/**
* Saves the settings.
*/
private final function _save()
{
$data = $_POST['setting'];
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'setting')) {
Flash::set('error', __('Invalid CSRF token found!'));
Observer::notify('csrf_token_invalid', AuthUser::getUserName());
redirect(get_url('setting'));
}
} else {
Flash::set('error', __('No CSRF token found!'));
Observer::notify('csrf_token_not_found', AuthUser::getUserName());
redirect(get_url('setting'));
}
if (!isset($data['allow_html_title'])) {
$data['allow_html_title'] = 'off';
}
use_helper('Kses');
$allowed = array('img' => array('src' => array()), 'abbr' => array('title' => array()), 'acronym' => array('title' => array()), 'b' => array(), 'blockquote' => array('cite' => array()), 'br' => array(), 'code' => array(), 'em' => array(), 'i' => array(), 'p' => array(), 'strike' => array(), 'strong' => array());
$data['admin_title'] = kses(trim($data['admin_title']), $allowed);
Setting::saveFromData($data);
Flash::set('success', __('Settings have been saved!'));
redirect(get_url('setting'));
}
private function _edit($id)
{
$data = $_POST['user'];
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'user/edit')) {
Flash::set('error', __('Invalid CSRF token found!'));
redirect(get_url('user/add'));
}
} else {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('user/edit'));
}
// check if user want to change the password
if (strlen($data['password']) > 0) {
// check if pass and confirm are egal and >= 5 chars
if (strlen($data['password']) >= 5 && $data['password'] == $data['confirm']) {
unset($data['confirm']);
} else {
Flash::set('error', __('Password and Confirm are not the same or too small!'));
redirect(get_url('user/edit/' . $id));
}
} else {
unset($data['password'], $data['confirm']);
}
$user = Record::findByIdFrom('User', $id);
if (isset($data['password'])) {
$data['password'] = AuthUser::generateHashedPassword($data['password'], $user->salt);
}
$user->setFromData($data);
if ($user->save()) {
if (AuthUser::hasPermission('administrator')) {
// now we need to add permissions
$data = isset($_POST['user_permission']) ? $_POST['user_permission'] : array();
UserPermission::setPermissionsFor($user->id, $data);
}
Flash::set('success', __('User has been saved!'));
} else {
Flash::set('error', __('User has not been saved!'));
}
if (AuthUser::getId() == $id) {
redirect(get_url('user/edit/' . $id));
} else {
redirect(get_url('user'));
}
}
echo date("d-M-Y", strtotime($testimonial->created_on));
?>
</td>
<td><?php
echo $testimonial->updated_on === NULL ? '' : date("d-M-Y", strtotime($testimonial->updated_on));
?>
</td>-->
<td>
<a href="<?php
echo get_url('testimonial/edit/' . $testimonial->id);
?>
"><img src="<?php
echo URL_PUBLIC;
?>
wolf/admin/images/icon-edit.gif" alt="edit icon" /></a> <a href="<?php
echo get_url('testimonial/delete/' . $testimonial->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'testimonial/delete/' . $testimonial->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete testimonial : ') . ' ' . $testimonial->name . '?';
?>
');"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" alt="<?php
echo __('delete testimonial');
?>
" title="<?php
echo __('Delete testimonial');
?>
" /></a>
</td>
/**
* Validates whether a given secure token is still valid.
*
* The validateToken() method validates the token is valid by checking:
* - that the token is not expired (through the time),
* - the token is valid for this user,
* - the token is valid for this url
*
* It does so by reconstructing the token. If at any time during the valid
* period of the token, the username, user password or the url changed, the
* token is considered invalid.
*
* The token is also considered invalid if more than SecureToken::EXPIRES seconds
* have passed.
*
* @param string $token The token.
* @param string $url The url for which the token was generated.
* @return boolean True if the token is valid, otherwise false.
*/
public static final function validateToken($token, $url)
{
use_helper('Hash');
$hash = new Crypt_Hash('sha256');
AuthUser::load();
if (AuthUser::isLoggedIn()) {
$user = AuthUser::getRecord();
$target_url = str_replace('&', '&', $url);
$pwd = substr(bin2hex($hash->hash($user->password)), 5, 20);
$time = SecureToken::getTokenTime($user->username, $target_url);
if (microtime(true) - $time > self::EXPIRES) {
return false;
}
return bin2hex($hash->hash($user->username . $time . $target_url . $pwd . $user->salt)) === $token;
}
return false;
}
private function _edit($id)
{
use_helper('Validate');
$data = $_POST['testimonial'];
Flash::set('testimonial_postdata', $data);
$errors = false;
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'testimonial/edit/' . $id)) {
Flash::set('error', __('Invalid CSRF token found!'));
redirect(get_url('testimonial/edit/' . $id));
}
} else {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('testimonial/edit/' . $id));
}
if (empty($data['name'])) {
Flash::set('error', __('You have to specify a name!'));
redirect(get_url('testimonial/add'));
}
if ($errors !== false) {
// Set the errors to be displayed.
Flash::set('error', implode('<br/>', $errors));
redirect(get_url('testimonial/edit/' . $id));
}
$testimonial = Record::findByIdFrom('Testimonial', $id);
$testimonial->setFromData($data);
$testimonial->updated_by_id = AuthUser::getId();
$testimonial->updated_on = date('Y-m-d H:i:s');
if ($testimonial->save()) {
// print_r($_FILES);exit;
/*if (isset($_FILES)) {
if(strlen($_FILES['upload_file']['name'])>0||strlen($_FILES['upload_file_home']['name'])>0){
$overwrite=false;
if(strlen($_FILES['upload_file']['name'])>0){
$file = $this->upload_pdf_file($id, $_FILES['upload_file']['name'], FILES_DIR.'/testimonial/images/', $_FILES['upload_file']['tmp_name'], $overwrite);
}
if(strlen($_FILES['upload_file_home']['name'])>0){
$file2 = $this->upload_pdf_file2($id, $_FILES['upload_file_home']['name'], FILES_DIR.'/testimonial/home/', $_FILES['upload_file_home']['tmp_name'], $overwrite);
}
if ($file === false||$file2 === false)
Flash::set('error', __('File has not been uploaded!'));
redirect(get_url('testimonial/edit/'.$id));
}
}*/
Flash::set('success', __('Testimonial has been saved!'));
Observer::notify('testimonial_after_edit', $testimonial->name);
} else {
Flash::set('error', __('Testimonial has not been saved1!'));
}
// save and quit or save and continue editing?
if (isset($_POST['commit'])) {
redirect(get_url('testimonial'));
} else {
redirect(get_url('testimonial/edit/' . $id));
}
}
?>
</td>
<td><?php
echo $room->updated_on === NULL ? '' : date("d-M-Y", strtotime($room->updated_on));
?>
</td>-->
<td>
<a href="<?php
echo get_url('room/edit/' . $room->id);
?>
"><img src="<?php
echo URL_PUBLIC;
?>
wolf/admin/images/icon-edit.gif" alt="edit icon" /></a>
<a href="<?php
echo get_url('room/delete/' . $room->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'room/delete/' . $room->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete room : ') . ' ' . $room->name . '?';
?>
');"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" alt="<?php
echo __('delete room');
?>
" title="<?php
echo __('Delete room');
?>
" /></a>
</td>
function edit_feature($id)
{
// check if trying to save
if (get_request_method() == 'POST') {
// form submission
$this->_checkPermission();
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'facilities/edit_feature/' . $id)) {
Flash::set('error', __('Invalid CSRF token found!'));
redirect(get_url('facilities/edit_feature/' . $id));
}
} else {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('facilities/edit_feature/' . $id));
}
$data = $_POST['upload'];
$path = str_replace('..', '', $data['path']);
$overwrite = isset($data['overwrite']) ? true : false;
$title = $_POST['title'];
$featureimage = FeatureImage::findById($id);
if (!empty($_FILES['upload_feature_file']['name']) && !file_exists(FILES_DIR . '/facilities/feature/' . $_FILES['upload_feature_file']['tmp_name'])) {
$file = $this->upload_feature_file($featureimage->facilitiesid, $featureimage->id, $title, $_FILES['upload_feature_file']['name'], FILES_DIR . '/facilities/feature/', $_FILES['upload_feature_file']['tmp_name'], $overwrite);
if ($file === false) {
Flash::set('error', __('File has not been uploaded!'));
redirect(get_url('facilities/edit_feature/' . $id));
}
} else {
$featureimage->title = $title;
if (!$featureimage->save()) {
Flash::set('error', __('Feature could not be saved!'));
} else {
Flash::set('success', __('Feature has been saved!'));
}
}
if (isset($_POST['commit'])) {
redirect(get_url('facilities/edit/' . $featureimage->facilitiesid));
} else {
redirect(get_url('facilities/edit_feature/' . $id));
}
} else {
// display edit page
$feature = FeatureImage::findById($id);
$this->display('facilities/edit_feature', array('csrf_token' => SecureToken::generateToken(BASE_URL . 'facilities/edit_feature/' . $id), 'feature' => $feature));
}
}
private function _saveSettings($post, $type)
{
$this->_check("user_config");
// VALIDATE REQUEST
if (!isset($post["token"]) || !SecureToken::validateToken($post["token"], get_url("user/settings/" . $type))) {
$this->errors[] = __("The CSRF Token does not exist or is invalid!");
return false;
}
$settings = $this->_validateSettings($post, $type);
// UPDATE AND REDIRECT
if (!empty($settings)) {
if (Plugin::setAllSettings($settings, "paw_users")) {
$this->_redirect(get_url("user/settings/success#" . $type));
}
}
$this->errors[] = __("An unknown error is occurred!");
return false;
}
echo date("d-M-Y", strtotime($experience->created_on));
?>
</td>
<td><?php
echo $experience->updated_on === NULL ? '' : date("d-M-Y", strtotime($experience->updated_on));
?>
</td>-->
<td>
<a href="<?php
echo get_url('experience/edit/' . $experience->id);
?>
"><img src="<?php
echo URL_PUBLIC;
?>
wolf/admin/images/icon-edit.gif" alt="edit icon" /></a> <a href="<?php
echo get_url('experience/delete/' . $experience->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'experience/delete/' . $experience->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete experience : ') . ' ' . $experience->name . '?';
?>
');"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" alt="<?php
echo __('delete experience');
?>
" title="<?php
echo __('Delete experience');
?>
" /></a>
</td>
<div class="titlebar">
<?php
echo __('Upload file');
?>
<a href="#" class="close"><img src="<?php
echo ICONS_PATH;
?>
action-delete-disabled-16.png"/></a>
</div>
<div class="content">
<form action="<?php
echo get_url('plugin/shopping_cart/upload');
?>
" method="post" enctype="multipart/form-data">
<input id="csrf_token" name="csrf_token" type="hidden" value="<?php
echo SecureToken::generateToken(BASE_URL . 'plugin/shopping_cart/upload');
?>
" />
<input id="upload_overwrite" name="upload[overwrite]" type="checkbox" value="1" /> <label for="upload_overwrite"><small><?php
echo __('overwrite it?');
?>
</small></label><br />
<input id="upload_path" name="upload[path]" type="hidden" value="<?php
echo $dir == '' ? '/' : $dir;
?>
" />
<input id="upload_file" name="upload_file" type="file" />
<input id="upload_file_button" name="commit" type="submit" value="<?php
echo __('Upload');
?>
" />
public function deleteUser($data, $verify)
{
$data = paw_xss_cleaner($data);
$user = $this->_getUser($data);
if (empty($user)) {
$this->_error(__("The User does not exist!"));
return false;
}
// CHECK IF ADMIN
if ($this->permissions->isRole("administrator", $user->id)) {
$this->_error(__("The user is an Administrator and Admins cannot be deleted!"));
return false;
}
// CHECK PERMISSION
if ((int) $this->currentID === (int) $user->id) {
if ($this->config["account_deletion"] == 0) {
$this->_error(__("You cannot delete your own Account, please contact an Administrator!"));
return false;
}
if (!$this->_checkPassword($user, $verify)) {
$this->_error(__("The Password is incorrect!"));
return false;
}
} else {
if ($this->permissions->hasPermission("user_delete")) {
if (!SecureToken::validateToken($verify, get_url("user/delete/" . $user->id . "/" . $this->currentID))) {
$this->_error(__("The CSRF Token does not exist or is invalid!"));
return false;
}
} else {
$this->_error(__("You don't have the Permission to perform this action!"));
return false;
}
}
// DELETE USER ACCOUNT
$query = "DELETE FROM " . TABLE_PREFIX . "user WHERE id=" . $user->id;
if (Record::query($query) !== false) {
Record::query("DELETE FROM " . TABLE_PREFIX . "user_meta WHERE user_id=" . $user->id);
Record::query("DELETE FROM " . TABLE_PREFIX . "user_role WHERE user_id=" . $user->id);
if ((int) $this->currentID === (int) $user->id) {
$this->logout(true);
}
return true;
}
return false;
}
public static function setWidgetSettings($widget, $settings)
{
if (!array_key_exists($widget, self::$widgets)) {
return false;
}
$widget = self::$widgets[$widget];
if (!is_callable($widget["settings_cb"])) {
return false;
}
// CHECK SECURE TOKEN
if (!isset($settings["widget_secure_token"])) {
return false;
}
if (!SecureToken::validateToken($settings["widget_secure_token"], get_url("plugin/dashboard/" . $widget["id"]))) {
return false;
}
// FETCH SETTINGS
$newsettings = array();
foreach ($widget["settings"] as $key => $value) {
if (array_key_exists($key, $settings)) {
$newsettings[$key] = $settings[$key];
} else {
$newsettings[$key] = NULL;
}
}
// SET NEW SETTINGS
$newsettings = call_user_func($widget["settings_cb"], $newsettings, false);
Plugin::setAllSettings($newsettings, "dashboard-" . $widget["id"]);
}
/**
* Saves the edited Snippet.
*
* @todo Merge _edit() and edit()
*
* @param string $id Snippet id.
*/
private function _edit($id)
{
$data = $_POST['snippet'];
$data['id'] = $id;
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'snippet/edit')) {
Flash::set('post_data', (object) $data);
Flash::set('error', __('Invalid CSRF token found!'));
Observer::notify('csrf_token_invalid', AuthUser::getUserName());
redirect(get_url('snippet/edit/' . $id));
}
} else {
Flash::set('post_data', (object) $data);
Flash::set('error', __('No CSRF token found!'));
Observer::notify('csrf_token_not_found', AuthUser::getUserName());
redirect(get_url('snippet/edit/' . $id));
}
$snippet = new Snippet($data);
if (!$snippet->save()) {
Flash::set('post_data', (object) $data);
Flash::set('error', __('Snippet :name has not been saved. Name must be unique!', array(':name' => $snippet->name)));
redirect(get_url('snippet/edit/' . $id));
} else {
Flash::set('success', __('Snippet :name has been saved!', array(':name' => $snippet->name)));
Observer::notify('snippet_after_edit', $snippet);
}
// save and quit or save and continue editing?
if (isset($_POST['commit'])) {
redirect(get_url('snippet'));
} else {
redirect(get_url('snippet/edit/' . $id));
}
}
?>
</label></td>
<td class="field"><input type="text" id="field-label" class="textbox" value="<?php
echo $form["label"];
?>
" readonly /></td>
<td class="help"></td>
</tr>
<tr>
<td class="label"><label><?php
echo __("Delete Item");
?>
</label></td>
<td class="field">
<input type="hidden" name="field[token]" value="<?php
echo SecureToken::generateToken(get_url("user/fields/" . $action));
?>
" />
<input type="hidden" name="field[action]" value="<?php
echo $action;
?>
">
<input type="hidden" name="field[name]" value="<?php
echo $form["name"];
?>
">
<input class="button" name="field[delete]" type="submit" accesskey="s" value="<?php
echo __("Delete Field");
?>
" />
</td>
echo date("d-M-Y", strtotime($dine->created_on));
?>
</td>
<td><?php
echo $dine->updated_on === NULL ? '' : date("d-M-Y", strtotime($dine->updated_on));
?>
</td>-->
<td>
<a href="<?php
echo get_url('dine/edit/' . $dine->id);
?>
"><img src="<?php
echo URL_PUBLIC;
?>
wolf/admin/images/icon-edit.gif" alt="edit icon" /></a> <a href="<?php
echo get_url('dine/delete/' . $dine->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'dine/delete/' . $dine->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete dine : ') . ' ' . $dine->name . '?';
?>
');"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" alt="<?php
echo __('delete dine');
?>
" title="<?php
echo __('Delete dine');
?>
" /></a>
</td>
echo date("d-M-Y", strtotime($event->created_on));
?>
</td>
<td><?php
echo $event->updated_on === NULL ? '' : date("d-M-Y", strtotime($event->updated_on));
?>
</td>-->
<td>
<a href="<?php
echo get_url('event/edit/' . $event->id);
?>
"><img src="<?php
echo URL_PUBLIC;
?>
wolf/admin/images/icon-edit.gif" alt="edit icon" /></a> <a href="<?php
echo get_url('event/delete/' . $event->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'event/delete/' . $event->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete event : ') . ' ' . $event->name . '?';
?>
');"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" alt="<?php
echo __('delete event');
?>
" title="<?php
echo __('Delete event');
?>
" /></a>
</td>
$button = __("Send Remember Mail");
break;
case "remember":
$form = "login/remember";
$title = __("Remember Password");
$button = __("Set new Password");
break;
case "delete":
if ($pawUsers->config["account_deletion"] == 0) {
redirect(get_url("login"));
die;
}
$form = "login/delete";
$title = __("Delete Account");
$button = $title;
$token = SecureToken::generateToken(get_url("login/delete/" . $current));
break;
default:
redirect(get_url("login"));
die;
break;
}
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="utf-8" />
<title><?php
echo $title . " - " . Setting::get("admin_title");
?>
</title>
public function _action($action, $post)
{
global $pawUsers;
// VALIDATE STUFF AND PERFORM ACTION
$post = paw_xss_cleaner($post);
switch ($action) {
case "login":
if (!isset($post["user"]) || empty($post["user"])) {
$this->errors[] = __("You need to enter your Username or eMail address!");
return false;
}
if (!isset($post["password"]) || empty($post["password"])) {
$this->errors[] = __("You need to enter your Password!");
return false;
}
$perform = $pawUsers->login($post["user"], $post["password"], isset($post["remember"]));
break;
case "logout":
if (!isset($post["user"]) || empty($post["user"])) {
$this->errors[] = __("You need to enter your Username or eMail address!");
return false;
}
$current = $pawUsers->getCurrentUserID();
if (!isset($post["token"]) || !SecureToken::validateToken($post["token"], get_url("login/logout/" . $current))) {
$this->_error(__("The CSRF Token does not exist or is invalid!"));
return false;
}
Observer::notify("logout_requested");
$perform = $pawUsers->logout();
break;
case "register":
if (!isset($post["username"]) || empty($post["username"])) {
$this->errors[] = __("You need to enter your Username!");
return false;
}
if (!isset($post["mail"]) || empty($post["mail"])) {
$this->errors[] = __("You need to enter your eMail address!");
return false;
}
if (!isset($post["password"]) || !is_array($post["password"]) || count($post["password"]) !== 2) {
$this->errors[] = __("You need to enter and repeat your Password!");
return false;
}
if (empty($post["password"][0]) || empty($post["password"][1])) {
$this->errors[] = __("You need to enter and repeat your Password!");
return false;
}
$perform = $pawUsers->registration($post["username"], $post["mail"], $post["password"], NULL);
break;
case "activate":
if (!isset($post["code"]) || empty($post["code"])) {
$this->errors[] = __("You need to enter your Activation Code!");
return false;
}
if (!isset($post["user"]) || empty($post["user"])) {
$this->errors[] = __("You need to enter your Username or eMail address!");
return false;
}
if (!isset($post["password"]) || empty($post["password"])) {
$this->errors[] = __("You need to enter your Password!");
return false;
}
$perform = $pawUsers->activateUser($post["user"], $post["code"], $post["password"]);
break;
case "forgot":
if (!isset($post["user"]) || empty($post["user"])) {
$this->errors[] = __("You need to enter your Username or eMail address!");
return false;
}
$perform = $pawUsers->lostPassword($post["user"]);
break;
case "remember":
if (!isset($post["code"]) || empty($post["code"])) {
$this->errors[] = __("You need to enter your Remember-Password Code!");
return false;
}
if (!isset($post["user"]) || empty($post["user"])) {
$this->errors[] = __("You need to enter your Username or eMail address!");
return false;
}
if (!isset($post["password"]) || !is_array($post["password"]) || count($post["password"]) !== 2) {
$this->errors[] = __("You need to enter and repeat your new Password!");
return false;
}
if (empty($post["password"][0]) || empty($post["password"][1])) {
$this->errors[] = __("You need to enter and repeat your new Password!");
return false;
}
$perform = $pawUsers->rememberPassword($post["user"], $post["code"], $post["password"]);
break;
case "delete":
if (!isset($post["user"]) || empty($post["user"])) {
$this->errors[] = __("You need to enter your Username or eMail address!");
return false;
}
if (!isset($post["password"]) || empty($post["password"])) {
$this->errors[] = __("You need to enter your Password!");
return false;
}
$current = $pawUsers->getCurrentUserID();
if (!isset($post["token"]) || !SecureToken::validateToken($post["token"], get_url("login/delete/" . $current))) {
$this->_error(__("The CSRF Token does not exist or is invalid!"));
return false;
}
$perform = $pawUsers->deleteUser($post["user"], $post["password"]);
break;
default:
$this->errors(__("Unkown Action!"));
return false;
break;
}
// RETURN
if ($perform === true) {
if ($action === "logout") {
setcookie("expanded_rows", "", time() - 3600);
setcookie("meta_tab", "", time() - 3600);
setcookie("page_tab", "", time() - 3600);
Observer::notify("admin_after_logout", $post["user"]);
} else {
Observer::notify("admin_" . $action . "_success", $post["user"]);
}
return true;
}
if (!isset($post["user"]) && isset($post["username"])) {
$post["user"] = $post["username"];
}
if (isset($post["user"])) {
Observer::notify("admin_" . $action . "_failed", $post["user"]);
}
$this->errors = $pawUsers->errors;
return false;
}
echo __("Delete User");
?>
" />
</td>
<td class="help"></td>
</tr>
</table>
</div>
</form>
<?php
} else {
if ($action === "activate") {
?>
<?php
$url = get_url("user/activate/" . $form["id"] . "/" . $pawUsers->getCurrentUserID());
$token = SecureToken::generateToken($url);
?>
<form id="<?php
echo $action;
?>
-user-form" method="post" action="<?php
echo get_url("user/save/" . $action . "/" . $form["id"]);
?>
">
<div id="admin-area" class="form-area <?php
echo $action;
?>
-user-form">
<table class="fieldset">
<tr>
<td class="label"><label for="user-username"><?php
public function rename()
{
if (!AuthUser::hasPermission('file_manager_rename')) {
Flash::set('error', __('You do not have sufficient permissions to rename this file or directory.'));
redirect(get_url('plugin/file_manager/browse/'));
}
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'plugin/file_manager/rename')) {
Flash::set('error', __('Invalid CSRF token found!'));
redirect(get_url('plugin/file_manager/browse/'));
}
} else {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('plugin/file_manager/browse/'));
}
$data = $_POST['file'];
$data['current_name'] = str_replace('..', '', $data['current_name']);
$data['new_name'] = str_replace('..', '', $data['new_name']);
// Clean filenames
$data['new_name'] = preg_replace('/ /', '_', $data['new_name']);
$data['new_name'] = preg_replace('/[^a-z0-9_\\-\\.]/i', '', $data['new_name']);
$path = substr($data['current_name'], 0, strrpos($data['current_name'], '/'));
$file = FILES_DIR . '/' . $data['current_name'];
// Check if trying to rename to php file (.php / .php3 etc)
$ext = strtolower(pathinfo($data['new_name'], PATHINFO_EXTENSION));
if (in_array($ext, ['php', 'php3', 'php4', 'inc'])) {
Flash::set('error', __('Not allowed to rename to :ext', $ext));
redirect(get_url('plugin/file_manager/browse/' . $path));
}
// Check another file doesn't already exist with same name
if (file_exists(FILES_DIR . '/' . $path . '/' . $data['new_name'])) {
Flash::set('error', __('A file or directory with that name already exists!'));
redirect(get_url('plugin/file_manager/browse/' . $path));
}
if (file_exists($file)) {
if (!rename($file, FILES_DIR . '/' . $path . '/' . $data['new_name'])) {
Flash::set('error', __('Permission denied!'));
}
} else {
Flash::set('error', __('File or directory not found!' . $file));
}
redirect(get_url('plugin/file_manager/browse/' . $path));
}
/**
* Runs checks and stores a page.
*
* @param string $action What kind of action this is: add or edit.
* @param mixed $id Page to edit if any.
*/
private function _store($action, $id = false)
{
// Sanity checks
if ($action == 'edit' && !$id) {
throw new Exception('Trying to edit page when $id is false.');
}
use_helper('Validate');
$data = $_POST['page'];
$data['is_protected'] = !empty($data['is_protected']) ? 1 : 0;
Flash::set('post_data', (object) $data);
// Add pre-save checks here
$errors = false;
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'page/' . $action)) {
$errors[] = __('Invalid CSRF token found!');
}
} else {
$errors[] = __('No CSRF token found!');
}
$data['title'] = trim($data['title']);
if (empty($data['title'])) {
$errors[] = __('You have to specify a title!');
}
$data['slug'] = trim($data['slug']);
if (empty($data['slug']) && $id != '1') {
$errors[] = __('You have to specify a slug!');
} else {
if ($data['slug'] == ADMIN_DIR) {
$errors[] = __('You cannot have a slug named :slug!', array(':slug' => ADMIN_DIR));
}
if (!Validate::slug($data['slug']) && (!empty($data['slug']) && $id == '1')) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'slug'));
}
}
// Check all numerical fields for a page
$fields = array('parent_id', 'layout_id', 'needs_login');
foreach ($fields as $field) {
if (!Validate::digit($data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
}
// Check all date fields for a page
$fields = array('created_on', 'published_on', 'valid_until');
foreach ($fields as $field) {
if (isset($data[$field])) {
$data[$field] = trim($data[$field]);
if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/D', (string) $data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
}
}
// Check all time fields for a page
$fields = array('created_on_time', 'published_on_time', 'valid_until_time');
foreach ($fields as $field) {
if (isset($data[$field])) {
$data[$field] = trim($data[$field]);
if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{2}:[0-9]{2}:[0-9]{2}$/D', (string) $data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
}
}
// Check alphanumerical fields
$fields = array('keywords', 'description');
foreach ($fields as $field) {
use_helper('Kses');
$data[$field] = kses(trim($data[$field]), array());
/*
if (!empty($data[$field]) && !Validate::alpha_comma($data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
*
*/
}
// Check behaviour_id field
if (!empty($data['behaviour_id']) && !Validate::slug($data['behaviour_id'])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'behaviour_id'));
}
// Make sure the title doesn't contain HTML
if (Setting::get('allow_html_title') == 'off') {
use_helper('Kses');
$data['title'] = kses(trim($data['title']), array());
}
// Create the page object to be manipulated and populate data
if ($action == 'add') {
$page = new Page($data);
} else {
$page = Record::findByIdFrom('Page', $id);
$page->setFromData($data);
}
// Upon errors, rebuild original page and return to screen with errors
if (false !== $errors) {
$tags = $_POST['page_tag'];
// Rebuild time fields
if (isset($page->created_on)) {
$page->created_on = $page->created_on . ' ' . $page->created_on_time;
}
if (isset($page->published_on)) {
$page->published_on = $page->published_on . ' ' . $page->published_on_time;
}
if (isset($page->valid_until)) {
$page->valid_until = $page->valid_until . ' ' . $page->valid_until_time;
}
// Rebuild parts
$part = $_POST['part'];
if (!empty($part)) {
$tmp = false;
foreach ($part as $key => $val) {
$tmp[$key] = (object) $val;
}
$part = $tmp;
}
// Set the errors to be displayed.
Flash::setNow('error', implode('<br/>', $errors));
// display things ...
$this->setLayout('backend');
$this->display('page/edit', array('action' => $action, 'csrf_token' => SecureToken::generateToken(BASE_URL . 'page/' . $action), 'page' => (object) $page, 'tags' => $tags, 'filters' => Filter::findAll(), 'behaviors' => Behavior::findAll(), 'page_parts' => (object) $part, 'layouts' => Record::findAllFrom('Layout')));
}
// Notify
if ($action == 'add') {
Observer::notify('page_add_before_save', $page);
} else {
Observer::notify('page_edit_before_save', $page);
}
// Time to actually save the page
// @todo rebuild this so parts are already set before save?
// @todo determine lazy init impact
if ($page->save()) {
// Get data for parts of this page
$data_parts = $_POST['part'];
Flash::set('post_parts_data', (object) $data_parts);
if ($action == 'edit') {
$old_parts = PagePart::findByPageId($id);
// check if all old page part are passed in POST
// if not ... we need to delete it!
foreach ($old_parts as $old_part) {
$not_in = true;
foreach ($data_parts as $part_id => $data) {
$data['name'] = trim($data['name']);
if ($old_part->name == $data['name']) {
$not_in = false;
// this will not really create a new page part because
// the id of the part is passed in $data
$part = new PagePart($data);
$part->page_id = $id;
Observer::notify('part_edit_before_save', $part);
$part->save();
Observer::notify('part_edit_after_save', $part);
unset($data_parts[$part_id]);
break;
}
}
if ($not_in) {
$old_part->delete();
}
}
}
// add the new parts
foreach ($data_parts as $data) {
$data['name'] = trim($data['name']);
$part = new PagePart($data);
$part->page_id = $page->id;
Observer::notify('part_add_before_save', $part);
$part->save();
Observer::notify('part_add_after_save', $part);
}
// save tags
$page->saveTags($_POST['page_tag']['tags']);
Flash::set('success', __('Page has been saved!'));
} else {
Flash::set('error', __('Page has not been saved!'));
$url = 'page/';
$url .= $action == 'edit' ? 'edit/' . $id : 'add/';
redirect(get_url($url));
}
if ($action == 'add') {
Observer::notify('page_add_after_save', $page);
} else {
Observer::notify('page_edit_after_save', $page);
}
// save and quit or save and continue editing ?
if (isset($_POST['commit'])) {
redirect(get_url('page'));
} else {
redirect(get_url('page/edit/' . $page->id));
}
}
public function delete($id)
{
if (!AuthUser::hasPermission('user_delete')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}
// Sanity checks
use_helper('Validate');
if (!Validate::numeric($id)) {
Flash::set('error', __('Invalid input found!'));
redirect(get_url());
}
// CSRF checks
if (isset($_GET['csrf_token'])) {
$csrf_token = $_GET['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'user/delete/' . $id)) {
Flash::set('error', __('Invalid CSRF token found!'));
redirect(get_url('user'));
}
} else {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('user'));
}
// security (dont delete the first admin)
if ($id > 1) {
// find the user to delete
if ($user = Record::findByIdFrom('User', $id)) {
if ($user->delete()) {
Flash::set('success', __('User <strong>:name</strong> has been deleted!', array(':name' => $user->name)));
Observer::notify('user_after_delete', $user->name);
} else {
Flash::set('error', __('User <strong>:name</strong> has not been deleted!', array(':name' => $user->name)));
}
} else {
Flash::set('error', __('User not found!'));
}
} else {
Flash::set('error', __('Action disabled!'));
}
redirect(get_url('user'));
}
</small>
</td>
<td><?php
echo $user->email;
?>
</td>
<td><?php
echo implode(', ', $user->roles());
?>
</td>
<td>
<?php
if ($user->id > 1) {
?>
<a href="<?php
echo get_url('user/delete/' . $user->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'user/delete/' . $user->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete') . ' ' . $user->name . '?';
?>
');"><img src="<?php
echo PATH_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" alt="<?php
echo __('delete user icon');
?>
" title="<?php
echo __('Delete user');
?>
" /></a>
<?php
/**
* @todo merge _add() and _edit() into one _store()
*
* @param <type> $id
*/
private function _edit($id)
{
use_helper('Validate');
$data = $_POST['user'];
Flash::set('post_data', (object) $data);
// Add pre-save checks here
$errors = false;
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'user/edit')) {
Flash::set('error', __('Invalid CSRF token found!'));
redirect(get_url('user/edit/' . $id));
}
} else {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('user/edit/' . $id));
}
// check if user want to change the password
if (strlen($data['password']) > 0) {
// check if pass and confirm are egal and >= 5 chars
if (strlen($data['password']) >= 5 && $data['password'] == $data['confirm']) {
unset($data['confirm']);
} else {
Flash::set('error', __('Password and Confirm are not the same or too small!'));
redirect(get_url('user/edit/' . $id));
}
} else {
unset($data['password'], $data['confirm']);
}
// Check alphanumerical fields
$fields = array('username');
foreach ($fields as $field) {
if (!empty($data[$field]) && !Validate::alphanum_space($data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
}
if (!empty($data['name']) && !Validate::alphanum_space($data['name'], true)) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'name'));
}
if (!empty($data['email']) && !Validate::email($data['email'])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'email'));
}
if (!empty($data['language']) && !Validate::alpha($data['language'])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'language'));
}
if ($errors !== false) {
// Set the errors to be displayed.
Flash::set('error', implode('<br/>', $errors));
redirect(get_url('user/edit/' . $id));
}
$user = Record::findByIdFrom('User', $id);
if (isset($data['password'])) {
if (empty($user->salt)) {
$user->salt = AuthUser::generateSalt();
}
$data['password'] = AuthUser::generateHashedPassword($data['password'], $user->salt);
}
$user->setFromData($data);
if ($user->save()) {
if (AuthUser::hasPermission('user_edit')) {
// now we need to add permissions
$data = isset($_POST['user_permission']) ? $_POST['user_permission'] : array();
UserRole::setPermissionsFor($user->id, $data);
}
Flash::set('success', __('User has been saved!'));
Observer::notify('user_after_edit', $user->name);
} else {
Flash::set('error', __('User has not been saved!'));
}
if (AuthUser::getId() == $id) {
redirect(get_url('user/edit/' . $id));
} else {
redirect(get_url('user'));
}
}
"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/plus.png" align="middle" title="<?php
echo __('Add child');
?>
" alt="<?php
echo __('Add child');
?>
" /></a>
<!-- //For about page okstmtcc -->
<?php
if ((!$child->is_protected || AuthUser::hasPermission('page_delete')) && $child->id != 4) {
?>
<a class="remove" href="<?php
echo get_url('page/delete/' . $child->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'page/delete/' . $child->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete');
?>
<?php
echo $child->title;
?>
<?php
echo __('and its underlying pages');
?>
?');"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" align="middle" alt="<?php
echo __('Remove page');
/**
* @todo Merge _add() and _edit() into one _store()
*
* @param <type> $id
*/
function _edit($id)
{
$layout = Record::findByIdFrom('Layout', $id);
$layout->setFromData($_POST['layout']);
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'layout/edit')) {
Flash::set('error', __('Invalid CSRF token found!'));
redirect(get_url('layout/edit/' . $id));
}
} else {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('layout/edit/' . $id));
}
if (!$layout->save()) {
Flash::set('error', __('Layout has not been saved. Name must be unique!'));
redirect(get_url('layout/edit/' . $id));
} else {
Flash::set('success', __('Layout has been saved!'));
Observer::notify('layout_after_edit', $layout);
}
// save and quit or save and continue editing?
if (isset($_POST['commit'])) {
redirect(get_url('layout'));
} else {
redirect(get_url('layout/edit/' . $id));
}
}
echo date("d-M-Y", strtotime($attraction->created_on));
?>
</td>
<td><?php
echo $attraction->updated_on === NULL ? '' : date("d-M-Y", strtotime($attraction->updated_on));
?>
</td>-->
<td>
<a href="<?php
echo get_url('attraction/edit/' . $attraction->id);
?>
"><img src="<?php
echo URL_PUBLIC;
?>
wolf/admin/images/icon-edit.gif" alt="edit icon" /></a> <a href="<?php
echo get_url('attraction/delete/' . $attraction->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'attraction/delete/' . $attraction->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete attraction : ') . ' ' . $attraction->name . '?';
?>
');"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" alt="<?php
echo __('delete attraction');
?>
" title="<?php
echo __('Delete attraction');
?>
" /></a>
</td>
<div class="titlebar">
<?php
echo __('Upload file');
?>
<a href="#" class="close"><img src="<?php
echo ICONS_PATH;
?>
action-delete-disabled-16.png"/></a>
</div>
<div class="content">
<form action="<?php
echo get_url('plugin/file_manager/upload');
?>
" method="post" enctype="multipart/form-data">
<input id="csrf_token" name="csrf_token" type="hidden" value="<?php
echo SecureToken::generateToken(BASE_URL . 'plugin/file_manager/upload');
?>
" />
<input id="upload_overwrite" name="upload[overwrite]" type="checkbox" value="1" /> <label for="upload_overwrite"><small><?php
echo __('overwrite it?');
?>
</small></label><br />
<input id="upload_path" name="upload[path]" type="hidden" value="<?php
echo $dir == '' ? '/' : $dir;
?>
" />
<input id="upload_file" name="upload_file" type="file" />
<input id="upload_file_button" name="commit" type="submit" value="<?php
echo __('Upload');
?>
" />
?>
"><?php
echo AuthUser::getRecord()->name;
?>
</a>
<span class="separator"> | </span>
<a id="site-view-link" href="<?php
echo URL_PUBLIC;
?>
" target="_blank"><?php
echo __('View Site');
?>
</a>
<span class="separator"> | </span>
<a href="<?php
echo get_url('login/logout' . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'login/logout'));
?>
"><?php
echo __('Log Out');
?>
</a>
</p>
</div>
<!-- Overwrite tab function to text indent in textarea -->
<script>
$.fn.getTab = function () {
this.keydown(function (e) {
if (e.keyCode === 9) {
var val = this.value,
start = this.selectionStart,
/**
* Runs checks and stores a page.
*
* @param string $action What kind of action this is: add or edit.
* @param mixed $id Page to edit if any.
*/
private function _store($action, $id = false)
{
// Sanity checks
if ($action == 'edit' && !$id) {
throw new Exception('Trying to edit page when $id is false.');
}
use_helper('Validate');
$data = $_POST['page'];
$data['is_protected'] = !empty($data['is_protected']) ? 1 : 0;
Flash::set('post_data', (object) $data);
$pagesetting = array();
//For homepage info & about page info okstmtcc
if ($id == 1 || $id == 4) {
$upload = $_POST['upload'];
$pagesetting = $_POST['pagesetting'];
//Flash::set('post_settingdata', (object) $pagesetting);
}
// Add pre-save checks here
$errors = false;
$error_fields = false;
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
$csrf_id = '';
if ($action === 'edit') {
$csrf_id = '/' . $id;
}
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'page/' . $action . $csrf_id)) {
$errors[] = __('Invalid CSRF token found!');
}
} else {
$errors[] = __('No CSRF token found!');
}
$data['title'] = trim($data['title']);
if (empty($data['title'])) {
$error_fields[] = __('Page Title');
}
/** homepage setting check okstmtcc **/
if ($id == 1) {
/** homepage page title **/
if (empty($pagesetting['homepage_discover_title'])) {
$error_fields[] = __('Homepage Title');
}
if (empty($pagesetting['homepage_discover_teaser'])) {
$error_fields[] = __('Homepage Teaser');
}
/** highlight 1 **/
// if (empty($pagesetting['highlight_title'])){
// $error_fields[] = __('Highlight 1´s Title');
// }
// if (empty($pagesetting['highlight_text1'])){
// $error_fields[] = __('Highlight 1´s Text 1');
// }
// if (empty($pagesetting['highlight_url'])){
// $error_fields[] = __('Highlight 1´s Read More URL');
// }
// $pagesetting_ori = PageSetting::init();
// if (isset($_FILES)) {
// if(empty($_FILES['upload_highlight_image']['name'])){
// $pagesetting['highlight_image'] = $pagesetting_ori->highlight_image;
// } else {
// $pagesetting['highlight_image'] = $_FILES['upload_highlight_image']['name'];
// }
// } else {
// $pagesetting['highlight_image'] = $pagesetting_ori->highlight_image;
// }
// if (empty($pagesetting['highlight_image'])){
// $error_fields[] = __('Highlight 1´s Image');
// }
// /** highlight 2 **/
// if (empty($pagesetting['highlight2_title'])){
// $error_fields[] = __('Highlight 2´s Title');
// }
// if (empty($pagesetting['highlight2_text1'])){
// $error_fields[] = __('Highlight 2´s Text 1');
// }
// if (empty($pagesetting['highlight2_url'])){
// $error_fields[] = __('Highlight 2´s Read More URL');
// }
// if (isset($_FILES)) {
// if(empty($_FILES['upload_highlight2_image']['name'])){
// $pagesetting['highlight2_image'] = $pagesetting_ori->highlight2_image;
// } else {
// $pagesetting['highlight2_image'] = $_FILES['upload_highlight2_image']['name'];
// }
// } else {
// $pagesetting['highlight2_image'] = $pagesetting_ori->highlight2_image;
// }
// if (empty($pagesetting['highlight2_image'])){
// $error_fields[] = __('Highlight 2´s Image');
// }
// if (isset($_FILES)) {
// if(empty($_FILES['upload_newdev_image']['name'])){
// $pagesetting['newdev_image'] = $pagesetting_ori->newdev_image;
// } else {
// $pagesetting['newdev_image'] = $_FILES['upload_newdev_image']['name'];
// }
// } else {
// $pagesetting['newdev_image'] = $pagesetting_ori->newdev_image;
// }
// if (empty($pagesetting['newdev_image'])){
// $error_fields[] = __('New Development Image');
// }
}
/** homepage setting check okstmtcc **/
$data['slug'] = !empty($data['slug']) ? trim($data['slug']) : '';
if (empty($data['slug']) && $id != '1') {
$error_fields[] = __('Slug');
} else {
if ($data['slug'] == ADMIN_DIR) {
$errors[] = __('You cannot have a slug named :slug!', array(':slug' => ADMIN_DIR));
}
if (!Validate::slug($data['slug']) && (!empty($data['slug']) && $id == '1')) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'slug'));
}
}
// Check all numerical fields for a page
$fields = array('parent_id', 'layout_id', 'needs_login');
foreach ($fields as $field) {
if (!Validate::digit($data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
}
// Check all date fields for a page
$fields = array('created_on', 'published_on', 'valid_until');
foreach ($fields as $field) {
if (isset($data[$field])) {
$data[$field] = trim($data[$field]);
if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/D', (string) $data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
}
}
// Check all time fields for a page
$fields = array('created_on_time', 'published_on_time', 'valid_until_time');
foreach ($fields as $field) {
if (isset($data[$field])) {
$data[$field] = trim($data[$field]);
if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{2}:[0-9]{2}:[0-9]{2}$/D', (string) $data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
}
}
// Check alphanumerical fields
$fields = array('keywords', 'description');
foreach ($fields as $field) {
use_helper('Kses');
$data[$field] = kses(trim($data[$field]), array());
/*
if (!empty($data[$field]) && !Validate::alpha_comma($data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
*
*/
}
// Check behaviour_id field
if (!empty($data['behaviour_id']) && !Validate::slug($data['behaviour_id'])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'behaviour_id'));
}
// Make sure the title doesn't contain HTML
if (Setting::get('allow_html_title') == 'off') {
use_helper('Kses');
$data['title'] = kses(trim($data['title']), array());
}
// Create the page object to be manipulated and populate data
if ($action == 'add') {
$page = new Page($data);
} else {
$page = Record::findByIdFrom('Page', $id);
$page->setFromData($data);
}
// Upon errors, rebuild original page and return to screen with errors
if (false !== $errors || $error_fields !== false) {
$tags = $_POST['page_tag'];
// Rebuild time fields
if (isset($page->created_on) && isset($page->created_on_time)) {
$page->created_on = $page->created_on . ' ' . $page->created_on_time;
}
if (isset($page->published_on) && isset($page->published_on_time)) {
$page->published_on = $page->published_on . ' ' . $page->published_on_time;
}
if (isset($page->valid_until)) {
$page->valid_until = $page->valid_until . ' ' . $page->valid_until_time;
}
// Rebuild parts
$part = '';
if (!empty($_POST['part'])) {
$part = $_POST['part'];
$tmp = false;
foreach ($part as $key => $val) {
$tmp[$key] = (object) $val;
}
$part = $tmp;
}
// Set the errors to be displayed.
$err_msg = $errors != false ? implode('<br/>', $errors) : '';
$err_msg .= $error_fields != false ? '<br />Please specify these fields: ' . implode(', ', $error_fields) : '';
Flash::setNow('error', $err_msg);
//$settingdata = 'aaa';
// display things ...
$this->setLayout('backend');
$pagesettingobj = new stdClass();
foreach ($pagesetting as $name => $value) {
$pagesettingobj->{$name} = $value;
}
$this->display('page/edit', array('action' => $action, 'csrf_token' => SecureToken::generateToken(BASE_URL . 'page/' . $action), 'page' => (object) $page, 'pagesetting' => $pagesettingobj, 'tags' => $tags, 'filters' => Filter::findAll(), 'behaviors' => Behavior::findAll(), 'page_parts' => $part, 'layouts' => Record::findAllFrom('Layout')));
}
// Notify
if ($action == 'add') {
Observer::notify('page_add_before_save', $page);
} else {
Observer::notify('page_edit_before_save', $page);
}
// Time to actually save the page
// @todo rebuild this so parts are already set before save?
// @todo determine lazy init impact
$page->newwindow = !empty($data['newwindow']) ? '1' : '0';
if ($page->save()) {
// Get data for parts of this page
$data_parts = $_POST['part'];
Flash::set('post_parts_data', (object) $data_parts);
if ($action == 'edit') {
$old_parts = PagePart::findByPageId($id);
// check if all old page part are passed in POST
// if not ... we need to delete it!
foreach ($old_parts as $old_part) {
$not_in = true;
foreach ($data_parts as $part_id => $data) {
$data['name'] = trim($data['name']);
if ($old_part->name == $data['name']) {
$not_in = false;
// this will not really create a new page part because
// the id of the part is passed in $data
$part = new PagePart($data);
$part->page_id = $id;
Observer::notify('part_edit_before_save', $part);
$part->save();
Observer::notify('part_edit_after_save', $part);
unset($data_parts[$part_id]);
break;
}
}
if ($not_in) {
$old_part->delete();
}
}
}
// add the new parts
foreach ($data_parts as $data) {
$data['name'] = trim($data['name']);
$part = new PagePart($data);
$part->page_id = $page->id;
Observer::notify('part_add_before_save', $part);
$part->save();
Observer::notify('part_add_after_save', $part);
}
// save tags
$page->saveTags($_POST['page_tag']['tags']);
// save homepage banner info okstmtcc
if ($id == 1) {
// upload home banner image 1, 2
if (isset($_FILES) && !empty($_FILES['upload_banner_image1']['name'])) {
//okstmtcc 20150827 Replace image filename spaces
$_FILES['upload_banner_image1']['name'] = str_replace(array(" ", "(", ")"), array("_", "", ""), $_FILES['upload_banner_image1']['name']);
$file = $this->upload_file($_FILES['upload_banner_image1']['name'], FILES_DIR . '/pagesetting/images/', $_FILES['upload_banner_image1']['tmp_name'], $overwrite);
if ($file === false) {
Flash::set('error', __('Home banner could not be uploaded!'));
redirect(get_url('page/edit/1'));
} else {
$pagesetting['banner_image1'] = $file;
}
}
if (isset($_FILES) && !empty($_FILES['upload_banner_image2']['name'])) {
//okstmtcc 20150827 Replace image filename spaces
$_FILES['upload_banner_image2']['name'] = str_replace(array(" ", "(", ")"), array("_", "", ""), $_FILES['upload_banner_image2']['name']);
$file = $this->upload_file($_FILES['upload_banner_image2']['name'], FILES_DIR . '/pagesetting/images/', $_FILES['upload_banner_image2']['tmp_name'], $overwrite);
if ($file === false) {
Flash::set('error', __('Home banner could not be uploaded!'));
redirect(get_url('page/edit/1'));
} else {
$pagesetting['banner_image2'] = $file;
}
}
PageSetting::saveFromData($pagesetting);
}
// save homepage banner info okstmtcc
// save about banner info okstmtcc
if ($id == 4) {
// upload about page image 1
if (isset($_FILES) && !empty($_FILES['upload_about_image1']['name'])) {
//okstmtcc 20150827 Replace image filename spaces
$_FILES['upload_about_image1']['name'] = str_replace(array(" ", "(", ")"), array("_", "", ""), $_FILES['upload_about_image1']['name']);
$file = $this->upload_file($_FILES['upload_about_image1']['name'], FILES_DIR . '/pagesetting/images/', $_FILES['upload_about_image1']['tmp_name'], $overwrite);
if ($file === false) {
Flash::set('error', __('Home banner could not be uploaded!'));
redirect(get_url('page/edit/1'));
} else {
$pagesetting['about_image1'] = $file;
}
}
PageSetting::saveFromData($pagesetting);
}
// save about banner info okstmtcc
Flash::set('success', __('Page has been saved.'));
} else {
Flash::set('error', __('Page has not been saved!'));
$url = 'page/';
$url .= $action == 'edit' ? 'edit/' . $id : 'add/';
redirect(get_url($url));
}
if ($action == 'add') {
Observer::notify('page_add_after_save', $page);
} else {
Observer::notify('page_edit_after_save', $page);
}
// save and quit or save and continue editing ?
if (isset($_POST['commit'])) {
redirect(get_url('page'));
} else {
redirect(get_url('page/edit/' . $page->id));
}
}
