<?php required_params('tag_name'); $tag = Tag::find_by_name(Request::$params->tag_name); if ($tag) { $tag->delete(); } unset(Request::$get_params['tag_name']); respond_to_success('Tag deleted', array('#index', Request::$get_params));
<?php required_params('post'); if (User::is('<=20') && Post::count(array('conditions' => array("user_id = ? AND created_at > ? ", User::$current->id, gmd_math('sub', '1D')))) >= CONFIG::member_post_limit) { respond_to_error("Daily limit exceeded", "#error", array('status' => 421)); } auto_set_params(array('md5')); $status = User::is('>=30') ? 'active' : 'pending'; Request::$params->post = array_merge(Request::$params->post, array('updater_user_id' => User::$current->id, 'updater_ip_addr' => Request::$remote_ip, 'user_id' => User::$current->id, 'ip_addr' => Request::$remote_ip, 'status' => $status, 'tempfile_path' => $_FILES['post']['tmp_name']['file'], 'tempfile_name' => $_FILES['post']['name']['file'], 'is_upload' => true)); $post = Post::create(Request::$params->post); if ($post->record_errors->blank()) { if (Request::$params->md5 && $post->md5 != strtolower(Request::$params->md5)) { $post->destroy(); respond_to_error("MD5 mismatch", '#error', array('status' => 420)); } else { $api_data = array('post_id' => $post->id, 'location' => url_for('post#show', array('id' => $post->id))); if (CONFIG::dupe_check_on_upload && $post->is_image() && empty($post->parent_id)) { // if (Request::$format == "xml" || Request::$format == "json") { // $options = array('services' => SimilarImages::get_services('local'), 'type' => 'post', 'source' => $post); // $res = SimilarImages::similar_images($options); // if (!empty($res['posts'])) { // $post->tags .= " possible_duplicate"; // $post->save(); // $api_data['has_similar_hits'] = true; // } // } $api_data['similar_location'] = url_for('post#similar', array('id' => $post->id, 'initial' => 1)); respond_to_success("Post uploaded", array('#similar', array('id' => $post->id, 'initial' => 1)), array('api' => $api_data)); } else { respond_to_success("Post uploaded", array('#show', array('id' => $post->id, 'tag_title' => $post->tag_title())), array('api' => $api_data)); }
* @package nmAdmin * @author Bill Newman <*****@*****.**> * @version 2.02 2015/07/06 * @link http://www.newmanix.com/ * @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0 * @see admin_login.php * @see admin_dashboard.php * @todo none */ require '../inc_0700/config_inc.php'; #provides configuration, pathing, error handling, db credentials if (isset($_POST['em']) && isset($_POST['pw'])) { //if POST is set, prepare to process form data $params = array('em', 'pw', 'red'); #required fields for login - true disallows other fields if (!required_params($params, true)) { //abort - required fields not sent feedback("Data not properly submitted. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error"); myRedirect($config->adminLogin); die; } if (!ctype_graph($_POST['pw'])) { //data must be alphanumeric or punctuation only feedback("Illegal characters were entered. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error"); myRedirect($config->adminLogin); } if (!onlyEmail($_POST['em'])) { //login must be a legal email address only feedback("Illegal characters were entered. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error"); myRedirect($config->adminLogin); }
<?php required_params('username'); // $user = new User('find_by_name', Request::$params->username); $user = User::find_by_name(Request::$params->username); // vde($user); $ret['exists'] = false; $ret['name'] = Request::$params->username; if (!$user) { $ret['response'] = "unknown-user"; respond_to_success("User does not exist", null, array('api' => $ret)); return; } # Return some basic information about the user even if the password isn't given, for # UI cosmetics. $ret['exists'] = true; $ret['id'] = $user->id; $ret['name'] = $user->name; $ret['no_email'] = empty($user->email); $pass = isset(Request::$params->password) ? Request::$params->password : ""; $user = User::authenticate(Request::$params->username, $pass); if (!$user) { $ret['response'] = "wrong-password"; respond_to_success("Wrong password", null, array('api' => $ret)); return; } $ret['pass_hash'] = $user->password_hash; $ret['user_info'] = $user->user_info_cookie(); $ret['response'] = 'success'; respond_to_success("Successful", null, array('api' => $ret));
<?php required_params('user'); $user = User::create(Request::$params->user); if ($user->record_errors->blank()) { User::save_cookies($user); $ret = array('exists' => false); $ret['name'] = $user->name; $ret['id'] = $user->id; $ret['pass_hash'] = $user->password_hash; $ret['user_info'] = $user->user_info_cookie; $ret['response'] = 'success'; respond_to_success("New account created", "#home", array('api' => $ret)); } else { $error = implode(', ', $user->record_errors->full_messages()); respond_to_success("Error: " . $error, "#signup", array('api' => array('response' => "error", 'errors' => $user->record_errors->full_messages()))); }
<?php required_params('aliases', 'commit'); auto_set_params('reason'); $ids = array_keys(Request::$params->aliases); switch (Request::$params->commit) { case "Delete": $validate_all = true; foreach ($ids as $id) { $ta = TagAlias::find($id); if (!$ta->is_pending || $ta->creator_id != User::$current->id) { $validate_all = false; break; } } if (User::is('>=40') || $validate_all) { foreach ($ids as $x) { $ta = TagAlias::find($x); $ta->destroy_and_notify(User::$current, Request::$params->reason); } notice("Tag aliases deleted"); redirect_to("#index"); } else { access_denied(); } break; case "Approve": if (User::is('>=40')) { foreach ($ids as $x) { // if (CONFIG::enable_asynchronous_tasks) { // JobTask.create(:task_type => "approve_tag_alias", :status => "pending", :data => {"id" => x, "updater_id" => @current_user.id, "updater_ip_addr" => request.remote_ip})
# if Email is set, check for valid data if (!onlyEmail($_POST['Email'])) { //data must be valid email feedback("Data entered for email is not valid", "error"); header('Location:' . ADMIN_PATH . THIS_PAGE); die; } if (!onlyAlphaNum($_POST['PWord1'])) { //data must be alphanumeric or punctuation only feedback("Password must contain letters and numbers only.", "error"); header('Location:' . ADMIN_PATH . THIS_PAGE); die; } $params = array('FirstName', 'LastName', 'PWord1', 'Email', 'Privilege'); #required fields if (!required_params($params)) { //abort - required fields not sent feedback("Data not entered/updated. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error"); header('Location:' . ADMIN_PATH . THIS_PAGE); die; } $iConn = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die(myerror(__FILE__, __LINE__, mysqli_connect_error())); $FirstName = dbIn($_POST['FirstName'], $iConn); $LastName = dbIn($_POST['LastName'], $iConn); $AdminPW = dbIn($_POST['PWord1'], $iConn); $Email = strtolower(dbIn($_POST['Email'], $iConn)); $Privilege = dbIn($_POST['Privilege'], $iConn); #sprintf() function allows us to filter data by type while inserting DB values. $sql = sprintf("INSERT into " . PREFIX . "Admin (FirstName,LastName,AdminPW,Email,Privilege,DateAdded) VALUES ('%s','%s',SHA('%s'),'%s','%s',NOW())", $FirstName, $LastName, $AdminPW, $Email, $Privilege); # insert is done here @mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn)));
<?php // vde(Request::$params); required_params(array('id', 'post')); if (!($post = Post::find(Request::$params->id))) { render("#show_empty", array('status' => 404)); return; } Post::filter_api_changes(Request::$params->post); Request::$params->post['updater_user_id'] = User::$current->id; Request::$params->post['updater_ip_addr'] = Request::$remote_ip; if ($post->update_attributes(Request::$params->post)) { # Reload the post to send the new status back; not all changes will be reflected in # @post due to after_save changes. // $post->reload(); $api_data = Request::$format == "json" || Request::$format == "xml" ? $post->api_data() : array(); respond_to_success("Post updated", array('#show', array('id' => $post->id, 'tag_title' => $post->tag_title())), $api_data); } else { respond_to_error($post, array('#show', array('id' => Request::$params->id))); }
function updateExecute($nav1 = '') { $params = array('AdminID', 'PWord1'); #required fields if (!required_params($params)) { //abort - required fields not sent feedback("Data not entered/updated. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error"); header('Location:' . ADMIN_PATH . THIS_PAGE); die; } if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) { $AdminID = (int) $_POST['AdminID']; #Convert to integer, will equate to zero if fails } else { feedback("AdminID not numeric", "warning"); header('Location:' . ADMIN_PATH . THIS_PAGE); die; } if (!onlyAlphaNum($_POST['PWord1'])) { //data must be alphanumeric or punctuation only feedback("Data entered for password must be alphanumeric only"); header('Location:' . ADMIN_PATH . THIS_PAGE); die; } $iConn = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die(myerror(__FILE__, __LINE__, mysqli_connect_error())); $AdminPW = dbIn($_POST['PWord1'], $iConn); # SHA() is the MySQL function that encrypts the password $sql = sprintf("UPDATE " . PREFIX . "Admin set AdminPW=SHA('%s') WHERE AdminID=%d", $AdminPW, $AdminID); @mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn))); //feedback success or failure of insert if (mysqli_affected_rows($iConn) > 0) { feedback("Password Successfully Reset!", "notice"); } else { feedback("Password NOT Reset! (or not changed from original value)"); } @mysqli_close($iConn); include INCLUDE_PATH . 'header.php'; echo ' <p align="center"><h3>Reset Administrator Password</h3></p> <p align="center"><a href="' . ADMIN_PATH . THIS_PAGE . '">Reset More</a></p> <p align="center"><a href="' . ADMIN_PATH . 'admin_dashboard.php">Exit To Admin</a></p> '; include INCLUDE_PATH . 'footer.php'; }
<?php required_params(array('pool_id', 'post_id')); $pool = Pool::find(Request::$params->pool_id); $post = Post::find(Request::$params->post_id); if (!$pool || !$post) { return 404; } if (Request::$post) { try { $pool->remove_post(Request::$params->post_id, array('user' => User::$current)); } catch (Exception $e) { if ($e->getMessage() == 'Access Denied') { access_denied(); } } $api_data = Post::batch_api_data(array($post)); // response.headers["X-Post-Id"] = params[:post_id] respond_to_success("Post removed", array('post#show', 'id' => Request::$params->post_id), array('api' => $api_data)); }
<?php if (Request::$post) { required_params('pool'); $pool = Pool::create(array_merge(Request::$params->pool, array('user_id' => User::$current->id))); if ($pool->record_errors->blank()) { respond_to_success("Pool created", array("#show", array('id' => $pool->id))); } else { respond_to_error($pool, "#index"); } } else { $pool = Pool::blank(array('user_id' => User::$current->id)); }
<?php required_params('tag_alias'); // vde(Request::$params->tag_alias); $ta = TagAlias::blank(Request::$params->tag_alias); // vde($ta); $ta->is_pending = true; // vde($ta); // DB::show_query(1); if ($ta->save()) { notice("Tag alias created"); } else { notice("Error: " . implode(', ', $ta->record_errors->full_messages())); } // exit; redirect_to("#index");
<?php required_params('note'); if (!empty(Request::$params->note['post_id'])) { $note = Note::blank(array('post_id' => Request::$params->note['post_id'])); } elseif (!empty(Request::$params->id)) { $note = Note::find(Request::$params->id); } if (!$note) { exit_with_status(400); } if ($note->is_locked()) { respond_to_error("Post is locked", array('post#show', 'id' => $note->post_id), array('status' => 422)); } // $note->attributes = Request::$params->note; $note->add_attributes(Request::$params->note); $note->user_id = User::$current->id; $note->ip_addr = Request::$remote_ip; if ($note->save()) { respond_to_success("Note updated", '#index', array('api' => array('new_id' => $note->id, 'old_id' => (int) Request::$params->id, 'formatted_body' => $note->formatted_body()))); } else { respond_to_error($note, array('post#show', 'id' => $note->post_id)); }
<?php required_params('id'); required_params('pool', 'only', 'post'); $pool = Pool::find(Request::$params->id); if (!$pool->can_be_updated_by(User::$current)) { access_denied(); } if (Request::$post) { $pool->update_attributes(Request::$params->pool); respond_to_success("Pool updated", array('#show', array('id' => Request::$params->id))); }
<?php required_params('post_id'); auto_set_params('pool_id'); if (Request::$post) { if (!Request::$params->pool_id) { return; } // $pool = new Pool('find', Request::$params->pool_id); $pool = Pool::find(Request::$params->pool_id); $_SESSION['last_pool_id'] = $pool->id; if (isset(Request::$params->pool) && !empty(Request::$params->pool['sequence'])) { $sequence = Request::$params->pool['sequence']; } else { $sequence = null; } try { $pool->add_post(Request::$params->post_id, array('sequence' => $sequence, 'user' => User::$current->id)); respond_to_success('Post added', array('post#show', 'id' => Request::$params->post_id)); } catch (Exception $e) { if ($e->getMessage() == 'Post already exists') { respond_to_error($e->getMessage(), array('post#show', array('id' => Request::$params->post_id)), array('status' => 423)); } elseif ($e->getMessage() == 'Access Denied') { access_denied(); } else { respond_to_error($e->getMessage(), array('post#show', array('id' => Request::$params->post_id))); } } } else { if (User::$current->is_anonymous) { $pools = Pool::find_all(array('order' => "name", 'conditions' => "is_active = TRUE AND is_public = TRUE"));
<?php required_params('implications', 'commit'); auto_set_params('reason'); $ids = array_keys(Request::$params->implications); switch (Request::$params->commit) { case "Delete": $can_delete = true; # Dunno where 'creator_id' comes from. foreach ($ids as $x) { $ti = TagImplication::find($x); // $can_delete = ($ti->is_pending && $ti->creator_id == User::$current->id); $tis[] = $ti; } if (User::is('>=40') && $can_delete) { foreach ($tis as $ti) { $ti->destroy_and_notify(User::$current, Request::$params->reason); } notice("Tag implications deleted"); redirect_to("#index"); } else { access_denied(); } break; case "Approve": if (User::is('>=40')) { foreach ($ids as $x) { if (CONFIG::enable_asynchronous_tasks) { // JobTask.create(:task_type => "approve_tag_implication", :status => "pending", :data => {"id" => x, "updater_id" => @current_user.id, "updater_ip_addr" => request.remote_ip}) } else { $ti = TagImplication::find($x);
function updateExecute($nav1 = '') { $iConn = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die(myerror(__FILE__, __LINE__, mysqli_connect_error())); $params = array('FirstName', 'LastName', 'AdminID', 'Email', 'Privilege'); #required fields if (!required_params($params)) { //abort - required fields not sent feedback("Data not entered/updated. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error"); header('Location:' . ADMIN_PATH . THIS_PAGE); die; } if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) { $AdminID = (int) $_POST['AdminID']; #Convert to integer, will equate to zero if fails } else { feedback("AdminID not numeric", "warning"); header('Location:' . ADMIN_PATH . THIS_PAGE); die; } $FirstName = dbIn($_POST['FirstName'], $iConn); $LastName = dbIn($_POST['LastName'], $iConn); $Email = strtolower(dbIn($_POST['Email'], $iConn)); $Privilege = dbIn($_POST['Privilege'], $iConn); #check for duplicate email $sql = sprintf("select AdminID from " . PREFIX . "Admin WHERE (Email='%s') and AdminID != %d", $Email, $AdminID); $result = mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn))); if (mysqli_num_rows($result) > 0) { # someone already has email! feedback("Email already exists - please choose a different email."); header('Location:' . ADMIN_PATH . THIS_PAGE); die; } #sprintf() function allows us to filter data by type while inserting DB values. Illegal data is neutralized, ie: numerics become zero $sql = sprintf("UPDATE " . PREFIX . "Admin set FirstName='%s',LastName='%s',Email='%s',Privilege='%s' WHERE AdminID=%d", $FirstName, $LastName, $Email, $Privilege, $AdminID); @mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn))); //feedback success or failure of insert if (mysqli_affected_rows($iConn) > 0) { feedback("Successfully Updated!", "notice"); if ($_SESSION["AdminID"] == $AdminID) { #this is me! update current session info: $_SESSION["Privilege"] = $Privilege; $_SESSION["FirstName"] = $FirstName; } } else { feedback("Data NOT Updated! (or not changed from original values)"); } include INCLUDE_PATH . 'header.php'; echo ' <h1>Edit Administrator</h1> <p align="center"><a href="' . ADMIN_PATH . THIS_PAGE . '">Edit More</a></p> <p align="center"><a href="' . ADMIN_PATH . 'admin_dashboard.php">Exit To Admin</a></p> '; include INCLUDE_PATH . 'footer.php'; }
<?php required_params('id'); $pool = Pool::find(Request::$params->id); if (!$pool->can_be_updated_by(User::$current)) { access_denied(); } if (Request::$post) { foreach (Request::$params->pool_post_sequence as $i => $seq) { PoolPost::update($i, array('sequence' => $seq)); } $pool->reload(); $pool->update_pool_links(); notice("Ordering updated"); // flash[:notice] = "Ordering updated" redirect_to('#show', array('id' => Request::$params->id)); } else { $pool_posts = $pool->pool_posts; }
<?php required_params('tag_implication'); $ti = TagImplication::blank(array_merge(Request::$params->tag_implication, array('is_pending' => true))); if ($ti->save()) { notice("Tag implication created"); } else { notice("Error: " . implode(', ', $ti->record_errors->full_messages())); } redirect_to("#index");