function update() { global $db; //$db->delete('modstate'); $aMods = $db->selectObjects('modstate', 1); foreach ($aMods as $key => $value) { if (!empty($this->params['mods']) && array_key_exists($value->module, $this->params['mods'])) { $aMods[$key]->active = $this->params['mods'][$value->module]; $db->updateObject($aMods[$key], 'modstate', "module='" . $value->module . "'"); } else { $aMods[$key]->active = 0; $db->updateObject($aMods[$key], 'modstate', "module='" . $value->module . "'"); } unset($this->params['mods'][$value->module]); } if (!empty($this->params['mods'])) { foreach ($this->params['mods'] as $key => $value) { $aMod->module = $key; $aMod->active = $value; $db->insertObject($aMod, 'modstate'); } } flash("message", gt("Active Modules have been updated.")); expHistory::returnTo('editable'); }
# General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined('EXPONENT')) { exit(''); } $_GET['a'] = intval($_GET['a']); $_GET['b'] = intval($_GET['b']); $_GET['p'] = intval($_GET['p']); $a = $db->selectObject('formbuilder_control', 'form_id=' . $_GET['p'] . ' AND rank=' . $_GET['a']); $b = $db->selectObject('formbuilder_control', 'form_id=' . $_GET['p'] . ' AND rank=' . $_GET['b']); if ($a && $b) { $f = $db->selectObject('formbuilder_form', 'id=' . $a->form_id); if (expPermissions::check('editform', unserialize($f->location_data))) { $tmp = $a->rank; $a->rank = $b->rank; $b->rank = $tmp; $db->updateObject($a, 'formbuilder_control'); $db->updateObject($b, 'formbuilder_control'); // expHistory::back(); expHistory::returnTo('editable'); } else { echo SITE_403_HTML; } } else { echo SITE_404_HTML; }
public function save_change_password() { global $user, $db; if (!$user->isAdmin() && $this->params['uid'] != $user->id) { flash('error', gt('You do not have permissions to change this users password.')); expHistory::back(); } if (!$user->isAdmin() && (empty($this->params['password']) || $user->password != md5($this->params['password']))) { flash('error', gt('The current password you entered is not correct.')); expHistory::returnTo('editable'); } //eDebug($user); $u = new user($this->params['uid']); $ret = $u->setPassword($this->params['new_password1'], $this->params['new_password2']); //eDebug($u, true); if (is_string($ret)) { flash('error', $ret); expHistory::returnTo('editable'); } else { $u->update(); $user->password = $u->password; } if ($this->params['uid'] != $user->id) { flash('message', gt('Your password for') . ' ' . $u->username . ' ' . gt('been changed.')); } else { flash('message', gt('Your password has been changed.')); } expHistory::back(); }
public function update_siteconfig() { foreach ($this->params['sc'] as $key => $value) { expSettings::change($key, addslashes($value)); } flash('message', gt("Your Website Configuration has been updated")); // expHistory::back(); expHistory::returnTo('viewable'); }
function activate() { global $db; $db->toggle('htmleditor_ckeditor', "active", 'active=1'); if ($this->params['id'] != "default") { $active = $db->selectObject('htmleditor_ckeditor', "id=" . $this->params['id']); $active->active = 1; $db->updateObject($active, 'htmleditor_ckeditor', null, 'id'); } expHistory::returnTo('manageable'); }
function renderAction(array $parms = array()) { global $user; //Get some info about the controller $baseControllerName = expModules::getControllerName($parms['controller']); $fullControllerName = expModules::getControllerClassName($parms['controller']); $controllerClass = new ReflectionClass($fullControllerName); // Figure out the action to use...if the specified action doesn't exist then // we look for the index action. if ($controllerClass->hasMethod($parms['action'])) { $action = $parms['action']; /* TODO: Not sure if this needs to be here. FJD $meth = $controllerClass->getMethod($action); if ($meth->isPrivate()) expQueue::flashAndFlow('error', 'The requested action could not be performed: Action not found');*/ } elseif ($controllerClass->hasMethod('index')) { $action = 'index'; } elseif ($controllerClass->hasMethod('showall')) { $action = 'showall'; } else { expQueue::flashAndFlow('error', gt('The requested action could not be performed: Action not found')); } // initialize the controller. $src = isset($parms['src']) ? $parms['src'] : null; $controller = new $fullControllerName($src, $parms); //Set up the template to use for this action global $template; $view = !empty($parms['view']) ? $parms['view'] : $action; $template = get_template_for_action($controller, $view, $controller->loc); // have the controller assign knowledge about itself to the template. // this has to be done after the controller get the template for its actions $controller->moduleSelfAwareness(); //if this controller is being called by a container then we should have a module title. if (isset($parms['moduletitle'])) { $template->assign('moduletitle', $parms['moduletitle']); } //setup some default models for this controller's actions to use foreach ($controller->getModels() as $model) { $controller->{$model} = new $model(null, false, false); //added null,false,false to reduce unnecessary queries. FJD } // add the $_REQUEST values to the controller <- pb: took this out and passed in the params to the controller constructor above //$controller->params = $parms; //check the perms for this action $perms = $controller->permissions(); //we have to treat the update permission a little different..it's tied to the create/edit //permissions. Really the only way this will fail will be if someone bypasses the perm check //on the edit form somehow..like a hacker trying to bypass the form and just submit straight to //the action. To safeguard, we'll catch if the action is update and change it either to create or //edit depending on whether an id param is passed to. that should be sufficient. $common_action = null; if ($parms['action'] == 'update') { $perm_action = !isset($parms['id']) || $parms['id'] == 0 ? 'create' : 'edit'; } elseif ($parms['action'] == 'saveconfig') { $perm_action = 'configure'; } else { // action convention for controllers that manage more than one model (datatype). // if you preface the name action name with a common crud action name we can check perms on // it with the developer needing to specify any...better safe than sorry. // i.e if the action is edit_mymodel it will be checked against the edit permission if (stristr($parms['action'], '_')) { $parts = explode("_", $parms['action']); } $common_action = isset($parts[0]) ? $parts[0] : null; $perm_action = $parms['action']; } if (array_key_exists($perm_action, $perms)) { if (!expPermissions::check($perm_action, $controller->loc)) { if (expTheme::inAction()) { flash('error', gt("You don't have permission to") . " " . $perms[$perm_action]); expHistory::returnTo('viewable'); } else { return false; } } } elseif (array_key_exists($common_action, $perms)) { if (!expPermissions::check($common_action, $controller->loc)) { if (expTheme::inAction()) { flash('error', gt("You don't have permission to") . " " . $perms[$common_action]); expHistory::returnTo('viewable'); } else { return false; } } } elseif (array_key_exists($perm_action, $controller->requires_login)) { // check if the action requires the user to be logged in if (!$user->isLoggedIn()) { $msg = empty($controller->requires_login[$perm_action]) ? gt("You must be logged in to perform this action") : $controller->requires_login[$perm_action]; flash('error', $msg); expHistory::redirecto_login(); } } elseif (array_key_exists($common_action, $controller->requires_login)) { // check if the action requires the user to be logged in if (!$user->isLoggedIn()) { $msg = empty($controller->requires_login[$common_action]) ? gt("You must be logged in to perform this action") : $controller->requires_login[$common_action]; flash('error', $msg); expHistory::redirecto_login(); } } // run the action $controller->{$action}(); //register this controllers permissions to the view for in view perm checks $template->register_permissions(array_keys($perms), $controller->loc); // pass this controllers config off to the view $template->assign('config', $controller->config); // globalizing $user inside all templates $template->assign('user', $user); //assign the controllers basemodel to the view $template->assign('modelname', $controller->basemodel_name); if (empty($parms['no_output'])) { $template->output(); } else { $html = $template->render(); return $html; } //$html = $template->output(); //return $html; }