public function upgrade() { if (php_sapi_name() == "cli") { // @todo this may screw up some module installers, but we don't have a better answer at // this time. $_SERVER["HTTP_HOST"] = "example.com"; } else { if (!user::active()->admin && !Session::instance()->get("can_upgrade", false)) { access::forbidden(); } } // Upgrade gallery and user first module::install("gallery"); module::install("user"); // Then upgrade the rest foreach (module::available() as $id => $module) { if ($id == "gallery") { continue; } if ($module->active && $module->code_version != $module->version) { module::install($id); } } if (php_sapi_name() == "cli") { print "Upgrade complete\n"; } else { url::redirect("upgrader?done=1"); } }
function add_albums_and_photos($count, $desired_type = null) { srand(time()); $parents = ORM::factory("item")->where("type", "album")->find_all()->as_array(); $owner_id = user::active()->id; $test_images = glob(MODPATH . "gallery/tests/images/*.[Jj][Pp][Gg]"); batch::start(); $album_count = $photo_count = 0; for ($i = 0; $i < $count; $i++) { set_time_limit(30); $parent = $parents[array_rand($parents)]; $parent->reload(); $type = $desired_type; if (!$type) { $type = rand(0, 10) ? "photo" : "album"; } if ($type == "album") { $thumb_size = module::get_var("gallery", "thumb_size"); $parents[] = album::create($parent, "rnd_" . rand(), "Rnd {$i}", "random album {$i}", $owner_id)->save(); $album_count++; } else { $photo_index = rand(0, count($test_images) - 1); photo::create($parent, $test_images[$photo_index], basename($test_images[$photo_index]), "rnd_" . rand(), "sample thumb", $owner_id); $photo_count++; } } batch::stop(); if ($photo_count > 0) { log::success("content", "(scaffold) Added {$photo_count} photos"); } if ($album_count > 0) { log::success("content", "(scaffold) Added {$album_count} albums"); } url::redirect("scaffold"); }
static function site($menu, $theme) { if (file_exists(APPPATH . "controllers/welcome.php")) { $menu->append(Menu::factory("link")->id("browse")->label("Scaffold")->url(url::site("welcome"))); } $menu->append(Menu::factory("link")->id("home")->label(t("Home"))->url(url::site("albums/1"))); $item = $theme->item(); if ($item && access::can("edit", $item)) { $menu->append($options_menu = Menu::factory("submenu")->id("options_menu")->label(t("Options"))->append(Menu::factory("dialog")->id("edit_item")->label($item->type == "album" ? t("Edit album") : t("Edit photo"))->url(url::site("form/edit/{$item->type}s/{$item->id}")))); // @todo Move album options menu to the album quick edit pane // @todo Create resized item quick edit pane menu if ($item->type == "album") { $options_menu->append(Menu::factory("dialog")->id("add_item")->label(t("Add a photo"))->url(url::site("form/add/albums/{$item->id}?type=photo")))->append(Menu::factory("dialog")->id("add_album")->label(t("Add an album"))->url(url::site("form/add/albums/{$item->id}?type=album")))->append(Menu::factory("dialog")->id("edit_permissions")->label(t("Edit permissions"))->url(url::site("permissions/browse/{$item->id}"))); } } if (user::active()->admin) { $menu->append($admin_menu = Menu::factory("submenu")->id("admin_menu")->label(t("Admin"))); self::admin($admin_menu, $theme); foreach (module::installed() as $module) { if ($module->name == "core") { continue; } $class = "{$module->name}_menu"; if (method_exists($class, "admin")) { call_user_func_array(array($class, "admin"), array(&$admin_menu, $this)); } } } }
public function emailid($user_id) { // Display a form that a vistor can use to contact a registered user. // If this page is disabled, show a 404 error. if (module::get_var("contactowner", "contact_user_link") != true) { kohana::show_404(); } // Locate the record for the user specified by $user_id, // use this to determine the user's name. $userDetails = ORM::factory("user")->where("id", $user_id)->find_all(); // Make a new form with a couple of text boxes. $form = new Forge("contactowner/sendemail", "", "post", array("id" => "gContactOwnerSendForm")); $sendmail_fields = $form->group("contactOwner"); $sendmail_fields->input("email_to")->label(t("To:"))->value($userDetails[0]->name); $sendmail_fields->input("email_from")->label(t("From:"))->value(user::active()->email); $sendmail_fields->input("email_subject")->label(t("Subject:"))->value(""); $sendmail_fields->textarea("email_body")->label(t("Message:"))->value(""); $sendmail_fields->hidden("email_to_id")->value($user_id); // Add a save button to the form. $sendmail_fields->submit("SendMessage")->value(t("Send")); // Set up and display the actual page. $template = new Theme_View("page.html", "Contact"); $template->content = new View("contactowner_emailform.html"); $template->content->sendmail_form = $form; print $template; }
/** * Attempts to load a view and pre-load view data. * * @throws Kohana_Exception if the requested view cannot be found * @param string $name view name * @param string $page_type page type: album, photo, tags, etc * @param string $theme_name view name * @return void */ public function __construct($name, $page_type) { $theme_name = module::get_var("gallery", "active_site_theme"); if (!file_exists("themes/{$theme_name}")) { module::set_var("gallery", "active_site_theme", "default"); theme::load_themes(); Kohana::log("error", "Unable to locate theme '{$theme_name}', switching to default theme."); } parent::__construct($name); $this->theme_name = module::get_var("gallery", "active_site_theme"); if (user::active()->admin) { $this->theme_name = Input::instance()->get("theme", $this->theme_name); } $this->item = null; $this->tag = null; $this->set_global("theme", $this); $this->set_global("user", user::active()); $this->set_global("page_type", $page_type); $this->set_global("page_title", null); if ($page_type == "album") { $this->set_global("thumb_proportion", $this->thumb_proportion()); } $maintenance_mode = Kohana::config("core.maintenance_mode", false, false); if ($maintenance_mode) { message::warning(t("This site is currently in maintenance mode")); } }
public function _form_edit($user) { if ($user->guest || $user->id != user::active()->id) { access::forbidden(); } print user::get_edit_form($user); }
static function search($q, $limit, $offset) { $db = Database::instance(); $q = $db->escape_str($q); if (!user::active()->admin) { foreach (user::group_ids() as $id) { $fields[] = "`view_$id` = " . access::ALLOW; } $access_sql = "AND (" . join(" AND ", $fields) . ")"; } else { $access_sql = ""; } // Count the total number of rows. We can't do this with our regular query because of the // limit statement. It's possible that if we get rid of the limit (but keep the offset) on // the 2nd query and combine the two, it might be faster than making 2 separate queries. $count_query = "SELECT COUNT(*) AS c " . "FROM {items} JOIN {search_records} ON ({items}.`id` = {search_records}.`item_id`) " . "WHERE MATCH({search_records}.`data`) AGAINST ('$q' IN BOOLEAN MODE) " . $access_sql; $count = $db->query($count_query)->current()->c; $query = "SELECT {items}.*, MATCH({search_records}.`data`) AGAINST ('$q') AS `score` " . "FROM {items} JOIN {search_records} ON ({items}.`id` = {search_records}.`item_id`) " . "WHERE MATCH({search_records}.`data`) AGAINST ('$q' IN BOOLEAN MODE) " . $access_sql . "ORDER BY `score` DESC " . "LIMIT $limit OFFSET $offset"; return array($count, new ORM_Iterator(ORM::factory("item"), $db->query($query))); }
/** * Add a new comment to the collection. * @see REST_Controller::_create($resource) */ public function _create($comment) { $item = ORM::factory("item", $this->input->post("item_id")); access::required("view", $item); $form = comment::get_add_form($item); $valid = $form->validate(); if ($valid) { if (user::active()->guest && !$form->add_comment->inputs["name"]->value) { $form->add_comment->inputs["name"]->add_error("missing", 1); $valid = false; } if (!$form->add_comment->text->value) { $form->add_comment->text->add_error("missing", 1); $valid = false; } } if ($valid) { $comment = comment::create($item, user::active(), $form->add_comment->text->value, $form->add_comment->inputs["name"]->value, $form->add_comment->email->value, $form->add_comment->url->value); $active = user::active(); if ($active->guest) { $form->add_comment->inputs["name"]->value(""); $form->add_comment->email->value(""); $form->add_comment->url->value(""); } else { $form->add_comment->inputs["name"]->value($active->full_name); $form->add_comment->email->value($active->email); $form->add_comment->url->value($active->url); } $form->add_comment->text->value(""); print json_encode(array("result" => "success", "resource" => $comment->state == "published" ? url::site("comments/{$comment->id}") : null, "form" => $form->__toString())); } else { print json_encode(array("result" => "error", "form" => $form->__toString())); } }
public function __construct($theme = null) { if (!user::active()->admin) { throw new Exception("@todo UNAUTHORIZED", 401); } parent::__construct(); }
/** * Add a set of restrictions to any following queries to restrict access only to items * viewable by the active user. * @chainable */ public function viewable() { if (is_null($this->view_restrictions)) { if (user::active()->admin) { $this->view_restrictions = array(); } else { foreach (user::group_ids() as $id) { // Separate the first restriction from the rest to make it easier for us to formulate // our where clause below if (empty($this->view_restrictions)) { $this->view_restrictions[0] = "view_{$id}"; } else { $this->view_restrictions[1]["view_{$id}"] = access::ALLOW; } } } } switch (count($this->view_restrictions)) { case 0: break; case 1: $this->where($this->view_restrictions[0], access::ALLOW); break; default: $this->open_paren(); $this->where($this->view_restrictions[0], access::ALLOW); $this->orwhere($this->view_restrictions[1]); $this->close_paren(); break; } return $this; }
function change($command, $group_id, $perm_id, $item_id) { access::verify_csrf(); $group = ORM::factory("group", $group_id); $perm = ORM::factory("permission", $perm_id); $item = ORM::factory("item", $item_id); access::required("view", $item); access::required("edit", $item); if ($group->loaded && $perm->loaded && $item->loaded) { switch ($command) { case "allow": access::allow($group, $perm->name, $item); break; case "deny": access::deny($group, $perm->name, $item); break; case "reset": access::reset($group, $perm->name, $item); break; } // If the active user just took away their own edit permissions, give it back. if ($perm->name == "edit") { if (!access::user_can(user::active(), "edit", $item)) { access::allow($group, $perm->name, $item); } } } }
static function header_top($theme) { if ($theme->page_type != "login") { $view = new View("login.html"); $view->user = user::active(); return $view->render(); } }
function is_admin() { if (user::active()->admin) { print json_encode(array("result" => "success", "csrf" => access::csrf_token())); return; } print json_encode(array("result" => "failure")); }
static function site_menu($menu, $theme) { $item = $theme->item(); $paths = unserialize(module::get_var("server_add", "authorized_paths")); if ($item && user::active()->admin && $item->is_album() && !empty($paths) && is_writable($item->is_album() ? $item->file_path() : $item->parent()->file_path())) { $menu->get("add_menu")->append(Menu::factory("dialog")->id("server_add")->label(t("Server add"))->url(url::site("server_add/browse/{$item->id}"))); } }
public function form_edit($id) { $user = user::lookup($id); if ($user->guest || $user->id != user::active()->id) { access::forbidden(); } print $this->_get_edit_form($user); }
/** * Create a new movie. * @param integer $parent_id id of parent album * @param string $filename path to the photo file on disk * @param string $name the filename to use for this photo in the album * @param integer $title the title of the new photo * @param string $description (optional) the longer description of this photo * @return Item_Model */ static function create($parent, $filename, $name, $title, $description = null, $owner_id = null) { if (!$parent->loaded || !$parent->is_album()) { throw new Exception("@todo INVALID_PARENT"); } if (!is_file($filename)) { throw new Exception("@todo MISSING_MOVIE_FILE"); } if (strpos($name, "/")) { throw new Exception("@todo NAME_CANNOT_CONTAIN_SLASH"); } // We don't allow trailing periods as a security measure // ref: http://dev.kohanaphp.com/issues/684 if (rtrim($name, ".") != $name) { throw new Exception("@todo NAME_CANNOT_END_IN_PERIOD"); } $movie_info = movie::getmoviesize($filename); // Force an extension onto the name $pi = pathinfo($filename); if (empty($pi["extension"])) { $pi["extension"] = image_type_to_extension($movie_info[2], false); $name .= "." . $pi["extension"]; } $movie = ORM::factory("item"); $movie->type = "movie"; $movie->title = $title; $movie->description = $description; $movie->name = $name; $movie->owner_id = $owner_id ? $owner_id : user::active(); $movie->width = $movie_info[0]; $movie->height = $movie_info[1]; $movie->mime_type = strtolower($pi["extension"]) == "mp4" ? "video/mp4" : "video/x-flv"; $movie->thumb_dirty = 1; $movie->resize_dirty = 1; $movie->sort_column = "weight"; $movie->rand_key = (double) mt_rand() / (double) mt_getrandmax(); // Randomize the name if there's a conflict while (ORM::Factory("item")->where("parent_id", $parent->id)->where("name", $movie->name)->find()->id) { // @todo Improve this. Random numbers are not user friendly $movie->name = rand() . "." . $pi["extension"]; } // This saves the photo $movie->add_to_parent($parent); // If the thumb or resize already exists then rename it if (file_exists($movie->resize_path()) || file_exists($movie->thumb_path())) { $movie->name = $pi["filename"] . "-" . rand() . "." . $pi["extension"]; $movie->save(); } copy($filename, $movie->file_path()); module::event("item_created", $movie); // Build our thumbnail graphics::generate($movie); // If the parent has no cover item, make this it. if (access::can("edit", $parent) && $parent->album_cover_item_id == null) { item::make_album_cover($movie); } return $movie; }
public function index() { $user = user::active(); user::logout(); log::info("user", t("User %name logged out", array("name" => $user->name)), html::anchor("user/{$user->id}", $user->name)); if ($this->input->get("continue")) { url::redirect($this->input->get("continue")); } }
public function index() { if (!user::active()->admin) { url::redirect("albums/1"); } $v = new View("after_install.html"); $v->user = user::active(); print $v; }
/** * Initialization. */ static function gallery_ready() { user::load_user(); $locale = user::active()->locale; if (!empty($locale)) { // TODO(andy_st): Check session data as well. I18n::instance()->locale($locale); } }
public function index() { if (!user::active()->admin) { url::redirect(item::root()->abs_url()); } $v = new View("welcome_message.html"); $v->user = user::active(); print $v; }
static function remove_watch($item, $user = null) { if ($item->is_album()) { if (empty($user)) { $user = user::active(); } $subscription = ORM::factory("subscription")->where("item_id", $item->id)->where("user_id", $user->id)->find()->delete(); } }
/** * If Gallery is in maintenance mode, then force all non-admins to get routed to a "This site is * down for maintenance" page. */ static function maintenance_mode() { $maintenance_mode = Kohana::config("core.maintenance_mode", false, false); if (Router::$controller != "login" && !empty($maintenance_mode) && !user::active()->admin) { Router::$controller = "maintenance"; Router::$controller_path = MODPATH . "gallery/controllers/maintenance.php"; Router::$method = "index"; } }
public function toggle_l10n_mode() { access::verify_csrf(); if (!user::active()->admin) { access::forbidden(); } $session = Session::instance(); $session->set("l10n_mode", !$session->get("l10n_mode", false)); url::redirect("albums/1"); }
/** * Attempts to load a view and pre-load view data. * * @throws Kohana_Exception if the requested view cannot be found * @param string $name view name * @param string $theme_name view name * @return void */ public function __construct($name) { parent::__construct($name); $this->theme_name = module::get_var("core", "active_admin_theme"); if (user::active()->admin) { $this->theme_name = Input::instance()->get("theme", $this->theme_name); } $this->set_global('theme', $this); $this->set_global('user', user::active()); }
static function album($menu, $theme) { if (!user::active()->guest) { $item = $theme->item(); if ($item) { $watching = notification::is_watching($item); $menu->append(Menu::factory("link")->id("watch")->label(t("Enable notifications for this album"))->url(url::site("notification/watch/{$item->id}?csrf=" . access::csrf_token()))->css_id($watching ? "gRemoveWatchLink" : "gAddWatchLink")); } } }
static function site_menu($menu, $theme) { if (!user::active()->guest) { $item = $theme->item(); if ($item && $item->is_album() && access::can("view", $item)) { $watching = notification::is_watching($item); $label = $watching ? t("Remove notifications") : t("Enable notifications"); $menu->get("options_menu")->append(Menu::factory("link")->id("watch")->label($label)->css_id("gNotifyLink")->url(url::site("notification/watch/{$item->id}?csrf=" . access::csrf_token()))); } } }
static function add_from_server($task) { $context = unserialize($task->context); try { $paths = array_keys(unserialize(module::get_var("server_add", "authorized_paths"))); $path = $paths[$context["next_path"]]; if (!empty($context["files"][$path])) { $file = $context["files"][$path][$context["position"]]; $parent = ORM::factory("item", $file["parent_id"]); access::required("server_add", $parent); access::required("add", $parent); if (!$parent->is_album()) { throw new Exception("@todo BAD_ALBUM"); } $name = $file["name"]; if ($file["type"] == "album") { $album = ORM::factory("item")->where("name", $name)->where("parent_id", $parent->id)->find(); if (!$album->loaded) { $album = album::create($parent, $name, $name, null, user::active()->id); } // Now that we have a new album. Go through the remaining files to import and change the // parent_id of any file that has the same relative path as this album's path. $album_path = "{$file['path']}/{$name}"; for ($idx = $context["position"] + 1; $idx < count($context["files"][$path]); $idx++) { if (strpos($context["files"][$path][$idx]["path"], $album_path) === 0) { $context["files"][$path][$idx]["parent_id"] = $album->id; } } } else { $extension = strtolower(substr(strrchr($name, '.'), 1)); $source_path = "{$path}{$file['path']}/{$name}"; if (in_array($extension, array("flv", "mp4"))) { $movie = movie::create($parent, $source_path, $name, $name, null, user::active()->id); } else { $photo = photo::create($parent, $source_path, $name, $name, null, user::active()->id); } } $context["counter"]++; if (++$context["position"] >= count($context["files"][$path])) { $context["next_path"]++; $context["position"] = 0; } } else { $context["next_path"]++; } } catch (Exception $e) { $context["errors"][$path] = $e->getMessage(); } $task->context = serialize($context); $task->state = "success"; $task->percent_complete = $context["counter"] / (double) $context["total"] * 100; $task->done = $context["counter"] == (double) $context["total"]; }
/** * Add a log entry. * * @param string $category an arbitrary category we can use to filter log messages * @param string $message a detailed log message * @param integer $severity INFO, WARNING or ERROR * @param string $html an html snippet presented alongside the log message to aid the admin */ private static function _add($category, $message, $html, $severity) { $log = ORM::factory("log"); $log->category = $category; $log->message = $message; $log->severity = $severity; $log->html = $html; $log->url = substr(url::abs_current(true), 0, 255); $log->referer = request::referrer(null); $log->timestamp = time(); $log->user_id = user::active()->id; $log->save(); }
static function create($task_def, $context) { $task = ORM::factory("task"); $task->callback = $task_def->callback; $task->name = $task_def->name; $task->percent_complete = 0; $task->status = ""; $task->state = "started"; $task->owner_id = user::active()->id; $task->context = serialize($context); $task->save(); return $task; }
public function __construct($theme = null) { if (!user::active()->admin) { access::forbidden(); } parent::__construct(); }