<?php
required_params('tag_name');
$tag = Tag::find_by_name(Request::$params->tag_name);
if ($tag) {
$tag->delete();
}
unset(Request::$get_params['tag_name']);
respond_to_success('Tag deleted', array('#index', Request::$get_params));
<?php
required_params('post');
if (User::is('<=20') && Post::count(array('conditions' => array("user_id = ? AND created_at > ? ", User::$current->id, gmd_math('sub', '1D')))) >= CONFIG::member_post_limit) {
respond_to_error("Daily limit exceeded", "#error", array('status' => 421));
}
auto_set_params(array('md5'));
$status = User::is('>=30') ? 'active' : 'pending';
Request::$params->post = array_merge(Request::$params->post, array('updater_user_id' => User::$current->id, 'updater_ip_addr' => Request::$remote_ip, 'user_id' => User::$current->id, 'ip_addr' => Request::$remote_ip, 'status' => $status, 'tempfile_path' => $_FILES['post']['tmp_name']['file'], 'tempfile_name' => $_FILES['post']['name']['file'], 'is_upload' => true));
$post = Post::create(Request::$params->post);
if ($post->record_errors->blank()) {
if (Request::$params->md5 && $post->md5 != strtolower(Request::$params->md5)) {
$post->destroy();
respond_to_error("MD5 mismatch", '#error', array('status' => 420));
} else {
$api_data = array('post_id' => $post->id, 'location' => url_for('post#show', array('id' => $post->id)));
if (CONFIG::dupe_check_on_upload && $post->is_image() && empty($post->parent_id)) {
// if (Request::$format == "xml" || Request::$format == "json") {
// $options = array('services' => SimilarImages::get_services('local'), 'type' => 'post', 'source' => $post);
// $res = SimilarImages::similar_images($options);
// if (!empty($res['posts'])) {
// $post->tags .= " possible_duplicate";
// $post->save();
// $api_data['has_similar_hits'] = true;
// }
// }
$api_data['similar_location'] = url_for('post#similar', array('id' => $post->id, 'initial' => 1));
respond_to_success("Post uploaded", array('#similar', array('id' => $post->id, 'initial' => 1)), array('api' => $api_data));
} else {
respond_to_success("Post uploaded", array('#show', array('id' => $post->id, 'tag_title' => $post->tag_title())), array('api' => $api_data));
}
* @package nmAdmin
* @author Bill Newman <*****@*****.**>
* @version 2.02 2015/07/06
* @link http://www.newmanix.com/
* @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0
* @see admin_login.php
* @see admin_dashboard.php
* @todo none
*/
require '../inc_0700/config_inc.php';
#provides configuration, pathing, error handling, db credentials
if (isset($_POST['em']) && isset($_POST['pw'])) {
//if POST is set, prepare to process form data
$params = array('em', 'pw', 'red');
#required fields for login - true disallows other fields
if (!required_params($params, true)) {
//abort - required fields not sent
feedback("Data not properly submitted. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect($config->adminLogin);
die;
}
if (!ctype_graph($_POST['pw'])) {
//data must be alphanumeric or punctuation only
feedback("Illegal characters were entered. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect($config->adminLogin);
}
if (!onlyEmail($_POST['em'])) {
//login must be a legal email address only
feedback("Illegal characters were entered. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect($config->adminLogin);
}
<?php
required_params('username');
// $user = new User('find_by_name', Request::$params->username);
$user = User::find_by_name(Request::$params->username);
// vde($user);
$ret['exists'] = false;
$ret['name'] = Request::$params->username;
if (!$user) {
$ret['response'] = "unknown-user";
respond_to_success("User does not exist", null, array('api' => $ret));
return;
}
# Return some basic information about the user even if the password isn't given, for
# UI cosmetics.
$ret['exists'] = true;
$ret['id'] = $user->id;
$ret['name'] = $user->name;
$ret['no_email'] = empty($user->email);
$pass = isset(Request::$params->password) ? Request::$params->password : "";
$user = User::authenticate(Request::$params->username, $pass);
if (!$user) {
$ret['response'] = "wrong-password";
respond_to_success("Wrong password", null, array('api' => $ret));
return;
}
$ret['pass_hash'] = $user->password_hash;
$ret['user_info'] = $user->user_info_cookie();
$ret['response'] = 'success';
respond_to_success("Successful", null, array('api' => $ret));
<?php
required_params('user');
$user = User::create(Request::$params->user);
if ($user->record_errors->blank()) {
User::save_cookies($user);
$ret = array('exists' => false);
$ret['name'] = $user->name;
$ret['id'] = $user->id;
$ret['pass_hash'] = $user->password_hash;
$ret['user_info'] = $user->user_info_cookie;
$ret['response'] = 'success';
respond_to_success("New account created", "#home", array('api' => $ret));
} else {
$error = implode(', ', $user->record_errors->full_messages());
respond_to_success("Error: " . $error, "#signup", array('api' => array('response' => "error", 'errors' => $user->record_errors->full_messages())));
}
<?php
required_params('aliases', 'commit');
auto_set_params('reason');
$ids = array_keys(Request::$params->aliases);
switch (Request::$params->commit) {
case "Delete":
$validate_all = true;
foreach ($ids as $id) {
$ta = TagAlias::find($id);
if (!$ta->is_pending || $ta->creator_id != User::$current->id) {
$validate_all = false;
break;
}
}
if (User::is('>=40') || $validate_all) {
foreach ($ids as $x) {
$ta = TagAlias::find($x);
$ta->destroy_and_notify(User::$current, Request::$params->reason);
}
notice("Tag aliases deleted");
redirect_to("#index");
} else {
access_denied();
}
break;
case "Approve":
if (User::is('>=40')) {
foreach ($ids as $x) {
// if (CONFIG::enable_asynchronous_tasks) {
// JobTask.create(:task_type => "approve_tag_alias", :status => "pending", :data => {"id" => x, "updater_id" => @current_user.id, "updater_ip_addr" => request.remote_ip})
# if Email is set, check for valid data
if (!onlyEmail($_POST['Email'])) {
//data must be valid email
feedback("Data entered for email is not valid", "error");
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
if (!onlyAlphaNum($_POST['PWord1'])) {
//data must be alphanumeric or punctuation only
feedback("Password must contain letters and numbers only.", "error");
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
$params = array('FirstName', 'LastName', 'PWord1', 'Email', 'Privilege');
#required fields
if (!required_params($params)) {
//abort - required fields not sent
feedback("Data not entered/updated. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
$iConn = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die(myerror(__FILE__, __LINE__, mysqli_connect_error()));
$FirstName = dbIn($_POST['FirstName'], $iConn);
$LastName = dbIn($_POST['LastName'], $iConn);
$AdminPW = dbIn($_POST['PWord1'], $iConn);
$Email = strtolower(dbIn($_POST['Email'], $iConn));
$Privilege = dbIn($_POST['Privilege'], $iConn);
#sprintf() function allows us to filter data by type while inserting DB values.
$sql = sprintf("INSERT into " . PREFIX . "Admin (FirstName,LastName,AdminPW,Email,Privilege,DateAdded) VALUES ('%s','%s',SHA('%s'),'%s','%s',NOW())", $FirstName, $LastName, $AdminPW, $Email, $Privilege);
# insert is done here
@mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn)));
<?php
// vde(Request::$params);
required_params(array('id', 'post'));
if (!($post = Post::find(Request::$params->id))) {
render("#show_empty", array('status' => 404));
return;
}
Post::filter_api_changes(Request::$params->post);
Request::$params->post['updater_user_id'] = User::$current->id;
Request::$params->post['updater_ip_addr'] = Request::$remote_ip;
if ($post->update_attributes(Request::$params->post)) {
# Reload the post to send the new status back; not all changes will be reflected in
# @post due to after_save changes.
// $post->reload();
$api_data = Request::$format == "json" || Request::$format == "xml" ? $post->api_data() : array();
respond_to_success("Post updated", array('#show', array('id' => $post->id, 'tag_title' => $post->tag_title())), $api_data);
} else {
respond_to_error($post, array('#show', array('id' => Request::$params->id)));
}
function updateExecute($nav1 = '')
{
$params = array('AdminID', 'PWord1');
#required fields
if (!required_params($params)) {
//abort - required fields not sent
feedback("Data not entered/updated. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) {
$AdminID = (int) $_POST['AdminID'];
#Convert to integer, will equate to zero if fails
} else {
feedback("AdminID not numeric", "warning");
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
if (!onlyAlphaNum($_POST['PWord1'])) {
//data must be alphanumeric or punctuation only
feedback("Data entered for password must be alphanumeric only");
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
$iConn = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die(myerror(__FILE__, __LINE__, mysqli_connect_error()));
$AdminPW = dbIn($_POST['PWord1'], $iConn);
# SHA() is the MySQL function that encrypts the password
$sql = sprintf("UPDATE " . PREFIX . "Admin set AdminPW=SHA('%s') WHERE AdminID=%d", $AdminPW, $AdminID);
@mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn)));
//feedback success or failure of insert
if (mysqli_affected_rows($iConn) > 0) {
feedback("Password Successfully Reset!", "notice");
} else {
feedback("Password NOT Reset! (or not changed from original value)");
}
@mysqli_close($iConn);
include INCLUDE_PATH . 'header.php';
echo '
<p align="center"><h3>Reset Administrator Password</h3></p>
<p align="center"><a href="' . ADMIN_PATH . THIS_PAGE . '">Reset More</a></p>
<p align="center"><a href="' . ADMIN_PATH . 'admin_dashboard.php">Exit To Admin</a></p>
';
include INCLUDE_PATH . 'footer.php';
}
<?php
required_params(array('pool_id', 'post_id'));
$pool = Pool::find(Request::$params->pool_id);
$post = Post::find(Request::$params->post_id);
if (!$pool || !$post) {
return 404;
}
if (Request::$post) {
try {
$pool->remove_post(Request::$params->post_id, array('user' => User::$current));
} catch (Exception $e) {
if ($e->getMessage() == 'Access Denied') {
access_denied();
}
}
$api_data = Post::batch_api_data(array($post));
// response.headers["X-Post-Id"] = params[:post_id]
respond_to_success("Post removed", array('post#show', 'id' => Request::$params->post_id), array('api' => $api_data));
}
<?php
if (Request::$post) {
required_params('pool');
$pool = Pool::create(array_merge(Request::$params->pool, array('user_id' => User::$current->id)));
if ($pool->record_errors->blank()) {
respond_to_success("Pool created", array("#show", array('id' => $pool->id)));
} else {
respond_to_error($pool, "#index");
}
} else {
$pool = Pool::blank(array('user_id' => User::$current->id));
}
<?php
required_params('tag_alias');
// vde(Request::$params->tag_alias);
$ta = TagAlias::blank(Request::$params->tag_alias);
// vde($ta);
$ta->is_pending = true;
// vde($ta);
// DB::show_query(1);
if ($ta->save()) {
notice("Tag alias created");
} else {
notice("Error: " . implode(', ', $ta->record_errors->full_messages()));
}
// exit;
redirect_to("#index");
<?php
required_params('note');
if (!empty(Request::$params->note['post_id'])) {
$note = Note::blank(array('post_id' => Request::$params->note['post_id']));
} elseif (!empty(Request::$params->id)) {
$note = Note::find(Request::$params->id);
}
if (!$note) {
exit_with_status(400);
}
if ($note->is_locked()) {
respond_to_error("Post is locked", array('post#show', 'id' => $note->post_id), array('status' => 422));
}
// $note->attributes = Request::$params->note;
$note->add_attributes(Request::$params->note);
$note->user_id = User::$current->id;
$note->ip_addr = Request::$remote_ip;
if ($note->save()) {
respond_to_success("Note updated", '#index', array('api' => array('new_id' => $note->id, 'old_id' => (int) Request::$params->id, 'formatted_body' => $note->formatted_body())));
} else {
respond_to_error($note, array('post#show', 'id' => $note->post_id));
}
<?php
required_params('id');
required_params('pool', 'only', 'post');
$pool = Pool::find(Request::$params->id);
if (!$pool->can_be_updated_by(User::$current)) {
access_denied();
}
if (Request::$post) {
$pool->update_attributes(Request::$params->pool);
respond_to_success("Pool updated", array('#show', array('id' => Request::$params->id)));
}
<?php
required_params('post_id');
auto_set_params('pool_id');
if (Request::$post) {
if (!Request::$params->pool_id) {
return;
}
// $pool = new Pool('find', Request::$params->pool_id);
$pool = Pool::find(Request::$params->pool_id);
$_SESSION['last_pool_id'] = $pool->id;
if (isset(Request::$params->pool) && !empty(Request::$params->pool['sequence'])) {
$sequence = Request::$params->pool['sequence'];
} else {
$sequence = null;
}
try {
$pool->add_post(Request::$params->post_id, array('sequence' => $sequence, 'user' => User::$current->id));
respond_to_success('Post added', array('post#show', 'id' => Request::$params->post_id));
} catch (Exception $e) {
if ($e->getMessage() == 'Post already exists') {
respond_to_error($e->getMessage(), array('post#show', array('id' => Request::$params->post_id)), array('status' => 423));
} elseif ($e->getMessage() == 'Access Denied') {
access_denied();
} else {
respond_to_error($e->getMessage(), array('post#show', array('id' => Request::$params->post_id)));
}
}
} else {
if (User::$current->is_anonymous) {
$pools = Pool::find_all(array('order' => "name", 'conditions' => "is_active = TRUE AND is_public = TRUE"));
<?php
required_params('implications', 'commit');
auto_set_params('reason');
$ids = array_keys(Request::$params->implications);
switch (Request::$params->commit) {
case "Delete":
$can_delete = true;
# Dunno where 'creator_id' comes from.
foreach ($ids as $x) {
$ti = TagImplication::find($x);
// $can_delete = ($ti->is_pending && $ti->creator_id == User::$current->id);
$tis[] = $ti;
}
if (User::is('>=40') && $can_delete) {
foreach ($tis as $ti) {
$ti->destroy_and_notify(User::$current, Request::$params->reason);
}
notice("Tag implications deleted");
redirect_to("#index");
} else {
access_denied();
}
break;
case "Approve":
if (User::is('>=40')) {
foreach ($ids as $x) {
if (CONFIG::enable_asynchronous_tasks) {
// JobTask.create(:task_type => "approve_tag_implication", :status => "pending", :data => {"id" => x, "updater_id" => @current_user.id, "updater_ip_addr" => request.remote_ip})
} else {
$ti = TagImplication::find($x);
function updateExecute($nav1 = '')
{
$iConn = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die(myerror(__FILE__, __LINE__, mysqli_connect_error()));
$params = array('FirstName', 'LastName', 'AdminID', 'Email', 'Privilege');
#required fields
if (!required_params($params)) {
//abort - required fields not sent
feedback("Data not entered/updated. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) {
$AdminID = (int) $_POST['AdminID'];
#Convert to integer, will equate to zero if fails
} else {
feedback("AdminID not numeric", "warning");
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
$FirstName = dbIn($_POST['FirstName'], $iConn);
$LastName = dbIn($_POST['LastName'], $iConn);
$Email = strtolower(dbIn($_POST['Email'], $iConn));
$Privilege = dbIn($_POST['Privilege'], $iConn);
#check for duplicate email
$sql = sprintf("select AdminID from " . PREFIX . "Admin WHERE (Email='%s') and AdminID != %d", $Email, $AdminID);
$result = mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn)));
if (mysqli_num_rows($result) > 0) {
# someone already has email!
feedback("Email already exists - please choose a different email.");
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
#sprintf() function allows us to filter data by type while inserting DB values. Illegal data is neutralized, ie: numerics become zero
$sql = sprintf("UPDATE " . PREFIX . "Admin set FirstName='%s',LastName='%s',Email='%s',Privilege='%s' WHERE AdminID=%d", $FirstName, $LastName, $Email, $Privilege, $AdminID);
@mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn)));
//feedback success or failure of insert
if (mysqli_affected_rows($iConn) > 0) {
feedback("Successfully Updated!", "notice");
if ($_SESSION["AdminID"] == $AdminID) {
#this is me! update current session info:
$_SESSION["Privilege"] = $Privilege;
$_SESSION["FirstName"] = $FirstName;
}
} else {
feedback("Data NOT Updated! (or not changed from original values)");
}
include INCLUDE_PATH . 'header.php';
echo '
<h1>Edit Administrator</h1>
<p align="center"><a href="' . ADMIN_PATH . THIS_PAGE . '">Edit More</a></p>
<p align="center"><a href="' . ADMIN_PATH . 'admin_dashboard.php">Exit To Admin</a></p>
';
include INCLUDE_PATH . 'footer.php';
}
<?php
required_params('id');
$pool = Pool::find(Request::$params->id);
if (!$pool->can_be_updated_by(User::$current)) {
access_denied();
}
if (Request::$post) {
foreach (Request::$params->pool_post_sequence as $i => $seq) {
PoolPost::update($i, array('sequence' => $seq));
}
$pool->reload();
$pool->update_pool_links();
notice("Ordering updated");
// flash[:notice] = "Ordering updated"
redirect_to('#show', array('id' => Request::$params->id));
} else {
$pool_posts = $pool->pool_posts;
}
<?php
required_params('tag_implication');
$ti = TagImplication::blank(array_merge(Request::$params->tag_implication, array('is_pending' => true)));
if ($ti->save()) {
notice("Tag implication created");
} else {
notice("Error: " . implode(', ', $ti->record_errors->full_messages()));
}
redirect_to("#index");
