function forgot()
{
if (get_request_method() == 'POST') {
return $this->_sendPasswordTo($_POST['forgot']['email']);
}
$this->display('login/forgot', array('email' => Flash::get('email')));
}
public function settings()
{
$errors = false;
if (get_request_method() == 'POST') {
$data = $_POST['settings'];
$settings = array();
$settings['filemanager_base'] = preg_replace('/\\s+/', '', $data['filemanager_base']);
$settings['filemanager_base'] = trim($settings['filemanager_base'], '/');
$settings['filemanager_view'] = isset($data['filemanager_view']) ? $data['filemanager_view'] : 'grid';
// image extensions
if (isset($data['filemanager_images'])) {
$settings['filemanager_images'] = serialize($data['filemanager_images']);
} else {
$errors[] = __("You need to select at least one image extension!");
}
$settings['filemanager_upload_size'] = !empty($data['filemanager_upload_size']) && is_numeric($data['filemanager_upload_size']) ? $data['filemanager_upload_size'] : '0';
$settings['filemanager_dateformat'] = !empty($data['filemanager_dateformat']) ? trim($data['filemanager_dateformat']) : 'd M Y H:i';
$booleans = array('filemanager_enabled', 'filemanager_browse_only', 'filemanager_upload_overwrite', 'filemanager_upload_images_only');
foreach ($booleans as $bool) {
$settings[$bool] = isset($data[$bool]) && $data[$bool] == 1 ? '1' : '0';
}
if (Plugin::setAllSettings($settings, 'ckeditor')) {
Flash::setNow('success', 'Settings were updated successfully');
} else {
$errors[] = __("There was a problem saving the settings.");
}
} else {
$settings = Plugin::getAllSettings('ckeditor');
}
if ($errors !== false) {
Flash::setNow('error', implode('<br/>', $errors));
}
$this->display('settings', array('settings' => $settings));
}
public function __construct()
{
parent::__construct();
if (get_request_method() != 'AJAX') {
die('error request');
}
}
function index()
{
// check if trying to save
if (get_request_method() == 'POST') {
return $this->_save();
}
$this->display('setting/index');
}
/**
* Calls save function or displays settings screen.
*/
public final function index()
{
// check if trying to save
if (get_request_method() == 'POST') {
$this->_save();
}
$this->display('setting/index', array('csrf_token' => SecureToken::generateToken(BASE_URL . 'setting')));
}
function edit($id)
{
if (!($snippet = Snippet::findById($id))) {
Flash::set('error', __('Snippet not found!'));
redirect(get_url('snippet'));
}
// check if trying to save
if (get_request_method() == 'POST') {
return $this->_edit($id);
}
$this->display('snippet/edit', array('action' => 'edit', 'filters' => Filter::findAll(), 'snippet' => $snippet));
}
public function edit($id)
{
if (!($gallery = Gallery::findById($id))) {
Flash::set('error', __('Image is not found!'));
redirect(get_url('gallery'));
}
// check if trying to save
if (get_request_method() == 'POST') {
return $this->_edit($id);
}
$this->display('gallery/view', array('gallery' => $gallery));
}
function edit($id)
{
if (!($layout = Layout::findById($id))) {
Flash::set('error', __('Layout not found!'));
redirect(get_url('layout'));
}
// check if trying to save
if (get_request_method() == 'POST') {
return $this->_edit($id);
}
// display things...
$this->display('layout/edit', array('action' => 'edit', 'layout' => $layout));
}
function edit($id = null)
{
if (is_null($id)) {
redirect(get_url('plugin/comment'));
}
if (!($comment = Comment::findById($id))) {
Flash::set('error', __('comment not found!'));
redirect(get_url('plugin/comment'));
}
// check if trying to save
if (get_request_method() == 'POST') {
return $this->_edit($id);
}
// display things...
$this->display('comment/views/edit', array('action' => 'edit', 'comment' => $comment));
}
function edit($id)
{
if (AuthUser::getId() != $id && !AuthUser::hasPermission('administrator')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}
// check if trying to save
if (get_request_method() == 'POST') {
return $this->_edit($id);
}
if ($user = User::findById($id)) {
$this->display('user/edit', array('action' => 'edit', 'user' => $user, 'permissions' => Record::findAllFrom('Permission')));
} else {
Flash::set('error', __('User not found!'));
}
redirect(get_url('user'));
}
private function _send_headers()
{
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
if (get_request_method() == 'AJAX') {
//if( $this->param('ajaxtp') == 'xml' ) {
// header('Content-type: application/xml; charset=utf-8');
//}
//else {
header('Content-type: text/plain; charset=utf-8');
//}
} else {
header('Content-type: text/html; charset=utf-8');
}
}
/**
* Saves the edited Snippet.
*
* @todo Merge _edit() and edit()
*
* @param string $id Snippet id.
*/
public function edit($id)
{
// check if user have already enter something
$snippet = Flash::get('post_data');
if (empty($snippet)) {
$snippet = Snippet::findById($id);
if (!$snippet) {
Flash::set('error', __('Snippet not found!'));
redirect(get_url('snippet'));
}
}
// check if trying to save
if (get_request_method() == 'POST') {
$this->_edit($id);
}
$this->display('snippet/edit', array('action' => 'edit', 'csrf_token' => SecureToken::generateToken(BASE_URL . 'snippet/edit'), 'filters' => Filter::findAll(), 'snippet' => $snippet));
}
public function collection_update($id = null)
{
if (is_null($id)) {
redirect(get_url('plugin/ecommerce/collection'));
}
if (!($collection = Collection::findById($id))) {
Flash::set('error', __('Collection not found!'));
redirect(get_url('plugin/ecommerce/collection'));
}
if (get_request_method() == 'POST') {
$collection_id = $this->_collection_save($id, 'collection', 'Collection');
//insert log
$this->_insert_log('Collection <a href="' . get_url('plugin/ecommerce/collection_update/' . $collection_id) . '">' . $_POST['collection']['title'] . '</a> was updated.');
redirect(get_url('plugin/ecommerce/collection'));
}
//get products
global $__FROG_CONN__;
$sql = 'select pc.id, pc.collection_id, pc.product_id, p.title, pc.position from ecommerce_collection c inner join ecommerce_product_collection pc on c.id = pc.collection_id inner join ecommerce_product p on p.id = pc.product_id where c.id = ' . $id . ' order by pc.position;';
$stmt = $__FROG_CONN__->prepare($sql);
$stmt->execute();
$products = $stmt->fetchAll();
$this->display('ecommerce/views/collections/update', array('action' => 'update', 'collection' => $collection, 'products' => $products));
}
public function add()
{
// check if trying to save
if (get_request_method() == 'POST') {
return $this->_add();
}
// check if user have already enter something
$sidebarlink = Flash::get('post_data');
if (empty($sidebarlink)) {
$sidebarlink = new SidebarLink();
}
$this->browse();
}
private function _check($permission = NULL)
{
global $pawUsers;
if (!$pawUsers->isLoggedIn()) {
$this->_redirect(get_url("login"));
}
if ($permission !== NULL && !$pawUsers->permissions->hasPermission($permission)) {
Flash::set("error", __("You don't have the Permission to access the requested page!"));
if (Setting::get("default_tab") === "user") {
$this->_redirect(get_url("page"));
} else {
$this->_redirect();
}
}
return get_request_method();
}
/**
* Provides a nice print out of the stack trace when an exception is thrown.
*
* @param Exception $e Exception object.
*/
function framework_exception_handler($e)
{
if (!DEBUG) {
page_not_found();
}
echo '<style>h1,h2,h3,p,td {font-family:Verdana; font-weight:lighter;}</style>';
echo '<p>Uncaught ' . get_class($e) . '</p>';
echo '<h1>' . $e->getMessage() . '</h1>';
$traces = $e->getTrace();
if (count($traces) > 1) {
echo '<p><b>Trace in execution order:</b></p>' . '<pre style="font-family:Verdana; line-height: 20px">';
$level = 0;
foreach (array_reverse($traces) as $trace) {
++$level;
if (isset($trace['class'])) {
echo $trace['class'] . '→';
}
$args = array();
if (!empty($trace['args'])) {
foreach ($trace['args'] as $arg) {
if (is_null($arg)) {
$args[] = 'null';
} else {
if (is_array($arg)) {
$args[] = 'array[' . sizeof($arg) . ']';
} else {
if (is_object($arg)) {
$args[] = get_class($arg) . ' Object';
} else {
if (is_bool($arg)) {
$args[] = $arg ? 'true' : 'false';
} else {
if (is_int($arg)) {
$args[] = $arg;
} else {
$arg = htmlspecialchars(substr($arg, 0, 64));
if (strlen($arg) >= 64) {
$arg .= '...';
}
$args[] = "'" . $arg . "'";
}
}
}
}
}
}
}
echo '<b>' . $trace['function'] . '</b>(' . implode(', ', $args) . ') ';
echo 'on line <code>' . (isset($trace['line']) ? $trace['line'] : 'unknown') . '</code> ';
echo 'in <code>' . (isset($trace['file']) ? $trace['file'] : 'unknown') . "</code>\n";
echo str_repeat(" ", $level);
}
echo '</pre>';
}
echo "<p>Exception was thrown on line <code>" . $e->getLine() . "</code> in <code>" . $e->getFile() . "</code></p>";
$dispatcher_status = Dispatcher::getStatus();
$dispatcher_status['request method'] = get_request_method();
debug_table($dispatcher_status, 'Dispatcher status');
if (!empty($_GET)) {
debug_table($_GET, 'GET');
}
if (!empty($_POST)) {
debug_table($_POST, 'POST');
}
if (!empty($_COOKIE)) {
debug_table($_COOKIE, 'COOKIE');
}
debug_table($_SERVER, 'SERVER');
}
function latest($limit = 0, $folder = null)
{
$folder = str_replace(':', '/', $folder);
if (trim($folder)) {
$_SESSION['assets_folder'] = $folder;
} else {
$folder = $_SESSION['assets_folder'];
}
if ('AJAX' == get_request_method()) {
$this->setLayout(null);
}
$this->display('assets/views/latest', array('image_array' => assets_latest($limit, $folder)));
}
public function index()
{
// WIDGET SETTINGS
if (get_request_method() == "POST" && isset($_POST["widget_action"]) && isset($_POST["widget_secure_token"])) {
if (DashboardWidgets::setWidgetSettings($_POST["widget_action"], $_POST)) {
redirect(get_url("plugins/dashboard"));
die;
}
}
// RENDER DASHBOARD
ob_start();
$this->renderDashboard();
$this->content = ob_get_contents();
ob_end_clean();
// OUTPUT
$render = new View("../layouts/backend", array("content_for_layout" => $this->content));
$output = $render->render();
print $output;
}
/**
* Edit a page part form.
*
* @param id the id of the page part form to be edited
*/
public function edit($id)
{
if (!($page_part_form = Record::findByIdFrom('PagePartForm', $id))) {
Flash::set('error', __('Page part form not found'));
redirect(get_url(self::PLUGIN_URL));
}
$data = self::Get_data();
if (get_request_method() == 'POST' && $this->check_constraints($data)) {
$this->update($page_part_form, $data);
}
$this->display('edit', array('action' => 'edit', 'page_part_form' => $page_part_form, 'outline_structure' => $this->create_view('structure', array('structure' => self::Get_structure($page_part_form)))));
}
function dashboard_events_widget_render()
{
global $dashboardEvents;
if (get_request_method() == "POST") {
if (isset($_POST["dashboard_events"]) && $_POST["dashboard_events"] == "clear_all") {
$dashboardEvents->clear();
redirect(get_url("plugin/dashboard/"));
die;
}
}
$log_entries = Record::findAllFrom("DashboardLogEntry", "created_on=created_on ORDER BY created_on DESC");
$path = WOLF_PATH_WIDGETS . "events/";
?>
<form method="post" action="">
<table class="dashboardTable" cellpadding="0" cellspacing="0" border="0">
<thead>
<tr>
<th colspan="2"></th>
<th><?php
echo __("Event");
?>
</th>
<th class="moment"><?php
echo __("Time");
?>
<img src="<?php
echo $path;
?>
img/sort.png" /></th>
</tr>
</thead>
<tbody>
<?php
$entrynum = 0;
foreach ($log_entries as $entry) {
?>
<tr class="<?php
echo odd_even();
?>
">
<td class="hidden"><?php
echo $entrynum;
?>
</td>
<td class="priority">
<img src="<?php
echo $path;
?>
img/<?php
echo $entry->priority("string");
?>
.png" title="<?php
echo $entry->priority("string");
?>
" />
</td>
<td class="dashboardMessage"><?php
echo $entry->message;
?>
</td>
<td class="date">
<a title="<?php
echo $entry->created_on;
?>
"><?php
echo DateDifference::getString(new DateTime($entry->created_on));
?>
</a>
</td>
</tr>
<?php
$entrynum++;
}
?>
</tbody>
</table>
<p class="buttons">
<input type="hidden" name="dashboard_events" value="clear_all" />
<input type="submit" name="dashboard_action" value="<?php
echo __("Clear all");
?>
" class="button" />
</p>
</form>
<?php
}
/**
* Action to edit a page.
*
* @aram int $id Page ID for page to edit.
* @return <type>
*/
public function edit($id)
{
if (!is_numeric($id)) {
redirect(get_url('page'));
}
// Check if trying to save.
if (get_request_method() == 'POST') {
return $this->_store('edit', $id);
}
$page = Page::findById($id);
if (!$page) {
Flash::set('error', __('Page not found!'));
redirect(get_url('page'));
}
// check for protected page and editor user
if (!AuthUser::hasPermission('page_edit') || !AuthUser::hasPermission('admin_edit') && $page->is_protected) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url('page'));
}
// Encode the string to prevent page title input break
// Unless people specify "Allow html in title" in the backend.
// Then only replace double quotes.
if (!Setting::get('allow_html_title')) {
$page->title = html_encode($page->title);
} else {
$page->title = str_replace('"', '"', $page->title);
}
// find all page_part of this pages
$page_parts = PagePart::findByPageId($id);
if (empty($page_parts)) {
$page_parts = array(new PagePart());
}
// display things ...
$this->setLayout('backend');
$this->display('page/edit', array('action' => 'edit', 'csrf_token' => SecureToken::generateToken(BASE_URL . 'page/edit'), 'page' => $page, 'tags' => $page->getTags(), 'filters' => Filter::findAll(), 'behaviors' => Behavior::findAll(), 'page_parts' => $page_parts, 'layouts' => Record::findAllFrom('Layout', '1=1 ORDER BY position')));
}
function edit_feature($id)
{
// check if trying to save
if (get_request_method() == 'POST') {
// form submission
$this->_checkPermission();
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'facilities/edit_feature/' . $id)) {
Flash::set('error', __('Invalid CSRF token found!'));
redirect(get_url('facilities/edit_feature/' . $id));
}
} else {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('facilities/edit_feature/' . $id));
}
$data = $_POST['upload'];
$path = str_replace('..', '', $data['path']);
$overwrite = isset($data['overwrite']) ? true : false;
$title = $_POST['title'];
$featureimage = FeatureImage::findById($id);
if (!empty($_FILES['upload_feature_file']['name']) && !file_exists(FILES_DIR . '/facilities/feature/' . $_FILES['upload_feature_file']['tmp_name'])) {
$file = $this->upload_feature_file($featureimage->facilitiesid, $featureimage->id, $title, $_FILES['upload_feature_file']['name'], FILES_DIR . '/facilities/feature/', $_FILES['upload_feature_file']['tmp_name'], $overwrite);
if ($file === false) {
Flash::set('error', __('File has not been uploaded!'));
redirect(get_url('facilities/edit_feature/' . $id));
}
} else {
$featureimage->title = $title;
if (!$featureimage->save()) {
Flash::set('error', __('Feature could not be saved!'));
} else {
Flash::set('success', __('Feature has been saved!'));
}
}
if (isset($_POST['commit'])) {
redirect(get_url('facilities/edit/' . $featureimage->facilitiesid));
} else {
redirect(get_url('facilities/edit_feature/' . $id));
}
} else {
// display edit page
$feature = FeatureImage::findById($id);
$this->display('facilities/edit_feature', array('csrf_token' => SecureToken::generateToken(BASE_URL . 'facilities/edit_feature/' . $id), 'feature' => $feature));
}
}
// Include the upload handler class
require_once "handler.php";
$uploader = new UploadHandler();
// Specify the list of valid extensions, ex. array("jpeg", "xml", "bmp")
$uploader->allowedExtensions = array();
// all files types allowed by default
// Specify max file size in bytes.
$uploader->sizeLimit = 20 * 1024 * 1024;
// default is 10 MiB
// Specify the input name set in the javascript.
$uploader->inputName = "qqfile";
// matches Fine Uploader's default inputName value by default
// If you want to use the chunking/resume feature, specify the folder to temporarily save parts.
$uploader->chunksFolder = "chunks";
//$method = $_SERVER["REQUEST_METHOD"];
$method = get_request_method();
// This will retrieve the "intended" request method. Normally, this is the
// actual method of the request. Sometimes, though, the intended request method
// must be hidden in the parameters of the request. For example, when attempting to
// send a DELETE request in a cross-origin environment in IE9 or older, it is not
// possible to send a DELETE request. So, we send a POST with the intended method,
// DELETE, in a "_method" parameter.
function get_request_method()
{
global $HTTP_RAW_POST_DATA;
// This should only evaluate to true if the Content-Type is undefined
// or unrecognized, such as when XDomainRequest has been used to
// send the request.
if (isset($HTTP_RAW_POST_DATA)) {
parse_str($HTTP_RAW_POST_DATA, $_POST);
}
public function edit($id = null)
{
if (is_null($id)) {
redirect(get_url('page'));
}
$page = Page::findById($id);
if (!$page) {
Flash::set('error', __('Page not found!'));
redirect(get_url('page'));
}
// check for protected page and editor user
if (!AuthUser::hasPermission('administrator') && !AuthUser::hasPermission('developer') && $page->is_protected) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url('page'));
}
// check if trying to save
if (get_request_method() == 'POST') {
return $this->_edit($id);
}
// find all page_part of this pages
$page_parts = PagePart::findByPageId($id);
if (empty($page_parts)) {
$page_parts = array(new PagePart());
}
$tag_array = array();
foreach ($page->tags() as $tag) {
$tag_array[] = $tag->name();
}
// display things ...
$this->setLayout('backend');
$this->display('page/edit', array('action' => 'edit', 'page' => $page, 'tags' => $tag_array, 'filters' => Filter::findAll(), 'behaviors' => Behavior::findAll(), 'page_parts' => $page_parts, 'layouts' => Layout::find(array('order' => 'position'))));
}
public function add()
{
// check if trying to save
if (get_request_method() == 'POST') {
return $this->_add();
}
// check if user have already enter something
$news = Flash::get('post_data');
if (empty($news)) {
$news = new News();
}
$this->browse();
}
public function edit($id)
{
if (!($tag = Tagger::findById($id))) {
Flash::set('error', __('Tag not found!'));
redirect(get_url('plugin/tagger'));
}
// check if trying to save
if (get_request_method() == 'POST') {
return $this->_edit($id);
}
$this->display('tagger/views/edit', array('action' => 'edit', 'tag' => $tag));
}
public function edit($id)
{
if (!($testimonial = Testimonial::findById($id))) {
Flash::set('error', __('Testimonial not found!'));
redirect(get_url('testimonial'));
}
// check if trying to save
if (get_request_method() == 'POST') {
return $this->_edit($id);
}
//$testimonialgalleries = TestimonialImage::findByTestimonialId($id);
//$features = FeatureImage::findByTestimonialId($id);
$this->display('testimonial/edit', array('action' => 'edit', 'csrf_token' => SecureToken::generateToken(BASE_URL . 'testimonial/edit/' . $id), 'testimonial' => $testimonial, 'id' => $id, 'pages' => Record::findAllFrom('Page', 'parent_id=1 order by parent_id,position')));
}
public function delete()
{
global $pawUsers;
// CHECK IF USER IS LOGGED IN
if (!$pawUsers->isLoggedIn()) {
$this->_redirect(get_url("login"));
}
// GET PARAMETER
$input = func_get_args();
$input = array_slice(array_pad($input, 1, NULL), 0, 1);
$input = array_combine(array("user"), $input);
// GET USER
if (is_numeric($input["user"]) && ($user = $pawUsers->getUser($input["user"], "id") !== false)) {
$input["user"] = $user->username;
}
// GET POST
$delete = false;
if (get_request_method() === "POST" && isset($_POST["account"])) {
$post = $_POST["account"];
if (isset($post["action"]) && $post["action"] == "delete") {
$delete = $this->_action("delete", $post);
$input["user"] = isset($post["user"]) ? $post["user"] : $input["user"];
}
}
// DISPLAY PAGE
if ($delete === true) {
$redirect = $pawUsers->config["redirect_pages"]["delete"];
if (defined("CMS_BACKEND") && CMS_BACKEND == true && startsWith($redirect, ADMIN_DIR . "/")) {
$redirect = str_replace(ADMIN_DIR . "/", "", $redirect);
}
if (!startsWith($redirect, "http") && !startsWith($redirect, "www")) {
$redirect = get_url($redirect);
}
$this->_redirect($redirect . "?success=delete");
} else {
$this->display("../../plugins/paw_users/admin/account", array("action" => "delete", "input" => paw_xss_cleaner($input), "redirect" => $this->_redirect(false), "errors" => $this->errors, "success" => $this->success));
}
}
public function add()
{
// check if trying to save
if (get_request_method() == 'POST') {
return $this->_add();
}
// check if user have already enter something
$about = Flash::get('post_data');
if (empty($about)) {
$about = new About();
}
// $this->display('about/index', array(
// 'action' => 'add',
// 'filters' => Filter::findAll(),
// 'about' => $about
// ));
$this->browse();
}
public function edit($id)
{
if (!($pdf = Pdf::findById($id))) {
Flash::set('error', __('Menu not found!'));
redirect(get_url('pdf'));
}
// check if trying to save
if (get_request_method() == 'POST') {
return $this->_edit($id);
}
//$pdfgalleries = PdfImage::findByPdfId($id);
//$locations = Location::findByPdfId($id);
$this->display('pdf/edit', array('action' => 'edit', 'csrf_token' => SecureToken::generateToken(BASE_URL . 'pdf/edit/' . $id), 'pdf' => $pdf, 'id' => $id, 'pages' => Record::findAllFrom('Page', 'parent_id=1 order by parent_id,position')));
}
