function render_partial(&$request, $template) { trigger_before('render_partial', $this, $this); // content_for_layout() passes the $request->action as $template $ext = $this->pick_template_extension($request, $template); $view = $request->get_template_path($ext, $template); if ($template == 'get') { $template = 'index'; } if (file_exists($view)) { $action = "_" . $template; } else { $action = $template; } global $db; if (file_exists($view) && function_exists($action)) { trigger_before($request->action, $request, $db); $result = $action(array_merge($this->named_vars, $db->get_resource())); trigger_after($request->action, $request, $db); if (is_array($result)) { extract($result); } if (!$this->header_sent) { $content_type = 'Content-Type: ' . $this->pick_content_type($ext); if ($this->pick_content_charset($ext)) { $content_type .= '; charset=' . $this->pick_content_charset($ext); } header($content_type); $this->header_sent = true; } include $view; } else { // no template, check for blobcall if (in_array(type_of($ext), mime_types()) && !$this->header_sent) { $model =& $db->get_table($request->resource); if (isset($model->blob)) { $template = $model->blob; } trigger_before($request->action, $request, $db); $Member = $this->collection->MoveFirst(); render_blob($Member->{$template}, $ext); } else { if (strpos($request->uri, 'robots') === false || strpos($request->uri, 'crawl') === false) { admin_alert($request->uri . " {$view} {$action} " . $_SERVER[REMOTE_HOST]); } } } }
function handle_posted_file($filename = "", $att, $profile) { global $db, $request, $response; $response->set_var('profile', $profile); load_apps(); if (isset($_FILES['media']['tmp_name'])) { $table = 'uploads'; } else { $table = 'posts'; } $modelvar = classify($table); $_FILES = array(strtolower($modelvar) => array('name' => array('attachment' => $filename), 'tmp_name' => array('attachment' => $att))); $Post =& $db->model('Post'); $Upload =& $db->model('Upload'); $field = 'attachment'; $request->set_param('resource', $table); $request->set_param(array(strtolower(classify($table)), $field), $att); trigger_before('insert_from_post', ${$modelvar}, $request); $content_type = 'text/html'; $rec = ${$modelvar}->base(); $content_type = type_of($filename); $rec->set_value('profile_id', get_profile_id()); $rec->set_value('parent_id', 0); if (isset($request->params['message'])) { $rec->set_value('title', $request->params['message']); } else { $rec->set_value('title', ''); } if ($table == 'uploads') { $rec->set_value('tmp_name', 'new'); } $upload_types = environment('upload_types'); if (!$upload_types) { $upload_types = array('jpg', 'jpeg', 'png', 'gif'); } $ext = extension_for(type_of($filename)); if (!in_array($ext, $upload_types)) { trigger_error('Sorry, this site only allows the following file types: ' . implode(',', $upload_types), E_USER_ERROR); } $rec->set_value($field, $att); $rec->save_changes(); $tmp = $att; if (is_jpg($tmp)) { $thumbsize = environment('max_pixels'); $Thumbnail =& $db->model('Thumbnail'); $t = $Thumbnail->base(); $newthumb = tempnam("/tmp", "new" . $rec->id . ".jpg"); resize_jpeg($tmp, $newthumb, $thumbsize); $t->set_value('target_id', $atomentry->id); $t->save_changes(); update_uploadsfile('thumbnails', $t->id, $newthumb); $t->set_etag(); } $atomentry = ${$modelvar}->set_metadata($rec, $content_type, $table, 'id'); ${$modelvar}->set_categories($rec, $request, $atomentry); $url = $request->url_for(array('resource' => $table, 'id' => $rec->id)); // $title = substr($rec->title,0,140); // $over = ((strlen($title) + strlen($url) + 1) - 140); // if ($over > 0) // $rec->set_value('title',substr($title,0,-$over)." ".$url); // else // $rec->set_value('title',$title." ".$url); // $rec->save_changes(); trigger_after('insert_from_post', ${$modelvar}, $rec); return true; }
function put(&$vars) { extract($vars); // save a revision $rec = $collection->MoveFirst(); $Revision =& $db->model('Revision'); $r = $Revision->base(); $r->set_value('data', serialize($rec)); $r->set_value('profile_id', get_profile_id()); $r->set_value('target_id', $rec->entry_id); $r->save(); if (isset($request->params['identity']['nickname'])) { $nick = strtolower($request->params['identity']['nickname']); $request->set_param(array('identity', 'nickname'), $nick); if ($profile->nickname == $nick) { // nickname did not change } else { global $prefix; // if post_notice is set it's a remote user and can share a nickname with a local user $sql = "SELECT nickname FROM " . $prefix . "identities WHERE nickname LIKE '" . $db->escape_string($nick) . "' AND (post_notice = '' OR post_notice IS NULL)"; $result = $db->get_result($sql); if ($db->num_rows($result) > 0) { trigger_error('Sorry, that nickname is already being used.', E_USER_ERROR); } } } else { } if (isset($request->params['identity']['url'])) { if (strpos($request->params['identity']['url'], 'http') === false) { $request->params['identity']['url'] = 'http://' . $request->params['identity']['url']; } } if (isset($request->params['identity']['password'])) { $request->params['identity']['password'] = md5($request->params['identity']['password']); } $resource->update_from_post($request); $rec = $Identity->find($request->id); if (is_upload('identities', 'photo')) { $sql = "SELECT photo FROM " . $prefix . "identities WHERE id = " . $db->escape_string($request->id); $result = $db->get_result($sql); $upl = $_FILES['identity']['tmp_name']['photo']; $ext = '.' . type_of_image($upl); if (!$ext) { trigger_error("Sorry for the trouble, but your photo must be a JPG, PNG or GIF file.", E_USER_ERROR); } $content_type = type_of($ext); if ($blobval = $db->result_value($result, 0, "photo")) { $rec->set_value('avatar', $request->url_for(array('resource' => "_" . $rec->id)) . $ext); } elseif (exists_uploads_blob('identities', $rec->id)) { $rec->set_value('avatar', $request->url_for(array('resource' => "_" . $rec->id)) . $ext); } else { $rec->set_value('avatar', ''); } if (empty($rec->profile)) { $rec->set_value('profile', $request->url_for(array('resource' => "_" . $rec->id))); } if (empty($rec->profile_url)) { $rec->set_value('profile_url', $request->url_for(array('resource' => "" . $rec->nickname))); } $rec->save_changes(); $atomentry = $Identity->set_metadata($rec, $content_type, $rec->table, 'id'); } broadcast_omb_profile_update(); header_status('200 OK'); redirect_to(base_url(true)); }
function update_from_post(&$req) { trigger_before('update_from_post', $this, $req); global $db; $fields = $this->fields_from_request($req); if (isset($fields[$req->resource])) { $fieldsarr = $fields[$req->resource]; } if (!isset($fieldsarr)) { trigger_error("The fields were not found in the request." . print_r($fields), E_USER_ERROR); } if ($this->has_metadata) { $Person =& $db->model('Person'); $Group =& $db->model('Group'); if (!isset($req->params['entry']['etag'])) { trigger_error("Sorry, the etag was not submitted with the database entry", E_USER_ERROR); } $atomentry = $db->models['entries']->find_by('etag', $req->params['entry']['etag']); if (!$atomentry->exists) { $atomentry = $db->models['entries']->base(); $atomentry->set_value('etag', getEtag(srand(date("s")))); $atomentry->set_value('resource', $req->resource); $atomentry->set_value('record_id', $rec->{$pkfield}); $atomentry->set_value('content_type', $content_type); $atomentry->set_value('last_modified', timestamp()); $atomentry->set_value('person_id', get_person_id()); $aresult = $atomentry->save_changes(); } $p = $Person->find(get_person_id()); if (!($p->id == $atomentry->attributes['person_id']) && !$this->can_superuser($req->resource)) { trigger_error("Sorry, your id does not match the owner of the database entry", E_USER_ERROR); } $recid = $atomentry->attributes['record_id']; if (empty($recid)) { trigger_error('The input form eTag did not match a record_id in entries.', E_USER_ERROR); } } else { $recid = $req->id; if (empty($recid)) { trigger_error('The record id was not found in the "id" form field.', E_USER_ERROR); } } $rec = $this->find($recid); foreach ($fieldsarr as $field => $type) { if ($this->has_metadata && is_blob($rec->table . '.' . $field)) { if (isset($_FILES[strtolower(classify($rec->table))]['name'][$field])) { if ($this->has_metadata) { $content_type = type_of($_FILES[strtolower(classify($rec->table))]['name'][$field]); $atomentry->set_value('content_type', $content_type); } } } $rec->set_value($field, $req->params[strtolower(classify($rec->table))][$field]); } $result = $rec->save_changes(); foreach ($fields as $table => $fieldlist) { // for each table in the submission do $mdl =& $db->get_table($table); if (!$mdl->can_write_fields($fieldlist)) { trigger_error("Sorry, you do not have permission to " . $req->action . " " . $table, E_USER_ERROR); } if (!in_array($table, array('entries', $rec->table), true)) { $rel = $rec->FirstChild($table); foreach ($fieldlist as $field => $type) { $rel->set_value($field, $req->params[strtolower(classify($table))][$field]); } $rel->save_changes(); } } if ($result) { $req->set_param('id', $rec->id); if ($this->has_metadata) { $atomentry->set_value('last_modified', timestamp()); $atomentry->save_changes(); } } else { trigger_error("The record could not be updated in the database.", E_USER_ERROR); } trigger_after('update_from_post', $this, $rec); }
function post(&$vars) { extract($vars); global $request; $modelvar = classify($request->resource); trigger_before('insert_from_post', ${$modelvar}, $request); $table = $request->resource; $content_type = 'text/html'; $rec = ${$modelvar}->base(); if (!${$modelvar}->can_create($table)) { trigger_error("Sorry, you do not have permission to " . $request->action . " " . $table, E_USER_ERROR); } $fields = ${$modelvar}->fields_from_request($request); $fieldlist = $fields[$table]; foreach ($fieldlist as $field => $type) { if (${$modelvar}->has_metadata && is_blob($table . '.' . $field)) { if (isset($_FILES[strtolower(classify($table))]['name'][$field])) { $content_type = type_of($_FILES[strtolower(classify($table))]['name'][$field]); } } $rec->set_value($field, $request->params[strtolower(classify($table))][$field]); } $rec->set_value('profile_id', get_profile_id()); $result = $rec->save_changes(); if (!$result) { trigger_error("The record could not be saved into the database.", E_USER_ERROR); } $atomentry = ${$modelvar}->set_metadata($rec, $content_type, $table, 'id'); ${$modelvar}->set_categories($rec, $request, $atomentry); if (is_upload($table, 'attachment')) { $upload_types = environment('upload_types'); if (!$upload_types) { $upload_types = array('jpg', 'jpeg', 'png', 'gif'); } $ext = extension_for(type_of($_FILES[strtolower(classify($table))]['name']['attachment'])); if (!in_array($ext, $upload_types)) { trigger_error('Sorry, this site only allows the following file types: ' . implode(',', $upload_types), E_USER_ERROR); } $url = $request->url_for(array('resource' => $table, 'id' => $rec->id)); $title = substr($rec->title, 0, 140); $over = strlen($title) + strlen($url) + 1 - 140; if ($over > 0) { $rec->set_value('title', substr($title, 0, -$over) . " " . $url); } else { $rec->set_value('title', $title . " " . $url); } $rec->save_changes(); $tmp = $_FILES[strtolower(classify($table))]['tmp_name']['attachment']; if (is_jpg($tmp)) { $thumbsize = environment('max_pixels'); $Thumbnail =& $db->model('Thumbnail'); $t = $Thumbnail->base(); $newthumb = tempnam("/tmp", "new" . $rec->id . ".jpg"); resize_jpeg($tmp, $newthumb, $thumbsize); $t->set_value('target_id', $atomentry->id); $t->save_changes(); update_uploadsfile('thumbnails', $t->id, $newthumb); $t->set_etag(); } } trigger_after('insert_from_post', ${$modelvar}, $rec); header_status('201 Created'); redirect_to($request->base); }
function render_blob($value, $ext) { global $request; $req =& $request; global $db; $coll = environment('collection_cache'); read_aws_blob($req, $value, $coll, $ext); header('Content-Type: ' . type_of($ext)); header("Content-Disposition: inline"); read_uploads_blob($req, $value, $coll, $ext); read_cache_blob($req, $value, $coll); fetch_blob($value, false); }
function do_ajaxy_fileupload(&$request, &$route) { global $db; if (!isset($_FILES['Filedata']['name'])) { return; } if (!is_writable('cache')) { exit; } $result = $db->get_result("DELETE FROM " . $db->prefix . "uploads WHERE name = '" . $db->escape_string(urldecode($_FILES['Filedata']['name'])) . "'"); $tmp = 'cache' . DIRECTORY_SEPARATOR . make_token(); $tmp .= "." . extension_for(type_of($_FILES['Filedata']['name'])); $Upload =& $db->model('Upload'); $u = $Upload->base(); $u->set_value('name', urldecode($_FILES['Filedata']['name'])); $u->set_value('tmp_name', $tmp); $u->save_changes(); move_uploaded_file($_FILES['Filedata']['tmp_name'], $tmp); echo "200 OK"; exit; }
function aws_putfile(&$rec, $pkvalue) { global $request, $prefix; $file = $prefix . $rec->table . $pkvalue . "." . extension_for(type_of($_FILES[strtolower(classify($rec->table))]['name'][$this->file_upload[0]])); lib_include('S3'); $s3 = new S3(environment('awsAccessKey'), environment('awsSecretKey')); if (!$s3) { trigger_error('Sorry, there was a problem connecting to Amazon Web Services', E_USER_ERROR); } if (!$s3->getBucket(environment('awsBucket'))) { $result = $s3->putBucket(environment('awsBucket'), 'public-read'); if (!$result) { trigger_error('Sorry, there was a problem creating the bucket ' . environment('awsBucket') . ' at Amazon Web Services', E_USER_ERROR); } } if (file_exists($this->file_upload[1])) { if (!$s3->putObjectFile($this->file_upload[1], environment('awsBucket'), $file, 'public-read')) { trigger_error('Sorry, there was a problem uploading the file to Amazon Web Services', E_USER_ERROR); } unlink($this->file_upload[1]); } $this->file_upload = false; }