchrow("SELECT pos FROM " . $prefix . "_modules_cat \n\t\t\tORDER BY pos DESC", SQL_NUM); $pos = empty($pos) ? 0 : $pos + 1; $db->sql_query("INSERT INTO " . $prefix . "_modules_cat (name, image, pos, link, link_type) VALUES ('" . Fix_Quotes($_POST['catname']) . "', '{$_POST['catimage']}', '{$pos}', '{$_POST['catlink']}', '{$_POST['lnktype']}')"); } URL::redirect(URL::admin('cpgmm')); } elseif ($mode == 'delcat' && intval($_GET['cid']) > 0) { $cid = intval($_GET['cid']); $result = $db->sql_query("SELECT name FROM " . $prefix . "_modules_cat WHERE cid=" . $cid); if ($db->sql_numrows($result) > 0) { $cat = $db->sql_fetchrow($result); if (isset($_GET['ok'])) { $db->sql_query("UPDATE " . $prefix . "_modules_links SET cat_id=0 WHERE cat_id=" . $cid); $db->sql_query("UPDATE " . $prefix . "_modules SET cat_id=0 WHERE cat_id=" . $cid); $db->sql_query("DELETE FROM " . $prefix . "_modules_cat WHERE cid=" . $cid); URL::redirect(URL::admin('cpgmm')); } $cat['name'] = defined($cat['name']) ? constant($cat['name']) : $cat['name']; $pagetitle .= ' ' . _BC_DELIM . ' Delete Category: ' . $cat['name']; require 'header.php'; GraphicAdmin('_AMENU1'); OpenTable(); echo '<center>' . sprintf(_ERROR_DELETE_CONF, '<i>' . $cat['name'] . '</i>'); echo '<br /><br />[ <a href="' . URL::admin('cpgmm') . '">' . _NO . '</a> | <a href="' . URL::admin("cpgmm&cid={$cid}&mode=delcat&ok=1") . '">' . _YES . '</a> ]</center>'; CloseTable(); } else { cpg_error(_CPG_MMNOCAT); } } else { if (Security::check_post() && isset($_POST['updatecpgmm']) && intval($_POST['id']) && intval($_POST['parent']) && intval($_POST['pos'])) { $cats = -1;
if ($search_id == 'newposts' || $search_id == 'egosearch' || $search_author != '' && $search_keywords == '') { if ($search_id == 'newposts') { if (is_user()) { $sql = "SELECT post_id FROM " . POSTS_TABLE . " WHERE post_time >= " . $userdata['user_lastvisit']; } else { URL::redirect(URL::index('Your_Account'), true); } $show_results = 'topics'; $sort_by = 0; $sort_dir = 'DESC'; } else { if ($search_id == 'egosearch') { if (is_user()) { $sql = "SELECT post_id FROM " . POSTS_TABLE . " WHERE poster_id = " . $userdata['user_id']; } else { URL::redirect(URL::index('Your_Account'), true); } $show_results = 'topics'; $sort_by = 0; $sort_dir = 'DESC'; } else { if (preg_match('#^[\\*%]+$#', trim($search_author)) || preg_match('#^[^\\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author)))) { $search_author = ''; } $search_author = str_replace('*', '%', trim($search_author)); $sql = "SELECT user_id FROM " . USERS_TABLE . "\n\t\t\t\t\tWHERE username LIKE '" . Fix_Quotes($search_author) . "'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, "Couldn't obtain list of matching users (searching for: {$search_author})", "", __LINE__, __FILE__, $sql); } $matching_userids = ''; if ($row = $db->sql_fetchrow($result)) {
public function orderingAction() { $this->_model->ordering($this->_arrParam); URL::redirect('admin', 'user', 'index'); }
<?php # register.php # 1. logic if (Input::posted()) { $user = new User(); $user->fill(Input::all()); $user->password = password_hash($user->password, PASSWORD_DEFAULT); $user->save(); Auth::log_in($user->id); URL::redirect('home'); } # 2. views include VIEWS . 'header.php'; include VIEWS . 'register.php'; include VIEWS . 'footer.php';
} if (!isset($rated)) { $rated = _THANKSVOTEARTICLE; $rcookie[] = $sid; $db->sql_query("UPDATE " . $prefix . "_stories SET score=score+{$score}, ratings=ratings+1 WHERE sid={$sid}"); $info = base64_encode(implode(':', $rcookie)); setcookie('ratecookie', $info, time() + 3600, $MAIN_CFG['cookie']['path']); } cpg_error($rated, _ARTICLERATING, URL::index('News&file=article&sid=' . $sid)); } else { cpg_error(_DIDNTRATE, _ARTICLERATING); } } $sid = isset($_POST['sid']) ? intval($_POST['sid']) : (isset($_GET['sid']) ? intval($_GET['sid']) : 0); if ((isset($_POST['postreply']) || isset($_POST['preview']) || isset($_GET['reply']) || isset($_GET['comment'])) && (!$MAIN_CFG['global']['articlecomm'] || $db->sql_count($prefix . '_stories', "sid={$sid} AND acomm=0"))) { URL::redirect(URL::index('&file=article&sid=' . $sid)); } require_once "modules/{$module_name}/comments.php"; if (isset($_POST['postreply'])) { replyPost($sid); // store the reply } else { if (isset($_GET['reply'])) { reply($sid); // reply to comment } elseif (isset($_POST['preview'])) { replyPreview($sid); // Preview the reply before storage } else { if (isset($_GET['comment'])) { // Show comment X
public function orderingAction() { $this->_model->ordering($this->_arrParam); URL::redirect(URL::createLink('admin', 'group', 'index')); }
if (!isset($groups)) { global $db, $prefix; $groups = array(0 => _NL_ALLUSERS, 1 => _SUBSCRIBEDUSERS, 2 => _NL_ADMINS); $groupsResult = $db->sql_query("SELECT group_id, group_name FROM " . $prefix . "_bbgroups WHERE group_single_user=0"); while (list($groupID, $groupName) = $db->sql_fetchrow($groupsResult)) { $groups[$groupID + 2] = $groupName; } } $tmpgroups = $groups; return select_box($fieldname, $current, $tmpgroups); } $subject = isset($_POST['subject']) ? $_POST['subject'] : ''; $content = isset($_POST['content']) ? $_POST['content'] : ''; $group = isset($_POST['group']) ? intval($_POST['group']) : 1; if (isset($_POST['discard'])) { URL::redirect(URL::admin('newsletter')); } elseif (isset($_POST['send'])) { $subject = $_POST['subject']; $n_group = intval($_POST['n_group']); if (empty($subject)) { cpg_error(sprintf(_ERROR_NOT_SET, _SUBJECT)); } if (empty($content)) { cpg_error(sprintf(_ERROR_NOT_SET, _CONTENT)); } ignore_user_abort(true); if ($n_group == 0) { $query = 'SELECT username, user_email FROM ' . $user_prefix . '_users WHERE user_level > 0 AND user_id > 1'; $count = $db->sql_count($user_prefix . '_users WHERE user_level > 0 AND user_id > 1'); } elseif ($n_group == 2) { $query = 'SELECT aid, email FROM ' . $prefix . '_admins';