Exemplo n.º 1
0
 public function emailid($user_id)
 {
     // Display a form that a vistor can use to contact a registered user.
     // If this page is disabled, show a 404 error.
     if (module::get_var("contactowner", "contact_user_link") != true) {
         kohana::show_404();
     }
     // Locate the record for the user specified by $user_id,
     //   use this to determine the user's name.
     $userDetails = ORM::factory("user")->where("id", $user_id)->find_all();
     // Make a new form with a couple of text boxes.
     $form = new Forge("contactowner/sendemail", "", "post", array("id" => "gContactOwnerSendForm"));
     $sendmail_fields = $form->group("contactOwner");
     $sendmail_fields->input("email_to")->label(t("To:"))->value($userDetails[0]->name);
     $sendmail_fields->input("email_from")->label(t("From:"))->value(user::active()->email);
     $sendmail_fields->input("email_subject")->label(t("Subject:"))->value("");
     $sendmail_fields->textarea("email_body")->label(t("Message:"))->value("");
     $sendmail_fields->hidden("email_to_id")->value($user_id);
     // Add a save button to the form.
     $sendmail_fields->submit("SendMessage")->value(t("Send"));
     // Set up and display the actual page.
     $template = new Theme_View("page.html", "Contact");
     $template->content = new View("contactowner_emailform.html");
     $template->content->sendmail_form = $form;
     print $template;
 }
Exemplo n.º 2
0
 public function rename($id)
 {
     access::verify_csrf();
     $tag = ORM::factory("tag", $id);
     if (!$tag->loaded) {
         kohana::show_404();
     }
     $form = tag::get_rename_form($tag);
     $valid = $form->validate();
     if ($valid) {
         $new_name = $form->rename_tag->inputs["name"]->value;
         $new_tag = ORM::factory("tag")->where("name", $new_name)->find();
         if ($new_tag->loaded) {
             $form->rename_tag->inputs["name"]->add_error("in_use", 1);
             $valid = false;
         }
     }
     if ($valid) {
         $old_name = $tag->name;
         $tag->name = $new_name;
         $tag->save();
         $message = t("Renamed tag %old_name to %new_name", array("old_name" => $old_name, "new_name" => $tag->name));
         message::success($message);
         log::success("tags", $message);
         print json_encode(array("result" => "success", "location" => url::site("admin/tags"), "tag_id" => $tag->id, "new_tagname" => html::clean($tag->name)));
     } else {
         print json_encode(array("result" => "error", "form" => $form->__toString()));
     }
 }
Exemplo n.º 3
0
 public function rename($id)
 {
     access::verify_csrf();
     $tag = ORM::factory("tag", $id);
     if (!$tag->loaded) {
         kohana::show_404();
     }
     // Don't use a form as the form is dynamically created in the js
     $post = new Validation($_POST);
     $post->add_rules("name", "required", "length[1,64]");
     $valid = $post->validate();
     if ($valid) {
         $new_name = $this->input->post("name");
         $new_tag = ORM::factory("tag")->where("name", $new_name)->find();
         if ($new_tag->loaded) {
             $error_msg = t("There is already a tag with that name");
             $valid = false;
         }
     } else {
         $error_msg = $post->errors();
         $error_msg = $error_msg[0];
     }
     if ($valid) {
         $old_name = $tag->name;
         $tag->name = $new_name;
         $tag->save();
         $message = t("Renamed tag %old_name to %new_name", array("old_name" => $old_name, "new_name" => $tag->name));
         message::success($message);
         log::success("tags", $message);
         print json_encode(array("result" => "success", "location" => url::site("admin/tags"), "tag_id" => $tag->id, "new_tagname" => html::clean($tag->name)));
     } else {
         print json_encode(array("result" => "error", "message" => (string) $error_msg));
     }
 }
Exemplo n.º 4
0
 public function children()
 {
     if (!user::active()->admin) {
         access::forbidden();
     }
     $paths = unserialize(module::get_var("server_add", "authorized_paths"));
     $path_valid = false;
     $path = $this->input->post("path");
     $checked = $this->input->post("checked") == "true";
     foreach (array_keys($paths) as $valid_path) {
         if ($path_valid = strpos($path, $valid_path) === 0) {
             break;
         }
     }
     if (empty($path_valid)) {
         throw new Exception("@todo BAD_PATH");
     }
     if (!is_readable($path) || is_link($path)) {
         kohana::show_404();
     }
     $tree = new View("server_add_tree.html");
     $tree->data = $this->_get_children($path);
     $tree->checked = $checked;
     $tree->tree_id = "tree_" . md5($path);
     print $tree;
 }
Exemplo n.º 5
0
 public function print_proxy($type, $id)
 {
     // If its a request for the full size then make sure we are coming from an
     // authorized address
     if ($type == "full") {
         $remote_addr = ip2long($this->input->server("REMOTE_ADDR"));
         if ($remote_addr === false) {
             Kohana::show_404();
         }
         $config = Kohana::config("addthis");
         $authorized = false;
         foreach ($config["ranges"] as $ip_range) {
             $low = ip2long($ip_range["low"]);
             $high = ip2long($ip_range["high"]);
             $authorized = $low !== false && $high !== false && $low <= $remote_addr && $remote_addr <= $high;
             if ($authorized) {
                 break;
             }
         }
         if (!$authorized) {
             Kohana::show_404();
         }
     }
     $proxy = ORM::factory("addthis_proxy", array("uuid" => $id));
     if (!$proxy->loaded || !$proxy->item->loaded) {
         Kohana::show_404();
     }
     $file = $type == "full" ? $proxy->item->file_path() : $proxy->item->thumb_path();
     if (!file_exists($file)) {
         kohana::show_404();
     }
     // We don't need to save the session for this request
     Session::abort_save();
     if (!TEST_MODE) {
         // Dump out the image
         header("Content-Type: {$proxy->item}->mime_type");
         Kohana::close_buffers(false);
         $fd = fopen($file, "rb");
         fpassthru($fd);
         fclose($fd);
         // If the request was for the image and not the thumb, then delete the proxy.
         if ($type == "full") {
             $proxy->delete();
         }
     }
     $this->_clean_expired();
 }
Exemplo n.º 6
0
 public function __call($controller_name, $args)
 {
     if (request::method() == "post") {
         access::verify_csrf();
     }
     if ($controller_name == "index") {
         $controller_name = "dashboard";
     }
     $controller_name = "Admin_{$controller_name}_Controller";
     if ($args) {
         $method = array_shift($args);
     } else {
         $method = "index";
     }
     if (!method_exists($controller_name, $method)) {
         return kohana::show_404();
     }
     call_user_func_array(array(new $controller_name(), $method), $args);
 }
Exemplo n.º 7
0
 public function rename($id)
 {
     access::verify_csrf();
     $tag = ORM::factory("tag", $id);
     if (!$tag->loaded) {
         kohana::show_404();
     }
     $in_place_edit = InPlaceEdit::factory($tag->name)->action("admin/tags/rename/{$tag->id}")->rules(array("required", "length[1,64]"))->messages(array("in_use" => t("There is already a tag with that name")))->callback(array($this, "check_for_duplicate"));
     if ($in_place_edit->validate()) {
         $old_name = $tag->name;
         $tag->name = $in_place_edit->value();
         $tag->save();
         $message = t("Renamed tag %old_name to %new_name", array("old_name" => $old_name, "new_name" => $tag->name));
         message::success($message);
         log::success("tags", $message);
         print json_encode(array("result" => "success"));
     } else {
         print json_encode(array("result" => "error", "form" => $in_place_edit->render()));
     }
 }
Exemplo n.º 8
0
 public function print_proxy($type, $id)
 {
     $proxy = ORM::factory("digibug_proxy", array("uuid" => $id));
     if (!$proxy->loaded || !$proxy->item->loaded) {
         Kohana::show_404();
     }
     $file = $type == "full" ? $proxy->item->file_path() : $proxy->item->thumb_path();
     if (!file_exists($file)) {
         kohana::show_404();
     }
     // We don't need to save the session for this request
     Session::abort_save();
     // Dump out the image
     header("Content-Type: {$proxy->item}->mime_type");
     Kohana::close_buffers(false);
     $fd = fopen($file, "rb");
     fpassthru($fd);
     fclose($fd);
     // If the request was for the image and not the thumb, then delete the proxy.
     if ($type == "full") {
         $proxy->delete();
     }
     $this->_clean_expired();
 }
Exemplo n.º 9
0
 /**
  *  @see REST_Controller::_form_add($parameters)
  */
 public function _form_add($album_id)
 {
     $album = ORM::factory("item", $album_id);
     access::required("edit", $album);
     switch ($this->input->get("type")) {
         case "album":
             print album::get_add_form($album);
             break;
         case "photo":
             print photo::get_add_form($album);
             break;
         default:
             kohana::show_404();
     }
 }
 public function edit_product_form($id)
 {
     $product = ORM::factory("bp_product", $id);
     if (!$product->loaded()) {
         kohana::show_404();
     }
     $form = bp_product::get_edit_form_admin($product);
     print $form;
 }
Exemplo n.º 11
0
 /**
  *  @see REST_Controller::_form_add($parameters)
  */
 public function _form_add($album_id)
 {
     $album = ORM::factory("item", $album_id);
     access::required("view", $album);
     access::required("add", $album);
     switch ($this->input->get("type")) {
         case "album":
             print album::get_add_form($album) . html::script("modules/gallery/js/albums_form_add.js");
             break;
         case "photo":
             print photo::get_add_form($album);
             break;
         default:
             kohana::show_404();
     }
 }
Exemplo n.º 12
0
 public function __call($function, $args)
 {
     // request_uri: http://example.com/gallery3/var/trunk/albums/foo/bar.jpg
     $request_uri = $this->input->server("REQUEST_URI");
     // var_uri: http://example.com/gallery3/var/
     $var_uri = url::file("var/");
     // Make sure that the request is for a file inside var
     $offset = strpos($request_uri, $var_uri);
     if ($offset === false) {
         kohana::show_404();
     }
     $file = substr($request_uri, strlen($var_uri));
     // Make sure that we don't leave the var dir
     if (strpos($file, "..") !== false) {
         kohana::show_404();
     }
     // We only handle var/resizes and var/albums
     $paths = explode("/", $file);
     $type = $paths[0];
     if ($type != "resizes" && $type != "albums" && $type != "thumbs") {
         kohana::show_404();
     }
     // If the last element is .album.jpg, pop that off since it's not a real item
     if ($paths[count($paths) - 1] == ".album.jpg") {
         array_pop($paths);
     }
     if ($paths[count($paths) - 1] == "") {
         array_pop($paths);
     }
     // Find all items that match the level and name, then iterate over those to find a match.
     // In most cases we'll get it in one.  Note that for the level calculation, we just count the
     // size of $paths.  $paths includes the type ("thumbs", etc) but it doesn't include the root,
     // so it's a wash.
     $count = count($paths);
     $compare_file = VARPATH . $file;
     $item = null;
     foreach (ORM::factory("item")->where("name", $paths[$count - 1])->where("level", $count)->find_all() as $match) {
         if ($type == "albums") {
             $match_file = $match->file_path();
         } else {
             if ($type == "resizes") {
                 $match_file = $match->resize_path();
             } else {
                 $match_file = $match->thumb_path();
             }
         }
         if ($match_file == $compare_file) {
             $item = $match;
             break;
         }
     }
     if (!$item) {
         kohana::show_404();
     }
     // Make sure we have access to the item
     if (!access::can("view", $item)) {
         kohana::show_404();
     }
     // Make sure we have view_full access to the original
     if ($type == "albums" && !access::can("view_full", $item)) {
         kohana::show_404();
     }
     // Don't try to load a directory
     if ($type == "albums" && $item->is_album()) {
         kohana::show_404();
     }
     if (!file_exists($match_file)) {
         kohana::show_404();
     }
     // Dump out the image
     header("Content-Type: {$item->mime_type}");
     Kohana::close_buffers(false);
     $fd = fopen($match_file, "rb");
     fpassthru($fd);
     fclose($fd);
 }
Exemplo n.º 13
0
 public function edit_group_form($id)
 {
     $group = group::lookup($id);
     if (empty($group)) {
         kohana::show_404();
     }
     print $this->_get_group_edit_form_admin($group);
 }
 public function edit_postage_band_form($id)
 {
     $postage = ORM::factory("postage_band", $id);
     if (!$postage->loaded()) {
         kohana::show_404();
     }
     $form = postage_band::get_edit_form_admin($postage);
     print $form;
 }
Exemplo n.º 15
0
 public function __call($function, $args)
 {
     // request_uri: http://example.com/gallery3/var/trunk/albums/foo/bar.jpg
     $request_uri = $this->input->server("REQUEST_URI");
     $request_uri = preg_replace("/\\?.*/", "", $request_uri);
     // Unescape %7E (~), %20 ( ) and %27 (')
     // @todo: figure out why we have to do this and unescape everything appropriate
     $request_uri = str_replace(array("%7E", "%20", "%27"), array("~", " ", "'"), $request_uri);
     // var_uri: http://example.com/gallery3/var/
     $var_uri = url::file("var/");
     // Make sure that the request is for a file inside var
     $offset = strpos($request_uri, $var_uri);
     if ($offset === false) {
         kohana::show_404();
     }
     $file_uri = substr($request_uri, strlen($var_uri));
     // Make sure that we don't leave the var dir
     if (strpos($file_uri, "..") !== false) {
         kohana::show_404();
     }
     list($type, $path) = explode("/", $file_uri, 2);
     if ($type != "resizes" && $type != "albums" && $type != "thumbs") {
         kohana::show_404();
     }
     // If the last element is .album.jpg, pop that off since it's not a real item
     $path = preg_replace("|/.album.jpg\$|", "", $path);
     // We now have the relative path to the item.  Search for it in the path cache
     $item = ORM::factory("item")->where("relative_path_cache", $path)->find();
     if (!$item->loaded) {
         // We didn't turn it up.  It's possible that the relative_path_cache is out of date here.
         // There was fallback code, but bharat deleted it in 8f1bca74.  If it turns out to be
         // necessary, it's easily resurrected.
         // If we're looking for a .jpg then it's it's possible that we're requesting the thumbnail
         // for a movie.  In that case, the .flv or .mp4 file would have been converted to a .jpg.
         // So try some alternate types:
         if (preg_match('/.jpg$/', $path)) {
             foreach (array("flv", "mp4") as $ext) {
                 $movie_path = preg_replace('/.jpg$/', ".{$ext}", $path);
                 $item = ORM::factory("item")->where("relative_path_cache", $movie_path)->find();
                 if ($item->loaded) {
                     break;
                 }
             }
         }
     }
     if (!$item->loaded) {
         kohana::show_404();
     }
     if ($type == "albums") {
         $file = $item->file_path();
     } else {
         if ($type == "resizes") {
             $file = $item->resize_path();
         } else {
             $file = $item->thumb_path();
         }
     }
     // Make sure we have access to the item
     if (!access::can("view", $item)) {
         kohana::show_404();
     }
     // Make sure we have view_full access to the original
     if ($type == "albums" && !access::can("view_full", $item)) {
         kohana::show_404();
     }
     // Don't try to load a directory
     if ($type == "albums" && $item->is_album()) {
         kohana::show_404();
     }
     if (!file_exists($file)) {
         kohana::show_404();
     }
     // We don't need to save the session for this request
     Session::abort_save();
     // Dump out the image.  If the item is a movie, then its thumbnail will be a JPG.
     if (in_array($item->mime_type, array("video/x-flv", "video/mp4"))) {
         header("Content-type: image/jpeg");
     } else {
         header("Content-Type: {$item->mime_type}");
     }
     Kohana::close_buffers(false);
     $fd = fopen($file, "rb");
     fpassthru($fd);
     fclose($fd);
 }
Exemplo n.º 16
0
 public function edit_group_form($id)
 {
     $group = ORM::factory("group", $id);
     if (!$group->loaded) {
         kohana::show_404();
     }
     print group::get_edit_form_admin($group);
 }
Exemplo n.º 17
0
 public function __call($function, $args)
 {
     // request_uri: http://example.com/gallery3/var/trunk/albums/foo/bar.jpg
     $request_uri = $this->input->server("REQUEST_URI");
     $request_uri = preg_replace("/\\?.*/", "", $request_uri);
     // Unescape %7E ("~") and %20 (" ")
     $request_uri = str_replace(array("%7E", "%20"), array("~", " "), $request_uri);
     // var_uri: http://example.com/gallery3/var/
     $var_uri = url::file("var/");
     // Make sure that the request is for a file inside var
     $offset = strpos($request_uri, $var_uri);
     if ($offset === false) {
         kohana::show_404();
     }
     $file_uri = substr($request_uri, strlen($var_uri));
     // Make sure that we don't leave the var dir
     if (strpos($file_uri, "..") !== false) {
         kohana::show_404();
     }
     list($type, $path) = explode("/", $file_uri, 2);
     if ($type != "resizes" && $type != "albums" && $type != "thumbs") {
         kohana::show_404();
     }
     // If the last element is .album.jpg, pop that off since it's not a real item
     $path = preg_replace("|/.album.jpg\$|", "", $path);
     // We now have the relative path to the item.  Search for it in the path cache
     $item = ORM::factory("item")->where("relative_path_cache", $path)->find();
     if (!$item->loaded) {
         // We didn't turn it up.  This may mean that the path cache is out of date, so look it up
         // the hard way.
         //
         // Find all items that match the level and name, then iterate over those to find a match.
         // In most cases we'll get it in one.  Note that for the level calculation, we just count the
         // size of $paths.
         $paths = explode("/", $path);
         $count = count($paths);
         foreach (ORM::factory("item")->where("name", $paths[$count - 1])->where("level", $count + 1)->find_all() as $match) {
             if ($match->relative_path() == $path) {
                 $item = $match;
                 break;
             }
         }
     }
     if (!$item->loaded) {
         kohana::show_404();
     }
     if ($type == "albums") {
         $file = $item->file_path();
     } else {
         if ($type == "resizes") {
             $file = $item->resize_path();
         } else {
             $file = $item->thumb_path();
         }
     }
     // Make sure we have access to the item
     if (!access::can("view", $item)) {
         kohana::show_404();
     }
     // Make sure we have view_full access to the original
     if ($type == "albums" && !access::can("view_full", $item)) {
         kohana::show_404();
     }
     // Don't try to load a directory
     if ($type == "albums" && $item->is_album()) {
         kohana::show_404();
     }
     if (!file_exists($file)) {
         kohana::show_404();
     }
     // Dump out the image
     header("Content-Type: {$item->mime_type}");
     Kohana::close_buffers(false);
     $fd = fopen($file, "rb");
     fpassthru($fd);
     fclose($fd);
 }
 public function edit_email_template_form($id)
 {
     $email_template = ORM::factory("bp_email_template", $id);
     if (!$email_template->loaded()) {
         kohana::show_404();
     }
     $form = bp_email_template::get_edit_form_admin($email_template);
     print $form;
 }