public function get_partner_club()
{
if (!$this->partner_club_id) {
return NULL;
}
return User::by_id($this->partner_club_id);
}
public function display_pms(Page $page, $pms)
{
global $user;
$html = "\n\t\t\t<script type='text/javascript'>\n\t\t\t\$(document).ready(function() {\n\t\t\t\t\$(\"#pms\").tablesorter();\n\t\t\t});\n\t\t\t</script>\n\t\t\t<table id='pms' class='zebra'>\n\t\t\t\t<thead><tr><th>Subject</th><th>From</th><th>Date</th><th>Action</th></tr></thead>\n\t\t\t\t<tbody>";
$n = 0;
foreach ($pms as $pm) {
$oe = $n++ % 2 == 0 ? "even" : "odd";
$h_subject = html_escape($pm->subject);
if (strlen(trim($h_subject)) == 0) {
$h_subject = "(No subject)";
}
$from_name = User::by_id($pm->from_id)->name;
$h_from = html_escape($from_name);
$from_url = make_link("user/" . url_escape($from_name));
$pm_url = make_link("pm/read/" . $pm->id);
$del_url = make_link("pm/delete");
$h_date = html_escape($pm->sent_date);
if ($pm->is_read) {
$h_subject = "<b>{$h_subject}</b>";
}
$html .= "<tr class='{$oe}'><td><a href='{$pm_url}'>{$h_subject}</a></td>\n\t\t\t<td><a href='{$from_url}'>{$h_from}</a></td><td>{$h_date}</td>\n\t\t\t<td><form action='{$del_url}' method='POST'>\n\t\t\t\t<input type='hidden' name='pm_id' value='{$pm->id}'>\n\t\t\t\t" . $user->get_auth_html() . "\n\t\t\t\t<input type='submit' value='Delete'>\n\t\t\t</form></td></tr>";
}
$html .= "\n\t\t\t\t</tbody>\n\t\t\t</table>\n\t\t";
$page->add_block(new Block("Private Messages", $html, "main", 10));
}
public function get_owner()
{
if (empty($this->owner)) {
$this->owner = User::by_id($this->owner_id);
}
return $this->owner;
}
public function display_pms(Page $page, $pms)
{
global $user;
$html = "\n\t\t\t<table id='pms' class='zebra sortable'>\n\t\t\t\t<thead><tr><th>R?</th><th>Subject</th><th>From</th><th>Date</th><th>Action</th></tr></thead>\n\t\t\t\t<tbody>";
foreach ($pms as $pm) {
$h_subject = html_escape($pm->subject);
if (strlen(trim($h_subject)) == 0) {
$h_subject = "(No subject)";
}
$from = User::by_id($pm->from_id);
$from_name = $from->name;
$h_from = html_escape($from_name);
$from_url = make_link("user/" . url_escape($from_name));
$pm_url = make_link("pm/read/" . $pm->id);
$del_url = make_link("pm/delete");
$h_date = html_escape($pm->sent_date);
$readYN = "Y";
if (!$pm->is_read) {
$h_subject = "<b>{$h_subject}</b>";
$readYN = "N";
}
$hb = $from->can("hellbanned") ? "hb" : "";
$html .= "<tr class='{$hb}'>\n\t\t\t<td>{$readYN}</td>\n\t\t\t<td><a href='{$pm_url}'>{$h_subject}</a></td>\n\t\t\t<td><a href='{$from_url}'>{$h_from}</a></td><td>{$h_date}</td>\n\t\t\t<td><form action='{$del_url}' method='POST'>\n\t\t\t\t<input type='hidden' name='pm_id' value='{$pm->id}'>\n\t\t\t\t" . $user->get_auth_html() . "\n\t\t\t\t<input type='submit' value='Delete'>\n\t\t\t</form></td>\n\t\t\t</tr>";
}
$html .= "\n\t\t\t\t</tbody>\n\t\t\t</table>\n\t\t";
$page->add_block(new Block("Private Messages", $html, "main", 40, "private-messages"));
}
function __construct()
{
Authentication::require_admin();
$this->is_admin_page = true;
// find active entity
parent::__construct();
// find user
if (!isset($_REQUEST['userid'])) {
throw new NotFoundException("Missing parameter: userid");
}
$this->user = User::by_id(intval($_REQUEST['userid']));
}
static function current_user()
{
static $current_user;
if (isset($current_user)) {
return $current_user;
}
Authentication::session_start();
if (isset($_SESSION['userid'])) {
$current_user = User::by_id($_SESSION['userid']);
} else {
$current_user = false;
}
return $current_user;
}
private static function init()
{
// current user is always in group
$user = Authentication::current_user();
if (!$user) {
UserGroup::$current = array();
} else {
UserGroup::$current = array($user);
}
// get from session
UserGroup::start_session();
foreach ($_SESSION['usergroup'] as $extra_userid) {
UserGroup::$current[] = User::by_id($extra_userid);
}
}
function test_save()
{
//just to check and get
$user = new User();
$rand = md5(rand());
$user->username = '******' . $rand;
$user->fullname = 'This is the name';
$user->email = "{$rand}@email.com";
$user->save();
$user_g = User::by_id($user->get_id());
$this->assertNotNull($user_g);
$this->assertEqual($user_g->username, $user->username);
$this->assertEqual($user_g->email, $user->email);
$this->assertEqual($user_g->fullname, $user->fullname);
$this->assertEqual($user_g->get_id(), $user->get_id());
}
function write_entries($entries)
{
echo "<table>";
echo "<tr><th>Time</th><th>Type</th><th>Entity</th><th>Message</th><th>Judge host</th><th>User</th><th>IP</th></tr>";
foreach ($entries as $entry) {
echo "<tr>";
echo "<td>" . format_date_compact($entry->time);
echo "<td>" . htmlspecialchars(LogLevel::toString($entry->level));
echo "<td>" . ($entry->entity_path ? "<a href=\"index.php" . htmlspecialchars($entry->entity_path) . "\">" . $entry->entity_path . "</a>" : "-");
echo "<td>" . nl2br(htmlspecialchars($entry->message));
echo "<td>" . ($entry->judge_host ? htmlspecialchars($entry->judge_host) : '-');
echo "<td>" . ($entry->userid ? htmlspecialchars(User::by_id($entry->userid, false)->name_and_login()) : '-');
echo "<td>" . ($entry->ip ? htmlspecialchars($entry->ip) : '-');
echo "</tr>";
}
echo "</table>";
}
/**
* @param User $duser
* @param string $class
* @throws NullUserException
*/
private function change_class_wrapper(User $duser, $class)
{
global $user;
if ($user->class->name == "admin") {
$duser = User::by_id($_POST['id']);
if (!$duser instanceof User) {
throw new NullUserException("Error: the user id does not exist!");
}
$duser->set_class($class);
flash_message("Class changed");
$this->redirect_to_user($duser);
}
}
/**
* @return User
*/
function _get_user()
{
global $config;
$user = null;
if (get_prefixed_cookie("user") && get_prefixed_cookie("session")) {
$tmp_user = User::by_session(get_prefixed_cookie("user"), get_prefixed_cookie("session"));
if (!is_null($tmp_user)) {
$user = $tmp_user;
}
}
if (is_null($user)) {
$user = User::by_id($config->get_int("anon_id", 0));
}
assert(!is_null($user));
return $user;
}
protected function log_out()
{
global $user, $config;
$user = User::by_id($config->get_int("anon_id", 0));
$this->assertNotNull($user);
}
private static function log_email($loglevel, $message, $entity_path = null, $judge_host = null)
{
if ($loglevel >= LOG_EMAIL_LEVEL) {
$body = "Justitia produced a log entry.\n\n";
$body .= "Type entry: " . LogLevel::toString($loglevel) . "\n";
$body .= "Date: " . format_date(time()) . "\n";
if ($entity_path != null) {
$body .= "Entity path: " . $entity_path . "\n";
}
if ($judge_host != null) {
$body .= "Judge host: " . $judge_host . "\n";
}
if (self::userid() != null) {
$body .= "User: "******"\n";
}
if (self::ip() != null) {
$body .= "IP address: " . self::ip() . "\n";
}
$body .= "Message: " . $message . "\n";
mail(LOG_EMAIL_EMAIL_ADRESSES, "Justitia logging", $body);
}
}
function write_get_submission_results($entities)
{
// find submissions
$users = array();
foreach ($entities as $e => $entity) {
// // *all* submissions
// $all_subms = $entity->all_submissions();
// // for each userid => subm
// $subms = $entity->all_final_submissions_from($all_subms);
$subms = $entity->all_final_submissions_quick();
foreach ($subms as $userid => $subm) {
if (!isset($users[$userid])) {
$users[$userid]['user'] = User::by_id($userid);
}
$users[$userid]['subms'][$e] = $subm;
}
}
Timer::after("find submissions");
// sort users by name
$users_sorted = array();
foreach ($users as $user) {
$users_sorted[$user['user']->name_for_sort()] = $user;
}
ksort($users_sorted);
Timer::after("sort");
// write table
$this->write_submission_results($entities, $users_sorted);
Timer::after("write");
}
/**
* Try to figure who is uploading
*
* Currently checks for either user & session in request or cookies
* and initializes a global User
* @param void
* @return void
*/
private function tryAuth()
{
global $config, $user;
if (isset($_REQUEST['user']) && isset($_REQUEST['session'])) {
//Auth by session data from query
$name = $_REQUEST['user'];
$session = $_REQUEST['session'];
$duser = User::by_session($name, $session);
if (!is_null($duser)) {
$user = $duser;
} else {
$user = User::by_id($config->get_int("anon_id", 0));
}
} elseif (isset($_COOKIE[$config->get_string('cookie_prefix', 'shm') . '_' . 'session']) && isset($_COOKIE[$config->get_string('cookie_prefix', 'shm') . '_' . 'user'])) {
//Auth by session data from cookies
$session = $_COOKIE[$config->get_string('cookie_prefix', 'shm') . '_' . 'session'];
$user = $_COOKIE[$config->get_string('cookie_prefix', 'shm') . '_' . 'user'];
$duser = User::by_session($user, $session);
if (!is_null($duser)) {
$user = $duser;
} else {
$user = User::by_id($config->get_int("anon_id", 0));
}
}
}
public function onPageRequest(PageRequestEvent $event)
{
global $config, $page, $user;
$this->show_user_info();
if ($event->page_matches("user_admin")) {
if ($event->get_arg(0) == "login") {
if (isset($_POST['user']) && isset($_POST['pass'])) {
$this->page_login($_POST['user'], $_POST['pass']);
} else {
$this->theme->display_login_page($page);
}
} else {
if ($event->get_arg(0) == "recover") {
$this->page_recover($_POST['username']);
} else {
if ($event->get_arg(0) == "create") {
$this->page_create();
} else {
if ($event->get_arg(0) == "list") {
// select users.id,name,joindate,admin,
// (select count(*) from images where images.owner_id=users.id) as images,
// (select count(*) from comments where comments.owner_id=users.id) as comments from users;
// select users.id,name,joindate,admin,image_count,comment_count
// from users
// join (select owner_id,count(*) as image_count from images group by owner_id) as _images on _images.owner_id=users.id
// join (select owner_id,count(*) as comment_count from comments group by owner_id) as _comments on _comments.owner_id=users.id;
$this->theme->display_user_list($page, User::by_list(0), $user);
} else {
if ($event->get_arg(0) == "logout") {
$this->page_logout();
}
}
}
}
}
if (!$user->check_auth_token()) {
return;
} else {
if ($event->get_arg(0) == "change_name") {
$input = validate_input(array('id' => 'user_id,exists', 'name' => 'user_name'));
$duser = User::by_id($input['id']);
$this->change_name_wrapper($duser, $input['name']);
} else {
if ($event->get_arg(0) == "change_pass") {
$input = validate_input(array('id' => 'user_id,exists', 'pass1' => 'password', 'pass2' => 'password'));
$duser = User::by_id($input['id']);
$this->change_password_wrapper($duser, $input['pass1'], $input['pass2']);
} else {
if ($event->get_arg(0) == "change_email") {
$input = validate_input(array('id' => 'user_id,exists', 'address' => 'email'));
$duser = User::by_id($input['id']);
$this->change_email_wrapper($duser, $input['address']);
} else {
if ($event->get_arg(0) == "change_class") {
$input = validate_input(array('id' => 'user_id,exists', 'class' => 'user_class'));
$duser = User::by_id($input['id']);
$this->change_class_wrapper($duser, $input['class']);
} else {
if ($event->get_arg(0) == "delete_user") {
$this->delete_user($page, isset($_POST["with_images"]), isset($_POST["with_comments"]));
}
}
}
}
}
}
}
if ($event->page_matches("user")) {
$display_user = $event->count_args() == 0 ? $user : User::by_name($event->get_arg(0));
if ($event->count_args() == 0 && $user->is_anonymous()) {
$this->theme->display_error(401, "Not Logged In", "You aren't logged in. First do that, then you can see your stats.");
} else {
if (!is_null($display_user) && $display_user->id != $config->get_int("anon_id")) {
$e = new UserPageBuildingEvent($display_user);
send_event($e);
$this->display_stats($e);
} else {
$this->theme->display_error(404, "No Such User", "If you typed the ID by hand, try again; if you came from a link on this " . "site, it might be bug report time...");
}
}
}
}
private function authenticate_user()
{
global $config;
global $database;
global $user;
if (isset($_REQUEST['login']) && isset($_REQUEST['password'])) {
// Get this user from the db, if it fails the user becomes anonymous
// Code borrowed from /ext/user
$name = $_REQUEST['login'];
$pass = $_REQUEST['password'];
$hash = md5(strtolower($name) . $pass);
$duser = User::by_name_and_hash($name, $hash);
if (!is_null($duser)) {
$user = $duser;
} else {
$user = User::by_id($config->get_int("anon_id", 0));
}
}
}
public function get_club()
{
return User::by_id($this->club_id);
}
<?php
namespace bmtmgr;
require_once dirname(__DIR__) . '/src/common.php';
$u = user\check_current();
$u->require_perm('admin');
utils\require_get_params(['id']);
$club = User::by_id($_GET['id']);
render('club', ['user' => $u, 'breadcrumbs' => [['name' => 'Vereine', 'path' => 'club/'], ['name' => $club->name, 'path' => 'club/' . \urlencode($club->id) . '/']], 'club' => $club]);
/**
* Find the User who owns this Image
*
* @return User
*/
public function get_owner()
{
return User::by_id($this->owner_id);
}
private function check_ip_ban()
{
global $config;
global $database;
$prefix = $database->engine->name == "sqlite" ? "bans." : "";
$remote = $_SERVER['REMOTE_ADDR'];
$bans = $this->get_active_bans();
foreach ($bans as $row) {
$ip = $row[$prefix . "ip"];
if (strstr($ip, '/') && ip_in_range($remote, $ip) || $ip == $remote) {
$reason = $row[$prefix . 'reason'];
$admin = User::by_id($row[$prefix . 'banner_id']);
$date = date("Y-m-d", $row[$prefix . 'end_timestamp']);
print "IP <b>{$ip}</b> has been banned until <b>{$date}</b> by <b>{$admin->name}</b> because of <b>{$reason}</b>";
$contact_link = $config->get_string("contact_link");
if (!empty($contact_link)) {
print "<p><a href='{$contact_link}'>Contact The Admin</a>";
}
exit;
}
}
}
function build_backend_subactions()
{
global $backend_subactions, $pluginpages_handlers;
$backend_subactions = url_action_subactions(array("_index" => url_action_alias(array("login")), "index" => url_action_alias(array("login")), "_prelude" => function (&$data, $url_now, &$url_next) {
global $ratatoeskr_settings, $admin_grp, $ste, $languages;
if ($admin_grp === NULL) {
$admin_grp = Group::by_name("admins");
}
$ste->vars["all_languages"] = array();
$ste->vars["all_langcodes"] = array();
foreach ($languages as $code => $data) {
$ste->vars["all_languages"][$code] = $data["language"];
$ste->vars["all_langcodes"][] = $code;
}
ksort($ste->vars["all_languages"]);
sort($ste->vars["all_langcodes"]);
/* Check authentification */
if (isset($_SESSION["ratatoeskr_uid"])) {
try {
$user = User::by_id($_SESSION["ratatoeskr_uid"]);
if ($user->pwhash == $_SESSION["ratatoeskr_pwhash"] and $user->member_of($admin_grp)) {
if (empty($user->language)) {
$user->language = $ratatoeskr_settings["default_language"];
$user->save();
}
load_language($user->language);
if ($url_next[0] == "login") {
$url_next = array("content", "write");
}
$data["user"] = $user;
$ste->vars["user"] = array("id" => $user->get_id(), "name" => $user->username, "lang" => $user->language);
return;
/* Authentification successful, continue */
} else {
unset($_SESSION["ratatoeskr_uid"]);
}
} catch (DoesNotExistError $e) {
unset($_SESSION["ratatoeskr_uid"]);
}
}
load_language();
/* If we are here, user is not logged in... */
$url_next = array("login");
}, "login" => url_action_simple(function ($data) {
global $ste, $admin_grp;
if (!empty($_POST["user"])) {
try {
$user = User::by_name($_POST["user"]);
if (!PasswordHash::validate($_POST["password"], $user->pwhash)) {
throw new Exception();
}
if (!$user->member_of($admin_grp)) {
throw new Exception();
}
/* Login successful. */
$_SESSION["ratatoeskr_uid"] = $user->get_id();
$_SESSION["ratatoeskr_pwhash"] = $user->pwhash;
load_language($user->language);
$data["user"] = $user;
$ste->vars["user"] = array("id" => $user->get_id(), "name" => $user->username, "lang" => $user->language);
} catch (Exception $e) {
$ste->vars["login_failed"] = True;
}
if (isset($data["user"])) {
throw new Redirect(array("content", "write"));
}
}
echo $ste->exectemplate("/systemtemplates/backend_login.html");
}), "logout" => url_action_simple(function ($data) {
unset($_SESSION["ratatoeskr_uid"]);
unset($_SESSION["ratatoeskr_pwhash"]);
load_language();
throw new Redirect(array("login"));
}), "content" => url_action_subactions(array("write" => function (&$data, $url_now, &$url_next) {
global $ste, $translation, $textprocessors, $ratatoeskr_settings, $languages, $articleeditor_plugins;
list($article, $editlang) = array_slice($url_next, 0);
if (!isset($editlang)) {
$editlang = $data["user"]->language;
}
if (isset($article)) {
$ste->vars["article_editurl"] = urlencode($article) . "/" . urlencode($editlang);
} else {
$ste->vars["article_editurl"] = "";
}
$url_next = array();
$default_section = Section::by_id($ratatoeskr_settings["default_section"]);
$ste->vars["section"] = "content";
$ste->vars["submenu"] = isset($article) ? "articles" : "newarticle";
$ste->vars["textprocessors"] = array();
foreach ($textprocessors as $txtproc => $properties) {
if ($properties[1]) {
$ste->vars["textprocessors"][] = $txtproc;
}
}
$ste->vars["sections"] = array();
foreach (Section::all() as $section) {
$ste->vars["sections"][] = $section->name;
}
$ste->vars["article_section"] = $default_section->name;
/* Check Form */
$fail_reasons = array();
if (isset($_POST["save_article"])) {
if (!Article::test_urlname($_POST["urlname"])) {
$fail_reasons[] = $translation["invalid_urlname"];
} else {
$inputs["urlname"] = $_POST["urlname"];
}
if (!Article::test_status(@$_POST["article_status"])) {
$fail_reasons[] = $translation["invalid_article_status"];
} else {
$inputs["article_status"] = (int) $_POST["article_status"];
}
if (!isset($textprocessors[@$_POST["content_txtproc"]])) {
$fail_reasons[] = $translation["unknown_txtproc"];
} else {
$inputs["content_txtproc"] = $_POST["content_txtproc"];
}
if (!isset($textprocessors[@$_POST["excerpt_txtproc"]])) {
$fail_reasons[] = $translation["unknown_txtproc"];
} else {
$inputs["excerpt_txtproc"] = $_POST["excerpt_txtproc"];
}
if (!empty($_POST["date"])) {
if (($time_tmp = @DateTime::createFromFormat("Y-m-d H:i:s", @$_POST["date"])) === False) {
$fail_reasons[] = $translation["invalid_date"];
} else {
$inputs["date"] = @$time_tmp->getTimestamp();
}
} else {
$inputs["date"] = time();
}
$inputs["allow_comments"] = !(empty($_POST["allow_comments"]) or $_POST["allow_comments"] != "yes");
try {
$inputs["article_section"] = Section::by_name($_POST["section"]);
} catch (DoesNotExistError $e) {
$fail_reasons[] = $translation["unknown_section"];
}
$inputs["title"] = $_POST["title"];
$inputs["content"] = $_POST["content"];
$inputs["excerpt"] = $_POST["excerpt"];
$inputs["tags"] = array_filter(array_map("trim", explode(",", $_POST["tags"])), function ($t) {
return !empty($t);
});
if (isset($_POST["saveaslang"])) {
$editlang = $_POST["saveaslang"];
}
} else {
/* Call articleeditor plugins */
$article = empty($article) ? NULL : Article::by_urlname($article);
foreach ($articleeditor_plugins as $plugin) {
call_user_func($plugin["fx"], $article, False);
}
}
function fill_article(&$article, $inputs, $editlang)
{
$article->urlname = $inputs["urlname"];
$article->status = $inputs["article_status"];
$article->timestamp = $inputs["date"];
$article->title[$editlang] = new Translation($inputs["title"], "");
$article->text[$editlang] = new Translation($inputs["content"], $inputs["content_txtproc"]);
$article->excerpt[$editlang] = new Translation($inputs["excerpt"], $inputs["excerpt_txtproc"]);
$article->set_tags(maketags($inputs["tags"], $editlang));
$article->set_section($inputs["article_section"]);
$article->allow_comments = $inputs["allow_comments"];
}
if (empty($article)) {
/* New Article */
$ste->vars["pagetitle"] = $translation["new_article"];
if (empty($fail_reasons) and isset($_POST["save_article"])) {
$article = Article::create($inputs["urlname"]);
fill_article($article, $inputs, $editlang);
/* Calling articleeditor plugins */
$call_after_save = array();
foreach ($articleeditor_plugins as $plugin) {
$result = call_user_func($plugin["fx"], $article, True);
if (is_string($result)) {
$fail_reasons[] = $result;
} elseif ($result !== NULL) {
$call_after_save[] = $result;
}
}
if (empty($fail_reasons)) {
try {
$article->save();
foreach ($call_after_save as $cb) {
call_user_func($cb, $article);
}
$ste->vars["article_editurl"] = urlencode($article->urlname) . "/" . urlencode($editlang);
$ste->vars["success"] = htmlesc($translation["article_save_success"]);
} catch (AlreadyExistsError $e) {
$fail_reasons[] = $translation["article_name_already_in_use"];
}
}
}
} else {
try {
if (!$article instanceof Article) {
$article = Article::by_urlname($article);
}
} catch (DoesNotExistError $e) {
throw new NotFoundError();
}
if (empty($fail_reasons) and isset($_POST["save_article"])) {
fill_article($article, $inputs, $editlang);
/* Calling articleeditor plugins */
$call_after_save = array();
foreach ($articleeditor_plugins as $plugin) {
$result = call_user_func($plugin["fx"], $article, True);
if (is_string($result)) {
$fail_reasons[] = $result;
} elseif ($result !== NULL) {
$call_after_save[] = $result;
}
}
if (empty($fail_reasons)) {
try {
$article->save();
foreach ($call_after_save as $cb) {
call_user_func($cb, $article);
}
$ste->vars["article_editurl"] = urlencode($article->urlname) . "/" . urlencode($editlang);
$ste->vars["success"] = htmlesc($translation["article_save_success"]);
} catch (AlreadyExistsError $e) {
$fail_reasons[] = $translation["article_name_already_in_use"];
}
}
}
if (!isset($article->title[$editlang])) {
$langs_available = array();
foreach ($article->title as $lang => $_) {
$langs_available[] = $lang;
}
$editlang = $langs_available[0];
}
foreach (array("urlname" => "urlname", "status" => "article_status", "timestamp" => "date", "allow_comments" => "allow_comments") as $prop => $k_out) {
if (!isset($inputs[$k_out])) {
$inputs[$k_out] = $article->{$prop};
}
}
if (!isset($inputs["title"])) {
$inputs["title"] = $article->title[$editlang]->text;
}
if (!isset($inputs["content"])) {
$translation_obj = $article->text[$editlang];
$inputs["content"] = $translation_obj->text;
$inputs["content_txtproc"] = $translation_obj->texttype;
}
if (!isset($inputs["excerpt"])) {
$translation_obj = $article->excerpt[$editlang];
$inputs["excerpt"] = $translation_obj->text;
$inputs["excerpt_txtproc"] = $translation_obj->texttype;
}
if (!isset($inputs["article_section"])) {
$inputs["article_section"] = $article->get_section();
}
if (!isset($inputs["tags"])) {
$inputs["tags"] = array_map(function ($tag) use($editlang) {
return $tag->name;
}, $article->get_tags());
}
$ste->vars["morelangs"] = array();
$ste->vars["pagetitle"] = $article->title[$editlang]->text;
foreach ($article->title as $lang => $_) {
if ($lang != $editlang) {
$ste->vars["morelangs"][] = array("url" => urlencode($article->urlname) . "/{$lang}", "full" => "({$lang}) " . $languages[$lang]["language"]);
}
}
}
if (!isset($inputs["date"])) {
$inputs["date"] = time();
}
if (!isset($inputs["article_status"])) {
$inputs["article_status"] = ARTICLE_STATUS_LIVE;
}
/* Push data back to template */
if (isset($inputs["tags"])) {
$ste->vars["tags"] = implode(", ", $inputs["tags"]);
}
if (isset($inputs["article_section"])) {
$ste->vars["article_section"] = $inputs["article_section"]->name;
}
$ste->vars["editlang"] = $editlang;
foreach (array("urlname" => "urlname", "article_status" => "article_status", "title" => "title", "content_txtproc" => "content_txtproc", "content" => "content", "excerpt_txtproc" => "excerpt_txtproc", "excerpt" => "excerpt", "date" => "date", "allow_comments" => "allow_comments") as $k_in => $k_out) {
if (isset($inputs[$k_in])) {
$ste->vars[$k_out] = $inputs[$k_in];
}
}
/* Displaying article editor plugins */
$ste->vars["displayed_plugins"] = array_map(function ($x) {
return array("label" => $x["label"], "template" => $x["template"]);
}, array_filter($articleeditor_plugins, function ($x) {
return $x["display"];
}));
if (!empty($fail_reasons)) {
$ste->vars["failed"] = $fail_reasons;
}
echo $ste->exectemplate("/systemtemplates/content_write.html");
}, "tags" => function (&$data, $url_now, &$url_next) {
global $translation, $languages, $ste, $rel_path_to_root;
$url_next = array();
$ste->vars["section"] = "content";
$ste->vars["submenu"] = "tags";
$ste->vars["pagetitle"] = $translation["tags_overview"];
if (isset($_POST["delete"]) and $_POST["really_delete"] == "yes") {
foreach ($_POST["tag_multiselect"] as $tagid) {
try {
$tag = Tag::by_id($tagid);
$tag->delete();
} catch (DoesNotExistError $e) {
continue;
}
}
$ste->vars["success"] = $translation["tags_successfully_deleted"];
}
if (isset($_POST["save_changes"])) {
$newlang = !empty($_POST["new_language"]) ? $_POST["new_language"] : NULL;
$newtag = NULL;
if (!empty($_POST["newtagname"])) {
if (!Tag::test_name(@$_POST["newtagname"])) {
$ste->vars["error"] = $translation["invalid_tag_name"];
} else {
$newtag = $_POST["newtagname"];
}
}
if ($newlang !== NULL and !isset($languages[$newlang])) {
$newlang = NULL;
}
if ($newtag !== NULL) {
try {
$newtag = Tag::create($newtag);
} catch (AlreadyExistsError $e) {
$newtag = NULL;
}
}
$translations = array();
foreach ($_POST as $k => $v) {
if (preg_match('/tagtrans_(NEW|[a-z]{2})_(.*)/', $k, $matches) == 1) {
$lang = $matches[1] == "NEW" ? $newlang : $matches[1];
$tag = $matches[2];
if ($lang === NULL) {
continue;
}
$translations[$tag][$lang] = $v;
}
}
foreach ($translations as $tag => $langmap) {
if ($tag == "NEW") {
if ($newtag === NULL) {
continue;
}
$tag = $newtag;
} else {
try {
$tag = Tag::by_id($tag);
} catch (DoesNotExistError $e) {
continue;
}
}
foreach ($langmap as $l => $text) {
if (empty($text)) {
unset($tag->title[$l]);
} else {
$tag->title[$l] = new Translation($text, "");
}
}
$tag->save();
}
$ste->vars["success"] = $translation["tags_successfully_edited"];
}
$ste->vars["alltags"] = array();
$taglangs = array();
$alltags = Tag::all();
foreach ($alltags as $tag) {
$transls = array();
foreach ($tag->title as $l => $t) {
if (!in_array($l, $taglangs)) {
$taglangs[] = $l;
}
$transls[$l] = $t->text;
}
$ste->vars["alltags"][] = array("id" => $tag->get_id(), "name" => $tag->name, "translations" => $transls);
}
$unused_langs = array_diff(array_keys($languages), $taglangs);
$ste->vars["all_tag_langs"] = array();
foreach ($taglangs as $l) {
$ste->vars["all_tag_langs"][$l] = $languages[$l]["language"];
}
$ste->vars["unused_languages"] = array();
foreach ($unused_langs as $l) {
$ste->vars["unused_languages"][$l] = $languages[$l]["language"];
}
echo $ste->exectemplate("/systemtemplates/tags_overview.html");
}, "articles" => function (&$data, $url_now, &$url_next) {
global $ste, $translation, $languages, $rel_path_to_root;
$url_next = array();
$ste->vars["section"] = "content";
$ste->vars["submenu"] = "articles";
$ste->vars["pagetitle"] = $translation["menu_articles"];
if (isset($_POST["delete"]) and $_POST["really_delete"] == "yes") {
foreach ($_POST["article_multiselect"] as $article_urlname) {
try {
$article = Article::by_urlname($article_urlname);
$article->delete();
} catch (DoesNotExistError $e) {
continue;
}
}
$ste->vars["success"] = $translation["articles_deleted"];
}
$articles = Article::all();
/* Filtering */
$filterquery = array();
if (!empty($_GET["filter_urlname"])) {
$searchfor = strtolower($_GET["filter_urlname"]);
$articles = array_filter($articles, function ($a) use($searchfor) {
return strpos(strtolower($a->urlname), $searchfor) !== False;
});
$filterquery[] = "filter_urlname=" . urlencode($_GET["filter_urlname"]);
$ste->vars["filter_urlname"] = $_GET["filter_urlname"];
}
if (!empty($_GET["filter_tag"])) {
$searchfor = $_GET["filter_tag"];
$articles = array_filter($articles, function ($a) use($searchfor) {
foreach ($a->get_tags() as $t) {
if ($t->name == $searchfor) {
return True;
}
}
return False;
});
$filterquery[] = "filter_tag=" . urlencode($searchfor);
$ste->vars["filter_tag"] = $searchfor;
}
if (!empty($_GET["filter_section"])) {
$searchfor = $_GET["filter_section"];
$articles = array_filter($articles, function ($a) use($searchfor) {
return $a->get_section()->name == $searchfor;
});
$filterquery[] = "filter_section=" . urlencode($searchfor);
$ste->vars["filter_section"] = $searchfor;
}
$ste->vars["filterquery"] = implode("&", $filterquery);
/* Sorting */
if (isset($_GET["sort_asc"])) {
switch ($_GET["sort_asc"]) {
case "date":
$ste->vars["sortquery"] = "sort_asc=date";
$ste->vars["sort_asc_date"] = True;
$ste->vars["sorting"] = array("dir" => "asc", "by" => "date");
usort($articles, function ($a, $b) {
return intcmp($a->timestamp, $b->timestamp);
});
break;
case "section":
$ste->vars["sortquery"] = "sort_asc=section";
$ste->vars["sort_asc_section"] = True;
$ste->vars["sorting"] = array("dir" => "asc", "by" => "section");
usort($articles, function ($a, $b) {
return strcmp($a->get_section()->name, $b->get_section()->name);
});
break;
case "urlname":
$ste->vars["sortquery"] = "sort_asc=urlname";
default:
$ste->vars["sort_asc_urlname"] = True;
$ste->vars["sorting"] = array("dir" => "asc", "by" => "urlname");
usort($articles, function ($a, $b) {
return strcmp($a->urlname, $b->urlname);
});
break;
}
} elseif (isset($_GET["sort_desc"])) {
switch ($_GET["sort_desc"]) {
case "date":
$ste->vars["sortquery"] = "sort_desc=date";
$ste->vars["sort_desc_date"] = True;
$ste->vars["sorting"] = array("dir" => "desc", "by" => "date");
usort($articles, function ($a, $b) {
return intcmp($b->timestamp, $a->timestamp);
});
break;
case "section":
$ste->vars["sortquery"] = "sort_desc=section";
$ste->vars["sort_desc_section"] = True;
$ste->vars["sorting"] = array("dir" => "desc", "by" => "section");
usort($articles, function ($a, $b) {
return strcmp($b->get_section()->name, $a->get_section()->name);
});
break;
case "urlname":
$ste->vars["sortquery"] = "sort_desc=urlname";
$ste->vars["sort_desc_urlname"] = True;
$ste->vars["sorting"] = array("dir" => "desc", "by" => "urlname");
usort($articles, function ($a, $b) {
return strcmp($b->urlname, $a->urlname);
});
break;
default:
$ste->vars["sort_asc_urlname"] = True;
$ste->vars["sorting"] = array("dir" => "asc", "by" => "urlname");
usort($articles, function ($a, $b) {
return strcmp($a->urlname, $b->urlname);
});
break;
}
} else {
$ste->vars["sort_asc_urlname"] = True;
$ste->vars["sorting"] = array("dir" => "asc", "by" => "urlname");
usort($articles, function ($a, $b) {
return strcmp($a->urlname, $b->urlname);
});
}
$ste->vars["articles"] = array_map(function ($article) {
$avail_langs = array();
foreach ($article->title as $lang => $_) {
$avail_langs[] = $lang;
}
sort($avail_langs);
$a_section = $article->get_section();
return array("urlname" => $article->urlname, "languages" => $avail_langs, "date" => $article->timestamp, "tags" => array_map(function ($tag) {
return $tag->name;
}, $article->get_tags()), "section" => array("id" => $a_section->get_id(), "name" => $a_section->name));
}, $articles);
echo $ste->exectemplate("/systemtemplates/articles.html");
}, "images" => function (&$data, $url_now, &$url_next) {
global $ste, $translation, $languages, $rel_path_to_root;
list($imgid, $imageaction) = $url_next;
$url_next = array();
$ste->vars["section"] = "content";
$ste->vars["submenu"] = "images";
$ste->vars["pagetitle"] = $translation["menu_images"];
if (!empty($imgid) and is_numeric($imgid)) {
try {
$image = Image::by_id($imgid);
} catch (DoesNotExistError $e) {
throw new NotFoundError();
}
if (empty($imageaction)) {
throw new NotFoundError();
} else {
if ($imageaction == "markdown" or $imageaction == "html" or $imageaction == "ste") {
$ste->vars["pagetitle"] = $translation["generate_embed_code"];
$ste->vars["image_id"] = $image->get_id();
$ste->vars["markup_variant"] = $imageaction;
if (isset($_POST["img_alt"])) {
if ($imageaction == "markdown") {
$ste->vars["embed_code"] = "![" . str_replace("]", "\\]", $_POST["img_alt"]) . "](%root%/images/" . str_replace(")", "\\)", urlencode($image->get_filename())) . ")";
} elseif ($imageaction == "html") {
$ste->vars["embed_code"] = "<img src=\"%root%/images/" . htmlesc(urlencode($image->get_filename())) . "\" alt=\"" . htmlesc($_POST["img_alt"]) . "\" />";
} elseif ($imageaction == "ste") {
$ste->vars["embed_code"] = "<img src=\"\$rel_path_to_root/images/" . htmlesc(urlencode($image->get_filename())) . "\" alt=\"" . htmlesc($_POST["img_alt"]) . "\" />";
}
}
echo $ste->exectemplate("/systemtemplates/image_embed.html");
} else {
throw new NotFoundError();
}
}
return;
}
/* Upload Form */
if (isset($_POST["upload"])) {
try {
$image = Image::create(!empty($_POST["upload_name"]) ? $_POST["upload_name"] : $_FILES["upload_img"]["name"], $_FILES["upload_img"]["tmp_name"]);
$image->save();
$ste->vars["success"] = $translation["upload_success"];
} catch (IOError $e) {
$ste->vars["error"] = $translation["upload_failed"];
} catch (UnknownFileFormat $e) {
$ste->vars["error"] = $translation["unknown_file_format"];
}
}
/* Mass delete */
if (isset($_POST["delete"]) and $_POST["really_delete"] == "yes") {
foreach ($_POST["image_multiselect"] as $image_id) {
try {
$image = Image::by_id($image_id);
$image->delete();
} catch (DoesNotExistError $e) {
continue;
}
}
$ste->vars["success"] = $translation["images_deleted"];
}
$images = Image::all();
$ste->vars["images"] = array_map(function ($img) {
return array("id" => $img->get_id(), "name" => $img->name, "file" => $img->get_filename());
}, $images);
echo $ste->exectemplate("/systemtemplates/image_list.html");
}, "comments" => function (&$data, $url_now, &$url_next) {
global $ste, $translation, $languages, $rel_path_to_root;
list($comment_id) = $url_next;
$url_next = array();
$ste->vars["section"] = "content";
$ste->vars["submenu"] = "comments";
$ste->vars["pagetitle"] = $translation["menu_comments"];
/* Single comment? */
if (!empty($comment_id)) {
try {
$comment = Comment::by_id($comment_id);
} catch (DoesNotExistError $e) {
throw new NotFoundError();
}
if (!$comment->read_by_admin) {
$comment->read_by_admin = True;
$comment->save();
}
if (isset($_POST["action_on_comment"])) {
switch ($_POST["action_on_comment"]) {
case "delete":
$comment->delete();
$ste->vars["success"] = $translation["comment_successfully_deleted"];
goto backend_content_comments_overview;
break;
case "make_visible":
$comment->visible = True;
$comment->save();
$ste->vars["success"] = $translation["comment_successfully_made_visible"];
break;
case "make_invisible":
$comment->visible = False;
$comment->save();
$ste->vars["success"] = $translation["comment_successfully_made_invisible"];
break;
}
}
$ste->vars["id"] = $comment->get_id();
$ste->vars["visible"] = $comment->visible;
$ste->vars["article"] = $comment->get_article()->urlname;
$ste->vars["language"] = $comment->get_language();
$ste->vars["date"] = $comment->get_timestamp();
$ste->vars["author"] = "\"{$comment->author_name}\" <{$comment->author_mail}>";
$ste->vars["comment_text"] = $comment->create_html();
$ste->vars["comment_raw"] = $comment->text;
echo $ste->exectemplate("/systemtemplates/single_comment.html");
return;
}
backend_content_comments_overview:
/* Perform an action on all selected comments */
if (!empty($_POST["action_on_comments"])) {
switch ($_POST["action_on_comments"]) {
case "delete":
$commentaction = function ($c) {
$c->delete();
};
$ste->vars["success"] = $translation["comments_successfully_deleted"];
break;
case "mark_read":
$commentaction = function ($c) {
$c->read_by_admin = True;
$c->save();
};
$ste->vars["success"] = $translation["comments_successfully_marked_read"];
break;
case "mark_unread":
$commentaction = function ($c) {
$c->read_by_admin = False;
$c->save();
};
$ste->vars["success"] = $translation["comments_successfully_marked_unread"];
break;
case "make_visible":
$commentaction = function ($c) {
$c->visible = True;
$c->save();
};
$ste->vars["success"] = $translation["comments_successfully_made_visible"];
break;
case "make_invisible":
$commentaction = function ($c) {
$c->visible = False;
$c->save();
};
$ste->vars["success"] = $translation["comments_successfully_made_invisible"];
break;
default:
$ste->vars["error"] = $translation["unknown_action"];
break;
}
if (isset($commentaction)) {
foreach ($_POST["comment_multiselect"] as $c_id) {
try {
$comment = Comment::by_id($c_id);
$commentaction($comment);
} catch (DoesNotExistError $e) {
continue;
}
}
}
}
$comments = Comment::all();
/* Filtering */
$filterquery = array();
if (!empty($_GET["filter_article"])) {
$searchfor = strtolower($_GET["filter_article"]);
$comments = array_filter($comments, function ($c) use($searchfor) {
return strpos(strtolower($c->get_article()->urlname), $searchfor) !== False;
});
$filterquery[] = "filter_article=" . urlencode($_GET["filter_article"]);
$ste->vars["filter_article"] = $_GET["filter_article"];
}
$ste->vars["filterquery"] = implode("&", $filterquery);
/* Sorting */
if (isset($_GET["sort_asc"])) {
$sort_dir = 1;
$sort_by = $_GET["sort_asc"];
} elseif (isset($_GET["sort_desc"])) {
$sort_dir = -1;
$sort_by = $_GET["sort_desc"];
} else {
$sort_dir = 1;
$sort_by = "was_read";
}
switch ($sort_by) {
case "language":
usort($comments, function ($a, $b) use($sort_dir) {
return strcmp($a->get_language(), $b->get_language()) * $sort_dir;
});
break;
case "date":
usort($comments, function ($a, $b) use($sort_dir) {
return intcmp($a->get_timestamp(), $b->get_timestamp()) * $sort_dir;
});
break;
case "was_read":
default:
usort($comments, function ($a, $b) use($sort_dir) {
return intcmp((int) $a->read_by_admin, (int) $b->read_by_admin) * $sort_dir;
});
$sort_by = "was_read";
break;
}
$ste->vars["sortquery"] = "sort_" . ($sort_dir == 1 ? "asc" : "desc") . "={$sort_by}";
$ste->vars["sorting"] = array("dir" => $sort_dir == 1 ? "asc" : "desc", "by" => $sort_by);
$ste->vars["sort_" . ($sort_dir == 1 ? "asc" : "desc") . "_{$sort_by}"] = True;
$ste->vars["comments"] = array_map(function ($c) {
return array("id" => $c->get_id(), "visible" => $c->visible, "read_by_admin" => $c->read_by_admin, "article" => $c->get_article()->urlname, "excerpt" => substr(str_replace(array("\r\n", "\n", "\r"), " ", $c->text), 0, 50), "language" => $c->get_language(), "date" => $c->get_timestamp(), "author" => "\"{$c->author_name}\" <{$c->author_mail}>");
}, $comments);
echo $ste->exectemplate("/systemtemplates/comments_list.html");
})), "design" => url_action_subactions(array("templates" => function (&$data, $url_now, &$url_next) {
global $ste, $translation, $languages, $rel_path_to_root;
list($template) = $url_next;
$url_next = array();
$ste->vars["section"] = "design";
$ste->vars["submenu"] = "templates";
$ste->vars["pagetitle"] = $translation["menu_templates"];
if (isset($template)) {
if (preg_match("/^[a-zA-Z0-9\\-_\\.]+\$/", $template) == 0) {
/* Prevent a possible LFI attack. */
throw new NotFoundError();
}
if (!is_file(SITE_BASE_PATH . "/ratatoeskr/templates/src/usertemplates/{$template}")) {
throw new NotFoundError();
}
$ste->vars["template_name"] = $template;
$ste->vars["template_code"] = file_get_contents(SITE_BASE_PATH . "/ratatoeskr/templates/src/usertemplates/{$template}");
}
/* Was there a delete request? */
if (isset($_POST["delete"]) and $_POST["really_delete"] == "yes") {
foreach ($_POST["templates_multiselect"] as $tplname) {
if (preg_match("/^[a-zA-Z0-9\\-_\\.]+\$/", $tplname) == 0) {
/* Prevent a possible LFI attack. */
continue;
}
if (is_file(SITE_BASE_PATH . "/ratatoeskr/templates/src/usertemplates/{$tplname}")) {
@unlink(SITE_BASE_PATH . "/ratatoeskr/templates/src/usertemplates/{$tplname}");
}
}
$ste->vars["success"] = $translation["templates_successfully_deleted"];
}
/* A write request? */
if (isset($_POST["save_template"])) {
if (preg_match("/^[a-zA-Z0-9\\-_\\.]+\$/", $_POST["template_name"]) == 1) {
$ste->vars["template_name"] = $_POST["template_name"];
$ste->vars["template_code"] = $_POST["template_code"];
try {
\ste\transcompile(\ste\parse(\ste\precompile($_POST["template_code"]), $_POST["template_name"]));
file_put_contents(SITE_BASE_PATH . "/ratatoeskr/templates/src/usertemplates/" . $_POST["template_name"], $_POST["template_code"]);
$ste->vars["success"] = $translation["template_successfully_saved"];
} catch (\ste\ParseCompileError $e) {
$e->rewrite($_POST["template_code"]);
$ste->vars["error"] = $translation["could_not_compile_template"] . $e->getMessage();
}
} else {
$ste->vars["error"] = $translation["invalid_template_name"];
}
}
/* Get all templates */
$ste->vars["templates"] = array();
$tpldir = new DirectoryIterator(SITE_BASE_PATH . "/ratatoeskr/templates/src/usertemplates");
foreach ($tpldir as $fo) {
if ($fo->isFile()) {
$ste->vars["templates"][] = $fo->getFilename();
}
}
sort($ste->vars["templates"]);
echo $ste->exectemplate("/systemtemplates/templates.html");
}, "styles" => function (&$data, $url_now, &$url_next) {
global $ste, $translation, $languages, $rel_path_to_root;
list($style) = $url_next;
$url_next = array();
$ste->vars["section"] = "design";
$ste->vars["submenu"] = "styles";
$ste->vars["pagetitle"] = $translation["menu_styles"];
if (isset($style)) {
try {
$style = Style::by_name($style);
$ste->vars["style_name"] = $style->name;
$ste->vars["style_code"] = $style->code;
} catch (DoesNotExistError $e) {
throw new NotFoundError();
}
}
/* Was there a delete request? */
if (isset($_POST["delete"]) and $_POST["really_delete"] == "yes") {
foreach ($_POST["styles_multiselect"] as $stylename) {
try {
$style = Style::by_name($stylename);
$style->delete();
} catch (DoesNotExistError $e) {
continue;
}
}
$ste->vars["success"] = $translation["styles_successfully_deleted"];
}
/* A write request? */
if (isset($_POST["save_style"])) {
if (Style::test_name($_POST["style_name"])) {
$ste->vars["style_name"] = $_POST["style_name"];
$ste->vars["style_code"] = $_POST["style_code"];
try {
$style = Style::by_name($_POST["style_name"]);
} catch (DoesNotExistError $e) {
$style = Style::create($_POST["style_name"]);
}
$style->code = $_POST["style_code"];
$style->save();
$ste->vars["success"] = $translation["style_successfully_saved"];
} else {
$ste->vars["error"] = $translation["invalid_style_name"];
}
}
/* Get all styles */
$ste->vars["styles"] = array_map(function ($s) {
return $s->name;
}, Style::all());
sort($ste->vars["styles"]);
echo $ste->exectemplate("/systemtemplates/styles.html");
}, "sections" => function (&$data, $url_now, &$url_next) {
global $ste, $translation, $languages, $rel_path_to_root, $ratatoeskr_settings;
list($style) = $url_next;
$url_next = array();
$ste->vars["section"] = "design";
$ste->vars["submenu"] = "sections";
$ste->vars["pagetitle"] = $translation["menu_pagesections"];
/* New section? */
if (isset($_POST["new_section"])) {
try {
Section::by_name($_POST["section_name"]);
$ste->vars["error"] = $translation["section_already_exists"];
} catch (DoesNotExistError $e) {
if (preg_match("/^[a-zA-Z0-9\\-_\\.]+\$/", $_POST["template"]) == 0 or !is_file(SITE_BASE_PATH . "/ratatoeskr/templates/src/usertemplates/{$_POST['template']}")) {
$ste->vars["error"] = $translation["unknown_template"];
} else {
if (!Section::test_name($_POST["section_name"])) {
$ste->vars["error"] = $translation["invalid_section_name"];
} else {
$section = Section::create($_POST["section_name"]);
$section->template = $_POST["template"];
$section->title[$data["user"]->language] = new Translation($_POST["section_name"], "");
$section->save();
$ste->vars["success"] = $translation["section_created_successfully"];
}
}
}
}
/* Remove a style? */
if (isset($_GET["rmstyle"]) and isset($_GET["rmfrom"])) {
try {
$section = Section::by_name($_GET["rmfrom"]);
$style = Style::by_name($_GET["rmstyle"]);
$section->remove_style($style);
$section->save();
$ste->vars["success"] = $translation["style_removed"];
} catch (DoesNotExistError $e) {
}
}
/* Delete a section? */
if (isset($_POST["delete"]) and @$_POST["really_delete"] == "yes" and isset($_POST["section_select"])) {
try {
$section = Section::by_name($_POST["section_select"]);
if ($section->get_id() == $ratatoeskr_settings["default_section"]) {
$ste->vars["error"] = $translation["cannot_delete_default_section"];
} else {
$default_section = Section::by_id($ratatoeskr_settings["default_section"]);
foreach ($section->get_articles() as $article) {
$article->set_section($default_section);
$article->save();
}
$section->delete();
$ste->vars["success"] = $translation["section_successfully_deleted"];
}
} catch (DoesNotExistError $e) {
}
}
/* Make section default? */
if (isset($_POST["make_default"]) and isset($_POST["section_select"])) {
try {
$section = Section::by_name($_POST["section_select"]);
$ratatoeskr_settings["default_section"] = $section->get_id();
$ste->vars["success"] = $translation["default_section_changed_successfully"];
} catch (DoesNotExistError $e) {
}
}
/* Set template? */
if (isset($_POST["set_template"]) and isset($_POST["section_select"])) {
try {
$section = Section::by_name($_POST["section_select"]);
if (preg_match("/^[a-zA-Z0-9\\-_\\.]+\$/", $_POST["set_template_to"]) == 0 or !is_file(SITE_BASE_PATH . "/ratatoeskr/templates/src/usertemplates/{$_POST['set_template_to']}")) {
$ste->vars["error"] = $translation["unknown_template"];
} else {
$section->template = $_POST["set_template_to"];
$section->save();
$ste->vars["success"] = $translation["successfully_set_template"];
}
} catch (DoesNotExistError $e) {
}
}
/* Adding a style? */
if (isset($_POST["add_style"]) and isset($_POST["section_select"])) {
try {
$section = Section::by_name($_POST["section_select"]);
$style = Style::by_name($_POST["style_to_add"]);
$section->add_style($style);
$ste->vars["success"] = $translation["successfully_added_style"];
} catch (DoesNotExistError $e) {
}
}
/* Set/unset title? */
if (isset($_POST["set_title"]) and isset($_POST["section_select"])) {
if (!isset($languages[$_POST["set_title_lang"]])) {
$ste->vars["error"] = $translation["language_unknown"];
} else {
try {
$section = Section::by_name($_POST["section_select"]);
if (!empty($_POST["set_title_text"])) {
$section->title[$_POST["set_title_lang"]] = new Translation($_POST["set_title_text"], "");
} else {
if (isset($section->title[$_POST["set_title_lang"]])) {
unset($section->title[$_POST["set_title_lang"]]);
}
}
$section->save();
$ste->vars["success"] = $translation["successfully_set_section_title"];
} catch (DoesNotExistError $e) {
}
}
}
/* Get all templates */
$ste->vars["templates"] = array();
$tpldir = new DirectoryIterator(SITE_BASE_PATH . "/ratatoeskr/templates/src/usertemplates");
foreach ($tpldir as $fo) {
if ($fo->isFile()) {
$ste->vars["templates"][] = $fo->getFilename();
}
}
sort($ste->vars["templates"]);
/* Get all styles */
$ste->vars["styles"] = array_map(function ($s) {
return $s->name;
}, Style::all());
sort($ste->vars["styles"]);
/* Get all sections */
$sections = Section::all();
$ste->vars["sections"] = array_map(function ($section) use($ratatoeskr_settings) {
$titles = array();
foreach ($section->title as $l => $t) {
$titles[$l] = $t->text;
}
return array("name" => $section->name, "title" => $titles, "template" => $section->template, "styles" => array_map(function ($style) {
return $style->name;
}, $section->get_styles()), "default" => $section->get_id() == $ratatoeskr_settings["default_section"]);
}, $sections);
echo $ste->exectemplate("/systemtemplates/sections.html");
})), "admin" => url_action_subactions(array("settings" => function (&$data, $url_now, &$url_next) {
global $ste, $translation, $languages, $rel_path_to_root, $ratatoeskr_settings, $textprocessors;
$url_next = array();
$ste->vars["section"] = "admin";
$ste->vars["submenu"] = "settings";
$ste->vars["pagetitle"] = $translation["menu_settings"];
$ste->vars["textprocessors"] = array();
foreach ($textprocessors as $txtproc => $properties) {
if ($properties[1]) {
$ste->vars["textprocessors"][] = $txtproc;
}
}
/* Toggle debugmode value? */
if (isset($_POST["toggle_debugmode"])) {
if (isset($ratatoeskr_settings["debugmode"]) and $ratatoeskr_settings["debugmode"]) {
$ratatoeskr_settings["debugmode"] = False;
$ste->vars["success"] = $translation["debugmode_now_disabled"];
} else {
$ratatoeskr_settings["debugmode"] = True;
$ste->vars["success"] = $translation["debugmode_now_enabled"];
}
}
/* Save comment settings? */
if (isset($_POST["save_comment_settings"])) {
if (!in_array(@$_POST["comment_textprocessor"], $ste->vars["textprocessors"])) {
$ste->vars["error"] = $translation["unknown_txtproc"];
} else {
$ratatoeskr_settings["comment_textprocessor"] = $_POST["comment_textprocessor"];
$ratatoeskr_settings["comment_visible_default"] = (isset($_POST["comment_auto_visible"]) and $_POST["comment_auto_visible"] == "yes");
$ste->vars["success"] = $translation["comment_settings_successfully_saved"];
}
}
/* Delete language? */
if (isset($_POST["delete"]) and $_POST["really_delete"] == "yes" and isset($_POST["language_select"])) {
if ($ratatoeskr_settings["default_language"] == $_POST["language_select"]) {
$ste->vars["error"] = $translation["cannot_delete_default_language"];
} else {
$ratatoeskr_settings["languages"] = array_filter($ratatoeskr_settings["languages"], function ($l) {
return $l != $_POST["language_select"];
});
$ste->vars["success"] = $translation["language_successfully_deleted"];
}
}
/* Set default language */
if (isset($_POST["make_default"]) and isset($_POST["language_select"])) {
if (in_array($_POST["language_select"], $ratatoeskr_settings["languages"])) {
$ratatoeskr_settings["default_language"] = $_POST["language_select"];
$ste->vars["success"] = $translation["successfully_set_default_language"];
}
}
/* Add a language */
if (isset($_POST["add_language"])) {
if (!isset($languages[$_POST["language_to_add"]])) {
$ste->vars["error"] = $translation["language_unknown"];
} else {
if (!in_array($_POST["language_to_add"], $ratatoeskr_settings["languages"])) {
$ls = $ratatoeskr_settings["languages"];
$ls[] = $_POST["language_to_add"];
$ratatoeskr_settings["languages"] = $ls;
}
$ste->vars["success"] = $translation["language_successfully_added"];
}
}
$ste->vars["debugmode_enabled"] = (isset($ratatoeskr_settings["debugmode"]) and $ratatoeskr_settings["debugmode"]);
$ste->vars["comment_auto_visible"] = $ratatoeskr_settings["comment_visible_default"];
$ste->vars["comment_textprocessor"] = $ratatoeskr_settings["comment_textprocessor"];
$ste->vars["used_langs"] = array_map(function ($l) use($ratatoeskr_settings, $languages) {
return array("code" => $l, "name" => $languages[$l]["language"], "default" => $l == $ratatoeskr_settings["default_language"]);
}, $ratatoeskr_settings["languages"]);
echo $ste->exectemplate("/systemtemplates/settings.html");
}, "users" => url_action_subactions(array("_index" => function (&$data, $url_now, &$url_next) {
global $ste, $translation, $languages, $rel_path_to_root, $ratatoeskr_settings, $textprocessors;
$url_next = array();
$ste->vars["section"] = "admin";
$ste->vars["submenu"] = "users";
$ste->vars["pagetitle"] = $translation["menu_users_groups"];
/* Add a new group? */
if (isset($_POST["new_group"])) {
if (empty($_POST["group_name"])) {
$ste->vars["error"] = $translation["empty_group_name"];
} else {
try {
Group::by_name($_POST["group_name"]);
$ste->vars["error"] = $translation["group_already_exists"];
} catch (DoesNotExistError $e) {
$group = Group::create($_POST["group_name"]);
$ste->vars["success"] = $translation["successfully_created_group"];
}
}
}
/* Add a new user? */
if (isset($_POST["new_user"])) {
if (empty($_POST["username"])) {
$ste->vars["error"] = $translation["empty_username"];
} else {
try {
User::by_name($_POST["username"]);
$ste->vars["error"] = $translation["user_already_exists"];
} catch (DoesNotExistError $e) {
$group = User::create($_POST["username"], PasswordHash::create($_POST["initial_password"]));
$ste->vars["success"] = $translation["successfully_created_user"];
}
}
}
/* Delete groups? */
if (isset($_POST["delete_groups"]) and $_POST["really_delete"] == "yes" and !empty($_POST["groups_multiselect"])) {
$deleted = 0;
foreach ($_POST["groups_multiselect"] as $gid) {
try {
$group = Group::by_id($gid);
if ($group->name == "admins") {
$ste->vars["error"] = $translation["cannot_delete_admin_group"];
} else {
$group->delete();
++$deleted;
}
} catch (DoesNotExistError $e) {
continue;
}
}
if ($deleted > 0) {
$ste->vars["success"] = $translation["successfully_deleted_groups"];
}
}
/* Delete users? */
if (isset($_POST["delete_users"]) and $_POST["really_delete"] == "yes" and !empty($_POST["users_multiselect"])) {
$deleted = 0;
foreach ($_POST["users_multiselect"] as $uid) {
if ($uid == $data["user"]->get_id()) {
$ste->vars["error"] = $translation["cannot_delete_yourself"];
} else {
try {
$user = User::by_id($uid);
$user->delete();
++$deleted;
} catch (DoesNotExistError $e) {
continue;
}
}
}
if ($deleted > 0) {
$ste->vars["success"] = $translation["successfully_deleted_users"];
}
}
/* Get all groups */
$ste->vars["groups"] = array_map(function ($g) {
return array("id" => $g->get_id(), "name" => $g->name);
}, Group::all());
/* Get all users */
$ste->vars["users"] = array_map(function ($u) {
return array("id" => $u->get_id(), "name" => $u->username, "memberof" => array_map(function ($g) {
return $g->name;
}, $u->get_groups()), "fullname" => $u->fullname, "mail" => $u->mail);
}, User::all());
echo $ste->exectemplate("/systemtemplates/users.html");
}, "u" => function (&$data, $url_now, &$url_next) {
global $ste, $translation, $languages, $rel_path_to_root, $admin_grp;
try {
$user = User::by_id($url_next[0]);
} catch (DoesNotExistError $e) {
throw new NotFoundError();
}
$url_next = array();
$ste->vars["section"] = "admin";
$ste->vars["submenu"] = "users";
$ste->vars["pagetitle"] = $user->username;
/* Modify data? */
if (isset($_POST["change_data"])) {
$user->fullname = $_POST["fullname"];
$user->mail = $_POST["mail"];
$user->language = $_POST["lang"];
$current_groups = array_map(function ($g) {
return $g->get_id();
}, $user->get_groups());
$new_groups = empty($_POST[groups_multiselect]) ? array() : $_POST["groups_multiselect"];
$groups_exclude = array_diff($current_groups, $new_groups);
$groups_include = array_diff($new_groups, $current_groups);
foreach ($groups_exclude as $gid) {
try {
$g = Group::by_id($gid);
$g->exclude_user($user);
} catch (DoesNotExistError $e) {
continue;
}
}
foreach ($groups_include as $gid) {
try {
$g = Group::by_id($gid);
$g->include_user($user);
} catch (DoesNotExistError $e) {
continue;
}
}
$user->save();
$ste->vars["success"] = $translation["successfully_modified_user"];
}
/* New Password? */
if (isset($_POST["new_password"])) {
$pwhash = PasswordHash::create($_POST["password"]);
$user->pwhash = $pwhash;
if ($user->get_id() == $data["user"]->get_id()) {
$_SESSION["ratatoeskr_pwhash"] = $pwhash;
}
$user->save();
$ste->vars["success"] = $translation["successfully_set_new_password"];
}
/* Put data to STE */
$ste->vars["u"] = array("id" => $user->get_id(), "name" => $user->username, "fullname" => $user->fullname, "mail" => $user->mail, "lang" => $user->language);
$ste->vars["groups"] = array_map(function ($g) use($user) {
return array("id" => $g->get_id(), "name" => $g->name, "member" => $user->member_of($g));
}, Group::all());
echo $ste->exectemplate("/systemtemplates/user.html");
})), "repos" => function (&$data, $url_now, &$url_next) {
global $ste, $translation, $languages, $rel_path_to_root;
$url_next = array();
$ste->vars["section"] = "admin";
$ste->vars["submenu"] = "repos";
$ste->vars["pagetitle"] = $translation["menu_plugin_repos"];
/* Add a repo? */
if (isset($_POST["add_repo"])) {
try {
$repo = Repository::create($_POST["repo_baseurl"]);
$ste->vars["success"] = $translation["successfully_added_repo"];
} catch (RepositoryUnreachableOrInvalid $e) {
$ste->vars["error"] = $translation["repository_unreachable_or_invalid"];
}
}
/* Delete repos? */
if (isset($_POST["delete_repos"]) and $_POST["really_delete"] == "yes") {
foreach ($_POST["repos_multiselect"] as $repo_id) {
try {
$repo = Repository::by_id($repo_id);
$repo->delete();
} catch (DoesNotExistError $e) {
continue;
}
}
$ste->vars["success"] = $translation["repos_deleted"];
}
/* Force refresh? */
if (isset($_POST["force_repo_refresh"])) {
$failed = array();
foreach ($_POST["repos_multiselect"] as $repo_id) {
try {
$repo = Repository::by_id($repo_id);
$repo->refresh(True);
} catch (DoesNotExistError $e) {
continue;
} catch (RepositoryUnreachableOrInvalid $e) {
$failed[] = $repo->get_name();
}
}
$ste->vars["success"] = $translation["successfully_refreshed_repos"];
if (!empty($failed)) {
$ste->vars["error"] = str_replace("[[REPOS]]", implode(", ", $failed), $translation["repo_refresh_failed_on"]);
}
}
/* Fill data */
$all_repos = Repository::all();
$ste->vars["repos"] = array_map(function ($r) {
try {
$r->refresh();
} catch (RepositoryUnreachableOrInvalid $e) {
}
return array("id" => $r->get_id(), "name" => $r->get_name(), "description" => $r->get_description(), "baseurl" => $r->get_baseurl());
}, $all_repos);
echo $ste->exectemplate("/systemtemplates/repos.html");
})), "plugin" => url_action_subactions(array("list" => function (&$data, $url_now, &$url_next) {
global $ste, $translation, $languages, $rel_path_to_root, $plugin_objs, $api_compat;
$url_next = array();
$ste->vars["section"] = "plugins";
$ste->vars["submenu"] = "pluginlist";
$ste->vars["pagetitle"] = $translation["menu_pluginlist"];
/* Delete plugins? */
if (isset($_POST["delete"]) and ($_POST["really_delete"] == "yes" or $_POST["really_delete"] == "force") and !empty($_POST["plugins_multiselect"])) {
foreach ($_POST["plugins_multiselect"] as $pid) {
try {
$plugin = Plugin::by_id($pid);
if ($_POST["really_delete"] != "force") {
if (!isset($plugin_objs[$pid])) {
eval($plugin->code);
$plugin_objs[$pid] = new $plugin->classname($pid);
}
$plugin_objs[$pid]->uninstall();
}
$plugin->delete();
} catch (DoesNotExistError $e) {
continue;
}
}
$ste->vars["success"] = $translation["successfully_deleted_plugins"];
}
/* Activate or deactivate plugins? */
if ((isset($_POST["activate"]) or isset($_POST["deactivate"])) and !empty($_POST["plugins_multiselect"])) {
$api_incompat = array();
$newstatus = isset($_POST["activate"]);
foreach ($_POST["plugins_multiselect"] as $pid) {
try {
$plugin = Plugin::by_id($pid);
if (!$plugin->installed) {
continue;
}
if ($newstatus and !in_array($plugin->api, $api_compat)) {
$api_incompat[] = $plugin->name . ("(ID: " . $plugin->get_id() . ")");
continue;
}
$plugin->active = $newstatus;
$plugin->save();
if ($newstatus and !isset($plugin_objs[$pid])) {
eval($plugin->code);
$plugin_objs[$pid] = new $plugin->classname($pid);
$plugin_objs[$pid]->init();
}
} catch (DoesNotExistError $e) {
continue;
}
}
$ste->vars["success"] = $translation[$newstatus ? "plugins_activated" : "plugins_deactivated"];
if (!empty($api_incompat)) {
$ste->vars["error"] = htmlesc(str_replace("[[PLUGINS]]", implode(", ", $api_incompat), $translation["could_not_activate_plugin_api_incompat"]));
}
}
$stream_ctx = stream_context_create(array("http" => array("timeout" => 5)));
/* Update plugins? */
if (isset($_POST["update"]) and !empty($_POST["plugins_multiselect"])) {
$updated = array();
foreach ($_POST["plugins_multiselect"] as $pid) {
try {
$plugin = Plugin::by_id($pid);
if (!empty($plugin->updatepath)) {
$update_info = @unserialize(@file_get_contents($plugin->updatepath, False, $stream_ctx));
if (is_array($update_info) and $update_info["current-version"] + 0 > $plugin->versioncount + 0) {
$pkg = PluginPackage::load(@file_get_contents($update_info["dl-path"], False, $stream_ctx));
$plugin->fill_from_pluginpackage($pkg);
$plugin->update = True;
$plugin->save();
$updated[] = $plugin->name;
}
}
} catch (DoesNotExistError $e) {
continue;
} catch (InvalidPackage $e) {
continue;
}
}
if (empty($updated)) {
$ste->vars["success"] = $translation["nothing_to_update"];
} else {
$ste->vars["success"] = str_replace("[[PLUGINS]]", implode(", ", $updated), $translation["successfully_updated_plugins"]);
}
}
/* Load plugin data */
$all_plugins = Plugin::all();
$ste->vars["plugins"] = array();
$api_incompat = array();
foreach ($all_plugins as $p) {
if (!$p->installed) {
continue;
}
if (!in_array($p->api, $api_compat)) {
$api_incompat[] = $p->name . ("(ID: " . $p->get_id() . ")");
}
$ste->vars["plugins"][] = array("id" => $p->get_id(), "name" => $p->name, "versiontext" => $p->versiontext, "active" => $p->active, "description" => $p->short_description, "web" => $p->web, "author" => $p->author, "help" => !empty($p->help));
}
if (!empty($api_incompat)) {
$ste->vars["notice"] = htmlesc(str_replace("[[PLUGINS]]", implode(", ", $api_incompat), $translation["plugins_incompat"]));
}
echo $ste->exectemplate("/systemtemplates/pluginlist.html");
}, "help" => function (&$data, $url_now, &$url_next) {
global $ste, $translation, $languages, $rel_path_to_root;
try {
$plugin = Plugin::by_id($url_next[0]);
if (empty($plugin->help)) {
throw new NotFoundError();
}
} catch (DoesNotExistError $e) {
throw new NotFoundError();
}
$url_next = array();
$ste->vars["section"] = "plugins";
$ste->vars["submenu"] = "";
$ste->vars["pagetitle"] = $plugin->name;
$ste->vars["help"] = $plugin->help;
echo $ste->exectemplate("/systemtemplates/pluginhelp.html");
}, "install" => function (&$data, $url_now, &$url_next) {
global $ste, $translation, $languages, $rel_path_to_root, $api_compat;
$url_next = array();
$ste->vars["section"] = "plugins";
$ste->vars["submenu"] = "installplugins";
$ste->vars["pagetitle"] = $translation["menu_plugininstall"];
$all_repos = Repository::all();
foreach ($all_repos as $repo) {
try {
$repo->refresh();
} catch (RepositoryUnreachableOrInvalid $e) {
continue;
}
}
if (isset($_POST["installpackage"])) {
if (is_uploaded_file($_FILES["pluginpackage"]["tmp_name"])) {
try {
$package = PluginPackage::load(file_get_contents($_FILES["pluginpackage"]["tmp_name"]));
unlink($_FILES["pluginpackage"]["tmp_name"]);
if (in_array($package->api, $api_compat)) {
$plugin = Plugin::create();
$plugin->fill_from_pluginpackage($package);
$plugin->installed = False;
$plugin->active = False;
$plugin->save();
$url_next = array("confirminstall", (string) $plugin->get_id());
return;
} else {
$ste->vars["error"] = str_replace("[[API]]", $package->api, $translation["incompatible_plugin"]);
}
} catch (InvalidPackage $e) {
$ste->vars["error"] = $translation["invalid_package"];
unlink($_FILES["pluginpackage"]["tmp_name"]);
}
} else {
$ste->vars["error"] = $translation["upload_failed"];
}
}
if (isset($_POST["search_in_repos"])) {
$ste->vars["searchresults"] = array();
$repos_to_scan = $_POST["searchin"] == "*" ? $all_repos : Repository::by_id($_POST["searchin"]);
$searchfor = strtolower($_POST["searchfor"]);
foreach ($repos_to_scan as $repo) {
foreach ($repo->packages as $pkg) {
if (empty($searchfor) or strpos(strtolower($pkg[0]), $searchfor) !== False or strpos(strtolower($pkg[2]), $searchfor) !== False) {
$ste->vars["searchresults"][] = array("name" => $pkg[0], "description" => $pkg[2], "reponame" => $repo->get_name(), "repoid" => $repo->get_id());
}
}
}
}
$ste->vars["repos"] = array_map(function ($r) {
return array("id" => $r->get_id(), "name" => $r->get_name());
}, $all_repos);
echo $ste->exectemplate("/systemtemplates/plugininstall.html");
}, "repoinstall" => function (&$data, $url_now, &$url_next) {
global $ste, $translation, $rel_path_to_root;
$stream_ctx = stream_context_create(array("http" => array("timeout" => 5)));
try {
$repo = Repository::by_id($_GET["repo"]);
$pkg = $repo->download_package($_GET["pkg"]);
$plugin = Plugin::create();
$plugin->fill_from_pluginpackage($pkg);
$plugin->installed = False;
$plugin->active = False;
$plugin->save();
$url_next = array("confirminstall", (string) $plugin->get_id());
} catch (DoesNotExistError $e) {
$ste->vars["error"] = $translation["package_or_repo_not_found"];
$url_next = array("install");
} catch (InvalidPackage $e) {
$ste->vars["error"] = $translation["invalid_package"];
$url_next = array("install");
}
}, "confirminstall" => function (&$data, $url_now, &$url_next) {
global $ste, $translation, $languages, $rel_path_to_root;
list($plugin_id) = $url_next;
$url_next = array();
$ste->vars["section"] = "plugins";
$ste->vars["submenu"] = "installplugins";
$ste->vars["pagetitle"] = $translation["menu_plugininstall"];
try {
$plugin = Plugin::by_id($plugin_id);
} catch (DoesNotExistError $e) {
throw new NotFoundError();
}
if ($plugin->installed) {
throw new NotFoundError();
}
$ste->vars["plugin_id"] = $plugin->get_id();
$ste->vars["name"] = $plugin->name;
$ste->vars["description"] = $plugin->short_description;
$ste->vars["code"] = $plugin->code;
$ste->vars["license"] = $plugin->license;
if (isset($_POST["yes"])) {
$plugin->installed = True;
$plugin->save();
eval($plugin->code);
$plugin_instance = new $plugin->classname($plugin->get_id());
$plugin_instance->install();
$ste->vars["success"] = $translation["plugin_installed_successfully"];
$url_next = array("list");
return;
}
if (isset($_POST["no"])) {
$plugin->delete();
$url_next = array("install");
return;
}
echo $ste->exectemplate("/systemtemplates/confirminstall.html");
})), "pluginpages" => url_action_subactions($pluginpages_handlers)));
}
private function set_more_wrapper($page)
{
global $user;
global $config;
global $database;
$page->set_title("Error");
$page->set_heading("Error");
$page->add_block(new NavBlock());
if (!$user->is_admin()) {
$page->add_block(new Block("Not Admin", "Only admins can edit accounts"));
} else {
if (!isset($_POST['id']) || !is_numeric($_POST['id'])) {
$page->add_block(new Block("No ID Specified", "You need to specify the account number to edit"));
} else {
$admin = isset($_POST['admin']) && $_POST['admin'] == "on";
$duser = User::by_id($_POST['id']);
$duser->set_admin($admin);
$page->set_mode("redirect");
if ($duser->id == $user->id) {
$page->set_redirect(make_link("user"));
} else {
$page->set_redirect(make_link("user/{$duser->name}"));
}
}
}
}
function write_edit_user()
{
$editing = isset($_REQUEST['edit']);
if ($editing) {
$user = User::by_id($_REQUEST['edit']);
$data = $user->data();
} else {
$data = array('login' => '', 'firstname' => '', 'midname' => '', 'lastname' => '', 'email' => '', 'class' => '', 'notes' => '', 'is_admin' => false, 'auth_method' => 'pass');
}
if (@$_REQUEST['filled']) {
$data['password'] = $data['password2'] = '';
get_request_data($data, 'user_', 'login');
get_request_data($data, 'user_', 'auth_method');
get_request_data($data, 'user_', 'password');
get_request_data($data, 'user_', 'password2');
get_request_data($data, 'user_', 'firstname');
get_request_data($data, 'user_', 'midname');
get_request_data($data, 'user_', 'lastname');
get_request_data($data, 'user_', 'email');
get_request_data($data, 'user_', 'class');
get_request_data($data, 'user_', 'notes');
get_request_bool($data, 'user_', 'is_admin');
// validate
if (($data['password'] == '' || $data['password2'] == '') && $editing) {
unset($data['password']);
} else {
if ($data['auth_method'] == 'pass') {
if (strlen($data['password']) < 5) {
$this->add_message('user', 'error', "Password too short");
} else {
if ($data['password'] != $data['password2']) {
$this->add_message('user', 'error', "Passwords do not match");
}
}
}
}
unset($data['password2']);
if (strlen($data['login']) < 3) {
$this->add_message('user', 'error', "Login too short");
}
if (strlen($data['firstname']) < 1) {
$this->add_message('user', 'error', "Enter a first name");
}
if (strlen($data['lastname']) < 1) {
$this->add_message('user', 'error', "Enter a last name");
}
// add/update
if (!$this->has_messages('user')) {
try {
if ($editing) {
$user->alter($data);
$this->add_message('user', 'confirm', "User updated");
} else {
$user = User::add($data);
$editing = $user->userid;
$this->add_message('user', 'confirm', "User created");
$data = $user->data();
}
} catch (Exception $e) {
$this->add_message('user', 'error', $e->getMessage());
}
}
}
// show form
if ($editing) {
$this->write_block_begin('Edit user: '******'Add user', 'collapsable block' . (@$_REQUEST['filled'] ? '' : ' collapsed'));
}
$this->write_messages('user');
$this->write_form_begin('admin_user.php', 'post', false, ' autocomplete="off"');
$this->write_form_preserve('user_filter');
$this->write_form_preserve('edit');
$this->write_form_hidden('filled', 1);
$this->write_form_table_begin();
$this->write_form_table_field('text', 'user_login', 'Login', $data['login']);
$this->write_form_table_field('checkbox', 'user_is_admin', 'Administrator', $data['is_admin']);
$this->write_form_table_field('radio', 'user_auth_method', 'Authentication', $data['auth_method'], array('pass' => 'Log in with password', 'ldap' => 'Log in via LDAP (central password)'));
$this->write_form_table_field('password', 'user_password', 'Password');
$this->write_form_table_field('password', 'user_password2', 'Confirm password');
$this->write_form_table_field('text', 'user_firstname', 'First name', $data['firstname']);
$this->write_form_table_field('text', 'user_midname', 'Middle name', $data['midname'], ' size="5"');
$this->write_form_table_field('text', 'user_lastname', 'Last name', $data['lastname']);
$this->write_form_table_field('text', 'user_email', 'Email address', $data['email']);
$this->write_form_table_field('text', 'user_class', 'Class', $data['class']);
$this->write_form_table_field('textarea', 'user_notes', 'Notes', $data['notes'], ' cols="60" rows="4"');
$this->write_form_table_end();
$this->write_form_end($editing ? 'Update user' : 'Add user');
$this->write_block_end();
}
protected function populate_by_sqlrow($sqlrow)
{
$this->id = $sqlrow["id"];
$this->name = $sqlrow["name"];
$this->user = User::by_id($sqlrow["user"]);
$this->author = $sqlrow["author"];
$this->lastversion = $sqlrow["lastversion"];
$this->description = $sqlrow["description"];
$this->lastupdate = $sqlrow["lastupdate"];
$this->txtversion = $sqlrow["txtversion"];
}
private function block($remote)
{
global $config, $database;
$prefix = $database->get_driver_name() == "sqlite" ? "bans." : "";
$bans = $this->get_active_bans();
foreach ($bans as $row) {
$ip = $row[$prefix . "ip"];
if (strstr($ip, '/') && ip_in_range($remote, $ip) || $ip == $remote) {
$reason = $row[$prefix . 'reason'];
$admin = User::by_id($row[$prefix . 'banner_id']);
$date = date("Y-m-d", $row[$prefix . 'end_timestamp']);
header("HTTP/1.0 403 Forbidden");
print "IP <b>{$ip}</b> has been banned until <b>{$date}</b> by <b>{$admin->name}</b> because of <b>{$reason}</b>\n";
print "<p>If you couldn't possibly be guilty of what you're banned for, the person we banned probably had a dynamic IP address and so do you. See <a href='http://whatismyipaddress.com/dynamic-static'>http://whatismyipaddress.com/dynamic-static</a> for more information.\n";
$contact_link = $config->get_string("contact_link");
if (!empty($contact_link)) {
print "<p><a href='{$contact_link}'>Contact The Admin</a>";
}
exit;
}
}
log_error("ipban", "block({$remote}) called but no bans matched");
exit;
}
public function onPageRequest($event)
{
global $database, $page, $user;
if ($event->page_matches("pm")) {
if (!$user->is_anonymous()) {
switch ($event->get_arg(0)) {
case "read":
$pm_id = int_escape($event->get_arg(1));
$pm = $database->get_row("SELECT * FROM private_message WHERE id = ?", array($pm_id));
if (is_null($pm)) {
$this->theme->display_error($page, "No such PM", "There is no PM #{$pm_id}");
} else {
if ($pm["to_id"] == $user->id || $user->is_admin()) {
$from_user = User::by_id(int_escape($pm["from_id"]));
$database->get_row("UPDATE private_message SET is_read='Y' WHERE id = ?", array($pm_id));
$this->theme->display_message($page, $from_user, $user, new PM($pm));
} else {
// permission denied
}
}
break;
case "delete":
$pm_id = int_escape($event->get_arg(1));
$pm = $database->get_row("SELECT * FROM private_message WHERE id = ?", array($pm_id));
if (is_null($pm)) {
$this->theme->display_error($page, "No such PM", "There is no PM #{$pm_id}");
} else {
if ($pm["to_id"] == $user->id || $user->is_admin()) {
$database->execute("DELETE FROM private_message WHERE id = ?", array($pm_id));
log_info("pm", "Deleted PM #{$pm_id}");
$page->set_mode("redirect");
$page->set_redirect($_SERVER["HTTP_REFERER"]);
} else {
// permission denied
}
}
break;
case "send":
$to_id = int_escape($_POST["to_id"]);
$from_id = $user->id;
$subject = $_POST["subject"];
$message = $_POST["message"];
send_event(new SendPMEvent(new PM($from_id, $_SERVER["REMOTE_ADDR"], $to_id, $subject, $message)));
$page->set_mode("redirect");
$page->set_redirect($_SERVER["HTTP_REFERER"]);
break;
default:
$this->theme->display_error($page, "Invalid action", "That's not something you can do with a PM");
break;
}
}
}
}
if (isset($_POST["make_admin"])) {
foreach ($_POST["users_multiselect"] as $uid) {
try {
$u = User::by_id($uid);
$u->isadmin = True;
$u->save();
} catch (DoesNotExistError $e) {
continue;
}
}
$ste->vars["success"] = "Okay.";
}
if (isset($_POST["make_normal_user"])) {
foreach ($_POST["users_multiselect"] as $uid) {
try {
$u = User::by_id($uid);
$u->isadmin = False;
$u->save();
} catch (DoesNotExistError $e) {
continue;
}
}
$ste->vars["success"] = "Okay.";
}
/* Fill data */
$ste->vars["repo"] = array("name" => $settings["repo_name"], "description" => $settings["repo_description"], "baseurl" => $settings["repo_baseurl"], "public" => $settings["repo_mode"] == "public");
$users = User::all();
$ste->vars["users"] = array_map(function ($u) {
return array("id" => $u->get_id(), "name" => $u->get_name(), "admin" => $u->isadmin);
}, $users);
echo $ste->exectemplate("admin.html");