/** * handle user request */ function handle() { if (!isset($_REQUEST['cmd'])) { return; } // first time - nothing to do $msg = ""; if (!checkSecurityToken()) { return; } if (!is_array($_REQUEST['cmd'])) { return; } $epub_deletions = array(); $which = key($_REQUEST['cmd']); foreach ($_REQUEST['book_id'] as $md5 => $id) { if ($which == 'media') { $epub_deletions[] = $this->helper->delete_media($md5); } $this->helper->delete_page($md5); } if (is_array($_REQUEST['book_id'])) { $this->cache = $this->helper->getCache(); } if (count($epub_deletions)) { $this->results = "<b>Results</b><br />"; $this->results .= implode('<br />', $epub_deletions); } /* if debugging */ if ($this->dbg) { $this->req = print_r($_REQUEST, true) . $msg . "which={$which}\n"; $this->req .= print_r($epub_deletions, true); $this->req = str_replace("\n", "<br />", $this->req); } }
/** * handle user request */ function handle() { if (!isset($_REQUEST['cmd'])) { return; // first time - nothing to do } if (!checkSecurityToken()) { return; } if (!is_array($_REQUEST['cmd'])) { return; } $crud = plugin_load('helper', 'judge_crud', true); // verify valid values switch (key($_REQUEST['cmd'])) { case 'get': $this->output = '<div class="table sectionedit1"> <table class="inline">'; $table = $crud->tableRender(array('problem_name' => $_REQUEST['problem_name'], 'type' => $_REQUEST['type'], 'user' => $_REQUEST['user']), "html", 1, "timestamp"); if ($table["count"] == 0) { $this->output .= '<p>' . $this->getLang("empty_result") . '</p>'; break; } else { $this->output .= $table["submissions_table"]; } $this->output .= "</table></div>"; break; case 'delete': $this->output = $crud->delSubmissions(array('problem_name' => $_REQUEST['problem_name'], 'type' => $_REQUEST['type'], 'user' => $_REQUEST['user'])); break; } }
/** * Register the events * * @param $event DOKU event on ajax call * @param $param parameters, ignored */ function _ajax_call(&$event, $param) { if ($event->data !== 'plugin_explorertree') { return; } //no other ajax call handlers needed $event->stopPropagation(); $event->preventDefault(); //e.g. access additional request variables global $INPUT; //available since release 2012-10-13 "Adora Belle" if (!checkSecurityToken()) { $data = array('error' => true, 'msg' => 'invalid security token!'); } else { switch ($INPUT->str('operation')) { case 'explorertree_branch': if (!($helper = plugin_load('helper', 'explorertree'))) { $data = array('error' => true, 'msg' => "Can't load tree helper."); break; } if (!($route = $helper->loadRoute($INPUT->str('route'), $INPUT->arr('loader')))) { $data = array('error' => true, 'msg' => "Can't load route '" . $INPUT->str('route') . "'!"); } $data = array('html' => $helper->htmlExplorer($INPUT->str('route'), ltrim(':' . $INPUT->str('itemid')), ':')); if (!$data['html']) { $data['error'] = true; $data['msg'] = "Can't load tree html."; } break; case 'callback': if (!($helper = plugin_load('helper', 'explorertree'))) { $data = array('error' => true, 'msg' => "Can't load tree helper."); break; } $route = $helper->loadRoute($INPUT->str('route'), $INPUT->arr('loader')); if (!$route || !is_callable(@$route['callbacks'][$INPUT->str(event)])) { $data = array('error' => true, 'msg' => "Can't load callback '" . $INPUT->str('event') . "'for '" . $INPUT->str('route') . "'!"); } $data = @call_user_func_array($route['callbacks'][$INPUT->str(event)], array($INPUT->str('itemid'))); if (!is_array($data)) { $data = array('error' => true, 'msg' => "Callback for '" . $INPUT->str('event') . "' does not exists!"); } break; default: $data = array('error' => true, 'msg' => 'Unknown operation: ' . $INPUT->str('operation')); break; } //data //json library of DokuWiki } if (is_array($data)) { $data['token'] = getSecurityToken(); } require_once DOKU_INC . 'inc/JSON.php'; $json = new JSON(); //set content type header('Content-Type: application/json'); echo $json->encode($data); // $this->get_helper()->check_meta_changes(); }
function handle() { if (!is_array($_REQUEST['d']) || !checkSecurityToken()) { return; } $sqlite = $this->dthlp->_getDB(); if (!$sqlite) { return false; } $sqlite->query("BEGIN TRANSACTION"); if (!$sqlite->query("DELETE FROM aliases")) { $sqlite->query('ROLLBACK TRANSACTION'); return; } foreach ($_REQUEST['d'] as $row) { $row = array_map('trim', $row); $row['name'] = utf8_strtolower($row['name']); $row['name'] = rtrim($row['name'], 's'); if (!$row['name']) { continue; } // Clean enum $arr = preg_split('/\\s*,\\s*/', $row['enum']); $arr = array_unique($arr); asort($arr); $row['enum'] = implode(', ', $arr); if (!$sqlite->query("INSERT INTO aliases (name, type, prefix, postfix, enum)\n VALUES (?,?,?,?,?)", $row)) { $sqlite->query('ROLLBACK TRANSACTION'); return; } } $sqlite->query("COMMIT TRANSACTION"); }
public function handle() { if (isset($_REQUEST['add'])) { if (!checkSecurityToken()) { return; } $conf = $this->loadCBData(); if (!$conf) { $conf = array(); } $type = 0; if ($_REQUEST["pretag"] != "" && $_REQUEST["posttag"] != "") { $type = 1; } array_push($conf, array("label" => $_REQUEST["label"], "code" => $_REQUEST["code"], "type" => $type, "pretag" => $_REQUEST["pretag"], "posttag" => $_REQUEST["posttag"], "icon" => $_REQUEST["icon"])); $this->saveCBData($conf); $this->reloadBar(); } elseif (isset($_REQUEST['delete'])) { if (!checkSecurityToken()) { return; } $conf = $this->loadCBData(); unset($conf[$_REQUEST["delete"]]); $this->saveCBData($conf); $this->reloadBar(); } }
/** * handle user request */ function handle() { $this->macros_file = MACROS_FILE; if (!isset($_REQUEST['cmd'])) { return; } // first time - nothing to do $this->output = ''; if (!checkSecurityToken()) { return; } if (!is_array($_REQUEST['cmd'])) { return; } $action = ""; // verify valid values switch (key($_REQUEST['cmd'])) { case 'add': $action = 'add'; $a = $this->add(); break; case 'delete': $a = $this->del(); break; case 'edit': $a = $this->edit(); break; } // $this->output = print_r($a,true); // $this->output .= print_r($_REQUEST,true); }
/** * handle user request * * Initializes internal vars and handles modifications * * @author Andreas Gohr <*****@*****.**> */ function handle() { global $AUTH_ACL; global $ID; global $auth; // fresh 1:1 copy without replacements $AUTH_ACL = loadModlist(); // namespace given? if (empty($_REQUEST['ns']) || $_REQUEST['ns'] == '*') { $this->ns = '*'; } else { $this->ns = cleanID($_REQUEST['ns']); } // handle modifications if (isset($_REQUEST['cmd']) && checkSecurityToken()) { // scope for modifications if ($this->ns == '*') { $scope = '*'; } else { $scope = $this->ns . ':*'; } if (isset($_REQUEST['cmd']['save']) && $scope && isset($_REQUEST['modgroup'])) { // handle additions or single modifications $this->_acl_del($scope); $this->_acl_add($scope, trim($_REQUEST['modgroup'])); } elseif (isset($_REQUEST['cmd']['del']) && $scope) { // handle single deletions $this->_acl_del($scope); } elseif (isset($_REQUEST['cmd']['update'])) { // handle update of the whole file foreach ((array) $_REQUEST['del'] as $where) { // remove all rules marked for deletion unset($_REQUEST['acl'][$where]); } // prepare lines $lines = array(); // keep header foreach ($AUTH_ACL as $line) { if ($line[0] == '#') { $lines[] = $line; } else { break; } } foreach ((array) $_REQUEST['acl'] as $where => $who) { $who = $auth->cleanGroup($who); $who = auth_nameencode($who, true); $lines[] = "{$where}\t{$who}\n"; } // save it io_saveFile(DOKUTRANSLATE_MODLIST, join('', $lines)); } // reload ACL config $AUTH_ACL = loadModlist(); } // initialize ACL array $this->_init_acl_config(); }
function render($mode, &$renderer, $data) { if ($mode != 'xhtml') { return false; } if (isset($_POST['vote']) && checkSecurityToken()) { $this->_handlepost($data); } $this->_html($renderer, $data); }
/** * * @param array $form * @throws Exception * @return unknown */ public function doAction($form) { if (!checkSecurityToken($form['sectok'])) { throw new Exception('bad security token. Refresh your page'); } if (!auth_isadmin()) { throw new Exception('you must have AUTH_ADMIN permissions to perform backups'); } return Backup::createBackupFile($form['dirs'], isset($form['verbose']) ? true : false, $form['archive_format']); }
/** * output appropriate html */ function html() { echo $this->plugin_locale_xhtml('intro'); $this->_searchform(); if (is_array($_REQUEST['revert']) && checkSecurityToken()) { $this->_revert($_REQUEST['revert'], $_REQUEST['filter']); } elseif (isset($_REQUEST['filter'])) { $this->_list($_REQUEST['filter']); } }
/** * Should carry out any processing required by the plugin. */ public function handle() { global $INPUT; global $ID; global $config_cascade; $config_file_path = end($config_cascade['main']['local']); // form submit $table = Schema::cleanTableName($INPUT->str('table')); if ($table && $INPUT->bool('save') && checkSecurityToken()) { $builder = new SchemaBuilder($table, $INPUT->arr('schema')); if (!$builder->build()) { msg('something went wrong while saving', -1); } touch($config_file_path); } // export if ($table && $INPUT->bool('export')) { $builder = new Schema($table); header('Content-Type: application/json'); header("Content-Disposition: attachment; filename={$table}.struct.json"); echo $builder->toJSON(); exit; } // import if ($table && $INPUT->bool('import')) { if (isset($_FILES['schemafile']['tmp_name'])) { $json = io_readFile($_FILES['schemafile']['tmp_name'], false); if (!$json) { msg('Something went wrong with the upload', -1); } else { $builder = new SchemaImporter($table, $json, $INPUT->bool('lookup')); if (!$builder->build()) { msg('something went wrong while saving', -1); } touch($config_file_path); } } } // delete if ($table && $INPUT->bool('delete')) { if ($table != $INPUT->str('confirm')) { msg($this->getLang('del_fail'), -1); } else { try { $schema = new Schema($table); $schema->delete(); msg($this->getLang('del_ok'), 1); touch($config_file_path); send_redirect(wl($ID, array('do' => 'admin', 'page' => 'struct_schemas'), true, '&')); } catch (StructException $e) { msg(hsc($e->getMessage()), -1); } } } }
/** * handle user request */ function handle() { if (!isset($_REQUEST['cmd'])) { return; } // first time - nothing to do $this->output = ''; if (!checkSecurityToken()) { return; } if (!is_array($_REQUEST['cmd'])) { return; } // verify valid values switch (key($_REQUEST['cmd'])) { case 'prune': $this->prune(); break; case 'confirm': $this->confirm(); break; case 'restore': $this->is_prev_deleted = array(); $this->prev_deleted = ""; if (isset($_REQUEST[subfeed_dir])) { $this->helper->setSubFeed($_REQUEST['subfeed_dir']); $this->pagedata = $this->helper->_readFile($this->helper->getMetaFN('pagedata', '.ser'), true); } // $this->output=$_REQUEST; return; case 'generate': $this->output = $this->generate($_REQUEST['subfeeds']); return; case 'subfeed': $this->subfeed_selected = $_REQUEST['subfeed_inx']; if ($this->subfeed_selected > 0) { $this->subfeed_name = $_REQUEST['subfeeds']; } break; } $deleted = array(); if (isset($_REQUEST['delete']) && $_REQUEST['delete']) { $deletes = $_REQUEST['delete']; $deleted = array_keys($deletes); } if ($_REQUEST['prev_del']) { $prev_deleted = $_REQUEST['prev_del']; $prev_deleted = explode(',', $prev_deleted); $prev_deleted = array_merge($prev_deleted, $deleted); $prev_deleted = array_unique($prev_deleted); $this->prev_deleted = implode(",", $prev_deleted); $this->is_prev_deleted = $prev_deleted; } // $this->output=$_REQUEST; }
/** handle user request */ function handle() { $this->formAction = ''; if (!is_array($_REQUEST['formAction'])) { return; } if (!checkSecurityToken()) { return; } $this->formAction = key($_REQUEST['formAction']); }
/** * output appropriate html */ function html() { global $INPUT; echo $this->locale_xhtml('intro'); $this->_searchform(); if (is_array($INPUT->param('revert')) && checkSecurityToken()) { $this->_revert($INPUT->arr('revert'), $INPUT->str('filter')); } elseif ($INPUT->has('filter')) { $this->_list($INPUT->str('filter')); } }
/** * Carry out required processing */ public function handle() { if (!is_array($_REQUEST['up']) || !checkSecurityToken()) { return; } $userdata = $_REQUEST['up']['user']; // First save the user so it can be created if it doesn't already exist (bullshit, user has to be existing) //if(!$this->hlp->saveUser($userdata['user'], $userdata['name'], $userdata['email'])) return; // Then save the profile fields foreach ($_REQUEST['up']['data'] as $field => $value) { $this->hlp->saveField($userdata['user'], $field, $value); } }
/** * handle user request */ function handle() { if (!isset($_REQUEST['cmd'])) { return; } // first time - nothing to do $this->output = ''; if (!checkSecurityToken()) { return; } if (!is_array($_REQUEST['cmd'])) { return; } // verify valid values switch (key($_REQUEST['cmd'])) { case 'prune': $this->prune(); break; case 'confirm': $this->confirm(); break; case 'restore': $this->is_prev_deleted = array(); $this->prev_deleted = ""; return; case 'generate': $this->output = $this->generate(); return; } $deleted = array(); if (isset($_REQUEST['delete']) && $_REQUEST['delete']) { $deletes = $_REQUEST['delete']; $deleted = array_keys($deletes); } if ($_REQUEST['prev_del']) { $prev_deleted = $_REQUEST['prev_del']; $prev_deleted = explode(',', $prev_deleted); $prev_deleted = array_merge($prev_deleted, $deleted); $prev_deleted = array_unique($prev_deleted); $this->prev_deleted = implode(",", $prev_deleted); $this->is_prev_deleted = $prev_deleted; } // $this->output=$this->pagedata; }
/** * Carry out required processing */ public function handle() { if (!is_array($_REQUEST['up']) || !checkSecurityToken()) { return; } $sqlite = $this->hlp->_getDB(); if (!$sqlite) { return; } $sqlite->query("BEGIN TRANSACTION"); foreach ($_REQUEST['up'] as $row) { $row = array_map('trim', $row); $row['name'] = utf8_strtolower($row['name']); $row['name'] = rtrim($row['name'], 's'); if (!$row['name']) { continue; } // Clean default $arr = preg_split('/\\s*\\|\\s*/', $row['defaultval']); $arr = array_unique($arr); $row['defaultval'] = implode(' | ', $arr); if ($row['fid']) { // Check if field should be deleted if (empty($row['name'])) { // delete all fieldvals for the current field if (!$sqlite->query("DELETE FROM fieldvals WHERE [fid] = ?", $row['fid'])) { $sqlite->query("ROLLBACK TRANSACTION"); return false; } // delete the field $res = $sqlite->query("DELETE FROM fields WHERE [fid] = ?", $row['fid']); } else { $res = $sqlite->query("UPDATE fields SET [name] = ?, [title] = ?, [defaultval] = ? WHERE [fid] = ?", array($row['name'], $row['title'], $row['defaultval'], $row['fid'])); } } else { $res = $sqlite->query("INSERT INTO fields ([name], [title], [defaultval]) VALUES (?,?,?)", array($row['name'], $row['title'], $row['defaultval'])); } if (!$res) { $sqlite->query('ROLLBACK TRANSACTION'); return; } } $sqlite->query("COMMIT TRANSACTION"); }
/** * handle user request */ function handle() { global $ID, $INPUT; if (!$this->_restore_session()) { return $this->_close_session(); } if ($INPUT->int('save') != 1) { return $this->_close_session(); } if (!checkSecurityToken()) { return $this->_close_session(); } if (is_null($this->_config)) { $this->_config = new configuration($this->_file); } // don't go any further if the configuration is locked if ($this->_config->_locked) { return $this->_close_session(); } $this->_input = $INPUT->arr('config'); while (list($key) = each($this->_config->setting)) { $input = isset($this->_input[$key]) ? $this->_input[$key] : null; if ($this->_config->setting[$key]->update($input)) { $this->_changed = true; } if ($this->_config->setting[$key]->error()) { $this->_error = true; } } if ($this->_changed && !$this->_error) { $this->_config->save_settings($this->getPluginName()); // save state & force a page reload to get the new settings to take effect $_SESSION['PLUGIN_CONFIG'] = array('state' => 'updated', 'time' => time()); $this->_close_session(); send_redirect(wl($ID, array('do' => 'admin', 'page' => 'config'), true, '&')); exit; } elseif (!$this->_error) { $this->_config->touch_settings(); // just touch to refresh cache } $this->_close_session(); }
public function handle_action_act_preprocess(Doku_Event &$event, $param) { global $ID, $INFO, $REV, $RANGE, $TEXT, $PRE, $SUF; // check if the action was given as array key if (is_array($event->data)) { list($act) = array_keys($event->data); } else { $act = $event->data; } if ($act == 'save' && $_REQUEST['saveandedit'] && actionOK($act)) { if (act_permcheck($act) == 'save' && checkSecurityToken()) { $event->data = act_save($act); if ($event->data == 'show') { $event->data = 'edit'; $REV = ''; // now we are working on the current revision // Handle section edits if ($PRE || $SUF) { // $from and $to are 1-based indexes of the actually edited content $from = strlen($PRE) + 1; $to = $from + strlen($TEXT); $RANGE = $from . '-' . $to; } // Ensure the current text is loaded again from the file unset($GLOBALS['TEXT'], $GLOBALS['PRE'], $GLOBALS['SUF']); // Reset the date of the last modification to avoid conflict messages unset($GLOBALS['DATE']); // Reset the change check unset($_REQUEST['changecheck']); // Force rendering of the metadata in order to ensure metadata is correct p_set_metadata($ID, array(), true); $INFO = pageinfo(); // reset pageinfo to new data (e.g. if the page exists) } elseif ($event->data == 'conflict') { // DokuWiki won't accept 'conflict' as action here. // Just execute save again, the conflict will be detected again $event->data = 'save'; } } } }
function handle() { if (!isset($_REQUEST['data_go']) || !checkSecurityToken()) { return; } $sqlite = $this->dthlp->_getDB(); if (!$sqlite) { return false; } $res = $sqlite->query("SELECT pid, page FROM pages"); $rows = $sqlite->res2arr($res); $count = 0; foreach ($rows as $row) { if (!page_exists($row['page'])) { $sqlite->query('DELETE FROM data WHERE pid = ?', $row['pid']); $sqlite->query('DELETE FROM pages WHERE pid = ?', $row['pid']); $count++; } } msg(sprintf($this->getLang('pages_del'), $count), 1); }
/** * AJAX call handler for ACL plugin * * @param Doku_Event $event event object by reference * @param mixed $param empty * @return void */ public function handle_ajax_call_acl(Doku_Event &$event, $param) { if ($event->data !== 'plugin_acl') { return; } $event->stopPropagation(); $event->preventDefault(); global $ID; global $INPUT; if (!auth_isadmin()) { echo 'for admins only'; return; } if (!checkSecurityToken()) { echo 'CRSF Attack'; return; } $ID = getID(); /** @var $acl admin_plugin_acl */ $acl = plugin_load('admin', 'acl'); $acl->handle(); $ajax = $INPUT->str('ajax'); header('Content-Type: text/html; charset=utf-8'); if ($ajax == 'info') { $acl->_html_info(); } elseif ($ajax == 'tree') { $ns = $INPUT->str('ns'); if ($ns == '*') { $ns = ''; } $ns = cleanID($ns); $lvl = count(explode(':', $ns)); $ns = utf8_encodeFN(str_replace(':', '/', $ns)); $data = $acl->_get_tree($ns, $ns); foreach (array_keys($data) as $item) { $data[$item]['level'] = $lvl + 1; } echo html_buildlist($data, 'acl', array($acl, '_html_list_acl'), array($acl, '_html_li_acl')); } }
function handle() { if (!is_array($_REQUEST['d']) || !checkSecurityToken()) { return; } $sqlite = $this->dthlp->_getDB(); if (!$sqlite) { return false; } $sqlite->query("BEGIN TRANSACTION"); $sqlite->query("DELETE FROM aliases"); foreach ($_REQUEST['d'] as $row) { $row = array_map('trim', $row); $row['name'] = utf8_strtolower($row['name']); $row['name'] = rtrim($row['name'], 's'); if (!$row['name']) { continue; } $sqlite->query("INSERT INTO aliases (name, type, prefix, postfix, enum)\n VALUES (?,?,?,?,?)", $row); } $sqlite->query("COMMIT TRANSACTION"); }
/** * handle user request */ function handle() { global $ID; if (!$this->_restore_session()) { return $this->_close_session(); } if (!isset($_REQUEST['save']) || $_REQUEST['save'] != 1) { return $this->_close_session(); } if (!checkSecurityToken()) { return $this->_close_session(); } if (is_null($this->_config)) { $this->_config = new configuration($this->_file); } // don't go any further if the configuration is locked if ($this->_config->_locked) { return $this->_close_session(); } $this->_input = $_REQUEST['config']; while (list($key) = each($this->_config->setting)) { $input = isset($this->_input[$key]) ? $this->_input[$key] : NULL; if ($this->_config->setting[$key]->update($input)) { $this->_changed = true; } if ($this->_config->setting[$key]->error()) { $this->_error = true; } } if ($this->_changed && !$this->_error) { $this->_config->save_settings($this->getPluginName()); // save state & force a page reload to get the new settings to take effect $_SESSION['PLUGIN_CONFIG'] = array('state' => 'updated', 'time' => time()); $this->_close_session(); header("Location: " . wl($ID, array('do' => 'admin', 'page' => 'config'), true, '&')); exit; } $this->_close_session(); }
/** * handle user request */ function handle() { if (!isset($_REQUEST['cmd'])) { return; } // first time - nothing to do $this->output = 'invalid'; if (!checkSecurityToken()) { return; } if (!is_array($_REQUEST['cmd'])) { return; } // verify valid values switch (key($_REQUEST['cmd'])) { case 'confirm': $this->prune_datafile($_REQUEST['del']); break; case 'secure': $this->secure_datafile(); break; } // msg('<pre>' . print_r($_REQUEST['del'],true) . '</pre>'); }
/** * Should carry out any processing required by the plugin. */ public function handle() { global $INPUT; global $ID; $assignments = new Assignments(); if ($INPUT->str('action') && $INPUT->arr('assignment') && checkSecurityToken()) { $assignment = $INPUT->arr('assignment'); if (!blank($assignment['assign']) && !blank($assignment['tbl'])) { if ($INPUT->str('action') === 'delete') { $ok = $assignments->removePattern($assignment['assign'], $assignment['tbl']); if (!$ok) { msg('failed to remove pattern', -1); } } else { if ($INPUT->str('action') === 'add') { if ($assignment['assign'][0] == '/') { if (@preg_match($assignment['assign'], null) === false) { msg('Invalid regular expression. Pattern not saved', -1); } else { $ok = $assignments->addPattern($assignment['assign'], $assignment['tbl']); if (!$ok) { msg('failed to add pattern', -1); } } } else { $ok = $assignments->addPattern($assignment['assign'], $assignment['tbl']); if (!$ok) { msg('failed to add pattern', -1); } } } } } send_redirect(wl($ID, array('do' => 'admin', 'page' => 'struct_assignments'), true, '&')); } }
/** * handle user request */ function handle() { global $INPUT; // enable direct access to language strings $this->setupLocale(); $fn = $INPUT->param('fn'); if (is_array($fn)) { $this->cmd = key($fn); $this->plugin = is_array($fn[$this->cmd]) ? key($fn[$this->cmd]) : null; } else { $this->cmd = $fn; $this->plugin = null; } $this->_get_plugin_list(); // verify $_REQUEST vars if (in_array($this->cmd, $this->commands)) { $this->plugin = ''; } else { if (!in_array($this->cmd, $this->functions) || !in_array($this->plugin, $this->plugin_list)) { $this->cmd = 'manage'; $this->plugin = ''; } } if (($this->cmd != 'manage' || $this->plugin != '') && !checkSecurityToken()) { $this->cmd = 'manage'; $this->plugin = ''; } // create object to handle the command $class = "ap_" . $this->cmd; @(require_once DOKU_PLUGIN . "/plugin/classes/{$class}.class.php"); if (!class_exists($class)) { $class = 'ap_manage'; } $this->handler = new $class($this, $this->plugin); $this->msg = $this->handler->process(); }
/** * Modify user (modified user data has been recieved) */ function _modifyUser() { global $conf; if (!checkSecurityToken()) { return false; } if (!$this->_auth->canDo('UserMod')) { return false; } // get currently valid user data $olduser = cleanID(preg_replace('/.*:/', '', $_REQUEST['userid_old'])); $oldinfo = $this->_auth->getUserData($olduser); // get new user data subject to change list($newuser, $newpass, $newname, $newmail, $newgrps) = $this->_retrieveUser(); if (empty($newuser)) { return false; } $changes = array(); if ($newuser != $olduser) { if (!$this->_auth->canDo('modLogin')) { // sanity check, shouldn't be possible msg($this->lang['update_fail'], -1); return false; } // check if $newuser already exists if ($this->_auth->getUserData($newuser)) { msg(sprintf($this->lang['update_exists'], $newuser), -1); $re_edit = true; } else { $changes['user'] = $newuser; } } // generate password if left empty and notification is on if (!empty($_REQUEST['usernotify']) && empty($newpass)) { $newpass = auth_pwgen(); } if (!empty($newpass) && $this->_auth->canDo('modPass')) { $changes['pass'] = $newpass; } if (!empty($newname) && $this->_auth->canDo('modName') && $newname != $oldinfo['name']) { $changes['name'] = $newname; } if (!empty($newmail) && $this->_auth->canDo('modMail') && $newmail != $oldinfo['mail']) { $changes['mail'] = $newmail; } if (!empty($newgrps) && $this->_auth->canDo('modGroups') && $newgrps != $oldinfo['grps']) { $changes['grps'] = $newgrps; } if ($ok = $this->_auth->triggerUserMod('modify', array($olduser, $changes))) { msg($this->lang['update_ok'], 1); if (!empty($_REQUEST['usernotify']) && $newpass) { $notify = empty($changes['user']) ? $olduser : $newuser; $this->_notifyUser($notify, $newpass); } // invalidate all sessions io_saveFile($conf['cachedir'] . '/sessionpurge', time()); } else { msg($this->lang['update_fail'], -1); } if (!empty($re_edit)) { $this->_editUser($olduser); } return $ok; }
/** * Update user profile * * @author Christopher Smith <*****@*****.**> */ function updateprofile() { global $conf; global $lang; /* @var auth_basic $auth */ global $auth; /* @var Input $INPUT */ global $INPUT; if (!$INPUT->post->bool('save')) { return false; } if (!checkSecurityToken()) { return false; } if (!actionOK('profile')) { msg($lang['profna'], -1); return false; } $changes = array(); $changes['pass'] = $INPUT->post->str('newpass'); $changes['name'] = $INPUT->post->str('fullname'); $changes['mail'] = $INPUT->post->str('email'); // check misspelled passwords if ($changes['pass'] != $INPUT->post->str('passchk')) { msg($lang['regbadpass'], -1); return false; } // clean fullname and email $changes['name'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $changes['name'])); $changes['mail'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $changes['mail'])); // no empty name and email (except the backend doesn't support them) if (empty($changes['name']) && $auth->canDo('modName') || empty($changes['mail']) && $auth->canDo('modMail')) { msg($lang['profnoempty'], -1); return false; } if (!mail_isvalid($changes['mail']) && $auth->canDo('modMail')) { msg($lang['regbadmail'], -1); return false; } $changes = array_filter($changes); // check for unavailable capabilities if (!$auth->canDo('modName')) { unset($changes['name']); } if (!$auth->canDo('modMail')) { unset($changes['mail']); } if (!$auth->canDo('modPass')) { unset($changes['pass']); } // anything to do? if (!count($changes)) { msg($lang['profnochange'], -1); return false; } if ($conf['profileconfirm']) { if (!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) { msg($lang['badlogin'], -1); return false; } } if ($result = $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes))) { // update cookie and session with the changed data if ($changes['pass']) { list(, $sticky, ) = auth_getCookie(); $pass = PMA_blowfish_encrypt($changes['pass'], auth_cookiesalt(!$sticky)); auth_setCookie($_SERVER['REMOTE_USER'], $pass, (bool) $sticky); } return true; } return false; }
/** * Execute the requested action(s) and initialize the plugin repository */ public function handle() { global $INPUT; // initialize the remote repository /* @var helper_plugin_extension_repository $repository */ $repository = $this->loadHelper('extension_repository'); if (!$repository->hasAccess()) { $url = $this->gui->tabURL('', array('purge' => 1)); msg($this->getLang('repo_error') . ' [<a href="' . $url . '">' . $this->getLang('repo_retry') . '</a>]', -1); } if (!in_array('ssl', stream_get_transports())) { msg($this->getLang('nossl'), -1); } /* @var helper_plugin_extension_extension $extension */ $extension = $this->loadHelper('extension_extension'); try { if ($INPUT->post->has('fn') && checkSecurityToken()) { $actions = $INPUT->post->arr('fn'); foreach ($actions as $action => $extensions) { foreach ($extensions as $extname => $label) { switch ($action) { case 'install': case 'reinstall': case 'update': $extension->setExtension($extname); $installed = $extension->installOrUpdate(); foreach ($installed as $ext => $info) { msg(sprintf($this->getLang('msg_' . $info['type'] . '_' . $info['action'] . '_success'), $info['base']), 1); } break; case 'uninstall': $extension->setExtension($extname); $status = $extension->uninstall(); if ($status) { msg(sprintf($this->getLang('msg_delete_success'), hsc($extension->getDisplayName())), 1); } else { msg(sprintf($this->getLang('msg_delete_failed'), hsc($extension->getDisplayName())), -1); } break; case 'enable': $extension->setExtension($extname); $status = $extension->enable(); if ($status !== true) { msg($status, -1); } else { msg(sprintf($this->getLang('msg_enabled'), hsc($extension->getDisplayName())), 1); } break; case 'disable': $extension->setExtension($extname); $status = $extension->disable(); if ($status !== true) { msg($status, -1); } else { msg(sprintf($this->getLang('msg_disabled'), hsc($extension->getDisplayName())), 1); } break; } } } send_redirect($this->gui->tabURL('', array(), '&', true)); } elseif ($INPUT->post->str('installurl') && checkSecurityToken()) { $installed = $extension->installFromURL($INPUT->post->str('installurl')); foreach ($installed as $ext => $info) { msg(sprintf($this->getLang('msg_' . $info['type'] . '_' . $info['action'] . '_success'), $info['base']), 1); } send_redirect($this->gui->tabURL('', array(), '&', true)); } elseif (isset($_FILES['installfile']) && checkSecurityToken()) { $installed = $extension->installFromUpload('installfile'); foreach ($installed as $ext => $info) { msg(sprintf($this->getLang('msg_' . $info['type'] . '_' . $info['action'] . '_success'), $info['base']), 1); } send_redirect($this->gui->tabURL('', array(), '&', true)); } } catch (Exception $e) { msg($e->getMessage(), -1); send_redirect($this->gui->tabURL('', array(), '&', true)); } }
/** * handle user request * * Initializes internal vars and handles modifications * * @author Andreas Gohr <*****@*****.**> */ function handle() { global $AUTH_ACL; global $ID; global $auth; global $config_cascade; // fresh 1:1 copy without replacements $AUTH_ACL = file($config_cascade['acl']['default']); // namespace given? if ($_REQUEST['ns'] == '*') { $this->ns = '*'; } else { $this->ns = cleanID($_REQUEST['ns']); } if ($_REQUEST['current_ns']) { $this->current_item = array('id' => cleanID($_REQUEST['current_ns']), 'type' => 'd'); } elseif ($_REQUEST['current_id']) { $this->current_item = array('id' => cleanID($_REQUEST['current_id']), 'type' => 'f'); } elseif ($this->ns) { $this->current_item = array('id' => $this->ns, 'type' => 'd'); } else { $this->current_item = array('id' => $ID, 'type' => 'f'); } // user or group choosen? $who = trim($_REQUEST['acl_w']); if ($_REQUEST['acl_t'] == '__g__' && $who) { $this->who = '@' . ltrim($auth->cleanGroup($who), '@'); } elseif ($_REQUEST['acl_t'] == '__u__' && $who) { $this->who = ltrim($who, '@'); if ($this->who != '%USER%' && $this->who != '%GROUP%') { #keep wildcard as is $this->who = $auth->cleanUser($this->who); } } elseif ($_REQUEST['acl_t'] && $_REQUEST['acl_t'] != '__u__' && $_REQUEST['acl_t'] != '__g__') { $this->who = $_REQUEST['acl_t']; } elseif ($who) { $this->who = $who; } // handle modifications if (isset($_REQUEST['cmd']) && checkSecurityToken()) { // scope for modifications if ($this->ns) { if ($this->ns == '*') { $scope = '*'; } else { $scope = $this->ns . ':*'; } } else { $scope = $ID; } if (isset($_REQUEST['cmd']['save']) && $scope && $this->who && isset($_REQUEST['acl'])) { // handle additions or single modifications $this->_acl_del($scope, $this->who); $this->_acl_add($scope, $this->who, (int) $_REQUEST['acl']); } elseif (isset($_REQUEST['cmd']['del']) && $scope && $this->who) { // handle single deletions $this->_acl_del($scope, $this->who); } elseif (isset($_REQUEST['cmd']['update'])) { // handle update of the whole file foreach ((array) $_REQUEST['del'] as $where => $names) { // remove all rules marked for deletion foreach ($names as $who) { unset($_REQUEST['acl'][$where][$who]); } } // prepare lines $lines = array(); // keep header foreach ($AUTH_ACL as $line) { if ($line[0] == '#') { $lines[] = $line; } else { break; } } // re-add all rules foreach ((array) $_REQUEST['acl'] as $where => $opt) { foreach ($opt as $who => $perm) { if ($who[0] == '@') { if ($who != '@ALL') { $who = '@' . ltrim($auth->cleanGroup($who), '@'); } } elseif ($who != '%USER%' && $who != '%GROUP%') { #keep wildcard as is $who = $auth->cleanUser($who); } $who = auth_nameencode($who, true); $lines[] = "{$where}\t{$who}\t{$perm}\n"; } } // save it io_saveFile($config_cascade['acl']['default'], join('', $lines)); } // reload ACL config $AUTH_ACL = file($config_cascade['acl']['default']); } // initialize ACL array $this->_init_acl_config(); }