function update()
{
global $db;
//$db->delete('modstate');
$aMods = $db->selectObjects('modstate', 1);
foreach ($aMods as $key => $value) {
if (!empty($this->params['mods']) && array_key_exists($value->module, $this->params['mods'])) {
$aMods[$key]->active = $this->params['mods'][$value->module];
$db->updateObject($aMods[$key], 'modstate', "module='" . $value->module . "'");
} else {
$aMods[$key]->active = 0;
$db->updateObject($aMods[$key], 'modstate', "module='" . $value->module . "'");
}
unset($this->params['mods'][$value->module]);
}
if (!empty($this->params['mods'])) {
foreach ($this->params['mods'] as $key => $value) {
$aMod->module = $key;
$aMod->active = $value;
$db->insertObject($aMod, 'modstate');
}
}
flash("message", gt("Active Modules have been updated."));
expHistory::returnTo('editable');
}
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
$_GET['a'] = intval($_GET['a']);
$_GET['b'] = intval($_GET['b']);
$_GET['p'] = intval($_GET['p']);
$a = $db->selectObject('formbuilder_control', 'form_id=' . $_GET['p'] . ' AND rank=' . $_GET['a']);
$b = $db->selectObject('formbuilder_control', 'form_id=' . $_GET['p'] . ' AND rank=' . $_GET['b']);
if ($a && $b) {
$f = $db->selectObject('formbuilder_form', 'id=' . $a->form_id);
if (expPermissions::check('editform', unserialize($f->location_data))) {
$tmp = $a->rank;
$a->rank = $b->rank;
$b->rank = $tmp;
$db->updateObject($a, 'formbuilder_control');
$db->updateObject($b, 'formbuilder_control');
// expHistory::back();
expHistory::returnTo('editable');
} else {
echo SITE_403_HTML;
}
} else {
echo SITE_404_HTML;
}
public function save_change_password()
{
global $user, $db;
if (!$user->isAdmin() && $this->params['uid'] != $user->id) {
flash('error', gt('You do not have permissions to change this users password.'));
expHistory::back();
}
if (!$user->isAdmin() && (empty($this->params['password']) || $user->password != md5($this->params['password']))) {
flash('error', gt('The current password you entered is not correct.'));
expHistory::returnTo('editable');
}
//eDebug($user);
$u = new user($this->params['uid']);
$ret = $u->setPassword($this->params['new_password1'], $this->params['new_password2']);
//eDebug($u, true);
if (is_string($ret)) {
flash('error', $ret);
expHistory::returnTo('editable');
} else {
$u->update();
$user->password = $u->password;
}
if ($this->params['uid'] != $user->id) {
flash('message', gt('Your password for') . ' ' . $u->username . ' ' . gt('been changed.'));
} else {
flash('message', gt('Your password has been changed.'));
}
expHistory::back();
}
public function update_siteconfig()
{
foreach ($this->params['sc'] as $key => $value) {
expSettings::change($key, addslashes($value));
}
flash('message', gt("Your Website Configuration has been updated"));
// expHistory::back();
expHistory::returnTo('viewable');
}
function activate()
{
global $db;
$db->toggle('htmleditor_ckeditor', "active", 'active=1');
if ($this->params['id'] != "default") {
$active = $db->selectObject('htmleditor_ckeditor', "id=" . $this->params['id']);
$active->active = 1;
$db->updateObject($active, 'htmleditor_ckeditor', null, 'id');
}
expHistory::returnTo('manageable');
}
function renderAction(array $parms = array())
{
global $user;
//Get some info about the controller
$baseControllerName = expModules::getControllerName($parms['controller']);
$fullControllerName = expModules::getControllerClassName($parms['controller']);
$controllerClass = new ReflectionClass($fullControllerName);
// Figure out the action to use...if the specified action doesn't exist then
// we look for the index action.
if ($controllerClass->hasMethod($parms['action'])) {
$action = $parms['action'];
/* TODO: Not sure if this needs to be here. FJD
$meth = $controllerClass->getMethod($action);
if ($meth->isPrivate()) expQueue::flashAndFlow('error', 'The requested action could not be performed: Action not found');*/
} elseif ($controllerClass->hasMethod('index')) {
$action = 'index';
} elseif ($controllerClass->hasMethod('showall')) {
$action = 'showall';
} else {
expQueue::flashAndFlow('error', gt('The requested action could not be performed: Action not found'));
}
// initialize the controller.
$src = isset($parms['src']) ? $parms['src'] : null;
$controller = new $fullControllerName($src, $parms);
//Set up the template to use for this action
global $template;
$view = !empty($parms['view']) ? $parms['view'] : $action;
$template = get_template_for_action($controller, $view, $controller->loc);
// have the controller assign knowledge about itself to the template.
// this has to be done after the controller get the template for its actions
$controller->moduleSelfAwareness();
//if this controller is being called by a container then we should have a module title.
if (isset($parms['moduletitle'])) {
$template->assign('moduletitle', $parms['moduletitle']);
}
//setup some default models for this controller's actions to use
foreach ($controller->getModels() as $model) {
$controller->{$model} = new $model(null, false, false);
//added null,false,false to reduce unnecessary queries. FJD
}
// add the $_REQUEST values to the controller <- pb: took this out and passed in the params to the controller constructor above
//$controller->params = $parms;
//check the perms for this action
$perms = $controller->permissions();
//we have to treat the update permission a little different..it's tied to the create/edit
//permissions. Really the only way this will fail will be if someone bypasses the perm check
//on the edit form somehow..like a hacker trying to bypass the form and just submit straight to
//the action. To safeguard, we'll catch if the action is update and change it either to create or
//edit depending on whether an id param is passed to. that should be sufficient.
$common_action = null;
if ($parms['action'] == 'update') {
$perm_action = !isset($parms['id']) || $parms['id'] == 0 ? 'create' : 'edit';
} elseif ($parms['action'] == 'saveconfig') {
$perm_action = 'configure';
} else {
// action convention for controllers that manage more than one model (datatype).
// if you preface the name action name with a common crud action name we can check perms on
// it with the developer needing to specify any...better safe than sorry.
// i.e if the action is edit_mymodel it will be checked against the edit permission
if (stristr($parms['action'], '_')) {
$parts = explode("_", $parms['action']);
}
$common_action = isset($parts[0]) ? $parts[0] : null;
$perm_action = $parms['action'];
}
if (array_key_exists($perm_action, $perms)) {
if (!expPermissions::check($perm_action, $controller->loc)) {
if (expTheme::inAction()) {
flash('error', gt("You don't have permission to") . " " . $perms[$perm_action]);
expHistory::returnTo('viewable');
} else {
return false;
}
}
} elseif (array_key_exists($common_action, $perms)) {
if (!expPermissions::check($common_action, $controller->loc)) {
if (expTheme::inAction()) {
flash('error', gt("You don't have permission to") . " " . $perms[$common_action]);
expHistory::returnTo('viewable');
} else {
return false;
}
}
} elseif (array_key_exists($perm_action, $controller->requires_login)) {
// check if the action requires the user to be logged in
if (!$user->isLoggedIn()) {
$msg = empty($controller->requires_login[$perm_action]) ? gt("You must be logged in to perform this action") : $controller->requires_login[$perm_action];
flash('error', $msg);
expHistory::redirecto_login();
}
} elseif (array_key_exists($common_action, $controller->requires_login)) {
// check if the action requires the user to be logged in
if (!$user->isLoggedIn()) {
$msg = empty($controller->requires_login[$common_action]) ? gt("You must be logged in to perform this action") : $controller->requires_login[$common_action];
flash('error', $msg);
expHistory::redirecto_login();
}
}
// run the action
$controller->{$action}();
//register this controllers permissions to the view for in view perm checks
$template->register_permissions(array_keys($perms), $controller->loc);
// pass this controllers config off to the view
$template->assign('config', $controller->config);
// globalizing $user inside all templates
$template->assign('user', $user);
//assign the controllers basemodel to the view
$template->assign('modelname', $controller->basemodel_name);
if (empty($parms['no_output'])) {
$template->output();
} else {
$html = $template->render();
return $html;
}
//$html = $template->output();
//return $html;
}
