public function rebuild() { $request = $this->getPageRequest(); $view = $this->getView(); if (!\Core\user()->checkAccess('g:admin')) { return View::ERROR_ACCESSDENIED; } $changes = PackageRepositoryPackageModel::RebuildPackages(); $msgs = []; if ($changes['updated']) { $msgs[] = 'Updated ' . $changes['updated'] . ' packages.'; } if ($changes['skipped']) { $msgs[] = 'Skipped ' . $changes['skipped'] . ' packages.'; } if ($changes['failed']) { $msgs[] = 'Ignored ' . $changes['failed'] . ' corrupt packages.'; } \Core\set_message(implode(' ', $msgs), 'success'); \Core\go_back(); }
/** * Set a JSON error message and optionally redirect if the page is not an ajax request. * * @param $code * @param $message * @param $redirect * * @return int */ public function sendJSONError($code, $message, $redirect){ $view = $this->getView(); $request = $this->getPageRequest(); if($request->isAjax()){ $view->mode = View::MODE_PAGEORAJAX; $view->jsondata = ['status' => $code, 'message' => $message]; $view->error = $code; } else{ \Core\set_message($message, 'error'); if($redirect){ \Core\redirect($redirect); } else{ \Core\go_back(); } } }
public function blacklistip_delete() { $view = $this->getView(); $request = $this->getPageRequest(); $ban = new IpBlacklistModel($request->getParameter(0)); if (!$ban->exists()) { return View::ERROR_NOTFOUND; } if (!$request->isPost()) { return View::ERROR_BADREQUEST; } $ban->delete(); \Core\set_message('Removed ban successfully', 'success'); \Core\go_back(); }
/** * Page to display a user interface to select the optional stylesheets. */ public function selectstylesheets() { $request = $this->getPageRequest(); $view = $this->getView(); $file = $request->getParameter('template'); $tpl = \Core\Templates\Template::Factory($file); $stylesheets = $tpl->getOptionalStylesheets(); $form = new Form(); foreach ($stylesheets as $style) { $model = TemplateCssModel::Construct($file, $style['src']); if (!$model->exists() && isset($style['default']) && $style['default']) { $model->set('enabled', 1); } $form->addElement('checkbox', ['title' => $style['title'], 'name' => 'stylesheets[]', 'value' => $style['src'], 'checked' => $model->get('enabled')]); } $form->addElement('submit', ['name' => 'submit', 'value' => 'Update Stylesheets']); // If it was a POST... then save that and go back. if ($request->isPost()) { if (!isset($_POST['stylesheets'])) { $_POST['stylesheets'] = array(); } // Run through the stylesheets retrieved and save their setting. foreach ($stylesheets as $style) { $model = TemplateCssModel::Construct($file, $style['src']); $model->set('enabled', in_array($style['src'], $_POST['stylesheets']) ? 1 : 0); $model->save(); } \Core\set_message('Updated optional stylesheets successfully', 'success'); \Core\go_back(1); } //$view->addBreadcrumb('Theme Manager', '/theme'); $view->title = 'Select Optional Stylesheets'; $view->assign('file', $file); $view->assign('form', $form); }
/** * POST-only view to disable a user's password login ability. * @return int */ public function disable(){ $view = $this->getView(); $request = $this->getPageRequest(); $userid = $request->getParameter(0); $isadmin = \Core\user()->checkAccess('p:/user/users/manage'); // Current user an admin? $isself = (\Core\user()->get('id') == $userid); if(!($isadmin || $isself)){ return View::ERROR_ACCESSDENIED; } if(!$request->isPost()){ return View::ERROR_BADREQUEST; } /** @var UserModel $user */ $user = UserModel::Construct($userid); if(!$user->exists()){ return View::ERROR_NOTFOUND; } if(sizeof($user->getEnabledAuthDrivers()) == 1){ return View::ERROR_OTHER; } $user->disableAuthDriver('datastore'); $user->save(); \Core\set_message('t:MESSAGE_SUCCESS_DISABLED_PASSWORD_AUTH'); \Core\go_back(); }
/** * Function that is fired off on page load. * This checks if a form was submitted and that form was present in the SESSION. * * @return null */ public static function CheckSavedSessionData() { // This needs to ignore the /form/savetemporary.ajax page! // This is a custom page that's meant to intercept all POST submissions. if(preg_match('#^/form/(.*)\.ajax$#', REL_REQUEST_PATH)) return; // There has to be data in the session. $forms = \Core\Session::Get('FormData/*'); $formid = (isset($_REQUEST['___formid'])) ? $_REQUEST['___formid'] : false; $form = false; foreach ($forms as $k => $v) { // If the object isn't a valid object after unserializing... if (!($el = unserialize($v))) { \Core\Session::UnsetKey('FormData/' . $k); continue; } // Check the expires time if ($el->get('expires') <= Time::GetCurrent()) { \Core\Session::UnsetKey('FormData/' . $k); continue; } if ($k == $formid) { // Remember this for after all the checks have finished. $form = $el; } } // No form found... simple enough if (!$form) return; // Otherwise /** @var $form Form */ // Ensure the submission types match up. if (strtoupper($form->get('method')) != $_SERVER['REQUEST_METHOD']) { \Core\set_message('t:MESSAGE_ERROR_FORM_SUBMISSION_TYPE_DOES_NOT_MATCH'); return; } // Ensure the REFERRER and original URL match up. if($_SERVER['HTTP_REFERER'] != $form->originalurl){ // @todo This is reported to be causing issues with production sites. // If found true, this check may need to be removed / refactored. //\Core\set_message('Form submission referrer does not match, please try your submission again.', 'error'); SystemLogModel::LogInfoEvent( 'Form Referrer Mismatch', 'Form referrer does not match! Submitted: [' . $_SERVER['HTTP_REFERER'] . '] Expected: [' . $form->originalurl . ']' ); //return; } // Run though each element submitted and try to validate it. if (strtoupper($form->get('method')) == 'POST') $src =& $_POST; else $src =& $_GET; $form->loadFrom($src); // Try to load the form from that form. That will call all of the model's validation logic // and will throw exceptions if it doesn't. try{ $form->getModel(); // Still good? if (!$form->hasError()){ $status = call_user_func($form->get('callsmethod'), $form); } else{ $status = false; } } catch(ModelValidationException $e){ \Core\set_message($e->getMessage(), 'error'); $status = false; } catch(GeneralValidationException $e){ \Core\set_message($e->getMessage(), 'error'); $status = false; } catch(Exception $e){ if(DEVELOPMENT_MODE){ // Developers get the full message \Core\set_message($e->getMessage(), 'error'); } else{ // While users of production-enabled sites get a friendlier message. \Core\set_message('t:MESSAGE_ERROR_FORM_SUBMISSION_UNHANDLED_EXCEPTION'); } Core\ErrorManagement\exception_handler($e); $status = false; } // The form was submitted. Set its persistent flag to true so that whatever may be listening for it can retrieve the user's values. $form->persistent = true; // Regardless, bundle this form back into the session so the controller can use it if needed. \Core\Session::Set('FormData/' . $formid, serialize($form)); // Fail statuses. if ($status === false) return; if ($status === null) return; // Guess it's not false and not null... must be good then. // @todo Handle an internal save procedure for "special" groups such as pageinsertables and what not. // Cleanup \Core\Session::UnsetKey('FormData/' . $formid); if ($status === 'die'){ // If it's set to die, simply exit the script without outputting anything. exit; } elseif($status === 'back'){ if($form->referrer && $form->referrer != REL_REQUEST_PATH){ // Go back to the original form's referrer. \Core\redirect($form->referrer); } else{ // Use Core to guess which page to redirect back to, (not as reliable). \Core\go_back(); } } elseif ($status === true){ // If the return code is boolean true, it's a reload. \Core\reload(); } elseif($status === REL_REQUEST_PATH || $status === CUR_CALL){ // If the page returned the same page as the current url, force a reload, (as redirect will ignore it) \Core\reload(); } else{ // Anything else gets sent to the redirect system. \core\redirect($status); } }
/** * Delete a simple widget. */ public function widget_delete(){ $view = $this->getView(); $request = $this->getPageRequest(); if(!\Core\user()->checkAccess('p:/core/widgets/manage')){ return View::ERROR_ACCESSDENIED; } if(!$request->isPost()){ return View::ERROR_BADREQUEST; } $baseurl = $request->getParameter('baseurl'); $class = substr($baseurl, 0, strpos($baseurl, '/')) . 'widget'; if(!class_exists($class)){ \Core\set_message('t:MESSAGE_ERROR_CLASS_S_NOT_AVAILABLE', $class); \Core\go_back(); } /** @var Widget_2_1 $obj */ $obj = new $class(); if(!($obj instanceof Widget_2_1)){ \Core\set_message('t:MESSAGE_ERROR_CLASS_S_NOT_VALID_WIDGET', $class); \Core\go_back(); } if(!$obj->is_simple){ \Core\set_message('t:MESSAGE_ERROR_CLASS_S_NOT_SIMPLE_WIDGET', $class); \Core\go_back(); } $model = new WidgetModel($baseurl); $model->delete(); \Core\set_message('t:MESSAGE_SUCCESS_DELETED_WIDGET_S', $baseurl); \Core\go_back(); }
/** * Controller view to update any instance-specific options for a given template. * * Usually consists of just access permissions and display template, but more options could come in the future. */ public function instance_movedown(){ $view = $this->getView(); $request = $this->getPageRequest(); if(!\Core\user()->checkAccess('p:/core/widgets/manage')){ return View::ERROR_ACCESSDENIED; } $instance = WidgetInstanceModel::Construct($request->getParameter(0)); if(!$instance->exists()){ return View::ERROR_NOTFOUND; } if(!$request->isPost()){ return View::ERROR_BADREQUEST; } // Figure out which instance is this one -1. $otherCriteria = [ 'site = ' . $instance->get('site'), 'template = ' . ($instance->get('template') === null ? 'NULL' : $instance->get('template')), 'page_baseurl = ' . ($instance->get('page_baseurl') === null ? 'NULL' : $instance->get('page_baseurl')), 'widgetarea = ' . $instance->get('widgetarea'), 'weight = ' . ($instance->get('weight') + 1), ]; $other = WidgetInstanceModel::Find($otherCriteria, 1); if(!$other){ \Core\set_message('Widget is already in the bottom position!', 'error'); } else{ $other->set('weight', $other->get('weight') - 1); $instance->set('weight', $instance->get('weight') + 1); $other->save(); $instance->save(); } \Core\go_back(); }
public function delete() { $view = $this->getView(); $request = $this->getPageRequest(); // This is a POST-only page. if (!$request->isPost()) { return View::ERROR_BADREQUEST; } if (!$this->setAccess('p:/content/manage_all')) { return View::ERROR_ACCESSDENIED; } $m = new ContentModel($request->getParameter(0)); $link = \Core\resolve_link($m->get('baseurl')); if (!$m->exists()) { return View::ERROR_NOTFOUND; } $m->delete(); \Core\set_message('Removed ' . $m->get('nickname') . ' successfully!', 'success'); $hist = $request->getReferrer(); if ($hist == $link) { \Core\redirect('/admin/pages'); } else { \Core\go_back(); } }
/** * Delete a blog article */ public function article_delete() { $view = $this->getView(); $request = $this->getPageRequest(); $article = new BlogArticleModel($request->getParameter(0)); if (!$article->exists()) { return View::ERROR_NOTFOUND; } $blog = $article->getLink('Blog'); if (!$blog->exists()) { return View::ERROR_NOTFOUND; } $manager = \Core\user()->checkAccess('p:/blog/manage_all'); $editor = \Core\user()->checkAccess($blog->get('manage_articles_permission ')) || $manager; if (!$editor) { return View::ERROR_ACCESSDENIED; } if (!$request->isPost()) { return View::ERROR_BADREQUEST; } $article->delete(); \Core\go_back(); }
public function delete() { $view = $this->getView(); $request = $this->getPageRequest(); if (!\Core\user()->checkAccess('p:/gallery/manage_all')) { return View::ERROR_ACCESSDENIED; } if ($request->getParameter(0)) { $model = new WidgetModel('/gallery/view/' . $request->getParameter(0)); } else { $model = new WidgetModel(); } if (!$request->isPost()) { return View::ERROR_BADREQUEST; } if (!$model->exists()) { return View::ERROR_NOTFOUND; } $model->delete(); \Core\go_back(); }
/** * Permanently delete a user account and all configuration options attached. * * @return int */ public function delete(){ $view = $this->getView(); $req = $this->getPageRequest(); $id = $req->getParameter(0); $model = UserModel::Construct($id); if(!\Core\user()->checkAccess('p:/user/users/manage')){ return View::ERROR_ACCESSDENIED; } if(!$req->isPost()){ return View::ERROR_BADREQUEST; } // Users are now a standard model, deleting a user account will automatically propagate down the stack. $model->delete(); \Core\set_message('Removed user successfully', 'success'); \Core\go_back(); }