/**
* Calls save function or displays settings screen.
*/
public final function index()
{
// check if trying to save
if (get_request_method() == 'POST') {
$this->_save();
}
$this->display('setting/index', array('csrf_token' => SecureToken::generateToken(BASE_URL . 'setting')));
}
public function renderDashboard()
{
$grid = $this->settings["grid-size"];
?>
<div class="wolf-dashboard-settings">
<div class="wolf-dashboard-settings-container">
<div class="wolf-dashboard-settings-label" data-text="<?php
echo __("Hide Settings");
?>
"><?php
echo __("Show Settings");
?>
</div>
<div class="wolf-dashboard-settings-content">
<div class="wolf-dashboard-form-group">
<b><?php
echo __("Dashboard Widgets");
?>
</b>
<div class="wolf-dashboard-form-group-input">
<?php
foreach (DashboardWidgets::$widgets as $key => $widget) {
$check = "";
if (array_key_exists($key, $this->settings["widget-position"])) {
$check = " checked";
}
?>
<label><input type="checkbox" name="dashboard-widget" value="<?php
echo $key;
?>
" <?php
echo $check;
?>
/> <?php
echo $widget["title"];
?>
</label>
<?php
}
?>
</div>
</div>
<div class="wolf-dashboard-form-group wolf-dashboard-form-left">
<b><?php
echo __("Grid Size");
?>
</b>
<div class="wolf-dashboard-form-group-input">
<label>
<input type="radio" name="dashboard-grid-size" value="2" <?php
if ($this->settings["grid-size"] == 2) {
echo "checked";
}
?>
/>
2 <?php
echo __("Parts");
?>
</label>
<label>
<input type="radio" name="dashboard-grid-size" value="3" <?php
if ($this->settings["grid-size"] == 3) {
echo "checked";
}
?>
/>
3 <?php
echo __("Parts");
?>
</label>
</div>
</div>
</div>
</div>
</div>
<div class="wolf-dashboard-container">
<div id="wolf-dashboard" class="wolf-dashboard wolf-dashboard-grid-<?php
echo $grid;
?>
" data-grid="<?php
echo $grid;
?>
">
<?php
for ($i = 1; $i <= $grid; $i++) {
?>
<div id="wolf-dashboard-part-<?php
echo $i;
?>
" class="wolf-dashboard-part wolf-dashboard-part-<?php
echo $i;
?>
">
<?php
foreach (DashboardWidgets::getWidgets($i, $grid) as $widget) {
$this->renderWidget($widget);
}
?>
</div>
<?php
}
?>
</div>
</div>
<div class="wolf-dashboard-footer">
<input type="hidden" name="dashboard_url" value="<?php
echo get_url("plugin/dashboard/ajax");
?>
" />
<input type="hidden" name="dashboard_token" value="<?php
echo SecureToken::generateToken(get_url("plugin/dashboard"));
?>
" />
</div>
<?php
}
echo date("d-M-Y", strtotime($testimonial->created_on));
?>
</td>
<td><?php
echo $testimonial->updated_on === NULL ? '' : date("d-M-Y", strtotime($testimonial->updated_on));
?>
</td>-->
<td>
<a href="<?php
echo get_url('testimonial/edit/' . $testimonial->id);
?>
"><img src="<?php
echo URL_PUBLIC;
?>
wolf/admin/images/icon-edit.gif" alt="edit icon" /></a> <a href="<?php
echo get_url('testimonial/delete/' . $testimonial->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'testimonial/delete/' . $testimonial->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete testimonial : ') . ' ' . $testimonial->name . '?';
?>
');"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" alt="<?php
echo __('delete testimonial');
?>
" title="<?php
echo __('Delete testimonial');
?>
" /></a>
</td>
"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/plus.png" align="middle" title="<?php
echo __('Add child');
?>
" alt="<?php
echo __('Add child');
?>
" /></a>
<!-- //For about page okstmtcc -->
<?php
if ((!$child->is_protected || AuthUser::hasPermission('page_delete')) && $child->id != 4) {
?>
<a class="remove" href="<?php
echo get_url('page/delete/' . $child->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'page/delete/' . $child->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete');
?>
<?php
echo $child->title;
?>
<?php
echo __('and its underlying pages');
?>
?');"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" align="middle" alt="<?php
echo __('Remove page');
</small>
</td>
<td><?php
echo $user->email;
?>
</td>
<td><?php
echo implode(', ', $user->roles());
?>
</td>
<td>
<?php
if ($user->id > 1) {
?>
<a href="<?php
echo get_url('user/delete/' . $user->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'user/delete/' . $user->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete') . ' ' . $user->name . '?';
?>
');"><img src="<?php
echo PATH_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" alt="<?php
echo __('delete user icon');
?>
" title="<?php
echo __('Delete user');
?>
" /></a>
<?php
/**
* Runs checks and stores a page.
*
* @param string $action What kind of action this is: add or edit.
* @param mixed $id Page to edit if any.
*/
private function _store($action, $id = false)
{
// Sanity checks
if ($action == 'edit' && !$id) {
throw new Exception('Trying to edit page when $id is false.');
}
use_helper('Validate');
$data = $_POST['page'];
$data['is_protected'] = !empty($data['is_protected']) ? 1 : 0;
Flash::set('post_data', (object) $data);
// Add pre-save checks here
$errors = false;
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'page/' . $action)) {
$errors[] = __('Invalid CSRF token found!');
}
} else {
$errors[] = __('No CSRF token found!');
}
$data['title'] = trim($data['title']);
if (empty($data['title'])) {
$errors[] = __('You have to specify a title!');
}
$data['slug'] = trim($data['slug']);
if (empty($data['slug']) && $id != '1') {
$errors[] = __('You have to specify a slug!');
} else {
if ($data['slug'] == ADMIN_DIR) {
$errors[] = __('You cannot have a slug named :slug!', array(':slug' => ADMIN_DIR));
}
if (!Validate::slug($data['slug']) && (!empty($data['slug']) && $id == '1')) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'slug'));
}
}
// Check all numerical fields for a page
$fields = array('parent_id', 'layout_id', 'needs_login');
foreach ($fields as $field) {
if (!Validate::digit($data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
}
// Check all date fields for a page
$fields = array('created_on', 'published_on', 'valid_until');
foreach ($fields as $field) {
if (isset($data[$field])) {
$data[$field] = trim($data[$field]);
if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/D', (string) $data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
}
}
// Check all time fields for a page
$fields = array('created_on_time', 'published_on_time', 'valid_until_time');
foreach ($fields as $field) {
if (isset($data[$field])) {
$data[$field] = trim($data[$field]);
if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{2}:[0-9]{2}:[0-9]{2}$/D', (string) $data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
}
}
// Check alphanumerical fields
$fields = array('keywords', 'description');
foreach ($fields as $field) {
use_helper('Kses');
$data[$field] = kses(trim($data[$field]), array());
/*
if (!empty($data[$field]) && !Validate::alpha_comma($data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
*
*/
}
// Check behaviour_id field
if (!empty($data['behaviour_id']) && !Validate::slug($data['behaviour_id'])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'behaviour_id'));
}
// Make sure the title doesn't contain HTML
if (Setting::get('allow_html_title') == 'off') {
use_helper('Kses');
$data['title'] = kses(trim($data['title']), array());
}
// Create the page object to be manipulated and populate data
if ($action == 'add') {
$page = new Page($data);
} else {
$page = Record::findByIdFrom('Page', $id);
$page->setFromData($data);
}
// Upon errors, rebuild original page and return to screen with errors
if (false !== $errors) {
$tags = $_POST['page_tag'];
// Rebuild time fields
if (isset($page->created_on)) {
$page->created_on = $page->created_on . ' ' . $page->created_on_time;
}
if (isset($page->published_on)) {
$page->published_on = $page->published_on . ' ' . $page->published_on_time;
}
if (isset($page->valid_until)) {
$page->valid_until = $page->valid_until . ' ' . $page->valid_until_time;
}
// Rebuild parts
$part = $_POST['part'];
if (!empty($part)) {
$tmp = false;
foreach ($part as $key => $val) {
$tmp[$key] = (object) $val;
}
$part = $tmp;
}
// Set the errors to be displayed.
Flash::setNow('error', implode('<br/>', $errors));
// display things ...
$this->setLayout('backend');
$this->display('page/edit', array('action' => $action, 'csrf_token' => SecureToken::generateToken(BASE_URL . 'page/' . $action), 'page' => (object) $page, 'tags' => $tags, 'filters' => Filter::findAll(), 'behaviors' => Behavior::findAll(), 'page_parts' => (object) $part, 'layouts' => Record::findAllFrom('Layout')));
}
// Notify
if ($action == 'add') {
Observer::notify('page_add_before_save', $page);
} else {
Observer::notify('page_edit_before_save', $page);
}
// Time to actually save the page
// @todo rebuild this so parts are already set before save?
// @todo determine lazy init impact
if ($page->save()) {
// Get data for parts of this page
$data_parts = $_POST['part'];
Flash::set('post_parts_data', (object) $data_parts);
if ($action == 'edit') {
$old_parts = PagePart::findByPageId($id);
// check if all old page part are passed in POST
// if not ... we need to delete it!
foreach ($old_parts as $old_part) {
$not_in = true;
foreach ($data_parts as $part_id => $data) {
$data['name'] = trim($data['name']);
if ($old_part->name == $data['name']) {
$not_in = false;
// this will not really create a new page part because
// the id of the part is passed in $data
$part = new PagePart($data);
$part->page_id = $id;
Observer::notify('part_edit_before_save', $part);
$part->save();
Observer::notify('part_edit_after_save', $part);
unset($data_parts[$part_id]);
break;
}
}
if ($not_in) {
$old_part->delete();
}
}
}
// add the new parts
foreach ($data_parts as $data) {
$data['name'] = trim($data['name']);
$part = new PagePart($data);
$part->page_id = $page->id;
Observer::notify('part_add_before_save', $part);
$part->save();
Observer::notify('part_add_after_save', $part);
}
// save tags
$page->saveTags($_POST['page_tag']['tags']);
Flash::set('success', __('Page has been saved!'));
} else {
Flash::set('error', __('Page has not been saved!'));
$url = 'page/';
$url .= $action == 'edit' ? 'edit/' . $id : 'add/';
redirect(get_url($url));
}
if ($action == 'add') {
Observer::notify('page_add_after_save', $page);
} else {
Observer::notify('page_edit_after_save', $page);
}
// save and quit or save and continue editing ?
if (isset($_POST['commit'])) {
redirect(get_url('page'));
} else {
redirect(get_url('page/edit/' . $page->id));
}
}
echo __("Delete User");
?>
" />
</td>
<td class="help"></td>
</tr>
</table>
</div>
</form>
<?php
} else {
if ($action === "activate") {
?>
<?php
$url = get_url("user/activate/" . $form["id"] . "/" . $pawUsers->getCurrentUserID());
$token = SecureToken::generateToken($url);
?>
<form id="<?php
echo $action;
?>
-user-form" method="post" action="<?php
echo get_url("user/save/" . $action . "/" . $form["id"]);
?>
">
<div id="admin-area" class="form-area <?php
echo $action;
?>
-user-form">
<table class="fieldset">
<tr>
<td class="label"><label for="user-username"><?php
echo date("d-M-Y", strtotime($dine->created_on));
?>
</td>
<td><?php
echo $dine->updated_on === NULL ? '' : date("d-M-Y", strtotime($dine->updated_on));
?>
</td>-->
<td>
<a href="<?php
echo get_url('dine/edit/' . $dine->id);
?>
"><img src="<?php
echo URL_PUBLIC;
?>
wolf/admin/images/icon-edit.gif" alt="edit icon" /></a> <a href="<?php
echo get_url('dine/delete/' . $dine->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'dine/delete/' . $dine->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete dine : ') . ' ' . $dine->name . '?';
?>
');"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" alt="<?php
echo __('delete dine');
?>
" title="<?php
echo __('Delete dine');
?>
" /></a>
</td>
?>
</label></td>
<td class="field"><input type="text" id="field-label" class="textbox" value="<?php
echo $form["label"];
?>
" readonly /></td>
<td class="help"></td>
</tr>
<tr>
<td class="label"><label><?php
echo __("Delete Item");
?>
</label></td>
<td class="field">
<input type="hidden" name="field[token]" value="<?php
echo SecureToken::generateToken(get_url("user/fields/" . $action));
?>
" />
<input type="hidden" name="field[action]" value="<?php
echo $action;
?>
">
<input type="hidden" name="field[name]" value="<?php
echo $form["name"];
?>
">
<input class="button" name="field[delete]" type="submit" accesskey="s" value="<?php
echo __("Delete Field");
?>
" />
</td>
<input type="text" value="<?php
echo $pdf->sequence;
?>
" name="order[]" size=1 style="text-align:right;">
</td>
<td><?php
echo date("d-M-Y", strtotime($pdf->created_on));
?>
</td>
<td><?php
echo $pdf->updated_on === NULL ? '' : date("d-M-Y", strtotime($pdf->updated_on));
?>
</td>
<td>
<a href="<?php
echo get_url('pdf/delete/' . $pdf->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'pdf/delete/' . $pdf->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete pdf : ') . ' ' . $pdf->name . '?';
?>
');"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" alt="<?php
echo __('delete pdf');
?>
" title="<?php
echo __('Delete pdf');
?>
" /></a>
</td>
/**
* Runs checks and stores a page.
*
* @param string $action What kind of action this is: add or edit.
* @param mixed $id Page to edit if any.
*/
private function _store($action, $id = false)
{
// Sanity checks
if ($action == 'edit' && !$id) {
throw new Exception('Trying to edit page when $id is false.');
}
use_helper('Validate');
$data = $_POST['page'];
$data['is_protected'] = !empty($data['is_protected']) ? 1 : 0;
Flash::set('post_data', (object) $data);
$pagesetting = array();
//For homepage info & about page info okstmtcc
if ($id == 1 || $id == 4) {
$upload = $_POST['upload'];
$pagesetting = $_POST['pagesetting'];
//Flash::set('post_settingdata', (object) $pagesetting);
}
// Add pre-save checks here
$errors = false;
$error_fields = false;
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
$csrf_id = '';
if ($action === 'edit') {
$csrf_id = '/' . $id;
}
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'page/' . $action . $csrf_id)) {
$errors[] = __('Invalid CSRF token found!');
}
} else {
$errors[] = __('No CSRF token found!');
}
$data['title'] = trim($data['title']);
if (empty($data['title'])) {
$error_fields[] = __('Page Title');
}
/** homepage setting check okstmtcc **/
if ($id == 1) {
/** homepage page title **/
if (empty($pagesetting['homepage_discover_title'])) {
$error_fields[] = __('Homepage Title');
}
if (empty($pagesetting['homepage_discover_teaser'])) {
$error_fields[] = __('Homepage Teaser');
}
/** highlight 1 **/
// if (empty($pagesetting['highlight_title'])){
// $error_fields[] = __('Highlight 1´s Title');
// }
// if (empty($pagesetting['highlight_text1'])){
// $error_fields[] = __('Highlight 1´s Text 1');
// }
// if (empty($pagesetting['highlight_url'])){
// $error_fields[] = __('Highlight 1´s Read More URL');
// }
// $pagesetting_ori = PageSetting::init();
// if (isset($_FILES)) {
// if(empty($_FILES['upload_highlight_image']['name'])){
// $pagesetting['highlight_image'] = $pagesetting_ori->highlight_image;
// } else {
// $pagesetting['highlight_image'] = $_FILES['upload_highlight_image']['name'];
// }
// } else {
// $pagesetting['highlight_image'] = $pagesetting_ori->highlight_image;
// }
// if (empty($pagesetting['highlight_image'])){
// $error_fields[] = __('Highlight 1´s Image');
// }
// /** highlight 2 **/
// if (empty($pagesetting['highlight2_title'])){
// $error_fields[] = __('Highlight 2´s Title');
// }
// if (empty($pagesetting['highlight2_text1'])){
// $error_fields[] = __('Highlight 2´s Text 1');
// }
// if (empty($pagesetting['highlight2_url'])){
// $error_fields[] = __('Highlight 2´s Read More URL');
// }
// if (isset($_FILES)) {
// if(empty($_FILES['upload_highlight2_image']['name'])){
// $pagesetting['highlight2_image'] = $pagesetting_ori->highlight2_image;
// } else {
// $pagesetting['highlight2_image'] = $_FILES['upload_highlight2_image']['name'];
// }
// } else {
// $pagesetting['highlight2_image'] = $pagesetting_ori->highlight2_image;
// }
// if (empty($pagesetting['highlight2_image'])){
// $error_fields[] = __('Highlight 2´s Image');
// }
// if (isset($_FILES)) {
// if(empty($_FILES['upload_newdev_image']['name'])){
// $pagesetting['newdev_image'] = $pagesetting_ori->newdev_image;
// } else {
// $pagesetting['newdev_image'] = $_FILES['upload_newdev_image']['name'];
// }
// } else {
// $pagesetting['newdev_image'] = $pagesetting_ori->newdev_image;
// }
// if (empty($pagesetting['newdev_image'])){
// $error_fields[] = __('New Development Image');
// }
}
/** homepage setting check okstmtcc **/
$data['slug'] = !empty($data['slug']) ? trim($data['slug']) : '';
if (empty($data['slug']) && $id != '1') {
$error_fields[] = __('Slug');
} else {
if ($data['slug'] == ADMIN_DIR) {
$errors[] = __('You cannot have a slug named :slug!', array(':slug' => ADMIN_DIR));
}
if (!Validate::slug($data['slug']) && (!empty($data['slug']) && $id == '1')) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'slug'));
}
}
// Check all numerical fields for a page
$fields = array('parent_id', 'layout_id', 'needs_login');
foreach ($fields as $field) {
if (!Validate::digit($data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
}
// Check all date fields for a page
$fields = array('created_on', 'published_on', 'valid_until');
foreach ($fields as $field) {
if (isset($data[$field])) {
$data[$field] = trim($data[$field]);
if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/D', (string) $data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
}
}
// Check all time fields for a page
$fields = array('created_on_time', 'published_on_time', 'valid_until_time');
foreach ($fields as $field) {
if (isset($data[$field])) {
$data[$field] = trim($data[$field]);
if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{2}:[0-9]{2}:[0-9]{2}$/D', (string) $data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
}
}
// Check alphanumerical fields
$fields = array('keywords', 'description');
foreach ($fields as $field) {
use_helper('Kses');
$data[$field] = kses(trim($data[$field]), array());
/*
if (!empty($data[$field]) && !Validate::alpha_comma($data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
*
*/
}
// Check behaviour_id field
if (!empty($data['behaviour_id']) && !Validate::slug($data['behaviour_id'])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'behaviour_id'));
}
// Make sure the title doesn't contain HTML
if (Setting::get('allow_html_title') == 'off') {
use_helper('Kses');
$data['title'] = kses(trim($data['title']), array());
}
// Create the page object to be manipulated and populate data
if ($action == 'add') {
$page = new Page($data);
} else {
$page = Record::findByIdFrom('Page', $id);
$page->setFromData($data);
}
// Upon errors, rebuild original page and return to screen with errors
if (false !== $errors || $error_fields !== false) {
$tags = $_POST['page_tag'];
// Rebuild time fields
if (isset($page->created_on) && isset($page->created_on_time)) {
$page->created_on = $page->created_on . ' ' . $page->created_on_time;
}
if (isset($page->published_on) && isset($page->published_on_time)) {
$page->published_on = $page->published_on . ' ' . $page->published_on_time;
}
if (isset($page->valid_until)) {
$page->valid_until = $page->valid_until . ' ' . $page->valid_until_time;
}
// Rebuild parts
$part = '';
if (!empty($_POST['part'])) {
$part = $_POST['part'];
$tmp = false;
foreach ($part as $key => $val) {
$tmp[$key] = (object) $val;
}
$part = $tmp;
}
// Set the errors to be displayed.
$err_msg = $errors != false ? implode('<br/>', $errors) : '';
$err_msg .= $error_fields != false ? '<br />Please specify these fields: ' . implode(', ', $error_fields) : '';
Flash::setNow('error', $err_msg);
//$settingdata = 'aaa';
// display things ...
$this->setLayout('backend');
$pagesettingobj = new stdClass();
foreach ($pagesetting as $name => $value) {
$pagesettingobj->{$name} = $value;
}
$this->display('page/edit', array('action' => $action, 'csrf_token' => SecureToken::generateToken(BASE_URL . 'page/' . $action), 'page' => (object) $page, 'pagesetting' => $pagesettingobj, 'tags' => $tags, 'filters' => Filter::findAll(), 'behaviors' => Behavior::findAll(), 'page_parts' => $part, 'layouts' => Record::findAllFrom('Layout')));
}
// Notify
if ($action == 'add') {
Observer::notify('page_add_before_save', $page);
} else {
Observer::notify('page_edit_before_save', $page);
}
// Time to actually save the page
// @todo rebuild this so parts are already set before save?
// @todo determine lazy init impact
$page->newwindow = !empty($data['newwindow']) ? '1' : '0';
if ($page->save()) {
// Get data for parts of this page
$data_parts = $_POST['part'];
Flash::set('post_parts_data', (object) $data_parts);
if ($action == 'edit') {
$old_parts = PagePart::findByPageId($id);
// check if all old page part are passed in POST
// if not ... we need to delete it!
foreach ($old_parts as $old_part) {
$not_in = true;
foreach ($data_parts as $part_id => $data) {
$data['name'] = trim($data['name']);
if ($old_part->name == $data['name']) {
$not_in = false;
// this will not really create a new page part because
// the id of the part is passed in $data
$part = new PagePart($data);
$part->page_id = $id;
Observer::notify('part_edit_before_save', $part);
$part->save();
Observer::notify('part_edit_after_save', $part);
unset($data_parts[$part_id]);
break;
}
}
if ($not_in) {
$old_part->delete();
}
}
}
// add the new parts
foreach ($data_parts as $data) {
$data['name'] = trim($data['name']);
$part = new PagePart($data);
$part->page_id = $page->id;
Observer::notify('part_add_before_save', $part);
$part->save();
Observer::notify('part_add_after_save', $part);
}
// save tags
$page->saveTags($_POST['page_tag']['tags']);
// save homepage banner info okstmtcc
if ($id == 1) {
// upload home banner image 1, 2
if (isset($_FILES) && !empty($_FILES['upload_banner_image1']['name'])) {
//okstmtcc 20150827 Replace image filename spaces
$_FILES['upload_banner_image1']['name'] = str_replace(array(" ", "(", ")"), array("_", "", ""), $_FILES['upload_banner_image1']['name']);
$file = $this->upload_file($_FILES['upload_banner_image1']['name'], FILES_DIR . '/pagesetting/images/', $_FILES['upload_banner_image1']['tmp_name'], $overwrite);
if ($file === false) {
Flash::set('error', __('Home banner could not be uploaded!'));
redirect(get_url('page/edit/1'));
} else {
$pagesetting['banner_image1'] = $file;
}
}
if (isset($_FILES) && !empty($_FILES['upload_banner_image2']['name'])) {
//okstmtcc 20150827 Replace image filename spaces
$_FILES['upload_banner_image2']['name'] = str_replace(array(" ", "(", ")"), array("_", "", ""), $_FILES['upload_banner_image2']['name']);
$file = $this->upload_file($_FILES['upload_banner_image2']['name'], FILES_DIR . '/pagesetting/images/', $_FILES['upload_banner_image2']['tmp_name'], $overwrite);
if ($file === false) {
Flash::set('error', __('Home banner could not be uploaded!'));
redirect(get_url('page/edit/1'));
} else {
$pagesetting['banner_image2'] = $file;
}
}
PageSetting::saveFromData($pagesetting);
}
// save homepage banner info okstmtcc
// save about banner info okstmtcc
if ($id == 4) {
// upload about page image 1
if (isset($_FILES) && !empty($_FILES['upload_about_image1']['name'])) {
//okstmtcc 20150827 Replace image filename spaces
$_FILES['upload_about_image1']['name'] = str_replace(array(" ", "(", ")"), array("_", "", ""), $_FILES['upload_about_image1']['name']);
$file = $this->upload_file($_FILES['upload_about_image1']['name'], FILES_DIR . '/pagesetting/images/', $_FILES['upload_about_image1']['tmp_name'], $overwrite);
if ($file === false) {
Flash::set('error', __('Home banner could not be uploaded!'));
redirect(get_url('page/edit/1'));
} else {
$pagesetting['about_image1'] = $file;
}
}
PageSetting::saveFromData($pagesetting);
}
// save about banner info okstmtcc
Flash::set('success', __('Page has been saved.'));
} else {
Flash::set('error', __('Page has not been saved!'));
$url = 'page/';
$url .= $action == 'edit' ? 'edit/' . $id : 'add/';
redirect(get_url($url));
}
if ($action == 'add') {
Observer::notify('page_add_after_save', $page);
} else {
Observer::notify('page_edit_after_save', $page);
}
// save and quit or save and continue editing ?
if (isset($_POST['commit'])) {
redirect(get_url('page'));
} else {
redirect(get_url('page/edit/' . $page->id));
}
}
<td class="field">
<input type="text" class="textbox" value="<?php
echo isset($form["author"]) ? $form["author"] : __("Unknown");
?>
" readonly />
</td>
<td class="help"></td>
</tr>
<tr>
<td class="label"><label><?php
echo __("Delete Item");
?>
</label></td>
<td class="field">
<input type="hidden" name="blacklist[token]" value="<?php
echo SecureToken::generateToken(get_url("user/blacklist/" . $action));
?>
" />
<input type="hidden" name="blacklist[action]" value="<?php
echo $action;
?>
">
<input type="hidden" name="blacklist[id]" value="<?php
echo $form["id"];
?>
" />
<input class="button" name="blacklist[delete]" type="submit" accesskey="s" value="<?php
echo __("Delete Item");
?>
" />
</td>
</tr>
<?php
}
}
?>
<tr>
<td class="label"><label><?php
echo __("Delete Item");
?>
</label></td>
<td class="field">
<input type="hidden" name="<?php
echo $form["system"];
?>
[token]" value="<?php
echo SecureToken::generateToken(get_url("user/permissions/" . $action));
?>
" />
<input type="hidden" name="<?php
echo $form["system"];
?>
[action]" value="<?php
echo $action;
?>
">
<input type="hidden" name="<?php
echo $form["system"];
?>
[system]" value="<?php
echo $form["system"];
?>
<td>
<code>{{PAW_URL}}</code>
<span><?php
echo __("The single Remember-Password URL.");
?>
</span>
</td>
</tr>
</table>
</div>
</td>
</tr>
</table>
<p class="buttons">
<input type="hidden" name="token" value="<?php
echo SecureToken::generateToken(get_url("user/settings/messages"));
?>
" />
<input type="hidden" name="action" value="save">
<input type="hidden" name="type" value="messages">
<input type="submit" name="save" value="<?php
echo __("Save Settings");
?>
" />
</p>
</form>
</div>
</div>
</div>
</div>
public function edit($id)
{
if (!($pdf = Pdf::findById($id))) {
Flash::set('error', __('Menu not found!'));
redirect(get_url('pdf'));
}
// check if trying to save
if (get_request_method() == 'POST') {
return $this->_edit($id);
}
//$pdfgalleries = PdfImage::findByPdfId($id);
//$locations = Location::findByPdfId($id);
$this->display('pdf/edit', array('action' => 'edit', 'csrf_token' => SecureToken::generateToken(BASE_URL . 'pdf/edit/' . $id), 'pdf' => $pdf, 'id' => $id, 'pages' => Record::findAllFrom('Page', 'parent_id=1 order by parent_id,position')));
}
/**
* Saves the edited Snippet.
*
* @todo Merge _edit() and edit()
*
* @param string $id Snippet id.
*/
public function edit($id)
{
// check if user have already enter something
$snippet = Flash::get('post_data');
if (empty($snippet)) {
$snippet = Snippet::findById($id);
if (!$snippet) {
Flash::set('error', __('Snippet not found!'));
redirect(get_url('snippet'));
}
}
// check if trying to save
if (get_request_method() == 'POST') {
$this->_edit($id);
}
$this->display('snippet/edit', array('action' => 'edit', 'csrf_token' => SecureToken::generateToken(BASE_URL . 'snippet/edit'), 'filters' => Filter::findAll(), 'snippet' => $snippet));
}
<div class="titlebar">
<?php
echo __('Upload file');
?>
<a href="#" class="close"><img src="<?php
echo ICONS_PATH;
?>
action-delete-disabled-16.png"/></a>
</div>
<div class="content">
<form action="<?php
echo get_url('plugin/file_manager/upload');
?>
" method="post" enctype="multipart/form-data">
<input id="csrf_token" name="csrf_token" type="hidden" value="<?php
echo SecureToken::generateToken(BASE_URL . 'plugin/file_manager/upload');
?>
" />
<input id="upload_overwrite" name="upload[overwrite]" type="checkbox" value="1" /> <label for="upload_overwrite"><small><?php
echo __('overwrite it?');
?>
</small></label><br />
<input id="upload_path" name="upload[path]" type="hidden" value="<?php
echo $dir == '' ? '/' : $dir;
?>
" />
<input id="upload_file" name="upload_file" type="file" />
<input id="upload_file_button" name="commit" type="submit" value="<?php
echo __('Upload');
?>
" />
<div class="titlebar">
<?php
echo __('Upload file');
?>
<a href="#" class="close"><img src="<?php
echo ICONS_PATH;
?>
action-delete-disabled-16.png"/></a>
</div>
<div class="content">
<form action="<?php
echo get_url('plugin/shopping_cart/upload');
?>
" method="post" enctype="multipart/form-data">
<input id="csrf_token" name="csrf_token" type="hidden" value="<?php
echo SecureToken::generateToken(BASE_URL . 'plugin/shopping_cart/upload');
?>
" />
<input id="upload_overwrite" name="upload[overwrite]" type="checkbox" value="1" /> <label for="upload_overwrite"><small><?php
echo __('overwrite it?');
?>
</small></label><br />
<input id="upload_path" name="upload[path]" type="hidden" value="<?php
echo $dir == '' ? '/' : $dir;
?>
" />
<input id="upload_file" name="upload_file" type="file" />
<input id="upload_file_button" name="commit" type="submit" value="<?php
echo __('Upload');
?>
" />
$button = __("Send Remember Mail");
break;
case "remember":
$form = "login/remember";
$title = __("Remember Password");
$button = __("Set new Password");
break;
case "delete":
if ($pawUsers->config["account_deletion"] == 0) {
redirect(get_url("login"));
die;
}
$form = "login/delete";
$title = __("Delete Account");
$button = $title;
$token = SecureToken::generateToken(get_url("login/delete/" . $current));
break;
default:
redirect(get_url("login"));
die;
break;
}
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="utf-8" />
<title><?php
echo $title . " - " . Setting::get("admin_title");
?>
</title>
echo date("d-M-Y", strtotime($experience->created_on));
?>
</td>
<td><?php
echo $experience->updated_on === NULL ? '' : date("d-M-Y", strtotime($experience->updated_on));
?>
</td>-->
<td>
<a href="<?php
echo get_url('experience/edit/' . $experience->id);
?>
"><img src="<?php
echo URL_PUBLIC;
?>
wolf/admin/images/icon-edit.gif" alt="edit icon" /></a> <a href="<?php
echo get_url('experience/delete/' . $experience->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'experience/delete/' . $experience->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete experience : ') . ' ' . $experience->name . '?';
?>
');"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" alt="<?php
echo __('delete experience');
?>
" title="<?php
echo __('Delete experience');
?>
" /></a>
</td>
function edit_feature($id)
{
// check if trying to save
if (get_request_method() == 'POST') {
// form submission
$this->_checkPermission();
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'facilities/edit_feature/' . $id)) {
Flash::set('error', __('Invalid CSRF token found!'));
redirect(get_url('facilities/edit_feature/' . $id));
}
} else {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('facilities/edit_feature/' . $id));
}
$data = $_POST['upload'];
$path = str_replace('..', '', $data['path']);
$overwrite = isset($data['overwrite']) ? true : false;
$title = $_POST['title'];
$featureimage = FeatureImage::findById($id);
if (!empty($_FILES['upload_feature_file']['name']) && !file_exists(FILES_DIR . '/facilities/feature/' . $_FILES['upload_feature_file']['tmp_name'])) {
$file = $this->upload_feature_file($featureimage->facilitiesid, $featureimage->id, $title, $_FILES['upload_feature_file']['name'], FILES_DIR . '/facilities/feature/', $_FILES['upload_feature_file']['tmp_name'], $overwrite);
if ($file === false) {
Flash::set('error', __('File has not been uploaded!'));
redirect(get_url('facilities/edit_feature/' . $id));
}
} else {
$featureimage->title = $title;
if (!$featureimage->save()) {
Flash::set('error', __('Feature could not be saved!'));
} else {
Flash::set('success', __('Feature has been saved!'));
}
}
if (isset($_POST['commit'])) {
redirect(get_url('facilities/edit/' . $featureimage->facilitiesid));
} else {
redirect(get_url('facilities/edit_feature/' . $id));
}
} else {
// display edit page
$feature = FeatureImage::findById($id);
$this->display('facilities/edit_feature', array('csrf_token' => SecureToken::generateToken(BASE_URL . 'facilities/edit_feature/' . $id), 'feature' => $feature));
}
}
echo date("d-M-Y", strtotime($event->created_on));
?>
</td>
<td><?php
echo $event->updated_on === NULL ? '' : date("d-M-Y", strtotime($event->updated_on));
?>
</td>-->
<td>
<a href="<?php
echo get_url('event/edit/' . $event->id);
?>
"><img src="<?php
echo URL_PUBLIC;
?>
wolf/admin/images/icon-edit.gif" alt="edit icon" /></a> <a href="<?php
echo get_url('event/delete/' . $event->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'event/delete/' . $event->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete event : ') . ' ' . $event->name . '?';
?>
');"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" alt="<?php
echo __('delete event');
?>
" title="<?php
echo __('Delete event');
?>
" /></a>
</td>
?>
</td>
<td><?php
echo $room->updated_on === NULL ? '' : date("d-M-Y", strtotime($room->updated_on));
?>
</td>-->
<td>
<a href="<?php
echo get_url('room/edit/' . $room->id);
?>
"><img src="<?php
echo URL_PUBLIC;
?>
wolf/admin/images/icon-edit.gif" alt="edit icon" /></a>
<a href="<?php
echo get_url('room/delete/' . $room->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'room/delete/' . $room->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete room : ') . ' ' . $room->name . '?';
?>
');"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" alt="<?php
echo __('delete room');
?>
" title="<?php
echo __('Delete room');
?>
" /></a>
</td>
public function view()
{
$params = func_get_args();
$content = '';
$filename = urldecode(join('/', $params));
// Sanitize filename for securtiy
// We don't allow backlinks
if (strpos($filename, '..') !== false) {
/*
if (Plugin::isEnabled('statistics_api')) {
$user = null;
if (AuthUser::isLoggedIn())
$user = AuthUser::getUserName();
$ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : ($_SERVER['REMOTE_ADDR']);
$event = array('event_type' => 'hack_attempt', // simple event type identifier
'description' => __('A possible hack attempt was detected.'), // translatable description
'ipaddress' => $ip,
'username' => $user);
Observer::notify('stats_file_manager_hack_attempt', $event);
}
*/
}
$filename = str_replace('..', '', $filename);
// Clean up nicely
$filename = str_replace('//', '', $filename);
// We don't allow leading slashes
$filename = preg_replace('/^\\//', '', $filename);
// Check if file had URL_SUFFIX - if so, append it to filename
$filename .= isset($_GET['has_url_suffix']) && $_GET['has_url_suffix'] === '1' ? URL_SUFFIX : '';
$file = FILES_DIR . '/' . $filename;
if (!$this->_isImage($file) && file_exists($file)) {
$content = file_get_contents($file);
}
$this->display('file_manager/views/view', array('csrf_token' => SecureToken::generateToken(BASE_URL . 'plugin/file_manager/save/' . $filename), 'is_image' => $this->_isImage($file), 'filename' => $filename, 'content' => $content));
}
public function edit($id)
{
if (!($testimonial = Testimonial::findById($id))) {
Flash::set('error', __('Testimonial not found!'));
redirect(get_url('testimonial'));
}
// check if trying to save
if (get_request_method() == 'POST') {
return $this->_edit($id);
}
//$testimonialgalleries = TestimonialImage::findByTestimonialId($id);
//$features = FeatureImage::findByTestimonialId($id);
$this->display('testimonial/edit', array('action' => 'edit', 'csrf_token' => SecureToken::generateToken(BASE_URL . 'testimonial/edit/' . $id), 'testimonial' => $testimonial, 'id' => $id, 'pages' => Record::findAllFrom('Page', 'parent_id=1 order by parent_id,position')));
}
public function edit($id)
{
if (AuthUser::getId() != $id && !AuthUser::hasPermission('user_edit')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}
// check if trying to save
if (get_request_method() == 'POST') {
return $this->_edit($id);
}
if ($user = User::findById($id)) {
$this->display('user/edit', array('action' => 'edit', 'csrf_token' => SecureToken::generateToken(BASE_URL . 'user/edit'), 'user' => $user, 'permissions' => Record::findAllFrom('Role')));
} else {
Flash::set('error', __('User not found!'));
}
redirect(get_url('user'));
}
echo date("d-M-Y", strtotime($attraction->created_on));
?>
</td>
<td><?php
echo $attraction->updated_on === NULL ? '' : date("d-M-Y", strtotime($attraction->updated_on));
?>
</td>-->
<td>
<a href="<?php
echo get_url('attraction/edit/' . $attraction->id);
?>
"><img src="<?php
echo URL_PUBLIC;
?>
wolf/admin/images/icon-edit.gif" alt="edit icon" /></a> <a href="<?php
echo get_url('attraction/delete/' . $attraction->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'attraction/delete/' . $attraction->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete attraction : ') . ' ' . $attraction->name . '?';
?>
');"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" alt="<?php
echo __('delete attraction');
?>
" title="<?php
echo __('Delete attraction');
?>
" /></a>
</td>
function edit($id)
{
if (!($layout = Layout::findById($id))) {
Flash::set('error', __('Layout not found!'));
redirect(get_url('layout'));
}
// check if trying to save
if (get_request_method() == 'POST') {
return $this->_edit($id);
}
// display things...
$this->display('layout/edit', array('csrf_token' => SecureToken::generateToken(BASE_URL . 'layout/edit'), 'action' => 'edit', 'layout' => $layout));
}
?>
"><?php
echo AuthUser::getRecord()->name;
?>
</a>
<span class="separator"> | </span>
<a id="site-view-link" href="<?php
echo URL_PUBLIC;
?>
" target="_blank"><?php
echo __('View Site');
?>
</a>
<span class="separator"> | </span>
<a href="<?php
echo get_url('login/logout' . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'login/logout'));
?>
"><?php
echo __('Log Out');
?>
</a>
</p>
</div>
<!-- Overwrite tab function to text indent in textarea -->
<script>
$.fn.getTab = function () {
this.keydown(function (e) {
if (e.keyCode === 9) {
var val = this.value,
start = this.selectionStart,
<input type="text" value="<?php
echo $fnb->sequence;
?>
" name="order[]" size=1 style="text-align:right;">
</td>
<td><?php
echo date("d-M-Y", strtotime($fnb->created_on));
?>
</td>
<td><?php
echo $fnb->updated_on === NULL ? '' : date("d-M-Y", strtotime($fnb->updated_on));
?>
</td>
<td>
<a href="<?php
echo get_url('fnb/delete/' . $fnb->id . '?csrf_token=' . SecureToken::generateToken(BASE_URL . 'fnb/delete/' . $fnb->id));
?>
" onclick="return confirm('<?php
echo __('Are you sure you wish to delete fnb : ') . ' ' . $fnb->name . '?';
?>
');"><img src="<?php
echo URI_PUBLIC;
?>
wolf/admin/images/icon-remove.gif" alt="<?php
echo __('delete fnb');
?>
" title="<?php
echo __('Delete fnb');
?>
" /></a>
</td>
