static function page_bottom($theme)
{
$u_o = 1;
if ($theme->item->owner_id != identity::active_user()->id && identity::active_user()->admin == 0) {
$u_o = 0;
}
if ($u_o == 0 || $u_o == 1 && module::get_var("google_analytics", "owneradmin_hidden") == 0) {
$google_code = '
<!-- Begin Google Analytics -->
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(["_setAccount", "' . module::get_var("google_analytics", "code") . '"]);
_gaq.push(["_trackPageview"]);
(function() {
var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true;
ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";
var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
<!-- End Google Analytics -->';
return $google_code;
}
}
static function required($perm_name, $item)
{
// Original code from the required function in modules/gallery/helpers/access.php.
if (!access::can($perm_name, $item)) {
if ($perm_name == "view") {
// Treat as if the item didn't exist, don't leak any information.
throw new Kohana_404_Exception();
} else {
access::forbidden();
}
// Begin rWatcher modifications.
// Throw a 404 error when a user attempts to access a protected item,
// unless the password has been provided, or the user is the item's owner.
} elseif (module::get_var("albumpassword", "hideonly") == false) {
$item_protected = ORM::factory("albumpassword_idcache")->where("item_id", "=", $item->id)->order_by("cache_id")->find_all();
if (count($item_protected) > 0) {
$existing_password = ORM::factory("items_albumpassword")->where("id", "=", $item_protected[0]->password_id)->find();
if ($existing_password->loaded()) {
if (cookie::get("g3_albumpassword") != $existing_password->password && identity::active_user()->id != $item->owner_id && !identity::active_user()->admin) {
throw new Kohana_404_Exception();
}
}
}
}
}
static function get_email_form($user_id, $item_id = null)
{
// Determine name of the person the message is going to.
$str_to_name = "";
if ($user_id == -1) {
$str_to_name = module::get_var("contactowner", "contact_owner_name");
} else {
// Locate the record for the user specified by $user_id,
// use this to determine the user's name.
$userDetails = ORM::factory("user")->where("id", "=", $user_id)->find_all();
$str_to_name = $userDetails[0]->name;
}
// If item_id is set, include a link to the item.
$email_body = "";
if (!empty($item_id)) {
$item = ORM::factory("item", $item_id);
$email_body = "This message refers to <a href=\"" . url::abs_site("{$item->type}s/{$item->id}") . "\">this page</a>.";
}
// Make a new form with a couple of text boxes.
$form = new Forge("contactowner/sendemail/{$user_id}", "", "post", array("id" => "g-contact-owner-send-form"));
$sendmail_fields = $form->group("contactOwner");
$sendmail_fields->input("email_to")->label(t("To:"))->value($str_to_name)->id("g-contactowner-to-name");
$sendmail_fields->input("email_from")->label(t("From:"))->value(identity::active_user()->email)->id("g-contactowner-from-email")->rules('required|valid_email')->error_messages("required", t("You must enter a valid email address"))->error_messages("valid_email", t("You must enter a valid email address"))->error_messages("invalid", t("You must enter a valid email address"));
$sendmail_fields->input("email_subject")->label(t("Subject:"))->value("")->id("g-contactowner-subject")->rules('required')->error_messages("required", t("You must enter a subject"));
$sendmail_fields->textarea("email_body")->label(t("Message:"))->value($email_body)->id("g-contactowner-email-body")->rules('required')->error_messages("required", t("You must enter a message"));
// Add a captcha, if there's an active captcha module.
module::event("captcha_protect_form", $form);
// Add a save button to the form.
$sendmail_fields->submit("SendMessage")->value(t("Send"));
return $form;
}
public function change()
{
access::verify_csrf();
$active_provider = module::get_var("gallery", "identity_provider", "user");
$providers = identity::providers();
$new_provider = Input::instance()->post("provider");
if ($new_provider != $active_provider) {
module::deactivate($active_provider);
// Switch authentication
identity::reset();
module::set_var("gallery", "identity_provider", $new_provider);
module::install($new_provider);
module::activate($new_provider);
module::event("identity_provider_changed", $active_provider, $new_provider);
module::uninstall($active_provider);
message::success(t("Changed to %description", array("description" => $providers->{$new_provider})));
try {
Session::instance()->destroy();
} catch (Exception $e) {
// We don't care if there was a problem destroying the session.
}
url::redirect(item::root()->abs_url());
}
message::info(t("The selected provider \"%description\" is already active.", array("description" => $providers->{$new_provider})));
url::redirect("admin/identity");
}
static function get($block_id, $theme)
{
if (identity::active_user()->guest) {
return;
}
$block = "";
switch ($block_id) {
case "untagged_photo":
$attempts = 0;
do {
$item = item::random_query()->join("items_tags", "items.id", "items_tags.item_id", "left")->where("items.type", "!=", "album")->where("items_tags.item_id", "IS", null)->find_all(1)->current();
} while (!$item && $attempts++ < 3);
if ($item && $item->loaded()) {
$block = new Block();
$block->css_id = "g-tag-it-block";
$block->title = t("Tag it");
$block->content = new View("tag_it_block.html");
$block->content->item = $item;
$form = new Forge("tags/create/{$item->id}", "", "post", array("id" => "g-tag-it-add-tag-form", "class" => "g-short-form"));
$label = $item->is_album() ? t("Add tag to album") : ($item->is_photo() ? t("Add tag to photo") : t("Add tag to movie"));
$group = $form->group("add_tag")->label("Add Tag");
$group->input("name")->label($label)->rules("required")->id("name");
$group->hidden("item_id")->value($item->id);
$group->submit("")->value(t("Add Tag"));
$block->content->form = $form;
}
break;
}
return $block;
}
static function user_menu($menu, $theme)
{
$user = identity::active_user();
if ($user->guest) {
$menu->append(Menu::factory("dialog")->id("user_menu_register")->css_id("g-register-menu")->url(url::site("register"))->label(t("Register")));
}
}
/**
* Shows a themed error page.
* @see Kohana_Exception::handle
*/
private static function _show_themed_error_page(Exception $e)
{
// Create a text version of the exception
$error = Kohana_Exception::text($e);
// Add this exception to the log
Kohana_Log::add('error', $error);
// Manually save logs after exceptions
Kohana_Log::save();
if (!headers_sent()) {
if ($e instanceof Kohana_Exception) {
$e->sendHeaders();
} else {
header("HTTP/1.1 500 Internal Server Error");
}
}
$view = new Theme_View("page.html", "other", "error");
if ($e instanceof Kohana_404_Exception) {
$view->page_title = t("Dang... Page not found!");
$view->content = new View("error_404.html");
$user = identity::active_user();
$view->content->is_guest = $user && $user->guest;
if ($view->content->is_guest) {
$view->content->login_form = new View("login_ajax.html");
$view->content->login_form->form = auth::get_login_form("login/auth_html");
// Avoid anti-phishing protection by passing the url as session variable.
Session::instance()->set("continue_url", url::current(true));
}
} else {
$view->page_title = t("Dang... Something went wrong!");
$view->content = new View("error.html");
}
print $view;
}
public function create_comment_for_user_test()
{
$rand = rand();
$root = ORM::factory("item", 1);
$admin = identity::admin_user();
$comment = comment::create($root, $admin, "text_{$rand}", "name_{$rand}", "email_{$rand}", "url_{$rand}");
$this->assert_equal($admin->full_name, $comment->author_name());
$this->assert_equal($admin->email, $comment->author_email());
$this->assert_equal($admin->url, $comment->author_url());
$this->assert_equal("text_{$rand}", $comment->text);
$this->assert_equal(1, $comment->item_id);
$this->assert_equal("REMOTE_ADDR", $comment->server_remote_addr);
$this->assert_equal("HTTP_USER_AGENT", $comment->server_http_user_agent);
$this->assert_equal("HTTP_ACCEPT", $comment->server_http_accept);
$this->assert_equal("HTTP_ACCEPT_CHARSET", $comment->server_http_accept_charset);
$this->assert_equal("HTTP_ACCEPT_ENCODING", $comment->server_http_accept_encoding);
$this->assert_equal("HTTP_ACCEPT_LANGUAGE", $comment->server_http_accept_language);
$this->assert_equal("HTTP_CONNECTION", $comment->server_http_connection);
$this->assert_equal("HTTP_HOST", $comment->server_http_host);
$this->assert_equal("HTTP_REFERER", $comment->server_http_referer);
$this->assert_equal("HTTP_USER_AGENT", $comment->server_http_user_agent);
$this->assert_equal("QUERY_STRING", $comment->server_query_string);
$this->assert_equal("REMOTE_ADDR", $comment->server_remote_addr);
$this->assert_equal("REMOTE_HOST", $comment->server_remote_host);
$this->assert_equal("REMOTE_PORT", $comment->server_remote_port);
$this->assert_true(!empty($comment->created));
}
/**
* Create an album for the newly created user and give him view and edit permissions.
*/
static function user_created($user)
{
// Create a group with the same name, if necessary
$group_name = "auto: {$user->name}";
$group = identity::lookup_group_by_name($group_name);
if (!$group) {
$group = identity::create_group($group_name);
identity::add_user_to_group($user, $group);
}
// Create an album for the user, if it doesn't exist
$album = ORM::factory("item")->where("parent_id", "=", item::root()->id)->where("name", "=", $user->name)->find();
if (!$album->loaded()) {
$album->type = "album";
$album->name = $user->name;
$album->title = "{$user->name}'s album";
$album->parent_id = item::root()->id;
$album->sort_column = "weight";
$album->sort_order = "asc";
$album->save();
access::allow($group, "view", item::root());
access::allow($group, "view_full", $album);
access::allow($group, "edit", $album);
access::allow($group, "add", $album);
}
}
public function __construct($theme = null)
{
if (!identity::active_user()->admin) {
access::forbidden();
}
parent::__construct();
}
static function head($theme)
{
if (identity::active_user()->admin) {
$theme->css("server_add.css");
$theme->script("server_add.js");
}
}
public function upgrade()
{
if (php_sapi_name() == "cli") {
// @todo this may screw up some module installers, but we don't have a better answer at
// this time.
$_SERVER["HTTP_HOST"] = "example.com";
} else {
if (!identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) {
access::forbidden();
}
}
$available = module::available();
// Upgrade gallery first
$gallery = $available["gallery"];
if ($gallery->code_version != $gallery->version) {
module::upgrade("gallery");
module::activate("gallery");
}
// Then upgrade the rest
foreach (module::available() as $id => $module) {
if ($id == "gallery") {
continue;
}
if ($module->active && $module->code_version != $module->version) {
module::upgrade($id);
}
}
if (php_sapi_name() == "cli") {
print "Upgrade complete\n";
} else {
url::redirect("upgrader");
}
}
/**
* Load the active theme. This is called at bootstrap time. We will only ever have one theme
* active for any given request.
*/
static function load_themes()
{
$input = Input::instance();
$path = $input->server("PATH_INFO");
if (empty($path)) {
$path = "/" . $input->get("kohana_uri");
}
$config = Kohana_Config::instance();
$modules = $config->get("core.modules");
self::$is_admin = $path == "/admin" || !strncmp($path, "/admin/", 7);
self::$site_theme_name = module::get_var("gallery", "active_site_theme");
if (self::$is_admin) {
// Load the admin theme
self::$admin_theme_name = module::get_var("gallery", "active_admin_theme");
array_unshift($modules, THEMEPATH . self::$admin_theme_name);
// If the site theme has an admin subdir, load that as a module so that
// themes can provide their own code.
if (file_exists(THEMEPATH . self::$site_theme_name . "/admin")) {
array_unshift($modules, THEMEPATH . self::$site_theme_name . "/admin");
}
} else {
// Admins can override the site theme, temporarily. This lets us preview themes.
if (identity::active_user()->admin && ($override = $input->get("theme"))) {
if (file_exists(THEMEPATH . $override)) {
self::$site_theme_name = $override;
} else {
Kohana_Log::add("error", "Missing override theme: '{$override}'");
}
}
array_unshift($modules, THEMEPATH . self::$site_theme_name);
}
$config->set("core.modules", $modules);
}
public function emailid($user_id)
{
// Display a form that a vistor can use to contact a registered user.
// If this page is disabled, show a 404 error.
if (module::get_var("contactowner", "contact_user_link") != true) {
throw new Kohana_404_Exception();
}
// Locate the record for the user specified by $user_id,
// use this to determine the user's name.
$userDetails = ORM::factory("user")->where("id", "=", $user_id)->find_all();
// Make a new form with a couple of text boxes.
$form = new Forge("contactowner/sendemail", "", "post", array("id" => "g-contact-owner-send-form"));
$sendmail_fields = $form->group("contactOwner");
$sendmail_fields->input("email_to")->label(t("To:"))->value($userDetails[0]->name);
$sendmail_fields->input("email_from")->label(t("From:"))->value(identity::active_user()->email);
$sendmail_fields->input("email_subject")->label(t("Subject:"))->value("");
$sendmail_fields->textarea("email_body")->label(t("Message:"))->value("");
$sendmail_fields->hidden("email_to_id")->value($user_id);
// Add a save button to the form.
$sendmail_fields->submit("SendMessage")->value(t("Send"));
// Set up and display the actual page.
$template = new Theme_View("page.html", "other", "Contact");
$template->content = new View("contactowner_emailform.html");
$template->content->sendmail_form = $form;
print $template;
}
static function context_menu($menu, $theme, $item)
{
$link = ORM::factory("bitly_link")->where("item_id", "=", $item->id)->find();
if (!$link->loaded() && $theme->item->owner->id == identity::active_user()->id) {
$menu->get("options_menu")->append(Menu::factory("link")->id("bitly")->label(t("Shorten link with bit.ly"))->url(url::site("bitly/shorten/{$item->id}?csrf={$theme->csrf}"))->css_class("g-bitly-shorten ui-icon-link"));
}
}
static function site_menu($menu, $theme)
{
if (identity::active_user()->guest && module::get_var("registration", "policy") != "admin_only") {
$menu->append(Menu::factory("dialog")->id("register_users")->label(t("Register"))->url(url::site("register")));
}
return $menu;
}
public function upgrade()
{
if (php_sapi_name() == "cli") {
// @todo this may screw up some module installers, but we don't have a better answer at
// this time.
$_SERVER["HTTP_HOST"] = "example.com";
} else {
if (!identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) {
access::forbidden();
}
try {
access::verify_csrf();
} catch (Exception $e) {
url::redirect("upgrader");
}
}
$available = module::available();
// Upgrade gallery first
$gallery = $available["gallery"];
if ($gallery->code_version != $gallery->version) {
module::upgrade("gallery");
module::activate("gallery");
}
// Then upgrade the rest
$failed = array();
foreach (module::available() as $id => $module) {
if ($id == "gallery") {
continue;
}
if ($module->active && $module->code_version != $module->version) {
try {
module::upgrade($id);
} catch (Exception $e) {
// @todo assume it's MODULE_FAILED_TO_UPGRADE for now
$failed[] = $id;
}
}
}
// If the upgrade failed, this will get recreated
site_status::clear("upgrade_now");
// Clear any upgrade check strings, we are probably up to date.
site_status::clear("upgrade_checker");
if (php_sapi_name() == "cli") {
if ($failed) {
print "Upgrade completed ** WITH FAILURES **\n";
print "The following modules were not successfully upgraded:\n";
print " " . implode($failed, "\n ") . "\n";
print "Try getting newer versions or deactivating those modules\n";
} else {
print "Upgrade complete\n";
}
} else {
if ($failed) {
url::redirect("upgrader?failed=" . join(",", $failed));
} else {
url::redirect("upgrader");
}
}
}
function is_admin()
{
if (identity::active_user()->admin) {
print json_encode(array("result" => "success", "csrf" => access::csrf_token()));
return;
}
print json_encode(array("result" => "failure"));
}
static function site_menu($menu, $theme)
{
$item = $theme->item();
$user = identity::active_user();
if ($item && ($item->is_photo() || $item->is_movie()) && $user->admin) {
$menu->get("options_menu")->append(Menu::factory("link")->id("ratingsclear")->label(t("Clear all ratings/votes"))->url(url::site("ratings/clear/{$theme->item->id}"))->css_class("g-dialog-link")->css_id("g-ratings"));
}
}
static function album_menu($menu, $theme)
{
// Make sure the user can view maps before displaying one.
if (module::get_var("tagsmap", "restrict_maps") == true && identity::active_user()->guest) {
return;
}
$menu->append(Menu::factory("link")->id("tagsmap")->label(t("View Map"))->url(url::site("tagsmap/googlemap/"))->css_id("g-tagsmap-link"));
}
function is_admin()
{
if (identity::active_user()->admin) {
json::reply(array("result" => "success", "csrf" => access::csrf_token()));
return;
}
json::reply(array("result" => "failure"));
}
static function site_menu($menu, $theme)
{
$item = $theme->item();
$paths = unserialize(module::get_var("server_add", "authorized_paths"));
if ($item && identity::active_user()->admin && $item->is_album() && !empty($paths) && is_writable($item->is_album() ? $item->file_path() : $item->parent()->file_path())) {
$menu->get("add_menu")->append(Menu::factory("dialog")->id("server_add")->label(t("Server add"))->url(url::site("server_add/browse/{$item->id}")));
}
}
private function _get_form($item)
{
$view = new View("permissions_form.html");
$view->item = $item;
$view->groups = identity::groups();
$view->permissions = ORM::factory("permission")->find_all();
return $view;
}
public function deleting_an_item_deletes_its_comments_too_test()
{
$rand = rand();
$album = album::create(ORM::factory("item", 1), "test_{$rand}", "test_{$rand}");
$comment = comment::create($album, identity::guest(), "text_{$rand}", "name_{$rand}", "email_{$rand}", "url_{$rand}");
$album->delete();
$deleted_comment = ORM::factory("comment", $comment->id);
$this->assert_false($deleted_comment->loaded);
}
private static function _show_form($form)
{
$view = new Theme_View("page.html", "other", "reauthenticate");
$view->page_title = t("Re-authenticate");
$view->content = new View("reauthenticate.html");
$view->content->form = $form;
$view->content->user_name = identity::active_user()->name;
print $view;
}
/**
* Load the active theme. This is called at bootstrap time. We will only ever have one theme
* active for any given request.
*/
static function load_themes()
{
$input = Input::instance();
$path = $input->server("PATH_INFO");
if (empty($path)) {
$path = "/" . $input->get("kohana_uri");
}
$config = Kohana_Config::instance();
$modules = $config->get("core.modules");
// Normally Router::find_uri() strips off the url suffix for us, but we're working off of the
// PATH_INFO here so we need to strip it off manually
if ($suffix = Kohana::config("core.url_suffix")) {
$path = preg_replace("#" . preg_quote($suffix) . "\$#u", "", $path);
}
self::$is_admin = $path == "/admin" || !strncmp($path, "/admin/", 7);
self::$site_theme_name = module::get_var("gallery", "active_site_theme");
// If the site theme doesn't exist, fall back to wind.
if (!file_exists(THEMEPATH . self::$site_theme_name . "/theme.info")) {
site_status::error(t("Theme '%name' is missing. Falling back to the Wind theme.", array("name" => self::$site_theme_name)), "missing_site_theme");
module::set_var("gallery", "active_site_theme", self::$site_theme_name = "wind");
}
if (self::$is_admin) {
// Load the admin theme
self::$admin_theme_name = module::get_var("gallery", "active_admin_theme");
// If the admin theme doesn't exist, fall back to admin_wind.
if (!file_exists(THEMEPATH . self::$admin_theme_name . "/theme.info")) {
site_status::error(t("Admin theme '%name' is missing! Falling back to the Wind theme.", array("name" => self::$admin_theme_name)), "missing_admin_theme");
module::set_var("gallery", "active_admin_theme", self::$admin_theme_name = "admin_wind");
}
array_unshift($modules, THEMEPATH . self::$admin_theme_name);
// If the site theme has an admin subdir, load that as a module so that
// themes can provide their own code.
if (file_exists(THEMEPATH . self::$site_theme_name . "/admin")) {
array_unshift($modules, THEMEPATH . self::$site_theme_name . "/admin");
}
// Admins can override the site theme, temporarily. This lets us preview themes.
if (identity::active_user()->admin && ($override = $input->get("theme"))) {
if (file_exists(THEMEPATH . $override)) {
self::$admin_theme_name = $override;
array_unshift($modules, THEMEPATH . self::$admin_theme_name);
} else {
Kohana_Log::add("error", "Missing override admin theme: '{$override}'");
}
}
} else {
// Admins can override the site theme, temporarily. This lets us preview themes.
if (identity::active_user()->admin && ($override = $input->get("theme"))) {
if (file_exists(THEMEPATH . $override)) {
self::$site_theme_name = $override;
} else {
Kohana_Log::add("error", "Missing override site theme: '{$override}'");
}
}
array_unshift($modules, THEMEPATH . self::$site_theme_name);
}
$config->set("core.modules", $modules);
}
/**
* If Gallery is in maintenance mode, then force all non-admins to get routed to a "This site is
* down for maintenance" page.
*/
static function maintenance_mode()
{
$maintenance_mode = Kohana::config("core.maintenance_mode", false, false);
if (Router::$controller != "login" && !empty($maintenance_mode) && !identity::active_user()->admin) {
Router::$controller = "maintenance";
Router::$controller_path = MODPATH . "gallery/controllers/maintenance.php";
Router::$method = "index";
}
}
static function delete($request)
{
if (!identity::active_user()->admin) {
access::forbidden();
}
$comment = rest::resolve($request->url);
access::required("edit", $comment->item());
$comment->delete();
}
public function index()
{
if (!identity::active_user()->admin) {
url::redirect(item::root()->abs_url());
}
$v = new View("welcome_message.html");
$v->user = identity::active_user();
print $v;
}
/**
* remove the default login link and use our own
*/
static function user_menu($menu, $theme)
{
$user = identity::active_user();
if ($user->guest) {
// disable the default login
$menu->remove('user_menu_login');
// add ours
$menu->append(Menu::factory("dialog")->id("user_menu_pam")->css_id("g-pam-menu")->url(url::site("pam/ajax"))->label(t("Login")));
}
}
