function FlashChatBridge_user_showChat() { // perform permission check if (!SecurityUtil::checkPermission('FlashChatBridge::', '::', ACCESS_READ)) { return LogUtil::registerPermissionError(); } $popup = FormUtil::getPassedValue('popup', false); // Security check $render =& pnRender::getInstance('FlashChatBridge', false); $UserVars = pnUserGetVars(SessionUtil::getVar('uid')); $client_type = FormUtil::getPassedValue('client_type', 'standard'); $settings = pnModGetVar('FlashChatBridge'); $settings['init_user'] = $UserVars['uname']; $settings['init_password'] = $UserVars['pass']; if ($settings['autosize'] == 1) { $settings['width'] = "100%"; $settings['height'] = "100%"; } if ($popup) { $settings['width'] = "100%"; $settings['height'] = "100%"; $render->assign('settings', $settings); $chat = $render->fetch("flashchatbridge_user_chat_{$client_type}.htm"); $render->assign('chat', $chat); echo $render->fetch('flashchatbridge_user_popup.htm'); exit; } else { $render->assign('settings', $settings); return $render->fetch("flashchatbridge_user_chat_{$client_type}.htm"); } }
public static function contentMainEditExpandAll($belowPageId = null) { $expandedPageIds = SessionUtil::getVar('contentExpandedPageIds', array()); foreach (Content_Util::contentMainEditGetPagesList($belowPageId) as $page) { $expandedPageIds[$page['id']] = 1; } SessionUtil::setVar('contentExpandedPageIds', $expandedPageIds); }
/** * display block * * @param array $blockinfo a blockinfo structure * @return output the rendered bock */ function FlashChatBridge_Bannerchatblock_display($blockinfo) { if (!SecurityUtil::checkPermission('FlashChatBridge:Bannerchatblock:', "::", ACCESS_READ)) { return false; } if (!pnModAvailable('FlashChatBridge') || !pnUserLoggedIn()) { return false; } $render = pnRender::getInstance('FlashChatBridge', false); $UserVars = pnUserGetVars(SessionUtil::getVar('uid')); $settings = pnModGetVar('FlashChatBridge'); $settings['init_user'] = $UserVars['uname']; $settings['init_password'] = $UserVars['pass']; $settings['width'] = "100%"; $settings['height'] = "150"; $render->assign('settings', $settings); $blockinfo['content'] = $render->fetch('flashchatbridge_user_chat_banner.htm'); return pnBlockThemeBlock($blockinfo); }
/** * Content * * @copyright (C) 2007-2010, Content Development Team * @link http://github.com/zikula-modules/Content * @license See license.txt */ function smarty_function_contenteditthis($params, $view) { $dom = ZLanguage::getModuleDomain('Content'); $data = $params['data']; $type = $params['type']; $access = $params['access']; if (!$access['pageEditAllowed']) { return ''; } $editmode = SessionUtil::getVar('ContentEditMode'); $vars = $view->get_template_vars(); if ($vars['preview']) { return ''; } $html = ''; if ($type == 'page') { // Unused ... $html = '<div class="content-editthis">'; $url = DataUtil::formatForDisplay(ModUtil::url('Content', 'admin', 'editPage', array('pid' => $data['id'], 'back' => 1))); $translateurl = DataUtil::formatForDisplay(ModUtil::url('Content', 'admin', 'translatePage', array('pid' => $data['id'], 'back' => 1))); $html .= "<a href=\"{$url}\">" . __("Edit this page", $dom) . "</a>"; if ($vars['multilingual'] == 1) { $html .= "| <a href=\"{$translateurl}\">" . __("Translate this page", $dom) . "</a>"; } $html .= '</div>'; } elseif ($type == 'content' && $editmode) { $html = '<div class="content-editthis">'; $url = DataUtil::formatForDisplay(ModUtil::url('Content', 'admin', 'editContent', array('cid' => $data['id'], 'back' => 1))); $translateurl = DataUtil::formatForDisplay(ModUtil::url('Content', 'admin', 'translateContent', array('cid' => $data['id'], 'back' => 1))); $edittext = __f('Edit this: %1$s [ID%2$s]', array($data['title'], $data['id']), $dom); $html .= "<a href=\"{$url}\" title=\"" . __("Click to edit this content item", $dom) . "\">" . $edittext . "</a> "; if ($vars['multilingual'] == 1) { $html .= "<a href=\"{$translateurl}\">" . __("Translate", $dom) . "</a>"; } $html .= '</div>'; } if (isset($params['assign'])) { $smarty->assign($params['assign'], $html); } else { return $html; } }
/** * {@inheritdoc} */ public function start() { // create IP finger print $current_ipaddr = ''; $_REMOTE_ADDR = System::serverGetVar('REMOTE_ADDR'); $_HTTP_X_FORWARDED_FOR = System::serverGetVar('HTTP_X_FORWARDED_FOR'); // create the ip fingerprint $current_ipaddr = md5($_REMOTE_ADDR . $_HTTP_X_FORWARDED_FOR); // start session check expiry and ip fingerprint if required if (parent::start()) { // check if session has expired or not $now = time(); $inactive = $now - (int) (System::getVar('secinactivemins') * 60); $daysold = $now - (int) (System::getVar('secmeddays') * 86400); $lastused = $this->getMetadataBag()->getLastUsed(); $rememberme = SessionUtil::getVar('rememberme'); $uid = $this->getBag('attributes')->get('uid'); switch (System::getVar('seclevel')) { case 'Low': // Low security - users stay logged in permanently // no special check necessary break; case 'Medium': // Medium security - delete session info if session cookie has // expired or user decided not to remember themself and inactivity timeout // OR max number of days have elapsed without logging back in if (!$rememberme && $lastused < $inactive || $lastused < $daysold || $uid == '0' && $lastused < $inactive) { $this->expire(); } break; case 'High': default: // High security - delete session info if user is inactive //if ($rememberme && ($lastused < $inactive)) { // see #427 if ($lastused < $inactive) { $this->expire(); } break; } } return true; }
/** * bbsmiles * returns a html snippet with buttons for inserting bbsmiles into a text * * @param $args['textfieldid'] id of the textfield for inserting smilies */ public function bbsmiles($args) { if (!isset($args['textfieldid']) || empty($args['textfieldid'])) { return LogUtil::registerArgsError(); } // if we have more than one textarea we need to distinguish them, so we simply use // a counter stored in a session var until we find a better solution $counter = SessionUtil::getVar('bbsmile_counter', 0); $counter++; SessionUtil::setVar('bbsmile_counter', $counter); $this->view->assign('counter', $counter); $this->view->assign('textfieldid', $args['textfieldid']); PageUtil::addVar('stylesheet', ThemeUtil::getModuleStylesheet('BBSmile')); $templatefile = DataUtil::formatForOS(ModUtil::getName()) . '.tpl'; if ($this->view->template_exists($templatefile)) { return $this->view->fetch($templatefile); } $this->view->add_core_data(); return $this->view->fetch('bbsmile_user_bbsmiles.tpl'); }
/** * Zikula_View block to implement group checks in a template. * * Available attributes: * - gid (numeric) The ID number of the group to be tested. * * Example: * <pre> * {checkgroup gid='1'} * do some stuff now we have permission * {/checkgroup} * </pre>. * * @param array $params All attributes passed to this function from the template. * @param string $content The content between the block tags. * @param Zikula_View $view Reference to the {@link Zikula_View} object. * * @return string|boolean|void The content of the matching case. * If the user is a member of the group specified by the gid, * then the content contained in the block, otherwise null, * false on error. */ function smarty_block_checkgroup($params, $content, Zikula_View $view) { // check if there is something between the tags if (is_null($content)) { return; } // check our input if (!isset($params['gid'])) { $view->trigger_error(__f('Error! in %1$s: the %2$s parameter must be specified.', array('smarty_block_checkgroup', 'component'))); return false; } $uid = SessionUtil::getVar('uid'); if (empty($uid)) { return; } if (!ModUtil::apiFunc('Groups', 'user', 'isgroupmember', array('uid' => $uid, 'gid' => $params['gid']))) { return; } return $content; }
public function initialize(Zikula_Form_View $view) { if (!SecurityUtil::checkPermission('Content:page:', '::', ACCESS_EDIT)) { throw new Zikula_Exception_Forbidden(LogUtil::getErrorMsgPermission()); } // Include categories only when 2nd category enabled in settings $pages = ModUtil::apiFunc('Content', 'Page', 'getPages', array('editing' => true, 'filter' => array('checkActive' => false, 'expandedPageIds' => SessionUtil::getVar('contentExpandedPageIds', array())), 'enableEscape' => true, 'translate' => false, 'includeLanguages' => true, 'includeCategories' => $this->getVar('categoryUsage') < 3, 'orderBy' => 'setLeft')); if ($pages === false) { return $this->view->registerError(null); } // Get categories names if enabled if ($this->getVar('$categoryUsage') < 4) { $lang = ZLanguage::getLanguageCode(); $categories = array(); foreach ($pages as $page) { $cat = CategoryUtil::getCategoryByID($page['categoryId']); $categories[$page['id']] = array(); $categories[$page['id']][] = isset($cat['display_name'][$lang]) ? $cat['display_name'][$lang] : $cat['name']; if (isset($page['categories']) && is_array($page['categories'])) { foreach ($page['categories'] as $pageCat) { $cat = CategoryUtil::getCategoryByID($pageCat['categoryId']); $categories[$page['id']][] = isset($cat['display_name'][$lang]) ? $cat['display_name'][$lang] : $cat['name']; } } } $this->view->assign('categories', $categories); } PageUtil::setVar('title', $this->__('Page list and content structure')); $csssrc = ThemeUtil::getModuleStylesheet('admin', 'admin.css'); PageUtil::addVar('stylesheet', $csssrc); $this->view->assign('pages', $pages); $this->view->assign('multilingual', ModUtil::getVar(ModUtil::CONFIG_MODULE, 'multilingual')); $this->view->assign('enableVersioning', $this->getVar('enableVersioning')); $this->view->assign('language', ZLanguage::getLanguageCode()); Content_Util::contentAddAccess($this->view, null); return true; }
/** * Constructor. */ public function __construct() { $this->langSession = SessionUtil::getVar('language', null); $this->langSystemDefault = System::getVar('language_i18n', 'en'); $this->languageCode = $this->langSystemDefault; $this->langFixSession = preg_replace('#[^a-z-].#', '', FormUtil::getPassedValue('setsessionlanguage', null, 'POST')); $this->multiLingualCapable = System::getVar('multilingual'); $this->langUrlRule = System::getVar('languageurl', 0); $this->langDetect = System::getVar('language_detect', 0); $this->setDBCharset(); $this->setEncoding(); }
/** * Determine if the current session is that of an anonymous user. * * @return boolean */ public static function isGuestUser() { return !SessionUtil::getVar('uid', 0); }
/** * Compiles the given string of code, and returns * the result in a string. * If "do_not_echo" is true, the returned code will not be directly * executable, but can be used as part of a variable assignment * for use in assign_code_from_handle(). */ function compile($code, $do_not_echo = false, $retvar = '') { // Begin PNphpBB2 Module global $board_config, $gen_simple_header; if (!defined('PNPHPBB_TEMPLATE') && empty($gen_simple_header) && SessionUtil::getVar('fullpage') == 0) { $search = array("'<\\!doctype\\s+.*?>'si", "'<title[^>]*?>.*?</title>'si", "'<head>'i", "'</head>'i", "'<html>'i", "'<html\\s+.*?>'i", "'</html>'i", "'body\\s*{(\\s*[a-zA-Z0-9\\-_]*:\\s*{[a-zA-Z0-9\\-_]*};*)*\\s*}'i", "'/\\*.*?\\*/'i", "'<body\\s+.*?>'si", "'</body\\s+.*?>'si", "'<font.*?>'i", "'</font>'i"); $replace = array("", "", "", "", "", "", "", "", "", "", "", "", ""); $code = preg_replace($search, $replace, $code); } if (!defined(PNPHPBB_TEMPLATE)) { $code = str_replace("../templates/", "./modules/ZphpBB2/vendor/phpBB2/templates/", $code); $code = str_replace("\"templates/", "\"./modules/ZphpBB2/vendor/phpBB2/templates/", $code); $code = str_replace("url(templates", "url(./modules/ZphpBB2/vendor/phpBB2/templates", $code); $search = array("'font(?!-).*?\\s*{(\\s*[a-zA-Z0-9\\-_]*\\s*:\\s*{[a-zA-Z0-9\\-_]*};*)*\\s*}'i", "'a:(link|active|visited|hover|).*?{(\\s*[a-zA-Z0-9\\-_]*\\s*:\\s*.*?;)*\\s*}'i", "'<input\\s+type\\s*=\\s*\"?text\"?\\s+name\\s*=\\s*\"?username\"?'i", "'<input\\s+type\\s*=\\s*\"?password\"?\\s+name\\s*=\\s*\"?password\"?'i", "'<input\\s+type\\s*=\\s*\"?checkbox\"?\\s+name\\s*=\\s*\"?autologin\"?'i", "'\\.copyright'i", "'<span\\s+class\\s*=\\s*\"?copyright\"?'i"); $replace = array("", "", '<input type="text" name="uname"', '<input type="password" name="pass"', '<input type="checkbox" name="rememberme"', "", '<div class="gensmall" align="center"'); $code = preg_replace($search, $replace, $code); if (preg_match("/L_CONFIGURATION_TITLE/i", $code)) { $code = preg_replace("'<tr[^>]*>[^<]*(<(?!tr)[^<]*)*(L_SERVER_NAME|L_SERVER_PORT|L_SCRIPT_PATH|L_SITE_NAME|L_SITE_DESCRIPTION|L_ACCT_ACTIVATION|L_VISUAL_CONFIRM|L_ALLOW_AUTOLOGIN|L_AUTOLOGIN_TIME|L_DATE_FORMAT|L_SYSTEM_TIMEZONE|L_ENABLE_GZIP|L_COOKIE_SECURE|L_ALLOW_NAME_CHANGE|L_COPPA_SETTINGS|L_COPPA_FAX|L_COPPA_MAIL|L_DEFAULT_LANGUAGE|L_TIMEZONE).*?</tr>'si", "", $code); } if (preg_match("/L_REGISTRATION_INFO/i", $code)) { // $code = preg_replace ("'<table[^>]*>[^<]*(<(?!table)[^<]*)*(L_REGISTRATION_INFO).*?</table>'si", "", $code); $code = preg_replace("'<tr[^>]*>[^<]*(<(?!tr)[^<]*)*(L_REGISTRATION_INFO|L_ITEMS_REQUIRED|L_USERNAME|L_EMAIL_ADDRESS|L_NEW_PASSWORD|L_CONFIRM_PASSWORD|L_ICQ_NUMBER|L_AIM|L_MESSENGER|L_YAHOO|L_WEBSITE|L_LOCATION|L_OCCUPATION|L_INTERESTS|L_BOARD_LANGUAGE|L_DATE_FORMAT|L_TIMEZONE).*?</tr>'si", "", $code); } } // End PNphpBB2 Module // replace \ with \\ and then ' with \'. $code = str_replace('\\', '\\\\', $code); $code = str_replace('\'', '\\\'', $code); // change template varrefs into PHP varrefs // This one will handle varrefs WITH namespaces $varrefs = array(); preg_match_all('#\\{(([a-z0-9\\-_]+?\\.)+?)([a-z0-9\\-_]+?)\\}#is', $code, $varrefs); $varcount = sizeof($varrefs[1]); for ($i = 0; $i < $varcount; $i++) { $namespace = $varrefs[1][$i]; $varname = $varrefs[3][$i]; $new = $this->generate_block_varref($namespace, $varname); $code = str_replace($varrefs[0][$i], $new, $code); } // This will handle the remaining root-level varrefs $code = preg_replace('#\\{([a-z0-9\\-_]*?)\\}#is', '\' . ( ( isset($this->_tpldata[\'.\'][0][\'\\1\']) ) ? $this->_tpldata[\'.\'][0][\'\\1\'] : \'\' ) . \'', $code); // Break it up into lines. $code_lines = explode("\n", $code); $block_nesting_level = 0; $block_names = array(); $block_names[0] = "."; // Second: prepend echo ', append ' . "\n"; to each line. $line_count = sizeof($code_lines); for ($i = 0; $i < $line_count; $i++) { $code_lines[$i] = chop($code_lines[$i]); if (preg_match('#<!-- BEGIN (.*?) -->#', $code_lines[$i], $m)) { $n[0] = $m[0]; $n[1] = $m[1]; // Added: dougk_ff7-Keeps templates from bombing if begin is on the same line as end.. I think. :) if (preg_match('#<!-- END (.*?) -->#', $code_lines[$i], $n)) { $block_nesting_level++; $block_names[$block_nesting_level] = $m[1]; if ($block_nesting_level < 2) { // Block is not nested. $code_lines[$i] = '$_' . $n[1] . '_count = ( isset($this->_tpldata[\'' . $n[1] . '.\']) ) ? sizeof($this->_tpldata[\'' . $n[1] . '.\']) : 0;'; $code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)'; $code_lines[$i] .= "\n" . '{'; } else { // This block is nested. // Generate a namespace string for this block. $namespace = implode('.', $block_names); // strip leading period from root level.. $namespace = substr($namespace, 2); // Get a reference to the data array for this block that depends on the // current indices of all parent blocks. $varref = $this->generate_block_data_ref($namespace, false); // Create the for loop code to iterate over this block. $code_lines[$i] = '$_' . $n[1] . '_count = ( isset(' . $varref . ') ) ? sizeof(' . $varref . ') : 0;'; $code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)'; $code_lines[$i] .= "\n" . '{'; } // We have the end of a block. unset($block_names[$block_nesting_level]); $block_nesting_level--; $code_lines[$i] .= '} // END ' . $n[1]; $m[0] = $n[0]; $m[1] = $n[1]; } else { // We have the start of a block. $block_nesting_level++; $block_names[$block_nesting_level] = $m[1]; if ($block_nesting_level < 2) { // Block is not nested. $code_lines[$i] = '$_' . $m[1] . '_count = ( isset($this->_tpldata[\'' . $m[1] . '.\']) ) ? sizeof($this->_tpldata[\'' . $m[1] . '.\']) : 0;'; $code_lines[$i] .= "\n" . 'for ($_' . $m[1] . '_i = 0; $_' . $m[1] . '_i < $_' . $m[1] . '_count; $_' . $m[1] . '_i++)'; $code_lines[$i] .= "\n" . '{'; } else { // This block is nested. // Generate a namespace string for this block. $namespace = implode('.', $block_names); // strip leading period from root level.. $namespace = substr($namespace, 2); // Get a reference to the data array for this block that depends on the // current indices of all parent blocks. $varref = $this->generate_block_data_ref($namespace, false); // Create the for loop code to iterate over this block. $code_lines[$i] = '$_' . $m[1] . '_count = ( isset(' . $varref . ') ) ? sizeof(' . $varref . ') : 0;'; $code_lines[$i] .= "\n" . 'for ($_' . $m[1] . '_i = 0; $_' . $m[1] . '_i < $_' . $m[1] . '_count; $_' . $m[1] . '_i++)'; $code_lines[$i] .= "\n" . '{'; } } } else { if (preg_match('#<!-- END (.*?) -->#', $code_lines[$i], $m)) { // We have the end of a block. unset($block_names[$block_nesting_level]); $block_nesting_level--; $code_lines[$i] = '} // END ' . $m[1]; } else { // We have an ordinary line of code. if (!$do_not_echo) { $code_lines[$i] = 'echo \'' . $code_lines[$i] . '\' . "\\n";'; } else { $code_lines[$i] = '$' . $retvar . '.= \'' . $code_lines[$i] . '\' . "\\n";'; } } } } // Bring it back into a single string of lines of code. $code = implode("\n", $code_lines); return $code; }
/** * Process results from IDS scan. * * @param IDS_Init $init PHPIDS init object reference. * @param IDS_Report $result The result object from PHPIDS. * * @return void */ private function _processIdsResult(IDS_Init $init, IDS_Report $result) { // $result contains any suspicious fields enriched with additional info // Note: it is moreover possible to dump this information by simply doing //"echo $result", calling the IDS_Report::$this->__toString() method implicitely. $requestImpact = $result->getImpact(); if ($requestImpact < 1) { // nothing to do return; } // update total session impact to track an attackers activity for some time $sessionImpact = SessionUtil::getVar('idsImpact', 0) + $requestImpact; SessionUtil::setVar('idsImpact', $sessionImpact); // let's see which impact mode we are using $idsImpactMode = System::getVar('idsimpactmode', 1); $idsImpactFactor = 1; if ($idsImpactMode == 1) { $idsImpactFactor = 1; } elseif ($idsImpactMode == 2) { $idsImpactFactor = 10; } elseif ($idsImpactMode == 3) { $idsImpactFactor = 5; } // determine our impact threshold values $impactThresholdOne = System::getVar('idsimpactthresholdone', 1) * $idsImpactFactor; $impactThresholdTwo = System::getVar('idsimpactthresholdtwo', 10) * $idsImpactFactor; $impactThresholdThree = System::getVar('idsimpactthresholdthree', 25) * $idsImpactFactor; $impactThresholdFour = System::getVar('idsimpactthresholdfour', 75) * $idsImpactFactor; $usedImpact = ($idsImpactMode == 1) ? $requestImpact : $sessionImpact; // react according to given impact if ($usedImpact > $impactThresholdOne) { // db logging // determine IP address of current user $_REMOTE_ADDR = System::serverGetVar('REMOTE_ADDR'); $_HTTP_X_FORWARDED_FOR = System::serverGetVar('HTTP_X_FORWARDED_FOR'); $ipAddress = ($_HTTP_X_FORWARDED_FOR) ? $_HTTP_X_FORWARDED_FOR : $_REMOTE_ADDR; $currentPage = System::getCurrentUri(); $currentUid = UserUtil::getVar('uid'); $intrusionItems = array(); foreach ($result as $event) { $eventName = $event->getName(); $malVar = explode(".", $eventName, 2); $filters = array(); foreach ($event as $filter) { array_push($filters, array( 'id' => $filter->getId(), 'description' => $filter->getDescription(), 'impact' => $filter->getImpact(), 'tags' => $filter->getTags(), 'rule' => $filter->getRule())); } $tagVal = $malVar[1]; $newIntrusionItem = array( 'name' => array($eventName), 'tag' => $tagVal, 'value' => $event->getValue(), 'page' => $currentPage, 'uid' => $currentUid, 'ip' => $ipAddress, 'impact' => $result->getImpact(), 'filters' => serialize($filters), 'date' => DateUtil::getDatetime() ); if (array_key_exists($tagVal, $intrusionItems)) { $intrusionItems[$tagVal]['name'][] = $newIntrusionItem['name'][0]; } else { $intrusionItems[$tagVal] = $newIntrusionItem; } } // log details to database foreach ($intrusionItems as $tag => $intrusionItem) { $intrusionItem['name'] = implode(", ", $intrusionItem['name']); // create new ZIntrusion instance $obj = new SecurityCenter_DBObject_Intrusion(); // set data $obj->setData($intrusionItem); // save object to db $obj->save(); } } if (System::getVar('idsmail') && ($usedImpact > $impactThresholdTwo)) { // mail admin // prepare mail text $mailBody = __('The following attack has been detected by PHPIDS') . "\n\n"; $mailBody .= __f('IP: %s', $ipAddress) . "\n"; $mailBody .= __f('UserID: %s', $currentUid) . "\n"; $mailBody .= __f('Date: %s', DateUtil::strftime(__('%b %d, %Y'), (time()))) . "\n"; if ($idsImpactMode == 1) { $mailBody .= __f('Request Impact: %d', $requestImpact) . "\n"; } else { $mailBody .= __f('Session Impact: %d', $sessionImpact) . "\n"; } $mailBody .= __f('Affected tags: %s', join(' ', $result->getTags())) . "\n"; $attackedParameters = ''; foreach ($result as $event) { $attackedParameters .= $event->getName() . '=' . urlencode($event->getValue()) . ", "; } $mailBody .= __f('Affected parameters: %s', trim($attackedParameters)) . "\n"; $mailBody .= __f('Request URI: %s', urlencode($currentPage)); // prepare other mail arguments $siteName = System::getVar('sitename'); $adminmail = System::getVar('adminmail'); $mailTitle = __('Intrusion attempt detected by PHPIDS'); if (ModUtil::available('Mailer')) { $args = array(); $args['fromname'] = $siteName; $args['fromaddress'] = $adminmail; $args['toname'] = 'Site Administrator'; $args['toaddress'] = $adminmail; $args['subject'] = $mailTitle; $args['body'] = $mailBody; $rc = ModUtil::apiFunc('Mailer', 'user', 'sendmessage', $args); } else { $headers = "From: $siteName <$adminmail>\n" ."X-Priority: 1 (Highest)"; System::mail($adminmail, $mailTitle, $mailBody, $headers); } } if ($usedImpact > $impactThresholdThree) { // block request if (System::getVar('idssoftblock')) { // warn only for debugging the ruleset LogUtil::registerError(__('Malicious request code / a hacking attempt was detected. This request has NOT been blocked!')); } else { throw new Zikula_Exception_Forbidden(__('Malicious request code / a hacking attempt was detected. Thus this request has been blocked.'), null, $result); } } return; }
/** * {@inheritdoc} */ public function getUserIdValue(ClassMetadata $meta, $field) { return \SessionUtil::getVar('uid', 0); }
/** * @Route("/edit/{cid}/{dr}/{mode}", requirements={"cid" = "^[1-9]\d*$", "dr" = "^[1-9]\d*$", "mode" = "edit|new"}) * @Method("GET") * * edit category * * @param Request $request * @param integer $cid * @param integer $dr * @param string $mode new|edit * * @return Response symfony response object * * @throws AccessDeniedException Thrown if the user doesn't have permission to edit or add the category */ public function editAction(Request $request, $cid = 0, $dr = 1, $mode = "new") { $editCat = ''; $languages = ZLanguage::getInstalledLanguages(); // indicates that we're editing if ($mode == 'edit') { if (!SecurityUtil::checkPermission('ZikulaCategoriesModule::category', '::', ACCESS_EDIT)) { throw new AccessDeniedException(); } if (!$cid) { $request->getSession()->getFlashBag()->add('error', $this->__('Error! Cannot determine valid \'cid\' for edit mode in \'ZikulaCategoriesModule_admin_edit\'.')); return new RedirectResponse($this->get('router')->generate('zikulacategoriesmodule_admin_view', array(), RouterInterface::ABSOLUTE_URL)); } $editCat = CategoryUtil::getCategoryByID($cid); if (!$editCat) { $request->getSession()->getFlashBag()->add('error', $this->__('Sorry! No such item found.')); return new RedirectResponse($this->get('router')->generate('zikulacategoriesmodule_admin_view', array(), RouterInterface::ABSOLUTE_URL)); } } else { // new category creation if (!SecurityUtil::checkPermission('ZikulaCategoriesModule::category', '::', ACCESS_ADD)) { throw new AccessDeniedException(); } // since we inherit the domain settings from the parent, we get // the inherited (and merged) object from session if (isset($_SESSION['newCategory']) && $_SESSION['newCategory']) { $editCat = $_SESSION['newCategory']; unset($_SESSION['newCategory']); $category = new CategoryEntity(); // need this for validation info } elseif (FormUtil::getValidationErrors()) { // if we're back from validation get the posted data from session $newCatActionData = \SessionUtil::getVar('newCatActionData'); \SessionUtil::delVar('newCatActionData'); $editCat = new CategoryEntity(); $editCat = $editCat->toArray(); $editCat = array_merge($editCat, $newCatActionData); unset($editCat['path']); unset($editCat['ipath']); $category = new CategoryEntity(); // need this for validation info } else { // someone just pressed 'new' -> populate defaults $category = new CategoryEntity(); $editCat['sort_value'] = '0'; } } $allCats = CategoryUtil::getSubCategories($dr, true, true, true, false, true); // now remove the categories which are below $editCat ... // you should not be able to set these as a parent category as it creates a circular hierarchy (see bug #4992) if (isset($editCat['ipath'])) { $cSlashEdit = StringUtil::countInstances($editCat['ipath'], '/'); foreach ($allCats as $k => $v) { $cSlashCat = StringUtil::countInstances($v['ipath'], '/'); if ($cSlashCat >= $cSlashEdit && strpos($v['ipath'], $editCat['ipath']) !== false) { unset($allCats[$k]); } } } $selector = CategoryUtil::getSelector_Categories($allCats, 'id', isset($editCat['parent_id']) ? $editCat['parent_id'] : 0, 'category[parent_id]', isset($defaultValue) ? $defaultValue : null, null, 0, null, false, false, true, 1, false, 'form-control'); $attributes = isset($editCat['__ATTRIBUTES__']) ? $editCat['__ATTRIBUTES__'] : array(); $this->view->assign('mode', $mode)->assign('category', $editCat)->assign('attributes', $attributes)->assign('languages', $languages)->assign('categorySelector', $selector); if ($mode == 'edit') { $this->view->assign('haveSubcategories', CategoryUtil::haveDirectSubcategories($cid))->assign('haveLeafSubcategories', CategoryUtil::haveDirectSubcategories($cid, false, true)); } return $this->response($this->view->fetch('Admin/edit.tpl')); }
/** * Selects a list of objects with a given where clause and pagination parameters. * * @param string $where The where clause to use when retrieving the collection (optional) (default=''). * @param string $orderBy The order-by clause to use when retrieving the collection (optional) (default=''). * @param integer $currentPage Where to start selection * @param integer $resultsPerPage Amount of items to select * @param boolean $useJoins Whether to include joining related objects (optional) (default=true). * @param boolean $slimMode If activated only some basic fields are selected without using any joins (optional) (default=false). * * @return Array with retrieved collection and amount of total records affected by this query. */ public function selectWherePaginated($where = '', $orderBy = '', $currentPage = 1, $resultsPerPage = 25, $useJoins = true, $slimMode = false) { $qb = $this->genericBaseQuery($where, $orderBy, $useJoins, $slimMode); $page = $currentPage; // check if we have any filters set $parameters = $this->getViewQuickNavParameters('', array()); $hasFilters = false; foreach ($parameters as $k => $v) { if (!is_numeric($v) && $v != '' || is_numeric($v) && $v > 0) { $hasFilters = true; break; } } if (!$hasFilters) { if ($page > 1 || isset($_GET['pos'])) { // store current page in session SessionUtil::setVar('MUVideoMoviesCurrentPage', $page); } else { // restore current page from session $page = SessionUtil::getVar('MUVideoMoviesCurrentPage', 1); System::queryStringSetVar('pos', $page); } } list($query, $count) = $this->getSelectWherePaginatedQuery($qb, $page, $resultsPerPage); $result = $this->retrieveCollectionResult($query, $orderBy, true); return array($result, $count); }
public function viewStats($args) { $statsSaved = unserialize(SessionUtil::getVar('statsSaved')); $moduleName = (isset($statsSaved['moduleName'])) ? $statsSaved['moduleName'] : ''; $fromDate = (isset($statsSaved['fromDate'])) ? $statsSaved['fromDate'] : null; $toDate = (isset($statsSaved['toDate'])) ? $statsSaved['toDate'] : ''; $moduleName = FormUtil::getPassedValue('moduleName', isset($args['moduleName']) ? $args['moduleName'] : $moduleName, 'GETPOST'); $uname = FormUtil::getPassedValue('uname', isset($args['uname']) ? $args['uname'] : $statsSaved['uname'], 'GETPOST'); $fromDate = FormUtil::getPassedValue('fromDate', isset($args['fromDate']) ? $args['fromDate'] : $fromDate, 'GETPOST'); $toDate = FormUtil::getPassedValue('toDate', isset($args['toDate']) ? $args['toDate'] : $toDate, 'GETPOST'); $uid = FormUtil::getPassedValue('uid', isset($args['uid']) ? $args['uid'] : 0, 'GETPOST'); if ($uid > 0) { $uname = UserUtil::getVar('uname', $uid); } SessionUtil::setVar('statsSaved', serialize(array('uname' => $uname, 'moduleName' => $moduleName, 'fromDate' => $fromDate, 'toDate' => $toDate, ))); if (!SecurityUtil::checkPermission('IWstats::', '::', ACCESS_ADMIN)) { throw new Zikula_Exception_Forbidden(); } $uid = 0; $rpp = 50; $lastDays = 10; $nusers = 0; if ($uname != null && $uname != '') { // get user id from uname $uid = UserUtil::getIdFromName($uname); if (!$uid) { LogUtil::registerError(__f('User \'%s\' not found', array($uname))); $uname = ''; } } $time = time(); if ($fromDate != null) { $fromDate = mktime(0, 0, 0, substr($fromDate, 3, 2), substr($fromDate, 0, 2), substr($fromDate, 6, 4)); $fromDate = date('Y-m-d 00:00:00', $fromDate); $fromDate = DateUtil::makeTimestamp($fromDate); $fromDate = date('d-m-Y', $fromDate); } else { $fromDate = date('d-m-Y', $time - $lastDays * 24 * 60 * 60); } if ($toDate != null) { $toDate = mktime(0, 0, 0, substr($toDate, 3, 2), substr($toDate, 0, 2), substr($toDate, 6, 4)); $toDate = date('Y-m-d 00:00:00', $toDate); $toDate = DateUtil::makeTimestamp($toDate); $toDate = date('d-m-Y', $toDate); } else { $toDate = date('d-m-Y', $time); } // get last records $records = ModUtil::apiFunc('IWstats', 'user', 'getAllSummary', array('rpp' => -1, 'init' => -1, 'fromDate' => $fromDate, 'toDate' => $toDate, )); // get all modules $modules = ModUtil::apiFunc('Extensions', 'admin', 'listmodules', array('state' => 0)); foreach ($modules as $module) { $modulesNames[$module['id']] = $module['name']; $modulesArray[] = array('id' => $module['id'], 'name' => $module['name']); } $modulesNames[0] = $this->__('unknown'); $usersListArray = array(); $moduleStatsArray = array(); $userModulesArray = array(); $userArray = array(); $moduleArray = array(); $usersForModule = array(); $users = array(); $usersIpCounter = 0; $nRecords = 0; $userNRecords = 0; $usersList = ''; $userName = ''; foreach ($records as $record) { $nRecords = $nRecords + $record['nrecords']; $usersIpCounter = $usersIpCounter + $record['nips']; $users = explode('$$', substr($record['users'], 1, -1)); // substr to remove $ in the begining and the end of the string foreach ($users as $user) { $oneUser = explode('|', $user); if (!in_array($oneUser[0], $usersListArray)) { $nusers++; $usersListArray[] = $oneUser[0]; } if ($oneUser[0] == $uid && $uid > 0) { $userInit = '$' . $uid . '|'; $userDataPos = strpos($record['users'], $userInit); $subDataPre = substr($record['users'], $userDataPos + strlen($userInit)); $userDataPos = strpos($subDataPre, '$'); $subDataPre = substr($subDataPre, 0, $userDataPos); $userModules = explode('#', $subDataPre); foreach ($userModules as $module) { $oneModule = explode('=', $module); if (array_key_exists($modulesNames[$oneModule[0]], $userModulesArray)) { $userModulesArray[$modulesNames[$oneModule[0]]] = $oneModule[1]; } else { $userModulesArray[$modulesNames[$oneModule[0]]] = $userModulesArray[$modulesNames[$oneModule[0]]] + $oneModule[1]; } $userNRecords = $userNRecords + $oneModule[1]; } } if ($moduleName != '') { $moduleId = ModUtil::getIdFromName($moduleName); if ((strpos($oneUser[1], $moduleId . '=') !== false && strpos($oneUser[1], $moduleId . '=') == 0) || strpos($oneUser[1], '#' . $moduleId . '=') !== false) { // get the number of views $pos = strpos($oneUser[1], $moduleId . '='); if ($pos != 0) { $pos = strpos($oneUser[1], '#' . $moduleId . '='); } $preString = substr($oneUser[1], $pos); //print $preString . '<br />'; if ($pos != 0) { $preString = substr($preString, 1); } $pos = strpos($preString, '#'); $preString = ($pos == 0) ? $preString : substr($preString, 0, $pos); $num = explode('=', $preString); if (!array_key_exists($oneUser[0], $usersForModule)) { $usersForModule[$oneUser[0]] = $num[1]; $usersList .= $oneUser[0] . '$$'; } else { $usersForModule[$oneUser[0]] = $usersForModule[$oneUser[0]] + $num[1]; } } } } $modules = explode('$$', substr($record['modules'], 1, -1)); // substr to remove $ in the begining and the end of the string foreach ($modules as $module) { $oneModule = explode('|', $module); if (isset($modulesNames[$oneModule[0]])) { if (!array_key_exists($modulesNames[$oneModule[0]], $moduleStatsArray)) { $moduleStatsArray[$modulesNames[$oneModule[0]]] = $oneModule[1]; } else { $moduleStatsArray[$modulesNames[$oneModule[0]]] = $moduleStatsArray[$modulesNames[$oneModule[0]]] + $oneModule[1]; } } } } ksort($userModulesArray); if ($uid > 0) { $userArray = array('nRecords' => $userNRecords, 'userModulesArray' => $userModulesArray, ); } ksort($moduleStatsArray); if ($uid > 0) { $sv = ModUtil::func('IWmain', 'user', 'genSecurityValue'); $userName = ModUtil::func('IWmain', 'user', 'getUserInfo', array('info' => 'ncc', 'sv' => $sv, 'uid' => $uid)); } if ($moduleName != '') { $sv = ModUtil::func('IWmain', 'user', 'genSecurityValue'); $users = ModUtil::func('IWmain', 'user', 'getAllUsersInfo', array('info' => 'ncc', 'sv' => $sv, 'list' => $usersList, )); $users[0] = $this->__('Unregistered'); } return $this->view->assign('users', $users) ->assign('nRecords', $nRecords) ->assign('nusers', $nusers) ->assign('userName', $userName) ->assign('usersIpCounter', $usersIpCounter) ->assign('modulesNames', $modulesNames) ->assign('modulesArray', $modulesArray) ->assign('moduleName', $moduleName) ->assign('uname', $uname) ->assign('fromDate', $fromDate) ->assign('toDate', $toDate) ->assign('userArray', $userArray) ->assign('maxDate', date('Ymd', time())) ->assign('usersForModule', $usersForModule) ->assign('moduleStatsArray', $moduleStatsArray) ->fetch('IWstats_admin_stats.htm'); }
/** * View all blocks. * * @return string HTML output string. */ public function view() { // Security check if (!SecurityUtil::checkPermission('Blocks::', '::', ACCESS_EDIT)) { return LogUtil::registerPermissionError(); } $sfilter = SessionUtil::getVar('filter', array(), '/Blocks'); $filter = FormUtil::getPassedValue('filter', $sfilter); $clear = FormUtil::getPassedValue('clear', 0); if ($clear) { $filter = array(); SessionUtil::setVar('filter', $filter, '/Blocks'); } // sort and sortdir GET parameters override filter values $sort = isset($filter['sort']) && !empty($filter['sort']) ? strtolower($filter['sort']) : 'bid'; $sortdir = isset($filter['sortdir']) && !empty($filter['sortdir']) ? strtoupper($filter['sortdir']) : 'ASC'; $filter['sort'] = FormUtil::getPassedValue('sort', $sort, 'GET'); $filter['sortdir'] = FormUtil::getPassedValue('sortdir', $sortdir, 'GET'); if ($filter['sortdir'] != 'ASC' && $filter['sortdir'] != 'DESC') { $filter['sortdir'] = 'ASC'; } $filter['blockposition_id'] = isset($filter['blockposition_id']) ? $filter['blockposition_id'] : 0; $filter['modid'] = isset($filter['modid']) ? $filter['modid'] : 0; $filter['language'] = isset($filter['language']) ? $filter['language'] : ''; $filter['active_status'] = isset($filter['active_status']) ? $filter['active_status'] : 0; // generate an authorisation key for the links $token = SecurityUtil::generateCsrfToken($this->serviceManager, true); // set some default variables $rownum = 1; $lastpos = ''; // Get all blocks $blocks = ModUtil::apiFunc('Blocks', 'user', 'getall', $filter); // we can easily count the number of blocks using count() rather than // calling the api function $numrows = count($blocks); // create an empty arrow to hold the processed items $blockitems = array(); // get all possible block positions $blockspositions = ModUtil::apiFunc('Blocks', 'user', 'getallpositions'); // build assoc array for easier usage later on foreach ($blockspositions as $blocksposition) { $allbposarray[$blocksposition['pid']] = $blocksposition['name']; } // loop round each item calculating the additional information $blocksitems = array(); foreach ($blocks as $key => $block) { // set the module that holds the block $modinfo = ModUtil::getInfo($block['mid']); $block['modname'] = $modinfo['displayname']; // set the blocks language if (empty($block['language'])) { $block['language'] = $this->__('All'); } else { $block['language'] = ZLanguage::getLanguageName($block['language']); } $thisblockspositions = ModUtil::apiFunc('Blocks', 'user', 'getallblockspositions', array('bid' => $block['bid'])); $bposarray = array(); foreach ($thisblockspositions as $singleblockposition) { $bposarray[] = $allbposarray[$singleblockposition['pid']]; } $block['positions'] = implode(', ', $bposarray); unset($bposarray); // calculate what options the user has over this block $block['options'] = array(); if ($block['active']) { $block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'deactivate', array('bid' => $block['bid'], 'csrftoken' => $token)), 'image' => 'folder_grey.png', 'title' => $this->__f('Deactivate \'%s\'', $block['title']), 'noscript' => true); } else { $block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'activate', array('bid' => $block['bid'], 'csrftoken' => $token)), 'image' => 'folder_green.png', 'title' => $this->__f('Activate \'%s\'', $block['title']), 'noscript' => true); } $block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'modify', array('bid' => $block['bid'])), 'image' => 'xedit.png', 'title' => $this->__f('Edit \'%s\'', $block['title']), 'noscript' => false); $block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'delete', array('bid' => $block['bid'])), 'image' => '14_layer_deletelayer.png', 'title' => $this->__f('Delete \'%s\'', $block['title']), 'noscript' => false); $blocksitems[] = $block; } $this->view->assign('blocks', $blocksitems); // get the block positions $items = ModUtil::apiFunc('Blocks', 'user', 'getallpositions'); // Loop through each returned item adding in the options that the user has over the item foreach ($items as $key => $item) { if (SecurityUtil::checkPermission('Blocks::', "{$item['name']}::", ACCESS_READ)) { $options = array(); if (SecurityUtil::checkPermission('Blocks::', "{$item['name']}::\$", ACCESS_EDIT)) { $options[] = array('url' => ModUtil::url('Blocks', 'admin', 'modifyposition', array('pid' => $item['pid'])), 'image' => 'xedit.png', 'title' => $this->__f('Edit blockposition \'%s\'', $item['name'])); if (SecurityUtil::checkPermission('Blocks::', "{$item['name']}::", ACCESS_DELETE)) { $options[] = array('url' => ModUtil::url('Blocks', 'admin', 'deleteposition', array('pid' => $item['pid'])), 'image' => '14_layer_deletelayer.png', 'title' => $this->__f('Delete blockposition \'%s\'', $item['name'])); } } // Add the calculated menu options to the item array $items[$key]['options'] = $options; } } // Assign the items to the template ksort($items); $this->view->assign('positions', $items); $this->view->assign('filter', $filter)->assign('sort', $filter['sort'])->assign('sortdir', $filter['sortdir']); // Return the output that has been generated by this function return $this->view->fetch('blocks_admin_view.tpl'); }
/** * Display hook for view. * * Subject is the object being viewed that we're attaching to. * args[id] Is the id of the object. * args[caller] the module who notified of this event. * * @param Zikula_Hook $hook The hook. * * @return void */ public function uiView(Zikula_DisplayHook $hook) { // work out the input from the hook $mod = $hook->getCaller(); $areaId = $hook->getAreaId(); $objectid = $hook->getId(); // first check if the user is allowed to do any comments for this module/objectid if (!SecurityUtil::checkPermission('EZComments::', "{$mod}:{$objectid}:", ACCESS_OVERVIEW)) { return; } $subject = array(); //$hook->getSubject(); $owneruid = isset($subject['cr_uid']) ? (int) $subject['cr_uid'] : 0; $useurl = isset($subject['useurl']) ? $subject['useurl'] : null; $ownerUidSession = SessionUtil::delVar('commentOwner', 0); if ($ownerUidSession > 0) { $owneruid = $ownerUidSession; } // we may have a comment incoming $ezcomment = unserialize(SessionUtil::getVar('ezcomment', 'a:0:{}')); $ezcomment = isset($ezcomment[$mod][$objectid]) ? $ezcomment[$mod][$objectid] : null; // we may get some input in from the navigation bar $order = FormUtil::getPassedValue('order'); $sortorder = $order == 1 ? 'DESC' : 'ASC'; $status = 0; // check if we're using the pager $enablepager = ModUtil::getVar('EZComments', 'enablepager'); if ($enablepager) { $numitems = ModUtil::getVar('EZComments', 'commentsperpage'); $startnum = FormUtil::getPassedValue('comments_startnum'); if (!isset($startnum) && !is_numeric($startnum)) { $startnum = -1; } } else { $startnum = -1; $numitems = -1; } $params = compact('mod', 'areaId', 'objectid', 'sortorder', 'status', 'numitems', 'startnum'); $items = ModUtil::apiFunc('EZComments', 'user', 'getall', $params); if ($items === false) { return LogUtil::registerError($this->__('Internal Error.'), null, 'index.php'); } $items = ModUtil::apiFunc('EZComments', 'user', 'prepareCommentsForDisplay', $items); if ($enablepager) { $commentcount = ModUtil::apiFunc('EZComments', 'user', 'countitems', compact('mod', 'objectid', 'status')); } else { $commentcount = count($items); } // create the output object $view = Zikula_View::getInstance('EZComments', false, null, true); $view->assign('areaid', $areaId)->assign('comments', $items)->assign('commentcount', $commentcount)->assign('ezcomment', $ezcomment)->assign('ezc_info', compact('mod', 'objectid', 'sortorder', 'status'))->assign('modinfo', ModUtil::getInfo(ModUtil::getIdFromName($mod)))->assign('msgmodule', System::getVar('messagemodule', ''))->assign('prfmodule', System::getVar('profilemodule', ''))->assign('allowadd', SecurityUtil::checkPermission('EZComments::', "{$mod}:{$objectid}:", ACCESS_COMMENT))->assign('loggedin', UserUtil::isLoggedIn()); $modUrl = $hook->getUrl(); $redirect = !is_null($modUrl) ? $modUrl->getUrl() : ''; $view->assign('returnurl', $redirect); // encode the url - otherwise we can get some problems out there.... $redirect = base64_encode($redirect); $view->assign('redirect', $redirect); $view->assign('objectid', $objectid); // assign the user is of the content owner $view->assign('owneruid', $owneruid); // assign url that should be stored in db and sent in email if it // differs from the redirect url $view->assign('useurl', $useurl); // flag to recognize the main call static $mainScreen = true; $view->assign('mainscreen', $mainScreen); $mainScreen = false; // assign the values for the pager $view->assign('ezc_pager', array('numitems' => $commentcount, 'itemsperpage' => $numitems)); // find out which template and stylesheet to use $templateset = isset($args['template']) ? $args['template'] : FormUtil::getPassedValue('eztpl'); $css = isset($args['ezccss']) ? $args['ezccss'] : FormUtil::getPassedValue('ezccss'); $defaultcss = ModUtil::getVar('EZComments', 'css', 'style.css'); if (!$view->template_exists(DataUtil::formatForOS($templateset) . '/ezcomments_user_view.tpl')) { $templateset = ModUtil::getVar('EZComments', 'template', 'Standard'); } $view->assign('template', $templateset); // include stylesheet if there is a style sheet $css = $css ? "{$css}.css" : $defaultcss; if ($css = ModUtil::apiFunc('EZComments', 'user', 'getStylesheet', array('path' => "{$templateset}/{$css}"))) { PageUtil::addVar('stylesheet', $css); } $template = DataUtil::formatForOS($templateset) . '/ezcomments_user_view.tpl'; $response = new Zikula_Response_DisplayHook('provider_area.ui_hooks.ezcomments.comments', $view, $template); $hook->setResponse($response); }
function mediashare_randomblock_display($blockinfo) { // Security check if (!SecurityUtil::checkPermission('mediashare:randomblock:', "{$blockinfo['title']}::{$blockinfo['bid']}", ACCESS_READ)) { return; } $dom = ZLanguage::getModuleDomain('mediashare'); // Get variables from content block $vars = pnBlockVarsFromContent($blockinfo['content']); $sessionVarName = 'mediashare_block_' . $blockinfo['bid']; $sessionVars = SessionUtil::getVar($sessionVarName); if ($sessionVars == '' || $sessionVars == null) { $sessionVars = array(); } if (isset($sessionVars['oldContent']) && isset($sessionVars['lastUpdate'])) { $past = time() - $sessionVars['lastUpdate']; if ($past < $vars['cacheTime']) { // No need to refresh - move old content into real content $blockinfo['content'] = $sessionVars['oldContent']; return themesideblock($blockinfo); } } if ($vars['type'] == 'album') { $randomInfo = pnModAPIFunc('mediashare', 'user', 'getRandomMediaItem', array('albumId' => $vars['albumId'], 'mode' => 'album')); } else { if ($vars['type'] == 'latest') { $randomInfo = pnModAPIFunc('mediashare', 'user', 'getRandomMediaItem', array('latest' => true, 'mode' => 'latest')); } else { $randomInfo = pnModAPIFunc('mediashare', 'user', 'getRandomMediaItem'); } } if ($randomInfo === false) { return false; } $mediaId = $randomInfo['mediaId']; $albumId = $randomInfo['albumId']; if (empty($mediaId)) { return; } // Get image info $mediaInfo = pnModAPIFunc('mediashare', 'user', 'getMediaItem', array('mediaId' => $mediaId)); // Get album info $albumInfo = pnModAPIFunc('mediashare', 'user', 'getAlbum', array('albumId' => $albumId)); $originalURL = pnModAPIFunc('mediashare', 'user', 'getMediaUrl', array('mediaItem' => $mediaInfo, 'src' => 'originalRef')); $previewURL = pnModAPIFunc('mediashare', 'user', 'getMediaUrl', array('mediaItem' => $mediaInfo, 'src' => 'previewRef')); $thumbnailURL = pnModAPIFunc('mediashare', 'user', 'getMediaUrl', array('mediaItem' => $mediaInfo, 'src' => 'thumbnailRef')); $albumURL = pnModUrl('mediashare', 'user', 'view', array('aid' => $albumId, 'mid' => $mediaId)); // Create the final HTML by substituting various macros into the user specified HTML code $substitutes = array('originalURL' => $originalURL, 'previewURL' => $previewURL, 'thumbnailURL' => $thumbnailURL, 'albumURL' => $albumURL, 'title' => $mediaInfo['title'], 'owner' => __('Unknown', $dom), 'albumTitle' => $albumInfo['title']); $html = $vars['html']; foreach ($substitutes as $key => $value) { $pattern = '${' . $key . '}'; $html = str_replace($pattern, $value, $html); } $blockinfo['content'] = $html; $sessionVars['oldContent'] = $html; $sessionVars['lastUpdate'] = time(); SessionUtil::setVar($sessionVarName, $sessionVars); // ... and return encapsulated in a theme block return themesideblock($blockinfo); }
/** * add new item * * @author Mark West * @return string HTML string */ public function newitem($args) { $this->throwForbiddenUnless(SecurityUtil::checkPermission('News::', '::', ACCESS_COMMENT), LogUtil::getErrorMsgPermission()); // Any item set for preview will be stored in a session var // Once the new article is posted we'll clear the session var. $item = array(); $sess_item = SessionUtil::getVar('newsitem'); // get the type parameter so we can decide what template to use $type = FormUtil::getPassedValue('type', 'user', 'REQUEST'); // Set the default values for the form. If not previewing an item prior // to submission these values will be null but do need to be set $item['sid'] = isset($sess_item['sid']) ? $sess_item['sid'] : ''; $item['__CATEGORIES__'] = isset($sess_item['__CATEGORIES__']) ? $sess_item['__CATEGORIES__'] : array(); $item['__ATTRIBUTES__'] = isset($sess_item['__ATTRIBUTES__']) ? $sess_item['__ATTRIBUTES__'] : array(); $item['title'] = isset($sess_item['title']) ? $sess_item['title'] : ''; $item['urltitle'] = isset($sess_item['urltitle']) ? $sess_item['urltitle'] : ''; $item['hometext'] = isset($sess_item['hometext']) ? $sess_item['hometext'] : ''; $item['hometextcontenttype'] = isset($sess_item['hometextcontenttype']) ? $sess_item['hometextcontenttype'] : ''; $item['bodytext'] = isset($sess_item['bodytext']) ? $sess_item['bodytext'] : ''; $item['bodytextcontenttype'] = isset($sess_item['bodytextcontenttype']) ? $sess_item['bodytextcontenttype'] : ''; $item['notes'] = isset($sess_item['notes']) ? $sess_item['notes'] : ''; $item['displayonindex'] = isset($sess_item['displayonindex']) ? $sess_item['displayonindex'] : 1; $item['language'] = isset($sess_item['language']) ? $sess_item['language'] : ''; $item['allowcomments'] = isset($sess_item['allowcomments']) ? $sess_item['allowcomments'] : 1; $item['from'] = isset($sess_item['from']) ? $sess_item['from'] : DateUtil::getDatetime(null, '%Y-%m-%d %H:%M'); $item['to'] = isset($sess_item['to']) ? $sess_item['to'] : DateUtil::getDatetime(null, '%Y-%m-%d %H:%M'); $item['tonolimit'] = isset($sess_item['tonolimit']) ? $sess_item['tonolimit'] : 1; $item['unlimited'] = isset($sess_item['unlimited']) ? $sess_item['unlimited'] : 1; $item['weight'] = isset($sess_item['weight']) ? $sess_item['weight'] : 0; $item['pictures'] = isset($sess_item['pictures']) ? $sess_item['pictures'] : 0; $item['tempfiles'] = isset($sess_item['tempfiles']) ? $sess_item['tempfiles'] : null; $item['temp_pictures'] = isset($sess_item['tempfiles']) ? unserialize($sess_item['tempfiles']) : null; $preview = ''; if (isset($sess_item['action']) && $sess_item['action'] == self::ACTION_PREVIEW) { $preview = $this->preview(array('title' => $item['title'], 'hometext' => $item['hometext'], 'hometextcontenttype' => $item['hometextcontenttype'], 'bodytext' => $item['bodytext'], 'bodytextcontenttype' => $item['bodytextcontenttype'], 'notes' => $item['notes'], 'sid' => $item['sid'], 'pictures' => $item['pictures'], 'temp_pictures' => $item['temp_pictures'])); } // Get the module vars $modvars = $this->getVars(); if ($modvars['enablecategorization']) { $catregistry = CategoryRegistryUtil::getRegisteredModuleCategories('News', 'news'); $this->view->assign('catregistry', $catregistry); // add article attribute if morearticles is enabled and general setting is zero if ($modvars['enablemorearticlesincat'] && $modvars['morearticlesincat'] == 0) { $item['__ATTRIBUTES__']['morearticlesincat'] = 0; } } // Assign the default languagecode $this->view->assign('lang', ZLanguage::getLanguageCode()); // Assign the item to the template $this->view->assign('item', $item); // Assign the content format $formattedcontent = ModUtil::apiFunc('News', 'user', 'isformatted', array('func' => 'newitem')); $this->view->assign('formattedcontent', $formattedcontent); $this->view->assign('accessadd', 0); if (SecurityUtil::checkPermission('News::', '::', ACCESS_ADD)) { $this->view->assign('accessadd', 1); $this->view->assign('accesspicupload', 1); $this->view->assign('accesspubdetails', 1); } else { $this->view->assign('accesspicupload', SecurityUtil::checkPermission('News:pictureupload:', '::', ACCESS_ADD)); $this->view->assign('accesspubdetails', SecurityUtil::checkPermission('News:publicationdetails:', '::', ACCESS_ADD)); } $this->view->assign('preview', $preview); // Return the output that has been generated by this function return $this->view->fetch('user/create.tpl'); }
/** * get the error type. * * @return int error type. */ public static function getErrorType() { return (int) SessionUtil::getVar('_ZErrorMsgType'); }
/** * Generate auth key. * * @param string $modname Module name. * * @deprecated since 1.3.0 * * @return string An encrypted key for use in authorisation of operations. */ public static function generateAuthKey($modname = '') { // Ugly hack for Zikula_Response_Ajax which for BC reasons needs to add authid to response // So when this method is called by Zikula_Response_Ajax or Zikula_Response_Ajax_Error class // do not mark it as deprecated. $trace = debug_backtrace(false); if (!isset($trace[1]['class']) || !in_array($trace[1]['class'], array('Zikula_Response_Ajax', 'Zikula_Response_Ajax_Error'))) { LogUtil::log(__f('Warning! Static call %1$s is deprecated. Please use %2$s instead.', array('SecurityUtil::generateAuthKey()', 'SecurityUtil::generateCsrfToken()')), E_USER_DEPRECATED); } // since we need sessions for authorisation keys we should check // if a session exists and if not create one SessionUtil::requireSession(); if (empty($modname)) { $modname = ModUtil::getName(); } // Remove from 1.4 if (System::isLegacyMode() && $modname == 'Modules') { LogUtil::log(__('Warning! "Modules" module has been renamed to "Extensions". Please update any generateAuthKey calls in PHP or templates.')); $modname = 'ZikulaExtensionsModule'; } // get the module info $modinfo = ModUtil::getInfoFromName($modname); $modname = strtolower($modinfo['name']); // get the array of randomed values per module // and generate the one of the current module if doesn't exist $rand_arr = SessionUtil::getVar('rand'); if (!isset($rand_arr[$modname])) { $rand_arr[$modname] = RandomUtil::getString(32, 40, false, true, true, false, true, true, false); SessionUtil::setVar('rand', $rand_arr); } $key = $rand_arr[$modname] . $modname; if (System::getVar('keyexpiry') > 0) { $timestamp = time(); $authid = sha1($key . $timestamp) . $timestamp; } else { $authid = sha1($key); } // Return encrypted key return $authid; }
/** * Create a comment for a specific item * * This is a standard function that is called with the results of the * form supplied by EZComments_user_view to create a new item * * @param $comment the comment (taken from HTTP put) * @param $mod the name of the module the comment is for (taken from HTTP put) * @param $objectid ID of the item the comment is for (taken from HTTP put) * @param $redirect URL to return to (taken from HTTP put) * @param $subject The subject of the comment (if any) (taken from HTTP put) * @param $replyto The ID of the comment for which this an anser to (taken from HTTP put) * @since 0.1 */ public function create($args) { $mod = isset($args['mod']) ? $args['mod'] : FormUtil::getPassedValue('mod', null, 'POST'); $objectid = isset($args['objectid']) ? $args['objectid'] : FormUtil::getPassedValue('objectid', null, 'POST'); $areaid = isset($args['areaid']) ? $args['areaid'] : FormUtil::getPassedValue('areaid', null, 'POST'); $comment = isset($args['comment']) ? $args['comment'] : FormUtil::getPassedValue('comment', null, 'POST'); $subject = isset($args['subject']) ? $args['subject'] : FormUtil::getPassedValue('subject', null, 'POST'); $replyto = isset($args['replyto']) ? $args['replyto'] : FormUtil::getPassedValue('replyto', null, 'POST'); $owneruid = isset($args['owneruid']) ? $args['owneruid'] : FormUtil::getPassedValue('owneruid', null, 'POST'); $redirect = isset($args['redirect']) ? $args['redirect'] : FormUtil::getPassedValue('redirect', null, 'POST'); $useurl = isset($args['useurl']) ? $args['useurl'] : FormUtil::getPassedValue('useurl', null, 'POST'); // check if the user logged in and if we're allowing anon users to // set a name and email address if (!UserUtil::isLoggedIn()) { $anonname = isset($args['anonname']) ? $args['anonname'] : FormUtil::getPassedValue('anonname', null, 'POST'); $anonmail = isset($args['anonmail']) ? $args['anonmail'] : FormUtil::getPassedValue('anonmail', null, 'POST'); $anonwebsite = isset($args['anonwebsite']) ? $args['anonwebsite'] : FormUtil::getPassedValue('anonwebsite', null, 'POST'); } else { $anonname = ''; $anonmail = ''; $anonwebsite = ''; } if (!isset($owneruid) || !($owneruid > 1)) { $owneruid = 0; } $redirect = str_replace('&', '&', base64_decode($redirect)); $redirect = !empty($redirect) ? $redirect : System::serverGetVar('HTTP_REFERER'); $useurl = base64_decode($useurl); // save the submitted data if any error occurs $ezcomment = unserialize(SessionUtil::getVar('ezcomment', 'a:0:{}')); if (isset($ezcomment[$mod][$objectid])) { unset($ezcomment[$mod][$objectid]); } if (!empty($subject)) { $ezcomment[$mod][$objectid]['subject'] = $subject; } if (!empty($comment)) { $ezcomment[$mod][$objectid]['comment'] = $comment; } if (!empty($anonname)) { $ezcomment[$mod][$objectid]['anonname'] = $anonname; } if (!empty($anonmail)) { $ezcomment[$mod][$objectid]['anonmail'] = $anonmail; } if (!empty($anonwebsite)) { $ezcomment[$mod][$objectid]['anonwebsite'] = $anonwebsite; } // Confirm authorisation code // check csrf token SessionUtil::setVar('ezcomment', serialize($ezcomment)); $this->checkCsrfToken(); SessionUtil::delVar('ezcomment'); // and check we've actually got a comment.... if (empty($comment)) { SessionUtil::setVar('ezcomment', serialize($ezcomment)); return LogUtil::registerError($this->__('Error! The comment contains no text.'), null, $redirect . "#commentform_{$mod}_{$objectid}"); } // Check hooked modules for validation $hookvalidators = $this->notifyHooks(new Zikula_ValidationHook('ezcomments.ui_hooks.comments.validate_edit', new Zikula_Hook_ValidationProviders()))->getValidators(); if ($hookvalidators->hasErrors()) { SessionUtil::setVar('ezcomment', serialize($ezcomment)); return LogUtil::registerError($this->__('Error! The hooked content does not validate. Could it possibly be that a captcha code was entered incorrectly?'), null, $redirect . "#commentform_{$mod}_{$objectid}"); } // now parse out the hostname+subfolder from the url for storing in the DB $url = str_replace(System::getBaseUri(), '', $useurl); $id = ModUtil::apiFunc('EZComments', 'user', 'create', array('mod' => $mod, 'objectid' => $objectid, 'areaid' => $areaid, 'url' => $url, 'comment' => $comment, 'subject' => $subject, 'replyto' => $replyto, 'uid' => UserUtil::getVar('uid'), 'owneruid' => $owneruid, 'useurl' => $useurl, 'redirect' => $redirect, 'anonname' => $anonname, 'anonmail' => $anonmail, 'anonwebsite' => $anonwebsite)); if ($id) { // clear respective cache ModUtil::apiFunc('EZComments', 'user', 'clearItemCache', array('id' => $id, 'modname' => $mod, 'objectid' => $objectid, 'url' => $url)); } else { // redirect if it was not successful SessionUtil::setVar('ezcomment', $ezcomment); System::redirect($redirect . "#commentform_{$mod}_{$objectid}"); } // clean/set the session data if (isset($ezcomment[$mod][$objectid])) { unset($ezcomment[$mod][$objectid]); if (empty($ezcomment[$mod])) { unset($ezcomment[$mod]); } } if (empty($ezcomment)) { SessionUtil::delVar('ezcomment'); } else { SessionUtil::setVar('ezcomment', serialize($ezcomment)); } return System::redirect($redirect . '#comment' . $id); }
/** * edit category */ public function editAction() { $cid = $this->request->get('cid', 0); $root_id = $this->request->get('dr', 1); $mode = $this->request->get('mode', 'new'); $allCats = ''; $editCat = ''; $languages = ZLanguage::getInstalledLanguages(); // indicates that we're editing if ($mode == 'edit') { if (!SecurityUtil::checkPermission('Categories::category', "::", ACCESS_ADMIN)) { throw new \Zikula\Framework\Exception\ForbiddenException(); } if (!$cid) { return LogUtil::registerError($this->__('Error! Cannot determine valid \'cid\' for edit mode in \'Categories_admin_edit\'.')); } $editCat = CategoryUtil::getCategoryByID($cid); if (!$editCat) { return LogUtil::registerError($this->__('Sorry! No such item found.'), 404); } } else { // new category creation if (!SecurityUtil::checkPermission('Categories::category', '::', ACCESS_ADD)) { throw new \Zikula\Framework\Exception\ForbiddenException(); } // since we inherit the domain settings from the parent, we get // the inherited (and merged) object from session if (isset($_SESSION['newCategory']) && $_SESSION['newCategory']) { $editCat = $_SESSION['newCategory']; unset($_SESSION['newCategory']); $category = new \Zikula\Core\Doctrine\Entity\Category(); // need this for validation info } elseif (FormUtil::getValidationErrors()) { $newCatActionData = \SessionUtil::getVar('newCatActionData'); \SessionUtil::delVar('newCatActionData'); $editCat = new \Zikula\Core\Doctrine\Entity\Category(); $editCat = $editCat->toArray(); $editCat = array_merge($editCat, $newCatActionData); unset($editCat['path']); unset($editCat['ipath']); $category = new \Zikula\Core\Doctrine\Entity\Category(); // need this for validation info } else { $category = new \Zikula\Core\Doctrine\Entity\Category(); $editCat['sort_value'] = '0'; } } $reloadOnCatChange = $mode != 'edit'; $allCats = CategoryUtil::getSubCategories($root_id, true, true, true, false, true); // now remove the categories which are below $editCat ... // you should not be able to set these as a parent category as it creates a circular hierarchy (see bug #4992) if (isset($editCat['ipath'])) { $cSlashEdit = StringUtil::countInstances($editCat['ipath'], '/'); foreach ($allCats as $k => $v) { $cSlashCat = StringUtil::countInstances($v['ipath'], '/'); if ($cSlashCat >= $cSlashEdit && strpos($v['ipath'], $editCat['ipath']) !== false) { unset($allCats[$k]); } } } $selector = CategoryUtil::getSelector_Categories($allCats, 'id', isset($editCat['parent_id']) ? $editCat['parent_id'] : 0, 'category[parent_id]', isset($defaultValue) ? $defaultValue : null, null, $reloadOnCatChange); $attributes = isset($editCat['__ATTRIBUTES__']) ? $editCat['__ATTRIBUTES__'] : array(); $this->view->assign('mode', $mode)->assign('category', $editCat)->assign('attributes', $attributes)->assign('languages', $languages)->assign('categorySelector', $selector); if ($mode == 'edit') { $this->view->assign('haveSubcategories', CategoryUtil::haveDirectSubcategories($cid))->assign('haveLeafSubcategories', CategoryUtil::haveDirectSubcategories($cid, false, true)); } return $this->response($this->view->fetch('Admin/edit.tpl')); }
/** * Perform the search. * * @param string $args['g'] query string to search * @param bool $args['firstPage'] is this first search attempt? is so - basic search is performed * @param string $args['searchtype'] (optional) search type (default='AND') * @param string $args['searchorder'] (optional) search order (default='newest') * @param int $args['numlimit'] (optional) number of items to return (default value based on Search settings, -1 for no limit) * @param int $args['page'] (optional) page number (default=1) * @param array $args['active'] (optional) array of search plugins to search (if empty all plugins are used) * @param array $args['modvar'] (optional) array with extrainfo for search plugins * * @return array array of items array and result count, or false on failure */ public function search($args) { // query string and firstPage params are required if (!isset($args['q']) || empty($args['q']) || !isset($args['firstPage'])) { return LogUtil::registerArgsError(); } $vars = array(); $vars['q'] = $args['q']; $vars['searchtype'] = isset($args['searchtype']) && !empty($args['searchtype']) ? $args['searchtype'] : 'AND'; $vars['searchorder'] = isset($args['searchorder']) && !empty($args['searchorder']) ? $args['searchorder'] : 'newest'; $vars['numlimit'] = isset($args['numlimit']) && !empty($args['numlimit']) ? $args['numlimit'] : $this->getVar('itemsperpage', 25); $vars['page'] = isset($args['page']) && !empty($args['page']) ? (int)$args['page'] : 1; $firstPage = isset($args['firstPage']) ? $args['firstPage'] : false; $active = isset($args['active']) && is_array($args['active']) && !empty($args['active']) ? $args['active'] : array(); $modvar = isset($args['modvar']) && is_array($args['modvar']) && !empty($args['modvar']) ? $args['modvar'] : array(); // work out row index from page number $vars['startnum'] = $vars['numlimit'] > 0 ? (($vars['page'] - 1) * $vars['numlimit']) + 1 : 1; // Load database stuff ModUtil::dbInfoLoad('Search'); $dbtable = DBUtil::getTables(); $userId = (int)UserUtil::getVar('uid'); $searchTable = $dbtable['search_result']; $searchColumn = $dbtable['search_result_column']; // Create restriction on result table (so user only sees own results) $userResultWhere = "$searchColumn[session] = '" . session_id() . "'"; // Do all the heavy database stuff on the first page only if ($firstPage) { // Clear current search result for current user - before showing the first page // Clear also older searches from other users. $dbDriverName = strtolower(Doctrine_Manager::getInstance()->getCurrentConnection()->getDriverName()); $where = $userResultWhere; if ($dbDriverName == 'pgsql') { $where .= " OR $searchColumn[found] + INTERVAL '8 HOUR' < NOW()"; } else { $where .= " OR DATE_ADD($searchColumn[found], INTERVAL 8 HOUR) < NOW()"; } DBUtil::deleteWhere('search_result', $where); // get all the search plugins $search_modules = ModUtil::apiFunc('Search', 'user', 'getallplugins'); // Ask active modules to find their items and put them into $searchTable for the current user // At the same time convert modules list from numeric index to modname index $searchModulesByName = array(); foreach ($search_modules as $mod) { // check we've a valid search plugin if (isset($mod['functions']) && (empty($active) || isset($active[$mod['title']]))) { foreach ($mod['functions'] as $contenttype => $function) { if (isset($modvar[$mod['title']])) { $param = array_merge($vars, $modvar[$mod['title']]); } else { $param = $vars; } $searchModulesByName[$mod['name']] = $mod; $ok = ModUtil::apiFunc($mod['title'], 'search', $function, $param); if (!$ok) { LogUtil::registerError($this->__f('Error! \'%1$s\' module returned false in search function \'%2$s\'.', array($mod['title'], $function))); return System::redirect(ModUtil::url('Search', 'user', 'main')); } } } } // Count number of found results $resultCount = DBUtil::selectObjectCount('search_result', $userResultWhere); SessionUtil::setVar('searchResultCount', $resultCount); SessionUtil::setVar('searchModulesByName', $searchModulesByName); } else { $resultCount = SessionUtil::getVar('searchResultCount'); $searchModulesByName = SessionUtil::getVar('searchModulesByName'); } // Fetch search result - do sorting and paging in database // Figure out what to sort by switch ($args['searchorder']) { case 'alphabetical': $sort = 'title'; break; case 'oldest': $sort = 'created'; break; case 'newest': $sort = 'created DESC'; break; default: $sort = 'title'; break; } // Get next N results from the current user's result set // The "checker" object is used to: // 1) do secondary access control (deprecated more or less) // 2) let the modules add "url" to the found (and viewed) items $checker = new search_result_checker($searchModulesByName); $sqlResult = DBUtil::selectObjectArrayFilter('search_result', $userResultWhere, $sort, $vars['startnum'] - 1, $vars['numlimit'], '', $checker, null); // add displayname of modules found $cnt = count($sqlResult); for ($i = 0; $i < $cnt; $i++) { $modinfo = ModUtil::getInfoFromName($sqlResult[$i]['module']); $sqlResult[$i]['displayname'] = $modinfo['displayname']; } $result = array( 'resultCount' => $resultCount, 'sqlResult' => $sqlResult ); return $result; }
/** * view a page * * @param int pid Page ID * @param string name URL name, alternative for pid * @param bool preview Display preview * @param bool editmode Flag for enabling/disabling edit mode * * @return Renderer output */ public function view($args) { $pageId = isset($args['pid']) ? $args['pid'] : FormUtil::getPassedValue('pid'); $versionId = isset($args['vid']) ? $args['vid'] : FormUtil::getPassedValue('vid'); $urlname = isset($args['name']) ? $args['name'] : FormUtil::getPassedValue('name'); $preview = isset($args['preview']) ? $args['preview'] : FormUtil::getPassedValue('preview'); $editmode = isset($args['editmode']) ? $args['editmode'] : FormUtil::getPassedValue('editmode', null, 'GET'); if ($pageId === null && !empty($urlname)) { $pageId = ModUtil::apiFunc('Content', 'Page', 'solveURLPath', compact('urlname')); System::queryStringSetVar('pid', $pageId); } if ((bool) $this->getVar('inheritPermissions', false) === true) { $this->throwForbiddenUnless(ModUtil::apiFunc('Content', 'page', 'checkPermissionForPageInheritance', array('pageId' => $pageId, 'level' => ACCESS_READ)), LogUtil::getErrorMsgPermission()); } else { $this->throwForbiddenUnless(SecurityUtil::checkPermission('Content:page:', $pageId . '::', ACCESS_READ), LogUtil::getErrorMsgPermission()); } $versionHtml = ''; $hasEditAccess = false; if ((bool) $this->getVar('inheritPermissions', false) === true) { $hasEditAccess = ModUtil::apiFunc('Content', 'page', 'checkPermissionForPageInheritance', array('pageId' => $pageId, 'level' => ACCESS_EDIT)); } else { $hasEditAccess = SecurityUtil::checkPermission('Content:page:', $pageId . '::', ACCESS_EDIT); } if ($versionId !== null && $hasEditAccess) { $preview = true; $version = ModUtil::apiFunc('Content', 'History', 'getPageVersion', array('id' => $versionId, 'preview' => $preview, 'includeContent' => true)); $versionData =& $version['data']; $page =& $versionData['page']; $pageId = $page['id']; $action = ModUtil::apiFunc('Content', 'History', 'contentHistoryActionTranslate', $version['action']); $translatable = array('revisionNo' => $version['revisionNo'], 'date' => $version['date'], 'action' => $action, 'userName' => $version['userName'], 'ipno' => $version['ipno']); $iconSrc = 'images/icons/extrasmall/clock.png'; $versionHtml = "<p class=\"content-versionpreview\"><img alt=\"\" src=\"{$iconSrc}\"/> " . $this->__f('Version #%1$s - %2$s - %3$s by %4$s from %5$s', $translatable) . "</p>"; } // now get the page up for display if ($pageId !== null && $versionId === null) { $page = ModUtil::apiFunc('Content', 'Page', 'getPage', array('id' => $pageId, 'preview' => $preview, 'includeContent' => true, 'filter' => array('checkActive' => !($preview && $hasEditAccess)))); } else { if ($versionId === null) { return LogUtil::registerArgsError(); } } if ($page === false) { return false; } if ($editmode !== null) { SessionUtil::setVar('ContentEditMode', $editmode); } else { $editmode = SessionUtil::getVar('ContentEditMode', null); } if ($editmode) { $this->view->setCaching(false); } $this->view->setCacheId("{$pageId}|{$versionId}"); if ($this->view->is_cached('user/page.tpl')) { return $this->view->fetch('user/page.tpl'); } // Register a page variable breadcrumbs with the Content page hierarchy as array of array(url, title) if ((bool) $this->getVar('registerBreadcrumbs', false) === true) { // first include self, then loop over parents until root is reached $breadcrumbs[] = array('url' => ModUtil::url('Content', 'user', 'view', array('pid' => $page['id'])), 'title' => $page['title']); $loopPageid = $page['parentPageId']; while ($loopPageid > 0) { $loopPage = ModUtil::apiFunc('Content', 'Page', 'getPage', array('id' => $loopPageid, 'includeContent' => false, 'includeLayout' => false, 'translate' => $this->translateTitles)); array_unshift($breadcrumbs, array('url' => ModUtil::url('Content', 'user', 'view', array('pid' => $loopPage['id'])), 'title' => $loopPage['title'])); $loopPageid = $loopPage['parentPageId']; } PageUtil::registerVar('breadcrumbs', false, $breadcrumbs); } $multilingual = ModUtil::getVar(ModUtil::CONFIG_MODULE, 'multilingual'); if ($page['language'] == ZLanguage::getLanguageCode()) { $multilingual = false; } // override the PageVar title if configued in the settings if ($this->getVar('overrideTitle')) { $pageTitle = html_entity_decode($page['title']); PageUtil::setVar('title', $preview ? $this->__("Preview") . ' - ' . $pageTitle : $pageTitle); } $this->view->assign('page', $page); $this->view->assign('preview', $preview); $this->view->assign('editmode', $editmode); $this->view->assign('multilingual', $multilingual); $this->view->assign('enableVersioning', $this->getVar('enableVersioning')); // add layout type and column count as page variables to the template // columncount can be used via plugin contentcolumncount, since it holds regular expressions that slow down $this->view->assign('contentLayoutType', $page['layout']); // add access parameters Content_Util::contentAddAccess($this->view, $pageId); // exclude writers from statistics if (!$hasEditAccess && !$preview && !$editmode && $this->getVar('countViews')) { // Check against session to see if user was already counted if (!SessionUtil::getVar("ContentRead" . $pageId)) { SessionUtil::setVar("ContentRead" . $pageId, $pageId); DBUtil::incrementObjectFieldByID('content_page', 'views', $pageId); } } return $versionHtml . $this->view->fetch('user/page.tpl'); }
/** * Get the data from the session. * * @param string $key The access key of the object (optional) (default=null, reverts to $this->_objPath). * @param mixed $default The default value to return (optional) (default=null). * @param string $path The session object input path. * @param boolean $autocreate The autocreate passed to SessionUtil::setVar. * @param boolean $overwriteExistingVar The overwriteExistingVar variable passed to SessionUtil::setVar. * * @return mixed The requested object/value. */ public function getDataFromSession($key = null, $default = null, $path = '', $autocreate = true, $overwriteExistingVar = false) { if (!$key) { $key = $this->_objPath; } if (!$path) { $path = $this->_objSessionPath; } $obj = SessionUtil::getVar($key, $default, $path, $autocreate, $overwriteExistingVar); if ($obj && is_array($obj)) { $this->_objData = $obj; $this->getDataFromSessionPostProcess(); return $this->_objData; } return $default; }
/** * View items in slideshow */ function mediashare_user_slideshow($args) { $albumId = mediashareGetIntUrl('aid', $args, 1); $mediaId = mediashareGetIntUrl('mid', $args, 0); $delay = mediashareGetIntUrl('delay', $args, 5); $mode = mediashareGetStringUrl('mode', $args, 'stopped'); $viewkey = FormUtil::getPassedValue('viewkey'); $center = isset($args['center']) ? '_center' : ''; $back = mediashareGetIntUrl('back', $args, 0); // Check access to album (media ID won't do a difference if not from this album) if (!mediashareAccessAlbum($albumId, mediashareAccessRequirementViewSomething)) { return LogUtil::registerPermissionError(); } // Fetch current album if (!($album = pnModAPIFunc('mediashare', 'user', 'getAlbum', array('albumId' => $albumId)))) { return false; } if ($album === true) { return LogUtil::registerError(__('Unknown album.', $dom)); } // Fetch media items if (($items = pnModAPIFunc('mediashare', 'user', 'getMediaItems', array('albumId' => $albumId))) === false) { return false; } // Find current, previous and next items if ($mediaId == 0 && count($items) > 0) { $mediaId = $items[0]['id']; } $mediaItem = null; if (count($items) > 0) { $prevMediaId = $items[count($items) - 1]['id']; $nextMediaId = $items[0]['id']; foreach ($items as $item) { if ($mediaItem != null) { // Media-Current item found, so this must be next $nextMediaId = $item['id']; break; } if ($item['id'] == $mediaId) { $mediaItem = $item; } else { // Media-item not found, so this must become prev $prevMediaId = $item['id']; } } } else { $prevMediaId = -1; $nextMediaId = -1; } // Add media display HTML $mediadir = pnModAPIFunc('mediashare', 'user', 'getRelativeMediadir'); for ($i = 0, $cou = count($items); $i < $cou; ++$i) { if (!($handler = pnModAPIFunc('mediashare', 'mediahandler', 'loadHandler', array('handlerName' => $items[$i]['mediaHandler'])))) { return false; } $result = $handler->getMediaDisplayHtml($mediadir . $items[$i]['originalRef'], null, null, 'mediaItem', array()); $items[$i]['html'] = str_replace(array("\r", "\n"), array(' ', ' '), $result); } $viewUrl = pnModUrl('mediashare', 'user', 'slideshow', array('mid' => $mediaItem['id'])); if ($back) { SessionUtil::setVar('mediashareQuitUrl', isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : null); } $quitUrl = SessionUtil::getVar('mediashareQuitUrl'); if ($quitUrl == null) { $quitUrl = pnModUrl('mediashare', 'user', 'view', array('aid' => $album['id'])); } // Build the output $render =& pnRender::getInstance('mediashare', false); $render->assign('viewUrl', $viewUrl); $render->assign('mediaId', $mediaId); $render->assign('mediaItem', $mediaItem); $render->assign('prevMediaId', $prevMediaId); $render->assign('nextMediaId', $nextMediaId); $render->assign('mediaItems', $items); $render->assign('album', $album); $render->assign('albumId', $albumId); $render->assign('delay', $delay); $render->assign('mode', $mode); $render->assign('thumbnailSize', pnModGetVar('mediashare', 'thumbnailSize')); $render->assign('theme', pnUserGetTheme()); $render->assign('templateName', "slideshow{$center}.html"); $render->assign('quitUrl', $quitUrl); // Add the access array if (!mediashareAddAccess($render, $album)) { return false; } $render->load_filter('output', 'pagevars_notcombined'); if (pnConfigGetVar('shorturls')) { $render->load_filter('output', 'shorturls'); } $render->display('mediashare_user_slideshow.html'); return true; }
/** * Get text displayed after actual content. * @return string Displayed text */ public function displayEnd() { $html = ''; if ($this->addedStyle) { $html = '</div>'; // check for edit mode on and clear the floating elements in that case if (SessionUtil::getVar('ContentEditMode')) { $html .= '<div style="clear: both"></div>'; } } return $html; }
/** * Add core data to the template. * * This function adds some basic data to the template depending on the * current user and the Zikula settings. There is no need to call this as it's * invoked automatically on instanciation. * * In legacy mode 'coredata' will contain the module vars, but not when disabled. * This is just for BC legacy - to access module vars there is a 'modvars' property * assigned to all templates. * * @return Zikula_View */ public function add_core_data() { if (!isset($this->serviceManager['zikula_view.coredata'])) { $this->serviceManager['zikula_view.coredata'] = new ArrayObject(array()); } $core = $this->serviceManager['zikula_view.coredata']; $core['version_num'] = Zikula_Core::VERSION_NUM; $core['version_id'] = Zikula_Core::VERSION_ID; $core['version_sub'] = Zikula_Core::VERSION_SUB; $core['logged_in'] = UserUtil::isLoggedIn(); $core['language'] = $this->language; // add userdata $core['user'] = UserUtil::getVars(SessionUtil::getVar('uid')); if (System::isLegacyMode()) { // add modvars of current modules foreach ($this->module as $module => $dummy) { if (!empty($module)) { $core[$module] = ModUtil::getVar($module); } } // add mod vars of all modules supplied as parameter $modulenames = func_get_args(); foreach ($modulenames as $modulename) { // if the modulename is empty do nothing if (!empty($modulename) && !is_array($modulename) && !array_key_exists($modulename, $this->module)) { // check if user wants to have config if ($modulename == ModUtil::CONFIG_MODULE) { $ZConfig = ModUtil::getVar(ModUtil::CONFIG_MODULE); foreach ($ZConfig as $key => $value) { // gather all config vars $core['ZConfig'][$key] = $value; } } else { $core[$modulename] = ModUtil::getVar($modulename); } } } $this->assign('pncore', $core); } // Module vars parent::assign('coredata', $core); return $this; }