/**
* This is a general purpose hook, allowing modules to respond to routes
* of the form module.php?mod=FOO&mod_action=BAR
*
* @param string $mod_action
*/
public function modAction($mod_action)
{
global $WT_TREE;
switch ($mod_action) {
case 'menu-add-favorite':
// Process the "add to user favorites" menu item on indi/fam/etc. pages
$record = GedcomRecord::getInstance(Filter::post('xref', WT_REGEX_XREF), $WT_TREE);
if (Auth::check() && $record->canShowName()) {
self::addFavorite(array('user_id' => Auth::id(), 'gedcom_id' => $record->getTree()->getTreeId(), 'gid' => $record->getXref(), 'type' => $record::RECORD_TYPE, 'url' => null, 'note' => null, 'title' => null));
FlashMessages::addMessage(I18N::translate('“%s” has been added to your favorites.', $record->getFullName()));
}
break;
}
}
/**
* How many blog entries exist for this user.
*
* @return string
*/
public function totalUserJournal()
{
try {
$number = (int) Database::prepare("SELECT SQL_CACHE COUNT(*) FROM `##news` WHERE user_id = ?")->execute(array(Auth::id()))->fetchOne();
} catch (PDOException $ex) {
// The module may not be installed, so the table may not exist.
$number = 0;
}
return I18N::number($number);
}
/**
* Defined in session.php
*
* @global Tree $WT_TREE
*/
global $WT_TREE;
use Fisharebest\Webtrees\Controller\PageController;
use Fisharebest\Webtrees\Module\CkeditorModule;
define('WT_SCRIPT_NAME', 'block_edit.php');
require './includes/session.php';
$block_id = Filter::getInteger('block_id');
$block = Database::prepare("SELECT SQL_CACHE * FROM `##block` WHERE block_id=?")->execute(array($block_id))->fetchOneRow();
// Check access. (1) the block must exist and be enabled, (2) gedcom blocks require
// managers, (3) user blocks require the user or an admin
$blocks = Module::getActiveBlocks($WT_TREE);
if (!$block || !array_key_exists($block->module_name, $blocks) || $block->gedcom_id && !Auth::isManager(Tree::findById($block->gedcom_id)) || $block->user_id && $block->user_id != Auth::id() && !Auth::isAdmin()) {
header('Location: ' . WT_BASE_URL);
return;
}
$block = $blocks[$block->module_name];
if (Filter::post('save')) {
$ctype = Filter::post('ctype', 'user', 'gedcom');
header('Location: ' . WT_BASE_URL . 'index.php?ctype=' . $ctype . '&ged=' . $WT_TREE->getNameUrl());
$block->configureBlock($block_id);
return;
}
$ctype = FIlter::get('ctype', 'user', 'gedcom');
$controller = new PageController();
$controller->setPageTitle(I18N::translate('Configure') . ' — ' . $block->getTitle())->pageHeader();
if (Module::getModuleByName('ckeditor')) {
CkeditorModule::enableEditor($controller);
/**
* Create a new record from GEDCOM data.
*
* @param string $gedcom
*
* @throws \Exception
*
* @return GedcomRecord
*/
public function createRecord($gedcom)
{
if (preg_match('/^0 @(' . WT_REGEX_XREF . ')@ (' . WT_REGEX_TAG . ')/', $gedcom, $match)) {
$xref = $match[1];
$type = $match[2];
} else {
throw new \Exception('Invalid argument to GedcomRecord::createRecord(' . $gedcom . ')');
}
if (strpos("\r", $gedcom) !== false) {
// MSDOS line endings will break things in horrible ways
throw new \Exception('Evil line endings found in GedcomRecord::createRecord(' . $gedcom . ')');
}
// webtrees creates XREFs containing digits. Anything else (e.g. “new”) is just a placeholder.
if (!preg_match('/\\d/', $xref)) {
$xref = $this->getNewXref($type);
$gedcom = preg_replace('/^0 @(' . WT_REGEX_XREF . ')@/', '0 @' . $xref . '@', $gedcom);
}
// Create a change record, if not already present
if (!preg_match('/\\n1 CHAN/', $gedcom)) {
$gedcom .= "\n1 CHAN\n2 DATE " . date('d M Y') . "\n3 TIME " . date('H:i:s') . "\n2 _WT_USER " . Auth::user()->getUserName();
}
// Create a pending change
Database::prepare("INSERT INTO `##change` (gedcom_id, xref, old_gedcom, new_gedcom, user_id) VALUES (?, ?, '', ?, ?)")->execute(array($this->tree_id, $xref, $gedcom, Auth::id()));
Log::addEditLog('Create: ' . $type . ' ' . $xref);
// Accept this pending change
if (Auth::user()->getPreference('auto_accept')) {
FunctionsImport::acceptAllChanges($xref, $this->tree_id);
}
// Return the newly created record. Note that since GedcomRecord
// has a cache of pending changes, we cannot use it to create a
// record with a newly created pending change.
return GedcomRecord::getInstance($xref, $this, $gedcom);
}
/**
* Generate the HTML content of this block.
*
* @param int $block_id
* @param bool $template
* @param string[] $cfg
*
* @return string
*/
public function getBlock($block_id, $template = true, $cfg = array())
{
global $ctype, $WT_TREE;
$block = $this->getBlockSetting($block_id, 'block', '1');
foreach (array('block') as $name) {
if (array_key_exists($name, $cfg)) {
${$name} = $cfg[$name];
}
}
$messages = Database::prepare("SELECT message_id, sender, subject, body, UNIX_TIMESTAMP(created) AS created FROM `##message` WHERE user_id=? ORDER BY message_id DESC")->execute(array(Auth::id()))->fetchAll();
$count = count($messages);
$id = $this->getName() . $block_id;
$class = $this->getName() . '_block';
$title = I18N::plural('%s message', '%s messages', $count, I18N::number($count));
$users = array_filter(User::all(), function (User $user) {
return $user->getUserId() !== Auth::id() && $user->getPreference('verified_by_admin') && $user->getPreference('contactmethod') !== 'none';
});
$content = '<form id="messageform" name="messageform" method="post" action="module.php?mod=user_messages&mod_action=delete" onsubmit="return confirm(\'' . I18N::translate('Are you sure you want to delete this message? It cannot be retrieved later.') . '\');">';
$content .= '<input type="hidden" name="ged" value="' . $ctype . '">';
$content .= '<input type="hidden" name="ctype" value="' . $WT_TREE->getNameHtml() . '">';
if ($users) {
$content .= '<label for="touser">' . I18N::translate('Send a message') . '</label>';
$content .= '<select id="touser" name="touser">';
$content .= '<option value="">' . I18N::translate('<select>') . '</option>';
foreach ($users as $user) {
$content .= sprintf('<option value="%1$s">%2$s - %1$s</option>', Filter::escapeHtml($user->getUserName()), Filter::escapeHtml($user->getRealName()));
}
$content .= '</select>';
$content .= '<input type="button" value="' . I18N::translate('Send') . '" onclick="return message(document.messageform.touser.options[document.messageform.touser.selectedIndex].value, \'messaging2\', \'\');"><br><br>';
}
if ($messages) {
$content .= '<table class="list_table"><tr>';
$content .= '<th class="list_label">' . I18N::translate('Delete') . '<br><a href="#" onclick="jQuery(\'#' . $this->getName() . $block_id . ' :checkbox\').prop(\'checked\', true); return false;">' . I18N::translate('All') . '</a></th>';
$content .= '<th class="list_label">' . I18N::translate('Subject') . '</th>';
$content .= '<th class="list_label">' . I18N::translate('Date sent') . '</th>';
$content .= '<th class="list_label">' . I18N::translate('Email address') . '</th>';
$content .= '</tr>';
foreach ($messages as $message) {
$content .= '<tr>';
$content .= '<td class="list_value_wrap"><input type="checkbox" name="message_id[]" value="' . $message->message_id . '" id="cb_message' . $message->message_id . '"></td>';
$content .= '<td class="list_value_wrap"><a href="#" onclick="return expand_layer(\'message' . $message->message_id . '\');"><i id="message' . $message->message_id . '_img" class="icon-plus"></i> <b dir="auto">' . Filter::escapeHtml($message->subject) . '</b></a></td>';
$content .= '<td class="list_value_wrap">' . FunctionsDate::formatTimestamp($message->created + WT_TIMESTAMP_OFFSET) . '</td>';
$content .= '<td class="list_value_wrap">';
$user = User::findByIdentifier($message->sender);
if ($user) {
$content .= $user->getRealNameHtml();
$content .= ' - <span dir="auto">' . $user->getEmail() . '</span>';
} else {
$content .= '<a href="mailto:' . Filter::escapeHtml($message->sender) . '">' . Filter::escapeHtml($message->sender) . '</a>';
}
$content .= '</td>';
$content .= '</tr>';
$content .= '<tr><td class="list_value_wrap" colspan="4"><div id="message' . $message->message_id . '" style="display:none;">';
$content .= '<div dir="auto" style="white-space: pre-wrap;">' . Filter::expandUrls($message->body) . '</div><br>';
if (strpos($message->subject, I18N::translate('RE: ')) !== 0) {
$message->subject = I18N::translate('RE: ') . $message->subject;
}
if ($user) {
$content .= '<button type="button" onclick="reply(\'' . Filter::escapeJs($message->sender) . '\', \'' . Filter::escapeJs($message->subject) . '\'); return false;">' . I18N::translate('Reply') . '</button> ';
}
$content .= '<button type="button" onclick="if (confirm(\'' . I18N::translate('Are you sure you want to delete this message? It cannot be retrieved later.') . '\')) {jQuery(\'#messageform :checkbox\').prop(\'checked\', false); jQuery(\'#cb_message' . $message->message_id . '\').prop(\'checked\', true); document.messageform.submit();}">' . I18N::translate('Delete') . '</button></div></td></tr>';
}
$content .= '</table>';
$content .= '<p><button type="submit">' . I18N::translate('Delete selected messages') . '</button></p>';
}
$content .= '</form>';
if ($template) {
if ($block) {
$class .= ' small_inner_block';
}
return Theme::theme()->formatBlock($id, $title, $class, $content);
} else {
return $content;
}
}
/**
* Generate the HTML content of this block.
*
* @param int $block_id
* @param bool $template
* @param string[] $cfg
*
* @return string
*/
public function getBlock($block_id, $template = true, $cfg = array())
{
global $WT_TREE;
$id = $this->getName() . $block_id;
$class = $this->getName() . '_block';
$title = $this->getTitle();
$anonymous = 0;
$logged_in = array();
$content = '';
foreach (User::allLoggedIn() as $user) {
if (Auth::isAdmin() || $user->getPreference('visibleonline')) {
$logged_in[] = $user;
} else {
$anonymous++;
}
}
$count_logged_in = count($logged_in);
$content .= '<div class="logged_in_count">';
if ($anonymous) {
$content .= I18N::plural('%s anonymous signed-in user', '%s anonymous signed-in users', $anonymous, I18N::number($anonymous));
if ($count_logged_in) {
$content .= ' | ';
}
}
if ($count_logged_in) {
$content .= I18N::plural('%s signed-in user', '%s signed-in users', $count_logged_in, I18N::number($count_logged_in));
}
$content .= '</div>';
$content .= '<div class="logged_in_list">';
if (Auth::check()) {
foreach ($logged_in as $user) {
$individual = Individual::getInstance($WT_TREE->getUserPreference($user, 'gedcomid'), $WT_TREE);
$content .= '<div class="logged_in_name">';
if ($individual) {
$content .= '<a href="' . $individual->getHtmlUrl() . '">' . $user->getRealNameHtml() . '</a>';
} else {
$content .= $user->getRealNameHtml();
}
$content .= ' - ' . Filter::escapeHtml($user->getUserName());
if (Auth::id() != $user->getUserId() && $user->getPreference('contactmethod') != 'none') {
$content .= ' <a class="icon-email" href="#" onclick="return message(\'' . Filter::escapeHtml($user->getUserName()) . '\', \'\', \'' . Filter::escapeHtml(Functions::getQueryUrl()) . '\');" title="' . I18N::translate('Send a message') . '"></a>';
}
$content .= '</div>';
}
}
$content .= '</div>';
if ($anonymous === 0 && $count_logged_in === 0) {
return '';
}
if ($template) {
return Theme::theme()->formatBlock($id, $title, $class, $content);
} else {
return $content;
}
}
/**
* How many times has the current page been shown?
*
* @param PageController $controller
*
* @return int Number of views, or zero for pages that aren't logged.
*/
protected function pageViews(PageController $controller)
{
if ($this->tree && $this->tree->getPreference('SHOW_COUNTER')) {
if (isset($controller->record) && $controller->record instanceof GedcomRecord) {
return HitCounter::countHit($this->tree, WT_SCRIPT_NAME, $controller->record->getXref());
} elseif (isset($controller->root) && $controller->root instanceof GedcomRecord) {
return HitCounter::countHit($this->tree, WT_SCRIPT_NAME, $controller->root->getXref());
} elseif (WT_SCRIPT_NAME === 'index.php') {
if (Auth::check() && Filter::get('ctype') !== 'gedcom') {
return HitCounter::countHit($this->tree, WT_SCRIPT_NAME, 'user:'******'gedcom:' . $this->tree->getTreeId());
}
}
}
return 0;
}
public function menuMyPages()
{
$menu = parent::menuMyPages();
if (Auth::id()) {
$menu->addSubmenu($this->menuLogout());
}
return $menu;
}
/**
* Delete this record
*/
public function deleteRecord()
{
// Create a pending change
if (!$this->isPendingDeletion()) {
Database::prepare("INSERT INTO `##change` (gedcom_id, xref, old_gedcom, new_gedcom, user_id) VALUES (?, ?, ?, '', ?)")->execute(array($this->tree->getTreeId(), $this->xref, $this->getGedcom(), Auth::id()));
}
// Auto-accept this pending change
if (Auth::user()->getPreference('auto_accept')) {
FunctionsImport::acceptAllChanges($this->xref, $this->tree->getTreeId());
}
// Clear the cache
self::$gedcom_record_cache = null;
self::$pending_record_cache = null;
Log::addEditLog('Delete: ' . static::RECORD_TYPE . ' ' . $this->xref);
}
echo I18N::translate('User didn’t verify within 7 days.');
?>
</td>
<td>
<input type="checkbox" checked name="del_<?php
echo $user->getUserId();
?>
" value="1">
</td>
</tr>
<?php
}
}
// Check users not verified by admin
foreach (User::all() as $user) {
if ($user->getUserId() !== Auth::id() && !$user->getPreference('approved') && $user->getPreference('verified')) {
$ucnt++;
?>
<tr>
<td>
<a href="?action=edit&user_id=<?php
echo $user->getUserId();
?>
">
<?php
echo Filter::escapeHtml($user->getUserName());
?>
—
<?php
echo $user->getRealNameHtml();
?>
use Fisharebest\Webtrees\Controller\PageController;
use Fisharebest\Webtrees\Functions\Functions;
use Fisharebest\Webtrees\Functions\FunctionsDb;
define('WT_SCRIPT_NAME', 'index.php');
require './includes/session.php';
// The only option for action is "ajax"
$action = Filter::get('action');
// The default view depends on whether we are logged in
if (Auth::check()) {
$ctype = Filter::get('ctype', 'gedcom|user', 'user');
} else {
$ctype = 'gedcom';
}
// Get the blocks list
if ($ctype === 'user') {
$blocks = FunctionsDb::getUserBlocks(Auth::id());
} else {
$blocks = FunctionsDb::getTreeBlocks($WT_TREE->getTreeId());
}
$active_blocks = Module::getActiveBlocks($WT_TREE);
// The latest version is shown on the administration page. This updates it every day.
Functions::fetchLatestVersion();
// We generate individual blocks using AJAX
if ($action === 'ajax') {
$controller = new AjaxController();
$controller->pageHeader();
// Check we’re displaying an allowable block.
$block_id = Filter::getInteger('block_id');
if (array_key_exists($block_id, $blocks['main'])) {
$module_name = $blocks['main'][$block_id];
} elseif (array_key_exists($block_id, $blocks['side'])) {
/**
* Generate the HTML content of this block.
*
* @param int $block_id
* @param bool $template
* @param string[] $cfg
*
* @return string
*/
public function getBlock($block_id, $template = true, $cfg = array())
{
global $ctype, $controller, $WT_TREE;
$action = Filter::get('action');
switch ($action) {
case 'deletefav':
$favorite_id = Filter::getInteger('favorite_id');
if ($favorite_id) {
self::deleteFavorite($favorite_id);
}
break;
case 'addfav':
$gid = Filter::get('gid', WT_REGEX_XREF);
$favnote = Filter::get('favnote');
$url = Filter::getUrl('url');
$favtitle = Filter::get('favtitle');
if ($gid) {
$record = GedcomRecord::getInstance($gid, $WT_TREE);
if ($record && $record->canShow()) {
self::addFavorite(array('user_id' => $ctype === 'user' ? Auth::id() : null, 'gedcom_id' => $WT_TREE->getTreeId(), 'gid' => $record->getXref(), 'type' => $record::RECORD_TYPE, 'url' => null, 'note' => $favnote, 'title' => $favtitle));
}
} elseif ($url) {
self::addFavorite(array('user_id' => $ctype === 'user' ? Auth::id() : null, 'gedcom_id' => $WT_TREE->getTreeId(), 'gid' => null, 'type' => 'URL', 'url' => $url, 'note' => $favnote, 'title' => $favtitle ? $favtitle : $url));
}
break;
}
$block = $this->getBlockSetting($block_id, 'block', '0');
foreach (array('block') as $name) {
if (array_key_exists($name, $cfg)) {
${$name} = $cfg[$name];
}
}
$userfavs = $this->getFavorites($ctype === 'user' ? Auth::id() : $WT_TREE->getTreeId());
if (!is_array($userfavs)) {
$userfavs = array();
}
$id = $this->getName() . $block_id;
$class = $this->getName() . '_block';
$title = $this->getTitle();
if (Auth::check()) {
$controller->addExternalJavascript(WT_AUTOCOMPLETE_JS_URL)->addInlineJavascript('autocomplete();');
}
$content = '';
if ($userfavs) {
foreach ($userfavs as $key => $favorite) {
if (isset($favorite['id'])) {
$key = $favorite['id'];
}
$removeFavourite = '<a class="font9" href="index.php?ctype=' . $ctype . '&ged=' . $WT_TREE->getNameHtml() . '&action=deletefav&favorite_id=' . $key . '" onclick="return confirm(\'' . I18N::translate('Are you sure you want to remove this item from your list of favorites?') . '\');">' . I18N::translate('Remove') . '</a> ';
if ($favorite['type'] == 'URL') {
$content .= '<div id="boxurl' . $key . '.0" class="person_box">';
if ($ctype == 'user' || Auth::isManager($WT_TREE)) {
$content .= $removeFavourite;
}
$content .= '<a href="' . $favorite['url'] . '"><b>' . $favorite['title'] . '</b></a>';
$content .= '<br>' . $favorite['note'];
$content .= '</div>';
} else {
$record = GedcomRecord::getInstance($favorite['gid'], $WT_TREE);
if ($record && $record->canShow()) {
if ($record instanceof Individual) {
$content .= '<div id="box' . $favorite["gid"] . '.0" class="person_box action_header';
switch ($record->getsex()) {
case 'M':
break;
case 'F':
$content .= 'F';
break;
default:
$content .= 'NN';
break;
}
$content .= '">';
if ($ctype == "user" || Auth::isManager($WT_TREE)) {
$content .= $removeFavourite;
}
$content .= Theme::theme()->individualBoxLarge($record);
$content .= $favorite['note'];
$content .= '</div>';
} else {
$content .= '<div id="box' . $favorite['gid'] . '.0" class="person_box">';
if ($ctype == 'user' || Auth::isManager($WT_TREE)) {
$content .= $removeFavourite;
}
$content .= $record->formatList('span');
$content .= '<br>' . $favorite['note'];
$content .= '</div>';
}
}
}
}
}
if ($ctype == 'user' || Auth::isManager($WT_TREE)) {
$uniqueID = Uuid::uuid4();
// This block can theoretically appear multiple times, so use a unique ID.
$content .= '<div class="add_fav_head">';
$content .= '<a href="#" onclick="return expand_layer(\'add_fav' . $uniqueID . '\');">' . I18N::translate('Add a new favorite') . '<i id="add_fav' . $uniqueID . '_img" class="icon-plus"></i></a>';
$content .= '</div>';
$content .= '<div id="add_fav' . $uniqueID . '" style="display: none;">';
$content .= '<form name="addfavform" method="get" action="index.php">';
$content .= '<input type="hidden" name="action" value="addfav">';
$content .= '<input type="hidden" name="ctype" value="' . $ctype . '">';
$content .= '<input type="hidden" name="ged" value="' . $WT_TREE->getNameHtml() . '">';
$content .= '<div class="add_fav_ref">';
$content .= '<input type="radio" name="fav_category" value="record" checked onclick="jQuery(\'#gid' . $uniqueID . '\').removeAttr(\'disabled\'); jQuery(\'#url, #favtitle\').attr(\'disabled\',\'disabled\').val(\'\');">';
$content .= '<label for="gid' . $uniqueID . '">' . I18N::translate('Enter an individual, family, or source ID') . '</label>';
$content .= '<input class="pedigree_form" data-autocomplete-type="IFSRO" type="text" name="gid" id="gid' . $uniqueID . '" size="5" value="">';
$content .= ' ' . FunctionsPrint::printFindIndividualLink('gid' . $uniqueID);
$content .= ' ' . FunctionsPrint::printFindFamilyLink('gid' . $uniqueID);
$content .= ' ' . FunctionsPrint::printFindSourceLink('gid' . $uniqueID);
$content .= ' ' . FunctionsPrint::printFindRepositoryLink('gid' . $uniqueID);
$content .= ' ' . FunctionsPrint::printFindNoteLink('gid' . $uniqueID);
$content .= ' ' . FunctionsPrint::printFindMediaLink('gid' . $uniqueID);
$content .= '</div>';
$content .= '<div class="add_fav_url">';
$content .= '<input type="radio" name="fav_category" value="url" onclick="jQuery(\'#url, #favtitle\').removeAttr(\'disabled\'); jQuery(\'#gid' . $uniqueID . '\').attr(\'disabled\',\'disabled\').val(\'\');">';
$content .= '<input type="text" name="url" id="url" size="20" value="" placeholder="' . GedcomTag::getLabel('URL') . '" disabled> ';
$content .= '<input type="text" name="favtitle" id="favtitle" size="20" value="" placeholder="' . I18N::translate('Title') . '" disabled>';
$content .= '<p>' . I18N::translate('Enter an optional note about this favorite') . '</p>';
$content .= '<textarea name="favnote" rows="6" cols="50"></textarea>';
$content .= '</div>';
$content .= '<input type="submit" value="' . I18N::translate('Add') . '">';
$content .= '</form></div>';
}
if ($template) {
if ($block) {
$class .= ' small_inner_block';
}
return Theme::theme()->formatBlock($id, $title, $class, $content);
} else {
return $content;
}
}
break;
case '':
Database::prepare("INSERT INTO `##site_access_rule` (ip_address_start, ip_address_end, user_agent_pattern, comment) VALUES (IFNULL(INET_ATON(?), 0), IFNULL(INET_ATON(?), 4294967295), ?, '')")->execute(array(WT_CLIENT_IP, WT_CLIENT_IP, Filter::server('HTTP_USER_AGENT', null, '')));
$SEARCH_SPIDER = true;
break;
}
// Store our session data in the database.
session_set_save_handler(function () {
return true;
}, function () {
return true;
}, function ($id) {
return Database::prepare("SELECT session_data FROM `##session` WHERE session_id=?")->execute(array($id))->fetchOne();
}, function ($id, $data) {
// Only update the session table once per minute, unless the session data has actually changed.
Database::prepare("INSERT INTO `##session` (session_id, user_id, ip_address, session_data, session_time)" . " VALUES (?, ?, ?, ?, CURRENT_TIMESTAMP - SECOND(CURRENT_TIMESTAMP))" . " ON DUPLICATE KEY UPDATE" . " user_id = VALUES(user_id)," . " ip_address = VALUES(ip_address)," . " session_data = VALUES(session_data)," . " session_time = CURRENT_TIMESTAMP - SECOND(CURRENT_TIMESTAMP)")->execute(array($id, (int) Auth::id(), WT_CLIENT_IP, $data));
return true;
}, function ($id) {
Database::prepare("DELETE FROM `##session` WHERE session_id=?")->execute(array($id));
return true;
}, function ($maxlifetime) {
Database::prepare("DELETE FROM `##session` WHERE session_time < DATE_SUB(NOW(), INTERVAL ? SECOND)")->execute(array($maxlifetime));
return true;
});
Session::start(array('gc_maxlifetime' => Site::getPreference('SESSION_TIME'), 'cookie_path' => parse_url(WT_BASE_URL, PHP_URL_PATH)));
if (!Auth::isSearchEngine() && !Session::get('initiated')) {
// A new session, so prevent session fixation attacks by choosing a new PHPSESSID.
Session::regenerate(false);
Session::put('initiated', true);
} else {
// An existing session
/**
* Generate the HTML content of this block.
*
* @param int $block_id
* @param bool $template
* @param string[] $cfg
*
* @return string
*/
public function getBlock($block_id, $template = true, $cfg = array())
{
global $ctype, $WT_TREE;
switch (Filter::get('action')) {
case 'deletenews':
$news_id = Filter::getInteger('news_id');
if ($news_id) {
Database::prepare("DELETE FROM `##news` WHERE news_id = ?")->execute(array($news_id));
}
break;
}
$block = $this->getBlockSetting($block_id, 'block', '1');
foreach (array('block') as $name) {
if (array_key_exists($name, $cfg)) {
${$name} = $cfg[$name];
}
}
$usernews = Database::prepare("SELECT SQL_CACHE news_id, user_id, gedcom_id, UNIX_TIMESTAMP(updated) AS updated, subject, body FROM `##news` WHERE user_id = ? ORDER BY updated DESC")->execute(array(Auth::id()))->fetchAll();
$id = $this->getName() . $block_id;
$class = $this->getName() . '_block';
$title = '';
$title .= $this->getTitle();
$content = '';
if (!$usernews) {
$content .= I18N::translate('You have not created any journal items.');
}
foreach ($usernews as $news) {
$content .= '<div class="journal_box">';
$content .= '<div class="news_title">' . $news->subject . '</div>';
$content .= '<div class="news_date">' . FunctionsDate::formatTimestamp($news->updated) . '</div>';
if ($news->body == strip_tags($news->body)) {
// No HTML?
$news->body = nl2br($news->body, false);
}
$content .= $news->body . '<br><br>';
$content .= '<a href="#" onclick="window.open(\'editnews.php?news_id=\'+' . $news->news_id . ', \'_blank\', indx_window_specs); return false;">' . I18N::translate('Edit') . '</a> | ';
$content .= '<a href="index.php?action=deletenews&news_id=' . $news->news_id . '&ctype=' . $ctype . '&ged=' . $WT_TREE->getNameHtml() . '" onclick="return confirm(\'' . I18N::translate('Are you sure you want to delete “%s”?', Filter::escapeHtml($news->subject)) . "');\">" . I18N::translate('Delete') . '</a><br>';
$content .= "</div><br>";
}
$content .= '<br><a href="#" onclick="window.open(\'editnews.php?user_id=' . Auth::id() . '\', \'_blank\', indx_window_specs); return false;">' . I18N::translate('Add a new journal entry') . '</a>';
if ($template) {
if ($block) {
$class .= ' small_inner_block';
}
return Theme::theme()->formatBlock($id, $title, $class, $content);
} else {
return $content;
}
}
define('WT_TIMESTAMP_OFFSET', date_offset_get(new \DateTime('now')));
define('WT_CLIENT_JD', 2440588 + (int) ((WT_TIMESTAMP + WT_TIMESTAMP_OFFSET) / 86400));
// The login URL must be an absolute URL, and can be user-defined
if (Site::getPreference('LOGIN_URL')) {
define('WT_LOGIN_URL', Site::getPreference('LOGIN_URL'));
} else {
define('WT_LOGIN_URL', WT_BASE_URL . 'login.php');
}
// If there is no current tree and we need one, then redirect somewhere
if (WT_SCRIPT_NAME != 'admin_trees_manage.php' && WT_SCRIPT_NAME != 'admin_pgv_to_wt.php' && WT_SCRIPT_NAME != 'login.php' && WT_SCRIPT_NAME != 'logout.php' && WT_SCRIPT_NAME != 'import.php' && WT_SCRIPT_NAME != 'help_text.php' && WT_SCRIPT_NAME != 'message.php' && WT_SCRIPT_NAME != 'action.php') {
if (!$WT_TREE || !$WT_TREE->getPreference('imported')) {
if (Auth::isAdmin()) {
header('Location: ' . WT_BASE_URL . 'admin_trees_manage.php');
} else {
// We're not an administrator, so we can only log in if there is a tree.
if (Auth::id()) {
Auth::logout();
FlashMessages::addMessage(I18N::translate('This user account does not have access to any tree.'));
}
header('Location: ' . WT_LOGIN_URL . '?url=' . rawurlencode(WT_SCRIPT_NAME . (isset($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '')), true, 301);
}
exit;
}
}
// Update the last-login time no more than once a minute
if (WT_TIMESTAMP - Session::get('activity_time') >= 60) {
Auth::user()->setPreference('sessiontime', WT_TIMESTAMP);
Session::put('activity_time', WT_TIMESTAMP);
}
// Set the theme
if (substr(WT_SCRIPT_NAME, 0, 5) === 'admin' || WT_SCRIPT_NAME === 'module.php' && substr(Filter::get('mod_action'), 0, 5) === 'admin') {
echo I18N::translate('User didn’t verify within 7 days.');
?>
</td>
<td>
<input type="checkbox" checked name="del_<?php
echo $user->getUserId();
?>
" value="1">
</td>
</tr>
<?php
}
}
// Check users not verified by admin
foreach (User::all() as $user) {
if ($user->getUserId() !== Auth::id() && !$user->getPreference('verified_by_admin') && $user->getPreference('verified')) {
$ucnt++;
?>
<tr>
<td>
<a href="?action=edit&user_id=<?php
echo $user->getUserId();
?>
">
<?php
echo Filter::escapeHtml($user->getUserName());
?>
—
<?php
echo $user->getRealNameHtml();
?>
/**
* Generate the HTML content of this block.
*
* @param int $block_id
* @param bool $template
* @param string[] $cfg
*
* @return string
*/
public function getBlock($block_id, $template = true, $cfg = array())
{
global $ctype, $WT_TREE;
switch (Filter::get('action')) {
case 'deletenews':
$news_id = Filter::getInteger('news_id');
if ($news_id) {
Database::prepare("DELETE FROM `##news` WHERE news_id = ?")->execute(array($news_id));
}
break;
}
$articles = Database::prepare("SELECT SQL_CACHE news_id, user_id, gedcom_id, UNIX_TIMESTAMP(updated) + :offset AS updated, subject, body FROM `##news` WHERE user_id = :user_id ORDER BY updated DESC")->execute(array('offset' => WT_TIMESTAMP_OFFSET, 'user_id' => Auth::id()))->fetchAll();
$id = $this->getName() . $block_id;
$class = $this->getName() . '_block';
$title = $this->getTitle();
$content = '';
if (empty($articles)) {
$content .= '<p>' . I18N::translate('You have not created any journal items.') . '</p>';
}
foreach ($articles as $article) {
$content .= '<div class="journal_box">';
$content .= '<div class="news_title">' . Filter::escapeHtml($article->subject) . '</div>';
$content .= '<div class="news_date">' . FunctionsDate::formatTimestamp($article->updated) . '</div>';
if ($article->body == strip_tags($article->body)) {
$article->body = nl2br($article->body, false);
}
$content .= $article->body;
$content .= '<a href="#" onclick="window.open(\'editnews.php?news_id=\'+' . $article->news_id . ', \'_blank\', indx_window_specs); return false;">' . I18N::translate('Edit') . '</a>';
$content .= ' | ';
$content .= '<a href="index.php?action=deletenews&news_id=' . $article->news_id . '&ctype=' . $ctype . '&ged=' . $WT_TREE->getNameHtml() . '" onclick="return confirm(\'' . I18N::translate('Are you sure you want to delete “%s”?', Filter::escapeHtml($article->subject)) . "');\">" . I18N::translate('Delete') . '</a><br>';
$content .= '</div><br>';
}
$content .= '<p><a href="#" onclick="window.open(\'editnews.php?user_id=' . Auth::id() . '\', \'_blank\', indx_window_specs); return false;">' . I18N::translate('Add a journal entry') . '</a></p>';
if ($template) {
return Theme::theme()->formatBlock($id, $title, $class, $content);
} else {
return $content;
}
}
$controller->setPageTitle(I18N::translate('Change the “My page” blocks'));
$can_reset = true;
}
} else {
if ($gedcom_id < 0) {
$controller->setPageTitle(I18N::translate('Set the default blocks for new family trees'));
$can_reset = false;
} else {
$controller->setPageTitle(I18N::translate('Change the “Home page” blocks'));
$can_reset = true;
}
}
// Only an admin can edit the "default" page
// Only managers can edit the "home page"
// Only a user or an admin can edit a user’s "my page"
if ($gedcom_id < 0 && !Auth::isAdmin() || $gedcom_id > 0 && !Auth::isManager(Tree::findById($gedcom_id)) || $user_id && Auth::id() != $user_id && !Auth::isAdmin()) {
header('Location: ' . WT_BASE_URL);
return;
}
$action = Filter::get('action');
if ($can_reset && Filter::post('default') === '1') {
if ($user_id) {
$defaults = FunctionsDb::getUserBlocks(-1);
} else {
$defaults = FunctionsDb::getTreeBlocks(-1);
}
$main = $defaults['main'];
$right = $defaults['side'];
} else {
if (isset($_REQUEST['main'])) {
$main = $_REQUEST['main'];
