function form_open($action = '', $attributes = array(), $hidden = array())
{
$CI =& get_instance();
if (strpos($action, '://') === FALSE && strpos($action, BASE) !== 0) {
$action = BASE . AMP . $action;
}
$action = ee()->uri->reformat($action);
$form = '<form action="' . $action . '"';
if (is_array($attributes)) {
if (!isset($attributes['method'])) {
$form .= ' method="post"';
}
foreach ($attributes as $key => $val) {
$form .= ' ' . $key . '="' . $val . '"';
}
} else {
$form .= ' method="post" ' . $attributes;
}
$form .= ">\n";
if (!bool_config_item('disable_csrf_protection')) {
if (!is_array($hidden)) {
$hidden = array();
}
$hidden['csrf_token'] = CSRF_TOKEN;
}
if (is_array($hidden) and count($hidden > 0)) {
$form .= form_hidden($hidden) . "\n";
}
return $form;
}
protected function setGlobalJs($entry, $valid)
{
$entry_id = $entry->entry_id;
$channel_id = $entry->channel_id;
$autosave_interval_seconds = ee()->config->item('autosave_interval_seconds') === FALSE ? 60 : ee()->config->item('autosave_interval_seconds');
// Create Foreign Character Conversion JS
include APPPATH . 'config/foreign_chars.php';
/* -------------------------------------
/* 'foreign_character_conversion_array' hook.
/* - Allows you to use your own foreign character conversion array
/* - Added 1.6.0
* - Note: in 2.0, you can edit the foreign_chars.php config file as well
*/
if (isset(ee()->extensions->extensions['foreign_character_conversion_array'])) {
$foreign_characters = ee()->extensions->call('foreign_character_conversion_array');
}
/*
/* -------------------------------------*/
$smileys_enabled = isset(ee()->cp->installed_modules['emoticon']) ? TRUE : FALSE;
if ($smileys_enabled) {
ee()->load->helper('smiley');
ee()->cp->add_to_foot(smiley_js());
}
ee()->javascript->set_global(array('lang.add_new_html_button' => lang('add_new_html_button'), 'lang.close' => lang('close'), 'lang.confirm_exit' => lang('confirm_exit'), 'lang.loading' => lang('loading'), 'publish.autosave.interval' => (int) $autosave_interval_seconds, 'publish.autosave.URL' => ee('CP/URL')->make('publish/autosave/' . $channel_id . '/' . $entry_id)->compile(), 'publish.add_category.URL' => ee('CP/URL')->make('channels/cat/createCat/###')->compile(), 'publish.foreignChars' => $foreign_characters, 'publish.lang.no_member_groups' => lang('no_member_groups'), 'publish.lang.refresh_layout' => lang('refresh_layout'), 'publish.lang.tab_count_zero' => lang('tab_count_zero'), 'publish.lang.tab_has_req_field' => lang('tab_has_req_field'), 'publish.markitup.foo' => FALSE, 'publish.smileys' => $smileys_enabled, 'publish.field.URL' => ee('CP/URL', 'publish/field/' . $channel_id . '/' . $entry_id)->compile(), 'publish.which' => $entry_id ? 'edit' : 'new', 'publish.word_separator' => ee()->config->item('word_separator') != "dash" ? '_' : '-', 'user.can_edit_html_buttons' => ee()->cp->allowed_group('can_edit_html_buttons'), 'user.foo' => FALSE, 'user_id' => ee()->session->userdata('member_id')));
// -------------------------------------------
// Publish Page Title Focus - makes the title field gain focus when the page is loaded
//
// Hidden Configuration Variable - publish_page_title_focus => Set focus to the tile? (y/n)
ee()->javascript->set_global('publish.title_focus', FALSE);
if (!$entry_id && $valid && bool_config_item('publish_page_title_focus')) {
ee()->javascript->set_global('publish.title_focus', TRUE);
}
}
function form_open($action = '', $attributes = '', $hidden = array())
{
$CI =& get_instance();
if ($attributes == '') {
$attributes = 'method="post"';
}
$action = strpos($action, '://') === FALSE ? $CI->config->site_url($action) : $action;
$form = '<form action="' . $action . '"';
$form .= _attributes_to_string($attributes, TRUE);
$form .= '>';
// CSRF
if (!bool_config_item('disable_csrf_protection')) {
$hidden['csrf_token'] = CSRF_TOKEN;
}
if (is_array($hidden) and count($hidden) > 0) {
$form .= sprintf("<div style=\"display:none\">%s</div>", form_hidden($hidden));
}
return $form;
}
/**
* Check and Validate Form CSRF tokens
*
* Checks any POST and PUT data for a valid csrf tokens. The main
* processing happens in the csrf library which differentiates between
* logged in and logged out users.
*
* @access public
* @return boolean FALSE if there is an invalid XID, TRUE if valid or no XID
*/
public function have_valid_xid($flags = self::CSRF_STRICT)
{
$is_valid = FALSE;
// Check the token if we must
ee()->load->library('csrf');
if ($flags & self::CSRF_EXEMPT || AJAX_REQUEST && REQ != 'CP' && !($flags & self::CSRF_STRICT) || bool_config_item('disable_csrf_protection')) {
$is_valid = TRUE;
} else {
$is_valid = ee()->csrf->check();
}
// Retrieve the current token
$csrf_token = ee()->csrf->get_user_token();
// Set the constant and the legacy constants. Le sigh.
define('CSRF_TOKEN', $csrf_token);
define('REQUEST_XID', $csrf_token);
define('XID_SECURE_HASH', $csrf_token);
// Send the header and legacy header for ajax requests
if (AJAX_REQUEST && ee()->input->server('REQUEST_METHOD') == 'POST') {
header('X-CSRF-TOKEN: ' . CSRF_TOKEN);
header('X-EEXID: ' . CSRF_TOKEN);
}
return $is_valid;
}
/**
* Set cookie
*
* Accepts six parameter, or you can submit an associative
* array in the first parameter containing all the values.
*
* @access public
* @param mixed
* @param string the value of the cookie
* @param string the number of seconds until expiration
* @param string the cookie domain. Usually: .yourdomain.com
* @param string the cookie path
* @param string the cookie prefix
* @return void
*/
function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '')
{
if (is_array($name)) {
foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'name') as $item) {
if (isset($name[$item])) {
${$item} = $name[$item];
}
}
}
if ($prefix == '' and config_item('cookie_prefix') != '') {
$prefix = config_item('cookie_prefix');
}
if ($domain == '' and config_item('cookie_domain') != '') {
$domain = config_item('cookie_domain');
}
if ($path == '/' and config_item('cookie_path') != '/') {
$path = config_item('cookie_path');
}
if (!is_numeric($expire)) {
$expire = time() - 86500;
} else {
if ($expire > 0) {
$expire = time() + $expire;
} else {
$expire = 0;
}
}
$secure_cookie = bool_config_item('cookie_secure') === TRUE ? 1 : 0;
if ($secure_cookie) {
$req = isset($_SERVER['HTTPS']) ? $_SERVER['HTTPS'] : FALSE;
if (!$req or $req == 'off') {
return FALSE;
}
}
setcookie($prefix . $name, $value, $expire, $path, $domain, $secure_cookie);
}
/**
* Member Logout
*/
public function member_logout()
{
// Check CSRF Token
$token = FALSE;
if (!$token) {
$token = ee()->input->get('csrf_token');
}
if (!$token) {
$token = ee()->input->get('XID');
}
if (!bool_config_item('disable_csrf_protection') && $token != CSRF_TOKEN) {
return ee()->output->show_user_error('general', array(lang('not_authorized')));
}
// Kill the session and cookies
ee()->db->where('site_id', ee()->config->item('site_id'));
ee()->db->where('ip_address', ee()->input->ip_address());
ee()->db->where('member_id', ee()->session->userdata('member_id'));
ee()->db->delete('online_users');
ee()->session->destroy();
ee()->input->delete_cookie('read_topics');
$csrf_token = ee()->csrf->refresh_token();
/* -------------------------------------------
/* 'member_member_logout' hook.
/* - Perform additional actions after logout
/* - Added EE 1.6.1
*/
ee()->extensions->call('member_member_logout');
if (ee()->extensions->end_script === TRUE) {
return;
}
/*
/* -------------------------------------------*/
// Is this a forum redirect?
$name = '';
unset($url);
if (ee()->input->get_post('FROM') == 'forum') {
if (ee()->input->get_post('board_id') !== FALSE && is_numeric(ee()->input->get_post('board_id'))) {
$query = ee()->db->select("board_forum_url, board_label")->where('board_id', ee()->input->get_post('board_id'))->get('forum_boards');
} else {
$query = ee()->db->select('board_forum_url, board_label')->where('board_id', (int) 1)->get('forum_boards');
}
$url = $query->row('board_forum_url');
$name = $query->row('board_label');
}
// Build success message
$url = !isset($url) ? ee()->config->item('site_url') : $url;
$name = !isset($url) ? stripslashes(ee()->config->item('site_name')) : $name;
$data = array('title' => lang('mbr_login'), 'heading' => lang('thank_you'), 'content' => lang('mbr_you_are_logged_out'), 'redirect' => $url, 'link' => array($url, $name));
ee()->output->show_message($data);
}
/**
* Sets constants, sets paths contants to appropriate directories, loads
* the database and generally prepares the system to run.
*/
public function bootstrap()
{
// Define the request type
// Note: admin.php defines REQ=CP
if (!defined('REQ')) {
define('REQ', ee()->input->get_post('ACT') !== FALSE ? 'ACTION' : 'PAGE');
}
// Set a liberal script execution time limit, making it shorter for front-end requests than CI's default
if (function_exists("set_time_limit") == TRUE and @ini_get("safe_mode") == 0) {
@set_time_limit(REQ == 'CP' ? 300 : 90);
}
// some path constants to simplify things
define('PATH_MOD', APPPATH . 'modules/');
define('PATH_PI', APPPATH . 'plugins/');
define('PATH_EXT', APPPATH . 'extensions/');
define('PATH_ACC', APPPATH . 'accessories/');
define('PATH_FT', APPPATH . 'fieldtypes/');
define('PATH_RTE', APPPATH . 'rte_tools/');
if (ee()->config->item('third_party_path')) {
define('PATH_THIRD', rtrim(realpath(ee()->config->item('third_party_path')), '/') . '/');
} else {
define('PATH_THIRD', APPPATH . 'third_party/');
}
// application constants
define('IS_CORE', FALSE);
define('APP_NAME', 'ExpressionEngine' . (IS_CORE ? ' Core' : ''));
define('APP_BUILD', '20140715');
define('APP_VER', '2.9.0');
define('SLASH', '/');
define('LD', '{');
define('RD', '}');
define('AMP', '&');
define('NBS', ' ');
define('BR', '<br />');
define('NL', "\n");
define('PATH_DICT', APPPATH . 'config/');
define('AJAX_REQUEST', ee()->input->is_ajax_request());
// Load DB and set DB preferences
ee()->load->database();
ee()->db->swap_pre = 'exp_';
ee()->db->db_debug = FALSE;
// Note enable_db_caching is a per site setting specified in EE_Config.php
// If debug is on we enable the profiler and DB debug
if (DEBUG == 1 or ee()->config->item('debug') == 2) {
$this->_enable_debugging();
}
// Assign Site prefs now that the DB is fully loaded
if (ee()->config->item('site_name') != '') {
ee()->config->set_item('site_name', preg_replace('/[^a-z0-9\\-\\_]/i', '', ee()->config->item('site_name')));
}
ee()->config->site_prefs(ee()->config->item('site_name'));
// Load the default caching driver
ee()->load->driver('cache');
// this look backwards, but QUERY_MARKER is only used where we MUST
// have a ?, and do not want to double up
// question marks on sites who are forcing query strings
define('QUERY_MARKER', ee()->config->item('force_query_string') == 'y' ? '' : '?');
// Load the settings of the site you're logged into, however use the
// cookie settings from the site that corresponds to the URL
// e.g. site1.com/system/ viewing site2
// $last_site_id = the site that you're viewing
// config->item('site_id') = the site who's URL is being used
$last_site_id = ee()->input->cookie('cp_last_site_id');
if (REQ == 'CP' && ee()->config->item('multiple_sites_enabled') == 'y') {
$cookie_prefix = ee()->config->item('cookie_prefix');
$cookie_path = ee()->config->item('cookie_path');
$cookie_domain = ee()->config->item('cookie_domain');
$cookie_httponly = ee()->config->item('cookie_httponly');
if ($cookie_prefix) {
$cookie_prefix .= '_';
}
if (!empty($last_site_id) && is_numeric($last_site_id) && $last_site_id != ee()->config->item('site_id')) {
ee()->config->site_prefs('', $last_site_id);
}
ee()->config->cp_cookie_prefix = $cookie_prefix;
ee()->config->cp_cookie_path = $cookie_path;
ee()->config->cp_cookie_domain = $cookie_domain;
ee()->config->cp_cookie_httponly = $cookie_httponly;
}
// This allows CI compatibility
if (ee()->config->item('base_url') == FALSE) {
ee()->config->set_item('base_url', ee()->config->item('site_url'));
}
if (ee()->config->item('index_page') == FALSE) {
ee()->config->set_item('index_page', ee()->config->item('site_index'));
}
if (IS_CORE) {
ee()->config->set_item('enable_template_routes', 'n');
}
// Backwards compatibility for the removed secure forms setting.
// Developers are still checking against this key, so we'll wait some
// time before removing it.
$secure_forms = bool_config_item('disable_csrf_protection') ? 'n' : 'y';
ee()->config->set_item('secure_forms', $secure_forms);
// Set the path to the "themes" folder
if (ee()->config->item('theme_folder_path') !== FALSE && ee()->config->item('theme_folder_path') != '') {
$theme_path = preg_replace("#/+#", "/", ee()->config->item('theme_folder_path') . '/');
} else {
$theme_path = substr(APPPATH, 0, -strlen(SYSDIR . '/expressionengine/')) . 'themes/';
$theme_path = preg_replace("#/+#", "/", $theme_path);
}
// Maybe the site has been moved.
// Let's try some basic autodiscovery if config items are set
// But the directory does not exist.
if (!is_dir($theme_path)) {
if (is_dir(FCPATH . '../themes/')) {
$theme_path = FCPATH . '../themes/';
} elseif (is_dir(FCPATH . 'themes/')) {
$theme_path = FCPATH . 'themes/';
}
}
define('PATH_THEMES', $theme_path);
define('PATH_MBR_THEMES', PATH_THEMES . 'profile_themes/');
define('PATH_CP_GBL_IMG', ee()->config->slash_item('theme_folder_url') . 'cp_global_images/');
unset($theme_path);
// Define Third Party Theme Path and URL
if (ee()->config->item('path_third_themes')) {
define('PATH_THIRD_THEMES', rtrim(realpath(ee()->config->item('path_third_themes')), '/') . '/');
} else {
define('PATH_THIRD_THEMES', PATH_THEMES . 'third_party/');
}
if (ee()->config->item('url_third_themes')) {
define('URL_THIRD_THEMES', rtrim(ee()->config->item('url_third_themes'), '/') . '/');
} else {
define('URL_THIRD_THEMES', ee()->config->slash_item('theme_folder_url') . 'third_party/');
}
// Load the very, very base classes
ee()->load->library('functions');
ee()->load->library('extensions');
// Our design is a little dirty. The asset controllers need
// path_cp_theme. Fix it without loading all the other junk!
if (REQ == 'CP') {
define('PATH_CP_THEME', PATH_THEMES . 'cp_themes/');
// theme path
}
if (extension_loaded('newrelic')) {
ee()->load->library('newrelic');
if (ee()->config->item('use_newrelic') == 'n') {
ee()->newrelic->disable_autorum();
} else {
ee()->newrelic->set_appname();
ee()->newrelic->name_transaction();
}
}
}
/**
* Adds member image directories (avatars, photos, etc...) as upload
* directories
*
* @access private
* @return void
*/
private function _update_upload_directories()
{
$module = ee('Model')->get('Module')->filter('module_name', 'Member')->first();
// Bail if the member module isn't installed
if (empty($module)) {
return TRUE;
}
// Install member upload directories
$site_id = ee()->config->item('site_id');
$member_directories = array();
if (bool_config_item('enable_avatars')) {
$avatar_uploads = ee('Model')->get('UploadDestination')->filter('name', 'Avatars')->first();
if (empty($avatar_uploads)) {
$member_directories['Avatars'] = array('server_path' => ee()->config->item('avatar_path'), 'url' => ee()->config->item('avatar_url'), 'allowed_types' => 'img', 'max_width' => ee()->config->item('avatar_max_width'), 'max_height' => ee()->config->item('avatar_max_height'), 'max_size' => ee()->config->item('avatar_max_kb'));
}
}
if (bool_config_item('enable_photos')) {
$member_photo_uploads = ee('Model')->get('UploadDestination')->filter('name', 'Member Photos')->first();
if (empty($member_photo_uploads)) {
$member_directories['Member Photos'] = array('server_path' => ee()->config->item('photo_path'), 'url' => ee()->config->item('photo_url'), 'allowed_types' => 'img', 'max_width' => ee()->config->item('photo_max_width'), 'max_height' => ee()->config->item('photo_max_height'), 'max_size' => ee()->config->item('photo_max_kb'));
}
}
if (bool_config_item('allow_signatures')) {
$signature_uploads = ee('Model')->get('UploadDestination')->filter('name', 'Signature Attachments')->first();
if (empty($signature_uploads)) {
$member_directories['Signature Attachments'] = array('server_path' => ee()->config->item('sig_img_path'), 'url' => ee()->config->item('sig_img_url'), 'allowed_types' => 'img', 'max_width' => ee()->config->item('sig_img_max_width'), 'max_height' => ee()->config->item('sig_img_max_height'), 'max_size' => ee()->config->item('sig_img_max_kb'));
}
}
if (bool_config_item('prv_msg_enabled') && bool_config_item('prv_msg_allow_attachments')) {
$pm_uploads = ee('Model')->get('UploadDestination')->filter('name', 'PM Attachments')->first();
if (empty($pm_uploads)) {
$member_directories['PM Attachments'] = array('server_path' => ee()->config->item('prv_msg_upload_path'), 'url' => str_replace('avatars', 'pm_attachments', ee()->config->item('avatar_url')), 'allowed_types' => 'img', 'max_size' => ee()->config->item('prv_msg_attach_maxsize'));
}
}
foreach ($member_directories as $name => $dir) {
$directory = ee('Model')->make('UploadDestination');
$directory->site_id = $site_id;
$directory->name = $name;
$directory->removeNoAccess();
$directory->setModule($module);
foreach ($dir as $property => $value) {
$directory->{$property} = $value;
}
$directory->save();
}
return TRUE;
}
/**
* Date Settings
*/
public function index()
{
$field['allowed_channels'] = array();
$all_sites_have_channels = TRUE;
// If MSM is enabled, let them choose a channel for each site, should they
// want to redirect to the publish form on each site
if (bool_config_item('multiple_sites_enabled')) {
$sites = ee('Model')->get('Site')->all();
$field['sites'] = $sites->getDictionary('site_id', 'site_label');
$assigned_channels = $this->member->MemberGroup->AssignedChannels->pluck('channel_id');
foreach ($sites as $site) {
// Get only the channels they're allowed to post in
$field['allowed_channels'][$site->getId()] = $site->Channels->filter(function ($channel) {
return ee()->session->userdata('group_id') == 1 or !empty($assigned_channels) && in_array($channel->getId(), $assigned_channels);
})->getDictionary('channel_id', 'channel_title');
// No channels? Let them know
if (empty($field['allowed_channels'][$site->getId()])) {
$all_sites_have_channels = FALSE;
$field['allowed_channels'][$site->getId()][0] = lang('no_channels');
}
}
} else {
$allowed_channels = ee('Model')->get('Channel')->filter('site_id', ee()->config->item('site_id'));
if (!empty(ee()->session->userdata['assigned_channels'])) {
$allowed_channels->filter('channel_id', 'IN', array_keys(ee()->session->userdata['assigned_channels']));
}
$field['allowed_channels'] = $allowed_channels->all()->getDictionary('channel_id', 'channel_title');
if (empty($field['allowed_channels'])) {
$all_sites_have_channels = FALSE;
$field['allowed_channels'][0] = lang('no_channels');
}
$site_id = ee()->config->item('site_id');
$field['selected_channel'] = isset($this->member->cp_homepage_channel[$site_id]) ? $this->member->cp_homepage_channel[$site_id] : 0;
}
$field['member'] = $this->member;
$field['all_sites_have_channels'] = $all_sites_have_channels;
$vars['sections'] = array(array(array('title' => 'default_cp_homepage', 'desc' => 'default_cp_homepage_myaccount_desc', 'fields' => array('cp_homepage_custom' => array('type' => 'html', 'content' => ee('View')->make('account/cp_homepage_setting')->render($field))))));
$base_url = ee('CP/URL')->make($this->base_url);
if (!empty($_POST)) {
$validator = ee('Validation')->make();
$validator->defineRule('whenTypeIs', function ($key, $value, $parameters, $rule) {
if ($_POST['cp_homepage'] != $parameters[0]) {
$rule->skip();
}
return TRUE;
});
$validator->defineRule('validateHomepageChannel', function () use($all_sites_have_channels) {
if (!$all_sites_have_channels) {
return 'must_have_channels';
}
return TRUE;
});
$validator->setRules(array('cp_homepage' => 'whenTypeIs[publish_form]|validateHomepageChannel', 'cp_homepage_custom' => 'whenTypeIs[custom]|required'));
$result = $validator->validate($_POST);
if (AJAX_REQUEST) {
$field = ee()->input->post('ee_fv_field');
if ($result->hasErrors($field)) {
ee()->output->send_ajax_response(array('error' => $result->renderError($field)));
} else {
ee()->output->send_ajax_response('success');
}
}
if ($result->isValid()) {
// Only set what we need to set to prevent POST fiddling
$this->member->set(array('cp_homepage' => $_POST['cp_homepage'], 'cp_homepage_channel' => $_POST['cp_homepage_channel'], 'cp_homepage_custom' => $_POST['cp_homepage_custom']))->save();
ee('CP/Alert')->makeInline('shared-form')->asSuccess()->withTitle(lang('member_updated'))->addToBody(lang('member_updated_desc'))->defer();
ee()->functions->redirect($base_url);
} else {
$vars['errors'] = $result;
ee('CP/Alert')->makeInline('shared-form')->asIssue()->withTitle(lang('settings_save_error'))->addToBody(lang('settings_save_error_desc'))->now();
}
}
ee()->javascript->output("\n\t\t\t\$(document).ready(function () {\n\n\t\t\t\t\$('input[type=\"radio\"]').click(function(){\n\t\t\t\t\t\$('label.child').toggleClass('chosen', \$(this).val() == 'publish_form');\n\t\t\t\t});\n\t\t\t});\n\t\t");
ee()->view->base_url = $base_url;
ee()->view->ajax_validate = TRUE;
ee()->view->cp_page_title = lang('cp_settings');
ee()->view->save_btn_text = 'btn_save_settings';
ee()->view->save_btn_text_working = 'btn_saving';
ee()->cp->render('settings/form', $vars);
}
/**
* Authenticate
*
* @access private
*/
private function _authenticate(CI_DB_result $member, $password)
{
$always_disallowed = array(4);
if (bool_config_item('allow_pending_login')) {
$always_disallowed = array_diff($always_disallowed, array(4));
}
if ($member->num_rows() !== 1) {
return FALSE;
}
if (in_array($member->row('group_id'), $always_disallowed)) {
return ee()->output->show_user_error('general', lang('mbr_account_not_active'));
}
$m_salt = $member->row('salt');
$m_pass = $member->row('password');
// hash using the algo used for this password
$h_byte_size = strlen($m_pass);
$hashed_pair = $this->hash_password($password, $m_salt, $h_byte_size);
if ($hashed_pair === FALSE or $m_pass !== $hashed_pair['password']) {
return FALSE;
}
// Officially a valid user, but are they as secure as possible?
// ----------------------------------------------------------------
reset($this->hash_algos);
// Not hashed or better algo available?
if (!$m_salt or $h_byte_size != key($this->hash_algos)) {
$m_id = $member->row('member_id');
$this->update_password($m_id, $password);
}
$authed = new Auth_result($member->row());
$member->free_result();
return $authed;
}
/**
* Renders the template revisions table for the Revisions tab
*
* @param TemplateModel $template A Template entity
* @param int $version_id ID of template version to mark as selected
* @return string Table HTML for insertion into Template edit form
*/
protected function renderRevisionsPartial($template, $version_id = FALSE)
{
if (!bool_config_item('save_tmpl_revisions')) {
return FALSE;
}
$table = ee('CP/Table');
$table->setColumns(array('rev_id', 'rev_date', 'rev_author', 'manage' => array('encode' => FALSE)));
$table->setNoResultsText(lang('no_revisions'));
$data = array();
$i = 1;
foreach ($template->Versions as $version) {
$attrs = array();
// Last item should be marked as current
if ($template->Versions->count() == $i) {
$toolbar = '<span class="st-open">' . lang('current') . '</span>';
} else {
$toolbar = ee('View')->make('_shared/toolbar')->render(array('toolbar_items' => array('txt-only' => array('href' => ee('CP/URL', 'design/template/edit/' . $template->getId(), array('version' => $version->getId())), 'title' => lang('view'), 'content' => lang('view')))));
}
// Mark currently-loaded version as selected
if (!$version_id && $template->Versions->count() == $i or $version_id == $version->getId()) {
$attrs = array('class' => 'selected');
}
$data[] = array('attrs' => $attrs, 'columns' => array($i, ee()->localize->human_time($version->item_date), $version->Author->getMemberName(), $toolbar));
$i++;
}
$table->setData($data);
return ee('View')->make('_shared/table')->render($table->viewData(''));
}
/**
* Write the session cookie
*
* @access public
* @return void
*/
function _set_cookie($cookie_data = NULL)
{
if (is_null($cookie_data)) {
$cookie_data = $this->userdata;
}
// Serialize the userdata for the cookie
$cookie_data = $this->_serialize($cookie_data);
if ($this->sess_encrypt_cookie == TRUE) {
$cookie_data = $this->CI->encrypt->encode($cookie_data);
} else {
// if encryption is not used, we provide an md5 hash to prevent userside tampering
$cookie_data = $cookie_data . md5($cookie_data . $this->encryption_key);
}
$expire = $this->sess_expire_on_close === TRUE ? 0 : $this->sess_expiration + time();
$secure_cookie = bool_config_item('cookie_secure') === TRUE ? 1 : 0;
if ($secure_cookie) {
$req = isset($_SERVER['HTTPS']) ? $_SERVER['HTTPS'] : FALSE;
if (!$req or $req == 'off') {
return FALSE;
}
}
// Set the cookie
setcookie($this->sess_cookie_name, $cookie_data, $expire, $this->cookie_path, $this->cookie_domain, $secure_cookie);
}
/**
* Sets constants, sets paths contants to appropriate directories, loads
* the database and generally prepares the system to run.
*/
public function bootstrap()
{
if ($this->bootstrapped) {
return;
}
$this->bootstrapped = TRUE;
// Define the request type
// Note: admin.php defines REQ=CP
if (!defined('REQ')) {
define('REQ', ee()->input->get_post('ACT') !== FALSE ? 'ACTION' : 'PAGE');
}
// Set a liberal script execution time limit, making it shorter for front-end requests than CI's default
if (function_exists("set_time_limit") == TRUE and @ini_get("safe_mode") == 0) {
@set_time_limit(REQ == 'CP' ? 300 : 90);
}
// If someone's trying to access the CP but EE_APPPATH is defined, it likely
// means the installer is still active; redirect to clean path
if (defined('EE_APPPATH') && ee()->uri->segment(1) == 'cp') {
header('Location: ' . SELF);
}
// some path constants to simplify things
define('PATH_ADDONS', SYSPATH . 'ee/EllisLab/Addons/');
define('PATH_MOD', SYSPATH . 'ee/EllisLab/Addons/');
define('PATH_PI', SYSPATH . 'ee/EllisLab/Addons/');
define('PATH_EXT', SYSPATH . 'ee/EllisLab/Addons/');
define('PATH_FT', SYSPATH . 'ee/EllisLab/Addons/');
define('PATH_RTE', APPPATH . 'rte_tools/');
define('PATH_THIRD', SYSPATH . 'user/addons/');
define('PATH_CACHE', SYSPATH . 'user/cache/');
define('PATH_TMPL', SYSPATH . 'user/templates/');
// application constants
define('IS_CORE', TRUE);
define('APP_NAME', 'ExpressionEngine' . (IS_CORE ? ' Core' : ''));
define('APP_BUILD', '20151201');
define('APP_VER', '3.0.5');
define('SLASH', '/');
define('LD', '{');
define('RD', '}');
define('AMP', '&');
define('NBS', ' ');
define('BR', '<br />');
define('NL', "\n");
define('PATH_DICT', APPPATH . 'config/');
define('AJAX_REQUEST', ee()->input->is_ajax_request());
define('PASSWORD_MAX_LENGTH', 72);
ee()->load->helper('language');
ee()->load->helper('string');
// Load the default caching driver
ee()->load->driver('cache');
ee()->load->database();
ee()->db->swap_pre = 'exp_';
ee()->db->db_debug = FALSE;
// boot the addons
ee('App')->setupAddons(SYSPATH . 'ee/EllisLab/Addons/');
ee('App')->setupAddons(PATH_THIRD);
// Set ->api on the legacy facade to the model factory
ee()->set('api', ee()->di->make('Model'));
// If debug is on we enable the profiler and DB debug
if (DEBUG == 1 or ee()->config->item('debug') == 2) {
$this->_enable_debugging();
}
// Assign Site prefs now that the DB is fully loaded
if (ee()->config->item('site_name') != '') {
ee()->config->set_item('site_name', preg_replace('/[^a-z0-9\\-\\_]/i', '', ee()->config->item('site_name')));
}
ee()->config->site_prefs(ee()->config->item('site_name'));
// earliest point we can apply this, makes sure that PHPSESSID cookies
// don't leak to JS by setting the httpOnly flag
$secure = bool_config_item('cookie_secure');
$httpOnly = ee()->config->item('cookie_httponly') ? bool_config_item('cookie_httponly') : TRUE;
session_set_cookie_params(0, ee()->config->item('cookie_path'), ee()->config->item('cookie_domain'), $secure, $httpOnly);
// this look backwards, but QUERY_MARKER is only used where we MUST
// have a ?, and do not want to double up
// question marks on sites who are forcing query strings
define('QUERY_MARKER', ee()->config->item('force_query_string') == 'y' ? '' : '?');
// Load the settings of the site you're logged into, however use the
// cookie settings from the site that corresponds to the URL
// e.g. site1.com/system/ viewing site2
// $last_site_id = the site that you're viewing
// config->item('site_id') = the site who's URL is being used
$last_site_id = ee()->input->cookie('cp_last_site_id');
if (REQ == 'CP' && ee()->config->item('multiple_sites_enabled') == 'y') {
$cookie_prefix = ee()->config->item('cookie_prefix');
$cookie_path = ee()->config->item('cookie_path');
$cookie_domain = ee()->config->item('cookie_domain');
$cookie_httponly = ee()->config->item('cookie_httponly');
if ($cookie_prefix) {
$cookie_prefix .= '_';
}
if (!empty($last_site_id) && is_numeric($last_site_id) && $last_site_id != ee()->config->item('site_id')) {
ee()->config->site_prefs('', $last_site_id);
}
ee()->config->cp_cookie_prefix = $cookie_prefix;
ee()->config->cp_cookie_path = $cookie_path;
ee()->config->cp_cookie_domain = $cookie_domain;
ee()->config->cp_cookie_httponly = $cookie_httponly;
}
// This allows CI compatibility
if (ee()->config->item('base_url') == FALSE) {
ee()->config->set_item('base_url', ee()->config->item('site_url'));
}
if (ee()->config->item('index_page') == FALSE) {
ee()->config->set_item('index_page', ee()->config->item('site_index'));
}
if (IS_CORE) {
ee()->config->set_item('enable_template_routes', 'n');
}
// Backwards compatibility for the removed secure forms setting.
// Developers are still checking against this key, so we'll wait some
// time before removing it.
$secure_forms = bool_config_item('disable_csrf_protection') ? 'n' : 'y';
ee()->config->set_item('secure_forms', $secure_forms);
// Set the path to the "themes" folder
if (ee()->config->item('theme_folder_path') !== FALSE && ee()->config->item('theme_folder_path') != '') {
$theme_path = preg_replace("#/+#", "/", ee()->config->item('theme_folder_path') . '/');
} else {
$theme_path = substr(APPPATH, 0, -strlen(SYSDIR . '/expressionengine/')) . 'themes/';
$theme_path = preg_replace("#/+#", "/", $theme_path);
}
// Maybe the site has been moved.
// Let's try some basic autodiscovery if config items are set
// But the directory does not exist.
if (!is_dir($theme_path)) {
if (is_dir(FCPATH . '../themes/')) {
$theme_path = FCPATH . '../themes/';
} elseif (is_dir(FCPATH . 'themes/')) {
$theme_path = FCPATH . 'themes/';
}
}
$theme_url = ee()->config->slash_item('theme_folder_url');
define('PATH_THEMES', $theme_path . 'ee/');
define('URL_THEMES', $theme_url . 'ee/');
define('PATH_THEMES_GLOBAL_ASSET', PATH_THEMES . 'asset/');
define('URL_THEMES_GLOBAL_ASSET', URL_THEMES . 'asset/');
define('PATH_THIRD_THEMES', $theme_path . 'user/');
define('URL_THIRD_THEMES', $theme_url . 'user/');
define('PATH_MBR_THEMES', PATH_THEMES . 'member/');
define('PATH_CP_GBL_IMG', URL_THEMES_GLOBAL_ASSET . 'img/');
unset($theme_path);
// Load the very, very base classes
ee()->load->library('functions');
ee()->load->library('extensions');
if (extension_loaded('newrelic')) {
ee()->load->library('newrelic');
if (ee()->config->item('use_newrelic') == 'n') {
ee()->newrelic->disable_autorum();
} else {
ee()->newrelic->set_appname();
ee()->newrelic->name_transaction();
}
}
}
/**
* Saves a new template revision and rotates revisions based on 'max_tmpl_revisions' config item
*
* @param Template $template Saved template model object
*/
protected function saveNewTemplateRevision($template)
{
if (!bool_config_item('save_tmpl_revisions')) {
return;
}
// Create the new version
$version = ee('Model')->make('RevisionTracker');
$version->Template = $template;
$version->item_table = 'exp_templates';
$version->item_field = 'template_data';
$version->item_data = $template->template_data;
$version->item_date = ee()->localize->now;
$version->Author = $template->LastAuthor;
$version->save();
// Now, rotate template revisions based on 'max_tmpl_revisions' config item
$versions = ee('Model')->get('RevisionTracker')->filter('item_id', $template->getId())->filter('item_field', 'template_data')->order('item_date', 'desc')->limit(ee()->config->item('max_tmpl_revisions'))->all();
// Reassign versions and delete the leftovers
$template->Versions = $versions;
$template->save();
}
— <i><?php
echo lang('choose_channels_per_site');
?>
</i>
<?php
} else {
?>
<?php
echo form_dropdown('cp_homepage_channel[' . ee()->config->item('site_id') . ']', $allowed_channels, $selected_channel);
?>
<?php
}
?>
</label>
<?php
if (bool_config_item('multiple_sites_enabled')) {
?>
<?php
foreach ($allowed_channels as $site_id => $channels) {
?>
<label class="choice block child<?php
if ($member->cp_homepage == 'publish_form') {
?>
chosen<?php
}
?>
">
<?php
echo $sites[$site_id];
?>
—
/**
* Setup Session Cookie Timeout
*
* @return int Cookie timeout in seconds
*/
protected function _setup_cookie_ttl()
{
if (bool_config_item('expire_session_on_browser_close')) {
return 0;
}
return $this->session_length;
}
/**
* Set a Cookie
*
* Protected method called from EE_Input::set_cookie() and
* EE_Input::delete_cookie(). Handles the common config file logic, calls
* the set_cookie_end hook and sets the cookie.
*
* Must recieve name, value, and expire in the parameter array or
* will throw an exception.
*
* @param mixed[] The array of data containing name, value, expire and
* httponly. Must contain those parameters.
* @return bool If output exists prior to calling this method it will
* fail with FALSE, otherwise it will return TRUE.
* This does not indicate whether the user accepts the
* cookie.
*/
protected function _set_cookie(array $data)
{
// Always assume we'll forget and catch ourselves. The earlier you catch this sort of screw up the better.
if (!isset($data['name']) || !isset($data['value']) || !isset($data['expire'])) {
throw new RuntimeException('EE_Input::_set_cookie() is missing key data.');
}
// Set prefix, path and domain. We'll pull em out of config.
if (REQ == 'CP' && ee()->config->item('multiple_sites_enabled') == 'y') {
$data['prefix'] = !ee()->config->cp_cookie_prefix ? 'exp_' : ee()->config->cp_cookie_prefix;
$data['path'] = !ee()->config->cp_cookie_path ? '/' : ee()->config->cp_cookie_path;
$data['domain'] = !ee()->config->cp_cookie_domain ? '' : ee()->config->cp_cookie_domain;
$data['httponly'] = !ee()->config->cp_cookie_httponly ? 'y' : ee()->config->cp_cookie_httponly;
} else {
$data['prefix'] = !ee()->config->item('cookie_prefix') ? 'exp_' : ee()->config->item('cookie_prefix') . '_';
$data['path'] = !ee()->config->item('cookie_path') ? '/' : ee()->config->item('cookie_path');
$data['domain'] = !ee()->config->item('cookie_domain') ? '' : ee()->config->item('cookie_domain');
$data['httponly'] = !ee()->config->item('cookie_httponly') ? 'y' : ee()->config->item('cookie_httponly');
}
// Turn httponly into a true boolean.
$data['httponly'] = $data['httponly'] == 'y' ? TRUE : FALSE;
// Deal with secure cookies.
$data['secure_cookie'] = bool_config_item('cookie_secure') === TRUE ? 1 : 0;
if ($data['secure_cookie']) {
$req = isset($_SERVER['HTTPS']) ? $_SERVER['HTTPS'] : FALSE;
if (!$req or $req == 'off') {
return FALSE;
}
}
/* -------------------------------------------
/* 'set_cookie_end' hook.
/* - Take control of Cookie setting routine
/* - Added EE 2.5.0
*/
ee()->extensions->call('set_cookie_end', $data);
if (ee()->extensions->end_script === TRUE) {
return;
}
/*
/* -------------------------------------------*/
return setcookie($data['prefix'] . $data['name'], $data['value'], $data['expire'], $data['path'], $data['domain'], $data['secure_cookie'], $data['httponly']);
}
/**
* Check the csrf token for this request
*
* @return bool True/False for a valid or invalid token, respectively
*/
public function check()
{
// If secure forms is off we don't need to check
if (bool_config_item('disable_csrf_protection')) {
return TRUE;
}
// Exempt safe html methods (@see RFC2616)
$safe = array('GET', 'HEAD', 'OPTIONS', 'TRACE');
if (in_array(ee()->input->server('REQUEST_METHOD'), $safe)) {
return TRUE;
}
// Fetch data, these methods enforce token time limits
$this->fetch_session_token();
$this->fetch_request_token();
// Main check
if ($this->request_token === $this->session_token) {
return TRUE;
}
return FALSE;
}
/**
* Create a custom URL
*
* The input to this function is parsed and added to the
* full site URL to create a full URL/URI
*
* @access public
* @param string
* @param bool
* @return string
*/
public function create_url($segment, $sess_id = TRUE)
{
// Since this function can be used via a callback
// we'll fetch the segment if it's an array
if (is_array($segment)) {
$segment = $segment[1];
}
if (isset($this->cached_url[$segment])) {
return $this->cached_url[$segment];
}
$full_segment = $segment;
$segment = str_replace(array("'", '"'), '', $segment);
$segment = preg_replace("/(.+?(\\/))index(\\/)(.*?)/", "\\1\\2", $segment);
$segment = preg_replace("/(.+?(\\/))index\$/", "\\1", $segment);
// These are exceptions to the normal path rules
if ($segment == '' or strtolower($segment) == 'site_index') {
return $this->fetch_site_index();
}
if (strtolower($segment) == 'logout') {
$qs = ee()->config->item('force_query_string') == 'y' ? '' : '?';
$xid = bool_config_item('disable_csrf_protection') ? '' : AMP . 'csrf_token=' . CSRF_TOKEN;
return $this->fetch_site_index(0, 0) . $qs . 'ACT=' . $this->fetch_action_id('Member', 'member_logout') . $xid;
}
// END Specials
$base = $this->fetch_site_index(0, $sess_id) . '/' . trim_slashes($segment);
$out = reduce_double_slashes($base);
$this->cached_url[$full_segment] = $out;
return $out;
}
/**
* Returns a boolean indicating if a CAPTCHA should be displayed or not
* according to the site's CAPTCHA settings
*
* @return boolean
*/
public function shouldRequireCaptcha()
{
return bool_config_item('require_captcha') && !(!bool_config_item('captcha_require_members') && ee()->session->userdata('member_id') != 0);
}