public function admin() { switch ($_REQUEST['iop']) { case 'delete_image': if (!$this->folder->id || !Current_User::secured('filecabinet', 'edit_folders', $this->folder->id, 'folder')) { Current_User::disallow(); } $this->loadImage(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT)); $this->image->delete(); PHPWS_Core::goBack(); break; case 'post_image_upload': if (!$this->folder->id || !Current_User::authorized('filecabinet', 'edit_folders', $this->folder->id, 'folder')) { Current_User::disallow(); } if (!$this->postImageUpload()) { \Cabinet::setMessage('Failed to upload image. Check directory permissions.'); } Layout::nakedDisplay(); //\PHPWS_Core::goBack(); break; case 'upload_image_form': if (!$this->folder->id || !Current_User::secured('filecabinet', 'edit_folders', $this->folder->id, 'folder')) { Current_User::disallow(); } $this->loadImage(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT)); $this->edit(); echo Layout::wrap($this->content, 'Image Upload', true); exit; } }
public function admin() { switch ($_REQUEST['mop']) { case 'delete_multimedia': if (!$this->folder->id || !Current_User::authorized('filecabinet', 'edit_folders', $this->folder->id, 'folder')) { Current_User::disallow(); } $this->loadMultimedia(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT)); $this->multimedia->delete(); PHPWS_Core::goBack(); break; case 'post_multimedia_upload': if (!$this->folder->id || !Current_User::authorized('filecabinet', 'edit_folders', $this->folder->id, 'folder')) { Current_User::disallow(); } $this->postMultimediaUpload(); \PHPWS_Core::goBack(); break; case 'upload_multimedia_form': if (!Current_User::secured('filecabinet', 'edit_folders', $this->multimedia->folder_id, 'folder')) { Current_User::disallow(); } $this->loadMultimedia(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT)); if (!$this->multimedia->id) { $this->multimedia->folder_id = filter_input(INPUT_GET, 'folder_id', FILTER_VALIDATE_INT); } $this->edit(); echo json_encode(array('title' => $this->title, 'content' => $this->content)); exit; case 'edit_rtmp': if (!Current_User::secured('filecabinet', 'edit_folders', $this->multimedia->folder_id, 'folder')) { Current_User::disallow(); } $this->loadMultimedia(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT)); $this->editRTMP(); echo json_encode(array('title' => $this->title, 'content' => $this->content)); exit; case 'post_rtmp': if (!Current_User::authorized('filecabinet', 'edit_folders', $this->multimedia->folder_id, 'folder')) { Current_User::disallow(); } if (!$this->postRTMP()) { $this->editRTMP(); } \PHPWS_Core::goBack(); break; } return $this->content; }
public function admin() { switch ($_REQUEST['dop']) { case 'delete_document': if (!$this->folder->id || !Current_User::secured('filecabinet', 'edit_folders', $this->folder->id, 'folder')) { Current_User::disallow(); } $this->document->delete(); PHPWS_Core::returnToBookmark(); break; case 'post_document_upload': if (!$this->folder->id || !Current_User::authorized('filecabinet', 'edit_folders', $this->folder->id, 'folder')) { Current_User::disallow(); } $this->postDocumentUpload(); javascript('close_refresh'); Layout::nakedDisplay(); //\PHPWS_Core::goBack(); break; case 'upload_document_form': if (!$this->folder->id || !Current_User::secured('filecabinet', 'edit_folders', $this->folder->id, 'folder')) { Current_User::disallow(); } $this->loadDocument(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT)); $this->edit(); echo Layout::wrap($this->content, 'Document Upload', true); exit; case 'add_access': if (!Current_User::authorized('filecabinet')) { Current_User::disallow(); } $keyword = null; $this->loadDocument(); // document exists, try making a shortcut if ($this->document->id) { PHPWS_Core::initModClass('access', 'Shortcut.php'); $shortcut = new Access_Shortcut(); if (isset($_GET['keyword'])) { $keyword = $_GET['keyword']; } if (empty($keyword)) { $keyword = $this->document->title; } $result = $shortcut->setKeyword($keyword); $new_keyword = $shortcut->keyword; // if setKeyword returns a false or error, we have them pick a different name if (!$result || PHPWS_Error::isError($result)) { $message = dgettext('filecabinet', 'Access shortcut name already in use. Please enter another.'); $success = false; } else { $shortcut->setUrl('filecabinet', $this->document->getViewLink()); $shortcut->save(); $success = true; $message = '<p>' . dgettext('filecabinet', 'Access shortcut successful!') . '</p>'; $message .= '<a href="' . PHPWS_Core::getHomeHttp() . $shortcut->keyword . '">' . PHPWS_Core::getHomeHttp() . $shortcut->keyword . '</a>'; } } else { $message = dgettext('filecabinet', 'File not found'); // not really a success but prevents a repost prompt $success = true; } echo json_encode(array('success' => $success, 'message' => $message, 'keyword' => $new_keyword)); exit; } }
public static function adminAction() { PHPWS_Core::initModClass('users', 'Group.php'); $title = $message = $content = null; if (!Current_User::allow('users')) { PHPWS_User::disallow(dgettext('users', 'Tried to perform an admin function in Users.')); return; } $message = User_Action::getMessage(); $panel = User_Action::cpanel(); $panel->enableSecure(); if (isset($_REQUEST['command'])) { $command = $_REQUEST['command']; } else { $command = $panel->getCurrentTab(); } if (isset($_REQUEST['user_id'])) { $user = new PHPWS_User((int) $_REQUEST['user_id']); } else { $user = new PHPWS_User(); } if (isset($_REQUEST['group_id'])) { $group = new PHPWS_Group((int) $_REQUEST['group_id']); } else { $group = new PHPWS_Group(); } switch ($command) { /** Form cases * */ /** User Forms * */ case 'new_user': if (PHPWS_Settings::get('users', 'allow_new_users') || Current_User::isDeity()) { $panel->setCurrentTab('new_user'); $title = dgettext('users', 'Create User'); $content = User_Form::userForm($user); } else { Current_User::disallow(); } break; case 'search_members': self::searchMembers(); exit; break; case 'manage_users': $title = dgettext('users', 'Manage Users'); $content = User_Form::manageUsers(); break; case 'editUser': $title = dgettext('users', 'Edit User'); $user = new PHPWS_User($_REQUEST['user_id']); $content = User_Form::userForm($user); break; case 'deleteUser': if (!Current_User::secured('users', 'delete_users')) { Current_User::disallow(); return; } $user->kill(); PHPWS_Core::goBack(); break; case 'deify_user': if (!Current_User::authorized('users') || !Current_User::isDeity()) { Current_User::disallow(); return; } $user->deity = 1; $user->save(); PHPWS_Core::goBack(); break; case 'mortalize_user': if (!Current_User::authorized('users') || !Current_User::isDeity()) { Current_User::disallow(); return; } $user->deity = 0; $user->save(); PHPWS_Core::goBack(); break; case 'authorization': case 'postAuthorization': case 'dropAuthScript': if (!Current_User::isDeity()) { Current_User::disallow(); } if ($command == 'dropAuthScript' && isset($_REQUEST['script_id'])) { User_Action::dropAuthorization($_REQUEST['script_id']); } elseif ($command == 'postAuthorization') { User_Action::postAuthorization(); $message = dgettext('users', 'Authorization updated.'); } $title = dgettext('users', 'Authorization'); $content = User_Form::authorizationSetup(); break; case 'editScript': $title = dgettext('users', 'Edit Authorization Script'); // no reason to edit scripts yet break; case 'setUserPermissions': if (!Current_User::authorized('users', 'edit_permissions')) { PHPWS_User::disallow(); return; } if (!$user->id) { PHPWS_Core::errorPage('404'); } PHPWS_Core::initModClass('users', 'Group.php'); $title = dgettext('users', 'Set User Permissions') . ' : ' . $user->getUsername(); $content = User_Form::setPermissions($user->getUserGroup()); break; case 'deactivateUser': if (!Current_User::authorized('users')) { PHPWS_User::disallow(); return; } User_Action::activateUser($_REQUEST['user_id'], false); PHPWS_Core::goBack(); break; case 'activateUser': if (!Current_User::authorized('users')) { PHPWS_User::disallow(); return; } User_Action::activateUser($_REQUEST['user_id'], true); PHPWS_Core::goBack(); break; /** End User Forms * */ /* * ******************** Group Forms *********************** */ /** End User Forms * */ /* * ******************** Group Forms *********************** */ case 'setGroupPermissions': if (!Current_User::authorized('users', 'edit_permissions')) { PHPWS_User::disallow(); return; } PHPWS_Core::initModClass('users', 'Group.php'); $title = dgettext('users', 'Set Group Permissions') . ' : ' . $group->getName(); $content = User_Form::setPermissions($_REQUEST['group_id'], 'group'); break; case 'new_group': $title = dgettext('users', 'Create Group'); $content = User_Form::groupForm($group); break; case 'edit_group': $title = dgettext('users', 'Edit Group'); $content = User_Form::groupForm($group); break; case 'remove_group': $group->kill(); $title = dgettext('users', 'Manage Groups'); $content = User_Form::manageGroups(); break; case 'manage_groups': $panel->setCurrentTab('manage_groups'); PHPWS_Core::killSession('Last_Member_Search'); $title = dgettext('users', 'Manage Groups'); $content = User_Form::manageGroups(); break; case 'manageMembers': PHPWS_Core::initModClass('users', 'Group.php'); $title = dgettext('users', 'Manage Members') . ' : ' . $group->getName(); $content = User_Form::manageMembers($group); break; case 'postMembers': if (!Current_User::authorized('users', 'add_edit_groups')) { Current_User::disallow(); return; } $title = dgettext('users', 'Manage Members') . ' : ' . $group->getName(); $content = User_Form::manageMembers($group); break; /* * *********************** End Group Forms ****************** */ /* * *********************** Misc Forms *********************** */ /* * *********************** End Group Forms ****************** */ /* * *********************** Misc Forms *********************** */ case 'settings': if (!Current_User::authorized('users', 'settings')) { Current_User::disallow(); return; } $title = dgettext('users', 'Settings'); $content = User_Form::settings(); break; /** End Misc Forms * */ /** Action cases * */ /** End Misc Forms * */ /** Action cases * */ case 'deify': if (!Current_User::isDeity()) { Current_User::disallow(); return; } $user = new PHPWS_User($_REQUEST['user']); if (isset($_GET['authorize'])) { if ($_GET['authorize'] == 1 && Current_User::isDeity()) { $user->setDeity(true); $user->save(); User_Action::sendMessage(dgettext('users', 'User deified.'), 'manage_users'); break; } else { User_Action::sendMessage(dgettext('users', 'User remains a lowly mortal.'), 'manage_users'); break; } } else { $content = User_Form::deify($user); } break; case 'mortalize': if (!Current_User::isDeity()) { Current_User::disallow(); return; } $user = new PHPWS_User($_REQUEST['user']); if (isset($_GET['authorize'])) { if ($_GET['authorize'] == 1 && Current_User::isDeity()) { $user->setDeity(false); $user->save(); $content = dgettext('users', 'User transformed into a lowly mortal.') . '<hr />' . User_Form::manageUsers(); break; } else { $content = dgettext('users', 'User remains a deity.') . '<hr />' . User_Form::manageUsers(); break; } } else { $content = User_Form::mortalize($user); } break; case 'postUser': if (isset($_POST['user_id'])) { if (!Current_User::authorized('users', 'edit_users')) { PHPWS_User::disallow(); return; } } else { // posting new user if (!Current_User::authorized('users')) { PHPWS_User::disallow(); return; } } $result = User_Action::postUser($user); if ($result === true) { $new_user = !(bool) $user->id; $user->setActive(true); $user->setApproved(true); if (PHPWS_Error::logIfError($user->save())) { $title = dgettext('users', 'Sorry'); $content = dgettext('users', 'An error occurred when trying to save the user. Check your logs.'); break; } if ($new_user) { User_Action::assignDefaultGroup($user); if (isset($_POST['group_add']) && is_array($_POST['group_add'])) { foreach ($_POST['group_add'] as $group_id) { $group = new PHPWS_Group($group_id); $group->addMember($user->_user_group); $group->save(); } } } $panel->setCurrentTab('manage_users'); if (isset($_POST['notify_user'])) { self::notifyUser($user, $_POST['password1']); } if (isset($_POST['user_id'])) { User_Action::sendMessage(dgettext('users', 'User updated.'), 'manage_users'); } elseif (Current_User::allow('users', 'edit_permissions')) { if (isset($_POST['notify_user'])) { User_Action::sendMessage(dgettext('users', 'New user created and notified.'), 'setUserPermissions&user_id=' . $user->id); } else { User_Action::sendMessage(dgettext('users', 'New user created.'), 'setUserPermissions&user_id=' . $user->id); } } else { User_Action::sendMessage(dgettext('users', 'User created.'), 'new_user'); } } else { $message = implode('<br />', $result); if (isset($_POST['user_id'])) { $title = dgettext('users', 'Edit User'); } else { $title = dgettext('users', 'Create User'); } $content = User_Form::userForm($user); } break; case 'postPermission': if (!Current_User::authorized('users', 'edit_permissions')) { PHPWS_User::disallow(); return; } User_Action::postPermission(); User_Action::sendMessage(dgettext('users', 'Permissions updated'), $panel->getCurrentTab()); break; case 'postGroup': if (!Current_User::authorized('users', 'add_edit_groups')) { PHPWS_User::disallow(); return; } PHPWS_Core::initModClass('users', 'Group.php'); $result = User_Action::postGroup($group); if (PHPWS_Error::isError($result)) { $message = $result->getMessage(); $title = isset($group->id) ? dgettext('users', 'Edit Group') : dgettext('users', 'Create Group'); $content = User_form::groupForm($group); } else { $result = $group->save(); if (PHPWS_Error::logIfError($result)) { $message = dgettext('users', 'An error occurred when trying to save the group.'); } else { $message = dgettext('users', 'Group created.'); } User_Action::sendMessage($message, 'manage_groups'); } break; case 'addMember': if (!Current_User::authorized('users', 'add_edit_groups')) { PHPWS_User::disallow(); return; } PHPWS_Core::initModClass('users', 'Group.php'); $group->addMember($_REQUEST['member']); $group->save(); unset($_SESSION['Last_Member_Search']); User_Action::sendMessage(dgettext('users', 'Member added.'), 'manageMembers&group_id=' . $group->id); break; case 'dropMember': if (!Current_User::authorized('users', 'add_edit_groups')) { PHPWS_User::disallow(); return; } PHPWS_Core::initModClass('users', 'Group.php'); $group->dropMember($_REQUEST['member']); $group->save(); unset($_SESSION['Last_Member_Search']); User_Action::sendMessage(dgettext('users', 'Member removed.'), 'manageMembers&group_id=' . $group->id); break; case 'update_settings': if (!Current_User::authorized('users', 'settings')) { PHPWS_User::disallow(); return; } $title = dgettext('users', 'Settings'); $result = User_Action::update_settings(); if ($result === true) { $message = dgettext('users', 'User settings updated.'); } else { $message = $result; } $content = User_Form::settings(); break; case 'check_permission_tables': if (!Current_User::authorized('users', 'settings')) { PHPWS_User::disallow(); return; } $title = dgettext('users', 'Register Module Permissions'); $content = User_Action::checkPermissionTables(); break; default: PHPWS_Core::errorPage('404'); break; } $template['CONTENT'] = $content; $template['TITLE'] = $title; $template['MESSAGE'] = $message; $final = PHPWS_Template::process($template, 'users', 'main.tpl'); $panel->setContent($final); Layout::add(PHPWS_ControlPanel::display($panel->display())); }