/**
* Function: submit
* Submits a post to the blog owner.
*/
public function route_submit()
{
if (!Visitor::current()->group->can("submit_article")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to submit articles."));
}
if (!empty($_POST)) {
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
if (empty($_POST['body'])) {
Flash::notice(__("Post body can't be empty!"), redirect("/"));
}
if (!isset($_POST['draft'])) {
$_POST['draft'] = "true";
}
$_POST['body'] = "{$_POST['body']}\n\n\n{$_POST['name']}\n{$_POST['email']}\n";
$post = Feathers::$instances[$_POST['feather']]->submit();
if (!in_array(false, $post)) {
Flash::notice(__("Thank you for your submission. ", "submission"), "/");
}
}
if (Theme::current()->file_exists("forms/post/submit")) {
MainController::current()->display("forms/post/submit", array("feather" => $feather), __("Submit a Text Post"));
} else {
require "pages/submit.php";
}
}
public function route_makeRequest()
{
$type = pluralize(strip_tags($_GET['type']));
set_time_limit(0);
$fp = fopen("../{$type}/latest.zip", 'w+');
$url = str_replace(" ", "%20", strip_tags($_GET['url']));
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_TIMEOUT, 50);
curl_setopt($ch, CURLOPT_FILE, $fp);
# write curl response to file
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_exec($ch);
curl_close($ch);
fclose($fp);
$zip = new ZipArchive();
if ($zip->open("../{$type}/latest.zip") == true) {
mkdir("../{$type}/latest", 0777);
$zip->extractTo("../{$type}/latest");
$zip->close();
$handle = opendir("../{$type}/latest");
if ($handle) {
while (($file = readdir($handle)) !== false) {
if (is_dir("../{$type}/latest/{$file}")) {
if ($file != '.' and $file != '..') {
rename("../{$type}/latest/{$file}", "../{$type}/{$file}");
}
}
}
}
$this->rrmdir("../{$type}/latest");
unlink("../{$type}/latest.zip");
$this->rrmdir("../{$type}/__MACOSX");
}
Flash::notice(__("Extension downloaded successfully.", "extension_manager"), "/admin/?action=extend_manager");
}
public function admin_friendfeedr_settings($admin)
{
if (empty($_POST)) {
return $admin->display("friendfeedr_settings");
}
$config = Config::current();
if ($config->set("friendfeedr_username", $_POST['friendfeedr_username']) && $config->set("friendfeedr_wrapper", $_POST['friendfeedr_wrapper'])) {
Flash::notice(__("Settings updated."), "/admin/?action=friendfeedr_settings");
}
}
public function main_delete_attachment()
{
if (!isset($_GET['id'])) {
error(__("No ID Specified"), __("An ID is required to delete an attachment.", "attachments"));
}
$attachment = new Attachment($_GET['id']);
if ($attachment->no_results) {
error(__("Error"), __("Invalid attachment ID specified.", "attachments"));
}
if (!$attachment->deletable()) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this attachment.", "attachments"));
}
Attachment::delete($attachment->id);
Flash::notice(__("Attachment deleted.", "attachments"), $_SESSION['redirect_to']);
}
static function admin_obscura_settings($admin)
{
if (!Visitor::current()->group->can("change_settings")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
}
if (empty($_POST)) {
return $admin->display("obscura_settings");
}
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
$set = array(Config::current()->set("module_obscura", array("background" => $_POST['background'], "spacing" => $_POST['spacing'], "protect" => isset($_POST['protect']))));
if (!in_array(false, $set)) {
Flash::notice(__("Settings updated."), "/admin/?action=obscura_settings");
}
}
static function admin_cascade_settings($admin)
{
if (!Visitor::current()->group->can("change_settings")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
}
if (empty($_POST)) {
return $admin->display("cascade_settings");
}
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
$set = array(Config::current()->set("ajax_scroll_auto", isset($_POST['auto'])));
if (!in_array(false, $set)) {
Flash::notice(__("Settings updated."), "/admin/?action=cascade_settings");
}
}
static function admin_emailblog_settings($admin)
{
if (!Visitor::current()->group->can("change_settings")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
}
if (empty($_POST)) {
return $admin->display("emailblog_settings");
}
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
$config = Config::current();
$set = array($config->set("emailblog_address", $_POST['email']), $config->set("emailblog_pass", $_POST['pass']), $config->set("emailblog_minutes", $_POST['minutes']), $config->set("emailblog_subjpass", $_POST['subjpass']), $config->set("emailblog_server", $_POST['server']));
if (!in_array(false, $set)) {
Flash::notice(__("Settings updated."), "/admin/?action=emailblog_settings");
}
}
public function admin_theme_editor($admin)
{
if (!Visitor::current()->group->can("change_settings")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
}
if (empty($_POST)) {
return $admin->display("theme_editor", array("editor" => self::admin_context($admin->context)), __("Theme Editor", "theme_editor"));
}
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
if (isset($_POST['file']) and isset($_POST['newcontent'])) {
$done = file_put_contents($_POST['file'], $_POST['newcontent']);
if (!empty($done)) {
Flash::notice(__("File Updated"), "/admin/?action=theme_editor&file=" . $_POST['cur_file']);
}
}
}
static function admin_like_settings($admin)
{
$config = Config::current();
if (!Visitor::current()->group->can("change_settings")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
}
if (empty($_POST)) {
return $admin->display("like_settings");
}
if (!isset($_POST['hash']) or $_POST['hash'] != $config->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
$likeText = array();
foreach ($_POST as $key => $value) {
if (strstr($key, "likeText-")) {
$exploded_array = explode("-", $key, 2);
$likeText[$exploded_array[1]] = strip_tags(stripslashes($value));
}
}
$set = array($config->set("module_like", array("showOnFront" => isset($_POST['showOnFront']), "likeWithText" => isset($_POST['likeWithText']), "likeImage" => $_POST['likeImage'], "likeText" => $likeText)));
if (!in_array(false, $set)) {
Flash::notice(__("Settings updated."), "/admin/?action=like_settings");
}
}
/**
* Function: create
* Attempts to create a comment using the passed information. If a Defensio API key is present, it will check it.
*
* Parameters:
* $author - The name of the commenter.
* $email - The commenter's email.
* $url - The commenter's website.
* $body - The comment.
* $post - The <Post> they're commenting on.
* $type - The type of comment. Optional, used for trackbacks/pingbacks.
*/
static function create($author, $email, $url, $body, $post, $type = null)
{
if (!self::user_can($post->id) and !in_array($type, array("trackback", "pingback"))) {
return;
}
$config = Config::current();
$route = Route::current();
$visitor = Visitor::current();
if (!$type) {
$status = $post->user_id == $visitor->id ? "approved" : $config->default_comment_status;
$type = "comment";
} else {
$status = $type;
}
if (!empty($config->defensio_api_key)) {
$comment = array("user-ip" => $_SERVER['REMOTE_ADDR'], "article-date" => when("Y/m/d", $post->created_at), "comment-author" => $author, "comment-type" => $type, "comment-content" => $body, "comment-author-email" => $email, "comment-author-url" => $url, "permalink" => $post->url(), "referrer" => $_SERVER['HTTP_REFERER'], "user-logged-in" => logged_in());
$defensio = new Defensio($config->url, $config->defensio_api_key);
list($spam, $spaminess, $signature) = $defensio->auditComment($comment);
if ($spam) {
self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], "spam", $signature, null, null, $post, $visitor->id);
error(__("Spam Comment"), __("Your comment has been marked as spam. It will have to be approved before it will show up.", "comments"));
} else {
$comment = self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], $status, $signature, null, null, $post, $visitor->id);
fallback($_SESSION['comments'], array());
$_SESSION['comments'][] = $comment->id;
if (isset($_POST['ajax'])) {
exit("{ comment_id: " . $comment->id . ", comment_timestamp: \"" . $comment->created_at . "\" }");
}
Flash::notice(__("Comment added."), $post->url() . "#comment_" . $comment->id);
}
} else {
$comment = self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], $status, "", null, null, $post, $visitor->id);
fallback($_SESSION['comments'], array());
$_SESSION['comments'][] = $comment->id;
if (isset($_POST['ajax'])) {
exit("{ comment_id: " . $comment->id . ", comment_timestamp: \"" . $comment->created_at . "\" }");
}
Flash::notice(__("Comment added."), $post->url() . "#comment_" . $comment->id);
}
}
/**
* Function: create
* Attempts to create a comment using the passed information. If the Akismet API key is present, it will check it.
*
* Parameters:
* $body - The comment.
* $author - The name of the commenter.
* $url - The commenter's website.
* $email - The commenter's email.
* $post - The <Post> they're commenting on.
* $parent - The <Comment> they're replying to.
* $notify - Notification on follow-up comments.
* $type - The type of comment. Optional, used for trackbacks/pingbacks.
*/
static function create($body, $author, $url, $email, $post, $parent, $notify, $type = null)
{
if (!self::user_can($post->id) and !in_array($type, array("trackback", "pingback"))) {
return;
}
$config = Config::current();
$route = Route::current();
$visitor = Visitor::current();
if (!$type) {
$status = $post->user_id == $visitor->id ? "approved" : $config->default_comment_status;
$type = "comment";
} else {
$status = $type;
}
if (!empty($config->akismet_api_key)) {
$akismet = new Akismet($config->url, $config->akismet_api_key);
$akismet->setCommentContent($body);
$akismet->setCommentAuthor($author);
$akismet->setCommentAuthorURL($url);
$akismet->setCommentAuthorEmail($email);
$akismet->setPermalink($post->url());
$akismet->setCommentType($type);
$akismet->setReferrer($_SERVER['HTTP_REFERER']);
$akismet->setUserIP($_SERVER['REMOTE_ADDR']);
if ($akismet->isCommentSpam()) {
self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], "spam", $post->id, $visitor->id, $parent, $notify);
error(__("Spam Comment"), __("Your comment has been marked as spam. It has to be reviewed and/or approved by an admin.", "comments"));
} else {
$comment = self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], $status, $post->id, $visitor->id, $parent, $notify);
fallback($_SESSION['comments'], array());
$_SESSION['comments'][] = $comment->id;
if (isset($_POST['ajax'])) {
exit("{ \"comment_id\": \"" . $comment->id . "\", \"comment_timestamp\": \"" . $comment->created_at . "\" }");
}
Flash::notice(__("Comment added."), $post->url() . "#comments");
}
} else {
$comment = self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], $status, $post->id, $visitor->id, $parent, $notify);
fallback($_SESSION['comments'], array());
$_SESSION['comments'][] = $comment->id;
if (isset($_POST['ajax'])) {
exit("{ \"comment_id\": \"" . $comment->id . "\", \"comment_timestamp\": \"" . $comment->created_at . "\" }");
}
Flash::notice(__("Comment added."), $post->url() . "#comment");
}
}
static function admin_manage_dropbox($admin)
{
if (!Visitor::current()->group->can("add_post", "add_draft")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to create posts."));
}
if (empty($_POST)) {
return $admin->display("manage_dropbox");
}
$config = Config::current();
if (!isset($config->module_dropbox["oauth_token"])) {
Flash::notice(__("You need to authorize Dropbox first.", "dropbox"), "/admin/?action=dropbox_settings");
}
$data = json_decode(file_get_contents("http://chyrp.net/api/1/dropboxsync.php?keys"), true);
$app_key = $data["key"];
$app_secret = $data["secret"];
$storage = new \Dropbox\OAuth\Storage\Session();
$OAuth = new \Dropbox\OAuth\Consumer\Curl($app_key, $app_secret, $storage);
$dropbox = new \Dropbox\API($OAuth);
$delta = $dropbox->delta();
$delta = $delta["body"];
if ($delta->cursor != $config->module_dropbox["cursor"]) {
if (count($delta->entries) > 0) {
foreach ($delta->entries as $entry) {
$tmpfname = tempnam("/tmp", "md");
$file = $dropbox->getFile(ltrim($entry[0], "/"), $tmpfname);
$post = new FrontMatter($file["name"]);
$date = explode(".", ltrim($entry[0], "/"));
$values = array("title" => $post->fetch("title"), "body" => $post->fetch("content"));
# Set defaults
fallback($clean, oneof($post->fetch("slug"), strtolower(str_replace(" ", "-", $post->fetch("title")))));
fallback($url, Post::check_url($clean));
fallback($pinned, oneof($post->fetch("pinned"), 0));
fallback($status, oneof($post->fetch("status"), "public"));
fallback($date, oneof(datetime($post->fetch("date")), datetime($date[0])));
$post = Post::add($values, $clean, $url, "text", 1, $pinned, $status, datetime($post->fetch("date")), datetime($post->fetch("date")), false);
}
}
$set = array($config->set("module_dropbox", array("oauth_token_secret" => $config->module_dropbox['oauth_token_secret'], "oauth_token" => $config->module_dropbox['oauth_token'], "uid" => $config->module_dropbox['uid'], "cursor" => $delta->cursor)));
if (!in_array(false, $set)) {
Flash::notice(__("Post imported successfully.", "dropbox"), "/admin/?action=manage_posts");
}
}
}
public function admin_delete_category($admin)
{
if (!Visitor::current()->group()->can("manage_categorize")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to manage categories.", "categorize"));
}
Category::deleteCategory($_REQUEST['id']);
Flash::notice(__("Category deleted.", "categorize"), "/admin/?action=manage_category");
}
} catch (Exception $e) {
print "<div style='background:#FFBBBB;border:1px solid red'>";
print "Test '{$test_name}' (FALLÓ) con mensaje: ({$e->getMessage()})";
print "</div>";
}
if ($test) {
$end_benckmark = microtime(true) - $start_benchmark;
print "<div style='background:#CCFF99;border:1px solid green'>";
print "Test '{$test_name}' (OK) con tiempo: ({$end_benckmark})";
print "</div>";
}
$test = true;
$test_name = "CONTAR TABLAS Y DESCRIBIR TABLA TEST";
$start_benchmark = microtime(true);
try {
Flash::notice("HAY " . count($db->list_tables()) . " TABLA(S) EN LA BASE DE DATOS");
print_r($db->describe_table("kumbia_test"));
} catch (Exception $e) {
print "<div style='background:#FFBBBB;border:1px solid red'>";
print "Test '{$test_name}' (FALLÓ) con mensaje: ({$e->getMessage()})";
print "</div>";
}
if ($test) {
$end_benckmark = microtime(true) - $start_benchmark;
print "<div style='background:#CCFF99;border:1px solid green'>";
print "Test '{$test_name}' (OK) con tiempo: ({$end_benckmark})";
print "</div>";
}
$test = true;
$test_name = "CERRAR LA CONEXION A LA BASE DE DATOS";
$start_benchmark = microtime(true);
public function destroy_version()
{
if (!isset($_POST['version_id'])) {
error(__("Error"), __("No version ID specified.", "extend"));
}
$version = new Version($_POST['version_id']);
if ($version->no_results) {
error(__("Error"), __("Invalid version ID specified.", "extend"));
}
if (!$version->deletable()) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this version.", "extend"));
}
Version::delete($version->id);
Flash::notice(__("Version deleted.", "extend"), $version->extension->url());
}
public function admin_clear_cache()
{
if (!Visitor::current()->group->can("change_settings")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
}
$this->regenerate();
Flash::notice(__("Cache cleared.", "cacher"), "/admin/?action=cache_settings");
}
public function admin_destroy_milestone()
{
if (!isset($_POST['id'])) {
error(__("Error"), __("No milestone ID specified.", "progress"));
}
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
$milestone = new Milestone($_POST['id']);
if ($milestone->no_results) {
error(__("Error"), __("Invalid milestone ID specified.", "progress"));
}
if (!$milestone->deletable()) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this milestone.", "progress"));
}
foreach ($milestone->tickets as $ticket) {
$ticket->update(null, null, $_POST['move_milestone']);
}
Milestone::delete($milestone->id);
Flash::notice(__("Milestone deleted.", "progress"), "/admin/?action=manage_milestones");
}
function messages() {
Flash::notice("Success message.");
Flash::error("Error message.");
$this->redirect(WWW_PATH . '/');
}
public function destroy_topic()
{
if (!isset($_POST['topic_id'])) {
error(__("Error"), __("No topic ID specified.", "discuss"));
}
$topic = new Topic($_POST['topic_id']);
if ($topic->no_results) {
error(__("Error"), __("Invalid topic ID specified.", "discuss"));
}
if (!$topic->deletable()) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this topic.", "discuss"));
}
Topic::delete($topic->id);
Flash::notice(__("Topic deleted.", "discuss"), $topic->forum->url());
}
public function admin_bulk_tag($admin)
{
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
if (empty($_POST['name']) or empty($_POST['post'])) {
redirect("/admin/?action=manage_tags");
}
$sql = SQL::current();
foreach (array_map("trim", explode(",", $_POST['name'])) as $tag) {
foreach ($_POST['post'] as $post_id) {
$post = new Post($post_id);
if (!$post->editable()) {
continue;
}
$tags = $sql->select("post_attributes", "value", array("name" => "tags", "post_id" => $post_id));
if ($tags and $value = $tags->fetchColumn()) {
$tags = YAML::load($value);
} else {
$tags = array();
}
$tags[$tag] = sanitize($tag);
$sql->replace("post_attributes", array("post_id", "name"), array("name" => "tags", "value" => YAML::dump($tags), "post_id" => $post_id));
}
}
Flash::notice(__("Posts tagged.", "tags"), "/admin/?action=manage_tags");
}
static function generate($form)
{
$config = Config::read();
$weightArray = array();
$headerArray = array();
$selectedFields = "";
$tables = "";
$whereCondition = "";
$maxCondition = "";
$n = 0;
$db = db::raw_connect();
if (isset($form['dataFilter']) && $form['dataFilter']) {
if (strpos($form['dataFilter'], '@')) {
ereg("[\\@][A-Za-z0-9_]+", $form['dataFilter'], $regs);
foreach ($regs as $reg) {
$form['dataFilter'] = str_replace($reg, $_REQUEST["fl_" . str_replace("@", "", $reg)], $form['dataFilter']);
}
}
}
if ($form['type'] == 'standard') {
if (isset($form['joinTables']) && $form['joinTables']) {
$tables = $form['joinTables'];
}
if (isset($form['joinConditions']) && $form['joinConditions']) {
$whereCondition = " " . $form['joinConditions'];
}
foreach ($form['components'] as $name => $com) {
if (!isset($com['attributes']['value'])) {
$com['attributes']['value'] = "";
}
if ($_REQUEST['fl_' . $name] == $com['attributes']['value']) {
$_REQUEST['fl_' . $name] = "";
}
if (trim($_REQUEST["fl_" . $name]) && $_REQUEST["fl_" . $name] != '@') {
if ($form['components'][$name]['valueType'] == 'date') {
$whereCondition .= " and " . $form['source'] . ".{$name} = '" . $_REQUEST["fl_" . $name] . "'";
} else {
if ($form['components'][$name]['valueType'] == 'numeric') {
$whereCondition .= " and " . $form['source'] . ".{$name} = '" . $_REQUEST["fl_" . $name] . "'";
} else {
if ($form['components'][$name]['type'] == 'hidden') {
$whereCondition .= " and " . $form['source'] . ".{$name} = '" . $_REQUEST["fl_" . $name] . "'";
} else {
if ($com['type'] == 'check') {
if ($_REQUEST["fl_" . $name] == $form['components'][$name]['checkedValue']) {
$whereCondition .= " and " . $form['source'] . ".{$name} = '" . $_REQUEST["fl_" . $name] . "'";
}
} else {
if ($com['type'] == 'time') {
if ($_REQUEST["fl_" . $name] != '00:00') {
$whereCondition .= " and {$form['source']}.{$name} = '" . $_REQUEST["fl_" . $name] . "'";
}
} else {
if ($com['primary'] || $com['type'] == 'combo') {
$whereCondition .= " and " . $form['source'] . ".{$name} = '" . $_REQUEST["fl_" . $name] . "'";
} else {
$whereCondition .= " and " . $form['source'] . ".{$name} like '%" . $_REQUEST["fl_" . $name] . "%'";
}
}
}
}
}
}
}
}
}
//Modificaciones para seleccion de la ordenacion del report, si esta acabado en _id, quiere decir foreignkey
//Cojeremos el texto sin el id, tendremos la tabla
ActiveRecord::sql_item_sanizite($_REQUEST['reportTypeField']);
if (substr($_REQUEST['reportTypeField'], strlen($_REQUEST['reportTypeField']) - 3, strlen($_REQUEST['reportTypeField'])) == "_id") {
$OrderFields = substr($_REQUEST['reportTypeField'], 0, strlen($_REQUEST['reportTypeField']) - 3);
} else {
$OrderFields = $_REQUEST['reportTypeField'];
}
$maxCondition = $whereCondition;
$n = 0;
foreach ($form['components'] as $name => $com) {
if (!isset($com['notReport'])) {
$com['notReport'] = false;
}
if (!isset($com['class'])) {
$com['class'] = false;
}
if (!$com['notReport']) {
if (isset($com['caption']) && $com['caption']) {
$headerArray[$n] = str_replace("ó", "ó", $com['caption']);
$headerArray[$n] = str_replace("á", "á", $headerArray[$n]);
$headerArray[$n] = str_replace("é", "é", $headerArray[$n]);
$headerArray[$n] = str_replace("í", "í", $headerArray[$n]);
$headerArray[$n] = str_replace("ú", "ú", $headerArray[$n]);
$headerArray[$n] = str_replace("<br/>", " ", $headerArray[$n]);
} else {
$com['caption'] = "";
}
if ($com['type'] == 'combo' && $com['class'] == 'dynamic') {
if (isset($com['extraTables']) && $com['extraTables']) {
$tables .= "{$com['extraTables']},";
}
if (isset($com['whereConditionOnQuery']) && $com['whereConditionOnQuery']) {
$whereCondition .= " and {$com['whereConditionOnQuery']}";
}
if (strpos(" " . $com['detailField'], "concat(")) {
$selectedFields .= $com['detailField'] . ",";
} else {
$selectedFields .= $com['foreignTable'] . "." . $com['detailField'] . ",";
//Comparamos la Tabla foranea que tenemos, y cuando sea igual, suponiendo no hay
//mas de una clave foranea por tabla, sabremos a que tabla pertenece
if ($com['foreignTable'] == $OrderFields) {
$OrderFields = $com['foreignTable'] . "." . $com['detailField'];
}
}
$tables .= $com['foreignTable'] . ",";
if ($com['column_relation']) {
$whereCondition .= " and " . $com['foreignTable'] . "." . $com['column_relation'] . " = " . $form['source'] . "." . $name;
} else {
$whereCondition .= " and " . $com['foreignTable'] . "." . $name . " = " . $form['source'] . "." . $name;
}
$weightArray[$n] = strlen($headerArray[$n]) + 2;
$n++;
} else {
if ($com['type'] != 'hidden') {
if ($com['class'] == 'static' && isset($com['type']) && $com['type'] == 'combo') {
$weightArray[$n] = strlen($headerArray[$n]) + 2;
if ($config->type == 'pgsql') {
$selectedFields .= "case ";
}
if ($config->type == 'mysql') {
for ($i = 0; $i <= count($com['items']) - 2; $i++) {
$selectedFields .= "if(" . $form['source'] . "." . $name . "='" . $com['items'][$i][0] . "', '" . $com['items'][$i][1] . "', ";
if ($weightArray[$n] < strlen($com['items'][$i][1])) {
$weightArray[$n] = strlen($com['items'][$i][1]) + 1;
}
}
}
if ($config->type == 'pgsql') {
for ($i = 0; $i <= count($com['items']) - 1; $i++) {
$selectedFields .= " when " . $form['source'] . "." . $name . "='" . $com['items'][$i][0] . "' THEN '" . $com['items'][$i][1] . "' ";
if ($weightArray[$n] < strlen($com['items'][$i][1])) {
$weightArray[$n] = strlen($com['items'][$i][1]) + 1;
}
}
}
$n++;
if ($config->type == 'mysql') {
$selectedFields .= "'" . $com['items'][$i][1] . "')";
for ($j = 0; $j <= $i - 2; $j++) {
$selectedFields .= ")";
}
}
if ($config->type == 'pgsql') {
$selectedFields .= " end ";
}
$selectedFields .= ",";
} else {
$selectedFields .= $form['source'] . "." . $name . ",";
//Aqui seguro que no es foranea, entonces tenemos que poner la tabla principal //
//antes para evitar repeticiones
if ($name == $OrderFields) {
$OrderFields = $form['source'] . "." . $OrderFields;
}
$weightArray[$n] = strlen($headerArray[$n]) + 2;
$n++;
}
}
}
}
}
$tables .= $form['source'];
$selectedFields = substr($selectedFields, 0, strlen($selectedFields) - 1);
if (isset($form['dataRequisite']) && $form['dataRequisite']) {
$whereCondition .= " and {$form['dataFilter']}";
}
//Modificacion del order
if ($OrderFields) {
$OrderCondition = "Order By " . $OrderFields;
} else {
$OrderCondition = "";
}
$query = "select {$selectedFields} from {$tables} where 1 = 1 " . $whereCondition . " " . $OrderCondition;
$q = $db->query($query);
if (!is_bool($q)) {
if (!$db->num_rows($q)) {
Flash::notice("No hay información para listar");
return;
}
} else {
Flash::error($db->error());
return;
}
$result = array();
$n = 0;
while ($row = $db->fetch_array($q, db::DB_NUM)) {
$result[$n++] = $row;
}
foreach ($result as $row) {
for ($i = 0; $i <= count($row) - 1; $i++) {
if ($weightArray[$i] < strlen(trim($row[$i]))) {
$weightArray[$i] = strlen(trim($row[$i]));
}
}
}
for ($i = 0; $i <= count($weightArray) - 1; $i++) {
$weightArray[$i] *= 1.8;
}
$sumArray = array_sum($weightArray);
if (!$_REQUEST['reportType']) {
$_REQUEST['reportType'] = 'pdf';
}
if ($_REQUEST['reportType'] != 'html') {
$title = str_replace("ó", "ó", $form['caption']);
$title = str_replace("á", "á", $title);
$title = str_replace("é", "é", $title);
$title = str_replace("í", "í", $title);
$title = str_replace("ú", "ú", $title);
} else {
$title = $form['caption'];
}
switch ($_REQUEST['reportType']) {
case 'pdf':
require_once CORE_PATH . 'extensions/report/format/pdf.php';
pdf($result, $sumArray, $title, $weightArray, $headerArray);
break;
case 'xls':
require_once CORE_PATH . 'extensions/report/format/xls.php';
xls($result, $sumArray, $title, $weightArray, $headerArray);
break;
case 'html':
require_once CORE_PATH . 'extensions/report/format/htm.php';
htm($result, $sumArray, $title, $weightArray, $headerArray);
break;
case 'doc':
require_once CORE_PATH . 'extensions/report/format/doc.php';
doc($result, $sumArray, $title, $weightArray, $headerArray);
break;
default:
require_once CORE_PATH . 'extensions/report/format/pdf.php';
pdf($result, $sumArray, $title, $weightArray, $headerArray);
break;
}
}
/**
* Muestra Mensajes de Debug en Pantalla si esta habilitado
*
* @param string $sql
*/
protected function debug($sql)
{
if ($this->debug) {
Flash::notice($sql);
}
}
public function destroy_ticket()
{
if (!isset($_POST['ticket_id'])) {
error(__("Error"), __("No ticket ID specified.", "progress"));
}
$ticket = new Ticket($_POST['ticket_id']);
if ($ticket->no_results) {
error(__("Error"), __("Invalid ticket ID specified.", "progress"));
}
if (!$ticket->deletable()) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this ticket.", "progress"));
}
Ticket::delete($ticket->id);
Flash::notice(__("Ticket deleted.", "progress"), $ticket->milestone->url());
}
/**
* Function: lost_password
* Handles e-mailing lost passwords to a user's email address.
*/
public function lost_password()
{
if (!empty($_POST)) {
$user = new User(array("login" => $_POST['login']));
if ($user->no_results) {
Flash::warning(__("Invalid user specified."));
return $this->display("forms/user/lost_password", array(), __("Lost Password"));
}
$new_password = random(16);
$user->update($user->login, User::hashPassword($new_password), $user->email, $user->full_name, $user->website, $user->group_id);
$sent = email($user->email, __("Lost Password Request"), _f("%s,\n\nWe have received a request for a new password for your account at %s.\n\nPlease log in with the following password, and feel free to change it once you've successfully logged in:\n\t%s", array($user->login, Config::current()->name, $new_password)));
if ($sent) {
Flash::notice(_f("An e-mail has been sent to your e-mail address that contains a new password. Once you have logged in, you can change it at <a href=\"%s\">User Controls</a>.", array(url("controls"))));
} else {
# Set their password back to what it was originally.
$user->update($user->login, $user->password, $user->email, $user->full_name, $user->website, $user->group_id);
Flash::warning(__("E-Mail could not be sent. Password change cancelled."));
}
}
$this->display("forms/user/lost_password", array(), __("Lost Password"));
}
public function admin_destroy_type()
{
if (!isset($_POST['id'])) {
error(__("Error"), __("No type ID specified.", "extend"));
}
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
$type = new Type($_POST['id']);
if ($type->no_results) {
error(__("Error"), __("Invalid type ID specified.", "extend"));
}
if (!$type->deletable()) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this type.", "extend"));
}
foreach ($type->extensions as $extension) {
$extension->update(null, null, $_POST['move_type']);
}
Type::delete($type->id);
Flash::notice(__("Type deleted.", "extend"), "/admin/?action=manage_types");
}
/**
* Function: route_settings
* Route Settings page.
*/
public function route_settings()
{
if (!Visitor::current()->group->can("change_settings")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to change settings."));
}
if (empty($_POST)) {
return $this->display("route_settings");
}
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
$config = Config::current();
$set = array($config->set("clean_urls", !empty($_POST['clean_urls'])), $config->set("post_url", $_POST['post_url']));
if (!in_array(false, $set)) {
Flash::notice(__("Settings updated."), "/admin/?action=route_settings");
}
}
public function admin_destroy_aggregate($admin)
{
if (empty($_POST['id'])) {
error(__("No ID Specified"), __("An ID is required to delete an aggregate.", "aggregator"));
}
if ($_POST['destroy'] == "bollocks") {
redirect("/admin/?action=manage_aggregates");
}
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
if (!Visitor::current()->group->can("delete_aggregate")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this aggregate.", "aggregator"));
}
$name = $_POST['id'];
if ($_POST["delete_posts"]) {
$this->delete_posts($name);
$notice = __("Aggregate and its posts deleted.", "aggregator");
} else {
$notice = __("Aggregate deleted.", "aggregator");
}
$config = Config::current();
unset($config->aggregates[$name]);
$config->set("aggregates", $config->aggregates);
Flash::notice($notice, "/admin/?action=manage_aggregates");
}
static function admin_bulk_comments()
{
$from = !isset($_GET['from']) ? "manage_comments" : "manage_spam";
if (!isset($_POST['comment'])) {
Flash::warning(__("No comments selected."), "/admin/?action=" . $from);
}
$comments = array_keys($_POST['comment']);
if (isset($_POST['delete'])) {
foreach ($comments as $comment) {
$comment = new Comment($comment);
if ($comment->deletable()) {
Comment::delete($comment->id);
}
}
Flash::notice(__("Selected comments deleted.", "comments"));
}
$false_positives = array();
$false_negatives = array();
$sql = SQL::current();
$config = Config::current();
if (isset($_POST['deny'])) {
foreach ($comments as $comment) {
$comment = new Comment($comment);
if (!$comment->editable()) {
continue;
}
if ($comment->status == "spam") {
$false_positives[] = $comment->signature;
}
$sql->update("comments", array("id" => $comment->id), array("status" => "denied"));
}
Flash::notice(__("Selected comments denied.", "comments"));
}
if (isset($_POST['approve'])) {
foreach ($comments as $comment) {
$comment = new Comment($comment);
if (!$comment->editable()) {
continue;
}
if ($comment->status == "spam") {
$false_positives[] = $comment->signature;
}
$sql->update("comments", array("id" => $comment->id), array("status" => "approved"));
}
Flash::notice(__("Selected comments approved.", "comments"));
}
if (isset($_POST['spam'])) {
foreach ($comments as $comment) {
$comment = new Comment($comment);
if (!$comment->editable()) {
continue;
}
$sql->update("comments", array("id" => $comment->id), array("status" => "spam"));
$false_negatives[] = $comment->signature;
}
Flash::notice(__("Selected comments marked as spam.", "comments"));
}
if (!empty($config->defensio_api_key)) {
$defensio = new Defensio($config->url, $config->defensio_api_key);
if (!empty($false_positives)) {
$defensio->submitFalsePositives(implode(",", $false_positives));
}
if (!empty($false_negatives)) {
$defensio->submitFalseNegatives(implode(",", $false_negatives));
}
}
redirect("/admin/?action=" . $from);
}
public function admin_destroy_forum()
{
if (!isset($_POST['id'])) {
error(__("Error"), __("No forum ID specified.", "discuss"));
}
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
$forum = new Forum($_POST['id']);
if ($forum->no_results) {
error(__("Error"), __("Invalid forum ID specified.", "discuss"));
}
if (!$forum->deletable()) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to delete this forum.", "discuss"));
}
foreach ($forum->topics as $topic) {
$topic->update(null, null, $_POST['move_forum']);
}
Forum::delete($forum->id);
Flash::notice(__("Forum deleted.", "discuss"), "/admin/?action=manage_forums");
}
