private function _send_reset($form)
{
$user_name = $form->reset->inputs["name"]->value;
$user = user::lookup_by_name($user_name);
if ($user && !empty($user->email)) {
$user->hash = random::hash();
$user->save();
$message = new View("reset_password.html");
$message->confirm_url = url::abs_site("password/do_reset?key={$user->hash}");
$message->user = $user;
Sendmail::factory()->to($user->email)->subject(t("Password Reset Request"))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=UTF-8")->message($message->render())->send();
log::success("user", t("Password reset email sent for user %name", array("name" => $user->name)));
} else {
if (!$user) {
// Don't include the username here until you're sure that it's XSS safe
log::warning("user", t("Password reset email requested for user %user_name, which does not exist.", array("user_name" => $user_name)));
} else {
log::warning("user", t("Password reset failed for %user_name (has no email address on record).", array("user_name" => $user->name)));
}
}
// Always pretend that an email has been sent to avoid leaking
// information on what user names are actually real.
message::success(t("Password reset email sent"));
json::reply(array("result" => "success"));
}
/**
* @see REST_Controller::_update($resource)
*/
public function _update($photo)
{
access::verify_csrf();
access::required("view", $photo);
access::required("edit", $photo);
$form = photo::get_edit_form($photo);
$valid = $form->validate();
if ($valid = $form->validate()) {
if ($form->edit_item->filename->value != $photo->name || $form->edit_item->slug->value != $photo->slug) {
// Make sure that there's not a name or slug conflict
if ($row = Database::instance()->select(array("name", "slug"))->from("items")->where("parent_id", $photo->parent_id)->where("id <>", $photo->id)->open_paren()->where("name", $form->edit_item->filename->value)->orwhere("slug", $form->edit_item->slug->value)->close_paren()->get()->current()) {
if ($row->name == $form->edit_item->filename->value) {
$form->edit_item->filename->add_error("name_conflict", 1);
}
if ($row->slug == $form->edit_item->slug->value) {
$form->edit_item->slug->add_error("slug_conflict", 1);
}
$valid = false;
}
}
}
if ($valid) {
$photo->title = $form->edit_item->title->value;
$photo->description = $form->edit_item->description->value;
$photo->slug = $form->edit_item->slug->value;
$photo->rename($form->edit_item->filename->value);
$photo->save();
module::event("item_edit_form_completed", $photo, $form);
log::success("content", "Updated photo", "<a href=\"{$photo->url()}\">view</a>");
message::success(t("Saved photo %photo_title", array("photo_title" => html::purify($photo->title))));
print json_encode(array("result" => "success"));
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
}
private function _send_reset()
{
$form = $this->_reset_form();
$valid = $form->validate();
if ($valid) {
$user = user::lookup_by_name($form->reset->inputs["name"]->value);
if (!$user->loaded || empty($user->email)) {
$form->reset->inputs["name"]->add_error("no_email", 1);
$valid = false;
}
}
if ($valid) {
$user->hash = md5(rand());
$user->save();
$message = new View("reset_password.html");
$message->confirm_url = url::abs_site("password/do_reset?key={$user->hash}");
$message->user = $user;
Sendmail::factory()->to($user->email)->subject(t("Password Reset Request"))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=iso-8859-1")->message($message->render())->send();
log::success("user", t("Password reset email sent for user %name", array("name" => $user->name)));
} else {
// Don't include the username here until you're sure that it's XSS safe
log::warning("user", "Password reset email requested for bogus user");
}
message::success(t("Password reset email sent"));
print json_encode(array("result" => "success"));
}
public function add_photo($id)
{
$album = ORM::factory("item", $id);
access::required("view", $album);
access::required("add", $album);
access::verify_csrf();
$file_validation = new Validation($_FILES);
$file_validation->add_rules("Filedata", "upload::valid", "upload::type[gif,jpg,png,flv,mp4]");
if ($file_validation->validate()) {
// SimpleUploader.swf does not yet call /start directly, so simulate it here for now.
if (!batch::in_progress()) {
batch::start();
}
$temp_filename = upload::save("Filedata");
try {
$name = substr(basename($temp_filename), 10);
// Skip unique identifier Kohana adds
$title = item::convert_filename_to_title($name);
$path_info = pathinfo($temp_filename);
if (array_key_exists("extension", $path_info) && in_array(strtolower($path_info["extension"]), array("flv", "mp4"))) {
$movie = movie::create($album, $temp_filename, $name, $title);
log::success("content", t("Added a movie"), html::anchor("movies/{$movie->id}", t("view movie")));
} else {
$photo = photo::create($album, $temp_filename, $name, $title);
log::success("content", t("Added a photo"), html::anchor("photos/{$photo->id}", t("view photo")));
}
} catch (Exception $e) {
unlink($temp_filename);
throw $e;
}
unlink($temp_filename);
}
print "File Received";
}
/**
* @see REST_Controller::_update($resource)
*/
public function _update($photo)
{
access::verify_csrf();
access::required("view", $photo);
access::required("edit", $photo);
$form = photo::get_edit_form($photo);
if ($valid = $form->validate()) {
if ($form->edit_photo->filename->value != $photo->name) {
// Make sure that there's not a conflict
if (Database::instance()->from("items")->where("parent_id", $photo->parent_id)->where("id <>", $photo->id)->where("name", $form->edit_photo->filename->value)->count_records()) {
$form->edit_photo->filename->add_error("conflict", 1);
$valid = false;
}
}
}
if ($valid) {
$photo->title = $form->edit_photo->title->value;
$photo->description = $form->edit_photo->description->value;
$photo->rename($form->edit_photo->filename->value);
$photo->save();
module::event("photo_edit_form_completed", $photo, $form);
log::success("content", "Updated photo", "<a href=\"photos/{$photo->id}\">view</a>");
message::success(t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title))));
print json_encode(array("result" => "success", "location" => url::site("photos/{$photo->id}")));
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
}
private function _save_api_key($form)
{
$new_key = $form->sharing->api_key->value;
if ($new_key && !l10n_client::validate_api_key($new_key)) {
$form->sharing->api_key->add_error("invalid", 1);
$valid = false;
} else {
$valid = true;
}
if ($valid) {
$old_key = l10n_client::api_key();
l10n_client::api_key($new_key);
if ($old_key && !$new_key) {
message::success(t("Your API key has been cleared."));
} else {
if ($old_key && $new_key && $old_key != $new_key) {
message::success(t("Your API key has been changed."));
} else {
if (!$old_key && $new_key) {
message::success(t("Your API key has been saved."));
}
}
}
log::success(t("gallery"), t("l10n_client API key changed."));
url::redirect("admin/languages");
} else {
// Show the page with form errors
$this->index($form);
}
}
public function add_photo($id)
{
$album = ORM::factory("item", $id);
access::required("view", $album);
access::required("add", $album);
access::verify_csrf();
// The Flash uploader not call /start directly, so simulate it here for now.
if (!batch::in_progress()) {
batch::start();
}
$form = $this->_get_add_form($album);
// Uploadify adds its own field to the form, so validate that separately.
$file_validation = new Validation($_FILES);
$file_validation->add_rules("Filedata", "upload::valid", "upload::required", "upload::type[" . implode(",", legal_file::get_extensions()) . "]");
if ($form->validate() && $file_validation->validate()) {
$temp_filename = upload::save("Filedata");
Event::add("system.shutdown", create_function("", "unlink(\"{$temp_filename}\");"));
try {
$item = ORM::factory("item");
$item->name = substr(basename($temp_filename), 10);
// Skip unique identifier Kohana adds
$item->title = item::convert_filename_to_title($item->name);
$item->parent_id = $album->id;
$item->set_data_file($temp_filename);
// Remove double extensions from the filename - they'll be disallowed in the model but if
// we don't do it here then it'll result in a failed upload.
$item->name = legal_file::smash_extensions($item->name);
$path_info = @pathinfo($temp_filename);
if (array_key_exists("extension", $path_info) && in_array(strtolower($path_info["extension"]), legal_file::get_movie_extensions())) {
$item->type = "movie";
$item->save();
log::success("content", t("Added a movie"), html::anchor("movies/{$item->id}", t("view movie")));
} else {
$item->type = "photo";
$item->save();
log::success("content", t("Added a photo"), html::anchor("photos/{$item->id}", t("view photo")));
}
module::event("add_photos_form_completed", $item, $form);
} catch (Exception $e) {
// The Flash uploader has no good way of reporting complex errors, so just keep it simple.
Kohana_Log::add("error", $e->getMessage() . "\n" . $e->getTraceAsString());
// Ugh. I hate to use instanceof, But this beats catching the exception separately since
// we mostly want to treat it the same way as all other exceptions
if ($e instanceof ORM_Validation_Exception) {
Kohana_Log::add("error", "Validation errors: " . print_r($e->validation->errors(), 1));
}
header("HTTP/1.1 500 Internal Server Error");
print "ERROR: " . $e->getMessage();
return;
}
print "FILEID: {$item->id}";
} else {
header("HTTP/1.1 400 Bad Request");
print "ERROR: " . t("Invalid upload");
}
}
static function install()
{
$db = Database::instance();
$db->query("CREATE TABLE IF NOT EXISTS {emboss_overlays} (\n `id` int(9) NOT NULL auto_increment,\n `active` tinyint(4) NOT NULL DEFAULT 1,\n `name` varchar(64) NOT NULL,\n `width` int(9) NOT NULL,\n `height` int(9) NOT NULL,\n PRIMARY KEY (`id`),\n UNIQUE KEY(`name`))");
$db->query("CREATE TABLE IF NOT EXISTS {emboss_mappings} (\n `id` int(9) NOT NULL auto_increment,\n `image_id` int(9) NOT NULL,\n `best_overlay_id` int(9) NOT NULL,\n `cur_overlay_id` int(9),\n `cur_gravity` varchar(16),\n `cur_transparency` tinyint(4),\n PRIMARY KEY (`id`),\n UNIQUE KEY(`image_id`))");
@mkdir(VARPATH . 'originals');
@mkdir(VARPATH . 'modules');
@mkdir(VARPATH . 'modules/emboss');
module::set_version('emboss', 1);
log::success('emboss', 'Emboss Installed');
}
public function choose($toolkit_id)
{
access::verify_csrf();
if ($toolkit_id != module::get_var("gallery", "graphics_toolkit")) {
$tk = graphics::detect_toolkits();
module::set_var("gallery", "graphics_toolkit", $toolkit_id);
module::set_var("gallery", "graphics_toolkit_path", $tk->{$toolkit_id}->dir);
site_status::clear("missing_graphics_toolkit");
$msg = t("Changed graphics toolkit to: %toolkit", array("toolkit" => $tk->{$toolkit_id}->name));
message::success($msg);
log::success("graphics", $msg);
}
url::redirect("admin/graphics");
}
public function choose($toolkit)
{
access::verify_csrf();
if ($toolkit != module::get_var("gallery", "graphics_toolkit")) {
module::set_var("gallery", "graphics_toolkit", $toolkit);
$toolkit_info = graphics::detect_toolkits();
if ($toolkit == "graphicsmagick" || $toolkit == "imagemagick") {
module::set_var("gallery", "graphics_toolkit_path", $toolkit_info[$toolkit]);
}
site_status::clear("missing_graphics_toolkit");
message::success(t("Updated Graphics Toolkit"));
log::success("graphics", t("Changed graphics toolkit to: %toolkit", array("toolkit" => $toolkit)));
}
url::redirect("admin/graphics");
}
public function add_photo($id)
{
$album = ORM::factory("item", $id);
access::required("view", $album);
access::required("add", $album);
access::verify_csrf();
$file_validation = new Validation($_FILES);
$file_validation->add_rules("Filedata", "upload::valid", "upload::required", "upload::type[gif,jpg,jpeg,png,flv,mp4]");
if ($file_validation->validate()) {
// SimpleUploader.swf does not yet call /start directly, so simulate it here for now.
if (!batch::in_progress()) {
batch::start();
}
$temp_filename = upload::save("Filedata");
try {
$name = substr(basename($temp_filename), 10);
// Skip unique identifier Kohana adds
$title = item::convert_filename_to_title($name);
$path_info = @pathinfo($temp_filename);
if (array_key_exists("extension", $path_info) && in_array(strtolower($path_info["extension"]), array("flv", "mp4"))) {
$item = movie::create($album, $temp_filename, $name, $title);
log::success("content", t("Added a movie"), html::anchor("movies/{$item->id}", t("view movie")));
} else {
$item = photo::create($album, $temp_filename, $name, $title);
log::success("content", t("Added a photo"), html::anchor("photos/{$item->id}", t("view photo")));
}
// We currently have no way of showing errors if validation fails, so only call our event
// handlers if validation passes.
$form = $this->_get_add_form($album);
if ($form->validate()) {
module::event("add_photos_form_completed", $item, $form);
}
} catch (Exception $e) {
Kohana_Log::add("alert", $e->__toString());
if (file_exists($temp_filename)) {
unlink($temp_filename);
}
header("HTTP/1.1 500 Internal Server Error");
print "ERROR: " . $e->getMessage();
return;
}
unlink($temp_filename);
print "FILEID: {$item->id}";
} else {
header("HTTP/1.1 400 Bad Request");
print "ERROR: " . t("Invalid Upload");
}
}
public function index()
{
$form = akismet::get_configure_form();
if (request::method() == "post") {
// @todo move the "post" handler part of this code into a separate function
access::verify_csrf();
$valid = $form->validate();
if ($valid) {
$new_key = $form->configure_akismet->api_key->value;
if ($new_key && !akismet::validate_key($new_key)) {
$form->configure_akismet->api_key->add_error("invalid", 1);
$valid = false;
}
}
if ($valid) {
$old_key = module::get_var("akismet", "api_key");
if ($old_key && !$new_key) {
message::success(t("Your Akismet key has been cleared."));
} else {
if ($old_key && $new_key && $old_key != $new_key) {
message::success(t("Your Akismet key has been changed."));
} else {
if (!$old_key && $new_key) {
message::success(t("Your Akismet key has been saved."));
}
}
}
log::success("akismet", t("Akismet key changed to {$new_key}"));
module::set_var("akismet", "api_key", $new_key);
akismet::check_config();
url::redirect("admin/akismet");
} else {
$valid_key = false;
}
} else {
$valid_key = module::get_var("akismet", "api_key") ? 1 : 0;
}
akismet::check_config();
$view = new Admin_View("admin.html");
$view->content = new View("admin_akismet.html");
$view->content->valid_key = $valid_key;
$view->content->form = $form;
print $view;
}
public function delete_product($id)
{
access::verify_csrf();
$product = ORM::factory("bp_product", $id);
if (!$product->loaded()) {
kohana::show_404();
}
$form = bp_product::get_delete_form_admin($product);
if ($form->validate()) {
$name = $product->name;
$product->delete();
} else {
print $form;
}
$message = t("Deleted user %product_name", array("product_name" => html::clean($name)));
log::success("user", $message);
message::success($message);
print json::reply(array("result" => "success"));
}
public function delete_email_template($id)
{
access::verify_csrf();
$email_template = ORM::factory("bp_email_template", $id);
if (!$email_template->loaded()) {
kohana::show_404();
}
$form = bp_email_template::get_delete_form_admin($email_template);
if ($form->validate()) {
$name = $email_template->name;
$email_template->delete();
} else {
print $form;
}
$message = t("Deleted Email template %email_template_name", array("email_template_name" => html::clean($name)));
log::success("email_template", $message);
message::success($message);
print json::reply(array("result" => "success"));
}
public function index()
{
$form = recaptcha::get_configure_form();
if (request::method() == "post") {
// @todo move the "save" part of this into a separate controller function
access::verify_csrf();
$old_public_key = module::get_var("recaptcha", "public_key");
$old_private_key = module::get_var("recaptcha", "private_key");
if ($form->validate()) {
$public_key = $form->configure_recaptcha->public_key->value;
$private_key = $form->configure_recaptcha->private_key->value;
if ($public_key && $private_key) {
module::set_var("recaptcha", "public_key", $public_key);
module::set_var("recaptcha", "private_key", $private_key);
message::success(t("reCAPTCHA configured!"));
log::success("recaptcha", t("reCAPTCHA public and private keys set"));
url::redirect("admin/recaptcha");
} else {
if ($public_key && !$private_key) {
$form->configure_recaptcha->private_key->add_error("invalid");
} else {
if ($private_key && !$public_key) {
$form->configure_recaptcha->public_key->add_error("invalid");
} else {
module::set_var("recaptcha", "public_key", "");
module::set_var("recaptcha", "private_key", "");
message::success(t("No keys provided. reCAPTCHA is disabled!"));
log::success("recaptcha", t("reCAPTCHA public and private keys cleared"));
url::redirect("admin/recaptcha");
}
}
}
}
}
recaptcha::check_config();
$view = new Admin_View("admin.html");
$view->page_title = t("reCAPTCHA");
$view->content = new View("admin_recaptcha.html");
$view->content->public_key = module::get_var("recaptcha", "public_key");
$view->content->private_key = module::get_var("recaptcha", "private_key");
$view->content->form = $form;
print $view;
}
/**
* @see REST_Controller::_update($resource)
*/
public function _update($photo)
{
access::required("edit", $photo);
$form = photo::get_edit_form($photo);
if ($form->validate()) {
// @todo implement changing the name. This is not trivial, we have
// to check for conflicts and rename the album itself, etc. Needs an
// api method.
$orig = clone $photo;
$photo->title = $form->edit_photo->title->value;
$photo->description = $form->edit_photo->description->value;
$photo->save();
module::event("item_updated", $orig, $photo);
log::success("content", "Updated photo", "<a href=\"photos/{$photo->id}\">view</a>");
message::success(t("Saved photo %photo_title", array("photo_title" => $photo->title)));
print json_encode(array("result" => "success", "location" => url::site("photos/{$photo->id}")));
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
}
public function rename($id)
{
access::verify_csrf();
$tag = ORM::factory("tag", $id);
if (!$tag->loaded()) {
throw new Kohana_404_Exception();
}
$in_place_edit = InPlaceEdit::factory($tag->name)->action("admin/tags/rename/{$tag->id}")->rules(array("required", "length[1,64]"))->messages(array("in_use" => t("There is already a tag with that name")))->callback(array($this, "check_for_duplicate"));
if ($in_place_edit->validate()) {
$old_name = $tag->name;
$tag->name = $in_place_edit->value();
$tag->save();
$message = t("Renamed tag %old_name to %new_name", array("old_name" => $old_name, "new_name" => $tag->name));
message::success($message);
log::success("tags", $message);
print json_encode(array("result" => "success", "location" => url::site("admin/tags")));
} else {
print json_encode(array("result" => "error", "form" => $in_place_edit->render()));
}
}
public function index()
{
$form = recaptcha::get_configure_form();
if (request::method() == "post") {
$old_public_key = module::get_var("recaptcha", "public_key");
$old_private_key = module::get_var("recaptcha", "private_key");
if ($form->validate()) {
$public_key = $form->configure_recaptcha->public_key->value;
$private_key = $form->configure_recaptcha->private_key->value;
if ($public_key && $private_key) {
module::set_var("recaptcha", "public_key", $public_key);
module::set_var("recaptcha", "private_key", $private_key);
message::success(t("Recaptcha configured!"));
log::success("recaptcha", t("Recaptcha public and private keys set"));
url::redirect("admin/recaptcha");
} else {
if ($public_key && !$private_key) {
$form->configure_recaptcha->private_key->add_error("invalid");
} else {
if ($private_key && !$public_key) {
$form->configure_recaptcha->public_key->add_error("invalid");
} else {
module::set_var("recaptcha", "public_key", "");
module::set_var("recaptcha", "private_key", "");
message::success(t("Recaptcha disabled!"));
log::success("recaptcha", t("Recaptcha public and private keys cleared"));
url::redirect("admin/recaptcha");
}
}
}
}
}
recaptcha::check_config();
$view = new Admin_View("admin.html");
$view->content = new View("admin_recaptcha.html");
$view->content->public_key = module::get_var("recaptcha", "public_key");
$view->content->private_key = module::get_var("recaptcha", "private_key");
$view->content->form = $form;
print $view;
}
public function delete_product($id)
{
access::verify_csrf();
if ($id == user::active()->id || $id == user::guest()->id) {
access::forbidden();
}
$product = ORM::factory("product", $id);
if (!$product->loaded()) {
throw new Kohana_404_Exception();
}
$form = product::get_delete_form_admin($product);
if ($form->validate()) {
$name = $product->name;
$product->delete();
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
$message = t("Deleted user %product_name", array("product_name" => html::clean($name)));
log::success("user", $message);
message::success($message);
print json_encode(array("result" => "success"));
}
public function delete_postage_band($id)
{
access::verify_csrf();
if ($id == user::active()->id || $id == user::guest()->id) {
access::forbidden();
}
$postage = ORM::factory("postage_band", $id);
if (!$postage->loaded) {
kohana::show_404();
}
$form = postage_band::get_delete_form_admin($postage);
if ($form->validate()) {
$name = $postage->name;
$postage->delete();
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
$message = t("Deleted user %postage_band", array("postage_band" => html::clean($name)));
log::success("user", $message);
message::success($message);
print json_encode(array("result" => "success"));
}
public function update($photo_id)
{
access::verify_csrf();
$photo = ORM::factory("item", $photo_id);
access::required("view", $photo);
access::required("edit", $photo);
$form = photo::get_edit_form($photo);
try {
$valid = $form->validate();
$photo->title = $form->edit_item->title->value;
$photo->description = $form->edit_item->description->value;
$photo->slug = $form->edit_item->slug->value;
$photo->name = $form->edit_item->inputs["name"]->value;
$photo->validate();
} catch (ORM_Validation_Exception $e) {
// Translate ORM validation errors into form error messages
foreach ($e->validation->errors() as $key => $error) {
$form->edit_item->inputs[$key]->add_error($error, 1);
}
$valid = false;
}
if ($valid) {
$photo->save();
module::event("item_edit_form_completed", $photo, $form);
log::success("content", "Updated photo", "<a href=\"{$photo->url()}\">view</a>");
message::success(t("Saved photo %photo_title", array("photo_title" => html::purify($photo->title))));
if ($form->from_id->value == $photo->id) {
// Use the new url; it might have changed.
json::reply(array("result" => "success", "location" => $photo->url()));
} else {
// Stay on the same page
json::reply(array("result" => "success"));
}
} else {
json::reply(array("result" => "error", "html" => (string) $form));
}
}
public function add()
{
access::verify_csrf();
$form = watermark::get_add_form();
if ($form->validate()) {
$file = $_POST["file"];
$pathinfo = pathinfo($file);
// Forge prefixes files with "uploadfile-xxxxxxx" for uniqueness
$name = preg_replace("/uploadfile-[^-]+-(.*)/", '$1', $pathinfo["basename"]);
if (!($image_info = getimagesize($file)) || !in_array($image_info[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG))) {
message::error(t("Unable to identify this image file"));
@unlink($file);
return;
}
rename($file, VARPATH . "modules/watermark/{$name}");
module::set_var("watermark", "name", $name);
module::set_var("watermark", "width", $image_info[0]);
module::set_var("watermark", "height", $image_info[1]);
module::set_var("watermark", "mime_type", $image_info["mime"]);
module::set_var("watermark", "position", $form->add_watermark->position->value);
module::set_var("watermark", "transparency", $form->add_watermark->transparency->value);
$this->_update_graphics_rules();
@unlink($file);
message::success(t("Watermark saved"));
log::success("watermark", t("Watermark saved"));
json::reply(array("result" => "success", "location" => url::site("admin/watermarks")));
} else {
// rawurlencode the results because the JS code that uploads the file buffers it in an
// iframe which entitizes the HTML and makes it difficult for the JS to process. If we url
// encode it now, it passes through cleanly. See ticket #797.
json::reply(array("result" => "error", "html" => rawurlencode((string) $form)));
}
// Override the application/json mime type. The dialog based HTML uploader uses an iframe to
// buffer the reply, and on some browsers (Firefox 3.6) it does not know what to do with the
// JSON that it gets back so it puts up a dialog asking the user what to do with it. So force
// the encoding type back to HTML for the iframe.
// See: http://jquery.malsup.com/form/#file-upload
header("Content-Type: text/html; charset=" . Kohana::CHARSET);
}
public function update($movie_id)
{
access::verify_csrf();
$movie = ORM::factory("item", $movie_id);
access::required("view", $movie);
access::required("edit", $movie);
$form = movie::get_edit_form($movie);
$valid = $form->validate();
if ($valid) {
$new_ext = pathinfo($form->edit_item->filename->value, PATHINFO_EXTENSION);
$old_ext = pathinfo($movie->name, PATHINFO_EXTENSION);
if (strcasecmp($new_ext, $old_ext)) {
$form->edit_item->filename->add_error("illegal_extension", 1);
$valid = false;
}
}
if ($valid) {
if ($form->edit_item->filename->value != $movie->name || $form->edit_item->slug->value != $movie->slug) {
// Make sure that there's not a name or slug conflict
if ($row = db::build()->select(array("name", "slug"))->from("items")->where("parent_id", "=", $movie->parent_id)->where("id", "<>", $movie->id)->and_open()->where("name", "=", $form->edit_item->filename->value)->or_where("slug", "=", $form->edit_item->slug->value)->close()->execute()->current()) {
if ($row->name == $form->edit_item->filename->value) {
$form->edit_item->filename->add_error("name_conflict", 1);
}
if ($row->slug == $form->edit_item->slug->value) {
$form->edit_item->slug->add_error("slug_conflict", 1);
}
$valid = false;
}
}
}
if ($valid) {
$movie->title = $form->edit_item->title->value;
$movie->description = $form->edit_item->description->value;
$movie->slug = $form->edit_item->slug->value;
$movie->rename($form->edit_item->filename->value);
$movie->save();
module::event("item_edit_form_completed", $movie, $form);
log::success("content", "Updated movie", "<a href=\"{$movie->url()}\">view</a>");
message::success(t("Saved movie %movie_title", array("movie_title" => $movie->title)));
print json_encode(array("result" => "success"));
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
}
/**
* Uninstall a deactivated module. This will call <module>_installer::uninstall() which should
* take whatever steps necessary to make sure that all traces of a module are gone.
* @param string $module_name
*/
static function uninstall($module_name)
{
$installer_class = "{$module_name}_installer";
if (class_exists($installer_class) && method_exists($installer_class, "uninstall")) {
call_user_func(array($installer_class, "uninstall"));
}
graphics::remove_rules($module_name);
$module = module::get($module_name);
if ($module->loaded()) {
$module->delete();
}
module::load_modules();
// We could delete the module vars here too, but it's nice to leave them around
// in case the module gets reinstalled.
log::success("module", t("Uninstalled module %module_name", array("module_name" => $module_name)));
}
/**
* Run a task. This will trigger the task to do a small amount of work, then it will report
* back with status on the task.
* @param string $task_id
*/
public function run($task_id)
{
access::verify_csrf();
try {
$task = task::run($task_id);
} catch (Exception $e) {
Kohana::log("error", sprintf("%s in %s at line %s:\n%s", $e->getMessage(), $e->getFile(), $e->getLine(), $e->getTraceAsString()));
throw $e;
}
if ($task->done) {
switch ($task->state) {
case "success":
log::success("tasks", t("Task %task_name completed (task id %task_id)", array("task_name" => $task->name, "task_id" => $task->id)), html::anchor("admin/maintenance", t("maintenance")));
message::success(t("Task completed successfully"));
break;
case "error":
log::error("tasks", t("Task %task_name failed (task id %task_id)", array("task_name" => $task->name, "task_id" => $task->id)), html::anchor("admin/maintenance", t("maintenance")));
message::success(t("Task failed"));
break;
}
print json_encode(array("result" => "success", "task" => array("percent_complete" => $task->percent_complete, "status" => $task->status, "done" => $task->done), "location" => url::site("admin/maintenance")));
} else {
print json_encode(array("result" => "in_progress", "task" => array("percent_complete" => $task->percent_complete, "status" => $task->status, "done" => $task->done)));
}
}
public function delete_group($id)
{
access::verify_csrf();
$group = group::lookup($id);
if (empty($group)) {
throw new Kohana_404_Exception();
}
$form = $this->_get_group_delete_form_admin($group);
if ($form->validate()) {
$name = $group->name;
$group->delete();
} else {
json::reply(array("result" => "error", "html" => (string) $form));
}
$message = t("Deleted group %group_name", array("group_name" => $name));
log::success("group", $message);
message::success($message);
json::reply(array("result" => "success"));
}
public function rename($id)
{
access::verify_csrf();
$tag = ORM::factory("tag", $id);
if (!$tag->loaded) {
kohana::show_404();
}
$form = tag::get_rename_form($tag);
$valid = $form->validate();
if ($valid) {
$new_name = $form->rename_tag->inputs["name"]->value;
$new_tag = ORM::factory("tag")->where("name", $new_name)->find();
if ($new_tag->loaded) {
$form->rename_tag->inputs["name"]->add_error("in_use", 1);
$valid = false;
}
}
if ($valid) {
$old_name = $tag->name;
$tag->name = $new_name;
$tag->save();
$message = t("Renamed tag %old_name to %new_name", array("old_name" => $old_name, "new_name" => $tag->name));
message::success($message);
log::success("tags", $message);
print json_encode(array("result" => "success", "location" => url::site("admin/tags"), "tag_id" => $tag->id, "new_tagname" => html::clean($tag->name)));
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
}
/**
* bit.ly module's settings
* @todo Create/get and display the shortened value for this Gallery's root album (home page)
*/
public function index()
{
$form = bitly::get_configure_form();
$login = module::get_var("bitly", "login");
$api_key = module::get_var("bitly", "api_key");
$domain = module::get_var("bitly", "domain");
$valid_config = false;
if (request::method() == "post") {
access::verify_csrf();
if ($form->validate()) {
$new_login = $form->configure_bitly->login->value;
$new_key = $form->configure_bitly->api_key->value;
$new_domain = $form->configure_bitly->domain->value;
module::set_var("bitly", "login", $new_login);
module::set_var("bitly", "api_key", $new_key);
module::set_var("bitly", "domain", $new_domain);
if (!bitly::check_config()) {
url::redirect("admin/bitly");
} else {
if ($login && !$new_login) {
message::success(t("Your bit.ly login has been cleared."));
} else {
if ($login && $new_login && $login != $new_login) {
message::success(t("Your bit.ly login has been changed."));
} else {
if (!$login && $new_login) {
message::success(t("Your bit.ly login has been saved."));
}
}
}
if ($api_key && !$new_key) {
message::success(t("Your bit.ly API key has been cleared."));
} else {
if ($api_key && $new_key && $api_key != $new_key) {
message::success(t("Your bit.ly API key has been changed."));
} else {
if (!$api_key && $new_key) {
message::success(t("Your bit.ly API key has been saved."));
}
}
}
if ($domain && $new_domain && $domain != $new_domain) {
message::success(t("Your preferrend bit.ly domain has been changed."));
} else {
if (!$domain && $new_domain) {
message::success(t("Your preferred bit.ly domain has been saved."));
}
}
log::success("bitly", t("bit.ly login changed to %new_login", array("new_login" => $new_login)));
log::success("bitly", t("bit.ly API key changed to %new_key", array("new_key" => $new_key)));
!$new_login || !$new_key ? $valid_config = false : ($valid_config = true);
}
}
}
$view = new Admin_View("admin.html");
$view->page_title = t("bit.ly url shortner");
$view->content = new View("admin_bitly.html");
$view->content->login = $form->configure_bitly->login->value;
$view->content->api_key = $form->configure_bitly->api_key->value;
$view->content->domain = $form->configure_bitly->domain->value;
$view->content->form = $form;
$link = ORM::factory("bitly_link")->where("item_id", "=", 1)->find();
if ($link->loaded()) {
$view->content->g3_url = bitly::url($link->hash);
} else {
if ($valid_config && !empty($login) && !empty($api_key) && !empty($domain)) {
$view->content->g3_url = bitly::shorten_url(1);
}
}
print $view;
}
public function sort()
{
access::verify_csrf();
$itemids = $this->input->post("item");
$item = ORM::factory("item")->in("id", $itemids[0])->find();
access::required("view", $item);
access::required("edit", $item);
$form = organize::get_sort_edit_form($item);
if ($form->validate()) {
$orig = clone $item;
$item->sort_column = $form->column->value;
$item->sort_order = $form->direction->value;
$item->save();
log::success("content", "Updated album", "<a href=\"albums/{$item->id}\">view</a>");
$message = t("Saved album %album_title", array("album_title" => p::purify($item->title)));
print json_encode(array("form" => $form->__toString(), "message" => $message));
} else {
print json_encode(array("form" => $form->__toString()));
}
}
/**
* @see REST_Controller::_update($resource)
*/
public function _update($album)
{
access::verify_csrf();
access::required("view", $album);
access::required("edit", $album);
$form = album::get_edit_form($album);
if ($valid = $form->validate()) {
// Make sure that there's not a conflict
if (Database::instance()->from("items")->where("parent_id", $album->parent_id)->where("id <>", $album->id)->where("name", $form->edit_album->dirname->value)->count_records()) {
$form->edit_album->dirname->add_error("conflict", 1);
$valid = false;
}
}
// @todo
// @todo we need to make sure that filename / dirname components can't contain a /
// @todo
if ($valid) {
$orig = clone $album;
$album->title = $form->edit_album->title->value;
$album->description = $form->edit_album->description->value;
$album->sort_column = $form->edit_album->sort_order->column->value;
$album->sort_order = $form->edit_album->sort_order->direction->value;
$album->rename($form->edit_album->dirname->value);
$album->save();
module::event("item_updated", $orig, $album);
log::success("content", "Updated album", "<a href=\"albums/{$album->id}\">view</a>");
message::success(t("Saved album %album_title", array("album_title" => $album->title)));
print json_encode(array("result" => "success", "location" => url::site("albums/{$album->id}")));
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
}