/**
* Implementation of module_content
*/
function admin_content()
{
global $ssc_user, $ssc_database;
$out = '';
if ($_GET['path'] != '/admin' || $ssc_user->gid == SSC_USER_GUEST) {
ssc_not_found();
return;
}
switch ($_GET['param']) {
case '':
ssc_set_title("Administration");
$out = _admin_base_content();
break;
default:
// Check for sub-page. args can be claimed from $_GET[param]
$_GET['param'] = explode("/", $_GET['param']);
$_GET['admin_page'] = array_shift($_GET['param']);
if (!login_check_auth($_GET['admin_page'])) {
ssc_not_allowed();
} else {
$out = module_hook('admin', $_GET['admin_page']);
}
if (empty($out)) {
ssc_not_found();
}
break;
}
return $out;
}
/**
* Validation routine for event editing
* @return TRUE or FALSE depending on validation success
*/
function events_edit_validate()
{
// Ensure auth'd people only
if (!login_check_auth('sailing')) {
return false;
}
if (!isset($_POST['id'], $_POST['name'], $_POST['date'], $_POST['uri'], $_POST['submit'])) {
return false;
}
if ($_POST['id'] == '' || $_POST['name'] == '' || $_POST['date'] == '') {
ssc_add_message(SSC_MSG_CRIT, t('Required fields were not filled in'));
return false;
}
return true;
}
/**
* Edit link validation
*/
function nav_add_link_validate()
{
// Check privileges
if (!login_check_auth("nav")) {
return false;
}
if (empty($_POST['title']) || empty($_POST['url']) || empty($_POST['wid'])) {
ssc_add_message(SSC_MSG_CRIT, t('Both link title and path need to be entered'));
return false;
}
if (empty($_POST['desc'])) {
$_POST['desc'] = '';
}
return true;
}
function sailing_series_validate()
{
if (!isset($_POST['id'], $_POST['name'], $_POST['submit'], $_POST['url'])) {
return false;
}
// missing compulsory fields - drop quietly
if (!login_check_auth('sailing')) {
return false;
}
if (strlen($_POST['name']) == 0) {
ssc_add_message(SSC_MSG_CRIT, t('Series must have a name'));
return false;
}
return true;
}
/**
* Profile edit saving
*/
function login_profile_submit()
{
global $ssc_database, $ssc_user;
$admin = $_GET['path'] == '/admin' && login_check_auth("login");
if (!empty($_POST['n2'])) {
$hash = new PasswordHash(8, true);
$pass = $hash->HashPassword($_POST['n2']);
} else {
$pass = null;
}
// Ready to submit
if ($_POST['uid'] <= 0 && $admin) {
// New user
$result = $ssc_database->query("INSERT INTO #__user SET\n\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s',\n\t\tgid = %d, password = '******', created = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $_POST['grp'], $pass, time());
if (!$result) {
ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form'));
return;
}
$id = $ssc_database->last_id();
ssc_add_message(SSC_MSG_INFO, t('User details saved'));
ssc_redirect("/admin/login/edit/{$id}");
} else {
// Update existing
if ($admin) {
if ($pass) {
$result = $ssc_database->query("UPDATE #__user SET\n\t\t\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s',\n\t\t\t\tgid = %d, password = '******' WHERE id = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $_POST['grp'], $pass, $_POST['uid']);
if ($result) {
ssc_add_message(SSC_MSG_INFO, t('User details saved'));
} else {
ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form'));
}
} else {
$result = $ssc_database->query("UPDATE #__user SET\n\t\t\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s',\n\t\t\t\tgid = %d WHERE id = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $_POST['grp'], $_POST['uid']);
if ($result) {
ssc_add_message(SSC_MSG_INFO, t('User details saved'));
} else {
ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form'));
}
}
} else {
if ($pass) {
$result = $ssc_database->query("UPDATE #__user SET\n\t\t\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s',\n\t\t\t\tpassword = '******' WHERE id = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $pass, $ssc_user->id);
if ($result) {
ssc_add_message(SSC_MSG_INFO, t('User details saved'));
} else {
ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form'));
}
} else {
$result = $ssc_database->query("UPDATE #__user SET\n\t\t\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s'\n\t\t\t\tWHERE id = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $ssc_user->id);
if ($result) {
ssc_add_message(SSC_MSG_INFO, t('User details saved'));
} else {
ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form'));
}
}
}
}
}
/**
* Gallery edit validation
*/
function gallery_form_validate()
{
global $ssc_database;
// Drop invalid user
if (!login_check_auth("gallery")) {
return false;
}
if (empty($_POST['name']) || !isset($_POST['url'], $_POST['gid'])) {
ssc_add_message(SSC_MSG_CRIT, t('Gallery name can\'t be empty'));
return false;
}
// Check valid form combo
$gid = $_POST['gid'] = (int) $_POST['gid'];
if ($gid < 0 || $gid == 0 && isset($_POST['item'])) {
return false;
}
if (empty($_POST['desc'])) {
$_POST['desc'] = '';
}
if (isset($_POST['vis'])) {
$_POST['vis'] = 1;
} else {
$_POST['vis'] = 0;
}
$result = $ssc_database->query("SELECT id FROM #__handler WHERE path = '%s' LIMIT 1", $_POST['url']);
if (!$result) {
return false;
}
$data = $ssc_database->fetch_object($result);
if ($data && $data->id != $gid) {
ssc_add_message(SSC_MSG_CRIT, t('That path name has already been used elsewhere'));
return false;
}
if (!empty($_FILES['single'])) {
switch ($_FILES['single']['error']) {
case UPLOAD_ERR_OK:
// Upload good
// Upload good
case UPLOAD_ERR_NO_FILE:
// Or no file to upload
break;
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
ssc_add_message(SSC_MSG_WARN, t('The image you uploaded was too large'));
unset($_FILES['single']);
break;
case UPLOAD_ERR_PARTIAL:
case UPLOAD_ERR_NO_TMP_DIR:
case UPLOAD_ERR_CANT_WRITE:
case UPLOAD_ERR_EXTENSION:
default:
ssc_add_message(SSC_MSG_WARN, t('There was an error uploading the image'));
unset($_FILES['single']);
break;
}
}
return true;
}
/**
* Comment moderation form validation
*/
function blog_spam_ham_validate()
{
if (!login_check_auth("blog")) {
return false;
}
$count = 0;
if (isset($_POST['spam'])) {
$_POST['action'] = 'spam';
$keys = array_keys($_POST['spam']);
if (count($keys) > 1) {
return false;
}
$count++;
}
if (isset($_POST['ham'])) {
$_POST['action'] = 'ham';
$keys = array_keys($_POST['ham']);
if (count($keys) > 1) {
return false;
}
$count++;
}
if (isset($_POST['show'])) {
$_POST['action'] = 'show';
$keys = array_keys($_POST['show']);
if (count($keys) > 1) {
return false;
}
$count++;
}
if (isset($_POST['hide'])) {
$_POST['action'] = 'hide';
$keys = array_keys($_POST['hide']);
if (count($keys) > 1) {
return false;
}
$count++;
}
if (isset($_POST['disable_comments'])) {
$_POST['action'] = 'disable_comments';
$keys = array_keys($_POST['disable_comments']);
if (count($keys) > 1) {
return false;
}
$count++;
}
if (isset($_POST['enable_comments'])) {
$_POST['action'] = 'enable_comments';
$keys = array_keys($_POST['enable_comments']);
if (count($keys) > 1) {
return false;
}
$count++;
}
if ($count != 1) {
return false;
}
$_POST['i'] = $keys[0];
return true;
}
/**
* Page validation
*/
function static_form_validate()
{
if (!login_check_auth("static")) {
return false;
}
// Only saved if properly submitted - not preview
if (empty($_POST['sub'])) {
ssc_add_message(SSC_MSG_WARN, t('This is a preview - the form continues below.'));
if (!empty($_POST['url']) && $_POST['url'][0] == '/') {
$_POST['url'] = substr($_POST['url'], 1);
}
return false;
}
if (empty($_POST['title']) || !isset($_POST['url']) || empty($_POST['body'])) {
ssc_add_message(SSC_MSG_CRIT, t('Not all required fields were filled in'));
if (!empty($_POST['url']) && $_POST['url'][0] == '/') {
$_POST['url'] = substr($_POST['url'], 1);
}
return false;
}
if (!empty($_POST['url']) && $_POST['url'][0] == '/') {
$_POST['url'] = substr($_POST['url'], 1);
}
return true;
}
