/** * This is a general purpose hook, allowing modules to respond to routes * of the form module.php?mod=FOO&mod_action=BAR * * @param string $mod_action */ public function modAction($mod_action) { global $WT_TREE; switch ($mod_action) { case 'menu-add-favorite': // Process the "add to user favorites" menu item on indi/fam/etc. pages $record = GedcomRecord::getInstance(Filter::post('xref', WT_REGEX_XREF), $WT_TREE); if (Auth::check() && $record->canShowName()) { self::addFavorite(array('user_id' => Auth::id(), 'gedcom_id' => $record->getTree()->getTreeId(), 'gid' => $record->getXref(), 'type' => $record::RECORD_TYPE, 'url' => null, 'note' => null, 'title' => null)); FlashMessages::addMessage(I18N::translate('“%s” has been added to your favorites.', $record->getFullName())); } break; } }
/** * How many blog entries exist for this user. * * @return string */ public function totalUserJournal() { try { $number = (int) Database::prepare("SELECT SQL_CACHE COUNT(*) FROM `##news` WHERE user_id = ?")->execute(array(Auth::id()))->fetchOne(); } catch (PDOException $ex) { // The module may not be installed, so the table may not exist. $number = 0; } return I18N::number($number); }
/** * Defined in session.php * * @global Tree $WT_TREE */ global $WT_TREE; use Fisharebest\Webtrees\Controller\PageController; use Fisharebest\Webtrees\Module\CkeditorModule; define('WT_SCRIPT_NAME', 'block_edit.php'); require './includes/session.php'; $block_id = Filter::getInteger('block_id'); $block = Database::prepare("SELECT SQL_CACHE * FROM `##block` WHERE block_id=?")->execute(array($block_id))->fetchOneRow(); // Check access. (1) the block must exist and be enabled, (2) gedcom blocks require // managers, (3) user blocks require the user or an admin $blocks = Module::getActiveBlocks($WT_TREE); if (!$block || !array_key_exists($block->module_name, $blocks) || $block->gedcom_id && !Auth::isManager(Tree::findById($block->gedcom_id)) || $block->user_id && $block->user_id != Auth::id() && !Auth::isAdmin()) { header('Location: ' . WT_BASE_URL); return; } $block = $blocks[$block->module_name]; if (Filter::post('save')) { $ctype = Filter::post('ctype', 'user', 'gedcom'); header('Location: ' . WT_BASE_URL . 'index.php?ctype=' . $ctype . '&ged=' . $WT_TREE->getNameUrl()); $block->configureBlock($block_id); return; } $ctype = FIlter::get('ctype', 'user', 'gedcom'); $controller = new PageController(); $controller->setPageTitle(I18N::translate('Configure') . ' — ' . $block->getTitle())->pageHeader(); if (Module::getModuleByName('ckeditor')) { CkeditorModule::enableEditor($controller);
/** * Create a new record from GEDCOM data. * * @param string $gedcom * * @throws \Exception * * @return GedcomRecord */ public function createRecord($gedcom) { if (preg_match('/^0 @(' . WT_REGEX_XREF . ')@ (' . WT_REGEX_TAG . ')/', $gedcom, $match)) { $xref = $match[1]; $type = $match[2]; } else { throw new \Exception('Invalid argument to GedcomRecord::createRecord(' . $gedcom . ')'); } if (strpos("\r", $gedcom) !== false) { // MSDOS line endings will break things in horrible ways throw new \Exception('Evil line endings found in GedcomRecord::createRecord(' . $gedcom . ')'); } // webtrees creates XREFs containing digits. Anything else (e.g. “new”) is just a placeholder. if (!preg_match('/\\d/', $xref)) { $xref = $this->getNewXref($type); $gedcom = preg_replace('/^0 @(' . WT_REGEX_XREF . ')@/', '0 @' . $xref . '@', $gedcom); } // Create a change record, if not already present if (!preg_match('/\\n1 CHAN/', $gedcom)) { $gedcom .= "\n1 CHAN\n2 DATE " . date('d M Y') . "\n3 TIME " . date('H:i:s') . "\n2 _WT_USER " . Auth::user()->getUserName(); } // Create a pending change Database::prepare("INSERT INTO `##change` (gedcom_id, xref, old_gedcom, new_gedcom, user_id) VALUES (?, ?, '', ?, ?)")->execute(array($this->tree_id, $xref, $gedcom, Auth::id())); Log::addEditLog('Create: ' . $type . ' ' . $xref); // Accept this pending change if (Auth::user()->getPreference('auto_accept')) { FunctionsImport::acceptAllChanges($xref, $this->tree_id); } // Return the newly created record. Note that since GedcomRecord // has a cache of pending changes, we cannot use it to create a // record with a newly created pending change. return GedcomRecord::getInstance($xref, $this, $gedcom); }
/** * Generate the HTML content of this block. * * @param int $block_id * @param bool $template * @param string[] $cfg * * @return string */ public function getBlock($block_id, $template = true, $cfg = array()) { global $ctype, $WT_TREE; $block = $this->getBlockSetting($block_id, 'block', '1'); foreach (array('block') as $name) { if (array_key_exists($name, $cfg)) { ${$name} = $cfg[$name]; } } $messages = Database::prepare("SELECT message_id, sender, subject, body, UNIX_TIMESTAMP(created) AS created FROM `##message` WHERE user_id=? ORDER BY message_id DESC")->execute(array(Auth::id()))->fetchAll(); $count = count($messages); $id = $this->getName() . $block_id; $class = $this->getName() . '_block'; $title = I18N::plural('%s message', '%s messages', $count, I18N::number($count)); $users = array_filter(User::all(), function (User $user) { return $user->getUserId() !== Auth::id() && $user->getPreference('verified_by_admin') && $user->getPreference('contactmethod') !== 'none'; }); $content = '<form id="messageform" name="messageform" method="post" action="module.php?mod=user_messages&mod_action=delete" onsubmit="return confirm(\'' . I18N::translate('Are you sure you want to delete this message? It cannot be retrieved later.') . '\');">'; $content .= '<input type="hidden" name="ged" value="' . $ctype . '">'; $content .= '<input type="hidden" name="ctype" value="' . $WT_TREE->getNameHtml() . '">'; if ($users) { $content .= '<label for="touser">' . I18N::translate('Send a message') . '</label>'; $content .= '<select id="touser" name="touser">'; $content .= '<option value="">' . I18N::translate('<select>') . '</option>'; foreach ($users as $user) { $content .= sprintf('<option value="%1$s">%2$s - %1$s</option>', Filter::escapeHtml($user->getUserName()), Filter::escapeHtml($user->getRealName())); } $content .= '</select>'; $content .= '<input type="button" value="' . I18N::translate('Send') . '" onclick="return message(document.messageform.touser.options[document.messageform.touser.selectedIndex].value, \'messaging2\', \'\');"><br><br>'; } if ($messages) { $content .= '<table class="list_table"><tr>'; $content .= '<th class="list_label">' . I18N::translate('Delete') . '<br><a href="#" onclick="jQuery(\'#' . $this->getName() . $block_id . ' :checkbox\').prop(\'checked\', true); return false;">' . I18N::translate('All') . '</a></th>'; $content .= '<th class="list_label">' . I18N::translate('Subject') . '</th>'; $content .= '<th class="list_label">' . I18N::translate('Date sent') . '</th>'; $content .= '<th class="list_label">' . I18N::translate('Email address') . '</th>'; $content .= '</tr>'; foreach ($messages as $message) { $content .= '<tr>'; $content .= '<td class="list_value_wrap"><input type="checkbox" name="message_id[]" value="' . $message->message_id . '" id="cb_message' . $message->message_id . '"></td>'; $content .= '<td class="list_value_wrap"><a href="#" onclick="return expand_layer(\'message' . $message->message_id . '\');"><i id="message' . $message->message_id . '_img" class="icon-plus"></i> <b dir="auto">' . Filter::escapeHtml($message->subject) . '</b></a></td>'; $content .= '<td class="list_value_wrap">' . FunctionsDate::formatTimestamp($message->created + WT_TIMESTAMP_OFFSET) . '</td>'; $content .= '<td class="list_value_wrap">'; $user = User::findByIdentifier($message->sender); if ($user) { $content .= $user->getRealNameHtml(); $content .= ' - <span dir="auto">' . $user->getEmail() . '</span>'; } else { $content .= '<a href="mailto:' . Filter::escapeHtml($message->sender) . '">' . Filter::escapeHtml($message->sender) . '</a>'; } $content .= '</td>'; $content .= '</tr>'; $content .= '<tr><td class="list_value_wrap" colspan="4"><div id="message' . $message->message_id . '" style="display:none;">'; $content .= '<div dir="auto" style="white-space: pre-wrap;">' . Filter::expandUrls($message->body) . '</div><br>'; if (strpos($message->subject, I18N::translate('RE: ')) !== 0) { $message->subject = I18N::translate('RE: ') . $message->subject; } if ($user) { $content .= '<button type="button" onclick="reply(\'' . Filter::escapeJs($message->sender) . '\', \'' . Filter::escapeJs($message->subject) . '\'); return false;">' . I18N::translate('Reply') . '</button> '; } $content .= '<button type="button" onclick="if (confirm(\'' . I18N::translate('Are you sure you want to delete this message? It cannot be retrieved later.') . '\')) {jQuery(\'#messageform :checkbox\').prop(\'checked\', false); jQuery(\'#cb_message' . $message->message_id . '\').prop(\'checked\', true); document.messageform.submit();}">' . I18N::translate('Delete') . '</button></div></td></tr>'; } $content .= '</table>'; $content .= '<p><button type="submit">' . I18N::translate('Delete selected messages') . '</button></p>'; } $content .= '</form>'; if ($template) { if ($block) { $class .= ' small_inner_block'; } return Theme::theme()->formatBlock($id, $title, $class, $content); } else { return $content; } }
/** * Generate the HTML content of this block. * * @param int $block_id * @param bool $template * @param string[] $cfg * * @return string */ public function getBlock($block_id, $template = true, $cfg = array()) { global $WT_TREE; $id = $this->getName() . $block_id; $class = $this->getName() . '_block'; $title = $this->getTitle(); $anonymous = 0; $logged_in = array(); $content = ''; foreach (User::allLoggedIn() as $user) { if (Auth::isAdmin() || $user->getPreference('visibleonline')) { $logged_in[] = $user; } else { $anonymous++; } } $count_logged_in = count($logged_in); $content .= '<div class="logged_in_count">'; if ($anonymous) { $content .= I18N::plural('%s anonymous signed-in user', '%s anonymous signed-in users', $anonymous, I18N::number($anonymous)); if ($count_logged_in) { $content .= ' | '; } } if ($count_logged_in) { $content .= I18N::plural('%s signed-in user', '%s signed-in users', $count_logged_in, I18N::number($count_logged_in)); } $content .= '</div>'; $content .= '<div class="logged_in_list">'; if (Auth::check()) { foreach ($logged_in as $user) { $individual = Individual::getInstance($WT_TREE->getUserPreference($user, 'gedcomid'), $WT_TREE); $content .= '<div class="logged_in_name">'; if ($individual) { $content .= '<a href="' . $individual->getHtmlUrl() . '">' . $user->getRealNameHtml() . '</a>'; } else { $content .= $user->getRealNameHtml(); } $content .= ' - ' . Filter::escapeHtml($user->getUserName()); if (Auth::id() != $user->getUserId() && $user->getPreference('contactmethod') != 'none') { $content .= ' <a class="icon-email" href="#" onclick="return message(\'' . Filter::escapeHtml($user->getUserName()) . '\', \'\', \'' . Filter::escapeHtml(Functions::getQueryUrl()) . '\');" title="' . I18N::translate('Send a message') . '"></a>'; } $content .= '</div>'; } } $content .= '</div>'; if ($anonymous === 0 && $count_logged_in === 0) { return ''; } if ($template) { return Theme::theme()->formatBlock($id, $title, $class, $content); } else { return $content; } }
/** * How many times has the current page been shown? * * @param PageController $controller * * @return int Number of views, or zero for pages that aren't logged. */ protected function pageViews(PageController $controller) { if ($this->tree && $this->tree->getPreference('SHOW_COUNTER')) { if (isset($controller->record) && $controller->record instanceof GedcomRecord) { return HitCounter::countHit($this->tree, WT_SCRIPT_NAME, $controller->record->getXref()); } elseif (isset($controller->root) && $controller->root instanceof GedcomRecord) { return HitCounter::countHit($this->tree, WT_SCRIPT_NAME, $controller->root->getXref()); } elseif (WT_SCRIPT_NAME === 'index.php') { if (Auth::check() && Filter::get('ctype') !== 'gedcom') { return HitCounter::countHit($this->tree, WT_SCRIPT_NAME, 'user:'******'gedcom:' . $this->tree->getTreeId()); } } } return 0; }
public function menuMyPages() { $menu = parent::menuMyPages(); if (Auth::id()) { $menu->addSubmenu($this->menuLogout()); } return $menu; }
/** * Delete this record */ public function deleteRecord() { // Create a pending change if (!$this->isPendingDeletion()) { Database::prepare("INSERT INTO `##change` (gedcom_id, xref, old_gedcom, new_gedcom, user_id) VALUES (?, ?, ?, '', ?)")->execute(array($this->tree->getTreeId(), $this->xref, $this->getGedcom(), Auth::id())); } // Auto-accept this pending change if (Auth::user()->getPreference('auto_accept')) { FunctionsImport::acceptAllChanges($this->xref, $this->tree->getTreeId()); } // Clear the cache self::$gedcom_record_cache = null; self::$pending_record_cache = null; Log::addEditLog('Delete: ' . static::RECORD_TYPE . ' ' . $this->xref); }
echo I18N::translate('User didn’t verify within 7 days.'); ?> </td> <td> <input type="checkbox" checked name="del_<?php echo $user->getUserId(); ?> " value="1"> </td> </tr> <?php } } // Check users not verified by admin foreach (User::all() as $user) { if ($user->getUserId() !== Auth::id() && !$user->getPreference('approved') && $user->getPreference('verified')) { $ucnt++; ?> <tr> <td> <a href="?action=edit&user_id=<?php echo $user->getUserId(); ?> "> <?php echo Filter::escapeHtml($user->getUserName()); ?> — <?php echo $user->getRealNameHtml(); ?>
use Fisharebest\Webtrees\Controller\PageController; use Fisharebest\Webtrees\Functions\Functions; use Fisharebest\Webtrees\Functions\FunctionsDb; define('WT_SCRIPT_NAME', 'index.php'); require './includes/session.php'; // The only option for action is "ajax" $action = Filter::get('action'); // The default view depends on whether we are logged in if (Auth::check()) { $ctype = Filter::get('ctype', 'gedcom|user', 'user'); } else { $ctype = 'gedcom'; } // Get the blocks list if ($ctype === 'user') { $blocks = FunctionsDb::getUserBlocks(Auth::id()); } else { $blocks = FunctionsDb::getTreeBlocks($WT_TREE->getTreeId()); } $active_blocks = Module::getActiveBlocks($WT_TREE); // The latest version is shown on the administration page. This updates it every day. Functions::fetchLatestVersion(); // We generate individual blocks using AJAX if ($action === 'ajax') { $controller = new AjaxController(); $controller->pageHeader(); // Check we’re displaying an allowable block. $block_id = Filter::getInteger('block_id'); if (array_key_exists($block_id, $blocks['main'])) { $module_name = $blocks['main'][$block_id]; } elseif (array_key_exists($block_id, $blocks['side'])) {
/** * Generate the HTML content of this block. * * @param int $block_id * @param bool $template * @param string[] $cfg * * @return string */ public function getBlock($block_id, $template = true, $cfg = array()) { global $ctype, $controller, $WT_TREE; $action = Filter::get('action'); switch ($action) { case 'deletefav': $favorite_id = Filter::getInteger('favorite_id'); if ($favorite_id) { self::deleteFavorite($favorite_id); } break; case 'addfav': $gid = Filter::get('gid', WT_REGEX_XREF); $favnote = Filter::get('favnote'); $url = Filter::getUrl('url'); $favtitle = Filter::get('favtitle'); if ($gid) { $record = GedcomRecord::getInstance($gid, $WT_TREE); if ($record && $record->canShow()) { self::addFavorite(array('user_id' => $ctype === 'user' ? Auth::id() : null, 'gedcom_id' => $WT_TREE->getTreeId(), 'gid' => $record->getXref(), 'type' => $record::RECORD_TYPE, 'url' => null, 'note' => $favnote, 'title' => $favtitle)); } } elseif ($url) { self::addFavorite(array('user_id' => $ctype === 'user' ? Auth::id() : null, 'gedcom_id' => $WT_TREE->getTreeId(), 'gid' => null, 'type' => 'URL', 'url' => $url, 'note' => $favnote, 'title' => $favtitle ? $favtitle : $url)); } break; } $block = $this->getBlockSetting($block_id, 'block', '0'); foreach (array('block') as $name) { if (array_key_exists($name, $cfg)) { ${$name} = $cfg[$name]; } } $userfavs = $this->getFavorites($ctype === 'user' ? Auth::id() : $WT_TREE->getTreeId()); if (!is_array($userfavs)) { $userfavs = array(); } $id = $this->getName() . $block_id; $class = $this->getName() . '_block'; $title = $this->getTitle(); if (Auth::check()) { $controller->addExternalJavascript(WT_AUTOCOMPLETE_JS_URL)->addInlineJavascript('autocomplete();'); } $content = ''; if ($userfavs) { foreach ($userfavs as $key => $favorite) { if (isset($favorite['id'])) { $key = $favorite['id']; } $removeFavourite = '<a class="font9" href="index.php?ctype=' . $ctype . '&ged=' . $WT_TREE->getNameHtml() . '&action=deletefav&favorite_id=' . $key . '" onclick="return confirm(\'' . I18N::translate('Are you sure you want to remove this item from your list of favorites?') . '\');">' . I18N::translate('Remove') . '</a> '; if ($favorite['type'] == 'URL') { $content .= '<div id="boxurl' . $key . '.0" class="person_box">'; if ($ctype == 'user' || Auth::isManager($WT_TREE)) { $content .= $removeFavourite; } $content .= '<a href="' . $favorite['url'] . '"><b>' . $favorite['title'] . '</b></a>'; $content .= '<br>' . $favorite['note']; $content .= '</div>'; } else { $record = GedcomRecord::getInstance($favorite['gid'], $WT_TREE); if ($record && $record->canShow()) { if ($record instanceof Individual) { $content .= '<div id="box' . $favorite["gid"] . '.0" class="person_box action_header'; switch ($record->getsex()) { case 'M': break; case 'F': $content .= 'F'; break; default: $content .= 'NN'; break; } $content .= '">'; if ($ctype == "user" || Auth::isManager($WT_TREE)) { $content .= $removeFavourite; } $content .= Theme::theme()->individualBoxLarge($record); $content .= $favorite['note']; $content .= '</div>'; } else { $content .= '<div id="box' . $favorite['gid'] . '.0" class="person_box">'; if ($ctype == 'user' || Auth::isManager($WT_TREE)) { $content .= $removeFavourite; } $content .= $record->formatList('span'); $content .= '<br>' . $favorite['note']; $content .= '</div>'; } } } } } if ($ctype == 'user' || Auth::isManager($WT_TREE)) { $uniqueID = Uuid::uuid4(); // This block can theoretically appear multiple times, so use a unique ID. $content .= '<div class="add_fav_head">'; $content .= '<a href="#" onclick="return expand_layer(\'add_fav' . $uniqueID . '\');">' . I18N::translate('Add a new favorite') . '<i id="add_fav' . $uniqueID . '_img" class="icon-plus"></i></a>'; $content .= '</div>'; $content .= '<div id="add_fav' . $uniqueID . '" style="display: none;">'; $content .= '<form name="addfavform" method="get" action="index.php">'; $content .= '<input type="hidden" name="action" value="addfav">'; $content .= '<input type="hidden" name="ctype" value="' . $ctype . '">'; $content .= '<input type="hidden" name="ged" value="' . $WT_TREE->getNameHtml() . '">'; $content .= '<div class="add_fav_ref">'; $content .= '<input type="radio" name="fav_category" value="record" checked onclick="jQuery(\'#gid' . $uniqueID . '\').removeAttr(\'disabled\'); jQuery(\'#url, #favtitle\').attr(\'disabled\',\'disabled\').val(\'\');">'; $content .= '<label for="gid' . $uniqueID . '">' . I18N::translate('Enter an individual, family, or source ID') . '</label>'; $content .= '<input class="pedigree_form" data-autocomplete-type="IFSRO" type="text" name="gid" id="gid' . $uniqueID . '" size="5" value="">'; $content .= ' ' . FunctionsPrint::printFindIndividualLink('gid' . $uniqueID); $content .= ' ' . FunctionsPrint::printFindFamilyLink('gid' . $uniqueID); $content .= ' ' . FunctionsPrint::printFindSourceLink('gid' . $uniqueID); $content .= ' ' . FunctionsPrint::printFindRepositoryLink('gid' . $uniqueID); $content .= ' ' . FunctionsPrint::printFindNoteLink('gid' . $uniqueID); $content .= ' ' . FunctionsPrint::printFindMediaLink('gid' . $uniqueID); $content .= '</div>'; $content .= '<div class="add_fav_url">'; $content .= '<input type="radio" name="fav_category" value="url" onclick="jQuery(\'#url, #favtitle\').removeAttr(\'disabled\'); jQuery(\'#gid' . $uniqueID . '\').attr(\'disabled\',\'disabled\').val(\'\');">'; $content .= '<input type="text" name="url" id="url" size="20" value="" placeholder="' . GedcomTag::getLabel('URL') . '" disabled> '; $content .= '<input type="text" name="favtitle" id="favtitle" size="20" value="" placeholder="' . I18N::translate('Title') . '" disabled>'; $content .= '<p>' . I18N::translate('Enter an optional note about this favorite') . '</p>'; $content .= '<textarea name="favnote" rows="6" cols="50"></textarea>'; $content .= '</div>'; $content .= '<input type="submit" value="' . I18N::translate('Add') . '">'; $content .= '</form></div>'; } if ($template) { if ($block) { $class .= ' small_inner_block'; } return Theme::theme()->formatBlock($id, $title, $class, $content); } else { return $content; } }
break; case '': Database::prepare("INSERT INTO `##site_access_rule` (ip_address_start, ip_address_end, user_agent_pattern, comment) VALUES (IFNULL(INET_ATON(?), 0), IFNULL(INET_ATON(?), 4294967295), ?, '')")->execute(array(WT_CLIENT_IP, WT_CLIENT_IP, Filter::server('HTTP_USER_AGENT', null, ''))); $SEARCH_SPIDER = true; break; } // Store our session data in the database. session_set_save_handler(function () { return true; }, function () { return true; }, function ($id) { return Database::prepare("SELECT session_data FROM `##session` WHERE session_id=?")->execute(array($id))->fetchOne(); }, function ($id, $data) { // Only update the session table once per minute, unless the session data has actually changed. Database::prepare("INSERT INTO `##session` (session_id, user_id, ip_address, session_data, session_time)" . " VALUES (?, ?, ?, ?, CURRENT_TIMESTAMP - SECOND(CURRENT_TIMESTAMP))" . " ON DUPLICATE KEY UPDATE" . " user_id = VALUES(user_id)," . " ip_address = VALUES(ip_address)," . " session_data = VALUES(session_data)," . " session_time = CURRENT_TIMESTAMP - SECOND(CURRENT_TIMESTAMP)")->execute(array($id, (int) Auth::id(), WT_CLIENT_IP, $data)); return true; }, function ($id) { Database::prepare("DELETE FROM `##session` WHERE session_id=?")->execute(array($id)); return true; }, function ($maxlifetime) { Database::prepare("DELETE FROM `##session` WHERE session_time < DATE_SUB(NOW(), INTERVAL ? SECOND)")->execute(array($maxlifetime)); return true; }); Session::start(array('gc_maxlifetime' => Site::getPreference('SESSION_TIME'), 'cookie_path' => parse_url(WT_BASE_URL, PHP_URL_PATH))); if (!Auth::isSearchEngine() && !Session::get('initiated')) { // A new session, so prevent session fixation attacks by choosing a new PHPSESSID. Session::regenerate(false); Session::put('initiated', true); } else { // An existing session
/** * Generate the HTML content of this block. * * @param int $block_id * @param bool $template * @param string[] $cfg * * @return string */ public function getBlock($block_id, $template = true, $cfg = array()) { global $ctype, $WT_TREE; switch (Filter::get('action')) { case 'deletenews': $news_id = Filter::getInteger('news_id'); if ($news_id) { Database::prepare("DELETE FROM `##news` WHERE news_id = ?")->execute(array($news_id)); } break; } $block = $this->getBlockSetting($block_id, 'block', '1'); foreach (array('block') as $name) { if (array_key_exists($name, $cfg)) { ${$name} = $cfg[$name]; } } $usernews = Database::prepare("SELECT SQL_CACHE news_id, user_id, gedcom_id, UNIX_TIMESTAMP(updated) AS updated, subject, body FROM `##news` WHERE user_id = ? ORDER BY updated DESC")->execute(array(Auth::id()))->fetchAll(); $id = $this->getName() . $block_id; $class = $this->getName() . '_block'; $title = ''; $title .= $this->getTitle(); $content = ''; if (!$usernews) { $content .= I18N::translate('You have not created any journal items.'); } foreach ($usernews as $news) { $content .= '<div class="journal_box">'; $content .= '<div class="news_title">' . $news->subject . '</div>'; $content .= '<div class="news_date">' . FunctionsDate::formatTimestamp($news->updated) . '</div>'; if ($news->body == strip_tags($news->body)) { // No HTML? $news->body = nl2br($news->body, false); } $content .= $news->body . '<br><br>'; $content .= '<a href="#" onclick="window.open(\'editnews.php?news_id=\'+' . $news->news_id . ', \'_blank\', indx_window_specs); return false;">' . I18N::translate('Edit') . '</a> | '; $content .= '<a href="index.php?action=deletenews&news_id=' . $news->news_id . '&ctype=' . $ctype . '&ged=' . $WT_TREE->getNameHtml() . '" onclick="return confirm(\'' . I18N::translate('Are you sure you want to delete “%s”?', Filter::escapeHtml($news->subject)) . "');\">" . I18N::translate('Delete') . '</a><br>'; $content .= "</div><br>"; } $content .= '<br><a href="#" onclick="window.open(\'editnews.php?user_id=' . Auth::id() . '\', \'_blank\', indx_window_specs); return false;">' . I18N::translate('Add a new journal entry') . '</a>'; if ($template) { if ($block) { $class .= ' small_inner_block'; } return Theme::theme()->formatBlock($id, $title, $class, $content); } else { return $content; } }
define('WT_TIMESTAMP_OFFSET', date_offset_get(new \DateTime('now'))); define('WT_CLIENT_JD', 2440588 + (int) ((WT_TIMESTAMP + WT_TIMESTAMP_OFFSET) / 86400)); // The login URL must be an absolute URL, and can be user-defined if (Site::getPreference('LOGIN_URL')) { define('WT_LOGIN_URL', Site::getPreference('LOGIN_URL')); } else { define('WT_LOGIN_URL', WT_BASE_URL . 'login.php'); } // If there is no current tree and we need one, then redirect somewhere if (WT_SCRIPT_NAME != 'admin_trees_manage.php' && WT_SCRIPT_NAME != 'admin_pgv_to_wt.php' && WT_SCRIPT_NAME != 'login.php' && WT_SCRIPT_NAME != 'logout.php' && WT_SCRIPT_NAME != 'import.php' && WT_SCRIPT_NAME != 'help_text.php' && WT_SCRIPT_NAME != 'message.php' && WT_SCRIPT_NAME != 'action.php') { if (!$WT_TREE || !$WT_TREE->getPreference('imported')) { if (Auth::isAdmin()) { header('Location: ' . WT_BASE_URL . 'admin_trees_manage.php'); } else { // We're not an administrator, so we can only log in if there is a tree. if (Auth::id()) { Auth::logout(); FlashMessages::addMessage(I18N::translate('This user account does not have access to any tree.')); } header('Location: ' . WT_LOGIN_URL . '?url=' . rawurlencode(WT_SCRIPT_NAME . (isset($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '')), true, 301); } exit; } } // Update the last-login time no more than once a minute if (WT_TIMESTAMP - Session::get('activity_time') >= 60) { Auth::user()->setPreference('sessiontime', WT_TIMESTAMP); Session::put('activity_time', WT_TIMESTAMP); } // Set the theme if (substr(WT_SCRIPT_NAME, 0, 5) === 'admin' || WT_SCRIPT_NAME === 'module.php' && substr(Filter::get('mod_action'), 0, 5) === 'admin') {
echo I18N::translate('User didn’t verify within 7 days.'); ?> </td> <td> <input type="checkbox" checked name="del_<?php echo $user->getUserId(); ?> " value="1"> </td> </tr> <?php } } // Check users not verified by admin foreach (User::all() as $user) { if ($user->getUserId() !== Auth::id() && !$user->getPreference('verified_by_admin') && $user->getPreference('verified')) { $ucnt++; ?> <tr> <td> <a href="?action=edit&user_id=<?php echo $user->getUserId(); ?> "> <?php echo Filter::escapeHtml($user->getUserName()); ?> — <?php echo $user->getRealNameHtml(); ?>
/** * Generate the HTML content of this block. * * @param int $block_id * @param bool $template * @param string[] $cfg * * @return string */ public function getBlock($block_id, $template = true, $cfg = array()) { global $ctype, $WT_TREE; switch (Filter::get('action')) { case 'deletenews': $news_id = Filter::getInteger('news_id'); if ($news_id) { Database::prepare("DELETE FROM `##news` WHERE news_id = ?")->execute(array($news_id)); } break; } $articles = Database::prepare("SELECT SQL_CACHE news_id, user_id, gedcom_id, UNIX_TIMESTAMP(updated) + :offset AS updated, subject, body FROM `##news` WHERE user_id = :user_id ORDER BY updated DESC")->execute(array('offset' => WT_TIMESTAMP_OFFSET, 'user_id' => Auth::id()))->fetchAll(); $id = $this->getName() . $block_id; $class = $this->getName() . '_block'; $title = $this->getTitle(); $content = ''; if (empty($articles)) { $content .= '<p>' . I18N::translate('You have not created any journal items.') . '</p>'; } foreach ($articles as $article) { $content .= '<div class="journal_box">'; $content .= '<div class="news_title">' . Filter::escapeHtml($article->subject) . '</div>'; $content .= '<div class="news_date">' . FunctionsDate::formatTimestamp($article->updated) . '</div>'; if ($article->body == strip_tags($article->body)) { $article->body = nl2br($article->body, false); } $content .= $article->body; $content .= '<a href="#" onclick="window.open(\'editnews.php?news_id=\'+' . $article->news_id . ', \'_blank\', indx_window_specs); return false;">' . I18N::translate('Edit') . '</a>'; $content .= ' | '; $content .= '<a href="index.php?action=deletenews&news_id=' . $article->news_id . '&ctype=' . $ctype . '&ged=' . $WT_TREE->getNameHtml() . '" onclick="return confirm(\'' . I18N::translate('Are you sure you want to delete “%s”?', Filter::escapeHtml($article->subject)) . "');\">" . I18N::translate('Delete') . '</a><br>'; $content .= '</div><br>'; } $content .= '<p><a href="#" onclick="window.open(\'editnews.php?user_id=' . Auth::id() . '\', \'_blank\', indx_window_specs); return false;">' . I18N::translate('Add a journal entry') . '</a></p>'; if ($template) { return Theme::theme()->formatBlock($id, $title, $class, $content); } else { return $content; } }
$controller->setPageTitle(I18N::translate('Change the “My page” blocks')); $can_reset = true; } } else { if ($gedcom_id < 0) { $controller->setPageTitle(I18N::translate('Set the default blocks for new family trees')); $can_reset = false; } else { $controller->setPageTitle(I18N::translate('Change the “Home page” blocks')); $can_reset = true; } } // Only an admin can edit the "default" page // Only managers can edit the "home page" // Only a user or an admin can edit a user’s "my page" if ($gedcom_id < 0 && !Auth::isAdmin() || $gedcom_id > 0 && !Auth::isManager(Tree::findById($gedcom_id)) || $user_id && Auth::id() != $user_id && !Auth::isAdmin()) { header('Location: ' . WT_BASE_URL); return; } $action = Filter::get('action'); if ($can_reset && Filter::post('default') === '1') { if ($user_id) { $defaults = FunctionsDb::getUserBlocks(-1); } else { $defaults = FunctionsDb::getTreeBlocks(-1); } $main = $defaults['main']; $right = $defaults['side']; } else { if (isset($_REQUEST['main'])) { $main = $_REQUEST['main'];