public function auth() { if (!identity::active_user()->admin) { access::forbidden(); } access::verify_csrf(); $form = self::_form(); $valid = $form->validate(); $user = identity::active_user(); if ($valid) { module::event("user_auth", $user); if (!request::is_ajax()) { message::success(t("Successfully re-authenticated!")); } url::redirect(Session::instance()->get_once("continue_url")); } else { $name = $user->name; log::warning("user", t("Failed re-authentication for %name", array("name" => $name))); module::event("user_auth_failed", $name); if (request::is_ajax()) { $v = new View("reauthenticate.html"); $v->form = $form; $v->user_name = identity::active_user()->name; json::reply(array("html" => (string) $v)); } else { self::_show_form($form); } } }
public function save() { access::verify_csrf(); $form = theme::get_edit_form_admin(); if ($form->validate()) { module::set_var("gallery", "page_size", $form->edit_theme->page_size->value); $thumb_size = $form->edit_theme->thumb_size->value; $thumb_dirty = false; if (module::get_var("gallery", "thumb_size") != $thumb_size) { graphics::remove_rule("gallery", "thumb", "gallery_graphics::resize"); graphics::add_rule("gallery", "thumb", "gallery_graphics::resize", array("width" => $thumb_size, "height" => $thumb_size, "master" => Image::AUTO), 100); module::set_var("gallery", "thumb_size", $thumb_size); } $resize_size = $form->edit_theme->resize_size->value; $resize_dirty = false; if (module::get_var("gallery", "resize_size") != $resize_size) { graphics::remove_rule("gallery", "resize", "gallery_graphics::resize"); graphics::add_rule("gallery", "resize", "gallery_graphics::resize", array("width" => $resize_size, "height" => $resize_size, "master" => Image::AUTO), 100); module::set_var("gallery", "resize_size", $resize_size); } module::set_var("gallery", "header_text", $form->edit_theme->header_text->value); module::set_var("gallery", "footer_text", $form->edit_theme->footer_text->value); module::set_var("gallery", "show_credits", $form->edit_theme->show_credits->value); module::event("theme_edit_form_completed", $form); message::success(t("Updated theme details")); url::redirect("admin/theme_options"); } else { $view = new Admin_View("admin.html"); $view->content = new View("admin_theme_options.html"); $view->content->form = $form; print $view; } }
public function add_user() { access::verify_csrf(); $form = user::get_add_form_admin(); $valid = $form->validate(); $name = $form->add_user->inputs["name"]->value; $user = ORM::factory("user")->where("name", $name)->find(); if ($user->loaded) { $form->add_user->inputs["name"]->add_error("in_use", 1); $valid = false; } if ($valid) { $user = user::create($name, $form->add_user->full_name->value, $form->add_user->password->value); $user->email = $form->add_user->email->value; $user->admin = $form->add_user->admin->checked; if ($form->add_user->locale) { $desired_locale = $form->add_user->locale->value; $user->locale = $desired_locale == "none" ? null : $desired_locale; } $user->save(); module::event("user_add_form_admin_completed", $user, $form); message::success(t("Created user %user_name", array("user_name" => p::clean($user->name)))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", "form" => $form->__toString())); } }
public function change() { access::verify_csrf(); $active_provider = module::get_var("gallery", "identity_provider", "user"); $providers = identity::providers(); $new_provider = Input::instance()->post("provider"); if ($new_provider != $active_provider) { module::deactivate($active_provider); // Switch authentication identity::reset(); module::set_var("gallery", "identity_provider", $new_provider); module::install($new_provider); module::activate($new_provider); module::event("identity_provider_changed", $active_provider, $new_provider); module::uninstall($active_provider); message::success(t("Changed to %description", array("description" => $providers->{$new_provider}))); try { Session::instance()->destroy(); } catch (Exception $e) { // We don't care if there was a problem destroying the session. } url::redirect(item::root()->abs_url()); } message::info(t("The selected provider \"%description\" is already active.", array("description" => $providers->{$new_provider}))); url::redirect("admin/identity"); }
function rearrange($target_id, $before_or_after) { access::verify_csrf(); $target = ORM::factory("item", $target_id); $album = $target->parent(); access::required("view", $album); access::required("edit", $album); $source_ids = $this->input->post("source_ids", array()); if ($album->sort_column != "weight") { $i = 0; foreach ($album->children() as $child) { // Do this directly in the database to avoid sending notifications Database::Instance()->update("items", array("weight" => ++$i), array("id" => $child->id)); } $album->sort_column = "weight"; $album->sort_order = "ASC"; $album->save(); $target->reload(); } // Find the insertion point $target_weight = $target->weight; if ($before_or_after == "after") { $target_weight++; } // Make a hole $count = count($source_ids); Database::Instance()->query("UPDATE {items} " . "SET `weight` = `weight` + {$count} " . "WHERE `weight` >= {$target_weight} AND `parent_id` = {$album->id}"); // Insert source items into the hole foreach ($source_ids as $source_id) { Database::Instance()->update("items", array("weight" => $target_weight++), array("id" => $source_id)); } module::event("album_rearrange", $album); print json_encode(array("grid" => self::_get_micro_thumb_grid($album, 0)->__toString(), "sort_column" => $album->sort_column, "sort_order" => $album->sort_order)); }
/** * Create a default list of allowed movie MIME types and then let modules modify it. */ static function get_movie_types() { $types_wrapper = new stdClass(); $types_wrapper->types = array("video/flv", "video/x-flv", "video/mp4"); module::event("legal_movie_types", $types_wrapper); return $types_wrapper->types; }
/** * Create a new album. * @param integer $parent_id id of parent album * @param string $name the name of this new album (it will become the directory name on disk) * @param integer $title the title of the new album * @param string $description (optional) the longer description of this album * @return Item_Model */ static function create($parent, $name, $title, $description = null, $owner_id = null) { if (!$parent->loaded || !$parent->is_album()) { throw new Exception("@todo INVALID_PARENT"); } if (strpos($name, "/")) { throw new Exception("@todo NAME_CANNOT_CONTAIN_SLASH"); } // We don't allow trailing periods as a security measure // ref: http://dev.kohanaphp.com/issues/684 if (rtrim($name, ".") != $name) { throw new Exception("@todo NAME_CANNOT_END_IN_PERIOD"); } $album = ORM::factory("item"); $album->type = "album"; $album->title = $title; $album->description = $description; $album->name = $name; $album->owner_id = $owner_id; $album->thumb_dirty = 1; $album->resize_dirty = 1; $album->rand_key = (double) mt_rand() / (double) mt_getrandmax(); $album->sort_column = "weight"; $album->sort_order = "ASC"; while (ORM::factory("item")->where("parent_id", $parent->id)->where("name", $album->name)->find()->id) { $album->name = "{$name}-" . rand(); } $album = $album->add_to_parent($parent); mkdir($album->file_path()); mkdir(dirname($album->thumb_path())); mkdir(dirname($album->resize_path())); module::event("item_created", $album); return $album; }
static function uninstall() { $db = Database::instance(); $sql = "SELECT `item_id` FROM {comments}"; module::event("item_related_update_batch", $sql); $db->query("DROP TABLE IF EXISTS {comments};"); }
public function admin_menu() { $menu = Menu::factory("root"); gallery::admin_menu($menu, $this); module::event("admin_menu", $menu, $this); $menu->compact(); return $menu; }
static function get_email_form($user_id, $item_id = null) { // Determine name of the person the message is going to. $str_to_name = ""; if ($user_id == -1) { $str_to_name = module::get_var("contactowner", "contact_owner_name"); } else { // Locate the record for the user specified by $user_id, // use this to determine the user's name. $userDetails = ORM::factory("user")->where("id", "=", $user_id)->find_all(); $str_to_name = $userDetails[0]->name; } // If item_id is set, include a link to the item. $email_body = ""; if (!empty($item_id)) { $item = ORM::factory("item", $item_id); $email_body = "This message refers to <a href=\"" . url::abs_site("{$item->type}s/{$item->id}") . "\">this page</a>."; } // Make a new form with a couple of text boxes. $form = new Forge("contactowner/sendemail/{$user_id}", "", "post", array("id" => "g-contact-owner-send-form")); $sendmail_fields = $form->group("contactOwner"); $sendmail_fields->input("email_to")->label(t("To:"))->value($str_to_name)->id("g-contactowner-to-name"); $sendmail_fields->input("email_from")->label(t("From:"))->value(identity::active_user()->email)->id("g-contactowner-from-email")->rules('required|valid_email')->error_messages("required", t("You must enter a valid email address"))->error_messages("valid_email", t("You must enter a valid email address"))->error_messages("invalid", t("You must enter a valid email address")); $sendmail_fields->input("email_subject")->label(t("Subject:"))->value("")->id("g-contactowner-subject")->rules('required')->error_messages("required", t("You must enter a subject")); $sendmail_fields->textarea("email_body")->label(t("Message:"))->value($email_body)->id("g-contactowner-email-body")->rules('required')->error_messages("required", t("You must enter a message")); // Add a captcha, if there's an active captcha module. module::event("captcha_protect_form", $form); // Add a save button to the form. $sendmail_fields->submit("SendMessage")->value(t("Send")); return $form; }
static function change_provider($new_provider) { $current_provider = module::get_var("gallery", "identity_provider"); if (!empty($current_provider)) { module::uninstall($current_provider); } try { IdentityProvider::reset(); $provider = new IdentityProvider($new_provider); module::set_var("gallery", "identity_provider", $new_provider); if (method_exists("{$new_provider}_installer", "initialize")) { call_user_func("{$new_provider}_installer::initialize"); } module::event("identity_provider_changed", $current_provider, $new_provider); auth::login($provider->admin_user()); Session::instance()->regenerate(); } catch (Exception $e) { static $restore_already_running; // In case of error, make an attempt to restore the old provider. Since that's calling into // this function again and can fail, we should be sure not to get into an infinite recursion. if (!$restore_already_running) { $restore_already_running = true; // Make sure new provider is not in the database module::uninstall($new_provider); // Lets reset to the current provider so that the gallery installation is still // working. module::set_var("gallery", "identity_provider", null); IdentityProvider::change_provider($current_provider); module::activate($current_provider); message::error(t("Error attempting to enable \"%new_provider\" identity provider, " . "reverted to \"%old_provider\" identity provider", array("new_provider" => $new_provider, "old_provider" => $current_provider))); $restore_already_running = false; } throw $e; } }
public function _update($user) { if ($user->guest || $user->id != user::active()->id) { access::forbidden(); } $form = user::get_edit_form($user); $valid = $form->validate(); if ($valid) { $user->full_name = $form->edit_user->full_name->value; if ($form->edit_user->password->value) { $user->password = $form->edit_user->password->value; } $user->email = $form->edit_user->email->value; $user->url = $form->edit_user->url->value; if ($form->edit_user->locale) { $desired_locale = $form->edit_user->locale->value; $new_locale = $desired_locale == "none" ? null : $desired_locale; if ($new_locale != $user->locale) { // Delete the session based locale preference setcookie("g_locale", "", time() - 24 * 3600, "/"); } $user->locale = $new_locale; } $user->save(); module::event("user_edit_form_completed", $user, $form); message::success(t("User information updated.")); print json_encode(array("result" => "success", "resource" => url::site("users/{$user->id}"))); } else { print json_encode(array("result" => "error", "form" => $form->__toString())); } }
/** * @see REST_Controller::_update($resource) */ public function _update($photo) { access::verify_csrf(); access::required("view", $photo); access::required("edit", $photo); $form = photo::get_edit_form($photo); $valid = $form->validate(); if ($valid = $form->validate()) { if ($form->edit_item->filename->value != $photo->name || $form->edit_item->slug->value != $photo->slug) { // Make sure that there's not a name or slug conflict if ($row = Database::instance()->select(array("name", "slug"))->from("items")->where("parent_id", $photo->parent_id)->where("id <>", $photo->id)->open_paren()->where("name", $form->edit_item->filename->value)->orwhere("slug", $form->edit_item->slug->value)->close_paren()->get()->current()) { if ($row->name == $form->edit_item->filename->value) { $form->edit_item->filename->add_error("name_conflict", 1); } if ($row->slug == $form->edit_item->slug->value) { $form->edit_item->slug->add_error("slug_conflict", 1); } $valid = false; } } } if ($valid) { $photo->title = $form->edit_item->title->value; $photo->description = $form->edit_item->description->value; $photo->slug = $form->edit_item->slug->value; $photo->rename($form->edit_item->filename->value); $photo->save(); module::event("item_edit_form_completed", $photo, $form); log::success("content", "Updated photo", "<a href=\"{$photo->url()}\">view</a>"); message::success(t("Saved photo %photo_title", array("photo_title" => html::purify($photo->title)))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", "form" => $form->__toString())); } }
/** * Rotate an image. Valid options are degrees * * @param string $input_file * @param string $output_file * @param array $options */ static function rotate($input_file, $output_file, $options) { graphics::init_toolkit(); module::event("graphics_rotate", $input_file, $output_file, $options); // BEGIN mod to original function $image_info = getimagesize($input_file); // [0]=w, [1]=h, [2]=type (1=GIF, 2=JPG, 3=PNG) if (module::get_var("image_optimizer", "rotate_jpg") || $image_info[2] == 2) { // rotate_jpg enabled, the file is a jpg. get args $path = module::get_var("image_optimizer", "path_jpg"); $exec_args = " -rotate "; $exec_args .= $options["degrees"] > 0 ? $options["degrees"] : $options["degrees"] + 360; $exec_args .= " -copy all -optimize -outfile "; // run it - from input_file to tmp_file $tmp_file = image_optimizer::make_temp_name($output_file); exec(escapeshellcmd($path) . $exec_args . escapeshellarg($tmp_file) . " " . escapeshellarg($input_file), $exec_output, $exec_status); if ($exec_status || !filesize($tmp_file)) { // either a blank/nonexistant file or an error - log an error and pass to normal function Kohana_Log::add("error", "image_optimizer rotation failed on " . $output_file); unlink($tmp_file); } else { // worked - move temp to output rename($tmp_file, $output_file); $status = true; } } if (!$status) { // we got here if we weren't supposed to use jpegtran or if jpegtran failed // END mod to original function Image::factory($input_file)->quality(module::get_var("gallery", "image_quality"))->rotate($options["degrees"])->save($output_file); // BEGIN mod to original function } // END mod to original function module::event("graphics_rotate_completed", $input_file, $output_file, $options); }
public function save() { access::verify_csrf(); $changes->activate = array(); $changes->deactivate = array(); $activated_names = array(); $deactivated_names = array(); foreach (module::available() as $module_name => $info) { if ($info->locked) { continue; } $desired = $this->input->post($module_name) == 1; if ($info->active && !$desired && module::is_active($module_name)) { $changes->deactivate[] = $module_name; $deactivated_names[] = $info->name; module::deactivate($module_name); } else { if (!$info->active && $desired && !module::is_active($module_name)) { $changes->activate[] = $module_name; $activated_names[] = $info->name; module::install($module_name); module::activate($module_name); } } } module::event("module_change", $changes); // @todo this type of collation is questionable from a i18n perspective if ($activated_names) { message::success(t("Activated: %names", array("names" => join(", ", $activated_names)))); } if ($deactivated_names) { message::success(t("Deactivated: %names", array("names" => join(", ", $deactivated_names)))); } url::redirect("admin/modules"); }
/** * @see REST_Controller::_update($resource) */ public function _update($photo) { access::verify_csrf(); access::required("view", $photo); access::required("edit", $photo); $form = photo::get_edit_form($photo); if ($valid = $form->validate()) { if ($form->edit_photo->filename->value != $photo->name) { // Make sure that there's not a conflict if (Database::instance()->from("items")->where("parent_id", $photo->parent_id)->where("id <>", $photo->id)->where("name", $form->edit_photo->filename->value)->count_records()) { $form->edit_photo->filename->add_error("conflict", 1); $valid = false; } } } if ($valid) { $photo->title = $form->edit_photo->title->value; $photo->description = $form->edit_photo->description->value; $photo->rename($form->edit_photo->filename->value); $photo->save(); module::event("photo_edit_form_completed", $photo, $form); log::success("content", "Updated photo", "<a href=\"photos/{$photo->id}\">view</a>"); message::success(t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title)))); print json_encode(array("result" => "success", "location" => url::site("photos/{$photo->id}"))); } else { print json_encode(array("result" => "error", "form" => $form->__toString())); } }
static function uninstall() { // Delete all groups so that we give other modules an opportunity to clean up $ldap_provider = new IdentityProvider("ldap"); foreach ($ldap_provider->groups() as $group) { module::event("group_deleted", $group); } }
static function initialize() { module::set_version("ldap", 1); $root = item::root(); foreach (IdentityProvider::instance()->groups() as $group) { module::event("group_created", $group); access::allow($group, "view", $root); access::allow($group, "view_full", $root); } }
static function get_contact_form($user) { $form = new Forge("user_profile/send/{$user->id}", "", "post", array("id" => "g-user-profile-contact-form")); $group = $form->group("message")->label(t("Compose message to %name", array("name" => $user->display_name()))); $group->input("reply_to")->label(t("From:"))->rules("required|length[1, 256]|valid_email")->error_messages("required", t("Field is required"))->error_messages("max_length", t("Field exceeds 256 bytes"))->error_messages("valid_email", t("Field is not a valid email address")); $group->input("subject")->label(t("Subject:"))->rules("required|length[1, 256]")->error_messages("required", t("Field is required"))->error_messages("max_length", t("Field exceeds 256 bytes")); $group->textarea("message")->label(t("Message:"))->rules("required")->error_messages("required", t("Field is required")); module::event("user_profile_contact_form", $form); $group->submit("")->value(t("Send")); return $form; }
static function stop() { $session = Session::instance(); $batch_level = $session->get("batch_level", 0) - 1; if ($batch_level > 0) { $session->set("batch_level", $batch_level); } else { $session->delete("batch_level"); module::event("batch_complete"); } }
/** * Create a new group. * * @param string $name * @return Group_Model */ static function create($name) { $group = ORM::factory("group")->where("name", $name)->find(); if ($group->loaded) { throw new Exception("@todo GROUP_ALREADY_EXISTS {$name}"); } $group->name = $name; $group->save(); module::event("group_created", $group); return $group; }
static function uninstall() { $db = Database::instance(); // Notify listeners that we're deleting some data. This is probably going to be very // inefficient for large uninstalls, and we could make it better by doing things like passing // a SQL fragment through so that the listeners could use subselects. But by using a single, // simple event API we lighten the load on module developers. foreach (ORM::factory("item")->join("comments", "items.id", "comments.item_id")->find_all() as $item) { module::event("item_related_update", $item); } $db->query("DROP TABLE IF EXISTS {comments};"); }
static function update($item) { $data = new ArrayObject(); $record = ORM::factory("search_record")->where("item_id", "=", $item->id)->find(); if (!$record->loaded()) { $record->item_id = $item->id; } module::event("item_index_data", $record->item(), $data); $record->data = join(" ", (array) $data); $record->dirty = 0; $record->save(); }
public function save() { if (!$this->loaded()) { $created = 1; } parent::save(); if (isset($created)) { module::event("user_created", $this); } else { module::event("user_updated", $this->original(), $this); } return $this; }
static function get_add_form($album) { $form = new Forge("embedded_videos/create/{$album->id}", "", "post", array("id" => "g-add-embed-form")); $group = $form->group("add_embedded_video")->label(t("Add embedded video to %album_title", array("album_title" => $album->title))); $group->input("title")->label(t("Title"))->error_messages("required", t("You must provide a title"))->error_messages("length", t("Your title is too long")); $group->input("video_url")->label(t("Video URL"))->error_messages("conflict", t("There is already a movie with this ID"))->error_messages("required", t("You must provide a URL"))->error_messages("invalid_id", t("Invalid URL")); $group->textarea("description")->label(t("Description")); $group->input("slug")->label(t("Internet Address"))->error_messages("conflict", t("There is already a movie, photo or album with this internet address"))->error_messages("not_url_safe", t("The internet address should contain only letters, numbers, hyphens and underscores"))->error_messages("required", t("You must provide an internet address"))->error_messages("length", t("Your internet address is too long")); module::event("item_add_form", $album, $form); $group = $form->group("buttons")->label(""); $group->submit("")->value(t("Add")); return $form; }
static function logout() { $user = identity::active_user(); if (!$user->guest) { try { Session::instance()->destroy(); } catch (Exception $e) { Kohana::log("error", $e); } module::event("user_logout", $user); } log::info("user", t("User %name logged out", array("name" => $user->name)), html::anchor("user/{$user->id}", html::clean($user->name))); }
static function logout() { $user = identity::active_user(); if (!$user->guest) { try { Session::instance()->destroy(); } catch (Exception $e) { Kohana_Log::add("error", $e); } module::event("user_logout", $user); } log::info("user", t("User %name logged out", array("name" => $user->name)), t('<a href="%url">%user_name</a>', array("url" => user_profile::url($user->id), "user_name" => html::clean($user->name)))); }
public function save() { if (!$this->loaded) { $created = 1; } parent::save(); if (isset($created)) { module::event("group_created", $this); } else { module::event("group_updated", $this); } return $this; }
static function get_edit_form($movie) { $form = new Forge("movies/update/{$movie->id}", "", "post", array("id" => "g-edit-movie-form")); $form->hidden("from_id"); $group = $form->group("edit_item")->label(t("Edit Movie")); $group->input("title")->label(t("Title"))->value($movie->title)->error_messages("required", t("You must provide a title"))->error_messages("length", t("Your title is too long")); $group->textarea("description")->label(t("Description"))->value($movie->description); $group->input("name")->label(t("Filename"))->value($movie->name)->error_messages("conflict", t("There is already a movie, photo or album with this name"))->error_messages("no_slashes", t("The movie name can't contain a \"/\""))->error_messages("no_trailing_period", t("The movie name can't end in \".\""))->error_messages("illegal_data_file_extension", t("You cannot change the movie file extension"))->error_messages("required", t("You must provide a movie file name"))->error_messages("length", t("Your movie file name is too long")); $group->input("slug")->label(t("Internet Address"))->value($movie->slug)->error_messages("conflict", t("There is already a movie, photo or album with this internet address"))->error_messages("not_url_safe", t("The internet address should contain only letters, numbers, hyphens and underscores"))->error_messages("required", t("You must provide an internet address"))->error_messages("length", t("Your internet address is too long")); module::event("item_edit_form", $movie, $form); $group = $form->group("buttons")->label(""); $group->submit("")->value(t("Modify")); return $form; }
public function save() { if (!$this->loaded()) { // New group parent::save(); module::event("group_created", $this); } else { // Updated group $original = ORM::factory("group", $this->id); parent::save(); module::event("group_updated", $original, $this); } return $this; }