function handleFormData($edit_submit = false)
{
global $template, $WebBaseDir, $i18n, $AddIP, $userid, $group_ids, $AccessOption, $ComplaintsStateOption;
$apf_refundment = DB_DataObject::factory('ApfRefundment');
if ($edit_submit) {
$apf_refundment->get($apf_refundment->escape($_POST['ID']));
$do_action = "updatesubmit";
} else {
$do_action = "addsubmit";
}
$apf_refundment->setCategory(stripslashes(trim($_POST['category'])));
$apf_refundment->setCompany(stripslashes(trim($_POST['company'])));
$apf_refundment->setRefundmenter(stripslashes(trim($_POST['refundmenter'])));
$apf_refundment->setReasons(stripslashes(trim($_POST['reasons'])));
$apf_refundment->setReply(stripslashes(trim($_POST['reply'])));
$apf_refundment->setHandleman(stripslashes(trim($_POST['handleman'])));
$apf_refundment->setHandledate(stripslashes(trim($_POST['handledate'])));
$apf_refundment->setState(stripslashes(trim($_POST['state'])));
$apf_refundment->setAccess(stripslashes(trim($_POST['access'])));
$apf_refundment->setActive(stripslashes(trim($_POST['active'])));
$apf_refundment->setAddIp($AddIP);
$apf_refundment->setGroupid($group_ids);
$apf_refundment->setUserid($userid);
$val = $apf_refundment->validate();
if ($val === TRUE) {
if ($edit_submit) {
$apf_refundment->setUpdateAt(DB_DataObject_Cast::dateTime());
$apf_refundment->update();
$log_string = $i18n->_("Update") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['ID']}";
logFileString($log_string);
$this->forward("refundment/apf_refundment/update/" . $_POST['ID'] . "/ok");
} else {
$apf_refundment->setCreatedAt(DB_DataObject_Cast::dateTime());
$apf_refundment->insert();
$log_string = $i18n->_("Create") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['create_date']}";
logFileString($log_string);
$this->forward("refundment/apf_refundment/");
}
} else {
$template->setFile(array("MAIN" => "apf_refundment_edit.html"));
$template->setBlock("MAIN", "edit_block");
$category_arr = $this->getCategory();
array_shift($AccessOption);
array_shift($ComplaintsStateOption);
$template->setVar(array("WEBDIR" => $WebBaseDir, "CATEGORYOPTION" => selectTag("category", $category_arr, $_POST['category']), "ACCESSOPTION" => radioTag("access", $AccessOption, $_POST['access']), "STATE_OPTION" => radioTag("state", $ComplaintsStateOption, $_POST['state']), "HANDLE_DATE" => inputDateTag("handledate", $_POST['handledate']), "REASONS_TEXT" => textareaTag('reasons', $_POST['reasons'], false, "ROWS=\"8\" COLS=\"40\""), "DOACTION" => $do_action));
foreach ($val as $k => $v) {
if ($v == false) {
$template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ "));
}
}
$template->setVar(array("ID" => $_POST['id'], "CATEGORY" => $_POST['category'], "COMPANY" => $_POST['company'], "REFUNDMENTER" => $_POST['refundmenter'], "REASONS" => $_POST['reasons'], "REPLY" => $_POST['reply'], "HANDLEMAN" => $_POST['handleman'], "HANDLEDATE" => $_POST['handledate'], "STATE" => $_POST['state'], "GROUPID" => $_POST['groupid'], "USERID" => $_POST['userid'], "ACCESS" => $_POST['access'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at']));
}
}
function handleFormData($edit_submit = false)
{
global $template, $WebBaseDir, $i18n, $AddIP, $userid, $group_ids, $AccessOption;
$apf_agreement = DB_DataObject::factory('ApfAgreement');
if ($edit_submit) {
$apf_agreement->get($apf_agreement->escape($_POST['ID']));
$do_action = "updatesubmit";
} else {
$do_action = "addsubmit";
}
$apf_agreement->setNoid(stripslashes(trim($_POST['noid'])));
$apf_agreement->setCategory(stripslashes(trim($_POST['category'])));
$apf_agreement->setEffectdate(stripslashes(trim($_POST['effectdate'])));
$apf_agreement->setExpireddate(stripslashes(trim($_POST['expireddate'])));
$apf_agreement->setBuyer(stripslashes(trim($_POST['buyer'])));
$apf_agreement->setVender(stripslashes(trim($_POST['vender'])));
$apf_agreement->setBuyersignature(stripslashes(trim($_POST['buyersignature'])));
$apf_agreement->setVendersignature(stripslashes(trim($_POST['vendersignature'])));
$apf_agreement->setDescription(stripslashes(trim($_POST['description'])));
$apf_agreement->setAccess(stripslashes(trim($_POST['access'])));
$apf_agreement->setActive(stripslashes(trim($_POST['active'])));
$apf_agreement->setAddIp($AddIP);
$apf_agreement->setGroupid($group_ids);
$apf_agreement->setUserid($userid);
$val = $apf_agreement->validate();
if ($val === TRUE) {
if ($edit_submit) {
$apf_agreement->setUpdateAt(DB_DataObject_Cast::dateTime());
$apf_agreement->update();
$log_string = $i18n->_("Update") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['ID']}";
logFileString($log_string);
$this->forward("agreement/apf_agreement/update/" . $_POST['ID'] . "/ok");
} else {
$apf_agreement->setCreatedAt(DB_DataObject_Cast::dateTime());
$apf_agreement->insert();
$log_string = $i18n->_("Create") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['create_date']}";
logFileString($log_string);
$this->forward("agreement/apf_agreement/");
}
} else {
$template->setFile(array("MAIN" => "apf_agreement_edit.html"));
$template->setBlock("MAIN", "edit_block");
$category_arr = $this->getCategory();
array_shift($AccessOption);
$template->setVar(array("WEBDIR" => $WebBaseDir, "CATEGORYOPTION" => selectTag("category", $category_arr, $_POST['category']), "EFFECT_DATE" => inputDateTag("effectdate", $_POST['effectdate']), "EXPIRED_DATE" => inputDateTag("expireddate", $_POST['expireddate']), "ACCESSOPTION" => radioTag("access", $AccessOption, $_POST['access']), "DESCRIPTION_TEXT" => textareaTag('description', $_POST['description'], false, "ROWS=\"8\" COLS=\"40\""), "DOACTION" => $do_action));
foreach ($val as $k => $v) {
if ($v == false) {
$template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ "));
}
}
$template->setVar(array("ID" => $_POST['id'], "NOID" => $_POST['noid'], "CATEGORY" => $_POST['category'], "EFFECTDATE" => $_POST['effectdate'], "EXPIREDDATE" => $_POST['expireddate'], "BUYER" => $_POST['buyer'], "VENDER" => $_POST['vender'], "BUYERSIGNATURE" => $_POST['buyersignature'], "VENDERSIGNATURE" => $_POST['vendersignature'], "DESCRIPTION" => $_POST['description'], "GROUPID" => $_POST['groupid'], "USERID" => $_POST['userid'], "ACCESS" => $_POST['access'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at']));
}
}
/**
* Register a user with a username on a given provider
* @param User User object
* @param string username on the given provider
* @param provider_name string name of the provider
* @return mixed User_username instance if the registration succeeded, false if it did not
*/
static function register($user, $username, $provider_name)
{
$user_username = new User_username();
$user_username->user_id = $user->id;
$user_username->provider_name = $provider_name;
$user_username->username = $username;
$user_username->created = DB_DataObject_Cast::dateTime();
if ($user_username->insert()) {
return $user_username;
} else {
return false;
}
}
function oid_link_user($id, $canonical, $display)
{
$oid = new User_openid();
$oid->user_id = $id;
$oid->canonical = $canonical;
$oid->display = $display;
$oid->created = DB_DataObject_Cast::dateTime();
if (!$oid->insert()) {
$err = PEAR::getStaticProperty('DB_DataObject', 'lastError');
return false;
}
return true;
}
function handleFormData($edit_submit = false)
{
global $template, $WebBaseDir, $i18n, $ActiveOption, $DebitOption, $AddIP, $userid, $group_ids;
$apf_finance = DB_DataObject::factory('ApfFinance');
if ($edit_submit) {
$apf_finance->get($apf_finance->escape($_POST['ID']));
$do_action = "updatesubmit";
} else {
$do_action = "addsubmit";
}
$apf_finance->setCategory(stripslashes(trim($_POST['category'])));
$apf_finance->setCreateDate(stripslashes(trim($_POST['create_date'])));
$apf_finance->setAmount(stripslashes(trim($_POST['amount'])));
$apf_finance->setDebit(stripslashes(trim($_POST['debit'])));
$apf_finance->setMoney(stripslashes(trim($_POST['money'])));
$apf_finance->setMemo(stripslashes(trim($_POST['memo'])));
$apf_finance->setActive(stripslashes(trim($_POST['active'])));
$apf_finance->setAddIp($AddIP);
$apf_finance->setGroupid($group_ids);
$apf_finance->setUserid($userid);
$val = $apf_finance->validate();
if ($val === TRUE) {
if ($edit_submit) {
$apf_finance->setUpdateAt(DB_DataObject_Cast::dateTime());
$apf_finance->update();
$log_string = $i18n->_("Update") . $i18n->_("Finance") . "\t{$_POST['money']}=>{$_POST['ID']}";
logFileString($log_string);
$this->forward("finance/apf_finance/update/" . $_POST['ID'] . "/ok");
} else {
$apf_finance->setCreatedAt(DB_DataObject_Cast::dateTime());
$apf_finance->insert();
$log_string = $i18n->_("Create") . $i18n->_("Finance") . "\t{$_POST['money']}=>{$_POST['create_date']}";
logFileString($log_string);
$this->forward("finance/apf_finance/");
}
} else {
$template->setFile(array("MAIN" => "apf_finance_edit.html"));
$template->setBlock("MAIN", "edit_block");
$template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action));
foreach ($val as $k => $v) {
if ($v == false) {
$template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ "));
}
}
$template->setVar(array("ID" => $_POST['ID'], "CATEGORY" => $_POST['category'], "CREATE_DATE" => $_POST['create_date'], "AMOUNT" => $_POST['amount'], "DEBIT" => $_POST['debit'], "MONEY" => $_POST['money'], "MEMO" => $_POST['memo'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at']));
$category_arr = $this->getCategory();
array_shift($ActiveOption);
array_shift($DebitOption);
$template->setVar(array("CATEGORYOPTION" => selectTag("category", $category_arr, $_POST['category']), "CREATEDATE" => inputDateTag("create_date", $_POST['create_date']), "AMOUNTTEXT" => textTag("amount", $_POST['amount']), "ACTIVEOPTION" => radioTag("active", $ActiveOption, $_POST['active']), "DEBITOPTION" => radioTag("debit", $DebitOption, $_POST['debit'])));
}
}
function handleFormData($edit_submit = false)
{
global $template, $WebBaseDir, $i18n, $ActiveOption, $StateOption, $AddIP, $userid, $group_ids;
$apf_opportunity = DB_DataObject::factory('ApfOpportunity');
if ($edit_submit) {
$apf_opportunity->get($apf_opportunity->escape($_POST['ID']));
$do_action = "updatesubmit";
} else {
$do_action = "addsubmit";
}
$apf_opportunity->setTitle(stripslashes(trim($_POST['title'])));
$apf_opportunity->setAddrees(stripslashes(trim($_POST['addrees'])));
$apf_opportunity->setPhone(stripslashes(trim($_POST['phone'])));
$apf_opportunity->setFax(stripslashes(trim($_POST['fax'])));
$apf_opportunity->setEmail(stripslashes(trim($_POST['email'])));
$apf_opportunity->setHomepage(stripslashes(trim($_POST['homepage'])));
$apf_opportunity->setLinkMan(stripslashes(trim($_POST['link_man'])));
$apf_opportunity->setMemo(stripslashes(trim($_POST['memo'])));
$apf_opportunity->setState(stripslashes(trim($_POST['state'])));
$apf_opportunity->setActive(stripslashes(trim($_POST['active'])));
$apf_opportunity->setAddIp($AddIP);
$apf_opportunity->setGroupid($group_ids);
$apf_opportunity->setUserid($userid);
$val = $apf_opportunity->validate();
if ($val === TRUE) {
if ($edit_submit) {
$apf_opportunity->setUpdateAt(DB_DataObject_Cast::dateTime());
$apf_opportunity->update();
$log_string = $i18n->_("Update") . $i18n->_("Opportunity") . "\t{$_POST['title']}=>{$_POST['ID']}";
logFileString($log_string);
$this->forward("opportunity/apf_opportunity/update/" . $_POST['ID'] . "/ok");
} else {
$apf_opportunity->setCreatedAt(DB_DataObject_Cast::dateTime());
$apf_opportunity->insert();
$log_string = $i18n->_("Create") . $i18n->_("Opportunity") . "\t{$_POST['title']}";
logFileString($log_string);
$this->forward("opportunity/apf_opportunity/");
}
} else {
$template->setFile(array("MAIN" => "apf_opportunity_edit.html"));
$template->setBlock("MAIN", "edit_block");
array_shift($ActiveOption);
$template->setVar(array("WEBDIR" => $WebBaseDir, "ACTIVEOPTION" => radioTag("active", $ActiveOption, $_POST['active']), "STATE_OPTION" => radioTag("state", $StateOption, $_POST['state']), "MEMO_TEXT" => textareaTag("memo", $_POST['memo'], false, "ROWS=\"15\" COLS=\"60\" "), "DOACTION" => $do_action));
foreach ($val as $k => $v) {
if ($v == false) {
$template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ "));
}
}
$template->setVar(array("ID" => $_POST['id'], "TITLE" => $_POST['title'], "ADDREES" => $_POST['addrees'], "PHONE" => $_POST['phone'], "FAX" => $_POST['fax'], "EMAIL" => $_POST['email'], "HOMEPAGE" => $_POST['homepage'], "LINK_MAN" => $_POST['link_man'], "MEMO" => $_POST['memo'], "STATE" => $_POST['state'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at']));
}
}
function handleFormData($edit_submit = false)
{
global $template, $WebBaseDir, $i18n, $ActiveOption, $AddIP, $userid, $group_ids;
$apf_news = DB_DataObject::factory('ApfNews');
if ($edit_submit) {
$apf_news->get($apf_news->escape($_POST['ID']));
$do_action = "updatesubmit";
} else {
$do_action = "addsubmit";
}
$apf_news->setCategoryId(stripslashes(trim($_POST['category_id'])));
$apf_news->setTitle(stripslashes(trim($_POST['title'])));
$apf_news->setContent(stripslashes(trim($_POST['content'])));
$apf_news->setActive(stripslashes(trim($_POST['active'])));
$apf_finance->setAddIp($AddIP);
$apf_finance->setGroupid($group_ids);
$apf_finance->setUserid($userid);
$val = $apf_news->validate();
if ($val === TRUE) {
if ($edit_submit) {
$apf_news->setUpdateAt(DB_DataObject_Cast::dateTime());
$apf_news->update();
$log_string = $i18n->_("Update") . $i18n->_("News") . "\t{$_POST['title']}=>{$_POST['ID']}";
logFileString($log_string);
$this->forward("news/apf_news/update/" . $_POST['ID'] . "/ok");
} else {
$apf_news->setCreatedAt(DB_DataObject_Cast::dateTime());
$apf_news->insert();
$log_string = $i18n->_("Create") . $i18n->_("News") . "\t{$_POST['title']}";
logFileString($log_string);
$this->forward("news/apf_news/");
}
} else {
$template->setFile(array("MAIN" => "apf_news_edit.html"));
$template->setBlock("MAIN", "edit_block");
$template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action));
$category_arr = $this->getCategory();
array_shift($ActiveOption);
$template->setVar(array("ACTIVEOPTION" => radioTag("active", $ActiveOption, $_POST['active']), "CATEGORYOPTION" => selectTag("category_id", $category_arr, $_POST['category_id'])));
foreach ($val as $k => $v) {
if ($v == false) {
$template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ "));
}
}
$template->setVar(array("ID" => $_POST['id'], "CATEGORY_ID" => $_POST['category_id'], "TITLE" => $_POST['title'], "CONTENT" => $_POST['content'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at']));
}
}
function handleFormData($edit_submit = false)
{
global $template, $WebBaseDir, $i18n, $ActiveOption;
$apf_news_category = DB_DataObject::factory('ApfNewsCategory');
if ($edit_submit) {
$apf_news_category->get($apf_news_category->escape($_POST['ID']));
$do_action = "updatesubmit";
} else {
$do_action = "addsubmit";
}
$apf_news_category->setCategoryName(stripslashes(trim($_POST['category_name'])));
$apf_news_category->setOrderid(stripslashes(trim($_POST['orderid'])));
$apf_news_category->setActive(stripslashes(trim($_POST['active'])));
$apf_news_category->setAddIp(stripslashes(trim($_POST['add_ip'])));
$apf_news_category->setCreatedAt(stripslashes(trim($_POST['created_at'])));
$apf_news_category->setUpdateAt(stripslashes(trim($_POST['update_at'])));
$val = $apf_news_category->validate();
if ($val === TRUE) {
if ($edit_submit) {
$apf_news_category->setUpdateAt(DB_DataObject_Cast::dateTime());
$apf_news_category->update();
$log_string = $i18n->_("Update") . $i18n->_("NewsCategory") . "\t{$_POST['category_name']}=>{$_POST['ID']}";
logFileString($log_string);
$this->forward("news/apf_news_category/update/" . $_POST['ID'] . "/ok");
} else {
$apf_news_category->setCreatedAt(DB_DataObject_Cast::dateTime());
$insert_id = $apf_news_category->insert();
$log_string = $i18n->_("Create") . $i18n->_("NewsCategory") . "\t{$_POST['category_name']}";
logFileString($log_string);
$apf_news_category->get($insert_id);
$apf_news_category->setOrderid($insert_id);
$apf_news_category->update();
$this->forward("news/apf_news_category/");
}
} else {
$template->setFile(array("MAIN" => "apf_news_category_edit.html"));
$template->setBlock("MAIN", "edit_block");
array_shift($ActiveOption);
$template->setVar(array("WEBDIR" => $WebBaseDir, "ACTIVEOPTION" => radioTag("active", $ActiveOption, $_POST['active']), "DOACTION" => $do_action));
foreach ($val as $k => $v) {
if ($v == false) {
$template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ "));
}
}
$template->setVar(array("ID" => $_POST['ID'], "CATEGORY_NAME" => $_POST['category_name'], "ORDERID" => $_POST['orderid'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at']));
}
}
function doEditProductPrice()
{
global $CurrencyFormat;
require_once 'I18N/Currency.php';
$args = func_get_args();
$price = $args[0];
$product_id = $args[1];
$company_id = $args[2];
$apf_product_price = DB_DataObject::factory('ApfProductPrice');
$apf_product_price->setCompanyId($company_id);
$apf_product_price->setProductId($product_id);
$apf_product_price->setPrice($price);
$apf_product_price->setCreatedAt(DB_DataObject_Cast::dateTime());
$apf_product_price->insert();
$currency = new I18N_Currency($CurrencyFormat);
return "<div ondblclick=\"editPrice('" . $product_id . "','" . $company_id . "','" . $price . "')\" >" . $currency->format($price) . "</div>";
}
function handleFormData($edit_submit = false)
{
global $template, $WebBaseDir, $i18n, $AddIP, $userid, $group_ids;
$apf_dailyreport = DB_DataObject::factory('ApfDailyreport');
if ($edit_submit) {
$apf_dailyreport->get($apf_dailyreport->escape($_POST['ID']));
$do_action = "updatesubmit";
} else {
$do_action = "addsubmit";
}
$apf_dailyreport->setTitle(stripslashes(trim($_POST['title'])));
$apf_dailyreport->setContent(stripslashes(trim($_POST['content'])));
$apf_dailyreport->setFilldate(stripslashes(trim($_POST['filldate'])));
$apf_dailyreport->setActive(stripslashes(trim($_POST['active'])));
$apf_dailyreport->setAddIp($AddIP);
$apf_dailyreport->setGroupid($group_ids);
$apf_dailyreport->setUserid($userid);
$val = $apf_dailyreport->validate();
if ($val === TRUE) {
if ($edit_submit) {
$apf_dailyreport->setUpdateAt(DB_DataObject_Cast::dateTime());
$apf_dailyreport->update();
$log_string = $i18n->_("Update") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['ID']}";
logFileString($log_string);
$this->forward("dailyreport/apf_dailyreport/update/" . $_POST['ID'] . "/ok");
} else {
$apf_dailyreport->setCreatedAt(DB_DataObject_Cast::dateTime());
$apf_dailyreport->insert();
$log_string = $i18n->_("Create") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['create_date']}";
logFileString($log_string);
$this->forward("dailyreport/apf_dailyreport/");
}
} else {
$template->setFile(array("MAIN" => "apf_dailyreport_edit.html"));
$template->setBlock("MAIN", "edit_block");
$template->setVar(array("WEBDIR" => $WebBaseDir, "FILL_DATE" => inputDateTag("filldate", $_POST['filldate']), "TEXTAREACONTENT" => textareaTag("content", $_POST['content'], true), "DOACTION" => $do_action));
foreach ($val as $k => $v) {
if ($v == false) {
$template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ "));
}
}
$template->setVar(array("ID" => $_POST['id'], "TITLE" => $_POST['title'], "CONTENT" => $_POST['content'], "FILLDATE" => $_POST['filldate'], "ACTIVE" => $_POST['active'], "GROUPID" => $_POST['groupid'], "USERID" => $_POST['userid'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at']));
}
}
function handleFormData($edit_submit = false)
{
global $template, $WebBaseDir, $i18n;
$apf_product_price = DB_DataObject::factory('ApfProductPrice');
if ($edit_submit) {
$apf_product_price->get($apf_product_price->escape($_POST['ID']));
$do_action = "updatesubmit";
} else {
$do_action = "addsubmit";
}
$apf_product_price->setCompanyId(stripslashes(trim($_POST['company_id'])));
$apf_product_price->setProductId(stripslashes(trim($_POST['product_id'])));
$apf_product_price->setPrice(stripslashes(trim($_POST['price'])));
$apf_product_price->setAddIp(stripslashes(trim($_POST['add_ip'])));
$apf_product_price->setCreatedAt(stripslashes(trim($_POST['created_at'])));
$apf_product_price->setUpdateAt(stripslashes(trim($_POST['update_at'])));
$val = $apf_product_price->validate();
if ($val === TRUE) {
if ($edit_submit) {
$apf_product_price->setUpdateAt(DB_DataObject_Cast::dateTime());
$apf_product_price->update();
$this->forward("product/apf_product_price/update/" . $_POST['ID'] . "/ok");
} else {
$apf_product_price->setCreatedAt(DB_DataObject_Cast::dateTime());
$apf_product_price->insert();
$this->forward("product/apf_product_price/");
}
} else {
$template->setFile(array("MAIN" => "apf_product_price_edit.html"));
$template->setBlock("MAIN", "edit_block");
$template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action));
foreach ($val as $k => $v) {
if ($v == false) {
$template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ "));
}
}
$template->setVar(array("ID" => $_POST['id'], "COMPANY_ID" => $_POST['company_id'], "PRODUCT_ID" => $_POST['product_id'], "PRICE" => $_POST['price'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at']));
}
}
function handleFormData($edit_submit = false)
{
global $template, $WebBaseDir, $i18n;
$apf_groups = DB_DataObject::factory('ApfGroups');
if ($edit_submit) {
$apf_groups->get($apf_groups->escape($_POST['ID']));
$do_action = "updatesubmit";
} else {
$do_action = "addsubmit";
}
$apf_groups->setGroupType(stripslashes(trim($_POST['group_type'])));
$apf_groups->setGroupDefineName(stripslashes(trim($_POST['group_define_name'])));
$apf_groups->setIsActive(stripslashes(trim($_POST['is_active'])));
$apf_groups->setOwnerUserId(stripslashes(trim($_POST['owner_user_id'])));
$apf_groups->setOwnerGroupId(stripslashes(trim($_POST['owner_group_id'])));
$val = $apf_groups->validate();
if ($val === TRUE) {
if ($edit_submit) {
$apf_groups->setUpdateAt(DB_DataObject_Cast::dateTime());
$apf_groups->update();
$this->forward("users/apf_groups/update/" . $_POST['ID'] . "/ok");
} else {
$apf_groups->setCreatedAt(DB_DataObject_Cast::dateTime());
$apf_groups->insert();
$this->forward("users/apf_groups/");
}
} else {
$template->setFile(array("MAIN" => "apf_groups_edit.html"));
$template->setBlock("MAIN", "edit_block");
$template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action));
foreach ($val as $k => $v) {
if ($v == false) {
$template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ "));
}
}
$template->setVar(array("GROUP_ID" => $_POST['group_id'], "GROUP_TYPE" => $_POST['group_type'], "GROUP_DEFINE_NAME" => $_POST['group_define_name'], "IS_ACTIVE" => $_POST['is_active'], "OWNER_USER_ID" => $_POST['owner_user_id'], "OWNER_GROUP_ID" => $_POST['owner_group_id']));
}
}
function create($args, $apidata)
{
parent::handle($args);
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
$this->clientError(_('This method requires a POST.'), 400, $apidata['content-type']);
return;
}
$id = $apidata['api_arg'];
$other = $this->get_user($id);
if (!$other) {
$this->clientError(_('Could not follow user: User not found.'), 403, $apidata['content-type']);
return;
}
$user = $apidata['user'];
if ($user->isSubscribed($other)) {
$errmsg = sprintf(_('Could not follow user: %s is already on your list.'), $other->nickname);
$this->clientError($errmsg, 403, $apidata['content-type']);
return;
}
$sub = new Subscription();
$sub->query('BEGIN');
$sub->subscriber = $user->id;
$sub->subscribed = $other->id;
$sub->created = DB_DataObject_Cast::dateTime();
# current time
$result = $sub->insert();
if (!$result) {
$errmsg = sprintf(_('Could not follow user: %s is already on your list.'), $other->nickname);
$this->clientError($errmsg, 400, $apidata['content-type']);
return;
}
$sub->query('COMMIT');
mail_subscribe_notify($other, $user);
$type = $apidata['content-type'];
$this->init_document($type);
$this->show_profile($other, $type);
$this->end_document($type);
}
function handleFormData($edit_submit = false)
{
global $template, $WebBaseDir, $i18n;
$apf_rights = DB_DataObject::factory('ApfRights');
if ($edit_submit) {
$apf_rights->get($apf_rights->escape($_POST['ID']));
$do_action = "updatesubmit";
} else {
$do_action = "addsubmit";
}
$apf_rights->setAreaId(stripslashes(trim($_POST['area_id'])));
$apf_rights->setRightDefineName(stripslashes(trim($_POST['right_define_name'])));
$apf_rights->setHasImplied(stripslashes(trim($_POST['has_implied'])));
$val = $apf_rights->validate();
if ($val === TRUE) {
if ($edit_submit) {
$apf_rights->setUpdateAt(DB_DataObject_Cast::dateTime());
$apf_rights->update();
$this->forward("users/apf_rights/update/" . $_POST['ID'] . "/ok");
} else {
$apf_rights->setCreatedAt(DB_DataObject_Cast::dateTime());
$apf_rights->insert();
$this->forward("users/apf_rights/");
}
} else {
$template->setFile(array("MAIN" => "apf_rights_edit.html"));
$template->setBlock("MAIN", "edit_block");
$template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action));
foreach ($val as $k => $v) {
if ($v == false) {
$template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ "));
}
}
$template->setVar(array("RIGHT_ID" => $_POST['right_id'], "AREA_ID" => $_POST['area_id'], "RIGHT_DEFINE_NAME" => $_POST['right_define_name'], "HAS_IMPLIED" => $_POST['has_implied']));
}
}
function handleFileFormData($edit_submit = false)
{
global $template, $WebBaseDir, $i18n, $DocumentDir, $ClassDir, $AddIP, $userid, $group_ids;
$apf_files = DB_DataObject::factory('ApfFiles');
if ($edit_submit) {
$apf_files->get($apf_files->escape($_POST['ID']));
$do_action = "updatefilesubmit";
} else {
$do_action = "addfilesubmit";
}
$apf_files->setName(stripslashes(trim($_POST['name'])));
$apf_files->setParent(stripslashes(trim($_POST['parent'])));
$apf_files->setDescription(stripslashes(trim($_POST['description'])));
$apf_files->setMajorRevision(stripslashes(trim($_POST['major_revision'])));
$apf_files->setMinorRevision(stripslashes(trim($_POST['minor_revision'])));
$apf_files->setPassword(stripslashes(trim($_POST['password'])));
$apf_files->setActive(stripslashes(trim($_POST['active'])));
$apf_files->setAccess(stripslashes(trim($_POST['access'])));
$apf_files->setAddIp($AddIP);
$apf_files->setGroupid($group_ids);
$apf_files->setUserid($userid);
$UploadDocumentDir = $DocumentDir . $this->getFolderByPID($_POST['parent']);
if ($_POST['filename_del'] == 'Y') {
unlink($UploadDocumentDir . $_POST['filename_old']);
$apf_files->setFilename("");
$_POST['filename_old'] = "";
}
if ($_POST['upload_temp']) {
$apf_files->setFilename($_POST['upload_temp']);
}
$allow_upload_file = TRUE;
if ($_FILES['filename']['name']) {
require_once $ClassDir . "FileHelper.class.php";
$upload_data = FileHelper::uploadDocumentFile($UploadDocumentDir);
// Var_Dump::display($upload_data);
$allow_upload_file = $upload_data["upload_state"];
if ($allow_upload_file) {
$filenames_arr = $upload_data["upload_msg"];
if ($filename_pic = $filenames_arr['filename']) {
$apf_files->setFilename($filename_pic);
$apf_files->setExt($filenames_arr['exten_name']);
$apf_files->setFSize($filenames_arr['file_size']);
$_POST['upload_temp'] = $filename_pic;
}
} else {
$upload_error_msg = $upload_data["upload_msg"];
}
}
$val = $apf_files->validate();
if ($val === TRUE && $allow_upload_file === TRUE) {
if ($edit_submit) {
$apf_files->setUpdateAt(DB_DataObject_Cast::dateTime());
$apf_files->update();
$this->forward("document/apf_folders/update/" . $_POST['ID'] . "/ok");
} else {
$apf_files->setCreatedAt(DB_DataObject_Cast::dateTime());
$apf_files->insert();
$log_string = $i18n->_("Create") . $i18n->_("File") . "\t{$_POST['name']}";
logFileString($log_string);
$this->forward("document/apf_folders/list/{$_POST['parent']}");
}
} else {
$template->setFile(array("MAIN" => "apf_files_edit.html"));
$template->setBlock("MAIN", "edit_block");
$template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action));
if (is_array($val)) {
foreach ($val as $k => $v) {
if ($v == false) {
$template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ "));
}
}
}
if ($allow_upload_file !== TRUE) {
$template->setVar(array("FILENAME_ERROR_MSG" => " ↓ {$upload_error_msg} ↓ "));
}
$template->setVar(array("ID" => $_POST['id'], "NAME" => $_POST['name'], "PARENT" => $_POST['parent'], "FILENAME" => $_POST['filename'], "F_SIZE" => $_POST['f_size'], "DESCRIPTION" => $_POST['description'], "CHECKED_OUT" => $_POST['checked_out'], "MAJOR_REVISION" => $_POST['major_revision'], "MINOR_REVISION" => $_POST['minor_revision'], "URL" => $_POST['url'], "PASSWORD" => $_POST['password'], "USERID" => $_POST['userid'], "GROUPID" => $_POST['groupid'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at']));
}
}
function handleFormData($edit_submit = false)
{
global $template, $WebBaseDir, $i18n, $AddIP, $userid, $UploadDir, $ClassDir, $group_ids;
$apf_selfproduct = DB_DataObject::factory('ApfSelfproduct');
if ($edit_submit) {
$apf_selfproduct->get($apf_selfproduct->escape($_POST['ID']));
$do_action = "updatesubmit";
} else {
$do_action = "addsubmit";
}
$apf_selfproduct->setProductname(stripslashes(trim($_POST['productname'])));
$apf_selfproduct->setRetailprice(stripslashes(trim($_POST['retailprice'])));
$apf_selfproduct->setWholesaleprice(stripslashes(trim($_POST['wholesaleprice'])));
$apf_selfproduct->setCostprice(stripslashes(trim($_POST['costprice'])));
$apf_selfproduct->setReleasedate(stripslashes(trim($_POST['releasedate'])));
$apf_selfproduct->setMemo(stripslashes(trim($_POST['memo'])));
$apf_selfproduct->setAccess(stripslashes(trim($_POST['access'])));
$apf_selfproduct->setActive(stripslashes(trim($_POST['active'])));
$apf_selfproduct->setAddIp($AddIP);
$apf_selfproduct->setGroupid($group_ids);
$apf_selfproduct->setUserid($userid);
if ($_POST['photo_del'] == 'Y') {
unlink($UploadDir . $_POST['photo_old']);
$apf_selfproduct->setPhoto("");
$_POST['photo_old'] = "";
}
if ($_POST['upload_temp']) {
$apf_selfproduct->setPhoto($_POST['upload_temp']);
}
$allow_upload_file = TRUE;
if ($_FILES['photo']['name']) {
require_once $ClassDir . "FileHelper.class.php";
$upload_data = FileHelper::uploadFile("product");
$allow_upload_file = $upload_data["upload_state"];
if ($allow_upload_file) {
$photos_arr = $upload_data["upload_msg"];
if ($photo_pic = $photos_arr['photo']) {
$apf_selfproduct->setPhoto($photo_pic);
$_POST['upload_temp'] = $photo_pic;
}
} else {
$upload_error_msg = $upload_data["upload_msg"];
}
}
$val = $apf_selfproduct->validate();
if ($val === TRUE && $allow_upload_file === TRUE) {
if ($edit_submit) {
$apf_selfproduct->setUpdateAt(DB_DataObject_Cast::dateTime());
$apf_selfproduct->update();
$log_string = $i18n->_("Update") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['ID']}";
logFileString($log_string);
$this->forward("selfproduct/apf_selfproduct/update/" . $_POST['ID'] . "/ok");
} else {
$apf_selfproduct->setCreatedAt(DB_DataObject_Cast::dateTime());
$apf_selfproduct->insert();
$log_string = $i18n->_("Create") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['create_date']}";
logFileString($log_string);
$this->forward("selfproduct/apf_selfproduct/");
}
} else {
$template->setFile(array("MAIN" => "apf_selfproduct_edit.html"));
$template->setBlock("MAIN", "edit_block");
$template->setVar(array("WEBDIR" => $WebBaseDir, "RELEASE_DATE" => inputDateTag("releasedate", $_POST['releasedate']), "FILEPHOTO" => fileTag("photo", $_POST['photo']), "MEMOTEXT" => textareaTag('memo', $_POST['memo'], false, "ROWS=\"8\" COLS=\"40\""), "DOACTION" => $do_action));
foreach ($val as $k => $v) {
if ($v == false) {
$template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ "));
}
}
$template->setVar(array("ID" => $_POST['id'], "PRODUCTNAME" => $_POST['productname'], "RETAILPRICE" => $_POST['retailprice'], "WHOLESALEPRICE" => $_POST['wholesaleprice'], "COSTPRICE" => $_POST['costprice'], "PHOTO" => $_POST['photo'], "RELEASEDATE" => $_POST['releasedate'], "MEMO" => $_POST['memo'], "ACCESS" => $_POST['access'], "ACTIVE" => $_POST['active'], "GROUPID" => $_POST['groupid'], "USERID" => $_POST['userid'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at']));
}
}
function handleFormData($edit_submit = false)
{
global $template, $WebBaseDir, $i18n, $TimeOption, $ActiveOption, $AddIP, $userid, $group_ids, $ClassDir, $UploadDir;
$apf_schedule = DB_DataObject::factory('ApfSchedule');
if ($edit_submit) {
$apf_schedule->get($apf_schedule->escape($_POST['ID']));
$do_action = "updatesubmit";
} else {
$do_action = "addsubmit";
}
$apf_schedule->setTitle(stripslashes(trim($_POST['title'])));
$apf_schedule->setDescription(stripslashes(trim($_POST['description'])));
$apf_schedule->setPublishDate(DB_DataObject_Cast::date(stripslashes(trim($_POST['publish_date']))));
$apf_schedule->setPublishStarttime(DB_DataObject_Cast::time(stripslashes(trim($_POST['publish_starttime']))));
$apf_schedule->setPublishEndtime(DB_DataObject_Cast::time(stripslashes(trim($_POST['publish_endtime']))));
$apf_schedule->setImage(stripslashes(trim($_POST['image'])));
$apf_schedule->setActive(stripslashes(trim($_POST['active'])));
$apf_schedule->setAddIp($AddIP);
$apf_schedule->setGroupid($group_ids);
$apf_schedule->setUserid($userid);
if ($_POST['image_del'] == 'Y') {
unlink($UploadDir . $_POST['image_old']);
$apf_schedule->setImage("");
$_POST['image_old'] = "";
}
if ($_POST['upload_temp']) {
$apf_schedule->setImage($_POST['upload_temp']);
}
$allow_upload_file = TRUE;
if ($_FILES['image']['name']) {
require_once $ClassDir . "FileHelper.class.php";
$upload_data = FileHelper::uploadFile("schedule");
$allow_upload_file = $upload_data["upload_state"];
if ($allow_upload_file) {
$images_arr = $upload_data["upload_msg"];
if ($image_pic = $images_arr['image']) {
$apf_schedule->setImage($image_pic);
$_POST['upload_temp'] = $image_pic;
}
} else {
$upload_error_msg = $upload_data["upload_msg"];
}
}
$val = $apf_schedule->validate();
if ($val === TRUE && $allow_upload_file === TRUE) {
if ($edit_submit) {
$apf_schedule->setUpdateAt(DB_DataObject_Cast::dateTime());
$apf_schedule->update();
$log_string = $i18n->_("Update") . $i18n->_("Schedule") . "\t{$_POST['title']}=>{$_POST['ID']}";
logFileString($log_string);
$this->forward("schedule/apf_schedule/list/" . $_POST['ID'] . "/ok/?y=" . $_REQUEST['y'] . "&m=" . $_REQUEST['m'] . "&d=" . $_REQUEST['d'] . "");
} else {
$apf_schedule->setCreatedAt(DB_DataObject_Cast::dateTime());
$apf_schedule->insert();
$log_string = $i18n->_("Create") . $i18n->_("Schedule") . "\t{$_POST['title']}";
logFileString($log_string);
$this->forward("schedule/apf_schedule/list/?y=" . $_REQUEST['y'] . "&m=" . $_REQUEST['m'] . "&d=" . $_REQUEST['d'] . "");
}
} else {
$template->setFile(array("MAIN" => "apf_schedule_list.html"));
$template->setBlock("MAIN", "edit_block");
if ($_REQUEST['y'] && $_REQUEST['m'] && $_REQUEST['d']) {
$select_y = $_REQUEST['y'];
$select_m = $_REQUEST['m'];
$select_d = $_REQUEST['d'];
} else {
$next_week_time = $this->getDefaultDate();
$select_y = date("Y", $next_week_time);
$select_m = date("m", $next_week_time);
$select_d = date("d", $next_week_time);
}
$used_hours_arr = array();
$CalDailyView = $this->renderDayView($select_y, $select_m, $select_d, $used_hours_arr);
$un_use_hour_arr = array_diff($TimeOption, $used_hours_arr);
array_shift($ActiveOption);
$template->setVar(array("WEBDIR" => $WebBaseDir, "IMAGES_FILE" => fileTag('image', $_POST['upload_temp'] ? $_POST['upload_temp'] : $_POST['image_old']), "STATUS_FIELD" => selectTag('status', $ActiveOption, $_POST['status']), "LEFT_CALENDAR" => $this->renderMonthView(), "DAY_VIEW" => $CalDailyView, "PUBLISH_STARTTIME_OPTION" => selectTag('publish_starttime', $un_use_hour_arr, $_POST['publish_starttime']), "PUBLISH_ENDTIME_OPTION" => selectTag('publish_endtime', $un_use_hour_arr, $_POST['publish_endtime']), "DOACTION" => $do_action, "PUBLISH_DATE" => "{$select_y}-{$select_m}-{$select_d}", "Y" => $select_y, "M" => $select_m, "D" => $select_d));
if (is_array($val)) {
foreach ($val as $k => $v) {
if ($v == false) {
$template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ Please check here ↓ "));
}
}
}
foreach ($val as $k => $v) {
if ($v == false) {
$template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ "));
}
}
$template->setVar(array("ID" => $_POST['id'], "TITLE" => $_POST['title'], "DESCRIPTION" => $_POST['description'], "PUBLISH_DATE" => $_POST['publish_date'], "PUBLISH_STARTTIME" => $_POST['publish_starttime'], "PUBLISH_ENDTIME" => $_POST['publish_endtime'], "IMAGE" => $_POST['image'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at']));
}
}
function handleFormData($edit_submit = false)
{
global $template, $WebBaseDir, $PhpbbDir, $i18n, $luadmin, $ClassDir, $AllowUploadFilesType, $UploadDir;
$apf_users = DB_DataObject::factory('ApfUsers');
if ($edit_submit) {
$apf_users->get($apf_users->escape($_POST['ID']));
$do_action = "updatesubmit";
} else {
$do_action = "addsubmit";
}
$apf_users->setUserName(stripslashes(trim($_POST['user_name'])));
$apf_users->setGender(stripslashes(trim($_POST['gender'])));
$apf_users->setAddrees(stripslashes(trim($_POST['addrees'])));
$apf_users->setPhone(stripslashes(trim($_POST['phone'])));
$apf_users->setEmail(stripslashes(trim($_POST['email'])));
$apf_users->setPhoto(stripslashes(trim($_POST['photo'])));
$apf_users->setRoleId(stripslashes(trim($_POST['role_id'])));
$apf_users->setActive(stripslashes(trim($_POST['active'])));
$apf_users->setAddIp(stripslashes(trim($_POST['add_ip'])));
$apf_users->setCreatedAt(stripslashes(trim($_POST['created_at'])));
$apf_users->setUpdateAt(stripslashes(trim($_POST['update_at'])));
if ($_POST['photo_del'] == 'Y') {
unlink($UploadDir . $_POST['photo_old']);
$apf_users->setPhoto("");
$_POST['photo_old'] = "";
}
$allow_upload_file = TRUE;
if ($_FILES['photo']['name']) {
require_once 'HTTP/Upload.php';
require_once $ClassDir . "FileHelper.class.php";
$upload = new http_upload();
$file = $upload->getFiles('photo');
$file->setValidExtensions($AllowUploadFilesType, 'accept');
if (PEAR::isError($file)) {
$allow_upload_file = FALSE;
$upload_error_msg = $file->getMessage();
}
if ($file->isValid()) {
$file->setName('uniq');
$current_date = FileHelper::createCategoryDir($UploadDir, "users");
$date_photo_dir = $UploadDir . $current_date;
$dest_name = $file->moveTo($date_photo_dir);
if (PEAR::isError($dest_name)) {
$allow_upload_file = FALSE;
$upload_error_msg = $dest_name->getMessage();
} else {
$real = $file->getProp('real');
$apf_users->setPhoto($current_date . $dest_name);
}
} elseif ($file->isError()) {
$allow_upload_file = FALSE;
$upload_error_msg = $file->errorMsg();
}
}
$val = $apf_users->validate();
// Var_Dump($val);
if ($val === TRUE && $allow_upload_file === TRUE) {
if ($edit_submit) {
$apf_users->setUpdateAt(DB_DataObject_Cast::dateTime());
$apf_users->update();
$password = stripslashes(trim($_POST['user_pwd'])) ? stripslashes(trim($_POST['user_pwd'])) : stripslashes(trim($_POST['old_password']));
if (stripslashes(trim($_POST['user_pwd']))) {
$data = array('handle' => stripslashes(trim($_POST['user_name'])), 'passwd' => $password);
$updated = $luadmin->updateUser($data, $_POST['ID']);
}
$this->forward("users/apf_users/update/" . $_POST['ID'] . "/ok");
} else {
$data = array('handle' => stripslashes(trim($_POST['user_name'])), 'passwd' => stripslashes(trim($_POST['user_pwd'])), 'perm_type' => 1);
$user_id = $luadmin->addUser($data);
$apf_users->get($apf_users->escape($user_id));
// $apf_users->debugLevel(4);
$apf_users->update();
include_once $PhpbbDir . '/hook.php';
$phpbb_action = 'insert';
$phpbb_user['user_id'] = $user_id;
// $uid变量是您要整合的系统中用户ID变量,根据系统不同自行修改,下同
$phpbb_user['username'] = stripslashes(trim($_POST['user_name']));
// 用户名
$phpbb_user['user_password'] = md5(stripslashes(trim($_POST['user_pwd'])));
// 密码,注意必须是已经经过md5加密的密码
$phpbb_user['user_email'] = stripslashes(trim($_POST['email']));
// email
phpbb_user($phpbb_action, $phpbb_user);
$this->forward("users/apf_users/");
}
} else {
$template->setFile(array("MAIN" => "apf_users_edit.html"));
$template->setBlock("MAIN", "edit_block");
$template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action));
foreach ($val as $k => $v) {
if ($v == false) {
$template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ "));
}
}
if ($allow_upload_file !== TRUE) {
$template->setVar(array("PHOTO_ERROR_MSG" => " ↓ {$upload_error_msg} ↓ "));
}
$template->setVar(array("ID" => $_POST['id'], "USER_NAME" => $_POST['user_name'], "USER_PWD" => $_POST['user_pwd'], "GENDER" => $_POST['gender'], "ADDREES" => $_POST['addrees'], "PHONE" => $_POST['phone'], "EMAIL" => $_POST['email'], "PHOTO" => $_POST['photo'], "ROLE_ID" => $_POST['role_id'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at']));
}
}
function handleFormData($edit_submit = false)
{
global $template, $WebBaseDir, $i18n, $ActiveOption, $ClassDir, $UploadDir, $AllowUploadFilesType, $AddIP, $userid, $group_ids;
$apf_product = DB_DataObject::factory('ApfProduct');
if ($edit_submit) {
$apf_product->get($apf_product->escape($_POST['ID']));
$do_action = "updatesubmit";
} else {
$do_action = "addsubmit";
}
$apf_product->setCategory(stripslashes(trim($_POST['category'])));
$apf_product->setCompanyId(stripslashes(trim($_POST['company_id'])));
$apf_product->setName(stripslashes(trim($_POST['name'])));
$apf_product->setPrice(stripslashes(trim($_POST['price'])));
$apf_product->setMemo(stripslashes(trim($_POST['memo'])));
$apf_product->setActive(stripslashes(trim($_POST['active'])));
$apf_product->setAddIp($AddIP);
$apf_product->setGroupid($group_ids);
$apf_product->setUserid($userid);
if ($_POST['photo_del'] == 'Y') {
unlink($UploadDir . $_POST['photo_old']);
$apf_product->setPhoto("");
$_POST['photo_old'] = "";
}
if ($_POST['upload_temp']) {
$apf_product->setPhoto($_POST['upload_temp']);
}
$allow_upload_file = TRUE;
if ($_FILES['photo']['name']) {
require_once $ClassDir . "FileHelper.class.php";
$upload_data = FileHelper::uploadFile("product");
$allow_upload_file = $upload_data["upload_state"];
if ($allow_upload_file) {
$photos_arr = $upload_data["upload_msg"];
if ($photo_pic = $photos_arr['photo']) {
$apf_product->setPhoto($photo_pic);
$_POST['upload_temp'] = $photo_pic;
}
} else {
$upload_error_msg = $upload_data["upload_msg"];
}
}
$val = $apf_product->validate();
if ($val === TRUE && $allow_upload_file === TRUE) {
if ($edit_submit) {
$apf_product->setUpdateAt(DB_DataObject_Cast::dateTime());
$apf_product->update();
$log_string = $i18n->_("Update") . $i18n->_("Product") . "\t{$_POST['name']}=>{$_POST['ID']}";
logFileString($log_string);
$this->forward("product/apf_product/update/" . $_POST['ID'] . "/ok");
} else {
$apf_product->setCreatedAt(DB_DataObject_Cast::dateTime());
$apf_product->insert();
$log_string = $i18n->_("Create") . $i18n->_("Product") . "\t{$_POST['name']}";
logFileString($log_string);
$this->forward("product/apf_product/");
}
} else {
$template->setFile(array("MAIN" => "apf_product_edit.html"));
$template->setBlock("MAIN", "edit_block");
$template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action));
$category_arr = $this->getCategory();
array_shift($ActiveOption);
$template->setVar(array("CATEGORYOPTION" => selectTag("category", $category_arr, $_POST['category']), "FILEPHOTO" => fileTag("photo", $_POST['photo_old']), "ACTIVEOPTION" => radioTag("active", $ActiveOption, $_POST['active'])));
foreach ($val as $k => $v) {
if ($v == false) {
$template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ "));
}
}
$template->setVar(array("ID" => $_POST['id'], "CATEGORY" => $_POST['category'], "COMPANY_ID" => $_POST['company_id'], "NAME" => $_POST['name'], "PRICE" => $_POST['price'], "PHOTO" => $_POST['photo'], "MEMO" => $_POST['memo'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at']));
}
}
/**
*
* http://oauth.net/core/1.0/#nonce
* "The Consumer SHALL then generate a Nonce value that is unique for
* all requests with that timestamp."
* XXX: It's not clear why the token is here
*
* @param type $consumer
* @param type $token
* @param type $nonce
* @param type $timestamp
* @return type
*/
function lookup_nonce($consumer, $token, $nonce, $timestamp)
{
$n = new Nonce();
$n->consumer_key = $consumer->key;
$n->ts = common_sql_date($timestamp);
$n->nonce = $nonce;
if ($n->find(true)) {
return true;
} else {
$n->created = DB_DataObject_Cast::dateTime();
$n->insert();
return false;
}
}
function setOriginal($filename)
{
$imagefile = new ImageFile($this->id, Avatar::path($filename));
$avatar = new Avatar();
$avatar->profile_id = $this->id;
$avatar->width = $imagefile->width;
$avatar->height = $imagefile->height;
$avatar->mediatype = image_type_to_mime_type($imagefile->type);
$avatar->filename = $filename;
$avatar->original = true;
$avatar->url = Avatar::url($filename);
$avatar->created = DB_DataObject_Cast::dateTime();
# current time
# XXX: start a transaction here
if (!$this->delete_avatars() || !$avatar->insert()) {
@unlink(Avatar::path($filename));
return null;
}
foreach (array(AVATAR_PROFILE_SIZE, AVATAR_STREAM_SIZE, AVATAR_MINI_SIZE) as $size) {
# We don't do a scaled one if original is our scaled size
if (!($avatar->width == $size && $avatar->height == $size)) {
$scaled_filename = $imagefile->resize($size);
//$scaled = DB_DataObject::factory('avatar');
$scaled = new Avatar();
$scaled->profile_id = $this->id;
$scaled->width = $size;
$scaled->height = $size;
$scaled->original = false;
$scaled->mediatype = image_type_to_mime_type($imagefile->type);
$scaled->filename = $scaled_filename;
$scaled->url = Avatar::url($scaled_filename);
$scaled->created = DB_DataObject_Cast::dateTime();
# current time
if (!$scaled->insert()) {
return null;
}
}
}
return $avatar;
}
/**
* Save a subscription
*
* Saves the subscription from $subscriber_uri to $subscribed_user_uri.
* Throws exceptions in case of error.
*
* @param string $subscriber_uri The OMB identifier URI specifying
* the subscribing profile
*
* @param string $subscribed_user_uri The OMB identifier URI specifying
* the subscribed profile
* @param OAuthToken $token The access token
*
* @access public
**/
public function saveSubscription($subscriber_uri, $subscribed_user_uri, $token)
{
$sub = new Subscription();
$subscribed = $this->_getAnyProfile($subscribed_user_uri);
$subscriber = $this->_getAnyProfile($subscriber_uri);
if (!$subscriber->hasRight(Right::SUBSCRIBE)) {
common_log(LOG_INFO, __METHOD__ . ": remote subscriber banned ({$subscriber_uri} subbing to {$subscribed_user_uri})");
// TRANS: Error message displayed to a banned user when they try to subscribe.
return _('You have been banned from subscribing.');
}
$sub->subscribed = $subscribed->id;
$sub->subscriber = $subscriber->id;
$sub_exists = $sub->find(true);
if ($sub_exists) {
$orig_sub = clone $sub;
} else {
$sub->created = DB_DataObject_Cast::dateTime();
}
$sub->token = $token->key;
$sub->secret = $token->secret;
if ($sub_exists) {
$result = $sub->update($orig_sub);
} else {
$result = $sub->insert();
}
if (!$result) {
common_log_db_error($sub, $sub_exists ? 'UPDATE' : 'INSERT', __FILE__);
// TRANS: Exception thrown when creating a new subscription fails in OAuth store.
throw new Exception(_('Could not insert new subscription.'));
return;
}
/* Notify user, if necessary. */
if ($subscribed instanceof User) {
mail_subscribe_notify_profile($subscribed, Profile::staticGet($subscriber->id));
}
}
function handleSubmit()
{
unset($_SESSION['openid_trust_root']);
unset($_SESSION['openid_allow_url']);
unset($_SESSION['openid_deny_url']);
if ($this->arg('allow')) {
//save to database
$user_openid_trustroot = new User_openid_trustroot();
$user_openid_trustroot->user_id = $this->user->id;
$user_openid_trustroot->trustroot = $this->trust_root;
$user_openid_trustroot->created = DB_DataObject_Cast::dateTime();
if (!$user_openid_trustroot->insert()) {
$err = PEAR::getStaticProperty('DB_DataObject', 'lastError');
}
common_redirect($this->allowUrl, $code = 302);
} else {
common_redirect($this->denyUrl, $code = 302);
}
}
function new_request_token($consumer, $callback)
{
$t = new Token();
$t->consumer_key = $consumer->key;
$t->tok = common_good_rand(16);
$t->secret = common_good_rand(16);
$t->type = 0;
// request
$t->state = 0;
// unauthorized
$t->verified_callback = $callback;
if ($callback === 'oob') {
// six digit pin
$t->verifier = mt_rand(0, 9999999);
} else {
$t->verifier = common_good_rand(8);
}
$t->created = DB_DataObject_Cast::dateTime();
if (!$t->insert()) {
return null;
} else {
return new OAuthToken($t->tok, $t->secret);
}
}
function new_access_token($token, $consumer)
{
common_debug('new_access_token("' . $token->key . '","' . $consumer->key . '")', __FILE__);
$rt = new Token();
$rt->consumer_key = $consumer->key;
$rt->tok = $token->key;
$rt->type = 0;
// request
if ($rt->find(true) && $rt->state == 1) {
// authorized
common_debug('request token found.', __FILE__);
$at = new Token();
$at->consumer_key = $consumer->key;
$at->tok = common_good_rand(16);
$at->secret = common_good_rand(16);
$at->type = 1;
// access
$at->created = DB_DataObject_Cast::dateTime();
if (!$at->insert()) {
$e = $at->_lastError;
common_debug('access token "' . $at->tok . '" not inserted: "' . $e->message . '"', __FILE__);
return null;
} else {
common_debug('access token "' . $at->tok . '" inserted', __FILE__);
// burn the old one
$orig_rt = clone $rt;
$rt->state = 2;
// used
if (!$rt->update($orig_rt)) {
return null;
}
common_debug('request token "' . $rt->tok . '" updated', __FILE__);
// Update subscription
// XXX: mixing levels here
$sub = Subscription::staticGet('token', $rt->tok);
if (!$sub) {
return null;
}
common_debug('subscription for request token found', __FILE__);
$orig_sub = clone $sub;
$sub->token = $at->tok;
$sub->secret = $at->secret;
if (!$sub->update($orig_sub)) {
return null;
} else {
common_debug('subscription updated to use access token', __FILE__);
return new OAuthToken($at->tok, $at->secret);
}
}
} else {
return null;
}
}
function handleFormData($edit_submit = false)
{
global $template, $WebBaseDir, $i18n, $luadmin, $ClassDir, $AllowUploadFilesType, $UploadDir;
include_once 'HTTP/UploadProgressMeter.class.php';
$fileWidget = new UploadProgressMeter();
$fileWidget->name = 'photo';
if ($fileWidget->uploadComplete()) {
$fileWidget->finalStatus();
}
$apf_users = DB_DataObject::factory('ApfUsers');
if ($edit_submit) {
$apf_users->get($apf_users->escape($_POST['ID']));
$do_action = "updatesubmit";
} else {
$do_action = "addsubmit";
}
$apf_users->setUserName(stripslashes(trim($_POST['user_name'])));
$apf_users->setRealname(stripslashes(trim($_POST['realname'])));
$apf_users->setMemo(stripslashes(trim($_POST['memo'])));
$apf_users->setGender(stripslashes(trim($_POST['gender'])));
$apf_users->setAddrees(stripslashes(trim($_POST['addrees'])));
$apf_users->setPhone(stripslashes(trim($_POST['phone'])));
$apf_users->setEmail(stripslashes(trim($_POST['email'])));
$apf_users->setRoleId(stripslashes(trim($_POST['role_id'])));
$apf_users->setActive(stripslashes(trim($_POST['active'])));
if ($_POST['photo_del'] == 'Y') {
unlink($UploadDir . $_POST['photo_old']);
$apf_users->setPhoto("");
$_POST['photo_old'] = "";
}
if ($_POST['upload_temp']) {
$apf_users->setPhoto($_POST['upload_temp']);
}
$allow_upload_file = TRUE;
if ($_FILES['photo']['name']) {
require_once $ClassDir . "FileHelper.class.php";
$upload_data = FileHelper::uploadFile("users");
$allow_upload_file = $upload_data["upload_state"];
if ($allow_upload_file) {
$photos_arr = $upload_data["upload_msg"];
if ($photo_pic = $photos_arr['photo']) {
$apf_users->setPhoto($photo_pic);
$_POST['upload_temp'] = $photo_pic;
}
} else {
$upload_error_msg = $upload_data["upload_msg"];
}
}
$val = $apf_users->validate();
if ($val === TRUE && $allow_upload_file === TRUE) {
if ($edit_submit) {
$apf_users->setUpdateAt(DB_DataObject_Cast::dateTime());
$apf_users->update();
$password = stripslashes(trim($_POST['user_pwd'])) ? stripslashes(trim($_POST['user_pwd'])) : stripslashes(trim($_POST['old_password']));
if (stripslashes(trim($_POST['user_pwd']))) {
$data = array('handle' => stripslashes(trim($_POST['user_name'])), 'passwd' => $password);
$updated = $luadmin->updateUser($data, $_POST['ID']);
}
//remove from group
$filter = array('perm_user_id' => $_POST['ID'], 'group_id' => $_POST['old_group']);
$luadmin->perm->removeUserFromGroup($filter);
//add from group
$data = array('perm_user_id' => $_POST['ID'], 'group_id' => $_POST['group']);
$luadmin->perm->addUserToGroup($data);
$this->forward("users/apf_users/update/" . $_POST['ID'] . "/ok");
} else {
$data = array('handle' => stripslashes(trim($_POST['user_name'])), 'passwd' => stripslashes(trim($_POST['user_pwd'])), 'perm_type' => 1);
$user_id = $luadmin->addUser($data);
// add new group
$data = array('perm_user_id' => $user_id, 'group_id' => $_POST['group']);
$luadmin->perm->addUserToGroup($data);
$apf_users->get($apf_users->escape($user_id));
// $apf_users->debugLevel(4);
$apf_users->update();
$this->forward("users/apf_users/");
}
} else {
$template->setFile(array("MAIN" => "apf_users_edit.html"));
$template->setBlock("MAIN", "edit_block");
$template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action));
foreach ($val as $k => $v) {
if ($v == false) {
$template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ "));
}
}
if ($allow_upload_file !== TRUE) {
$template->setVar(array("PHOTO_ERROR_MSG" => " ↓ {$upload_error_msg} ↓ "));
}
$template->setVar(array("ID" => $_POST['id'], "USER_NAME" => $_POST['user_name'], "USER_PWD" => $_POST['user_pwd'], "GENDER" => $_POST['gender'], "ADDREES" => $_POST['addrees'], "PHONE" => $_POST['phone'], "EMAIL" => $_POST['email'], "PHOTO" => $_POST['photo'], "ROLE_ID" => $_POST['role_id'], "ACTIVE" => $_POST['active'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at']));
}
}
function gravatar_save()
{
$cur = common_current_user();
if (empty($cur->email)) {
return array('message' => _m('You do not have an email address set in your profile.'), 'success' => false);
}
//Get rid of previous Avatar
$this->gravatar_remove();
foreach (array(AVATAR_PROFILE_SIZE, AVATAR_STREAM_SIZE, AVATAR_MINI_SIZE) as $size) {
$gravatar = new Avatar();
$gravatar->profile_id = $cur->id;
$gravatar->width = $size;
$gravatar->height = $size;
$gravatar->original = false;
//No file, so no original
$gravatar->mediatype = 'img';
//XXX: Unsure what to put here
//$gravatar->filename = null;//No filename. Remote
$gravatar->url = $this->gravatar_url($cur->email, $size);
$gravatar->created = DB_DataObject_Cast::dateTime();
# current time
if (!$gravatar->insert()) {
return array('message' => _m('Failed to save Gravatar to the database.'), 'success' => false);
}
}
return array('message' => _m('Gravatar added.'), 'success' => true);
}
function handleFormData($edit_submit = false)
{
global $template, $WebBaseDir, $i18n, $UploadDir, $ClassDir, $AddIP, $userid, $group_ids;
$apf_selfcompany = DB_DataObject::factory('ApfSelfcompany');
if ($edit_submit) {
$apf_selfcompany->get($apf_selfcompany->escape($_POST['ID']));
$do_action = "updatesubmit";
} else {
$do_action = "addsubmit";
}
$apf_selfcompany->setName(stripslashes(trim($_POST['name'])));
$apf_selfcompany->setAddrees(stripslashes(trim($_POST['addrees'])));
$apf_selfcompany->setPhone(stripslashes(trim($_POST['phone'])));
$apf_selfcompany->setFax(stripslashes(trim($_POST['fax'])));
$apf_selfcompany->setEmail(stripslashes(trim($_POST['email'])));
$apf_selfcompany->setHomepage(stripslashes(trim($_POST['homepage'])));
$apf_selfcompany->setEmployee(stripslashes(trim($_POST['employee'])));
$apf_selfcompany->setBankroll(stripslashes(trim($_POST['bankroll'])));
$apf_selfcompany->setLinkMan(stripslashes(trim($_POST['link_man'])));
$apf_selfcompany->setIncorporator(stripslashes(trim($_POST['incorporator'])));
$apf_selfcompany->setIndustry(stripslashes(trim($_POST['industry'])));
$apf_selfcompany->setTaxaccounts(stripslashes(trim($_POST['taxaccounts'])));
$apf_selfcompany->setBankaccounts(stripslashes(trim($_POST['bankaccounts'])));
$apf_selfcompany->setProducts(stripslashes(trim($_POST['products'])));
$apf_selfcompany->setMemo(stripslashes(trim($_POST['memo'])));
$apf_selfcompany->setActive(stripslashes(trim($_POST['active'])));
$apf_selfcompany->setAccess(stripslashes(trim($_POST['access'])));
$apf_selfcompany->setAddIp($AddIP);
$apf_selfcompany->setGroupid($group_ids);
$apf_selfcompany->setUserid($userid);
if ($_POST['photo_del'] == 'Y') {
unlink($UploadDir . $_POST['photo_old']);
$apf_selfcompany->setPhoto("");
$_POST['photo_old'] = "";
}
if ($_POST['upload_temp']) {
$apf_selfcompany->setPhoto($_POST['upload_temp']);
}
$allow_upload_file = TRUE;
if ($_FILES['photo']['name']) {
require_once $ClassDir . "FileHelper.class.php";
$upload_data = FileHelper::uploadFile("product");
$allow_upload_file = $upload_data["upload_state"];
if ($allow_upload_file) {
$photos_arr = $upload_data["upload_msg"];
if ($photo_pic = $photos_arr['photo']) {
$apf_selfcompany->setPhoto($photo_pic);
$_POST['upload_temp'] = $photo_pic;
}
} else {
$upload_error_msg = $upload_data["upload_msg"];
}
}
$val = $apf_selfcompany->validate();
if ($val === TRUE && $allow_upload_file === TRUE) {
if ($edit_submit) {
$apf_selfcompany->setUpdateAt(DB_DataObject_Cast::dateTime());
$apf_selfcompany->update();
$log_string = $i18n->_("Update") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['ID']}";
logFileString($log_string);
$this->forward("selfcompany/apf_selfcompany/update/" . $_POST['ID'] . "/ok");
} else {
$apf_selfcompany->setCreatedAt(DB_DataObject_Cast::dateTime());
$apf_selfcompany->insert();
$log_string = $i18n->_("Create") . $i18n->_("ModuleName") . "\t{$_POST['name']}=>{$_POST['create_date']}";
logFileString($log_string);
$this->forward("selfcompany/apf_selfcompany/");
}
} else {
$template->setFile(array("MAIN" => "apf_selfcompany_edit.html"));
$template->setBlock("MAIN", "edit_block");
$template->setVar(array("WEBDIR" => $WebBaseDir, "DOACTION" => $do_action));
foreach ($val as $k => $v) {
if ($v == false) {
$template->setVar(array(strtoupper($k) . "_ERROR_MSG" => " ↓ " . $i18n->_("Please check here") . " ↓ "));
}
}
$template->setVar(array("ID" => $_POST['id'], "NAME" => $_POST['name'], "ADDREES" => $_POST['addrees'], "PHONE" => $_POST['phone'], "FAX" => $_POST['fax'], "EMAIL" => $_POST['email'], "PHOTO" => $_POST['photo'], "HOMEPAGE" => $_POST['homepage'], "EMPLOYEE" => $_POST['employee'], "BANKROLL" => $_POST['bankroll'], "LINK_MAN" => $_POST['link_man'], "INCORPORATOR" => $_POST['incorporator'], "INDUSTRY" => $_POST['industry'], "TAXACCOUNTS" => $_POST['taxaccounts'], "BANKACCOUNTS" => $_POST['bankaccounts'], "PRODUCTS" => $_POST['products'], "MEMO" => $_POST['memo'], "ACTIVE" => $_POST['active'], "ACCESS" => $_POST['access'], "GROUPID" => $_POST['groupid'], "USERID" => $_POST['userid'], "ADD_IP" => $_POST['add_ip'], "CREATED_AT" => $_POST['created_at'], "UPDATE_AT" => $_POST['update_at']));
}
}
function new_access_token($token, $consumer)
{
common_debug('new_access_token("' . $token->key . '","' . $consumer->key . '")', __FILE__);
$rt = new Token();
$rt->consumer_key = $consumer->key;
$rt->tok = $token->key;
$rt->type = 0;
// request
$app = Oauth_application::getByConsumerKey($consumer->key);
if (empty($app)) {
common_debug("empty app!");
}
if ($rt->find(true) && $rt->state == 1) {
// authorized
common_debug('request token found.', __FILE__);
// find the associated user of the app
$appUser = new Oauth_application_user();
$appUser->application_id = $app->id;
$appUser->token = $rt->tok;
$result = $appUser->find(true);
if (!empty($result)) {
common_debug("Oath app user found.");
} else {
common_debug("Oauth app user not found. app id {$app->id} token {$rt->tok}");
return null;
}
// go ahead and make the access token
$at = new Token();
$at->consumer_key = $consumer->key;
$at->tok = common_good_rand(16);
$at->secret = common_good_rand(16);
$at->type = 1;
// access
$at->created = DB_DataObject_Cast::dateTime();
if (!$at->insert()) {
$e = $at->_lastError;
common_debug('access token "' . $at->tok . '" not inserted: "' . $e->message . '"', __FILE__);
return null;
} else {
common_debug('access token "' . $at->tok . '" inserted', __FILE__);
// burn the old one
$orig_rt = clone $rt;
$rt->state = 2;
// used
if (!$rt->update($orig_rt)) {
return null;
}
common_debug('request token "' . $rt->tok . '" updated', __FILE__);
// update the token from req to access for the user
$orig = clone $appUser;
$appUser->token = $at->tok;
// It's at this point that we change the access type
// to whatever the application's access is. Request
// tokens should always have an access type of 0, and
// therefore be unuseable for making requests for
// protected resources.
$appUser->access_type = $app->access_type;
$result = $appUser->update($orig);
if (empty($result)) {
common_debug('couldn\'t update OAuth app user.');
return null;
}
// Okay, good
return new OAuthToken($at->tok, $at->secret);
}
} else {
return null;
}
}
function handle($args)
{
parent::handle($args);
if (common_logged_in()) {
$this->clientError(_('You can use the local subscription!'));
return;
}
$omb = $_SESSION['oauth_authorization_request'];
if (!$omb) {
$this->clientError(_('Not expecting this response!'));
return;
}
common_debug('stored request: ' . print_r($omb, true), __FILE__);
common_remove_magic_from_request();
$req = OAuthRequest::from_request();
$token = $req->get_parameter('oauth_token');
# I think this is the success metric
if ($token != $omb['token']) {
$this->clientError(_('Not authorized.'));
return;
}
$version = $req->get_parameter('omb_version');
if ($version != OMB_VERSION_01) {
$this->clientError(_('Unknown version of OMB protocol.'));
return;
}
$nickname = $req->get_parameter('omb_listener_nickname');
if (!$nickname) {
$this->clientError(_('No nickname provided by remote server.'));
return;
}
$profile_url = $req->get_parameter('omb_listener_profile');
if (!$profile_url) {
$this->clientError(_('No profile URL returned by server.'));
return;
}
if (!Validate::uri($profile_url, array('allowed_schemes' => array('http', 'https')))) {
$this->clientError(_('Invalid profile URL returned by server.'));
return;
}
if ($profile_url == common_local_url('showstream', array('nickname' => $nickname))) {
$this->clientError(_('You can use the local subscription!'));
return;
}
common_debug('listenee: "' . $omb['listenee'] . '"', __FILE__);
$user = User::staticGet('nickname', $omb['listenee']);
if (!$user) {
$this->clientError(_('User being listened to doesn\'t exist.'));
return;
}
$other = User::staticGet('uri', $omb['listener']);
if ($other) {
$this->clientError(_('You can use the local subscription!'));
return;
}
$fullname = $req->get_parameter('omb_listener_fullname');
$homepage = $req->get_parameter('omb_listener_homepage');
$bio = $req->get_parameter('omb_listener_bio');
$location = $req->get_parameter('omb_listener_location');
$avatar_url = $req->get_parameter('omb_listener_avatar');
list($newtok, $newsecret) = $this->access_token($omb);
if (!$newtok || !$newsecret) {
$this->clientError(_('Couldn\'t convert request tokens to access tokens.'));
return;
}
# XXX: possible attack point; subscribe and return someone else's profile URI
$remote = Remote_profile::staticGet('uri', $omb['listener']);
if ($remote) {
$exists = true;
$profile = Profile::staticGet($remote->id);
$orig_remote = clone $remote;
$orig_profile = clone $profile;
# XXX: compare current postNotice and updateProfile URLs to the ones
# stored in the DB to avoid (possibly...) above attack
} else {
$exists = false;
$remote = new Remote_profile();
$remote->uri = $omb['listener'];
$profile = new Profile();
}
$profile->nickname = $nickname;
$profile->profileurl = $profile_url;
if (!is_null($fullname)) {
$profile->fullname = $fullname;
}
if (!is_null($homepage)) {
$profile->homepage = $homepage;
}
if (!is_null($bio)) {
$profile->bio = $bio;
}
if (!is_null($location)) {
$profile->location = $location;
}
if ($exists) {
$profile->update($orig_profile);
} else {
$profile->created = DB_DataObject_Cast::dateTime();
# current time
$id = $profile->insert();
if (!$id) {
$this->serverError(_('Error inserting new profile'));
return;
}
$remote->id = $id;
}
if ($avatar_url) {
if (!$this->add_avatar($profile, $avatar_url)) {
$this->serverError(_('Error inserting avatar'));
return;
}
}
$remote->postnoticeurl = $omb['post_notice_url'];
$remote->updateprofileurl = $omb['update_profile_url'];
if ($exists) {
if (!$remote->update($orig_remote)) {
$this->serverError(_('Error updating remote profile'));
return;
}
} else {
$remote->created = DB_DataObject_Cast::dateTime();
# current time
if (!$remote->insert()) {
$this->serverError(_('Error inserting remote profile'));
return;
}
}
if ($user->hasBlocked($profile)) {
$this->clientError(_('That user has blocked you from subscribing.'));
return;
}
$sub = new Subscription();
$sub->subscriber = $remote->id;
$sub->subscribed = $user->id;
$sub_exists = false;
if ($sub->find(true)) {
$sub_exists = true;
$orig_sub = clone $sub;
} else {
$sub_exists = false;
$sub->created = DB_DataObject_Cast::dateTime();
# current time
}
$sub->token = $newtok;
$sub->secret = $newsecret;
if ($sub_exists) {
$result = $sub->update($orig_sub);
} else {
$result = $sub->insert();
}
if (!$result) {
common_log_db_error($sub, $sub_exists ? 'UPDATE' : 'INSERT', __FILE__);
$this->clientError(_('Couldn\'t insert new subscription.'));
return;
}
# Notify user, if necessary
mail_subscribe_notify_profile($user, $profile);
# Clear the data
unset($_SESSION['oauth_authorization_request']);
# If we show subscriptions in reverse chron order, this should
# show up close to the top of the page
common_redirect(common_local_url('subscribers', array('nickname' => $user->nickname)));
}
