/** * Function: submit * Submits a post to the blog owner. */ public function route_submit() { if (!Visitor::current()->group->can("submit_article")) { show_403(__("Access Denied"), __("You do not have sufficient privileges to submit articles.")); } if (!empty($_POST)) { if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) { show_403(__("Access Denied"), __("Invalid security key.")); } if (empty($_POST['body'])) { Flash::notice(__("Post body can't be empty!"), redirect("/")); } if (!isset($_POST['draft'])) { $_POST['draft'] = "true"; } $_POST['body'] = "{$_POST['body']}\n\n\n{$_POST['name']}\n{$_POST['email']}\n"; $post = Feathers::$instances[$_POST['feather']]->submit(); if (!in_array(false, $post)) { Flash::notice(__("Thank you for your submission. ", "submission"), "/"); } } if (Theme::current()->file_exists("forms/post/submit")) { MainController::current()->display("forms/post/submit", array("feather" => $feather), __("Submit a Text Post")); } else { require "pages/submit.php"; } }
public function route_makeRequest() { $type = pluralize(strip_tags($_GET['type'])); set_time_limit(0); $fp = fopen("../{$type}/latest.zip", 'w+'); $url = str_replace(" ", "%20", strip_tags($_GET['url'])); $ch = curl_init($url); curl_setopt($ch, CURLOPT_TIMEOUT, 50); curl_setopt($ch, CURLOPT_FILE, $fp); # write curl response to file curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_exec($ch); curl_close($ch); fclose($fp); $zip = new ZipArchive(); if ($zip->open("../{$type}/latest.zip") == true) { mkdir("../{$type}/latest", 0777); $zip->extractTo("../{$type}/latest"); $zip->close(); $handle = opendir("../{$type}/latest"); if ($handle) { while (($file = readdir($handle)) !== false) { if (is_dir("../{$type}/latest/{$file}")) { if ($file != '.' and $file != '..') { rename("../{$type}/latest/{$file}", "../{$type}/{$file}"); } } } } $this->rrmdir("../{$type}/latest"); unlink("../{$type}/latest.zip"); $this->rrmdir("../{$type}/__MACOSX"); } Flash::notice(__("Extension downloaded successfully.", "extension_manager"), "/admin/?action=extend_manager"); }
public function admin_friendfeedr_settings($admin) { if (empty($_POST)) { return $admin->display("friendfeedr_settings"); } $config = Config::current(); if ($config->set("friendfeedr_username", $_POST['friendfeedr_username']) && $config->set("friendfeedr_wrapper", $_POST['friendfeedr_wrapper'])) { Flash::notice(__("Settings updated."), "/admin/?action=friendfeedr_settings"); } }
public function main_delete_attachment() { if (!isset($_GET['id'])) { error(__("No ID Specified"), __("An ID is required to delete an attachment.", "attachments")); } $attachment = new Attachment($_GET['id']); if ($attachment->no_results) { error(__("Error"), __("Invalid attachment ID specified.", "attachments")); } if (!$attachment->deletable()) { show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this attachment.", "attachments")); } Attachment::delete($attachment->id); Flash::notice(__("Attachment deleted.", "attachments"), $_SESSION['redirect_to']); }
static function admin_obscura_settings($admin) { if (!Visitor::current()->group->can("change_settings")) { show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings.")); } if (empty($_POST)) { return $admin->display("obscura_settings"); } if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) { show_403(__("Access Denied"), __("Invalid security key.")); } $set = array(Config::current()->set("module_obscura", array("background" => $_POST['background'], "spacing" => $_POST['spacing'], "protect" => isset($_POST['protect'])))); if (!in_array(false, $set)) { Flash::notice(__("Settings updated."), "/admin/?action=obscura_settings"); } }
static function admin_cascade_settings($admin) { if (!Visitor::current()->group->can("change_settings")) { show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings.")); } if (empty($_POST)) { return $admin->display("cascade_settings"); } if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) { show_403(__("Access Denied"), __("Invalid security key.")); } $set = array(Config::current()->set("ajax_scroll_auto", isset($_POST['auto']))); if (!in_array(false, $set)) { Flash::notice(__("Settings updated."), "/admin/?action=cascade_settings"); } }
static function admin_emailblog_settings($admin) { if (!Visitor::current()->group->can("change_settings")) { show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings.")); } if (empty($_POST)) { return $admin->display("emailblog_settings"); } if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) { show_403(__("Access Denied"), __("Invalid security key.")); } $config = Config::current(); $set = array($config->set("emailblog_address", $_POST['email']), $config->set("emailblog_pass", $_POST['pass']), $config->set("emailblog_minutes", $_POST['minutes']), $config->set("emailblog_subjpass", $_POST['subjpass']), $config->set("emailblog_server", $_POST['server'])); if (!in_array(false, $set)) { Flash::notice(__("Settings updated."), "/admin/?action=emailblog_settings"); } }
public function admin_theme_editor($admin) { if (!Visitor::current()->group->can("change_settings")) { show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings.")); } if (empty($_POST)) { return $admin->display("theme_editor", array("editor" => self::admin_context($admin->context)), __("Theme Editor", "theme_editor")); } if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) { show_403(__("Access Denied"), __("Invalid security key.")); } if (isset($_POST['file']) and isset($_POST['newcontent'])) { $done = file_put_contents($_POST['file'], $_POST['newcontent']); if (!empty($done)) { Flash::notice(__("File Updated"), "/admin/?action=theme_editor&file=" . $_POST['cur_file']); } } }
static function admin_like_settings($admin) { $config = Config::current(); if (!Visitor::current()->group->can("change_settings")) { show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings.")); } if (empty($_POST)) { return $admin->display("like_settings"); } if (!isset($_POST['hash']) or $_POST['hash'] != $config->secure_hashkey) { show_403(__("Access Denied"), __("Invalid security key.")); } $likeText = array(); foreach ($_POST as $key => $value) { if (strstr($key, "likeText-")) { $exploded_array = explode("-", $key, 2); $likeText[$exploded_array[1]] = strip_tags(stripslashes($value)); } } $set = array($config->set("module_like", array("showOnFront" => isset($_POST['showOnFront']), "likeWithText" => isset($_POST['likeWithText']), "likeImage" => $_POST['likeImage'], "likeText" => $likeText))); if (!in_array(false, $set)) { Flash::notice(__("Settings updated."), "/admin/?action=like_settings"); } }
/** * Function: create * Attempts to create a comment using the passed information. If a Defensio API key is present, it will check it. * * Parameters: * $author - The name of the commenter. * $email - The commenter's email. * $url - The commenter's website. * $body - The comment. * $post - The <Post> they're commenting on. * $type - The type of comment. Optional, used for trackbacks/pingbacks. */ static function create($author, $email, $url, $body, $post, $type = null) { if (!self::user_can($post->id) and !in_array($type, array("trackback", "pingback"))) { return; } $config = Config::current(); $route = Route::current(); $visitor = Visitor::current(); if (!$type) { $status = $post->user_id == $visitor->id ? "approved" : $config->default_comment_status; $type = "comment"; } else { $status = $type; } if (!empty($config->defensio_api_key)) { $comment = array("user-ip" => $_SERVER['REMOTE_ADDR'], "article-date" => when("Y/m/d", $post->created_at), "comment-author" => $author, "comment-type" => $type, "comment-content" => $body, "comment-author-email" => $email, "comment-author-url" => $url, "permalink" => $post->url(), "referrer" => $_SERVER['HTTP_REFERER'], "user-logged-in" => logged_in()); $defensio = new Defensio($config->url, $config->defensio_api_key); list($spam, $spaminess, $signature) = $defensio->auditComment($comment); if ($spam) { self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], "spam", $signature, null, null, $post, $visitor->id); error(__("Spam Comment"), __("Your comment has been marked as spam. It will have to be approved before it will show up.", "comments")); } else { $comment = self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], $status, $signature, null, null, $post, $visitor->id); fallback($_SESSION['comments'], array()); $_SESSION['comments'][] = $comment->id; if (isset($_POST['ajax'])) { exit("{ comment_id: " . $comment->id . ", comment_timestamp: \"" . $comment->created_at . "\" }"); } Flash::notice(__("Comment added."), $post->url() . "#comment_" . $comment->id); } } else { $comment = self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], $status, "", null, null, $post, $visitor->id); fallback($_SESSION['comments'], array()); $_SESSION['comments'][] = $comment->id; if (isset($_POST['ajax'])) { exit("{ comment_id: " . $comment->id . ", comment_timestamp: \"" . $comment->created_at . "\" }"); } Flash::notice(__("Comment added."), $post->url() . "#comment_" . $comment->id); } }
/** * Function: create * Attempts to create a comment using the passed information. If the Akismet API key is present, it will check it. * * Parameters: * $body - The comment. * $author - The name of the commenter. * $url - The commenter's website. * $email - The commenter's email. * $post - The <Post> they're commenting on. * $parent - The <Comment> they're replying to. * $notify - Notification on follow-up comments. * $type - The type of comment. Optional, used for trackbacks/pingbacks. */ static function create($body, $author, $url, $email, $post, $parent, $notify, $type = null) { if (!self::user_can($post->id) and !in_array($type, array("trackback", "pingback"))) { return; } $config = Config::current(); $route = Route::current(); $visitor = Visitor::current(); if (!$type) { $status = $post->user_id == $visitor->id ? "approved" : $config->default_comment_status; $type = "comment"; } else { $status = $type; } if (!empty($config->akismet_api_key)) { $akismet = new Akismet($config->url, $config->akismet_api_key); $akismet->setCommentContent($body); $akismet->setCommentAuthor($author); $akismet->setCommentAuthorURL($url); $akismet->setCommentAuthorEmail($email); $akismet->setPermalink($post->url()); $akismet->setCommentType($type); $akismet->setReferrer($_SERVER['HTTP_REFERER']); $akismet->setUserIP($_SERVER['REMOTE_ADDR']); if ($akismet->isCommentSpam()) { self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], "spam", $post->id, $visitor->id, $parent, $notify); error(__("Spam Comment"), __("Your comment has been marked as spam. It has to be reviewed and/or approved by an admin.", "comments")); } else { $comment = self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], $status, $post->id, $visitor->id, $parent, $notify); fallback($_SESSION['comments'], array()); $_SESSION['comments'][] = $comment->id; if (isset($_POST['ajax'])) { exit("{ \"comment_id\": \"" . $comment->id . "\", \"comment_timestamp\": \"" . $comment->created_at . "\" }"); } Flash::notice(__("Comment added."), $post->url() . "#comments"); } } else { $comment = self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], $status, $post->id, $visitor->id, $parent, $notify); fallback($_SESSION['comments'], array()); $_SESSION['comments'][] = $comment->id; if (isset($_POST['ajax'])) { exit("{ \"comment_id\": \"" . $comment->id . "\", \"comment_timestamp\": \"" . $comment->created_at . "\" }"); } Flash::notice(__("Comment added."), $post->url() . "#comment"); } }
static function admin_manage_dropbox($admin) { if (!Visitor::current()->group->can("add_post", "add_draft")) { show_403(__("Access Denied"), __("You do not have sufficient privileges to create posts.")); } if (empty($_POST)) { return $admin->display("manage_dropbox"); } $config = Config::current(); if (!isset($config->module_dropbox["oauth_token"])) { Flash::notice(__("You need to authorize Dropbox first.", "dropbox"), "/admin/?action=dropbox_settings"); } $data = json_decode(file_get_contents("http://chyrp.net/api/1/dropboxsync.php?keys"), true); $app_key = $data["key"]; $app_secret = $data["secret"]; $storage = new \Dropbox\OAuth\Storage\Session(); $OAuth = new \Dropbox\OAuth\Consumer\Curl($app_key, $app_secret, $storage); $dropbox = new \Dropbox\API($OAuth); $delta = $dropbox->delta(); $delta = $delta["body"]; if ($delta->cursor != $config->module_dropbox["cursor"]) { if (count($delta->entries) > 0) { foreach ($delta->entries as $entry) { $tmpfname = tempnam("/tmp", "md"); $file = $dropbox->getFile(ltrim($entry[0], "/"), $tmpfname); $post = new FrontMatter($file["name"]); $date = explode(".", ltrim($entry[0], "/")); $values = array("title" => $post->fetch("title"), "body" => $post->fetch("content")); # Set defaults fallback($clean, oneof($post->fetch("slug"), strtolower(str_replace(" ", "-", $post->fetch("title"))))); fallback($url, Post::check_url($clean)); fallback($pinned, oneof($post->fetch("pinned"), 0)); fallback($status, oneof($post->fetch("status"), "public")); fallback($date, oneof(datetime($post->fetch("date")), datetime($date[0]))); $post = Post::add($values, $clean, $url, "text", 1, $pinned, $status, datetime($post->fetch("date")), datetime($post->fetch("date")), false); } } $set = array($config->set("module_dropbox", array("oauth_token_secret" => $config->module_dropbox['oauth_token_secret'], "oauth_token" => $config->module_dropbox['oauth_token'], "uid" => $config->module_dropbox['uid'], "cursor" => $delta->cursor))); if (!in_array(false, $set)) { Flash::notice(__("Post imported successfully.", "dropbox"), "/admin/?action=manage_posts"); } } }
public function admin_delete_category($admin) { if (!Visitor::current()->group()->can("manage_categorize")) { show_403(__("Access Denied"), __("You do not have sufficient privileges to manage categories.", "categorize")); } Category::deleteCategory($_REQUEST['id']); Flash::notice(__("Category deleted.", "categorize"), "/admin/?action=manage_category"); }
} catch (Exception $e) { print "<div style='background:#FFBBBB;border:1px solid red'>"; print "Test '{$test_name}' (FALLÓ) con mensaje: ({$e->getMessage()})"; print "</div>"; } if ($test) { $end_benckmark = microtime(true) - $start_benchmark; print "<div style='background:#CCFF99;border:1px solid green'>"; print "Test '{$test_name}' (OK) con tiempo: ({$end_benckmark})"; print "</div>"; } $test = true; $test_name = "CONTAR TABLAS Y DESCRIBIR TABLA TEST"; $start_benchmark = microtime(true); try { Flash::notice("HAY " . count($db->list_tables()) . " TABLA(S) EN LA BASE DE DATOS"); print_r($db->describe_table("kumbia_test")); } catch (Exception $e) { print "<div style='background:#FFBBBB;border:1px solid red'>"; print "Test '{$test_name}' (FALLÓ) con mensaje: ({$e->getMessage()})"; print "</div>"; } if ($test) { $end_benckmark = microtime(true) - $start_benchmark; print "<div style='background:#CCFF99;border:1px solid green'>"; print "Test '{$test_name}' (OK) con tiempo: ({$end_benckmark})"; print "</div>"; } $test = true; $test_name = "CERRAR LA CONEXION A LA BASE DE DATOS"; $start_benchmark = microtime(true);
public function destroy_version() { if (!isset($_POST['version_id'])) { error(__("Error"), __("No version ID specified.", "extend")); } $version = new Version($_POST['version_id']); if ($version->no_results) { error(__("Error"), __("Invalid version ID specified.", "extend")); } if (!$version->deletable()) { show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this version.", "extend")); } Version::delete($version->id); Flash::notice(__("Version deleted.", "extend"), $version->extension->url()); }
public function admin_clear_cache() { if (!Visitor::current()->group->can("change_settings")) { show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings.")); } $this->regenerate(); Flash::notice(__("Cache cleared.", "cacher"), "/admin/?action=cache_settings"); }
public function admin_destroy_milestone() { if (!isset($_POST['id'])) { error(__("Error"), __("No milestone ID specified.", "progress")); } if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) { show_403(__("Access Denied"), __("Invalid security key.")); } $milestone = new Milestone($_POST['id']); if ($milestone->no_results) { error(__("Error"), __("Invalid milestone ID specified.", "progress")); } if (!$milestone->deletable()) { show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this milestone.", "progress")); } foreach ($milestone->tickets as $ticket) { $ticket->update(null, null, $_POST['move_milestone']); } Milestone::delete($milestone->id); Flash::notice(__("Milestone deleted.", "progress"), "/admin/?action=manage_milestones"); }
function messages() { Flash::notice("Success message."); Flash::error("Error message."); $this->redirect(WWW_PATH . '/'); }
public function destroy_topic() { if (!isset($_POST['topic_id'])) { error(__("Error"), __("No topic ID specified.", "discuss")); } $topic = new Topic($_POST['topic_id']); if ($topic->no_results) { error(__("Error"), __("Invalid topic ID specified.", "discuss")); } if (!$topic->deletable()) { show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this topic.", "discuss")); } Topic::delete($topic->id); Flash::notice(__("Topic deleted.", "discuss"), $topic->forum->url()); }
public function admin_bulk_tag($admin) { if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) { show_403(__("Access Denied"), __("Invalid security key.")); } if (empty($_POST['name']) or empty($_POST['post'])) { redirect("/admin/?action=manage_tags"); } $sql = SQL::current(); foreach (array_map("trim", explode(",", $_POST['name'])) as $tag) { foreach ($_POST['post'] as $post_id) { $post = new Post($post_id); if (!$post->editable()) { continue; } $tags = $sql->select("post_attributes", "value", array("name" => "tags", "post_id" => $post_id)); if ($tags and $value = $tags->fetchColumn()) { $tags = YAML::load($value); } else { $tags = array(); } $tags[$tag] = sanitize($tag); $sql->replace("post_attributes", array("post_id", "name"), array("name" => "tags", "value" => YAML::dump($tags), "post_id" => $post_id)); } } Flash::notice(__("Posts tagged.", "tags"), "/admin/?action=manage_tags"); }
static function generate($form) { $config = Config::read(); $weightArray = array(); $headerArray = array(); $selectedFields = ""; $tables = ""; $whereCondition = ""; $maxCondition = ""; $n = 0; $db = db::raw_connect(); if (isset($form['dataFilter']) && $form['dataFilter']) { if (strpos($form['dataFilter'], '@')) { ereg("[\\@][A-Za-z0-9_]+", $form['dataFilter'], $regs); foreach ($regs as $reg) { $form['dataFilter'] = str_replace($reg, $_REQUEST["fl_" . str_replace("@", "", $reg)], $form['dataFilter']); } } } if ($form['type'] == 'standard') { if (isset($form['joinTables']) && $form['joinTables']) { $tables = $form['joinTables']; } if (isset($form['joinConditions']) && $form['joinConditions']) { $whereCondition = " " . $form['joinConditions']; } foreach ($form['components'] as $name => $com) { if (!isset($com['attributes']['value'])) { $com['attributes']['value'] = ""; } if ($_REQUEST['fl_' . $name] == $com['attributes']['value']) { $_REQUEST['fl_' . $name] = ""; } if (trim($_REQUEST["fl_" . $name]) && $_REQUEST["fl_" . $name] != '@') { if ($form['components'][$name]['valueType'] == 'date') { $whereCondition .= " and " . $form['source'] . ".{$name} = '" . $_REQUEST["fl_" . $name] . "'"; } else { if ($form['components'][$name]['valueType'] == 'numeric') { $whereCondition .= " and " . $form['source'] . ".{$name} = '" . $_REQUEST["fl_" . $name] . "'"; } else { if ($form['components'][$name]['type'] == 'hidden') { $whereCondition .= " and " . $form['source'] . ".{$name} = '" . $_REQUEST["fl_" . $name] . "'"; } else { if ($com['type'] == 'check') { if ($_REQUEST["fl_" . $name] == $form['components'][$name]['checkedValue']) { $whereCondition .= " and " . $form['source'] . ".{$name} = '" . $_REQUEST["fl_" . $name] . "'"; } } else { if ($com['type'] == 'time') { if ($_REQUEST["fl_" . $name] != '00:00') { $whereCondition .= " and {$form['source']}.{$name} = '" . $_REQUEST["fl_" . $name] . "'"; } } else { if ($com['primary'] || $com['type'] == 'combo') { $whereCondition .= " and " . $form['source'] . ".{$name} = '" . $_REQUEST["fl_" . $name] . "'"; } else { $whereCondition .= " and " . $form['source'] . ".{$name} like '%" . $_REQUEST["fl_" . $name] . "%'"; } } } } } } } } } //Modificaciones para seleccion de la ordenacion del report, si esta acabado en _id, quiere decir foreignkey //Cojeremos el texto sin el id, tendremos la tabla ActiveRecord::sql_item_sanizite($_REQUEST['reportTypeField']); if (substr($_REQUEST['reportTypeField'], strlen($_REQUEST['reportTypeField']) - 3, strlen($_REQUEST['reportTypeField'])) == "_id") { $OrderFields = substr($_REQUEST['reportTypeField'], 0, strlen($_REQUEST['reportTypeField']) - 3); } else { $OrderFields = $_REQUEST['reportTypeField']; } $maxCondition = $whereCondition; $n = 0; foreach ($form['components'] as $name => $com) { if (!isset($com['notReport'])) { $com['notReport'] = false; } if (!isset($com['class'])) { $com['class'] = false; } if (!$com['notReport']) { if (isset($com['caption']) && $com['caption']) { $headerArray[$n] = str_replace("ó", "ó", $com['caption']); $headerArray[$n] = str_replace("á", "á", $headerArray[$n]); $headerArray[$n] = str_replace("é", "é", $headerArray[$n]); $headerArray[$n] = str_replace("í", "í", $headerArray[$n]); $headerArray[$n] = str_replace("ú", "ú", $headerArray[$n]); $headerArray[$n] = str_replace("<br/>", " ", $headerArray[$n]); } else { $com['caption'] = ""; } if ($com['type'] == 'combo' && $com['class'] == 'dynamic') { if (isset($com['extraTables']) && $com['extraTables']) { $tables .= "{$com['extraTables']},"; } if (isset($com['whereConditionOnQuery']) && $com['whereConditionOnQuery']) { $whereCondition .= " and {$com['whereConditionOnQuery']}"; } if (strpos(" " . $com['detailField'], "concat(")) { $selectedFields .= $com['detailField'] . ","; } else { $selectedFields .= $com['foreignTable'] . "." . $com['detailField'] . ","; //Comparamos la Tabla foranea que tenemos, y cuando sea igual, suponiendo no hay //mas de una clave foranea por tabla, sabremos a que tabla pertenece if ($com['foreignTable'] == $OrderFields) { $OrderFields = $com['foreignTable'] . "." . $com['detailField']; } } $tables .= $com['foreignTable'] . ","; if ($com['column_relation']) { $whereCondition .= " and " . $com['foreignTable'] . "." . $com['column_relation'] . " = " . $form['source'] . "." . $name; } else { $whereCondition .= " and " . $com['foreignTable'] . "." . $name . " = " . $form['source'] . "." . $name; } $weightArray[$n] = strlen($headerArray[$n]) + 2; $n++; } else { if ($com['type'] != 'hidden') { if ($com['class'] == 'static' && isset($com['type']) && $com['type'] == 'combo') { $weightArray[$n] = strlen($headerArray[$n]) + 2; if ($config->type == 'pgsql') { $selectedFields .= "case "; } if ($config->type == 'mysql') { for ($i = 0; $i <= count($com['items']) - 2; $i++) { $selectedFields .= "if(" . $form['source'] . "." . $name . "='" . $com['items'][$i][0] . "', '" . $com['items'][$i][1] . "', "; if ($weightArray[$n] < strlen($com['items'][$i][1])) { $weightArray[$n] = strlen($com['items'][$i][1]) + 1; } } } if ($config->type == 'pgsql') { for ($i = 0; $i <= count($com['items']) - 1; $i++) { $selectedFields .= " when " . $form['source'] . "." . $name . "='" . $com['items'][$i][0] . "' THEN '" . $com['items'][$i][1] . "' "; if ($weightArray[$n] < strlen($com['items'][$i][1])) { $weightArray[$n] = strlen($com['items'][$i][1]) + 1; } } } $n++; if ($config->type == 'mysql') { $selectedFields .= "'" . $com['items'][$i][1] . "')"; for ($j = 0; $j <= $i - 2; $j++) { $selectedFields .= ")"; } } if ($config->type == 'pgsql') { $selectedFields .= " end "; } $selectedFields .= ","; } else { $selectedFields .= $form['source'] . "." . $name . ","; //Aqui seguro que no es foranea, entonces tenemos que poner la tabla principal // //antes para evitar repeticiones if ($name == $OrderFields) { $OrderFields = $form['source'] . "." . $OrderFields; } $weightArray[$n] = strlen($headerArray[$n]) + 2; $n++; } } } } } $tables .= $form['source']; $selectedFields = substr($selectedFields, 0, strlen($selectedFields) - 1); if (isset($form['dataRequisite']) && $form['dataRequisite']) { $whereCondition .= " and {$form['dataFilter']}"; } //Modificacion del order if ($OrderFields) { $OrderCondition = "Order By " . $OrderFields; } else { $OrderCondition = ""; } $query = "select {$selectedFields} from {$tables} where 1 = 1 " . $whereCondition . " " . $OrderCondition; $q = $db->query($query); if (!is_bool($q)) { if (!$db->num_rows($q)) { Flash::notice("No hay información para listar"); return; } } else { Flash::error($db->error()); return; } $result = array(); $n = 0; while ($row = $db->fetch_array($q, db::DB_NUM)) { $result[$n++] = $row; } foreach ($result as $row) { for ($i = 0; $i <= count($row) - 1; $i++) { if ($weightArray[$i] < strlen(trim($row[$i]))) { $weightArray[$i] = strlen(trim($row[$i])); } } } for ($i = 0; $i <= count($weightArray) - 1; $i++) { $weightArray[$i] *= 1.8; } $sumArray = array_sum($weightArray); if (!$_REQUEST['reportType']) { $_REQUEST['reportType'] = 'pdf'; } if ($_REQUEST['reportType'] != 'html') { $title = str_replace("ó", "ó", $form['caption']); $title = str_replace("á", "á", $title); $title = str_replace("é", "é", $title); $title = str_replace("í", "í", $title); $title = str_replace("ú", "ú", $title); } else { $title = $form['caption']; } switch ($_REQUEST['reportType']) { case 'pdf': require_once CORE_PATH . 'extensions/report/format/pdf.php'; pdf($result, $sumArray, $title, $weightArray, $headerArray); break; case 'xls': require_once CORE_PATH . 'extensions/report/format/xls.php'; xls($result, $sumArray, $title, $weightArray, $headerArray); break; case 'html': require_once CORE_PATH . 'extensions/report/format/htm.php'; htm($result, $sumArray, $title, $weightArray, $headerArray); break; case 'doc': require_once CORE_PATH . 'extensions/report/format/doc.php'; doc($result, $sumArray, $title, $weightArray, $headerArray); break; default: require_once CORE_PATH . 'extensions/report/format/pdf.php'; pdf($result, $sumArray, $title, $weightArray, $headerArray); break; } }
/** * Muestra Mensajes de Debug en Pantalla si esta habilitado * * @param string $sql */ protected function debug($sql) { if ($this->debug) { Flash::notice($sql); } }
public function destroy_ticket() { if (!isset($_POST['ticket_id'])) { error(__("Error"), __("No ticket ID specified.", "progress")); } $ticket = new Ticket($_POST['ticket_id']); if ($ticket->no_results) { error(__("Error"), __("Invalid ticket ID specified.", "progress")); } if (!$ticket->deletable()) { show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this ticket.", "progress")); } Ticket::delete($ticket->id); Flash::notice(__("Ticket deleted.", "progress"), $ticket->milestone->url()); }
/** * Function: lost_password * Handles e-mailing lost passwords to a user's email address. */ public function lost_password() { if (!empty($_POST)) { $user = new User(array("login" => $_POST['login'])); if ($user->no_results) { Flash::warning(__("Invalid user specified.")); return $this->display("forms/user/lost_password", array(), __("Lost Password")); } $new_password = random(16); $user->update($user->login, User::hashPassword($new_password), $user->email, $user->full_name, $user->website, $user->group_id); $sent = email($user->email, __("Lost Password Request"), _f("%s,\n\nWe have received a request for a new password for your account at %s.\n\nPlease log in with the following password, and feel free to change it once you've successfully logged in:\n\t%s", array($user->login, Config::current()->name, $new_password))); if ($sent) { Flash::notice(_f("An e-mail has been sent to your e-mail address that contains a new password. Once you have logged in, you can change it at <a href=\"%s\">User Controls</a>.", array(url("controls")))); } else { # Set their password back to what it was originally. $user->update($user->login, $user->password, $user->email, $user->full_name, $user->website, $user->group_id); Flash::warning(__("E-Mail could not be sent. Password change cancelled.")); } } $this->display("forms/user/lost_password", array(), __("Lost Password")); }
public function admin_destroy_type() { if (!isset($_POST['id'])) { error(__("Error"), __("No type ID specified.", "extend")); } if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) { show_403(__("Access Denied"), __("Invalid security key.")); } $type = new Type($_POST['id']); if ($type->no_results) { error(__("Error"), __("Invalid type ID specified.", "extend")); } if (!$type->deletable()) { show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this type.", "extend")); } foreach ($type->extensions as $extension) { $extension->update(null, null, $_POST['move_type']); } Type::delete($type->id); Flash::notice(__("Type deleted.", "extend"), "/admin/?action=manage_types"); }
/** * Function: route_settings * Route Settings page. */ public function route_settings() { if (!Visitor::current()->group->can("change_settings")) { show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings.")); } if (empty($_POST)) { return $this->display("route_settings"); } if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) { show_403(__("Access Denied"), __("Invalid security key.")); } $config = Config::current(); $set = array($config->set("clean_urls", !empty($_POST['clean_urls'])), $config->set("post_url", $_POST['post_url'])); if (!in_array(false, $set)) { Flash::notice(__("Settings updated."), "/admin/?action=route_settings"); } }
public function admin_destroy_aggregate($admin) { if (empty($_POST['id'])) { error(__("No ID Specified"), __("An ID is required to delete an aggregate.", "aggregator")); } if ($_POST['destroy'] == "bollocks") { redirect("/admin/?action=manage_aggregates"); } if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) { show_403(__("Access Denied"), __("Invalid security key.")); } if (!Visitor::current()->group->can("delete_aggregate")) { show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this aggregate.", "aggregator")); } $name = $_POST['id']; if ($_POST["delete_posts"]) { $this->delete_posts($name); $notice = __("Aggregate and its posts deleted.", "aggregator"); } else { $notice = __("Aggregate deleted.", "aggregator"); } $config = Config::current(); unset($config->aggregates[$name]); $config->set("aggregates", $config->aggregates); Flash::notice($notice, "/admin/?action=manage_aggregates"); }
static function admin_bulk_comments() { $from = !isset($_GET['from']) ? "manage_comments" : "manage_spam"; if (!isset($_POST['comment'])) { Flash::warning(__("No comments selected."), "/admin/?action=" . $from); } $comments = array_keys($_POST['comment']); if (isset($_POST['delete'])) { foreach ($comments as $comment) { $comment = new Comment($comment); if ($comment->deletable()) { Comment::delete($comment->id); } } Flash::notice(__("Selected comments deleted.", "comments")); } $false_positives = array(); $false_negatives = array(); $sql = SQL::current(); $config = Config::current(); if (isset($_POST['deny'])) { foreach ($comments as $comment) { $comment = new Comment($comment); if (!$comment->editable()) { continue; } if ($comment->status == "spam") { $false_positives[] = $comment->signature; } $sql->update("comments", array("id" => $comment->id), array("status" => "denied")); } Flash::notice(__("Selected comments denied.", "comments")); } if (isset($_POST['approve'])) { foreach ($comments as $comment) { $comment = new Comment($comment); if (!$comment->editable()) { continue; } if ($comment->status == "spam") { $false_positives[] = $comment->signature; } $sql->update("comments", array("id" => $comment->id), array("status" => "approved")); } Flash::notice(__("Selected comments approved.", "comments")); } if (isset($_POST['spam'])) { foreach ($comments as $comment) { $comment = new Comment($comment); if (!$comment->editable()) { continue; } $sql->update("comments", array("id" => $comment->id), array("status" => "spam")); $false_negatives[] = $comment->signature; } Flash::notice(__("Selected comments marked as spam.", "comments")); } if (!empty($config->defensio_api_key)) { $defensio = new Defensio($config->url, $config->defensio_api_key); if (!empty($false_positives)) { $defensio->submitFalsePositives(implode(",", $false_positives)); } if (!empty($false_negatives)) { $defensio->submitFalseNegatives(implode(",", $false_negatives)); } } redirect("/admin/?action=" . $from); }
public function admin_destroy_forum() { if (!isset($_POST['id'])) { error(__("Error"), __("No forum ID specified.", "discuss")); } if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) { show_403(__("Access Denied"), __("Invalid security key.")); } $forum = new Forum($_POST['id']); if ($forum->no_results) { error(__("Error"), __("Invalid forum ID specified.", "discuss")); } if (!$forum->deletable()) { show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this forum.", "discuss")); } foreach ($forum->topics as $topic) { $topic->update(null, null, $_POST['move_forum']); } Forum::delete($forum->id); Flash::notice(__("Forum deleted.", "discuss"), "/admin/?action=manage_forums"); }