function create_session($session, $remember = false)
{
$a = new Application();
$a->user_id = $this->id;
$a->token = koken_rand();
$a->role = 'god';
$a->save();
$session->set_userdata(array('token' => $a->token, 'user' => $this->to_array()));
if ($remember) {
$token = koken_rand();
$this->remember_me = $token;
$this->save();
$this->load->helper('cookie');
set_cookie(array('name' => 'remember_me', 'value' => $token, 'expire' => 1209600));
}
return $a->token;
}
function grant()
{
$auth = $this->authenticate();
if (!$auth) {
$this->error('401', 'Not logged in.');
return;
}
if ($auth[2] != 'god') {
$this->error('403', 'Applications can only be authenticated via the Koken console.');
return;
}
$roles = array('read', 'read-write');
if (!in_array($_POST['role'], $roles)) {
$this->_error(400, "Incorrect role request. Valid values are \"read\" and \"read-write\"", 'html');
}
$_POST['token'] = koken_rand();
$a = new Application();
$a->from_array($_POST, array(), true);
$this->redirect('/auth/token:' . $auth[1]);
exit;
}
function reset_password($id = false)
{
$koken_url_info = $this->config->item('koken_url_info');
$this->load->library('email');
if (isset($_POST['email']) && !empty($_POST['email'])) {
$user = $_POST['email'];
$u = new User();
$u->where('email', $user)->get();
if ($u->exists()) {
$subject = 'Koken: Password reset requested';
$message = "Hi there -\n\nSomeone (hopefully you!) just requested that the password to your Koken installation at {$koken_url_info->base} be reset. If you did not request a password reset, ignore this email and your password will stay the same. If you do need your password reset, click the link below.\n\n{$koken_url_info->base}api.php?/users/reset_password/{$u->internal_id}\n\n- Koken";
Shutter::email($u->email, 'Koken', $u->email, $subject, $message);
$this->set_response_data(array('success' => true));
} else {
$this->error('404', 'User not found.');
return;
}
} else {
if ($id) {
$u = new User();
$u->where('internal_id', $id)->get();
if ($u->exists()) {
$new = substr(koken_rand(), 0, 8);
$u->password = $new;
$u->save();
$subject = 'Koken: Your password has been reset';
$message = "Your Koken password has been successfully reset.\n\nYour new password: {$new}\n\n- Koken";
Shutter::email($u->email, 'Koken', $u->email, $subject, $message);
header("Location: {$koken_url_info->base}admin/#/reset");
exit;
} else {
$this->error('404', 'User not found.');
return;
}
} else {
$this->error('400', 'Bad request');
return;
}
}
}
function index()
{
list($params, $id, $slug) = $this->parse_params(func_get_args());
$params['auth'] = $this->auth;
// Create or update
if ($this->method != 'get') {
$a = new Album();
switch ($this->method) {
case 'post':
case 'put':
if ($this->method == 'put') {
if (isset($params['order'])) {
$this->_order($params['order']);
$this->redirect("/albums");
} else {
if (is_null($id)) {
$this->error('403', 'Required parameter "id" not present.');
return;
}
}
// Update
$a->get_by_id($id);
if (!$a->exists()) {
$this->error('404', "Album with ID: {$id} not found.");
return;
}
$a->old_created_on = $a->created_on;
$a->old_published_on = $a->published_on;
$a->old_visibility = $a->visibility;
$a->current_slug = $a->slug;
} else {
if (isset($_POST['from_directory'])) {
// Cache this to prevent tag spillage from IPTC
$tags_cache = $_POST['tags'];
if (is_dir($_POST['from_directory'])) {
$_POST['tags'] = '';
$this->load->helper('directory', 1);
$files = directory_map($_POST['from_directory']);
$content_ids = array();
foreach ($files as $file) {
$c = new Content();
$file = $_POST['from_directory'] . DIRECTORY_SEPARATOR . $file;
$filename = basename($file);
list($internal_id, $path) = $c->generate_internal_id();
if (file_exists($file)) {
if ($path) {
$path .= $filename;
} else {
$this->error('500', 'Unable to create directory for upload.');
return;
}
copy($file, $path);
$from = array();
$from['filename'] = $filename;
$from['internal_id'] = $internal_id;
$from['file_modified_on'] = time();
$c->from_array($from, array(), true);
$content_ids[] = $c->id;
}
}
}
$_POST['tags'] = $tags_cache;
}
}
// Don't allow these fields to be saved generically
$private = array('parent_id', 'left_id', 'right_id');
if ($a->exists()) {
$private[] = 'album_type';
}
if (isset($_REQUEST['reset_internal_id']) && $_REQUEST['reset_internal_id'] && $a->exists()) {
array_shift($private);
$_POST['internal_id'] = koken_rand();
} else {
$private[] = 'internal_id';
}
foreach ($private as $p) {
unset($_POST[$p]);
}
if ($a->has_db_permission('lock tables')) {
$s = new Slug();
$t = new Tag();
$c = new Content();
$cat = new Category();
$this->db->query("LOCK TABLE {$a->table} WRITE, {$c->table} WRITE, {$s->table} WRITE, {$t->table} WRITE, {$cat->table} WRITE, {$a->db_join_prefix}albums_content READ, {$a->db_join_prefix}albums_categories READ, {$a->db_join_prefix}albums_tags READ");
$locked = true;
} else {
$locked = false;
}
try {
$a->from_array($_POST, array(), true);
} catch (Exception $e) {
$this->error('400', $e->getMessage());
return;
}
if ($locked) {
$this->db->query('UNLOCK TABLES');
}
if (isset($_POST['tags'])) {
$a->_format_tags($_POST['tags']);
} else {
if ($this->method === 'put' && isset($_POST['visibility'])) {
$a->_update_tag_counts();
}
}
$arr = $a->to_array();
if ($this->method === 'post') {
Shutter::hook('album.create', $arr);
} else {
Shutter::hook('album.update', $arr);
}
if (isset($content_ids)) {
$clean = new Album();
$clean = $clean->get_by_id($a->id);
$clean->manage_content(join(',', $content_ids), 'post', true);
}
$this->redirect("/albums/{$a->id}");
break;
case 'delete':
if (is_null($id)) {
$this->error('403', 'Required parameter "id" not present.');
return;
} else {
$prefix = preg_replace('/albums$/', '', $a->table);
if ($id === 'trash') {
$id = array();
$trash = new Trash();
$trash->like('id', 'album-')->select_func('REPLACE', '@id', 'album-', '', 'actual_id')->get_iterated();
foreach ($trash as $item) {
$id[] = (int) $item->actual_id;
}
} else {
if (is_numeric($id)) {
$id = array($id);
} else {
$id = explode(',', $id);
}
}
$tags = array();
// Need to loop individually here, otherwise tree can break down
foreach ($id as $album_id) {
$al = new Album();
$al->get_by_id($album_id);
if ($al->exists()) {
$tags = array_merge($tags, $al->tags);
$this->db->query("DELETE FROM {$prefix}trash WHERE id = 'album-{$al->id}'");
if ($al->right_id - $al->left_id > 1) {
$children = new Album();
$subs = $children->where('deleted', $al->deleted)->where('visibility', $al->visibility)->where('left_id >', $al->left_id)->where('right_id <', $al->right_id)->where('level >', $al->level)->get_iterated();
foreach ($subs as $sub_album) {
Shutter::hook('album.delete', $sub_album->to_array());
$sub_album->delete();
}
}
$s = new Slug();
$this->db->query("DELETE FROM {$s->table} WHERE id = 'album.{$al->slug}'");
Shutter::hook('album.delete', $al->to_array());
$al->delete();
}
}
$al->update_set_counts();
}
exit;
break;
}
}
$a = new Album();
// No id, so we want a list
if (is_null($id) && !$slug) {
$final = $a->listing($params);
} else {
$defaults = array('neighbors' => false, 'include_empty_neighbors' => false);
$options = array_merge($defaults, $params);
$with_token = false;
if (is_numeric($id)) {
$album = $a->where('deleted', 0)->get_by_id($id);
} else {
if ($slug) {
$album = $a->where('deleted', 0)->group_start()->where('internal_id', $slug)->or_where('slug', $slug)->or_like('old_slug', ',' . $slug . ',', 'both')->group_end()->get();
} else {
$album = $a->where('deleted', 0)->where('internal_id', $id)->get();
}
if ($album->exists() && $album->internal_id === (is_null($id) ? $slug : $id)) {
$with_token = true;
}
}
if (!$album->exists()) {
$this->error('404', 'Album not found.');
return;
}
if ($a->exists()) {
if ($a->visibility > 0 && !$this->auth && !$with_token) {
if ($a->visibility > 1) {
// Private content should 404, leave no trace, etc.
$this->error('404', 'Album not found.');
} else {
$this->error('403', 'Private content.');
}
return;
}
$final = $album->to_array($params);
$final['context'] = $album->context($options, $this->auth);
} else {
$this->error('404', "Album with ID: {$id} not found.");
return;
}
// TODO: This history stuff won't work here anymore
// if ($this->method == 'put')
// {
// $h = new History();
// $h->message = array( 'album:update', $a->title );
// $h->save();
// }
// else if ($this->method == 'post')
// {
// $h = new History();
// $h->message = array( 'album:create', $a->title );
// $h->save();
// }
}
$this->set_response_data($final);
}
/**
* Create internal ID if one is not present
*/
function _internalize($field)
{
$this->{$field} = koken_rand();
}
function generate_internal_id($reset = false)
{
$base = FCPATH . DIRECTORY_SEPARATOR . 'storage' . DIRECTORY_SEPARATOR . 'originals' . DIRECTORY_SEPARATOR;
if ($this->exists()) {
if ($reset) {
$internal_id = substr($this->internal_id, 0, 4) . substr(koken_rand(), 4);
} else {
$internal_id = $this->internal_id;
}
$path = $base . $this->path;
} else {
$internal_id = koken_rand();
$hash = substr($internal_id, 0, 2) . DIRECTORY_SEPARATOR . substr($internal_id, 2, 2);
$path = $base . $hash;
if (!make_child_dir($path)) {
$path = false;
}
}
return array($internal_id, $path . DIRECTORY_SEPARATOR);
}
protected final function request_token()
{
if (class_exists('Application') && isset($_POST)) {
$a = new Application();
$a->single_use = 1;
$a->role = 'read-write';
$a->token = koken_rand();
$a->save();
return $a->token;
} else {
return false;
}
}