public function main() {
//Security check!SecurityUtil::checkPermission(
if (!SecurityUtil::checkPermission('IWbookings::', '::', ACCESS_READ)) {
LogUtil::registerError($this->__('You are not allowed to administrate the bookings'));
return false;
}
if (ModUtil::getVar('IWbookings', 'NTPtime')) {
$tOffset = SessionUtil::getVar('timeOffset');
if (empty($tOffset)) {
// Calculate time diference between our server and a NTP time server
$timeOffset = ModUtil::apiFunc('IWbookings', 'user', 'getNTPDate') - DateUtil::makeTimestamp();
SessionUtil::setVar('timeOffset', $timeOffset);
}
}
//Esborrem les reserva antigues i les reserves d'anul�laci�
if ((ModUtil::getVar('IWbookings', 'eraseold') == 1) && (SecurityUtil::checkPermission('IWbookings::', '::', ACCESS_ADMIN))) {
ModUtil::apiFunc('IWbookings', 'user', 'esborra_antigues', array('sid' => -1));
}
if (ModUtil::getVar('IWbookings', 'month_panel')) {
System::redirect(ModUtil::url('IWbookings', 'user', 'assigna', array('sid' => -1,
'mensual' => 1)));
} else {
System::redirect(ModUtil::url('IWbookings', 'user', 'espais', array('sid' => -1,
'mensual' => 0)));
}
return true;
}
public static function contentMainEditExpandAll($belowPageId = null)
{
$expandedPageIds = SessionUtil::getVar('contentExpandedPageIds', array());
foreach (Content_Util::contentMainEditGetPagesList($belowPageId) as $page) {
$expandedPageIds[$page['id']] = 1;
}
SessionUtil::setVar('contentExpandedPageIds', $expandedPageIds);
}
/**
* Return an array of items to show in the your account panel.
*
* @return array indexed array of items
*/
public function getall($args)
{
$items = array();
// Create an array of links to return
if (SecurityUtil::checkPermission('Categories::', '::', ACCESS_EDIT) && $this->getVar('allowusercatedit')) {
$referer = System::serverGetVar('HTTP_REFERER');
if (strpos($referer, 'module=Categories') === false) {
SessionUtil::setVar('categories_referer', $referer);
}
$items['0'] = array('url' => ModUtil::url('Categories', 'user', 'edituser'), 'module' => 'Categories', 'title' => $this->__('Categories manager'), 'icon' => 'admin.png');
}
// Return the items
return $items;
}
/**
* bbsmiles
* returns a html snippet with buttons for inserting bbsmiles into a text
*
* @param $args['textfieldid'] id of the textfield for inserting smilies
*/
public function bbsmiles($args)
{
if (!isset($args['textfieldid']) || empty($args['textfieldid'])) {
return LogUtil::registerArgsError();
}
// if we have more than one textarea we need to distinguish them, so we simply use
// a counter stored in a session var until we find a better solution
$counter = SessionUtil::getVar('bbsmile_counter', 0);
$counter++;
SessionUtil::setVar('bbsmile_counter', $counter);
$this->view->assign('counter', $counter);
$this->view->assign('textfieldid', $args['textfieldid']);
PageUtil::addVar('stylesheet', ThemeUtil::getModuleStylesheet('BBSmile'));
$templatefile = DataUtil::formatForOS(ModUtil::getName()) . '.tpl';
if ($this->view->template_exists($templatefile)) {
return $this->view->fetch($templatefile);
}
$this->view->add_core_data();
return $this->view->fetch('bbsmile_user_bbsmiles.tpl');
}
/**
* Get the user's theme.
*
* This function will return the current theme for the user.
* Order of theme priority:
* - page-specific
* - category
* - user
* - system
*
* @param boolean $force True to ignore the cache.
*
* @return string the name of the user's theme
* @throws RuntimeException If this function was unable to calculate theme name.
*/
public static function getTheme($force = false)
{
static $theme;
if (isset($theme) && !$force) {
return $theme;
}
if (CookieUtil::getCookie('zikulaMobileTheme') == '1' && ModUtil::getVar('Theme', 'enable_mobile_theme', false)) {
$pagetheme = 'Mobile';
} else {
if (CookieUtil::getCookie('zikulaMobileTheme') != '2' && ModUtil::getVar('Theme', 'enable_mobile_theme', false)) {
include_once "system/Theme/lib/vendor/Mobile_Detect.php";
$detect = new Mobile_Detect();
if ($detect->isMobile()) {
$pagetheme = 'Mobile';
}
} else {
$pagetheme = FormUtil::getPassedValue('theme', null, 'GETPOST');
}
}
// Page-specific theme
$type = FormUtil::getPassedValue('type', null, 'GETPOST');
$qstring = System::serverGetVar('QUERY_STRING');
if (!empty($pagetheme)) {
$themeinfo = ThemeUtil::getInfo(ThemeUtil::getIDFromName($pagetheme));
if ($themeinfo['state'] == ThemeUtil::STATE_ACTIVE && ($themeinfo['user'] || $themeinfo['system'] || $themeinfo['admin'] && $type == 'admin') && is_dir('themes/' . DataUtil::formatForOS($themeinfo['directory']))) {
return self::_getThemeFilterEvent($themeinfo['name'], 'page-specific');
}
}
// check for an admin theme
if (($type == 'admin' || $type == 'adminplugin') && SecurityUtil::checkPermission('::', '::', ACCESS_EDIT)) {
$admintheme = ModUtil::getVar('Admin', 'admintheme');
if (!empty($admintheme)) {
$themeinfo = ThemeUtil::getInfo(ThemeUtil::getIDFromName($admintheme));
if ($themeinfo && $themeinfo['state'] == ThemeUtil::STATE_ACTIVE && is_dir('themes/' . DataUtil::formatForOS($themeinfo['directory']))) {
return self::_getThemeFilterEvent($themeinfo['name'], 'admin-theme');
}
}
}
// set a new theme for the user
$newtheme = FormUtil::getPassedValue('newtheme', null, 'GETPOST');
if (!empty($newtheme) && System::getVar('theme_change')) {
$themeinfo = ThemeUtil::getInfo(ThemeUtil::getIDFromName($newtheme));
if ($themeinfo && $themeinfo['state'] == ThemeUtil::STATE_ACTIVE && is_dir('themes/' . DataUtil::formatForOS($themeinfo['directory']))) {
if (self::isLoggedIn()) {
self::setVar('theme', $newtheme);
} else {
SessionUtil::setVar('theme', $newtheme);
}
return self::_getThemeFilterEvent($themeinfo['name'], 'new-theme');
}
}
// User theme
if (System::getVar('theme_change') || SecurityUtil::checkPermission('::', '::', ACCESS_ADMIN)) {
if (self::isLoggedIn()) {
$usertheme = self::getVar('theme');
} else {
$usertheme = SessionUtil::getVar('theme');
}
$themeinfo = ThemeUtil::getInfo(ThemeUtil::getIDFromName($usertheme));
if ($themeinfo && $themeinfo['state'] == ThemeUtil::STATE_ACTIVE && is_dir('themes/' . DataUtil::formatForOS($themeinfo['directory']))) {
return self::_getThemeFilterEvent($themeinfo['name'], 'user-theme');
}
}
// default site theme
$defaulttheme = System::getVar('Default_Theme');
$themeinfo = ThemeUtil::getInfo(ThemeUtil::getIDFromName($defaulttheme));
if ($themeinfo && $themeinfo['state'] == ThemeUtil::STATE_ACTIVE && is_dir('themes/' . DataUtil::formatForOS($themeinfo['directory']))) {
return self::_getThemeFilterEvent($themeinfo['name'], 'default-theme');
}
if (!System::isInstalling()) {
throw new RuntimeException(__('UserUtil::getTheme() is unable to calculate theme name.'));
}
}
/**
* view a page
*
* @param int pid Page ID
* @param string name URL name, alternative for pid
* @param bool preview Display preview
* @param bool editmode Flag for enabling/disabling edit mode
*
* @return Renderer output
*/
public function view($args)
{
$pageId = isset($args['pid']) ? $args['pid'] : FormUtil::getPassedValue('pid');
$versionId = isset($args['vid']) ? $args['vid'] : FormUtil::getPassedValue('vid');
$urlname = isset($args['name']) ? $args['name'] : FormUtil::getPassedValue('name');
$preview = isset($args['preview']) ? $args['preview'] : FormUtil::getPassedValue('preview');
$editmode = isset($args['editmode']) ? $args['editmode'] : FormUtil::getPassedValue('editmode', null, 'GET');
if ($pageId === null && !empty($urlname)) {
$pageId = ModUtil::apiFunc('Content', 'Page', 'solveURLPath', compact('urlname'));
System::queryStringSetVar('pid', $pageId);
}
if ((bool) $this->getVar('inheritPermissions', false) === true) {
$this->throwForbiddenUnless(ModUtil::apiFunc('Content', 'page', 'checkPermissionForPageInheritance', array('pageId' => $pageId, 'level' => ACCESS_READ)), LogUtil::getErrorMsgPermission());
} else {
$this->throwForbiddenUnless(SecurityUtil::checkPermission('Content:page:', $pageId . '::', ACCESS_READ), LogUtil::getErrorMsgPermission());
}
$versionHtml = '';
$hasEditAccess = false;
if ((bool) $this->getVar('inheritPermissions', false) === true) {
$hasEditAccess = ModUtil::apiFunc('Content', 'page', 'checkPermissionForPageInheritance', array('pageId' => $pageId, 'level' => ACCESS_EDIT));
} else {
$hasEditAccess = SecurityUtil::checkPermission('Content:page:', $pageId . '::', ACCESS_EDIT);
}
if ($versionId !== null && $hasEditAccess) {
$preview = true;
$version = ModUtil::apiFunc('Content', 'History', 'getPageVersion', array('id' => $versionId, 'preview' => $preview, 'includeContent' => true));
$versionData =& $version['data'];
$page =& $versionData['page'];
$pageId = $page['id'];
$action = ModUtil::apiFunc('Content', 'History', 'contentHistoryActionTranslate', $version['action']);
$translatable = array('revisionNo' => $version['revisionNo'], 'date' => $version['date'], 'action' => $action, 'userName' => $version['userName'], 'ipno' => $version['ipno']);
$iconSrc = 'images/icons/extrasmall/clock.png';
$versionHtml = "<p class=\"content-versionpreview\"><img alt=\"\" src=\"{$iconSrc}\"/> " . $this->__f('Version #%1$s - %2$s - %3$s by %4$s from %5$s', $translatable) . "</p>";
}
// now get the page up for display
if ($pageId !== null && $versionId === null) {
$page = ModUtil::apiFunc('Content', 'Page', 'getPage', array('id' => $pageId, 'preview' => $preview, 'includeContent' => true, 'filter' => array('checkActive' => !($preview && $hasEditAccess))));
} else {
if ($versionId === null) {
return LogUtil::registerArgsError();
}
}
if ($page === false) {
return false;
}
if ($editmode !== null) {
SessionUtil::setVar('ContentEditMode', $editmode);
} else {
$editmode = SessionUtil::getVar('ContentEditMode', null);
}
if ($editmode) {
$this->view->setCaching(false);
}
$this->view->setCacheId("{$pageId}|{$versionId}");
if ($this->view->is_cached('user/page.tpl')) {
return $this->view->fetch('user/page.tpl');
}
// Register a page variable breadcrumbs with the Content page hierarchy as array of array(url, title)
if ((bool) $this->getVar('registerBreadcrumbs', false) === true) {
// first include self, then loop over parents until root is reached
$breadcrumbs[] = array('url' => ModUtil::url('Content', 'user', 'view', array('pid' => $page['id'])), 'title' => $page['title']);
$loopPageid = $page['parentPageId'];
while ($loopPageid > 0) {
$loopPage = ModUtil::apiFunc('Content', 'Page', 'getPage', array('id' => $loopPageid, 'includeContent' => false, 'includeLayout' => false, 'translate' => $this->translateTitles));
array_unshift($breadcrumbs, array('url' => ModUtil::url('Content', 'user', 'view', array('pid' => $loopPage['id'])), 'title' => $loopPage['title']));
$loopPageid = $loopPage['parentPageId'];
}
PageUtil::registerVar('breadcrumbs', false, $breadcrumbs);
}
$multilingual = ModUtil::getVar(ModUtil::CONFIG_MODULE, 'multilingual');
if ($page['language'] == ZLanguage::getLanguageCode()) {
$multilingual = false;
}
// override the PageVar title if configued in the settings
if ($this->getVar('overrideTitle')) {
$pageTitle = html_entity_decode($page['title']);
PageUtil::setVar('title', $preview ? $this->__("Preview") . ' - ' . $pageTitle : $pageTitle);
}
$this->view->assign('page', $page);
$this->view->assign('preview', $preview);
$this->view->assign('editmode', $editmode);
$this->view->assign('multilingual', $multilingual);
$this->view->assign('enableVersioning', $this->getVar('enableVersioning'));
// add layout type and column count as page variables to the template
// columncount can be used via plugin contentcolumncount, since it holds regular expressions that slow down
$this->view->assign('contentLayoutType', $page['layout']);
// add access parameters
Content_Util::contentAddAccess($this->view, $pageId);
// exclude writers from statistics
if (!$hasEditAccess && !$preview && !$editmode && $this->getVar('countViews')) {
// Check against session to see if user was already counted
if (!SessionUtil::getVar("ContentRead" . $pageId)) {
SessionUtil::setVar("ContentRead" . $pageId, $pageId);
DBUtil::incrementObjectFieldByID('content_page', 'views', $pageId);
}
}
return $versionHtml . $this->view->fetch('user/page.tpl');
}
/**
* View items in slideshow
*/
function mediashare_user_slideshow($args)
{
$albumId = mediashareGetIntUrl('aid', $args, 1);
$mediaId = mediashareGetIntUrl('mid', $args, 0);
$delay = mediashareGetIntUrl('delay', $args, 5);
$mode = mediashareGetStringUrl('mode', $args, 'stopped');
$viewkey = FormUtil::getPassedValue('viewkey');
$center = isset($args['center']) ? '_center' : '';
$back = mediashareGetIntUrl('back', $args, 0);
// Check access to album (media ID won't do a difference if not from this album)
if (!mediashareAccessAlbum($albumId, mediashareAccessRequirementViewSomething)) {
return LogUtil::registerPermissionError();
}
// Fetch current album
if (!($album = pnModAPIFunc('mediashare', 'user', 'getAlbum', array('albumId' => $albumId)))) {
return false;
}
if ($album === true) {
return LogUtil::registerError(__('Unknown album.', $dom));
}
// Fetch media items
if (($items = pnModAPIFunc('mediashare', 'user', 'getMediaItems', array('albumId' => $albumId))) === false) {
return false;
}
// Find current, previous and next items
if ($mediaId == 0 && count($items) > 0) {
$mediaId = $items[0]['id'];
}
$mediaItem = null;
if (count($items) > 0) {
$prevMediaId = $items[count($items) - 1]['id'];
$nextMediaId = $items[0]['id'];
foreach ($items as $item) {
if ($mediaItem != null) {
// Media-Current item found, so this must be next
$nextMediaId = $item['id'];
break;
}
if ($item['id'] == $mediaId) {
$mediaItem = $item;
} else {
// Media-item not found, so this must become prev
$prevMediaId = $item['id'];
}
}
} else {
$prevMediaId = -1;
$nextMediaId = -1;
}
// Add media display HTML
$mediadir = pnModAPIFunc('mediashare', 'user', 'getRelativeMediadir');
for ($i = 0, $cou = count($items); $i < $cou; ++$i) {
if (!($handler = pnModAPIFunc('mediashare', 'mediahandler', 'loadHandler', array('handlerName' => $items[$i]['mediaHandler'])))) {
return false;
}
$result = $handler->getMediaDisplayHtml($mediadir . $items[$i]['originalRef'], null, null, 'mediaItem', array());
$items[$i]['html'] = str_replace(array("\r", "\n"), array(' ', ' '), $result);
}
$viewUrl = pnModUrl('mediashare', 'user', 'slideshow', array('mid' => $mediaItem['id']));
if ($back) {
SessionUtil::setVar('mediashareQuitUrl', isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : null);
}
$quitUrl = SessionUtil::getVar('mediashareQuitUrl');
if ($quitUrl == null) {
$quitUrl = pnModUrl('mediashare', 'user', 'view', array('aid' => $album['id']));
}
// Build the output
$render =& pnRender::getInstance('mediashare', false);
$render->assign('viewUrl', $viewUrl);
$render->assign('mediaId', $mediaId);
$render->assign('mediaItem', $mediaItem);
$render->assign('prevMediaId', $prevMediaId);
$render->assign('nextMediaId', $nextMediaId);
$render->assign('mediaItems', $items);
$render->assign('album', $album);
$render->assign('albumId', $albumId);
$render->assign('delay', $delay);
$render->assign('mode', $mode);
$render->assign('thumbnailSize', pnModGetVar('mediashare', 'thumbnailSize'));
$render->assign('theme', pnUserGetTheme());
$render->assign('templateName', "slideshow{$center}.html");
$render->assign('quitUrl', $quitUrl);
// Add the access array
if (!mediashareAddAccess($render, $album)) {
return false;
}
$render->load_filter('output', 'pagevars_notcombined');
if (pnConfigGetVar('shorturls')) {
$render->load_filter('output', 'shorturls');
}
$render->display('mediashare_user_slideshow.html');
return true;
}
public function upgrade($oldversion) {
$dom = ZLanguage::getModuleDomain('IWbooks');
switch ($oldversion) {
case 0.8:
$dbconn = & DBConnectionStack::getConnection(true);
$pntable = & DBUtil::getTables();
$llibrestable = $pntable['llibres'];
$llibrescolumn = &$pntable['llibres_column'];
$sql = "ALTER TABLE $llibrestable
CHANGE $llibrescolumn[etapa] $llibrescolumn[etapa] varchar(32) NOT NULL default ''";
$dbconn->Execute($sql);
$sql = "ALTER TABLE $llibrestable
DROP pn_tipus";
$dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
SessionUtil::setVar('errormsg', __('Failed to update the tables', $dom));
return false;
}
ModUtil::setVar('IWbooks', 'plans', '
PRI#Educació Primària|
ESO#Educació Secundària Obligatòria|
BTE#Batxillerat Tecnològic|
BSO#Batxillerat Social|
BHU#Batxillerat Humanístic|
BCI#Batxillerat Científic|
BAR#Batxillerat Artístic');
ModUtil::setVar('IWbooks', 'darrer_nivell', '4');
return IWbooks_upgrade(0.9);
case 0.9:
// Codi per a versió 1.0
$dbconn = & DBConnectionStack::getConnection(true);
$pntable = & DBUtil::getTables();
$llibrestable = $pntable['llibres'];
$llibrescolumn = &$pntable['llibres_column'];
$sql = "ALTER TABLE $llibrestable
ADD pn_observacions varchar(100) NOT NULL,
ADD pn_materials text NOT NULL";
$dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
SessionUtil::setVar('errormsg', $llibrestable . $oldversion . __('Failed to update the tables', $dom));
return false;
}
ModUtil::setVar('IWbooks', 'llistar_materials', '1');
ModUtil::setVar('IWbooks', 'mida_font', '11');
ModUtil::setVar('IWbooks', 'marca_aigua', '0');
return IWbooks_upgrade(1.0);
case 1.0:
// Codi per a versió 2.0
ModUtil::delVar('IWbooks', 'darrer_nivell');
ModUtil::setVar('IWbooks', 'nivells', '
1#1r|
2#2n|
3#3r|
4#4t|
5#5è|
6#6è|
A#P3|
B#P4|
C#P5');
if (!DBUtil::changeTable('IWbooks')) {
return false;
}
if (!DBUtil::changeTable('IWbooks_materies')) {
return false;
}
return IWbooks_upgrade(2.0);
break;
}
// Actualització amb èxit
return true;
}
/**
* Return the requested key from input in a safe way.
*
* This function is safe to use for recursive arrays and either
* returns a non-empty string or the (optional) default.
*
* This method is based on FormUtil::getPassedValue but array-safe.
*
* @param string $key The field to return.
* @param mixed $default The value to return if the requested field is not found (optional) (default=false).
* @param string $source The source field to get a parameter from.
* @param string $filter The filter directive to apply.
* @param array $args The filter processing args to apply.
* @param string $objectType The object access path we're getting; used to assign validation errors .
*
* @deprecated since 1.3.0, use request object instead.
*
* @return mixed The requested input key or the specified default.
*/
public static function getPassedValue($key, $default = null, $source = null, $filter = null, array $args = array(), $objectType = null)
{
if (!$key) {
return z_exit(__f('Empty %1$s passed to %2$s.', array('key', 'FormUtil::getPassedValue')));
}
$source = strtoupper($source);
if (!$filter) {
$filter = FILTER_DEFAULT;
}
$args = array();
$failed = null;
switch (true) {
case isset($_REQUEST[$key]) && !isset($_FILES[$key]) && (!$source || $source == 'R' || $source == 'REQUEST'):
if (is_array($_REQUEST[$key])) {
$args['flags'] = FILTER_REQUIRE_ARRAY;
}
$value = filter_var($_REQUEST[$key], $filter, $args);
$failed = $value === false ? $_REQUEST : null;
break;
case isset($_GET[$key]) && (!$source || $source == 'G' || $source == 'GET'):
if (is_array($_GET[$key])) {
$args['flags'] = FILTER_REQUIRE_ARRAY;
}
$value = filter_var($_GET[$key], $filter, $args);
$failed = $value === false ? $_GET : null;
break;
case isset($_POST[$key]) && (!$source || $source == 'P' || $source == 'POST'):
if (is_array($_POST[$key])) {
$args['flags'] = FILTER_REQUIRE_ARRAY;
}
$value = filter_var($_POST[$key], $filter, $args);
$failed = $value === false ? $_POST : null;
break;
case isset($_COOKIE[$key]) && (!$source || $source == 'C' || $source == 'COOKIE'):
if (is_array($_COOKIE[$key])) {
$args['flags'] = FILTER_REQUIRE_ARRAY;
}
$value = filter_var($_COOKIE[$key], $filter, $args);
$failed = $value === false ? $_COOKIE : null;
break;
case isset($_FILES[$key]) && ($source == 'F' || $source == 'FILES'):
if (is_array($_FILES[$key])) {
$args['flags'] = FILTER_REQUIRE_ARRAY;
}
$value = $_FILES[$key];
$failed = $value === false ? $_COOKIE : null;
break;
case (isset($_GET[$key]) || isset($_POST[$key])) && ($source == 'GP' || $source == 'GETPOST'):
if (isset($_GET[$key])) {
if (is_array($_GET[$key])) {
$args['flags'] = FILTER_REQUIRE_ARRAY;
}
$value = filter_var($_GET[$key], $filter, $args);
$failed = $value === false ? $_GET : null;
}
if (isset($_POST[$key])) {
if (is_array($_POST[$key])) {
$args['flags'] = FILTER_REQUIRE_ARRAY;
}
$value = filter_var($_POST[$key], $filter, $args);
$failed = $value === false ? $_POST : null;
}
break;
default:
if ($source) {
static $valid = array('R', 'REQUEST', 'G', 'GET', 'P', 'POST', 'C', 'COOKIE', 'F', 'FILES', 'GP', 'GETPOST');
if (!in_array($source, $valid)) {
z_exit(__f('Invalid input source [%s] received.', DataUtil::formatForDisplay($source)));
return $default;
}
}
$value = $default;
}
if ($failed && $objectType) {
//SessionUtil::setVar ($key, $failed[$key], "/validationErrors/$objectType");
SessionUtil::setVar($objectType, $failed[$key], '/validationFailedObjects');
}
return $value;
}
/**
* Process results from IDS scan.
*
* @param IDS_Init $init PHPIDS init object reference.
* @param IDS_Report $result The result object from PHPIDS.
*
* @return void
*/
private function _processIdsResult(IDS_Init $init, IDS_Report $result)
{
// $result contains any suspicious fields enriched with additional info
// Note: it is moreover possible to dump this information by simply doing
//"echo $result", calling the IDS_Report::$this->__toString() method implicitely.
$requestImpact = $result->getImpact();
if ($requestImpact < 1) {
// nothing to do
return;
}
// update total session impact to track an attackers activity for some time
$sessionImpact = SessionUtil::getVar('idsImpact', 0) + $requestImpact;
SessionUtil::setVar('idsImpact', $sessionImpact);
// let's see which impact mode we are using
$idsImpactMode = System::getVar('idsimpactmode', 1);
$idsImpactFactor = 1;
if ($idsImpactMode == 1) {
$idsImpactFactor = 1;
} elseif ($idsImpactMode == 2) {
$idsImpactFactor = 10;
} elseif ($idsImpactMode == 3) {
$idsImpactFactor = 5;
}
// determine our impact threshold values
$impactThresholdOne = System::getVar('idsimpactthresholdone', 1) * $idsImpactFactor;
$impactThresholdTwo = System::getVar('idsimpactthresholdtwo', 10) * $idsImpactFactor;
$impactThresholdThree = System::getVar('idsimpactthresholdthree', 25) * $idsImpactFactor;
$impactThresholdFour = System::getVar('idsimpactthresholdfour', 75) * $idsImpactFactor;
$usedImpact = ($idsImpactMode == 1) ? $requestImpact : $sessionImpact;
// react according to given impact
if ($usedImpact > $impactThresholdOne) {
// db logging
// determine IP address of current user
$_REMOTE_ADDR = System::serverGetVar('REMOTE_ADDR');
$_HTTP_X_FORWARDED_FOR = System::serverGetVar('HTTP_X_FORWARDED_FOR');
$ipAddress = ($_HTTP_X_FORWARDED_FOR) ? $_HTTP_X_FORWARDED_FOR : $_REMOTE_ADDR;
$currentPage = System::getCurrentUri();
$currentUid = UserUtil::getVar('uid');
$intrusionItems = array();
foreach ($result as $event) {
$eventName = $event->getName();
$malVar = explode(".", $eventName, 2);
$filters = array();
foreach ($event as $filter) {
array_push($filters, array(
'id' => $filter->getId(),
'description' => $filter->getDescription(),
'impact' => $filter->getImpact(),
'tags' => $filter->getTags(),
'rule' => $filter->getRule()));
}
$tagVal = $malVar[1];
$newIntrusionItem = array(
'name' => array($eventName),
'tag' => $tagVal,
'value' => $event->getValue(),
'page' => $currentPage,
'uid' => $currentUid,
'ip' => $ipAddress,
'impact' => $result->getImpact(),
'filters' => serialize($filters),
'date' => DateUtil::getDatetime()
);
if (array_key_exists($tagVal, $intrusionItems)) {
$intrusionItems[$tagVal]['name'][] = $newIntrusionItem['name'][0];
} else {
$intrusionItems[$tagVal] = $newIntrusionItem;
}
}
// log details to database
foreach ($intrusionItems as $tag => $intrusionItem) {
$intrusionItem['name'] = implode(", ", $intrusionItem['name']);
// create new ZIntrusion instance
$obj = new SecurityCenter_DBObject_Intrusion();
// set data
$obj->setData($intrusionItem);
// save object to db
$obj->save();
}
}
if (System::getVar('idsmail') && ($usedImpact > $impactThresholdTwo)) {
// mail admin
// prepare mail text
$mailBody = __('The following attack has been detected by PHPIDS') . "\n\n";
$mailBody .= __f('IP: %s', $ipAddress) . "\n";
$mailBody .= __f('UserID: %s', $currentUid) . "\n";
$mailBody .= __f('Date: %s', DateUtil::strftime(__('%b %d, %Y'), (time()))) . "\n";
if ($idsImpactMode == 1) {
$mailBody .= __f('Request Impact: %d', $requestImpact) . "\n";
} else {
$mailBody .= __f('Session Impact: %d', $sessionImpact) . "\n";
}
$mailBody .= __f('Affected tags: %s', join(' ', $result->getTags())) . "\n";
$attackedParameters = '';
foreach ($result as $event) {
$attackedParameters .= $event->getName() . '=' . urlencode($event->getValue()) . ", ";
}
$mailBody .= __f('Affected parameters: %s', trim($attackedParameters)) . "\n";
$mailBody .= __f('Request URI: %s', urlencode($currentPage));
// prepare other mail arguments
$siteName = System::getVar('sitename');
$adminmail = System::getVar('adminmail');
$mailTitle = __('Intrusion attempt detected by PHPIDS');
if (ModUtil::available('Mailer')) {
$args = array();
$args['fromname'] = $siteName;
$args['fromaddress'] = $adminmail;
$args['toname'] = 'Site Administrator';
$args['toaddress'] = $adminmail;
$args['subject'] = $mailTitle;
$args['body'] = $mailBody;
$rc = ModUtil::apiFunc('Mailer', 'user', 'sendmessage', $args);
} else {
$headers = "From: $siteName <$adminmail>\n"
."X-Priority: 1 (Highest)";
System::mail($adminmail, $mailTitle, $mailBody, $headers);
}
}
if ($usedImpact > $impactThresholdThree) {
// block request
if (System::getVar('idssoftblock')) {
// warn only for debugging the ruleset
LogUtil::registerError(__('Malicious request code / a hacking attempt was detected. This request has NOT been blocked!'));
} else {
throw new Zikula_Exception_Forbidden(__('Malicious request code / a hacking attempt was detected. Thus this request has been blocked.'), null, $result);
}
}
return;
}
/**
* Set the current object data into session.
*
* @param array $data The object data.
* @param string $key The session key.
* @param string $path The session object input path.
* @param boolean $autocreate The autocreate passed to SessionUtil::setVar.
* @param boolean $overwriteExistingVar The overwriteExistingVar variable passed to SessionUtil::setVar.
*
* @return array The session data.
*/
public function setDataToSession($data = null, $key = null, $path = '', $autocreate = true, $overwriteExistingVar = false)
{
if (!$data) {
$data = $this->_objData;
}
if (!$key) {
$key = $this->_objPath;
}
if (!$path) {
$path = $this->_objSessionPath;
}
if (!$this->setDataToSessionPreProcess($data)) {
return false;
}
SessionUtil::setVar($path, $data, $path, $autocreate, $overwriteExistingVar);
$this->_objData = $data;
return $this->_objData;
}
function mediashare_randomblock_display($blockinfo)
{
// Security check
if (!SecurityUtil::checkPermission('mediashare:randomblock:', "{$blockinfo['title']}::{$blockinfo['bid']}", ACCESS_READ)) {
return;
}
$dom = ZLanguage::getModuleDomain('mediashare');
// Get variables from content block
$vars = pnBlockVarsFromContent($blockinfo['content']);
$sessionVarName = 'mediashare_block_' . $blockinfo['bid'];
$sessionVars = SessionUtil::getVar($sessionVarName);
if ($sessionVars == '' || $sessionVars == null) {
$sessionVars = array();
}
if (isset($sessionVars['oldContent']) && isset($sessionVars['lastUpdate'])) {
$past = time() - $sessionVars['lastUpdate'];
if ($past < $vars['cacheTime']) {
// No need to refresh - move old content into real content
$blockinfo['content'] = $sessionVars['oldContent'];
return themesideblock($blockinfo);
}
}
if ($vars['type'] == 'album') {
$randomInfo = pnModAPIFunc('mediashare', 'user', 'getRandomMediaItem', array('albumId' => $vars['albumId'], 'mode' => 'album'));
} else {
if ($vars['type'] == 'latest') {
$randomInfo = pnModAPIFunc('mediashare', 'user', 'getRandomMediaItem', array('latest' => true, 'mode' => 'latest'));
} else {
$randomInfo = pnModAPIFunc('mediashare', 'user', 'getRandomMediaItem');
}
}
if ($randomInfo === false) {
return false;
}
$mediaId = $randomInfo['mediaId'];
$albumId = $randomInfo['albumId'];
if (empty($mediaId)) {
return;
}
// Get image info
$mediaInfo = pnModAPIFunc('mediashare', 'user', 'getMediaItem', array('mediaId' => $mediaId));
// Get album info
$albumInfo = pnModAPIFunc('mediashare', 'user', 'getAlbum', array('albumId' => $albumId));
$originalURL = pnModAPIFunc('mediashare', 'user', 'getMediaUrl', array('mediaItem' => $mediaInfo, 'src' => 'originalRef'));
$previewURL = pnModAPIFunc('mediashare', 'user', 'getMediaUrl', array('mediaItem' => $mediaInfo, 'src' => 'previewRef'));
$thumbnailURL = pnModAPIFunc('mediashare', 'user', 'getMediaUrl', array('mediaItem' => $mediaInfo, 'src' => 'thumbnailRef'));
$albumURL = pnModUrl('mediashare', 'user', 'view', array('aid' => $albumId, 'mid' => $mediaId));
// Create the final HTML by substituting various macros into the user specified HTML code
$substitutes = array('originalURL' => $originalURL, 'previewURL' => $previewURL, 'thumbnailURL' => $thumbnailURL, 'albumURL' => $albumURL, 'title' => $mediaInfo['title'], 'owner' => __('Unknown', $dom), 'albumTitle' => $albumInfo['title']);
$html = $vars['html'];
foreach ($substitutes as $key => $value) {
$pattern = '${' . $key . '}';
$html = str_replace($pattern, $value, $html);
}
$blockinfo['content'] = $html;
$sessionVars['oldContent'] = $html;
$sessionVars['lastUpdate'] = time();
SessionUtil::setVar($sessionVarName, $sessionVars);
// ... and return encapsulated in a theme block
return themesideblock($blockinfo);
}
/**
* Compose the user menu depending on which agendas can access
*
* @param array $args Agenda identity and mounht and year position
*
* @return The user menu
*/
public function menu($args) {
// Security check
$this->throwForbiddenUnless(SecurityUtil::checkPermission('IWagendas::', '::', ACCESS_READ));
$dia = FormUtil::getPassedValue('dia', isset($args['dia']) ? $args['dia'] : date("d"), 'REQUEST');
$mes = FormUtil::getPassedValue('mes', isset($args['mes']) ? $args['mes'] : date("m"), 'REQUEST');
$any = FormUtil::getPassedValue('any', isset($args['any']) ? $args['any'] : date("Y"), 'REQUEST');
$daid = FormUtil::getPassedValue('daid', isset($args['daid']) ? $args['daid'] : 0, 'REQUEST');
$llistat = FormUtil::getPassedValue('llistat', isset($args['llistat']) ? $args['llistat'] : null, 'REQUEST');
$purga = FormUtil::getPassedValue('purga', isset($args['purga']) ? $args['purga'] : null, 'REQUEST');
$reduced = FormUtil::getPassedValue('reduced', isset($args['reduced']) ? $args['reduced'] : 0, 'POST');
$odaid = $daid;
$gdaid = 0;
if ($daid == 0) {
$usability = ModUtil::func('IWagendas', 'user', 'getGdataFunctionsUsability');
if ($usability === true) {
//if user use gCalendar integration and daid is zero get the gCalendar default
$defaultCalendar = ModUtil::apiFunc('IWagendas', 'user', 'getGCalendarUserDefault');
$gdaid = $defaultCalendar['daid'];
}
}
$user = UserUtil::getVar('uid');
if ($gdaid == 0)
$gdaid = $daid;
// If it's a shared agenda, get the data and check the perms
if ($daid != 0) {
// Get the agenda data
$registre = ModUtil::apiFunc('IWagendas', 'user', 'getAgenda', array('daid' => $daid));
//Comprovem que la consulta anterior ha tornat amb resultats
if ($registre == false) {
return SessionUtil::setVar('errormsg', $this->__('Event not found'));
}
} else {
$registre['grup'] = '0';
$registre['resp'] = '';
$registre['activa'] = '';
}
// Check whether the user can access the agenda
$te_acces = ModUtil::func('IWagendas', 'user', 'te_acces', array('daid' => $daid,
'grup' => $registre['grup'],
'resp' => $registre['resp'],
'activa' => $registre['activa']));
// If the user has no access, show an error message and stop execution
if ($te_acces == 0) {
LogUtil::registerError($this->__('You are not allowed to administrate the agendas'));
return System::redirect(ModUtil::url('IWagendas', 'user', 'main'));
}
// Pass the name of the agenda to the template
if ($daid == 0) {
$this->view->assign('agendaname', $this->__('Personal'));
} else {
$this->view->assign('agendaname', $registre['nom_agenda']);
}
$this->view->assign('daid', $daid);
$subsArray = array();
if (UserUtil::isLoggedIn()) {
//get the agendas where the user is subscribed
$subs = ModUtil::apiFunc('IWagendas', 'user', 'getUserSubscriptions');
foreach ($subs as $sub) {
array_push($subsArray, $sub['daid']);
}
}
//get all the agendas where the user can access
$agendas = ModUtil::func('IWagendas', 'user', 'getUserAgendas');
$color = (isset($agendas[$daid]['color'])) ? $agendas[$daid]['color'] : '';
$this->view->assign('color', $color);
$i = 0;
$ipr = 3;
$agendasArray = array();
foreach ($agendas as $agenda) {
if ($agenda['color'] == '') {
// Set a default color
$userColor = '#FFFFFF';
// Get gCalendar user color
$pos = strpos($agenda['gColor'], '|' . $user . '$');
$userColor = ($pos > 0) ? substr($agenda['gColor'], $pos - 7, 7) : '';
$agenda['color'] = $userColor;
}
$newdiv = ($i % $ipr == 0) ? 1 : 0;
$enddiv = ($i % $ipr == $ipr - 1 || $i == count($agendas) - 1) ? 1 : 0;
$i++;
$subs = (!in_array($agenda['daid'], $subsArray)) ? 0 : 1;
$gCalendar = (isset($agenda['gCalendarId']) && $agenda['gCalendarId'] != '') ? 1 : 0;
$name = (strlen($agenda['nom_agenda']) > 13) ? mb_strimwidth($agenda['nom_agenda'], 0, 13, '...') : $agenda['nom_agenda'];
$agendasArray[] = array('nom_agenda' => $name,
'fullName' => $agenda['nom_agenda'],
'daid' => $agenda['daid'],
'color' => $agenda['color'],
'subs' => $subs,
'newdiv' => $newdiv,
'enddiv' => $enddiv,
'gCalendar' => $gCalendar);
}
// Pass the array of agendas to the template
$this->view->assign('agendas', $agendasArray);
// Build an array with the months and pass it to the template
$months = array(array('id' => 1,
'name' => $this->__('January')),
array('id' => 2,
'name' => $this->__('February')),
array('id' => 3,
'name' => $this->__('March')),
array('id' => 4,
'name' => $this->__('April')),
array('id' => 5,
'name' => $this->__('May')),
array('id' => 6,
'name' => $this->__('June')),
array('id' => 7,
'name' => $this->__('July')),
array('id' => 8,
'name' => $this->__('August')),
array('id' => 9,
'name' => $this->__('September')),
array('id' => 10,
'name' => $this->__('October')),
array('id' => 11,
'name' => $this->__('November')),
array('id' => 12,
'name' => $this->__('December')));
$this->view->assign('months', $months);
// Build an array with the years and pass it to the template
for ($i = 2000; $i < 2040; $i++) {
$years[] = array('id' => $i,
'name' => $i);
}
$this->view->assign('years', $years);
// Set default values: current month and year
if (!isset($mes))
$mes = date("m");
if (!isset($any))
$any = date("Y");
$this->view->assign('mes', $mes)
->assign('any', $any)
->assign('list', $llistat); // This must be a hidden param in the form
$nombrenotes = 0;
// Get the info of the agenda select and the month and year selects
if (UserUtil::isLoggedIn()) {
// Check whether the user has been subscribed to any agendas
$this->view->assign('subscriptions', ModUtil::apiFunc('IWagendas', 'user', 'avissubscripcio'));
// The user has been notified. Remove the notification indicator
ModUtil::apiFunc('IWagendas', 'user', 'treuavis');
// The agenda admin must see usage info
if ($te_acces == 4) {
$nombrenotes = ModUtil::apiFunc('IWagendas', 'user', 'comptanotes', array('daid' => $daid));
$maxnotes = ModUtil::getVar('IWagendas', 'maxnotes');
$avislimits = ModUtil::apiFunc('IWagendas', 'user', 'avislimits', array('daid' => $daid));
// If the user has achieved the maximum number of notes, increase the counter
if (($nombrenotes >= $maxnotes) && ($maxnotes != 0)) {
ModUtil::apiFunc('IWagendas', 'user', 'pujaavis', array('daid' => $daid,
'value' => $avislimits + 1));
}
// If the user has accessed main agenda page more than 10 times, show a form inviting to delete notes and reset the variable
if ($avislimits >= 10 || $purga == 1) {
$this->view->assign('dia', $dia)
->assign('purga', true)
->assign('delete_previous', date('d/m/Y', time() - 60 * 24 * 60 * 60), 10, 10);
ModUtil::apiFunc('IWagendas', 'user', 'pujaavis', array('daid' => $daid,
'value' => 0));
}
}
}
// Get the options (the user menu)
if ($te_acces >= 2) {
if ($daid == 0) {
// User logged in and is personal agenda or is admin => New annotation
$user_menu[] = array('url' => DataUtil::formatForDisplay(ModUtil::url('IWagendas', 'user', 'nova', array('mes' => $mes,
'any' => $any,
'dia' => $dia,
'tasca' => 0,
'daid' => $gdaid,
'odaid' => $odaid))),
'text' => $this->__('Insert a new event'));
// Is personal agenda => Add new task link
$user_menu[] = array('url' => DataUtil::formatForDisplay(ModUtil::url('IWagendas', 'user', 'nova', array('mes' => $mes,
'any' => $any,
'dia' => $dia,
'tasca' => 1,
'daid' => 0))),
'text' => $this->__('Add a new task'));
} else {
if ((strpos($registre['gAccessLevel'], '$owne|' . $user . '$') !== false || $registre['gCalendarId']) == '') {
// User logged in and is personal agenda or is admin => New annotation
$user_menu[] = array('url' => DataUtil::formatForDisplay(ModUtil::url('IWagendas', 'user', 'nova', array('mes' => $mes,
'any' => $any,
'dia' => $dia,
'tasca' => 0,
'daid' => $gdaid,
'odaid' => $odaid))),
'text' => $this->__('Insert a new event'));
}
}
}
if ($llistat == '1' ||
!isset($llistat)) { // Show calendar or list
$user_menu[] = array('url' => DataUtil::formatForDisplay(ModUtil::url('IWagendas', 'user', 'main', array('mes' => $mes,
'any' => $any,
'llistat' => -1,
'daid' => $daid))),
'text' => $this->__('Calendar view'));
} else {
$user_menu[] = array('url' => DataUtil::formatForDisplay(ModUtil::url('IWagendas', 'user', 'main', array('mes' => $mes,
'any' => $any,
'llistat' => 1,
'daid' => $daid))),
'text' => $this->__('List view'));
}
if ($daid > 0) {
// Shared agenda
if ($te_acces == 4 && $registre['gCalendarId'] == '') {
// User is admin => Link to subscribe everybody who can access
$user_menu[] = array('url' => DataUtil::formatForDisplay(ModUtil::url('IWagendas', 'user', 'substots', array('mes' => $mes,
'any' => $any,
'daid' => $daid))),
'text' => $this->__('Subscribe automaticaly everybody with access to this agenda'));
}
}
if (ModUtil::func('IWagendas', 'user', 'getGdataFunctionsUsability') === true && ($daid == 0 || $registre['gCalendarId'] != '')) {
$user_menu[] = array('url' => DataUtil::formatForDisplay(ModUtil::url('IWagendas', 'user', 'removeGCalendarUseVar', array('mes' => $mes,
'any' => $any,
'daid' => $daid))),
'text' => $this->__('Refresh'));
}
if (ModUtil::getVar('IWagendas', 'calendariescolar') == 1) {
// Schoolar calendar available => Show link
$user_menu[] = array('url' => DataUtil::formatForDisplay(ModUtil::url('IWagendas', 'user', 'cescolar', array('mes' => $mes,
'any' => $any,
'daid' => $daid))),
'text' => $this->__('School calendar'));
}
$width_usage = '';
$percentage = '';
if ($te_acces == 4 && ($daid == 0 || (isset($registre['gAccessLevel']) && strpos($registre['gAccessLevel'], '$owne|' . $user . '$') !== false) || (isset($registre['gCalendarId']) && $registre['gCalendarId'] == ''))) {
// User logged in and is personal agenda or is admin
$maxnotes = ModUtil::getVar('IWagendas', 'maxnotes');
if ($maxnotes != 0) { // There's a limit on the amount of annotations
$percentage = round($nombrenotes * 100 / $maxnotes);
$width_usage = ($percentage > 100) ? 100 : $percentage;
}
$user_menu[] = array('url' => DataUtil::formatForDisplay(ModUtil::url('IWagendas', 'user', 'main', array('mes' => $mes,
'any' => $any,
'daid' => $daid,
'purga' => 1))),
'text' => $this->__('Delete events previous to given date'));
}
$today = array('month' => date('m'),
'year' => date('Y'));
return $this->view->assign('number_of_notes', $nombrenotes)
->assign('width_usage', $width_usage)
->assign('percentage', $percentage)
->assign('user_menu', $user_menu)
->assign('reduced', $reduced)
->assign('today', $today)
->fetch('IWagendas_user_menu.htm');
}
/**
* Perform the search then show the results
*
* This function includes all the search plugins, then call every one passing
* an array that contains the string to search for, the boolean operators.
*
* @return string HTML string templated
*/
public function search()
{
// Security check
if (!SecurityUtil::checkPermission('Search::', '::', ACCESS_READ)) {
return LogUtil::registerPermissionError();
}
// get parameter from HTTP input
$vars = array();
$vars['q'] = strip_tags(FormUtil::getPassedValue('q', '', 'REQUEST'));
$vars['searchtype'] = FormUtil::getPassedValue('searchtype', SessionUtil::getVar('searchtype'), 'REQUEST');
$vars['searchorder'] = FormUtil::getPassedValue('searchorder', SessionUtil::getVar('searchorder'), 'REQUEST');
$vars['numlimit'] = $this->getVar('itemsperpage', 25);
$vars['page'] = (int) FormUtil::getPassedValue('page', 1, 'REQUEST');
// $firstpage is used to identify the very first result page
// - and to disable calls to plugins on the following pages
$vars['firstPage'] = !isset($_REQUEST['page']);
// The modulename exists in this array as key, if the checkbox was filled
$vars['active'] = FormUtil::getPassedValue('active', SessionUtil::getVar('searchactive'), 'REQUEST');
// All formular data from the modules search plugins is contained in:
$vars['modvar'] = FormUtil::getPassedValue('modvar', SessionUtil::getVar('searchmodvar'), 'REQUEST');
if (empty($vars['q'])) {
LogUtil::registerError($this->__('Error! You did not enter any keywords to search for.'));
$this->redirect(ModUtil::url('Search', 'user', 'form'));
}
// set some defaults
if (!isset($vars['searchtype']) || empty($vars['searchtype'])) {
$vars['searchtype'] = 'AND';
} else {
SessionUtil::setVar('searchtype', $vars['searchtype']);
}
if (!isset($vars['searchorder']) || empty($vars['searchorder'])) {
$vars['searchorder'] = 'newest';
} else {
SessionUtil::setVar('searchorder', $vars['searchorder']);
}
if (!isset($vars['active']) || !is_array($vars['active']) || empty($vars['active'])) {
$vars['active'] = array();
} else {
SessionUtil::setVar('searchactive', $vars['active']);
}
if (!isset($vars['modvar']) || !is_array($vars['modvar']) || empty($vars['modvar'])) {
$vars['modvar'] = array();
} else {
SessionUtil::setVar('searchmodvar', $vars['modvar']);
}
/*
// FIXME: Cannot cache correctly while do not know
// the parameters passed to the search plugins, and
// build a complete cache_id
// setup an individual cache
$lifetime = ModUtil::getVar('Theme', 'render_lifetime');
$lifetime = $lifetime ? $lifetime : 3600;
$cacheid = md5($vars['q'].'-'.$vars['searchtype'].'-'.$vars['searchorder']).'/'.UserUtil::getGidCacheString().'/page'.$vars['page'];
$this->view->setCaching(Zikula_View::CACHE_INDIVIDUAL)
->setCacheLifetime($lifetime)
->setCacheId($cacheid);
// check if the contents are cached
if ($this->view->is_cached('search_user_results.tpl')) {
return $this->view->fetch('search_user_results.tpl');
}
*/
$result = ModUtil::apiFunc('Search', 'user', 'search', $vars);
// Get number of chars to display in search summaries
$limitsummary = $this->getVar('limitsummary');
if (empty($limitsummary)) {
$limitsummary = 200;
}
$this->view->assign('resultcount', $result['resultCount'])->assign('results', $result['sqlResult'])->assign($this->getVars())->assign($vars)->assign('limitsummary', $limitsummary);
// log the search if on first page
if ($vars['firstPage']) {
ModUtil::apiFunc('Search', 'user', 'log', $vars);
}
// Return the output that has been generated by this function
return $this->view->fetch('search_user_results.tpl');
}
/**
* Fix language to session.
*
* @return void
*/
private function fixLanguageToSession()
{
if ($this->langFixSession) {
SessionUtil::setVar('language', $this->languageCode);
}
}
/**
* Get the user permissions for the noteboard
* @author: Albert Pérez Monfort (aperezm@xtec.cat)
* @param: args The id of the note
* The string of mached notes by the user
* @return: True if success and false otherwise
*/
public function permisos($args) {
$uid = FormUtil::getPassedValue('uid', isset($args['uid']) ? $args['uid'] : UserUtil::getVar('uid'), 'POST');
$sv = FormUtil::getPassedValue('sv', isset($args['sv']) ? $args['sv'] : null, 'POST');
$requestByCron = false;
if (!ModUtil::func('IWmain', 'user', 'checkSecurityValue', array('sv' => $sv))) {
// Security check
if (!SecurityUtil::checkPermission('IWnoteboard::', '::', ACCESS_READ)) {
return LogUtil::registerPermissionError();
}
} else {
$requestByCron = true;
}
$n_permisos = 0;
$nivell_permisos = array();
//if user is not registered have a fixed permissions
if (!UserUtil::isLoggedIn() && !$requestByCron) {
$nivell_permisos = array('nivell' => 1,
'verifica' => 2,
'potverificar' => false,
'grups' => array(0));
//return not registered permissions
return $nivell_permisos;
}
// Arguments needed
if (!isset($uid) || ($uid != UserUtil::getVar('uid') && !$requestByCron)) {
SessionUtil::setVar('errormsg', $this->__('Error! Could not do what you wanted. Please check your input.'));
return $nivell_permisos;
}
$myJoin = array();
$myJoin[] = array('join_table' => 'groups',
'join_field' => array('gid'),
'object_field_name' => array('gid'),
'compare_field_table' => 'gid',
'compare_field_join' => 'gid');
$myJoin[] = array('join_table' => 'group_membership',
'join_field' => array(),
'object_field_name' => array(),
'compare_field_table' => 'gid',
'compare_field_join' => 'gid');
$pntables = DBUtil::getTables();
$ccolumn = $pntables['groups_column'];
$ocolumn = $pntables['group_membership_column'];
$where = "b.$ocolumn[gid] = a.$ccolumn[gid] AND b.$ocolumn[uid] = $uid";
$items = DBUtil::selectExpandedObjectArray('groups', $myJoin, $where, '');
// Check for an error with the database code, and if so set an appropriate
// error message and return
if ($items === false) {
return $nivell_permisos;
}
$verifica = 2;
$potverificar = false;
$permisosModVar = ModUtil::getVar('IWnoteboard', 'permisos');
$verificaModVar = ModUtil::getVar('IWnoteboard', 'verifica');
$quiverificaModVar = ModUtil::getVar('IWnoteboard', 'quiverifica');
foreach ($items as $item) {
// get user permissions level
$permis = substr($permisosModVar, strpos($permisosModVar, '$' . $item['gid'] . '-') + strlen($item['gid']) + 2, 1);
$verifica = (strpos($verificaModVar, '$' . $item['gid'] . '$') != 0 && $verifica != 1) ? 0 : 1;
if ($permis > $n_permisos) {
$n_permisos = $permis;
}
if ($quiverificaModVar == $item['gid']) {
$potverificar = true;
}
$grups[] = $item['gid'];
}
$nivell_permisos = array('nivell' => $n_permisos,
'verifica' => $verifica,
'potverificar' => $potverificar,
'grups' => $grups);
return $nivell_permisos;
}
/**
* Set a session variable
*
* @deprecated
* @see SessionUtil::setVar()
* @param string $name of the session variable to set
* @param value $value to set the named session variable
* @return bool true
*/
function pnSessionSetVar($name, $value)
{
LogUtil::log(__f('Warning! Function %1$s is deprecated. Please use %2$s instead.', array(
'pnSessionsetVar()',
'SessionUtil::setVar()')), E_USER_DEPRECATED);
return SessionUtil::setVar($name, $value);
}
/**
* This method provides a generic item detail view.
*
* @param string $ot Treated object type.
* @param string $tpl Name of alternative template (for alternative display options, feeds and xml output)
* @param boolean $raw Optional way to display a template instead of fetching it (needed for standalone output)
* @return mixed Output.
*/
public function display($args)
{
// DEBUG: permission check aspect starts
$this->throwForbiddenUnless(SecurityUtil::checkPermission('MUBoard::', '::', ACCESS_READ));
// DEBUG: permission check aspect ends
// parameter specifying which type of objects we are treating
$objectType = isset($args['ot']) && !empty($args['ot']) ? $args['ot'] : $this->request->getGet()->filter('ot', 'category', FILTER_SANITIZE_STRING);
$utilArgs = array('controller' => 'user', 'action' => 'display');
if (!in_array($objectType, MUBoard_Util_Controller::getObjectTypes('controllerAction', $utilArgs))) {
$objectType = MUBoard_Util_Controller::getDefaultObjectType('controllerAction', $utilArgs);
}
$repository = $this->entityManager->getRepository('MUBoard_Entity_' . ucfirst($objectType));
$idFields = ModUtil::apiFunc($this->name, 'selection', 'getIdFields', array('ot' => $objectType));
// retrieve identifier of the object we wish to view
$idValues = MUBoard_Util_Controller::retrieveIdentifier($this->request, $args, $objectType, $idFields);
$hasIdentifier = MUBoard_Util_Controller::isValidIdentifier($idValues);
// check for unique permalinks (without id)
$hasSlug = false;
$slugTitle = '';
if ($hasIdentifier === false) {
$entityClass = 'MUBoard_Entity_' . ucfirst($objectType);
$objectTemp = new $entityClass();
$hasSlug = $objectTemp->get_hasUniqueSlug();
if ($hasSlug) {
$slugTitle = isset($args['title']) && !empty($args['title']) ? $args['title'] : $this->request->getGet()->filter('title', '', FILTER_SANITIZE_STRING);
$hasSlug = !empty($slugTitle);
}
}
$hasIdentifier |= $hasSlug;
$this->throwNotFoundUnless($hasIdentifier, $this->__('Error! Invalid identifier received.'));
$entity = ModUtil::apiFunc($this->name, 'selection', 'getEntity', array('ot' => $objectType, 'id' => $idValues, 'slug' => $slugTitle));
$this->throwNotFoundUnless($entity != null, $this->__('No such item.'));
// we take the children postings of the parent issue
if ($objectType == 'posting') {
$postingid = $entity['id'];
$postingsWhere = 'tbl.parent = \'' . DataUtil::formatForStore($postingid) . '\'';
$order = ModUtil::getVar($this->name, 'sortingPostings');
if ($order == 'descending') {
$sdir = 'desc';
} else {
$sdir = 'asc';
}
$selectionArgs = array('ot' => 'posting', 'where' => $postingsWhere, 'orderBy' => 'createdDate' . ' ' . $sdir);
// the current offset which is used to calculate the pagination
$currentPage = (int) (isset($args['pos']) && !empty($args['pos'])) ? $args['pos'] : $this->request->getGet()->filter('pos', 1, FILTER_VALIDATE_INT);
// the number of items displayed on a page for pagination
$resultsPerPage = (int) (isset($args['num']) && !empty($args['num'])) ? $args['num'] : $this->request->getGet()->filter('num', 0, FILTER_VALIDATE_INT);
if ($resultsPerPage == 0) {
$csv = (int) (isset($args['usecsv']) && !empty($args['usecsv'])) ? $args['usecsv'] : $this->request->getGet()->filter('usecsvext', 0, FILTER_VALIDATE_INT);
$resultsPerPage = $csv == 1 ? 999999 : $this->getVar('pagesize', 10);
}
$selectionArgs['currentPage'] = $currentPage;
$selectionArgs['resultsPerPage'] = $resultsPerPage;
list($entities, $objectCount) = ModUtil::apiFunc($this->name, 'selection', 'getEntitiesPaginated', $selectionArgs);
// we check if the user may see the form to answer to posting
$mayEdit = MUBoard_Util_Controller::mayEdit($id);
$this->view->assign('mayEdit', $mayEdit);
}
if ($objectType == 'forum') {
$forumid = $entity['id'];
$parentWhere = 'tbl.parent_id IS NULL';
$parentWhere .= ' AND ';
$parentWhere .= 'tbl.forum = \'' . DataUtil::formatForStore($forumid) . '\'';
$order = ModUtil::getVar($this->name, 'sortingPostings');
if ($order == 'descending') {
$sdir = 'desc';
} else {
$sdir = 'asc';
}
$selectionArgs = array('ot' => 'posting', 'where' => $parentWhere, 'orderBy' => 'createdDate' . ' ' . $sdir);
// the current offset which is used to calculate the pagination
$currentPage = (int) (isset($args['pos']) && !empty($args['pos'])) ? $args['pos'] : $this->request->getGet()->filter('pos', 1, FILTER_VALIDATE_INT);
// the number of items displayed on a page for pagination
$resultsPerPage = (int) (isset($args['num']) && !empty($args['num'])) ? $args['num'] : $this->request->getGet()->filter('num', 0, FILTER_VALIDATE_INT);
if ($resultsPerPage == 0) {
$csv = (int) (isset($args['usecsv']) && !empty($args['usecsv'])) ? $args['usecsv'] : $this->request->getGet()->filter('usecsvext', 0, FILTER_VALIDATE_INT);
$resultsPerPage = $csv == 1 ? 999999 : $this->getVar('pagesize', 10);
}
$selectionArgs['currentPage'] = $currentPage;
$selectionArgs['resultsPerPage'] = $resultsPerPage;
list($entities, $objectCount) = ModUtil::apiFunc($this->name, 'selection', 'getEntitiesPaginated', $selectionArgs);
}
// build ModUrl instance for display hooks
$currentUrlArgs = array('ot' => $objectType);
foreach ($idFields as $idField) {
$currentUrlArgs[$idField] = $idValues[$idField];
}
// add a call to the posting
if ($objectType == 'posting') {
MUBoard_Util_Model::addView($idValues);
}
// get actual time
$nowtime = DateUtil::getDatetime();
// set sessionvar with calling time
SessionUtil::setVar('muboardonline', $nowtime);
$currentUrlObject = new Zikula_ModUrl($this->name, 'user', 'display', ZLanguage::getLanguageCode(), $currentUrlArgs);
$type = $this->request->getGet()->filter('type', 'admin', FILTER_SANITIZE_STRING);
$func = $this->request->getGet()->filter('func', 'view', FILTER_SANITIZE_STRING);
$editPostings = ModUtil::getVar($this->name, 'editPostings');
// assign output data to view object.
$this->view->assign($objectType, $entity)->assign('postings', $entities)->assign('currentUrlObject', $currentUrlObject)->assign('func', $func)->assign('editPostings', $editPostings)->assign($repository->getAdditionalTemplateParameters('controllerAction', $utilArgs));
$this->view->assign('currentPage', $currentPage)->assign('pager', array('numitems' => $objectCount, 'itemsperpage' => $resultsPerPage));
$dom = ZLanguage::getModuleDomain($this->name);
// we set Pagetitle
$sitename = ModUtil::getVar('ZConfig', 'sitename');
if ($objectType == 'category') {
$titletobject = __('Forum - Category: ', $dom);
}
if ($objectType == 'forum') {
$titletobject = __('Forum - Category: ', $dom) . ' ' . $entity['category']['title'] . ' - ' . __('Forum: ', $dom);
}
if ($objectType == 'posting') {
$titletobject = 'Forum: ' . ' ' . $entity['forum']['title'] . ' - ' . __('Issue: ', $dom);
}
PageUtil::setVar('title', $sitename . ' - ' . $titletobject . ' ' . $entity['title']);
// we set description
if ($objectType == 'category' || $objectType == 'forum') {
$descriptionobject = $entity['description'];
}
if ($objectType == 'posting') {
$descriptionobject = $entity['text'];
$descriptionobject = substr($descriptionobject, 0, 160) . '...';
}
PageUtil::setVar('description', $descriptionobject);
// fetch and return the appropriate template
return MUBoard_Util_View::processTemplate($this->view, 'user', $objectType, 'display', $args);
}
/**
* Upgrade a module.
*
* @param array $args All parameters passed to this function.
* numeric $args['id'] The module ID.
* boolean $args['interactive_upgrade'] Whether or not to upgrade in interactive mode.
*
* @return boolean True on success, false on failure.
*/
public function upgrade($args)
{
// Argument check
if (!isset($args['id']) || !is_numeric($args['id'])) {
return LogUtil::registerArgsError();
}
// Get module information
$modinfo = ModUtil::getInfo($args['id']);
if (empty($modinfo)) {
return LogUtil::registerError($this->__('Error! No such module ID exists.'));
}
switch ($modinfo['state']) {
case ModUtil::STATE_NOTALLOWED:
return LogUtil::registerError($this->__f('Error! No permission to upgrade %s.', $modinfo['name']));
break;
default:
if ($modinfo['state'] > 10) {
return LogUtil::registerError($this->__f('Error! %s is not compatible with this version of Zikula.', $modinfo['name']));
}
}
$osdir = DataUtil::formatForOS($modinfo['directory']);
ModUtil::dbInfoLoad($modinfo['name'], $osdir);
$modpath = $modinfo['type'] == ModUtil::TYPE_SYSTEM ? 'system' : 'modules';
// load module maintainence functions
$oomod = ModUtil::isOO($modinfo['name']);
if ($oomod) {
ZLoader::addAutoloader($osdir, "{$modpath}/{$osdir}/lib");
}
$bootstrap = "{$modpath}/{$osdir}/bootstrap.php";
if (file_exists($bootstrap)) {
include_once $bootstrap;
}
if ($modinfo['type'] == ModUtil::TYPE_MODULE) {
if (is_dir("modules/{$osdir}/locale")) {
ZLanguage::bindModuleDomain($modinfo['name']);
}
}
if (!$oomod && file_exists($file = "{$modpath}/{$osdir}/pninit.php")) {
if (!(include_once $file)) {
LogUtil::registerError($this->__f("Error! Could not load a required file: '%s'.", $file));
}
}
if ($oomod) {
$className = ucwords($modinfo['name']) . '_Installer';
$reflectionInstaller = new ReflectionClass($className);
if (!$reflectionInstaller->isSubclassOf('Zikula_AbstractInstaller')) {
LogUtil::registerError($this->__f("%s must be an instance of Zikula_AbstractInstaller", $className));
}
$installer = $reflectionInstaller->newInstanceArgs(array($this->serviceManager));
$interactiveClass = ucwords($modinfo['name']) . '_Controller_Interactiveinstaller';
$interactiveController = null;
if (class_exists($interactiveClass)) {
$reflectionInteractive = new ReflectionClass($interactiveClass);
if (!$reflectionInteractive->isSubclassOf('Zikula_Controller_AbstractInteractiveInstaller')) {
LogUtil::registerError($this->__f("%s must be an instance of Zikula_Controller_AbstractInteractiveInstaller", $className));
}
$interactiveController = $reflectionInteractive->newInstance($this->serviceManager);
}
}
// perform the actual upgrade of the module
$func = $oomod ? array($installer, 'upgrade') : $modinfo['name'] . '_upgrade';
$interactive_func = $oomod ? array($interactiveController, 'upgrade') : $modinfo['name'] . '_init_interactiveupgrade';
// allow bypass of interactive upgrade during a new installation only.
if (System::isInstalling() && is_callable($interactive_func) && !is_callable($func)) {
return;
// return void here
}
if (isset($args['interactive_upgrade']) && $args['interactive_upgrade'] == false && is_callable($interactive_func)) {
if (is_array($interactive_func)) {
// This must be an OO controller since callable is an array.
// Because interactive installers extend the Zikula_AbstractController, is_callable will always return true because of the __call()
// so we must check if the method actually exists by reflection - drak
if ($reflectionInteractive->hasMethod('upgrade')) {
SessionUtil::setVar('interactive_upgrade', true);
return call_user_func($interactive_func, array('oldversion' => $modinfo['version']));
}
} else {
// this is enclosed in the else so that if both conditions fail, execution will pass onto the non-interactive execution below.
SessionUtil::setVar('interactive_upgrade', true);
return call_user_func($interactive_func, array('oldversion' => $modinfo['version']));
}
}
// non-interactive
if (is_callable($func)) {
$result = call_user_func($func, $modinfo['version']);
if (is_string($result)) {
if ($result != $modinfo['version']) {
// update the last successful updated version
$modinfo['version'] = $result;
$obj = DBUtil::updateObject($modinfo, 'modules', '', 'id', true);
}
return false;
} elseif ($result != true) {
return false;
}
}
$modversion['version'] = '0';
$modversion = Extensions_Util::getVersionMeta($osdir, $modpath);
$version = $modversion['version'];
// Update state of module
$result = $this->setState(array('id' => $args['id'], 'state' => ModUtil::STATE_ACTIVE));
if ($result) {
LogUtil::registerStatus($this->__("Done! Module has been upgraded. Its status is now 'Active'."));
} else {
return false;
}
// Note the changes in the database...
// Get module database info
ModUtil::dbInfoLoad('Extensions');
$obj = array('id' => $args['id'], 'version' => $version);
DBUtil::updateObject($obj, 'modules');
// legacy to be removed from 1.4 - remove hooks during upgrade since we cannot rely on
// module authors to do this - drak
if ($oomod) {
$tables = DBUtil::getTables();
$hooksCol = $tables['hooks_column'];
$where = "{$hooksCol['smodule']} = '{$modinfo['name']}' OR {$hooksCol['tmodule']} = '{$modinfo['name']}'";
$hooks = DBUtil::selectObjectArray('hooks', $where);
if ($hooks) {
foreach ($hooks as $hook) {
DBUtil::deleteObject($hook, 'hooks');
}
LogUtil::registerStatus($this->__f("NOTICE! Legacy hook configurations for %s have been removed.", $modinfo['name']));
}
}
// Upgrade succeeded, issue event.
$event = new Zikula_Event('installer.module.upgraded', null, $modinfo);
$this->eventManager->notify($event);
// Success
return true;
}
/**
* Input data processing called by handleCommand method.
*
* @param Zikula_Form_View $view The form view instance.
* @param array $args Additional arguments.
*
* @return array form data after processing.
*/
public function fetchInputData(Zikula_Form_View $view, &$args)
{
// fetch posted data input values as an associative array
$formData = $this->view->getValues();
// we want the array with our field values
$entityData = $formData[$this->objectTypeLower];
unset($formData[$this->objectTypeLower]);
// get treated entity reference from persisted member var
$entity = $this->entityRef;
if ($args['commandName'] != 'cancel') {
if (count($this->uploadFields) > 0) {
$entityData = $this->handleUploads($entityData, $entity);
if ($entityData == false) {
return false;
}
}
if (count($this->listFields) > 0) {
foreach ($this->listFields as $listField => $multiple) {
if (!$multiple) {
continue;
}
if (is_array($entityData[$listField])) {
$values = $entityData[$listField];
$entityData[$listField] = '';
if (count($values) > 0) {
$entityData[$listField] = '###' . implode('###', $values) . '###';
}
}
}
}
} else {
// remove fields for form options to prevent them being merged into the entity object
if (count($this->uploadFields) > 0) {
foreach ($this->uploadFields as $uploadField => $isMandatory) {
if (isset($entityData[$uploadField . 'DeleteFile'])) {
unset($entityData[$uploadField . 'DeleteFile']);
}
}
}
}
if (isset($entityData['repeatCreation'])) {
if ($this->mode == 'create') {
$this->repeatCreateAction = $entityData['repeatCreation'];
}
unset($entityData['repeatCreation']);
}
if (isset($entityData['additionalNotificationRemarks'])) {
SessionUtil::setVar($this->name . 'AdditionalNotificationRemarks', $entityData['additionalNotificationRemarks']);
unset($entityData['additionalNotificationRemarks']);
}
// search for relationship plugins to update the corresponding data
$entityData = $this->writeRelationDataToEntity($view, $entity, $entityData);
// assign fetched data
$entity->merge($entityData);
// we must persist related items now (after the merge) to avoid validation errors
// if cascades cause the main entity becoming persisted automatically, too
$this->persistRelationData($view);
// save updated entity
$this->entityRef = $entity;
// return remaining form data
return $formData;
}
public function viewStats($args) {
$statsSaved = unserialize(SessionUtil::getVar('statsSaved'));
$moduleName = (isset($statsSaved['moduleName'])) ? $statsSaved['moduleName'] : '';
$fromDate = (isset($statsSaved['fromDate'])) ? $statsSaved['fromDate'] : null;
$toDate = (isset($statsSaved['toDate'])) ? $statsSaved['toDate'] : '';
$moduleName = FormUtil::getPassedValue('moduleName', isset($args['moduleName']) ? $args['moduleName'] : $moduleName, 'GETPOST');
$uname = FormUtil::getPassedValue('uname', isset($args['uname']) ? $args['uname'] : $statsSaved['uname'], 'GETPOST');
$fromDate = FormUtil::getPassedValue('fromDate', isset($args['fromDate']) ? $args['fromDate'] : $fromDate, 'GETPOST');
$toDate = FormUtil::getPassedValue('toDate', isset($args['toDate']) ? $args['toDate'] : $toDate, 'GETPOST');
$uid = FormUtil::getPassedValue('uid', isset($args['uid']) ? $args['uid'] : 0, 'GETPOST');
if ($uid > 0) {
$uname = UserUtil::getVar('uname', $uid);
}
SessionUtil::setVar('statsSaved', serialize(array('uname' => $uname,
'moduleName' => $moduleName,
'fromDate' => $fromDate,
'toDate' => $toDate,
)));
if (!SecurityUtil::checkPermission('IWstats::', '::', ACCESS_ADMIN)) {
throw new Zikula_Exception_Forbidden();
}
$uid = 0;
$rpp = 50;
$lastDays = 10;
$nusers = 0;
if ($uname != null && $uname != '') {
// get user id from uname
$uid = UserUtil::getIdFromName($uname);
if (!$uid) {
LogUtil::registerError(__f('User \'%s\' not found', array($uname)));
$uname = '';
}
}
$time = time();
if ($fromDate != null) {
$fromDate = mktime(0, 0, 0, substr($fromDate, 3, 2), substr($fromDate, 0, 2), substr($fromDate, 6, 4));
$fromDate = date('Y-m-d 00:00:00', $fromDate);
$fromDate = DateUtil::makeTimestamp($fromDate);
$fromDate = date('d-m-Y', $fromDate);
} else {
$fromDate = date('d-m-Y', $time - $lastDays * 24 * 60 * 60);
}
if ($toDate != null) {
$toDate = mktime(0, 0, 0, substr($toDate, 3, 2), substr($toDate, 0, 2), substr($toDate, 6, 4));
$toDate = date('Y-m-d 00:00:00', $toDate);
$toDate = DateUtil::makeTimestamp($toDate);
$toDate = date('d-m-Y', $toDate);
} else {
$toDate = date('d-m-Y', $time);
}
// get last records
$records = ModUtil::apiFunc('IWstats', 'user', 'getAllSummary', array('rpp' => -1,
'init' => -1,
'fromDate' => $fromDate,
'toDate' => $toDate,
));
// get all modules
$modules = ModUtil::apiFunc('Extensions', 'admin', 'listmodules', array('state' => 0));
foreach ($modules as $module) {
$modulesNames[$module['id']] = $module['name'];
$modulesArray[] = array('id' => $module['id'],
'name' => $module['name']);
}
$modulesNames[0] = $this->__('unknown');
$usersListArray = array();
$moduleStatsArray = array();
$userModulesArray = array();
$userArray = array();
$moduleArray = array();
$usersForModule = array();
$users = array();
$usersIpCounter = 0;
$nRecords = 0;
$userNRecords = 0;
$usersList = '';
$userName = '';
foreach ($records as $record) {
$nRecords = $nRecords + $record['nrecords'];
$usersIpCounter = $usersIpCounter + $record['nips'];
$users = explode('$$', substr($record['users'], 1, -1)); // substr to remove $ in the begining and the end of the string
foreach ($users as $user) {
$oneUser = explode('|', $user);
if (!in_array($oneUser[0], $usersListArray)) {
$nusers++;
$usersListArray[] = $oneUser[0];
}
if ($oneUser[0] == $uid && $uid > 0) {
$userInit = '$' . $uid . '|';
$userDataPos = strpos($record['users'], $userInit);
$subDataPre = substr($record['users'], $userDataPos + strlen($userInit));
$userDataPos = strpos($subDataPre, '$');
$subDataPre = substr($subDataPre, 0, $userDataPos);
$userModules = explode('#', $subDataPre);
foreach ($userModules as $module) {
$oneModule = explode('=', $module);
if (array_key_exists($modulesNames[$oneModule[0]], $userModulesArray)) {
$userModulesArray[$modulesNames[$oneModule[0]]] = $oneModule[1];
} else {
$userModulesArray[$modulesNames[$oneModule[0]]] = $userModulesArray[$modulesNames[$oneModule[0]]] + $oneModule[1];
}
$userNRecords = $userNRecords + $oneModule[1];
}
}
if ($moduleName != '') {
$moduleId = ModUtil::getIdFromName($moduleName);
if ((strpos($oneUser[1], $moduleId . '=') !== false && strpos($oneUser[1], $moduleId . '=') == 0) || strpos($oneUser[1], '#' . $moduleId . '=') !== false) {
// get the number of views
$pos = strpos($oneUser[1], $moduleId . '=');
if ($pos != 0) {
$pos = strpos($oneUser[1], '#' . $moduleId . '=');
}
$preString = substr($oneUser[1], $pos);
//print $preString . '<br />';
if ($pos != 0) {
$preString = substr($preString, 1);
}
$pos = strpos($preString, '#');
$preString = ($pos == 0) ? $preString : substr($preString, 0, $pos);
$num = explode('=', $preString);
if (!array_key_exists($oneUser[0], $usersForModule)) {
$usersForModule[$oneUser[0]] = $num[1];
$usersList .= $oneUser[0] . '$$';
} else {
$usersForModule[$oneUser[0]] = $usersForModule[$oneUser[0]] + $num[1];
}
}
}
}
$modules = explode('$$', substr($record['modules'], 1, -1)); // substr to remove $ in the begining and the end of the string
foreach ($modules as $module) {
$oneModule = explode('|', $module);
if (isset($modulesNames[$oneModule[0]])) {
if (!array_key_exists($modulesNames[$oneModule[0]], $moduleStatsArray)) {
$moduleStatsArray[$modulesNames[$oneModule[0]]] = $oneModule[1];
} else {
$moduleStatsArray[$modulesNames[$oneModule[0]]] = $moduleStatsArray[$modulesNames[$oneModule[0]]] + $oneModule[1];
}
}
}
}
ksort($userModulesArray);
if ($uid > 0) {
$userArray = array('nRecords' => $userNRecords,
'userModulesArray' => $userModulesArray,
);
}
ksort($moduleStatsArray);
if ($uid > 0) {
$sv = ModUtil::func('IWmain', 'user', 'genSecurityValue');
$userName = ModUtil::func('IWmain', 'user', 'getUserInfo', array('info' => 'ncc',
'sv' => $sv,
'uid' => $uid));
}
if ($moduleName != '') {
$sv = ModUtil::func('IWmain', 'user', 'genSecurityValue');
$users = ModUtil::func('IWmain', 'user', 'getAllUsersInfo', array('info' => 'ncc',
'sv' => $sv,
'list' => $usersList,
));
$users[0] = $this->__('Unregistered');
}
return $this->view->assign('users', $users)
->assign('nRecords', $nRecords)
->assign('nusers', $nusers)
->assign('userName', $userName)
->assign('usersIpCounter', $usersIpCounter)
->assign('modulesNames', $modulesNames)
->assign('modulesArray', $modulesArray)
->assign('moduleName', $moduleName)
->assign('uname', $uname)
->assign('fromDate', $fromDate)
->assign('toDate', $toDate)
->assign('userArray', $userArray)
->assign('maxDate', date('Ymd', time()))
->assign('usersForModule', $usersForModule)
->assign('moduleStatsArray', $moduleStatsArray)
->fetch('IWstats_admin_stats.htm');
}
/**
*
*/
public static function modifyPostings($userid)
{
$view = new Zikula_Request_Http();
$postingid = $view->query->filter('id', 0, FILTER_SANITIZE_STRING);
$postingids = SessionUtil::getVar('muboardpostingids');
if (count($postingids) > 0 && is_array($postingids)) {
if (in_array($postingid, $postingids)) {
$pos = array_search($postingid, $postingids);
unset($postingids[$pos]);
}
}
if (count($postingids) > 0) {
SessionUtil::setVar('muboardpostingids', $postingids);
} else {
SessionUtil::delVar('muboardpostingids');
}
}
/**
* Selects a list of objects with a given where clause and pagination parameters.
*
* @param string $where The where clause to use when retrieving the collection (optional) (default='').
* @param string $orderBy The order-by clause to use when retrieving the collection (optional) (default='').
* @param integer $currentPage Where to start selection
* @param integer $resultsPerPage Amount of items to select
* @param boolean $useJoins Whether to include joining related objects (optional) (default=true).
* @param boolean $slimMode If activated only some basic fields are selected without using any joins (optional) (default=false).
*
* @return Array with retrieved collection and amount of total records affected by this query.
*/
public function selectWherePaginated($where = '', $orderBy = '', $currentPage = 1, $resultsPerPage = 25, $useJoins = true, $slimMode = false)
{
$qb = $this->genericBaseQuery($where, $orderBy, $useJoins, $slimMode);
$page = $currentPage;
// check if we have any filters set
$parameters = $this->getViewQuickNavParameters('', array());
$hasFilters = false;
foreach ($parameters as $k => $v) {
if (!is_numeric($v) && $v != '' || is_numeric($v) && $v > 0) {
$hasFilters = true;
break;
}
}
if (!$hasFilters) {
if ($page > 1 || isset($_GET['pos'])) {
// store current page in session
SessionUtil::setVar('MUVideoMoviesCurrentPage', $page);
} else {
// restore current page from session
$page = SessionUtil::getVar('MUVideoMoviesCurrentPage', 1);
System::queryStringSetVar('pos', $page);
}
}
list($query, $count) = $this->getSelectWherePaginatedQuery($qb, $page, $resultsPerPage);
$result = $this->retrieveCollectionResult($query, $orderBy, true);
return array($result, $count);
}
/**
* edit category for a simple, non-recursive set of categories
*/
public function edit()
{
$docroot = FormUtil::getPassedValue('dr', 0);
$cid = FormUtil::getPassedValue('cid', 0);
$url = ModUtil::url('Categories', 'user', 'edit', array('dr' => $docroot));
if (!SecurityUtil::checkPermission('Categories::category', "ID::$docroot", ACCESS_EDIT)) {
return LogUtil::registerPermissionError($url);
}
$referer = System::serverGetVar('HTTP_REFERER');
if (strpos($referer, 'module=Categories') === false) {
SessionUtil::setVar('categories_referer', $referer);
}
$rootCat = array();
$allCats = array();
$editCat = array();
if (!$docroot) {
return LogUtil::registerError($this->__("Error! The URL contains an invalid 'document root' parameter."), null, $url);
}
if ($docroot == 1) {
return LogUtil::registerError($this->__("Error! The root directory cannot be modified in 'user' mode"), null, $url);
}
if (is_int((int)$docroot) && $docroot > 0) {
$rootCat = CategoryUtil::getCategoryByID($docroot);
} else {
$rootCat = CategoryUtil::getCategoryByPath($docroot);
if (!$rootCat) {
$rootCat = CategoryUtil::getCategoryByPath($docroot, 'ipath');
}
}
// now check if someone is trying edit another user's categories
$userRoot = $this->getVar('userrootcat', 0);
if ($userRoot) {
$userRootCat = CategoryUtil::getCategoryByPath($userRoot);
if ($userRootCat) {
$userRootCatIPath = $userRootCat['ipath'];
$rootCatIPath = $rootCat['ipath'];
if (strpos($rootCatIPath, $userRootCatIPath) !== false) {
if (!SecurityUtil::checkPermission('Categories::category', "ID::$docroot", ACCESS_ADMIN)) {
$thisUserRootCategoryName = ModUtil::apiFunc('Categories', 'user', 'getusercategoryname');
$thisUserRootCatPath = $userRootCat['path'] . '/' . $thisUserRootCategoryName;
$userRootCatPath = $userRootCat['path'];
$rootCatPath = $rootCat['path'];
if (strpos($rootCatPath, $userRootCatPath) === false) {
//! %s represents the root path (id), passed in the url
return LogUtil::registerError($this->__f("Error! It looks like you are trying to edit another user's categories. Only site administrators can do that (%s).", $docroot), null, $url);
}
}
}
}
}
if ($cid) {
$editCat = CategoryUtil::getCategoryByID($cid);
if ($editCat['is_locked']) {
//! %1$s is the id, %2$s is the name
return LogUtil::registerError($this->__f('Notice: The administrator has locked the category \'%2$s\' (ID \'%$1s\'). You cannot edit or delete it.', array($cid, $editCat['name'])), null, $url);
}
}
if (!$rootCat) {
return LogUtil::registerError($this->__f("Error! Cannot access root directory (%s).", $docroot), null, $url);
}
if ($editCat && !$editCat['is_leaf']) {
return LogUtil::registerError($this->__f('Error! The specified category is not a leaf-level category (%s).', $cid), null, $url);
}
if ($editCat && !CategoryUtil::isDirectSubCategory($rootCat, $editCat)) {
return LogUtil::registerError($this->__f('Error! The specified category is not a child of the document root (%1$s; %2$s).', array($docroot, $cid)), null, $url);
}
$allCats = CategoryUtil::getSubCategoriesForCategory($rootCat, false, false, false, true, true);
$attributes = isset($editCat['__ATTRIBUTES__']) ? $editCat['__ATTRIBUTES__'] : array();
$languages = ZLanguage::getInstalledLanguages();
$this->view->setCaching(Zikula_View::CACHE_DISABLED);
return $this->view->assign('rootCat', $rootCat)
->assign('category', $editCat)
->assign('attributes', $attributes)
->assign('allCats', $allCats)
->assign('languages', $languages)
->assign('userlanguage', ZLanguage::getLanguageCode())
->assign('referer', SessionUtil::getVar('categories_referer'))
->fetch('categories_user_edit.tpl');
}
/**
* Create a comment for a specific item
*
* This is a standard function that is called with the results of the
* form supplied by EZComments_user_view to create a new item
*
* @param $comment the comment (taken from HTTP put)
* @param $mod the name of the module the comment is for (taken from HTTP put)
* @param $objectid ID of the item the comment is for (taken from HTTP put)
* @param $redirect URL to return to (taken from HTTP put)
* @param $subject The subject of the comment (if any) (taken from HTTP put)
* @param $replyto The ID of the comment for which this an anser to (taken from HTTP put)
* @since 0.1
*/
public function create($args)
{
$mod = isset($args['mod']) ? $args['mod'] : FormUtil::getPassedValue('mod', null, 'POST');
$objectid = isset($args['objectid']) ? $args['objectid'] : FormUtil::getPassedValue('objectid', null, 'POST');
$areaid = isset($args['areaid']) ? $args['areaid'] : FormUtil::getPassedValue('areaid', null, 'POST');
$comment = isset($args['comment']) ? $args['comment'] : FormUtil::getPassedValue('comment', null, 'POST');
$subject = isset($args['subject']) ? $args['subject'] : FormUtil::getPassedValue('subject', null, 'POST');
$replyto = isset($args['replyto']) ? $args['replyto'] : FormUtil::getPassedValue('replyto', null, 'POST');
$owneruid = isset($args['owneruid']) ? $args['owneruid'] : FormUtil::getPassedValue('owneruid', null, 'POST');
$redirect = isset($args['redirect']) ? $args['redirect'] : FormUtil::getPassedValue('redirect', null, 'POST');
$useurl = isset($args['useurl']) ? $args['useurl'] : FormUtil::getPassedValue('useurl', null, 'POST');
// check if the user logged in and if we're allowing anon users to
// set a name and email address
if (!UserUtil::isLoggedIn()) {
$anonname = isset($args['anonname']) ? $args['anonname'] : FormUtil::getPassedValue('anonname', null, 'POST');
$anonmail = isset($args['anonmail']) ? $args['anonmail'] : FormUtil::getPassedValue('anonmail', null, 'POST');
$anonwebsite = isset($args['anonwebsite']) ? $args['anonwebsite'] : FormUtil::getPassedValue('anonwebsite', null, 'POST');
} else {
$anonname = '';
$anonmail = '';
$anonwebsite = '';
}
if (!isset($owneruid) || !($owneruid > 1)) {
$owneruid = 0;
}
$redirect = str_replace('&', '&', base64_decode($redirect));
$redirect = !empty($redirect) ? $redirect : System::serverGetVar('HTTP_REFERER');
$useurl = base64_decode($useurl);
// save the submitted data if any error occurs
$ezcomment = unserialize(SessionUtil::getVar('ezcomment', 'a:0:{}'));
if (isset($ezcomment[$mod][$objectid])) {
unset($ezcomment[$mod][$objectid]);
}
if (!empty($subject)) {
$ezcomment[$mod][$objectid]['subject'] = $subject;
}
if (!empty($comment)) {
$ezcomment[$mod][$objectid]['comment'] = $comment;
}
if (!empty($anonname)) {
$ezcomment[$mod][$objectid]['anonname'] = $anonname;
}
if (!empty($anonmail)) {
$ezcomment[$mod][$objectid]['anonmail'] = $anonmail;
}
if (!empty($anonwebsite)) {
$ezcomment[$mod][$objectid]['anonwebsite'] = $anonwebsite;
}
// Confirm authorisation code
// check csrf token
SessionUtil::setVar('ezcomment', serialize($ezcomment));
$this->checkCsrfToken();
SessionUtil::delVar('ezcomment');
// and check we've actually got a comment....
if (empty($comment)) {
SessionUtil::setVar('ezcomment', serialize($ezcomment));
return LogUtil::registerError($this->__('Error! The comment contains no text.'), null, $redirect . "#commentform_{$mod}_{$objectid}");
}
// Check hooked modules for validation
$hookvalidators = $this->notifyHooks(new Zikula_ValidationHook('ezcomments.ui_hooks.comments.validate_edit', new Zikula_Hook_ValidationProviders()))->getValidators();
if ($hookvalidators->hasErrors()) {
SessionUtil::setVar('ezcomment', serialize($ezcomment));
return LogUtil::registerError($this->__('Error! The hooked content does not validate. Could it possibly be that a captcha code was entered incorrectly?'), null, $redirect . "#commentform_{$mod}_{$objectid}");
}
// now parse out the hostname+subfolder from the url for storing in the DB
$url = str_replace(System::getBaseUri(), '', $useurl);
$id = ModUtil::apiFunc('EZComments', 'user', 'create', array('mod' => $mod, 'objectid' => $objectid, 'areaid' => $areaid, 'url' => $url, 'comment' => $comment, 'subject' => $subject, 'replyto' => $replyto, 'uid' => UserUtil::getVar('uid'), 'owneruid' => $owneruid, 'useurl' => $useurl, 'redirect' => $redirect, 'anonname' => $anonname, 'anonmail' => $anonmail, 'anonwebsite' => $anonwebsite));
if ($id) {
// clear respective cache
ModUtil::apiFunc('EZComments', 'user', 'clearItemCache', array('id' => $id, 'modname' => $mod, 'objectid' => $objectid, 'url' => $url));
} else {
// redirect if it was not successful
SessionUtil::setVar('ezcomment', $ezcomment);
System::redirect($redirect . "#commentform_{$mod}_{$objectid}");
}
// clean/set the session data
if (isset($ezcomment[$mod][$objectid])) {
unset($ezcomment[$mod][$objectid]);
if (empty($ezcomment[$mod])) {
unset($ezcomment[$mod]);
}
}
if (empty($ezcomment)) {
SessionUtil::delVar('ezcomment');
} else {
SessionUtil::setVar('ezcomment', serialize($ezcomment));
}
return System::redirect($redirect . '#comment' . $id);
}
/**
* View all blocks.
*
* @return string HTML output string.
*/
public function view()
{
// Security check
if (!SecurityUtil::checkPermission('Blocks::', '::', ACCESS_EDIT)) {
return LogUtil::registerPermissionError();
}
$sfilter = SessionUtil::getVar('filter', array(), '/Blocks');
$filter = FormUtil::getPassedValue('filter', $sfilter);
$clear = FormUtil::getPassedValue('clear', 0);
if ($clear) {
$filter = array();
SessionUtil::setVar('filter', $filter, '/Blocks');
}
// sort and sortdir GET parameters override filter values
$sort = isset($filter['sort']) && !empty($filter['sort']) ? strtolower($filter['sort']) : 'bid';
$sortdir = isset($filter['sortdir']) && !empty($filter['sortdir']) ? strtoupper($filter['sortdir']) : 'ASC';
$filter['sort'] = FormUtil::getPassedValue('sort', $sort, 'GET');
$filter['sortdir'] = FormUtil::getPassedValue('sortdir', $sortdir, 'GET');
if ($filter['sortdir'] != 'ASC' && $filter['sortdir'] != 'DESC') {
$filter['sortdir'] = 'ASC';
}
$filter['blockposition_id'] = isset($filter['blockposition_id']) ? $filter['blockposition_id'] : 0;
$filter['modid'] = isset($filter['modid']) ? $filter['modid'] : 0;
$filter['language'] = isset($filter['language']) ? $filter['language'] : '';
$filter['active_status'] = isset($filter['active_status']) ? $filter['active_status'] : 0;
// generate an authorisation key for the links
$token = SecurityUtil::generateCsrfToken($this->serviceManager, true);
// set some default variables
$rownum = 1;
$lastpos = '';
// Get all blocks
$blocks = ModUtil::apiFunc('Blocks', 'user', 'getall', $filter);
// we can easily count the number of blocks using count() rather than
// calling the api function
$numrows = count($blocks);
// create an empty arrow to hold the processed items
$blockitems = array();
// get all possible block positions
$blockspositions = ModUtil::apiFunc('Blocks', 'user', 'getallpositions');
// build assoc array for easier usage later on
foreach ($blockspositions as $blocksposition) {
$allbposarray[$blocksposition['pid']] = $blocksposition['name'];
}
// loop round each item calculating the additional information
$blocksitems = array();
foreach ($blocks as $key => $block) {
// set the module that holds the block
$modinfo = ModUtil::getInfo($block['mid']);
$block['modname'] = $modinfo['displayname'];
// set the blocks language
if (empty($block['language'])) {
$block['language'] = $this->__('All');
} else {
$block['language'] = ZLanguage::getLanguageName($block['language']);
}
$thisblockspositions = ModUtil::apiFunc('Blocks', 'user', 'getallblockspositions', array('bid' => $block['bid']));
$bposarray = array();
foreach ($thisblockspositions as $singleblockposition) {
$bposarray[] = $allbposarray[$singleblockposition['pid']];
}
$block['positions'] = implode(', ', $bposarray);
unset($bposarray);
// calculate what options the user has over this block
$block['options'] = array();
if ($block['active']) {
$block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'deactivate', array('bid' => $block['bid'], 'csrftoken' => $token)), 'image' => 'folder_grey.png', 'title' => $this->__f('Deactivate \'%s\'', $block['title']), 'noscript' => true);
} else {
$block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'activate', array('bid' => $block['bid'], 'csrftoken' => $token)), 'image' => 'folder_green.png', 'title' => $this->__f('Activate \'%s\'', $block['title']), 'noscript' => true);
}
$block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'modify', array('bid' => $block['bid'])), 'image' => 'xedit.png', 'title' => $this->__f('Edit \'%s\'', $block['title']), 'noscript' => false);
$block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'delete', array('bid' => $block['bid'])), 'image' => '14_layer_deletelayer.png', 'title' => $this->__f('Delete \'%s\'', $block['title']), 'noscript' => false);
$blocksitems[] = $block;
}
$this->view->assign('blocks', $blocksitems);
// get the block positions
$items = ModUtil::apiFunc('Blocks', 'user', 'getallpositions');
// Loop through each returned item adding in the options that the user has over the item
foreach ($items as $key => $item) {
if (SecurityUtil::checkPermission('Blocks::', "{$item['name']}::", ACCESS_READ)) {
$options = array();
if (SecurityUtil::checkPermission('Blocks::', "{$item['name']}::\$", ACCESS_EDIT)) {
$options[] = array('url' => ModUtil::url('Blocks', 'admin', 'modifyposition', array('pid' => $item['pid'])), 'image' => 'xedit.png', 'title' => $this->__f('Edit blockposition \'%s\'', $item['name']));
if (SecurityUtil::checkPermission('Blocks::', "{$item['name']}::", ACCESS_DELETE)) {
$options[] = array('url' => ModUtil::url('Blocks', 'admin', 'deleteposition', array('pid' => $item['pid'])), 'image' => '14_layer_deletelayer.png', 'title' => $this->__f('Delete blockposition \'%s\'', $item['name']));
}
}
// Add the calculated menu options to the item array
$items[$key]['options'] = $options;
}
}
// Assign the items to the template
ksort($items);
$this->view->assign('positions', $items);
$this->view->assign('filter', $filter)->assign('sort', $filter['sort'])->assign('sortdir', $filter['sortdir']);
// Return the output that has been generated by this function
return $this->view->fetch('blocks_admin_view.tpl');
}
/**
* Perform the search.
*
* @param string $args['g'] query string to search
* @param bool $args['firstPage'] is this first search attempt? is so - basic search is performed
* @param string $args['searchtype'] (optional) search type (default='AND')
* @param string $args['searchorder'] (optional) search order (default='newest')
* @param int $args['numlimit'] (optional) number of items to return (default value based on Search settings, -1 for no limit)
* @param int $args['page'] (optional) page number (default=1)
* @param array $args['active'] (optional) array of search plugins to search (if empty all plugins are used)
* @param array $args['modvar'] (optional) array with extrainfo for search plugins
*
* @return array array of items array and result count, or false on failure
*/
public function search($args)
{
// query string and firstPage params are required
if (!isset($args['q']) || empty($args['q']) || !isset($args['firstPage'])) {
return LogUtil::registerArgsError();
}
$vars = array();
$vars['q'] = $args['q'];
$vars['searchtype'] = isset($args['searchtype']) && !empty($args['searchtype']) ? $args['searchtype'] : 'AND';
$vars['searchorder'] = isset($args['searchorder']) && !empty($args['searchorder']) ? $args['searchorder'] : 'newest';
$vars['numlimit'] = isset($args['numlimit']) && !empty($args['numlimit']) ? $args['numlimit'] : $this->getVar('itemsperpage', 25);
$vars['page'] = isset($args['page']) && !empty($args['page']) ? (int)$args['page'] : 1;
$firstPage = isset($args['firstPage']) ? $args['firstPage'] : false;
$active = isset($args['active']) && is_array($args['active']) && !empty($args['active']) ? $args['active'] : array();
$modvar = isset($args['modvar']) && is_array($args['modvar']) && !empty($args['modvar']) ? $args['modvar'] : array();
// work out row index from page number
$vars['startnum'] = $vars['numlimit'] > 0 ? (($vars['page'] - 1) * $vars['numlimit']) + 1 : 1;
// Load database stuff
ModUtil::dbInfoLoad('Search');
$dbtable = DBUtil::getTables();
$userId = (int)UserUtil::getVar('uid');
$searchTable = $dbtable['search_result'];
$searchColumn = $dbtable['search_result_column'];
// Create restriction on result table (so user only sees own results)
$userResultWhere = "$searchColumn[session] = '" . session_id() . "'";
// Do all the heavy database stuff on the first page only
if ($firstPage) {
// Clear current search result for current user - before showing the first page
// Clear also older searches from other users.
$dbDriverName = strtolower(Doctrine_Manager::getInstance()->getCurrentConnection()->getDriverName());
$where = $userResultWhere;
if ($dbDriverName == 'pgsql') {
$where .= " OR $searchColumn[found] + INTERVAL '8 HOUR' < NOW()";
} else {
$where .= " OR DATE_ADD($searchColumn[found], INTERVAL 8 HOUR) < NOW()";
}
DBUtil::deleteWhere('search_result', $where);
// get all the search plugins
$search_modules = ModUtil::apiFunc('Search', 'user', 'getallplugins');
// Ask active modules to find their items and put them into $searchTable for the current user
// At the same time convert modules list from numeric index to modname index
$searchModulesByName = array();
foreach ($search_modules as $mod) {
// check we've a valid search plugin
if (isset($mod['functions']) && (empty($active) || isset($active[$mod['title']]))) {
foreach ($mod['functions'] as $contenttype => $function) {
if (isset($modvar[$mod['title']])) {
$param = array_merge($vars, $modvar[$mod['title']]);
} else {
$param = $vars;
}
$searchModulesByName[$mod['name']] = $mod;
$ok = ModUtil::apiFunc($mod['title'], 'search', $function, $param);
if (!$ok) {
LogUtil::registerError($this->__f('Error! \'%1$s\' module returned false in search function \'%2$s\'.', array($mod['title'], $function)));
return System::redirect(ModUtil::url('Search', 'user', 'main'));
}
}
}
}
// Count number of found results
$resultCount = DBUtil::selectObjectCount('search_result', $userResultWhere);
SessionUtil::setVar('searchResultCount', $resultCount);
SessionUtil::setVar('searchModulesByName', $searchModulesByName);
} else {
$resultCount = SessionUtil::getVar('searchResultCount');
$searchModulesByName = SessionUtil::getVar('searchModulesByName');
}
// Fetch search result - do sorting and paging in database
// Figure out what to sort by
switch ($args['searchorder']) {
case 'alphabetical':
$sort = 'title';
break;
case 'oldest':
$sort = 'created';
break;
case 'newest':
$sort = 'created DESC';
break;
default:
$sort = 'title';
break;
}
// Get next N results from the current user's result set
// The "checker" object is used to:
// 1) do secondary access control (deprecated more or less)
// 2) let the modules add "url" to the found (and viewed) items
$checker = new search_result_checker($searchModulesByName);
$sqlResult = DBUtil::selectObjectArrayFilter('search_result', $userResultWhere, $sort,
$vars['startnum'] - 1, $vars['numlimit'], '',
$checker, null);
// add displayname of modules found
$cnt = count($sqlResult);
for ($i = 0; $i < $cnt; $i++) {
$modinfo = ModUtil::getInfoFromName($sqlResult[$i]['module']);
$sqlResult[$i]['displayname'] = $modinfo['displayname'];
}
$result = array(
'resultCount' => $resultCount,
'sqlResult' => $sqlResult
);
return $result;
}
/**
* This is a standard function that is called with the results of the
* form supplied by News_admin_newitem() or News_user_newitem to create
* a new item.
*
* @author Mark West
* @param string 'title' the title of the news item
* @param string 'language' the language of the news item
* @param string 'hometext' the summary text of the news item
* @param int 'hometextcontenttype' the content type of the summary text
* @param string 'bodytext' the body text of the news item
* @param int 'bodytextcontenttype' the content type of the body text
* @param string 'notes' any administrator notes
* @param int 'published_status' the published status of the item
* @param int 'displayonindex' display the article on the index page
* @return bool true
*/
public function create($args)
{
// Get parameters from whatever input we need
$story = FormUtil::getPassedValue('story', isset($args['story']) ? $args['story'] : null, 'POST');
$files = News_ImageUtil::reArrayFiles(FormUtil::getPassedValue('news_files', null, 'FILES'));
// Create the item array for processing
$item = array(
'title' => $story['title'],
'urltitle' => isset($story['urltitle']) ? $story['urltitle'] : '',
'__CATEGORIES__' => isset($story['__CATEGORIES__']) ? $story['__CATEGORIES__'] : null,
'__ATTRIBUTES__' => isset($story['attributes']) ? News_Util::reformatAttributes($story['attributes']) : null,
'language' => isset($story['language']) ? $story['language'] : '',
'hometext' => isset($story['hometext']) ? $story['hometext'] : '',
'hometextcontenttype' => $story['hometextcontenttype'],
'bodytext' => isset($story['bodytext']) ? $story['bodytext'] : '',
'bodytextcontenttype' => $story['bodytextcontenttype'],
'notes' => $story['notes'],
'displayonindex' => isset($story['displayonindex']) ? $story['displayonindex'] : 0,
'allowcomments' => isset($story['allowcomments']) ? $story['allowcomments'] : 0,
'from' => isset($story['from']) ? $story['from'] : null,
'tonolimit' => isset($story['tonolimit']) ? $story['tonolimit'] : null,
'to' => isset($story['to']) ? $story['to'] : null,
'unlimited' => isset($story['unlimited']) && $story['unlimited'] ? true : false,
'weight' => isset($story['weight']) ? $story['weight'] : 0,
'action' => isset($story['action']) ? $story['action'] : self::ACTION_PREVIEW,
'sid' => isset($story['sid']) ? $story['sid'] : null,
'tempfiles' => isset($story['tempfiles']) ? $story['tempfiles'] : null,
'del_pictures' => isset($story['del_pictures']) ? $story['del_pictures'] : null,
);
// convert user times to server times (TZ compensation) refs #181
// can't do the below because values are YYYY-MM-DD HH:MM:SS and DateUtil value is in seconds.
// $item['from'] = $item['from'] + DateUtil::getTimezoneUserDiff();
// $item['to'] = $item['to'] + DateUtil::getTimezoneUserDiff();
// Disable the non accessible fields for non editors
if (!SecurityUtil::checkPermission('News::', '::', ACCESS_ADD)) {
$item['notes'] = '';
$item['displayonindex'] = 1;
$item['allowcomments'] = 1;
$item['from'] = null;
$item['tonolimit'] = true;
$item['to'] = null;
$item['unlimited'] = true;
$item['weight'] = 0;
if ($item['action'] > self::ACTION_SUBMIT) {
$item['action'] = self::ACTION_PREVIEW;
}
}
// Validate the input
$validationerror = News_Util::validateArticle($item);
// check hooked modules for validation
$sid = isset($item['sid']) ? $item['sid'] : null;
$hookvalidators = $this->notifyHooks(new Zikula_ValidationHook('news.ui_hooks.articles.validate_edit', new Zikula_Hook_ValidationProviders()))->getValidators();
if ($hookvalidators->hasErrors()) {
$validationerror .= $this->__('Error! Hooked content does not validate.') . "\n";
}
// get all module vars
$modvars = $this->getVars();
if (isset($files) && $modvars['picupload_enabled']) {
list($files, $item) = News_ImageUtil::validateImages($files, $item);
} else {
$item['pictures'] = 0;
}
// story was previewed with uploaded pics
if (isset($item['tempfiles'])) {
$tempfiles = unserialize($item['tempfiles']);
// delete files if requested
if (isset($item['del_pictures'])) {
foreach ($tempfiles as $key => $file) {
if (in_array($file['name'], $item['del_pictures'])) {
unset($tempfiles[$key]);
News_ImageUtil::removePreviewImages(array($file));
}
}
}
$files = array_merge($files, $tempfiles);
$item['pictures'] += count($tempfiles);
}
// if the user has selected to preview the article we then route them back
// to the new function with the arguments passed here
if ($item['action'] == self::ACTION_PREVIEW || $validationerror !== false) {
// log the error found if any
if ($validationerror !== false) {
LogUtil::registerError(nl2br($validationerror));
}
if ($item['pictures'] > 0) {
$tempfiles = News_ImageUtil::tempStore($files);
$item['tempfiles'] = serialize($tempfiles);
}
// back to the referer form
SessionUtil::setVar('newsitem', $item);
$this->redirect(ModUtil::url('News', 'user', 'newitem'));
} else {
// As we're not previewing the item let's remove it from the session
SessionUtil::delVar('newsitem');
}
// Confirm authorization code.
$this->checkCsrfToken();
if (!isset($item['sid']) || empty($item['sid'])) {
// Create the news story
$sid = ModUtil::apiFunc('News', 'user', 'create', $item);
if ($sid != false) {
// Success
LogUtil::registerStatus($this->__('Done! Created new article.'));
// Let any hooks know that we have created a new item
$this->notifyHooks(new Zikula_ProcessHook('news.ui_hooks.articles.process_edit', $sid, new Zikula_ModUrl('News', 'User', 'display', ZLanguage::getLanguageCode(), array('sid' => $sid))));
$this->notify($item); // send notification email
} else {
// fail! story not created
throw new Zikula_Exception_Fatal($this->__('Story not created for unknown reason (Api failure).'));
return false;
}
} else {
// update the draft
$result = ModUtil::apiFunc('News', 'admin', 'update', $item);
if ($result) {
LogUtil::registerStatus($this->__('Story Updated.'));
} else {
// fail! story not updated
throw new Zikula_Exception_Fatal($this->__('Story not updated for unknown reason (Api failure).'));
return false;
}
}
// clear respective cache
ModUtil::apiFunc('News', 'user', 'clearItemCache', $item);
if (isset($files) && $modvars['picupload_enabled']) {
$resized = News_ImageUtil::resizeImages($sid, $files); // resize and move the uploaded pics
if (isset($item['tempfiles'])) {
News_ImageUtil::removePreviewImages($tempfiles); // remove any preview images
}
LogUtil::registerStatus($this->_fn('%1$s out of %2$s picture was uploaded and resized.', '%1$s out of %2$s pictures were uploaded and resized.', $item['pictures'], array($resized, $item['pictures'])));
if (($item['action'] >= self::ACTION_SAVEDRAFT) && ($resized <> $item['pictures'])) {
LogUtil::registerStatus($this->_fn('Article now has draft status, since the picture was not uploaded.', 'Article now has draft status, since not all pictures were uploaded.', $item['pictures'], array($resized, $item['pictures'])));
}
}
// release pagelock
if (ModUtil::available('PageLock')) {
ModUtil::apiFunc('PageLock', 'user', 'releaseLock', array('lockName' => "Newsnews{$item['sid']}"));
}
if ($item['action'] == self::ACTION_SAVEDRAFT_RETURN) {
SessionUtil::setVar('newsitem', $item);
$this->redirect(ModUtil::url('News', 'user', 'newitem'));
}
$this->redirect(ModUtil::url('News', 'user', 'view'));
}
//
$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);
//
// End session management
//
// Begin PNphpBB2 Module - Minimize/Maximize Mod
if (isset($_GET['minmax']) || isset($_POST['minmax']) && $board_config['pnphpbb2_allow_full_page'] == 1) {
$fullpage = intval(isset($_POST['minmax']) ? $_POST['minmax'] : $_GET['minmax']);
SessionUtil::setVar('fullpage', $fullpage == 1 ? 1 : 0);
}
// End PNphpBB2 Module - Minimize/Maximize Mod
// Begin PNphpBB2 Module - Sub-Category/forum switch mod
if (isset($_GET['subforum']) || isset($_POST['subforum']) && $board_config['pnphpbb2_allow_sub_change'] == 1) {
$subforum = isset($_POST['subforum']) ? $_POST['subforum'] : $_GET['subforum'];
SessionUtil::setVar('subforum', $subforum);
}
// End PNphpBB2 Module - Sub-Category/forum switch mod
$viewcat = !empty($_GET[POST_CAT_URL]) && is_numeric($_GET[POST_CAT_URL]) ? $_GET[POST_CAT_URL] : -1;
if (isset($_GET['mark']) || isset($_POST['mark'])) {
$mark_read = isset($_POST['mark']) ? $_POST['mark'] : $_GET['mark'];
} else {
$mark_read = '';
}
//
// Handle marking posts
//
if ($mark_read == 'forums') {
// Begin PNphpBB2 Categories Hierarchie Mod
if ($viewcat < 0) {
// End PNphpBB2 Categories Hierarchie Mod
/**
* Generate auth key.
*
* @param string $modname Module name.
*
* @deprecated since 1.3.0
*
* @return string An encrypted key for use in authorisation of operations.
*/
public static function generateAuthKey($modname = '')
{
// Ugly hack for Zikula_Response_Ajax which for BC reasons needs to add authid to response
// So when this method is called by Zikula_Response_Ajax or Zikula_Response_Ajax_Error class
// do not mark it as deprecated.
$trace = debug_backtrace(false);
if (!isset($trace[1]['class']) || !in_array($trace[1]['class'], array('Zikula_Response_Ajax', 'Zikula_Response_Ajax_Error'))) {
LogUtil::log(__f('Warning! Static call %1$s is deprecated. Please use %2$s instead.', array('SecurityUtil::generateAuthKey()', 'SecurityUtil::generateCsrfToken()')), E_USER_DEPRECATED);
}
// since we need sessions for authorisation keys we should check
// if a session exists and if not create one
SessionUtil::requireSession();
if (empty($modname)) {
$modname = ModUtil::getName();
}
// Remove from 1.4
if (System::isLegacyMode() && $modname == 'Modules') {
LogUtil::log(__('Warning! "Modules" module has been renamed to "Extensions". Please update any generateAuthKey calls in PHP or templates.'));
$modname = 'ZikulaExtensionsModule';
}
// get the module info
$modinfo = ModUtil::getInfoFromName($modname);
$modname = strtolower($modinfo['name']);
// get the array of randomed values per module
// and generate the one of the current module if doesn't exist
$rand_arr = SessionUtil::getVar('rand');
if (!isset($rand_arr[$modname])) {
$rand_arr[$modname] = RandomUtil::getString(32, 40, false, true, true, false, true, true, false);
SessionUtil::setVar('rand', $rand_arr);
}
$key = $rand_arr[$modname] . $modname;
if (System::getVar('keyexpiry') > 0) {
$timestamp = time();
$authid = sha1($key . $timestamp) . $timestamp;
} else {
$authid = sha1($key);
}
// Return encrypted key
return $authid;
}
