function deactivate_plugin($plugin)
{
if (!AuthUser::hasPermission('administrator')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}
Plugin::deactivate($plugin);
}
public static function _checkPermission()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
} else {
if (!AuthUser::hasPermission('administrator,developer,editor')) {
// Flash::set('error', __('You do not have permission to access the requested page!'));
// redirect(get_url());
}
}
}
function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
if (!AuthUser::hasPermission('admin_view')) {
redirect(URL_PUBLIC);
}
$this->setLayout('backend');
$this->assignToLayout('sidebar', new View('../../plugins/funky_cache/views/sidebar'));
}
function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
} else {
if (!AuthUser::hasPermission('administrator') && !AuthUser::hasPermission('developer')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}
}
$this->setLayout('backend');
$this->assignToLayout('sidebar', new View('layout/sidebar'));
}
/**
* Used to check generic permissions for entire the controller.
*/
private static final function _checkPermission()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
} else {
if (!AuthUser::hasPermission('admin_edit')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
if (Setting::get('default_tab') === 'setting') {
redirect(get_url('page'));
} else {
redirect(get_url());
}
}
}
}
function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
} else {
if (!AuthUser::hasPermission('layout_view')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
if (Setting::get('default_tab') === 'layout') {
redirect(get_url('page'));
} else {
redirect(get_url());
}
}
}
$this->setLayout('backend');
$this->assignToLayout('sidebar', new View('layout/sidebar'));
}
/**
* Execute this function on page_not_found.
* If the request is for an image file,
* resize the image.
*/
function image_resize_try_resizing()
{
// Require that visitor be logged in and has
// permission to create files
if (!AuthUser::isLoggedIn()) {
AuthUser::load();
}
if (!AuthUser::hasPermission('administrator,developer,editor')) {
return false;
}
// Check that gd library is available
if (!ImageResize::gd_available()) {
return false;
}
if (preg_match('#\\.(jpe?g|gif|png|wbmp)$#i', CURRENT_URI)) {
// If requested file appears to be an accepted format, create the new image
if (image_resize_scale(CURRENT_URI) && !DEBUG) {
// If Frog isn't debugging, it writes to a file; redirect to it
header('Location: ' . URL_PUBLIC . "/" . CURRENT_URI);
// Exit here to prevent a page not found message
exit;
}
}
}
echo get_url('snippet/edit/' . $snippet->id);
?>
"><?php
echo $snippet->name;
?>
</a>
<img class="handle" src="<?php
echo PATH_PUBLIC;
?>
wolf/admin/images/drag.gif" alt="<?php
echo __('Drag and Drop');
?>
" align="middle" />
<div class="remove">
<?php
if (AuthUser::hasPermission('snippet_delete')) {
?>
<a class="remove" href="<?php
echo get_url('snippet/delete/' . $snippet->id);
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete?');
?>
<?php
echo $snippet->name;
?>
?');"><img src="<?php
echo PATH_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" alt="<?php
echo __('on');
?>
<?php
echo date('D, j M Y', strtotime($snippet->updated_on));
?>
</small>
</p>
<?php
}
?>
</div>
</div>
</div>
<p class="buttons">
<?php
if ($action == 'edit' && AuthUser::hasPermission('snippet_edit') || $action == 'add' && AuthUser::hasPermission('snippet_add')) {
?>
<input class="button" name="commit" type="submit" accesskey="s" value="<?php
echo __('Save');
?>
" />
<input class="button" name="continue" type="submit" accesskey="e" value="<?php
echo __('Save and Continue Editing');
?>
" />
<?php
echo __('or');
?>
<?php
} else {
private static function __checkPermission($permission='facts_view') {
AuthUser::load();
if ( ! AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
if ( ! AuthUser::hasPermission($permission) ) {
Flash::set('error', __('You do not have permission to access the requested page!'));
if (! AuthUser::hasPermission('facts_view') ) redirect(get_url());
else redirect(get_url('plugin/facts'));
}
}//*/
/**
* Deletes a Snippet.
*
* @param string $id Snippet id
*/
public function delete($id)
{
if (!AuthUser::hasPermission('snippet_delete')) {
Flash::set('error', __('You do not have permission to delete snippets!'));
redirect(get_url('snippet'));
}
// find the user to delete
if ($snippet = Record::findByIdFrom('Snippet', $id)) {
if ($snippet->delete()) {
Flash::set('success', __('Snippet :name has been deleted!', array(':name' => $snippet->name)));
Observer::notify('snippet_after_delete', $snippet);
} else {
Flash::set('error', __('Snippet :name has not been deleted!', array(':name' => $snippet->name)));
}
} else {
Flash::set('error', __('Snippet not found!'));
}
redirect(get_url('snippet'));
}
<div class="modify">
<a href="<?php
echo get_url('page/add', $child->id);
?>
"><img src="<?php
echo URI_PUBLIC . CORE_FOLDER;
?>
/admin/images/plus.png" align="middle" title="<?php
echo __('Add child');
?>
" alt="<?php
echo __('Add child');
?>
" /></a>
<?php
if (!$child->is_protected || AuthUser::hasPermission('administrator') || AuthUser::hasPermission('developer')) {
?>
<a class="remove" href="<?php
echo get_url('page/delete/' . $child->id);
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete');
?>
<?php
echo $child->title;
?>
<?php
echo __('and its underlying pages');
?>
?');"><img src="<?php
echo URI_PUBLIC . CORE_FOLDER;
public function delete($id)
{
if (!AuthUser::hasPermission('user_delete')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}
// Sanity checks
use_helper('Validate');
if (!Validate::numeric($id)) {
Flash::set('error', __('Invalid input found!'));
redirect(get_url());
}
// CSRF checks
if (isset($_GET['csrf_token'])) {
$csrf_token = $_GET['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'user/delete/' . $id)) {
Flash::set('error', __('Invalid CSRF token found!'));
redirect(get_url('user'));
}
} else {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('user'));
}
// security (dont delete the first admin)
if ($id > 1) {
// find the user to delete
if ($user = Record::findByIdFrom('User', $id)) {
if ($user->delete()) {
Flash::set('success', __('User <strong>:name</strong> has been deleted!', array(':name' => $user->name)));
Observer::notify('user_after_delete', $user->name);
} else {
Flash::set('error', __('User <strong>:name</strong> has not been deleted!', array(':name' => $user->name)));
}
} else {
Flash::set('error', __('User not found!'));
}
} else {
Flash::set('error', __('Action disabled!'));
}
redirect(get_url('user'));
}
if ($action == 'edit') {
echo __('Leave password blank for it to remain unchanged.');
}
?>
</td>
</tr>
<tr>
<td class="label"><label for="user_confirm"><?php
echo __('Confirm Password');
?>
</label></td>
<td class="field"><input class="textbox" id="user_confirm" maxlength="40" name="user[confirm]" size="40" type="password" value="" /></td>
</tr>
<?php
if (AuthUser::hasPermission('administrator')) {
?>
<tr>
<td class="label"><?php
echo __('Roles');
?>
</td>
<td class="field">
<?php
$user_permissions = $user instanceof User ? $user->getPermissions() : array('editor');
foreach ($permissions as $perm) {
?>
<span class="checkbox"><input<?php
if (in_array($perm->name, $user_permissions)) {
echo ' checked="checked"';
</table>
<?php
Observer::notify('user_edit_view_after_details', $user);
?>
<p class="buttons">
<input class="button" name="commit" type="submit" accesskey="s" value="<?php
echo __('Save');
?>
" />
<?php
echo __('or');
?>
<a href="<?php
echo AuthUser::hasPermission('administrator') ? get_url('user') : get_url();
?>
"><?php
echo __('Cancel');
?>
</a>
</p>
</form>
<script type="text/javascript">
// <![CDATA[
function setConfirmUnload(on, msg) {
window.onbeforeunload = (on) ? unloadMessage : null;
return true;
}
public function delete($id)
{
if (!AuthUser::hasPermission('user_delete')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}
// security (dont delete the first admin)
if ($id > 1) {
// find the user to delete
if ($user = Record::findByIdFrom('User', $id)) {
if ($user->delete()) {
Flash::set('success', __('User <strong>:name</strong> has been deleted!', array(':name' => $user->name)));
Observer::notify('user_after_delete', $user->name);
} else {
Flash::set('error', __('User <strong>:name</strong> has not been deleted!', array(':name' => $user->name)));
}
} else {
Flash::set('error', __('User not found!'));
}
} else {
Flash::set('error', __('Action disabled!'));
}
redirect(get_url('user'));
}
/**
* Used to delete a page.
*
* @todo make sure we not only delete the page but also all parts and all children!
*
* @param int $id Id of page to delete
*/
public function delete($id)
{
// Sanity checks
use_helper('Validate');
if (!Validate::numeric($id)) {
Flash::set('error', __('Invalid input found!'));
redirect(get_url());
}
// CSRF checks
if (isset($_GET['csrf_token'])) {
$csrf_token = $_GET['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'page/delete/' . $id)) {
Flash::set('error', __('Invalid CSRF token found!'));
redirect(get_url('page'));
}
} else {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('page'));
}
// security (dont delete the root page)
if ($id > 1) {
// find the page to delete
if ($page = Record::findByIdFrom('Page', $id)) {
// check for permission to delete this page
if (!AuthUser::hasPermission('page_delete') && $page->is_protected) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url('page'));
}
// need to delete all page_parts too !!
PagePart::deleteByPageId($id);
if ($page->delete()) {
Observer::notify('page_delete', $page);
Flash::set('success', __('Page :title has been deleted!', array(':title' => $page->title)));
} else {
Flash::set('error', __('Page :title has not been deleted!', array(':title' => $page->title)));
}
} else {
Flash::set('error', __('Page is not found!'));
}
} else {
Flash::set('error', __('Action disabled!'));
}
redirect(get_url('page'));
}
<div class="status"><?php
echo __('Status');
?>
</div>
<div class="modify"><?php
echo __('Modify');
?>
</div>
</div>
<ul id="site-map-root">
<li id="page-0" class="node level-0">
<div class="page" style="padding-left: 4px">
<span class="w1">
<?php
if ($root->is_protected && !AuthUser::hasPermission('administrator') && !AuthUser::hasPermission('developer')) {
?>
<img align="middle" class="icon" src="images/page.png" alt="page icon" /> <span class="title"><?php
echo $root->title;
?>
</span>
<?php
} else {
?>
<a href="<?php
echo get_url('page/edit/1');
?>
" title="/"><img align="middle" class="icon" src="images/page.png" alt="page icon" /> <span class="title"><?php
echo $root->title;
?>
</span></a>
<? if ( AuthUser::hasPermission('redirector_delete') ) : ?>
<a class="remove" href="<?=get_url('plugin/redirector/remove/404/'.$error->id)?>"><img src="<?=PLUGINS_URI;?>/redirector/images/icon-remove.png" alt="Remove 404" title="Remove 404" /></a>
<? endif; ?>
</span>
<div class="clearfix"></div>
</div>
<? endforeach; ?>
<? else : ?>
<p><em><?php echo __('There are no 404 errors yet.'); ?></em></p>
<? endif; ?>
<? if ( AuthUser::hasPermission('redirector_edit') ) : ?>
<script type="text/javascript" charset="utf-8">
$(function(){
$('div.entry').click(function(event){
var $target = $(event.target);
if( $target.is('a') ) {
alert('clicked link');
return;
}
$('html, body').animate({ scrollTop: $("#new").offset().top }, 500);
$('#url').val($(this).attr('url')).focus();
$('#dest').val($(this).attr('dest'));
});
function main()
{
// get the uri string from the query
$path = $_SERVER['QUERY_STRING'];
// Make sure special characters are decoded (support non-western glyphs like japanese)
$path = urldecode($path);
// START processing $_GET variables
// If we're NOT using mod_rewrite, we check for GET variables we need to integrate
if (!USE_MOD_REWRITE && strpos($path, '?') !== false) {
$_GET = array();
// empty $_GET array since we're going to rebuild it
list($path, $get_var) = explode('?', $path);
$exploded_get = explode('&', $get_var);
if (count($exploded_get)) {
foreach ($exploded_get as $get) {
list($key, $value) = explode('=', $get);
$_GET[$key] = $value;
}
}
} else {
if (!USE_MOD_REWRITE && (strpos($path, '&') !== false || strpos($path, '=') !== false)) {
$path = '/';
}
}
// If we're using mod_rewrite, we should have a WOLFPAGE entry.
if (USE_MOD_REWRITE && array_key_exists('WOLFPAGE', $_GET)) {
$path = $_GET['WOLFPAGE'];
unset($_GET['WOLFPAGE']);
} else {
if (USE_MOD_REWRITE) {
// We're using mod_rewrite but don't have a WOLFPAGE entry, assume site root.
$path = '/';
}
}
// Needed to allow for ajax calls to backend
if (array_key_exists('WOLFAJAX', $_GET)) {
$path = '/' . ADMIN_DIR . $_GET['WOLFAJAX'];
unset($_GET['WOLFAJAX']);
}
// END processing $_GET variables
// remove suffix page if founded
if (URL_SUFFIX !== '' and URL_SUFFIX !== '/') {
$path = preg_replace('#^(.*)(' . URL_SUFFIX . ')$#i', "\$1", $path);
}
define('CURRENT_PATH', trim($path, '/'));
// Alias for backward compatibility, this constant should no longer be used.
define('CURRENT_URI', CURRENT_PATH);
if ($path != null && $path[0] != '/') {
$path = '/' . $path;
}
// Check if there's a custom route defined for this URI,
// otherwise continue and assume page was requested.
if (Dispatcher::hasRoute($path)) {
Observer::notify('dispatch_route_found', $path);
Dispatcher::dispatch($path);
exit;
}
foreach (Observer::getObserverList('page_requested') as $callback) {
$path = call_user_func_array($callback, array(&$path));
}
// this is where 80% of the things is done
$page = Page::findByPath($path, true);
// if we found it, display it!
if (is_object($page)) {
// If a page is in preview status, only display to logged in users
if (Page::STATUS_PREVIEW == $page->status_id) {
AuthUser::load();
if (!AuthUser::isLoggedIn() || !AuthUser::hasPermission('page_view')) {
pageNotFound($path);
}
}
// If page needs login, redirect to login
if ($page->getLoginNeeded() == Page::LOGIN_REQUIRED) {
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
Flash::set('redirect', $page->url());
redirect(URL_PUBLIC . (USE_MOD_REWRITE ? '' : '?/') . ADMIN_DIR . '/login');
}
}
Observer::notify('page_found', $page);
$page->_executeLayout();
} else {
pageNotFound($path);
}
}
*
* This file is part of Wolf CMS. Wolf CMS is licensed under the GNU GPLv3 license.
* Please see license.txt for the full license text.
*/
/**
* @package Views
*
* @author Philippe Archambault <*****@*****.**>
* @copyright Philippe Archambault, 2008
* @license http://www.gnu.org/licenses/gpl.html GPLv3 license
*/
if (Dispatcher::getAction() == 'index') {
?>
<?php
if (AuthUser::hasPermission('snippet_add')) {
?>
<p class="button"><a href="<?php
echo get_url('snippet/add');
?>
"><img src="<?php
echo PATH_PUBLIC;
?>
wolf/admin/images/snippet.png" align="middle" alt="snippet icon" /> <?php
echo __('New Snippet');
?>
</a></p>
<?php
}
?>
<option value="<?php
echo Page::LOGIN_REQUIRED;
?>
"<?php
echo $page->needs_login == Page::LOGIN_REQUIRED ? ' selected="selected"' : '';
?>
><?php
echo __('required');
?>
</option>
</select>
<input id="page_is_protected" name="page[is_protected]" class="checkbox" type="checkbox" value="1"<?php
if ($page->is_protected) {
echo ' checked="checked"';
}
if (!AuthUser::hasPermission('admin_edit')) {
echo ' disabled="disabled"';
}
?>
/><label for="page_is_protected" title="<?php
echo __('When enabled, only users who are an administrator can edit the page.');
?>
"> <?php
echo __('Protected');
?>
</label>
</td>
</tr>
<?php
}
?>
/**
* Used to delete a page.
*
* @todo make sure we not only delete the page but also all parts and all children!
*
* @param int $id Id of page to delete
*/
public function delete($id)
{
// security (dont delete the root page)
if ($id > 1) {
// find the page to delete
if ($page = Record::findByIdFrom('Page', $id)) {
// check for permission to delete this page
if (!AuthUser::hasPermission('page_delete') && $page->is_protected) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url('page'));
}
// need to delete all page_parts too !!
PagePart::deleteByPageId($id);
if ($page->delete()) {
Observer::notify('page_delete', $page);
Flash::set('success', __('Page :title has been deleted!', array(':title' => $page->title)));
} else {
Flash::set('error', __('Page :title has not been deleted!', array(':title' => $page->title)));
}
} else {
Flash::set('error', __('Page not found!'));
}
} else {
Flash::set('error', __('Action disabled!'));
}
redirect(get_url('page'));
}
<div class="view"><?php
echo __('View');
?>
</div>
<div class="modify"><?php
echo __('Modify');
?>
</div>
</div>
<ul id="site-map-root">
<li id="page-0" class="node level-0">
<div class="page" style="padding-left: 4px">
<span class="w1">
<?php
if (!AuthUser::hasPermission('page_edit') || !AuthUser::hasPermission('admin_edit') && $root->is_protected) {
?>
<img align="middle" class="icon" src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/page.png" alt="page icon" /> <span class="title"><?php
echo $root->title;
?>
</span>
<?php
} else {
?>
<a href="<?php
echo get_url('page/edit/1');
?>
" title="/"><img align="middle" class="icon" src="<?php
<a class="add-child-link" href="<?php
echo get_url('page/add', $child->id);
?>
"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/plus.png" align="middle" title="<?php
echo __('Add child');
?>
" alt="<?php
echo __('Add child');
?>
" /></a>
<!-- //For about page okstmtcc -->
<?php
if ((!$child->is_protected || AuthUser::hasPermission('page_delete')) && $child->id != 4) {
?>
<a class="remove" href="<?php
echo get_url('page/delete/' . $child->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'page/delete/' . $child->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete');
?>
<?php
echo $child->title;
?>
<?php
echo __('and its underlying pages');
?>
?');"><img src="<?php
echo URI_PUBLIC;
?>
" />
<input id="page_valid_until_time" maxlength="8" name="page[valid_until_time]" size="8" type="text" value="<?php
echo substr($page->valid_until, 11);
?>
" />
</td>
</tr>
<?php
}
?>
<?php
}
?>
<?php
if (AuthUser::hasPermission('page_edit')) {
?>
<tr>
<td class="label"><label for="page_needs_login"><?php
echo __('Login:'******'When enabled, users have to login before they can view the page.');
?>
">
<option value="<?php
echo Page::LOGIN_INHERIT;
?>
"<?php
?>
<li class="right"><a href="<?php
echo get_url('setting');
?>
"<?php
if ($ctrl == 'setting') {
echo ' class="current"';
}
?>
><?php
echo __('Administration');
?>
</a></li>
<?php
}
if (AuthUser::hasPermission('user_view')) {
?>
<li class="right"><a href="<?php
echo get_url('user');
?>
"<?php
if ($ctrl == 'user') {
echo ' class="current"';
}
?>
><?php
echo __('Users');
?>
</a></li>
<?php
}
public function settings_save()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
} else {
if (!AuthUser::hasPermission('admin_edit')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}
}
if (!isset($_POST['settings'])) {
Flash::set('error', 'File Manager - ' . __('form was not posted.'));
redirect(get_url('plugin/file_manager/settings'));
} else {
$settings = $_POST['settings'];
if ($settings['umask'] == 0) {
$settings['umask'] = 0;
} elseif (!preg_match('/^0?[0-7]{3}$/', $settings['umask'])) {
$settings['umask'] = 0;
}
if (strlen($settings['umask']) === 3) {
$settings['umask'] = '0' . $settings['umask'];
} elseif (strlen($settings['umask']) !== 4 && $settings['umask'] != 0) {
$settings['umask'] = 0;
}
if (!preg_match('/^0?[0-7]{3}$/', $settings['dirmode'])) {
$settings['dirmode'] = '0755';
}
if (strlen($settings['dirmode']) === 3) {
$settings['dirmode'] = '0' . $settings['dirmode'];
}
if (!preg_match('/^0?[0-7]{3}$/', $settings['filemode'])) {
$settings['filemode'] = '0755';
}
if (strlen($settings['filemode']) === 3) {
$settings['filemode'] = '0' . $settings['filemode'];
}
}
if (Plugin::setAllSettings($settings, 'file_manager')) {
Flash::setNow('success', 'File Manager - ' . __('plugin settings saved.'));
} else {
Flash::setNow('error', 'File Manager - ' . __('plugin settings not saved!'));
}
$this->display('file_manager/views/settings', array('settings' => $settings));
}
</table>
<?php
Observer::notify('user_edit_view_after_details', $user);
?>
<p class="buttons">
<input class="button" name="commit" type="submit" accesskey="s" value="<?php
echo __('Save');
?>
" />
<?php
echo __('or');
?>
<a href="<?php
echo AuthUser::hasPermission('user_view') ? get_url('user') : get_url();
?>
"><?php
echo __('Cancel');
?>
</a>
</p>
</form>
<script type="text/javascript">
// <![CDATA[
function setConfirmUnload(on, msg) {
window.onbeforeunload = (on) ? unloadMessage : null;
return true;
}
echo __('Opening Hour');
?>
</h3>
<div id="meta-pages" class="pages">
<input class="textbox" id="opening_hour" name="attraction[opening_hour]" type="text" size="40" value="<?php
if (!empty($attraction->opening_hour)) {
echo $attraction->opening_hour;
} elseif (!empty($postdata['opening_hour'])) {
echo $postdata['opening_hour'];
}
?>
" />
</div>
<?php
if (AuthUser::hasPermission('attraction_geo')) {
?>
<h3><?php
echo __('Latitude');
?>
</h3>
<div id="meta-pages" class="pages">
<input class="textbox" id="latitude" name="attraction[latitude]" type="text" size="40" value="<?php
if (!empty($attraction->latitude)) {
echo $attraction->latitude;
} elseif (!empty($postdata['latitude'])) {
echo $postdata['latitude'];
}
?>
" />
