Пример #1
0
 public function admin()
 {
     switch ($_REQUEST['iop']) {
         case 'delete_image':
             if (!$this->folder->id || !Current_User::secured('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
                 Current_User::disallow();
             }
             $this->loadImage(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT));
             $this->image->delete();
             PHPWS_Core::goBack();
             break;
         case 'post_image_upload':
             if (!$this->folder->id || !Current_User::authorized('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
                 Current_User::disallow();
             }
             if (!$this->postImageUpload()) {
                 \Cabinet::setMessage('Failed to upload image. Check directory permissions.');
             }
             Layout::nakedDisplay();
             //\PHPWS_Core::goBack();
             break;
         case 'upload_image_form':
             if (!$this->folder->id || !Current_User::secured('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
                 Current_User::disallow();
             }
             $this->loadImage(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT));
             $this->edit();
             echo Layout::wrap($this->content, 'Image Upload', true);
             exit;
     }
 }
Пример #2
0
 public function admin()
 {
     switch ($_REQUEST['mop']) {
         case 'delete_multimedia':
             if (!$this->folder->id || !Current_User::authorized('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
                 Current_User::disallow();
             }
             $this->loadMultimedia(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT));
             $this->multimedia->delete();
             PHPWS_Core::goBack();
             break;
         case 'post_multimedia_upload':
             if (!$this->folder->id || !Current_User::authorized('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
                 Current_User::disallow();
             }
             $this->postMultimediaUpload();
             \PHPWS_Core::goBack();
             break;
         case 'upload_multimedia_form':
             if (!Current_User::secured('filecabinet', 'edit_folders', $this->multimedia->folder_id, 'folder')) {
                 Current_User::disallow();
             }
             $this->loadMultimedia(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT));
             if (!$this->multimedia->id) {
                 $this->multimedia->folder_id = filter_input(INPUT_GET, 'folder_id', FILTER_VALIDATE_INT);
             }
             $this->edit();
             echo json_encode(array('title' => $this->title, 'content' => $this->content));
             exit;
         case 'edit_rtmp':
             if (!Current_User::secured('filecabinet', 'edit_folders', $this->multimedia->folder_id, 'folder')) {
                 Current_User::disallow();
             }
             $this->loadMultimedia(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT));
             $this->editRTMP();
             echo json_encode(array('title' => $this->title, 'content' => $this->content));
             exit;
         case 'post_rtmp':
             if (!Current_User::authorized('filecabinet', 'edit_folders', $this->multimedia->folder_id, 'folder')) {
                 Current_User::disallow();
             }
             if (!$this->postRTMP()) {
                 $this->editRTMP();
             }
             \PHPWS_Core::goBack();
             break;
     }
     return $this->content;
 }
Пример #3
0
 public function admin()
 {
     switch ($_REQUEST['dop']) {
         case 'delete_document':
             if (!$this->folder->id || !Current_User::secured('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
                 Current_User::disallow();
             }
             $this->document->delete();
             PHPWS_Core::returnToBookmark();
             break;
         case 'post_document_upload':
             if (!$this->folder->id || !Current_User::authorized('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
                 Current_User::disallow();
             }
             $this->postDocumentUpload();
             javascript('close_refresh');
             Layout::nakedDisplay();
             //\PHPWS_Core::goBack();
             break;
         case 'upload_document_form':
             if (!$this->folder->id || !Current_User::secured('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
                 Current_User::disallow();
             }
             $this->loadDocument(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT));
             $this->edit();
             echo Layout::wrap($this->content, 'Document Upload', true);
             exit;
         case 'add_access':
             if (!Current_User::authorized('filecabinet')) {
                 Current_User::disallow();
             }
             $keyword = null;
             $this->loadDocument();
             // document exists, try making a shortcut
             if ($this->document->id) {
                 PHPWS_Core::initModClass('access', 'Shortcut.php');
                 $shortcut = new Access_Shortcut();
                 if (isset($_GET['keyword'])) {
                     $keyword = $_GET['keyword'];
                 }
                 if (empty($keyword)) {
                     $keyword = $this->document->title;
                 }
                 $result = $shortcut->setKeyword($keyword);
                 $new_keyword = $shortcut->keyword;
                 // if setKeyword returns a false or error, we have them pick a different name
                 if (!$result || PHPWS_Error::isError($result)) {
                     $message = dgettext('filecabinet', 'Access shortcut name already in use. Please enter another.');
                     $success = false;
                 } else {
                     $shortcut->setUrl('filecabinet', $this->document->getViewLink());
                     $shortcut->save();
                     $success = true;
                     $message = '<p>' . dgettext('filecabinet', 'Access shortcut successful!') . '</p>';
                     $message .= '<a href="' . PHPWS_Core::getHomeHttp() . $shortcut->keyword . '">' . PHPWS_Core::getHomeHttp() . $shortcut->keyword . '</a>';
                 }
             } else {
                 $message = dgettext('filecabinet', 'File not found');
                 // not really a success but prevents a repost prompt
                 $success = true;
             }
             echo json_encode(array('success' => $success, 'message' => $message, 'keyword' => $new_keyword));
             exit;
     }
 }
Пример #4
0
 public static function adminAction()
 {
     PHPWS_Core::initModClass('users', 'Group.php');
     $title = $message = $content = null;
     if (!Current_User::allow('users')) {
         PHPWS_User::disallow(dgettext('users', 'Tried to perform an admin function in Users.'));
         return;
     }
     $message = User_Action::getMessage();
     $panel = User_Action::cpanel();
     $panel->enableSecure();
     if (isset($_REQUEST['command'])) {
         $command = $_REQUEST['command'];
     } else {
         $command = $panel->getCurrentTab();
     }
     if (isset($_REQUEST['user_id'])) {
         $user = new PHPWS_User((int) $_REQUEST['user_id']);
     } else {
         $user = new PHPWS_User();
     }
     if (isset($_REQUEST['group_id'])) {
         $group = new PHPWS_Group((int) $_REQUEST['group_id']);
     } else {
         $group = new PHPWS_Group();
     }
     switch ($command) {
         /** Form cases * */
         /** User Forms * */
         case 'new_user':
             if (PHPWS_Settings::get('users', 'allow_new_users') || Current_User::isDeity()) {
                 $panel->setCurrentTab('new_user');
                 $title = dgettext('users', 'Create User');
                 $content = User_Form::userForm($user);
             } else {
                 Current_User::disallow();
             }
             break;
         case 'search_members':
             self::searchMembers();
             exit;
             break;
         case 'manage_users':
             $title = dgettext('users', 'Manage Users');
             $content = User_Form::manageUsers();
             break;
         case 'editUser':
             $title = dgettext('users', 'Edit User');
             $user = new PHPWS_User($_REQUEST['user_id']);
             $content = User_Form::userForm($user);
             break;
         case 'deleteUser':
             if (!Current_User::secured('users', 'delete_users')) {
                 Current_User::disallow();
                 return;
             }
             $user->kill();
             PHPWS_Core::goBack();
             break;
         case 'deify_user':
             if (!Current_User::authorized('users') || !Current_User::isDeity()) {
                 Current_User::disallow();
                 return;
             }
             $user->deity = 1;
             $user->save();
             PHPWS_Core::goBack();
             break;
         case 'mortalize_user':
             if (!Current_User::authorized('users') || !Current_User::isDeity()) {
                 Current_User::disallow();
                 return;
             }
             $user->deity = 0;
             $user->save();
             PHPWS_Core::goBack();
             break;
         case 'authorization':
         case 'postAuthorization':
         case 'dropAuthScript':
             if (!Current_User::isDeity()) {
                 Current_User::disallow();
             }
             if ($command == 'dropAuthScript' && isset($_REQUEST['script_id'])) {
                 User_Action::dropAuthorization($_REQUEST['script_id']);
             } elseif ($command == 'postAuthorization') {
                 User_Action::postAuthorization();
                 $message = dgettext('users', 'Authorization updated.');
             }
             $title = dgettext('users', 'Authorization');
             $content = User_Form::authorizationSetup();
             break;
         case 'editScript':
             $title = dgettext('users', 'Edit Authorization Script');
             // no reason to edit scripts yet
             break;
         case 'setUserPermissions':
             if (!Current_User::authorized('users', 'edit_permissions')) {
                 PHPWS_User::disallow();
                 return;
             }
             if (!$user->id) {
                 PHPWS_Core::errorPage('404');
             }
             PHPWS_Core::initModClass('users', 'Group.php');
             $title = dgettext('users', 'Set User Permissions') . ' : ' . $user->getUsername();
             $content = User_Form::setPermissions($user->getUserGroup());
             break;
         case 'deactivateUser':
             if (!Current_User::authorized('users')) {
                 PHPWS_User::disallow();
                 return;
             }
             User_Action::activateUser($_REQUEST['user_id'], false);
             PHPWS_Core::goBack();
             break;
         case 'activateUser':
             if (!Current_User::authorized('users')) {
                 PHPWS_User::disallow();
                 return;
             }
             User_Action::activateUser($_REQUEST['user_id'], true);
             PHPWS_Core::goBack();
             break;
             /** End User Forms * */
             /*             * ******************** Group Forms *********************** */
         /** End User Forms * */
         /*             * ******************** Group Forms *********************** */
         case 'setGroupPermissions':
             if (!Current_User::authorized('users', 'edit_permissions')) {
                 PHPWS_User::disallow();
                 return;
             }
             PHPWS_Core::initModClass('users', 'Group.php');
             $title = dgettext('users', 'Set Group Permissions') . ' : ' . $group->getName();
             $content = User_Form::setPermissions($_REQUEST['group_id'], 'group');
             break;
         case 'new_group':
             $title = dgettext('users', 'Create Group');
             $content = User_Form::groupForm($group);
             break;
         case 'edit_group':
             $title = dgettext('users', 'Edit Group');
             $content = User_Form::groupForm($group);
             break;
         case 'remove_group':
             $group->kill();
             $title = dgettext('users', 'Manage Groups');
             $content = User_Form::manageGroups();
             break;
         case 'manage_groups':
             $panel->setCurrentTab('manage_groups');
             PHPWS_Core::killSession('Last_Member_Search');
             $title = dgettext('users', 'Manage Groups');
             $content = User_Form::manageGroups();
             break;
         case 'manageMembers':
             PHPWS_Core::initModClass('users', 'Group.php');
             $title = dgettext('users', 'Manage Members') . ' : ' . $group->getName();
             $content = User_Form::manageMembers($group);
             break;
         case 'postMembers':
             if (!Current_User::authorized('users', 'add_edit_groups')) {
                 Current_User::disallow();
                 return;
             }
             $title = dgettext('users', 'Manage Members') . ' : ' . $group->getName();
             $content = User_Form::manageMembers($group);
             break;
             /*             * *********************** End Group Forms ****************** */
             /*             * *********************** Misc Forms *********************** */
         /*             * *********************** End Group Forms ****************** */
         /*             * *********************** Misc Forms *********************** */
         case 'settings':
             if (!Current_User::authorized('users', 'settings')) {
                 Current_User::disallow();
                 return;
             }
             $title = dgettext('users', 'Settings');
             $content = User_Form::settings();
             break;
             /** End Misc Forms * */
             /** Action cases * */
         /** End Misc Forms * */
         /** Action cases * */
         case 'deify':
             if (!Current_User::isDeity()) {
                 Current_User::disallow();
                 return;
             }
             $user = new PHPWS_User($_REQUEST['user']);
             if (isset($_GET['authorize'])) {
                 if ($_GET['authorize'] == 1 && Current_User::isDeity()) {
                     $user->setDeity(true);
                     $user->save();
                     User_Action::sendMessage(dgettext('users', 'User deified.'), 'manage_users');
                     break;
                 } else {
                     User_Action::sendMessage(dgettext('users', 'User remains a lowly mortal.'), 'manage_users');
                     break;
                 }
             } else {
                 $content = User_Form::deify($user);
             }
             break;
         case 'mortalize':
             if (!Current_User::isDeity()) {
                 Current_User::disallow();
                 return;
             }
             $user = new PHPWS_User($_REQUEST['user']);
             if (isset($_GET['authorize'])) {
                 if ($_GET['authorize'] == 1 && Current_User::isDeity()) {
                     $user->setDeity(false);
                     $user->save();
                     $content = dgettext('users', 'User transformed into a lowly mortal.') . '<hr />' . User_Form::manageUsers();
                     break;
                 } else {
                     $content = dgettext('users', 'User remains a deity.') . '<hr />' . User_Form::manageUsers();
                     break;
                 }
             } else {
                 $content = User_Form::mortalize($user);
             }
             break;
         case 'postUser':
             if (isset($_POST['user_id'])) {
                 if (!Current_User::authorized('users', 'edit_users')) {
                     PHPWS_User::disallow();
                     return;
                 }
             } else {
                 // posting new user
                 if (!Current_User::authorized('users')) {
                     PHPWS_User::disallow();
                     return;
                 }
             }
             $result = User_Action::postUser($user);
             if ($result === true) {
                 $new_user = !(bool) $user->id;
                 $user->setActive(true);
                 $user->setApproved(true);
                 if (PHPWS_Error::logIfError($user->save())) {
                     $title = dgettext('users', 'Sorry');
                     $content = dgettext('users', 'An error occurred when trying to save the user. Check your logs.');
                     break;
                 }
                 if ($new_user) {
                     User_Action::assignDefaultGroup($user);
                     if (isset($_POST['group_add']) && is_array($_POST['group_add'])) {
                         foreach ($_POST['group_add'] as $group_id) {
                             $group = new PHPWS_Group($group_id);
                             $group->addMember($user->_user_group);
                             $group->save();
                         }
                     }
                 }
                 $panel->setCurrentTab('manage_users');
                 if (isset($_POST['notify_user'])) {
                     self::notifyUser($user, $_POST['password1']);
                 }
                 if (isset($_POST['user_id'])) {
                     User_Action::sendMessage(dgettext('users', 'User updated.'), 'manage_users');
                 } elseif (Current_User::allow('users', 'edit_permissions')) {
                     if (isset($_POST['notify_user'])) {
                         User_Action::sendMessage(dgettext('users', 'New user created and notified.'), 'setUserPermissions&user_id=' . $user->id);
                     } else {
                         User_Action::sendMessage(dgettext('users', 'New user created.'), 'setUserPermissions&user_id=' . $user->id);
                     }
                 } else {
                     User_Action::sendMessage(dgettext('users', 'User created.'), 'new_user');
                 }
             } else {
                 $message = implode('<br />', $result);
                 if (isset($_POST['user_id'])) {
                     $title = dgettext('users', 'Edit User');
                 } else {
                     $title = dgettext('users', 'Create User');
                 }
                 $content = User_Form::userForm($user);
             }
             break;
         case 'postPermission':
             if (!Current_User::authorized('users', 'edit_permissions')) {
                 PHPWS_User::disallow();
                 return;
             }
             User_Action::postPermission();
             User_Action::sendMessage(dgettext('users', 'Permissions updated'), $panel->getCurrentTab());
             break;
         case 'postGroup':
             if (!Current_User::authorized('users', 'add_edit_groups')) {
                 PHPWS_User::disallow();
                 return;
             }
             PHPWS_Core::initModClass('users', 'Group.php');
             $result = User_Action::postGroup($group);
             if (PHPWS_Error::isError($result)) {
                 $message = $result->getMessage();
                 $title = isset($group->id) ? dgettext('users', 'Edit Group') : dgettext('users', 'Create Group');
                 $content = User_form::groupForm($group);
             } else {
                 $result = $group->save();
                 if (PHPWS_Error::logIfError($result)) {
                     $message = dgettext('users', 'An error occurred when trying to save the group.');
                 } else {
                     $message = dgettext('users', 'Group created.');
                 }
                 User_Action::sendMessage($message, 'manage_groups');
             }
             break;
         case 'addMember':
             if (!Current_User::authorized('users', 'add_edit_groups')) {
                 PHPWS_User::disallow();
                 return;
             }
             PHPWS_Core::initModClass('users', 'Group.php');
             $group->addMember($_REQUEST['member']);
             $group->save();
             unset($_SESSION['Last_Member_Search']);
             User_Action::sendMessage(dgettext('users', 'Member added.'), 'manageMembers&group_id=' . $group->id);
             break;
         case 'dropMember':
             if (!Current_User::authorized('users', 'add_edit_groups')) {
                 PHPWS_User::disallow();
                 return;
             }
             PHPWS_Core::initModClass('users', 'Group.php');
             $group->dropMember($_REQUEST['member']);
             $group->save();
             unset($_SESSION['Last_Member_Search']);
             User_Action::sendMessage(dgettext('users', 'Member removed.'), 'manageMembers&group_id=' . $group->id);
             break;
         case 'update_settings':
             if (!Current_User::authorized('users', 'settings')) {
                 PHPWS_User::disallow();
                 return;
             }
             $title = dgettext('users', 'Settings');
             $result = User_Action::update_settings();
             if ($result === true) {
                 $message = dgettext('users', 'User settings updated.');
             } else {
                 $message = $result;
             }
             $content = User_Form::settings();
             break;
         case 'check_permission_tables':
             if (!Current_User::authorized('users', 'settings')) {
                 PHPWS_User::disallow();
                 return;
             }
             $title = dgettext('users', 'Register Module Permissions');
             $content = User_Action::checkPermissionTables();
             break;
         default:
             PHPWS_Core::errorPage('404');
             break;
     }
     $template['CONTENT'] = $content;
     $template['TITLE'] = $title;
     $template['MESSAGE'] = $message;
     $final = PHPWS_Template::process($template, 'users', 'main.tpl');
     $panel->setContent($final);
     Layout::add(PHPWS_ControlPanel::display($panel->display()));
 }