/**
* Shows a themed error page.
* @see Kohana_Exception::handle
*/
private static function _show_themed_error_page(Exception $e)
{
// Create a text version of the exception
$error = Kohana_Exception::text($e);
// Add this exception to the log
Kohana_Log::add('error', $error);
// Manually save logs after exceptions
Kohana_Log::save();
if (!headers_sent()) {
if ($e instanceof Kohana_Exception) {
$e->sendHeaders();
} else {
header("HTTP/1.1 500 Internal Server Error");
}
}
$view = new Theme_View("page.html", "other", "error");
if ($e instanceof Kohana_404_Exception) {
$view->page_title = t("Dang... Page not found!");
$view->content = new View("error_404.html");
$user = identity::active_user();
$view->content->is_guest = $user && $user->guest;
if ($view->content->is_guest) {
$view->content->login_form = new View("login_ajax.html");
$view->content->login_form->form = auth::get_login_form("login/auth_html");
// Avoid anti-phishing protection by passing the url as session variable.
Session::instance()->set("continue_url", url::current(true));
}
} else {
$view->page_title = t("Dang... Something went wrong!");
$view->content = new View("error.html");
}
print $view;
}
/**
* @see REST_Controller::_show($resource)
*/
public function _show($album)
{
$page_size = module::get_var("gallery", "page_size", 9);
if (!access::can("view", $album)) {
if ($album->id == 1) {
$view = new Theme_View("page.html", "login");
$view->page_title = t("Log in to Gallery");
$view->content = new View("login_ajax.html");
$view->content->form = auth::get_login_form("login/auth_html");
print $view;
return;
} else {
access::forbidden();
}
}
$show = $this->input->get("show");
if ($show) {
$child = ORM::factory("item", $show);
$index = $album->get_position($child);
if ($index) {
$page = ceil($index / $page_size);
if ($page == 1) {
url::redirect($album->abs_url());
} else {
url::redirect($album->abs_url("page={$page}"));
}
}
}
$page = $this->input->get("page", "1");
$children_count = $album->viewable()->children_count();
$offset = ($page - 1) * $page_size;
$max_pages = max(ceil($children_count / $page_size), 1);
// Make sure that the page references a valid offset
if ($page < 1) {
url::redirect($album->abs_url());
} else {
if ($page > $max_pages) {
url::redirect($album->abs_url("page={$max_pages}"));
}
}
$template = new Theme_View("page.html", "album");
$template->set_global("page_size", $page_size);
$template->set_global("item", $album);
$template->set_global("children", $album->viewable()->children($page_size, $offset));
$template->set_global("children_count", $children_count);
$template->set_global("parents", $album->parents());
$template->content = new View("album.html");
// We can't use math in ORM or the query builder, so do this by hand. It's important
// that we do this with math, otherwise concurrent accesses will damage accuracy.
Database::instance()->query("UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = {$album->id}");
print $template;
}
/**
* authenticate the user
*
* @param string $url
* @return boolean
*/
private function _auth($url)
{
$form = auth::get_login_form($url);
$validform = $form->validate();
$valid = false;
if ($validform) {
// retrieve the values from the form
$name = $form->login->inputs["name"]->value;
$pass = $form->login->password->value;
// do we have a user?
$user = identity::lookup_user_by_name($name);
$validuser = empty($user) ? false : true;
// is the user authentic?
$checkpass = $this->_checkpass($name, $pass);
/*
* we are concerned with these three possibilities:
* 1. there is no valid user or no valid password
* 2. there is no valid user but a valid password
* 3. there is a valid user and a valid password
*/
// 1. there is no valid user or no valid password: error
if (!$validuser || !$checkpass) {
$form->login->inputs["name"]->add_error("invalid_login", 1);
$name = $form->login->inputs["name"]->value;
log::warning("user", t("Failed login for %name", array("name" => $name)));
module::event("user_auth_failed", $name);
}
// 2. there is no valid user but a valid password: create account if allowed
if (!$validuser && $checkpass && $this->create_account) {
$account = $this->pam_auth->getAccount();
if ($account) {
$password = md5(uniqid(mt_rand(), true));
$new_user = identity::create_user($account->name, $account->full_name, $password, $account->email);
$new_user->url = '';
$new_user->admin = false;
$new_user->guest = false;
$new_user->save();
$user = identity::lookup_user_by_name($account->name);
$validuser = empty($user) ? false : true;
}
}
// 3. there is a valid user and a valid password: load user account
if ($validuser && $checkpass) {
auth::login($user);
$valid = true;
}
}
// regenerate the session id to avoid session trapping
Session::instance()->regenerate();
return array($valid, $form);
}
private function _auth($url)
{
$form = auth::get_login_form($url);
$valid = $form->validate();
if ($valid) {
$user = identity::lookup_user_by_name($form->login->inputs["name"]->value);
if (empty($user) || !identity::is_correct_password($user, $form->login->password->value)) {
log::warning("user", t("Failed login for %name", array("name" => $form->login->inputs["name"]->value)));
$form->login->inputs["name"]->add_error("invalid_login", 1);
$valid = false;
}
}
if ($valid) {
auth::login($user);
}
// Either way, regenerate the session id to avoid session trapping
Session::instance()->regenerate();
return array($valid, $form);
}
public function view()
{
if (favourites_configuration::isUsersOnly() && identity::active_user()->name == "guest") {
//login required.
Session::instance()->set("continue_url", url::current(true));
$template = new Theme_View("page.html", "collection", "album");
$template->content = new View("login_required.html");
$template->content->login_form = new View("login_ajax.html");
$template->content->login_form->form = auth::get_login_form("login/auth_html");
print $template;
return;
}
// extract details from url
$favourites = Favourites::getOrCreate();
$favourites->clear();
$array = func_get_args();
foreach ($array as $i => $item) {
$favourites->toggle($item);
}
url::redirect("favourites");
}
padding-left: 0px;
bullet-style: none;
}
ul li {
margin-left: 0px;
}
label {
width: 60px;
display: block;
}
</style>
</head>
<body>
<h1>
<?php
echo t("Gallery - maintenance mode");
?>
</h1>
<p>
<?php
echo t("This site is currently only accessible by site administrators.");
?>
</p>
<?php
echo auth::get_login_form("login/auth_html");
?>
</body>
</html>
return;
}
try {
// Admins get a special error page
$user = identity::active_user();
if ($user && $user->admin) {
include Kohana::find_file("views", "error_admin.html");
return;
}
} catch (Exception $ignored) {
}
// Try to show a themed error page for 404 errors
if ($e instanceof Kohana_404_Exception) {
if (Router::$controller == "file_proxy") {
print "File not found";
} else {
$view = new Theme_View("page.html", "other", "error");
$view->page_title = t("Dang... Page not found!");
$view->content = new View("error_404.html");
$user = identity::active_user();
$view->content->is_guest = $user && $user->guest;
if ($view->content->is_guest) {
$view->content->login_form = new View("login_ajax.html");
$view->content->login_form->form = auth::get_login_form("login/auth_html");
}
print $view;
}
return;
}
header("HTTP/1.1 500 Internal Server Error");
include Kohana::find_file("views", "error_user.html");
