public static function kickout_non_admin($url = 'index.php')
{
self::create_user();
if ($_SESSION[Config::$sitename]['user']['logged_in'] == false || $_SESSION[Config::$sitename]['user']['is_admin'] == false) {
URL::redirect($url);
}
}
public function internalAction()
{
$this->_view->_title = 'Internal Group Management';
if (isset($_GET['team']) && trim($_GET['team']) != '') {
if (isset($_POST['group_form']) && !empty($_POST['group_form'])) {
$this->_view->colUser = $this->_model->listTeamUser($_GET['team'], $_POST['group_form']);
} else {
if (!isset($_GET['date_from']) && !isset($_GET['date_to'])) {
$arrayDefault = array('date_from' => date("d/m/Y"), 'date_to' => date("d/m/Y"));
$this->_view->colUser = $this->_model->listTeamUser($_GET['team'], $arrayDefault);
$this->_view->duration = $this->_model->getDuration('2', $arrayDefault, 'standard_duration');
$this->_view->chart = $this->_model->createChart($_GET['team'], $arrayDefault);
} else {
if (isset($_GET['date_from']) && isset($_GET['date_to'])) {
$arrayDate = array('date_from' => $_GET['date_from'], 'date_to' => $_GET['date_to']);
$this->_view->colUser = $this->_model->listTeamUser($_GET['team'], $arrayDate);
$this->_view->duration = $this->_model->getDuration('2', $arrayDate, 'standard_duration');
$this->_view->chart = $this->_model->createChart($_GET['team'], $arrayDate);
} else {
$this->_view->colUser = $this->_model->listTeamUser($_GET['team']);
}
}
}
} else {
URL::redirect(URL::createLink('default', 'index', 'index'));
}
// CREATE CHART
if (isset($_POST['group_form'])) {
$this->_view->duration = $this->_model->getDuration('2', $_POST['group_form'], 'standard_duration');
$this->_view->chart = $this->_model->createChart($_GET['team'], $_POST['group_form']);
}
$this->_view->render('group/internal');
}
public function loginAction()
{
$userInfo = Session::get('user');
if ($userInfo['login'] == true && $userInfo['time'] + TIME_LOGIN >= time()) {
URL::redirect('default', 'user', 'index');
}
$this->_view->_title = 'Login';
if (@$this->_arrParam['form']['token'] > 0) {
$validate = new Validate($this->_arrParam['form']);
$email = $this->_arrParam['form']['email'];
$password = md5($this->_arrParam['form']['password']);
$query = "SELECT `id` FROM `user` WHERE `email` = '{$email}' AND `password` = '{$password}'";
$validate->addRule('email', 'existRecord', array('database' => $this->_model, 'query' => $query));
$validate->run();
if ($validate->isValid() == true) {
$infoUser = $this->_model->infoItem($this->_arrParam);
$arraySession = array('login' => true, 'info' => $infoUser, 'time' => time(), 'group_acp' => $infoUser['group_acp']);
Session::set('user', $arraySession);
URL::redirect('default', 'user', 'index');
} else {
$this->_view->errors = $validate->showErrorsPublic();
}
}
$this->_view->render('index/login');
}
public function short_url__redirect()
{
$shortcode = Request::get('shortcode');
$url = $this->core->expand($shortcode);
if ($url != NULL) {
URL::redirect($url);
}
}
public static function checkRefreshPage($value, $module, $controller, $action, $params = null)
{
if (Session::get('token') == $value) {
Session::delete('token');
URL::redirect($module, $controller, $action);
} else {
Session::set('token', $value);
}
}
public function deleteAction()
{
$permission = isset($_SESSION['user']) && $_SESSION['user']['info']['admin_control'] == true ? true : false;
if ($permission == true) {
$this->_view->_title = 'Delete | User';
$this->_view->message = '';
if (isset($_GET['id'])) {
$this->_view->message = $this->_model->processDelete($_GET['id']);
}
$this->_view->render('user/delete', true);
} else {
URL::redirect(URL::createLink('default', 'error', 'index', array('type' => 'not-url')));
}
}
public function editAction()
{
$permission = isset($_SESSION['user']) && $_SESSION['user']['info']['admin_control'] == true ? true : false;
if ($permission == true) {
$this->_view->_title = 'Edit | Team';
if (isset($_GET['id'])) {
$this->_view->_arrayTeam = $this->_model->arrayEdit($_GET['id']);
}
if (isset($_POST['editTeam']) && isset($_GET['id'])) {
$this->_view->_result = $this->_model->processEdit($_POST['editTeam'], $_GET['id']);
URL::redirect(URL::createLink('default', 'team', 'edit', array('id' => $_GET['id'])));
}
$this->_view->render('team/edit', true);
} else {
URL::redirect(URL::createLink('default', 'error', 'index', array('type' => 'not-url')));
}
}
private function callMethod()
{
$actionName = $this->_params['action'] . 'Action';
if (method_exists($this->_controllerObject, $actionName) == true) {
$module = $this->_params['module'];
$controller = $this->_params['controller'];
$action = $this->_params['action'];
$requestURL = $module . "-" . $controller . "-" . $action;
$userInfo = Session::get('user');
$logged = $userInfo['login'] == true && $userInfo['time'] + TIME_LOGIN >= time();
// MODULE ADMIN
if ($module == 'admin') {
if ($logged == true) {
if ($userInfo['group_acp'] == 1) {
//if(in_array($requestURL, $userInfo['info']['privilege'])==true){
$this->_controllerObject->{$actionName}();
//}else{
// URL::redirect('default', 'index', 'notice', array('type' => 'not-permission'));
//}
} else {
URL::redirect('default', 'index', 'notice', array('type' => 'not-permission'));
}
} else {
$this->callLoginAction($module);
}
// MODULE DEFAULT
} else {
if ($module == 'default') {
if ($controller == 'user') {
if ($logged == true) {
$this->_controllerObject->{$actionName}();
} else {
$this->callLoginAction($module);
}
} else {
$this->_controllerObject->{$actionName}();
}
}
}
//$this->_controllerObject->$actionName();
} else {
//$this->_error();
URL::redirect('default', 'index', 'notice', array('type' => 'not-url'));
}
}
public function require_password()
{
$password_list = trim($this->fetchParam('allowed', '', null, false, false));
$passwords = explode('|', $password_list);
$password_url = $this->fetch('password_url', null, null, false, false);
$no_access_url = $this->fetch('no_access_url', '/', null, false, false);
$return_variable = $this->fetch('return_variable', 'return', null, false, false);
// no passwords set? this is OK
if (!$password_list) {
return;
}
// determine form URL
$form_url = Helper::pick($password_url, $no_access_url);
if (!$this->tasks->hasPassword(URL::getCurrent(), $passwords)) {
URL::redirect(URL::appendGetVariable($form_url, $return_variable, URL::getCurrent()), 302);
exit;
}
}
public function orderAction()
{
$cart = Session::get('cart');
$bookID = $this->_arrParam['book_id'];
$price = $this->_arrParam['price'];
if (empty($cart)) {
$cart['quantity'][$bookID] = 1;
$cart['price'][$bookID] = $price;
} else {
if (array_key_exists($bookID, $cart['quantity'])) {
$cart['quantity'][$bookID] += 1;
$cart['price'][$bookID] = $price * $cart['quantity'][$bookID];
} else {
$cart['quantity'][$bookID] = 1;
$cart['price'][$bookID] = $price;
}
}
Session::set('cart', $cart);
URL::redirect('default', 'book', 'detail', array('book_id' => $bookID));
}
public function protect__password()
{
// grab values
$token = filter_input(INPUT_POST, 'token', FILTER_SANITIZE_STRING);
$return = filter_input(INPUT_POST, 'return', FILTER_SANITIZE_STRING);
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
$referrer = $_SERVER['HTTP_REFERER'];
// validate token
if (!$this->tokens->validate($token)) {
$this->flash->set('error', 'Invalid token passed, please try again.');
URL::redirect($referrer);
}
// check password matches a password from return text
if (!$this->tasks->isValidPassword($return, $password)) {
$this->flash->set('error', 'Incorrect password.');
URL::redirect($referrer);
}
// store this password in the session
$this->tasks->addPassword($return, $password);
// redirect to the URL
URL::redirect($return);
}
private function callMethod()
{
$actionName = $this->_params['action'] . 'Action';
if (method_exists($this->_controllerObject, $actionName) == true) {
$module = $this->_params['module'];
$controller = $this->_params['controller'];
$action = $this->_params['action'];
$requestURL = $module . "-" . $controller . "-" . $action;
$userInfo = Session::get('user');
$logged = $userInfo['login'] == true && $userInfo['time'] + TIME_LOGIN >= time();
// MODULE ADMIN
if ($logged == true) {
$this->_controllerObject->{$actionName}();
} else {
$this->callLoginAction();
}
//$this->_controllerObject->$actionName();
} else {
//$this->_error();
URL::redirect(URL::createLink('default', 'error', 'index', array('type' => 'not-url')));
}
}
public function indexAction()
{
$this->_view->_title = 'Personal Management';
$totalItems = $this->_model->countItem($this->_arrParam, null);
$configPagination = array('totalItemsPerPage' => 5, 'pageRange' => 2);
$this->setPagination($configPagination);
$this->_view->pagination = new Pagination($totalItems, $this->_pagination);
//$this->_view->Items = $this->_model->listItems($this->_arrParam, null);
// Process Maintenance Data
//$this->_view->arrayMaintenance = $this->_model->processMaintenance();
// Process Newton Data
//$this->_view->arrayNewtonDetail = $this->_model->processNewtonDetail();
//$this->_view->arrayNewton = $this->_model->processNewton();
// Process Newcoding Detail
//$this->_view->arrayNewCodingDetail = $this->_model->processNewCodingDetail();
//$this->_view->arrayNewCoding = $this->_model->processNewCoding();
// Process Domestic Data
//$this->_view->arrayDomestic = $this->_model->processDomestic();
// Process FC Data
//$this->_view->arrayFcDetail = $this->_model->processFcDetail();
//$this->_view->arrayFc = $this->_model->processFc();
// Process Other
//$this->_view->arrayOther = $this->_model->processOther();
// Process Research
//$this->_view->arrayResearch = $this->_model->processResearch();
// Process Worktime
//$this->_view->arrayWorktime = $this->_model->processWorkTime();
$this->_model->importMaintenance();
$this->_model->importNewton();
$this->_model->importDomestic();
$this->_model->importFC();
$this->_model->importOther();
$this->_model->importResearch();
$this->_model->importNewCoding();
$this->_model->importWorkTime();
URL::redirect(URL::createLink('default', 'index', 'index'));
$this->_view->render('import/index', true);
}
function show()
{
$cols = $this->cols();
$rows = $this->rows();
$table = $this->table();
$link = $this->link();
echo '<form action="#" method="get">';
echo '<span>';
foreach ($_GET as $key => $value) {
echo '<input type="hidden" name="' . $key . '" value="' . $value . '"/>';
}
echo '</span>';
echo '<table cellspacing="0" cellpadding="0" class="db">';
$order = isset($_GET['orderby']) ? $_GET['orderby'] : 'bug_id DESC';
echo '<tr class="header">';
foreach ($cols as $name => $column) {
if ($column['title'] == "") {
$title = humantitle($name);
} else {
$title = $column['title'];
}
echo '<th>';
$by = $order == $name ? $name . ' DESC' : $name;
echo '<a href="' . URL::redirect('#', array('orderby' => $by)) . '" class="header">';
echo '<div class="full">' . $title . '</div>';
echo '</a>';
echo '</th>';
}
echo '</tr>';
echo '<tr class="filter">';
foreach ($cols as $name => $cfg) {
echo '<td>';
switch ($cfg['filter']) {
case 'search':
echo '<input type="text" name="filter_' . $name . '" class="full" />';
echo '<span><input type="hidden" name="f_' . $name . '_type" value="search" /></span>';
break;
case 'submit':
echo '<input class="full" type="submit" value="Filter" />';
break;
default:
case 'select':
echo '<select name="filter_' . $name . '" class="full">';
echo '<option value="">No Filter</option>';
$query = "SELECT DISTINCT {$name} FROM {$table} ORDER BY {$name}";
$result = mysql_query($query) or die('MySQL Error: ' . mysql_error());
while ($row = mysql_fetch_array($result)) {
echo '<option value="' . $row[$name] . '"' . ($_GET['filter_' . $name] == $row[$name] ? ' selected="selected"' : '') . '>' . $this->rename($name, $row[$name]) . '</option>';
}
echo '</select>';
break;
}
echo '</td>';
}
echo '</tr>';
for ($i = 0; $i < count($rows); $i++) {
echo '<tr class="row r_' . $x++ % 2 . '">';
foreach ($rows[$i] as $name => $value) {
$value = $this->rename($name, $value);
if ($_GET['f_' . $name . '_type'] == 'search') {
$value = str_replace($_GET['filter_' . $name], '<span class="found">' . $_GET['filter_' . $name] . '</span>', $value);
}
echo '<td class="row"';
if ($cols[$name]['css'] != "") {
echo ' style="' . $cols[$name]['css'] . '"';
}
echo '><a class="normal" href="?show=' . $link . '&id=' . $rows[$i][$this->idcol] . '"><div class="full">' . $value . '</div></a></td>';
}
echo '</tr>';
}
echo '<tr class="footer"><td colspan="' . count($cols) . '">';
$this->pager->display();
echo '</td></tr>';
echo '</table>';
echo '</form>';
}
public function member__reset_password()
{
$site_root = Config::getSiteRoot();
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
$password_confirm = filter_input(INPUT_POST, 'password_confirmation', FILTER_SANITIZE_STRING);
$token = filter_input(INPUT_POST, 'token', FILTER_SANITIZE_STRING);
$hash = filter_input(INPUT_POST, 'hash', FILTER_SANITIZE_STRING);
$referrer = $_SERVER['HTTP_REFERER'];
// validate form token
if (!$this->tokens->validate($token)) {
$this->flash->set('reset_password_error', 'Invalid token.');
URL::redirect($referrer);
}
// bail if cache doesnt exist or if its too old.
// this should have been caught on the page itself,
// but if it got submitted somehow, just redirect and the error logic will be in the plugin.
if (!$this->cache->exists($hash) || $this->cache->getAge($hash) > $this->fetchConfig('reset_password_age_limit', 20, 'is_numeric') * 60) {
URL::redirect($referrer);
}
// password check
if (is_null($password) || $password == '') {
$this->flash->set('reset_password_error', 'Password cannot be blank.');
URL::redirect($referrer);
}
// password confirmation check
if (!is_null($password_confirm) && $password !== $password_confirm) {
$this->flash->set('reset_password_error', 'Passwords did not match.');
URL::redirect($referrer);
}
// get username
$cache = $this->cache->getYAML($hash);
$username = $cache['username'];
// change password
$member = Member::load($username);
$member->set('password', $password);
$member->save();
// delete used cache
$this->cache->delete($hash);
// redirect
URL::redirect(array_get($cache, 'return', $this->fetchConfig('member_home', $site_root, null, false, false)));
}
public function logout()
{
URL::redirect($this->logout_url());
}
public function reset_password_form()
{
$data = array();
$errors = array();
// parse parameters and vars
$attr_string = '';
$site_root = Config::getSiteRoot();
$logged_in_redirect = $this->fetchParam('logged_in_redirect', $this->fetchConfig('member_home', $site_root), null, false, false);
$attr = $this->fetchParam('attr', false);
$hash = filter_input(INPUT_GET, 'H', FILTER_SANITIZE_URL);
// is user already logged in? forward as needed
if (Auth::isLoggedIn()) {
URL::redirect($logged_in_redirect, 302);
}
// no hash in URL?
if (!$hash) {
$errors[] = Localization::fetch('reset_password_url_invalid');
$data['url_invalid'] = true;
}
if (count($errors) == 0) {
// cache file doesn't exist or is too old
if (!$this->cache->exists($hash) || $this->cache->getAge($hash) > $this->fetchConfig('reset_password_age_limit') * 60) {
$errors[] = Localization::fetch('reset_password_url_expired');
$data['expired'] = true;
}
// flash errors
if ($flash_error = $this->flash->get('reset_password_error')) {
$errors[] = $flash_error;
}
}
// set up attributes
if ($attr) {
$attributes_array = Helper::explodeOptions($attr, true);
foreach ($attributes_array as $key => $value) {
$attr_string .= ' ' . $key . '="' . $value . '"';
}
}
// errors
$data['errors'] = $errors;
// set up form HTML
$html = '<form method="post" action="' . Path::tidy($site_root . "/TRIGGER/member/reset_password") . '" ' . $attr_string . '>';
$html .= '<input type="hidden" name="token" value="' . $this->tokens->create() . '">';
$html .= '<input type="hidden" name="hash" value="' . $hash . '">';
$html .= Parse::template($this->content, $data);
$html .= '</form>';
// return that HTML
return $html;
}
<?php
# new_task.php
# 1. logic
$project = new Project();
$project->load(['slug' => Route::param('slug')]);
if (Input::posted()) {
$task = new Task();
$task->fill(Input::all());
$task->user_id = Auth::user_id();
$task->project_id = $project->id;
if (Input::get('name') != "" || Input::get('description') != "") {
$task->save();
}
}
URL::redirect('/' . $project->slug);
private function loginmember($visitor_ip)
{
global $db, $prefix, $user_prefix, $sec_code, $CPG_SESS;
$username = Fix_Quotes($_POST['ulogin']);
$result = $db->sql_query('SELECT user_id, username, user_password, user_level, theme FROM ' . $user_prefix . "_users WHERE username='******' AND user_id>1");
if ($db->sql_numrows($result) < 1) {
URL::redirect(URL::index('Your_Account&error=1&uname=' . urlencode(base64_encode($username))), true);
}
$setinfo = $db->sql_fetchrow($result, SQL_ASSOC);
if ($setinfo['user_password'] != '' && $setinfo['user_level'] > 0) {
$pass = md5($_POST['user_password']);
if ($setinfo['user_password'] != $pass) {
URL::redirect(URL::index('Your_Account&error=2'), true);
}
if ($sec_code & 2) {
$gfxid = isset($_POST['gfxid']) ? $_POST['gfxid'] : 0;
$code = $CPG_SESS['gfx'][$gfxid];
$gfx_check = isset($_POST['gfx_check']) ? $_POST['gfx_check'] : '';
if (strlen($gfx_check) < 2 || $code != $gfx_check) {
URL::redirect(URL::index('Your_Account&error=2'), true);
}
}
$db->sql_query('DELETE FROM ' . $prefix . "_session WHERE host_addr={$visitor_ip} AND guest=1");
unset($CPG_SESS['session_start']);
$CPG_SESS['theme'] = $setinfo['theme'];
return $this->setmemcookie($setinfo['user_id'], $pass, false);
} else {
if ($setinfo['user_level'] == 0) {
URL::redirect(URL::index('Your_Account&profile=' . $setinfo['user_id']));
} else {
if ($setinfo['user_level'] == -1) {
URL::redirect(URL::index('Your_Account&profile=' . $setinfo['user_id']));
}
}
URL::redirect(URL::index('Your_Account&error=2'), true);
}
}
| http://www.dragonflycms.com |
| Dragonfly is released under the terms and conditions of the GNU |
| GPL version 2 or any later version |
+-------------------------------------------------------------------+
*/
if (!defined('ADMIN_PAGES')) {
exit;
}
if (!can_admin('referers')) {
die('Access Denied');
}
$pagetitle .= ' ' . _BC_DELIM . ' ' . _HTTPREFERERS;
global $bgcolor3, $db, $prefix;
if (isset($_GET['del']) && $_GET['del'] == 'all') {
$db->sql_query('DELETE FROM ' . $prefix . '_referer');
URL::redirect(URL::admin());
} else {
require_once 'header.php';
GraphicAdmin('_AMENU6');
$result = $db->sql_query('SELECT url FROM ' . $prefix . '_referer');
$bgcolor = '';
if ($db->sql_numrows($result) > 0) {
$cpgtpl->assign_vars(array('U_DELREFERERS' => URL::admin('&del=all')));
while (list($url) = $db->sql_fetchrow($result)) {
$bgcolor = $bgcolor == '' ? ' style="background: ' . $bgcolor3 . '"' : '';
$cpgtpl->assign_block_vars('referer', array('URL' => $url, 'CLR' => $bgcolor));
}
$cpgtpl->set_filenames(array('body' => 'admin/referers.html'));
$cpgtpl->display('body');
$cpgtpl->__destruct();
} else {
$db->sql_query("UPDATE " . $dl_prefix . "_screenshots \n\t\t\t\tSET did={$next_id} \n\t\t\t\tWHERE did={$mng_id}");
if (can_admin($module_name)) {
$time = time();
$time_year = generate_date($time, 'Y');
$time_month = generate_date($time, 'm');
$db->sql_query("INSERT INTO " . $dl_prefix . "_stats \n\t\t\t\t(id, year, month, hits, views) \n\t\t\t\tVALUES \n\t\t\t\t('{$next_id}', '{$time_year}', '{$time_month}', 0, 0)");
}
if ($fields['version']) {
$db->sql_query("INSERT INTO " . $dl_prefix . "_history \n\t\t\t\t(id, vers, author, date, comment) \n\t\t\t\tVALUES \n\t\t\t\t({$next_id}, '{$fields['version']}', '{$fields['submitter']}', " . time() . ", 'Initial Version')");
}
if (!can_admin($module_name)) {
$d_queue = $db->sql_count($dl_prefix . '_downloads', "lid!='{$next_id}' AND active=2");
cpg_error('Your download has been queued for review by an administrator<br /><br />At this time, we have <strong>' . $d_queue . '</strong> other downloads awaiting approval', _TB_INFO, URL::index('&file=manage&s=1', true, true));
}
DL_Cat::count_dl();
URL::redirect(URL::index('&file=details&id=' . $next_id));
}
}
}
$cats = array();
DL_Cat::list_all($cats);
if (count($cats) < 1) {
cpg_error('There are no categories in which you can add a download');
}
if (can_admin($module_name) || $dl_config['user_catparent']) {
$selects = DL_Cat::selectbox($in['cat'], 'in[cat]', false);
} else {
$selects = '<select class="set" name="in[cat]" id="in[cat]">
<option selected="selected" label="none" value="none">select a category</option>';
foreach ($cats as $cat) {
if ($cat['level'] == 1) {
**********************************************/
if (!defined('CPG_NUKE')) {
exit;
}
global $textcolor1, $textcolor2;
if (isset($_GET['sid'])) {
$sid = intval($_GET['sid']);
} else {
URL::redirect(URL::index());
}
$result = $db->sql_query('SELECT s.*, c.title as cattitle, t.topicimage, t.topictext FROM ' . $prefix . '_stories s
LEFT JOIN ' . $prefix . '_stories_cat c ON c.catid=s.catid
LEFT JOIN ' . $prefix . '_topics t ON t.topicid=s.topic
WHERE s.sid=' . $sid);
if ($db->sql_numrows($result) != 1) {
URL::redirect(URL::index());
}
$story = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$db->sql_query('UPDATE ' . $prefix . '_stories
SET counter=counter+1
WHERE sid=' . $sid);
$pagetitle .= _NewsLANG . ' ' . _BC_DELIM . ' ' . $story['title'];
require_once 'includes/nbbcode.php';
$datetime = formatDateTime($story['time'], _DATESTRING);
$hometext = decode_bb_all($story['hometext'], 1, true);
$bodytext = decode_bb_all($story['bodytext'], 1, true);
$notes = decode_bb_all($story['notes'], 1, true);
if ($story['catid'] > 0) {
$story['title'] = '<a href="' . URL::index('&catid=' . $story['catid']) . '"><span class="storycat">' . $story['cattitle'] . '</span></a>: ' . $story['title'];
}
/**
* Edit topic
*
* @param mixed $topic_id
* @param mixed $area_id
*/
public function _topic_edit($topic_id, $area_id = false)
{
$this->history = false;
$errors = array();
$forum_topic = new Forum_Topic_Model((int) $topic_id);
$forum_area = $forum_topic->loaded() ? $forum_topic->forum_area : new Forum_Area_Model((int) $area_id);
if ($forum_topic->loaded()) {
// Editing topic
$editing = true;
if (!$forum_topic->has_access(Forum_Topic_Model::ACCESS_EDIT)) {
url::back('forum');
}
} else {
if ($forum_area->loaded()) {
// New topic
$editing = false;
if (!$forum_area->has_access(Forum_Area_Model::ACCESS_WRITE)) {
url::back('forum');
}
} else {
// New topic in unknown area
$errors[] = __('Area :area or topic :topic not found', array(':area' => (int) $area_id, ':topic' => (int) $topic_id));
}
}
if (empty($errors)) {
$forum_post = new Forum_Post_Model((int) $forum_topic->first_post_id);
$form_errors = array();
$form_values_topic = $forum_topic->as_array();
$form_values_post = $forum_post->as_array();
$form_topics = false;
// Bound area?
if ($forum_area->is_type(Forum_Area_Model::TYPE_BIND)) {
// Get bind config and load topics
$bind = Forum_Area_Model::binds($forum_area->bind);
if ($editing) {
// Can't edit bound topic
$form_topics = array($forum_topic->bind_id => $forum_topic->name);
} else {
// Try to load options from configured model
try {
$bind_topics = ORM::factory($bind['model'])->find_bind_topics($forum_area->bind);
$form_topics = array(0 => __('Choose..')) + $bind_topics;
} catch (Kohana_Exception $e) {
$form_topics = array();
}
}
}
// Admin actions
if ($editing && $forum_topic->has_access(Forum_Topic_Model::ACCESS_DELETE)) {
$this->page_actions[] = array('link' => url::model($forum_topic) . '/delete/?token=' . csrf::token(), 'text' => __('Delete topic'), 'class' => 'topic-delete');
}
// Check post
if ($post = $this->input->post()) {
$post['forum_area_id'] = $forum_area->id;
$topic = $post;
if (isset($bind_topics)) {
$topic['name'] = arr::get($bind_topics, (int) $topic['bind_id'], '');
}
$post_extra = $topic_extra = array('author_id' => $this->user->id, 'author_name' => $this->user->username);
if ($editing) {
$post_extra['modifies'] = (int) $forum_post->modifies + 1;
$post_extra['modified'] = date::unix2sql(time());
}
$post_extra['author_ip'] = $this->input->ip_address();
$post_extra['author_host'] = $this->input->host_name();
// validate post first and save topic if ok
if (csrf::valid() && $forum_post->validate($post, false, $post_extra) && $forum_topic->validate($topic, true, $topic_extra)) {
// post
$forum_post->forum_topic_id = $forum_topic->id;
$forum_post->save();
if (!$editing) {
// topic
$forum_topic->first_post_id = $forum_post->id;
$forum_topic->last_post_id = $forum_post->id;
$forum_topic->last_poster = $this->user->username;
$forum_topic->last_posted = date::unix2sql(time());
$forum_topic->posts = 1;
$forum_topic->save();
// area
$forum_area->last_topic_id = $forum_topic->id;
$forum_area->posts += 1;
$forum_area->topics += 1;
$forum_area->save();
// user
$this->user->posts += 1;
$this->user->save();
// News feed
newsfeeditem_forum::topic($this->user, $forum_topic);
}
// redirect back to topic
URL::redirect(url::model($forum_topic));
} else {
$form_errors = array_merge($post->errors(), is_object($topic) ? $topic->errors() : array());
}
$form_values_topic = arr::overwrite($form_values_topic, is_object($topic) ? $topic->as_array() : $topic);
$form_values_post = arr::overwrite($form_values_post, $post->as_array());
}
}
// Show form
if (empty($errors)) {
$this->breadcrumb[] = html::anchor(url::model($forum_area), text::title($forum_area->name));
$this->page_title = $editing ? text::title($forum_topic->name) : __('New topic');
$this->page_subtitle = __('Area :area', array(':area' => html::anchor(url::model($forum_area), text::title($forum_area->name), array('title' => strip_tags($forum_area->description)))));
widget::add('head', html::script(array('js/jquery.markitup.pack', 'js/markitup.bbcode')));
widget::add('main', View_Mod::factory('forum/topic_edit', array('topic' => $form_values_topic, 'topics' => $form_topics, 'post' => $form_values_post, 'errors' => $form_errors)));
} else {
$this->_error(__('Error'), $errors);
}
$this->_side_views();
}
} else {
list($pos) = $db->sql_ufetchrow("SELECT pos FROM " . $prefix . "_modules_cat \n\t\t\tORDER BY pos DESC", SQL_NUM);
$pos = empty($pos) ? 0 : $pos + 1;
$db->sql_query("INSERT INTO " . $prefix . "_modules_cat (name, image, pos, link, link_type) VALUES ('" . Fix_Quotes($_POST['catname']) . "', '{$_POST['catimage']}', '{$pos}', '{$_POST['catlink']}', '{$_POST['lnktype']}')");
}
URL::redirect(URL::admin('cpgmm'));
} elseif ($mode == 'delcat' && intval($_GET['cid']) > 0) {
$cid = intval($_GET['cid']);
$result = $db->sql_query("SELECT name FROM " . $prefix . "_modules_cat WHERE cid=" . $cid);
if ($db->sql_numrows($result) > 0) {
$cat = $db->sql_fetchrow($result);
if (isset($_GET['ok'])) {
$db->sql_query("UPDATE " . $prefix . "_modules_links SET cat_id=0 WHERE cat_id=" . $cid);
$db->sql_query("UPDATE " . $prefix . "_modules SET cat_id=0 WHERE cat_id=" . $cid);
$db->sql_query("DELETE FROM " . $prefix . "_modules_cat WHERE cid=" . $cid);
URL::redirect(URL::admin('cpgmm'));
}
$cat['name'] = defined($cat['name']) ? constant($cat['name']) : $cat['name'];
$pagetitle .= ' ' . _BC_DELIM . ' Delete Category: ' . $cat['name'];
require 'header.php';
GraphicAdmin('_AMENU1');
OpenTable();
echo '<center>' . sprintf(_ERROR_DELETE_CONF, '<i>' . $cat['name'] . '</i>');
echo '<br /><br />[ <a href="' . URL::admin('cpgmm') . '">' . _NO . '</a> | <a href="' . URL::admin("cpgmm&cid={$cid}&mode=delcat&ok=1") . '">' . _YES . '</a> ]</center>';
CloseTable();
} else {
cpg_error(_CPG_MMNOCAT);
}
} else {
if (Security::check_post() && isset($_POST['updatecpgmm']) && intval($_POST['id']) && intval($_POST['parent']) && intval($_POST['pos'])) {
$cats = -1;
if ($search_id == 'newposts' || $search_id == 'egosearch' || $search_author != '' && $search_keywords == '') {
if ($search_id == 'newposts') {
if (is_user()) {
$sql = "SELECT post_id FROM " . POSTS_TABLE . " WHERE post_time >= " . $userdata['user_lastvisit'];
} else {
URL::redirect(URL::index('Your_Account'), true);
}
$show_results = 'topics';
$sort_by = 0;
$sort_dir = 'DESC';
} else {
if ($search_id == 'egosearch') {
if (is_user()) {
$sql = "SELECT post_id FROM " . POSTS_TABLE . " WHERE poster_id = " . $userdata['user_id'];
} else {
URL::redirect(URL::index('Your_Account'), true);
}
$show_results = 'topics';
$sort_by = 0;
$sort_dir = 'DESC';
} else {
if (preg_match('#^[\\*%]+$#', trim($search_author)) || preg_match('#^[^\\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author)))) {
$search_author = '';
}
$search_author = str_replace('*', '%', trim($search_author));
$sql = "SELECT user_id FROM " . USERS_TABLE . "\n\t\t\t\t\tWHERE username LIKE '" . Fix_Quotes($search_author) . "'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, "Couldn't obtain list of matching users (searching for: {$search_author})", "", __LINE__, __FILE__, $sql);
}
$matching_userids = '';
if ($row = $db->sql_fetchrow($result)) {
public function orderingAction()
{
$this->_model->ordering($this->_arrParam);
URL::redirect('admin', 'user', 'index');
}
<?php
# register.php
# 1. logic
if (Input::posted()) {
$user = new User();
$user->fill(Input::all());
$user->password = password_hash($user->password, PASSWORD_DEFAULT);
$user->save();
Auth::log_in($user->id);
URL::redirect('home');
}
# 2. views
include VIEWS . 'header.php';
include VIEWS . 'register.php';
include VIEWS . 'footer.php';
}
if (!isset($rated)) {
$rated = _THANKSVOTEARTICLE;
$rcookie[] = $sid;
$db->sql_query("UPDATE " . $prefix . "_stories SET score=score+{$score}, ratings=ratings+1 WHERE sid={$sid}");
$info = base64_encode(implode(':', $rcookie));
setcookie('ratecookie', $info, time() + 3600, $MAIN_CFG['cookie']['path']);
}
cpg_error($rated, _ARTICLERATING, URL::index('News&file=article&sid=' . $sid));
} else {
cpg_error(_DIDNTRATE, _ARTICLERATING);
}
}
$sid = isset($_POST['sid']) ? intval($_POST['sid']) : (isset($_GET['sid']) ? intval($_GET['sid']) : 0);
if ((isset($_POST['postreply']) || isset($_POST['preview']) || isset($_GET['reply']) || isset($_GET['comment'])) && (!$MAIN_CFG['global']['articlecomm'] || $db->sql_count($prefix . '_stories', "sid={$sid} AND acomm=0"))) {
URL::redirect(URL::index('&file=article&sid=' . $sid));
}
require_once "modules/{$module_name}/comments.php";
if (isset($_POST['postreply'])) {
replyPost($sid);
// store the reply
} else {
if (isset($_GET['reply'])) {
reply($sid);
// reply to comment
} elseif (isset($_POST['preview'])) {
replyPreview($sid);
// Preview the reply before storage
} else {
if (isset($_GET['comment'])) {
// Show comment X
public function orderingAction()
{
$this->_model->ordering($this->_arrParam);
URL::redirect(URL::createLink('admin', 'group', 'index'));
}
if (!isset($groups)) {
global $db, $prefix;
$groups = array(0 => _NL_ALLUSERS, 1 => _SUBSCRIBEDUSERS, 2 => _NL_ADMINS);
$groupsResult = $db->sql_query("SELECT group_id, group_name FROM " . $prefix . "_bbgroups WHERE group_single_user=0");
while (list($groupID, $groupName) = $db->sql_fetchrow($groupsResult)) {
$groups[$groupID + 2] = $groupName;
}
}
$tmpgroups = $groups;
return select_box($fieldname, $current, $tmpgroups);
}
$subject = isset($_POST['subject']) ? $_POST['subject'] : '';
$content = isset($_POST['content']) ? $_POST['content'] : '';
$group = isset($_POST['group']) ? intval($_POST['group']) : 1;
if (isset($_POST['discard'])) {
URL::redirect(URL::admin('newsletter'));
} elseif (isset($_POST['send'])) {
$subject = $_POST['subject'];
$n_group = intval($_POST['n_group']);
if (empty($subject)) {
cpg_error(sprintf(_ERROR_NOT_SET, _SUBJECT));
}
if (empty($content)) {
cpg_error(sprintf(_ERROR_NOT_SET, _CONTENT));
}
ignore_user_abort(true);
if ($n_group == 0) {
$query = 'SELECT username, user_email FROM ' . $user_prefix . '_users WHERE user_level > 0 AND user_id > 1';
$count = $db->sql_count($user_prefix . '_users WHERE user_level > 0 AND user_id > 1');
} elseif ($n_group == 2) {
$query = 'SELECT aid, email FROM ' . $prefix . '_admins';
