function validate() { // make sure that the user is uploading a file $this->_files = HttpVars::getFiles(); $this->_templateId = $this->_request->getValue("templateId"); $this->_subFolderId = $this->_request->getValue("subFolderId"); // check if there's any file to upload if (count($this->_files) != 1) { if (empty($this->_subFolderId)) { $this->_view = new PluginBlogTemplatesListView($this->_blogInfo, $this->_templateId); } else { $this->_view = new PluginBlogTemplateSubFolderListView($this->_blogInfo, $this->_templateId, $this->_subFolderId); } $this->_view->setErrorMessage($this->_locale - tr("error_must_upload_file")); $this->setCommonData(); return false; } if (!$this->isValidExtension($this->_files['resourceFile']['name'])) { if (empty($this->_subFolderId)) { $this->_view = new PluginBlogTemplatesListView($this->_blogInfo, $this->_templateId); } else { $this->_view = new PluginBlogTemplateSubFolderListView($this->_blogInfo, $this->_templateId, $this->_subFolderId); } $this->_view->setErrorMessage($this->_locale->tr("templateeditor_error_templatefile_extension")); $this->setCommonData(); return false; } return true; }
/** * Loads the current locale. It works so that it tries to fetch the parameter "lang" from the * request. If it's not available, then it will try to look for it in the session. If it is not * there either, it will try to guess the most prefered language according to what the User Agent * included in the HTTP_ACCEPT_LANGUAGE string sent with the request. If none matches available * languages we have to use the value of "default_locale" and display the default language. * * @private * @return Returns a reference to a Locale object */ function &_loadLocale() { $requestLocale =& $this->_request->getValue("lang"); $localeCode = ""; $serverVars =& HttpVars::getServer(); // check if there's something in the request... // if not, check the session or at least try to // guess the apropriate languege from the http_accept_lnaguage string if ($requestLocale) { // check if it's a valid one if (Locales::isValidLocale($requestLocale)) { $localeCode = $requestLocale; } } else { $sessionLocale =& SessionManager::getSessionValue("summaryLang"); if ($sessionLocale) { $localeCode = $sessionLocale; } elseif ($this->_config->getValue("use_http_accept_language_detection", HTTP_ACCEPT_LANGUAGE_DETECTION) == 1) { $localeCode =& $this->_matchHttpAcceptLanguages($serverVars['HTTP_ACCEPT_LANGUAGE']); } } // check if the locale code is correct // and as a valid resort, use the default one if the locale ist not valid or 'false' if ($localeCode === false || !Locales::isValidLocale($localeCode)) { $localeCode = $this->_config->getValue("default_locale"); } // now put whatever locale value back to the session SessionManager::setSessionValue("summaryLang", $localeCode); // load the correct locale $locale =& Locales::getLocale($localeCode); return $locale; }
function ResourceServerAction($actionInfo, $request) { $this->Action($actionInfo, $request); // keep the session for later use $session = HttpVars::getSession(); $this->_session = $session['SessionInfo']; $this->_config =& Config::getConfig(); }
/** * Carries out the specified action */ function perform() { // fetch the information coming from the resource $this->_description = Textfilter::filterAllHTML($this->_request->getValue("resourceDescription")); $this->_albumId = $this->_request->getValue("albumId"); $this->_resource = $this->_request->getValue("resourceFile"); // check if there is any file uploaded $files = HttpVars::getFiles(); // we probably need to rearrange the $files array a bit better... $this->_files = array(); foreach ($files as $file) { if ($file["error"] == 0 && $file["size"] > 0 && $file["name"] != "") { $this->_files[] = $file; } } // let the gallery library do its work... $resources = new GalleryResources(); $this->_view = new AdminResourcesListView($this->_blogInfo, array("albumId" => $this->_albumId)); $successMessage = ""; $errorMessage = ""; foreach ($this->_files as $file) { // create a new FileUpload object based on the file $upload = new FileUpload($file); // add the resource to the db $this->notifyEvent(EVENT_PRE_RESOURCE_ADD, array("upload" => &$upload)); $res = $resources->addResource($this->_blogInfo->getId(), $this->_albumId, $this->_description, $upload); // check if everything went fine and if not, show an error message if ($res > 0) { $successMessage .= $this->_locale->pr("resource_added_ok", $file["name"]) . "<br/>"; // try to fetch the resource so that we can send it in the event $resource = $resources->getResource($res, $this->_blogInfo->getId()); $this->notifyEvent(EVENT_POST_RESOURCE_ADD, array("resource" => &$resource)); } else { if ($res == GALLERY_ERROR_RESOURCE_FORBIDDEN_EXTENSION) { $errorMessage .= $this->_locale->pr("error_resource_forbidden_extension", $file["name"]) . "<br/>"; } elseif ($res == GALLERY_ERROR_RESOURCE_TOO_BIG) { $errorMessage .= $this->_locale->pr("error_resource_too_big", $file["name"]) . "<br/>"; } elseif ($res == GALLERY_ERROR_UPLOADS_NOT_ENABLED) { $errorMessage .= $this->_locale->tr("error_uploads_disabled") . "<br/>"; } elseif ($res == GALLERY_ERROR_QUOTA_EXCEEDED) { $errorMessage .= $this->_locale->tr("error_quota_exceeded") . "<br/>"; } else { $errorMessage .= $this->_locale->pr("error_adding_resource", $file["name"]) . "<br/>"; } } } // clear the cache no matter what happened... we should only clear it if there was at least one // file uploaded but this way is not that bad after all... CacheControl::resetBlogCache($this->_blogInfo->getId(), false); if ($successMessage != "") { $this->_view->setSuccessMessage($successMessage); } if ($errorMessage != "") { $this->_view->setErrorMessage($errorMessage); } $this->setCommonData(); return true; }
/** * @private */ function _getDestination() { $dest = HttpVars::getRequestValue("dest"); $val = new IntegerValidator(); if (!$val->validate($dest) || $dest < 1 || $dest > 3) { $dest = 1; } return $dest; }
/** * installs an uploaded template */ function _performUploadTemplate() { // handle the uploaded file $files = HttpVars::getFiles(); $uploads = new FileUploads($files); if (count($files) == 0 || $files["templateFile"]["name"] == "") { $this->_view = new AdminTemplatedView($this->_blogInfo, "newglobaltemplate"); $this->_view->setValue("templateFolder", TemplateSetStorage::getBaseTemplateFolder()); $this->_view->setErrorMessage($this->_locale->tr("error_must_upload_file")); $this->setCommonData(); return false; } $config =& Config::getConfig(); $tmpFolder = $config->getValue('temp_folder'); // move it to the temporary folder $result = $uploads->process($tmpFolder); // and from there, unpack it $upload = new FileUpload($files['templateFile']); $templateSandbox = new TemplateSandbox(); $valid = $templateSandbox->checkTemplateSet($upload->getFileName(), $tmpFolder . '/'); if ($valid < 0) { $this->_view = new AdminSiteTemplatesListView($this->_blogInfo); $this->_view->setErrorMessage($this->_checkTemplateSandboxResult($valid)); $this->setCommonData(); return false; } // the template was ok, so then we can proceed and move it to the main // template folder, add it to our array of templates // // :KLUDGE: // // maybe we should simply move the files rather than unpacking the whole // thing again, but this indeed makes things easier! ;) $unpacker = new Unpacker(); $templateFolder = $config->getValue('template_folder'); $fileToUnpack = $tmpFolder . '/' . $upload->getFileName(); if (!$unpacker->unpack($fileToUnpack, $templateFolder)) { $this->_view = new AdminSiteTemplatesListView($this->_blogInfo); $tf = new Textfilter(); $this->_view->setErrorMessage($this->_locale->pr('error_installing_template', $tf->filterAllHtml($upload->getFileName()))); $this->setCommonData(); return false; } // if the template set was installed ok in the template folder, we can record // it as a valid set $ts = new TemplateSetStorage(); $fileParts = explode(".", $upload->getFileName()); $templateName = $fileParts[0]; $ts->addTemplate($templateName); $this->_view = new AdminSiteTemplatesListView($this->_blogInfo); $this->_view->setSuccessMessage($this->_locale->pr('template_installed_ok', $templateName)); $this->setCommonData(); return true; }
function perform() { // get the search terms that have already been validated... $this->_searchTerms = $this->_request->getValue("searchTerms"); // check if the search feature is disabled in this site... $config =& Config::getConfig(); if (!$config->getValue("search_engine_enabled")) { $this->_view = new ErrorView($this->_blogInfo, "error_search_engine_disabled"); $this->setCommonData(); return false; } // create the view and make sure that it hasn't been cached $this->_view = new BlogTemplatedView($this->_blogInfo, VIEW_SEARCH_TEMPLATE, array("searchTerms" => $this->_searchTerms)); if ($this->_view->isCached()) { return true; } $searchEngine = new SearchEngine(); $searchResults = $searchEngine->search($this->_blogInfo->getId(), $this->_searchTerms); // MARKWU: I add the searchterms variable for smarty/plog template $searchTerms = $searchEngine->getAdaptSearchTerms($this->_searchTerms); // if no search results, return an error message if (count($searchResults) == 0) { $this->_view = new ErrorView($this->_blogInfo, "error_no_search_results"); $this->setCommonData(); return true; } // if only one search result, we can see it straight away if (count($searchResults) == 1) { // we have to refill the $_REQUEST array, since the next action // is going to need some of the parameters $request =& HttpVars::getRequest(); $searchResult = array_pop($searchResults); $article = $searchResult->getArticle(); $request["articleId"] = $article->getId(); $request["blogId"] = $this->_blogInfo->getId(); HttpVars::setRequest($request); // since there is only one article, we can use the ViewArticleAction action // to display that article, instead of copy-pasting the code and doing it here. // You just have to love MVC and OOP :) return Controller::setForwardAction("ViewArticle"); } // or else, show a list with all the posts that match the requested // search terms $this->_view->setValue("searchresults", $searchResults); // MARKWU: Now, I can use the searchterms to get the keyword $this->_view->setValue("searchterms", $searchTerms); // MARKWU: $config =& Config::getConfig(); $urlmode = $config->getValue("request_format_mode"); $this->_view->setValue("urlmode", $urlmode); $this->setCommonData(); return true; }
/** * Validate if everything is correct */ function validate() { // first of all, check if we have a valid blog id $this->_blogId = $this->_request->getValue("blogId"); if ($this->_blogId == "" || $this->_blogId < 0) { // check if the user really belongs to one or more blogs and if not, quit $users = new Users(); $userBlogs = $users->getUsersBlogs($this->_userInfo->getId(), BLOG_STATUS_ACTIVE); if (count($userBlogs) == 0) { $this->_view = new AdminSimpleErrorView(); $this->_view->setValue("message", $this->_locale->tr("error_dont_belong_to_any_blog")); return false; } // if everything went fine, then we can continue... $this->_view = new AdminDashboardView($this->_userInfo, $userBlogs); return false; } // load the blog $blogs = new Blogs(); $this->_blogInfo = $blogs->getBlogInfo($this->_blogId); // check if the blog really exists if (!$this->_blogInfo) { $this->_view = new AdminSimpleErrorView(); $this->_view->setValue("message", $this->_locale->tr("error_incorrect_blog_id")); return false; } // if so, check that it is active if ($this->_blogInfo->getStatus() != BLOG_STATUS_ACTIVE) { $this->_view = new AdminSimpleErrorView(); $this->_view->setValue("message", $this->_locale->tr("error_incorrect_blog_id")); return false; } // if the blog identifier is valid, now we should now check if the user belongs // to that blog so that we know for sure that nobody has tried to forge the // parameter in the meantime $userPermissions = new UserPermissions(); $blogUserPermissions = $userPermissions->getUserPermissions($this->_userInfo->getId(), $this->_blogInfo->getId()); if (!$blogUserPermissions) { $this->_view = new AdminSimpleErrorView(); $this->_view->setValue("message", $this->_locale->tr("error_no_permissions")); return false; } // if all correct, we can now set the blogInfo object in the session for later // use $this->_session->setValue("blogInfo", $this->_blogInfo); $session = HttpVars::getSession(); $session["SessionInfo"] = $this->_session; HttpVars::setSession($session); return true; }
/** * retrieves the current status from the request * * @private * @return nothing */ function getStatusFromRequest() { $status = HttpVars::getRequestValue("status"); // validate the value $val = new IntegerValidator(); if (!$val->validate($status)) { $status = UserStatus::getDefaultStatus(); } // if the value validated, check if it is a valid status if (!UserStatus::isValidStatus($status)) { $status = UserStatus::getDefaultStatus(); } return $status; }
function sessionInfoAvailable() { $session = HttpVars::getSession(); if (isset($session["SessionInfo"])) { $sessionInfo = $session["SessionInfo"]; $this->_blogInfo = $sessionInfo->getValue("blogInfo"); $this->_userInfo = $sessionInfo->getValue("userInfo"); if ($this->_blogInfo == "" || $this->_userInfo == "") { return false; } else { return true; } } else { return false; } }
function perform() { // check if the password is correct $secretItems = new SecretItems(); // if not, show another error if (!$secretItems->authenticateItem($this->_articleId, $this->_password)) { $this->_view = new ErrorView($this->_blogInfo, "Sorry, better luck next time!"); $this->setCommonData(); return false; } // but if correct, put the information in the session and try again $session = HttpVars::getSession(); $sessionKey = "article_" . $this->_articleId; $session["{$sessionKey}"] = "OK"; HttpVars::setSession($session); BlogController::setForwardAction("ViewArticle"); return true; }
/** * returns true if a given url is using a subdomain or not. It works by comparing * the url with "base_url" from the plog_config table. If they match, then the incoming * url is *not* using subdomains. Otherwise, it will return true * * @param url If null, use $_SERVER["HTTP_HOST"] * @return true if the given url is subdomained or not * @static */ function isSubdomainUrl($url = null) { // prepare the url if ($url == null) { $server = HttpVars::getServer(); $urlObject = new Url("http://" . $server["HTTP_HOST"]); } else { $urlObject = new Url($url); } // and now get the base_url $config =& Config::getConfig(); $baseUrlObject = new Url($config->getValue("base_url")); // and finally check if whether they match or not if ($urlObject->getHost() == $baseUrlObject->getHost()) { $isSubdomain = false; } else { $isSubdomain = true; } // return it... return $isSubdomain; }
/** * Carries out the specified action */ function perform() { $this->_view = new AdminDefaultView(); $this->notifyEvent(EVENT_PRE_LOGOUT); // remove all the information from the session $session = HttpVars::getSession(); $session["SessionInfo"] = null; unset($session["SessionInfo"]); $session = array(); HttpVars::setSession($session); session_destroy(); // and pass the locale to the template $config =& Config::getConfig(); $locale =& Locales::getLocale($config->getValue("default_locale")); $url =& $this->_blogInfo->getBlogRequestGenerator(); $blogTitle = $this->_blogInfo->getBlog(); $logoutMessage = $this->_locale->tr("logout_message") . "<br/>" . $locale->pr("logout_message_2", $url->blogLink(), $blogTitle); $this->_view->setSuccessMessage($logoutMessage); $this->notifyEvent(EVENT_POST_LOGOUT); // better to return true if everything fine return true; }
/** * Checks the given email address */ function validate($value) { if (empty($value)) { $this->_setError(false); return true; } list($userName, $domain) = explode("@", $value); $connectAddress = $domain; if (!Dns::checkdnsrr($domain, "A")) { $this->_setError(ERROR_RULE_EMAIL_DNS_SERVER_UNREACHABLE); return false; } if (Dns::checkdnsrr($domain, "MX") && Dns::getmxrr($domain, $mxHosts)) { $connectAddress = $mxHosts[0]; } if ($connect = fsockopen($connectAddress, 25)) { $out = fgets($connect, 1024); if (ereg("^220", $out)) { $server =& HttpVars::getServer(); fputs($connect, "HELO " . $server["HTTP_HOST"] . "\r\n"); $out = fgets($connect, 1024); fputs($connect, "MAIL FROM: <" . $value . ">\r\n"); $from = fgets($connect, 1024); fputs($connect, "RCPT TO: <" . $value . ">\r\n"); $to = fgets($connect, 1024); fputs($connect, "QUIT\r\n"); fclose($connect); if (!ereg("^250", $from) || !ereg("^250", $to)) { $this->_setError(ERROR_RULE_EMAIL_DNS_NOT_PERMITTED); return false; } } } else { $this->_setError(ERROR_RULE_EMAIL_DNS_SERVER_UNREACHABLE); return false; } return true; }
function _performUploadLocale() { // since we are here, the file name was validated to be ok, so we can // continue with the operation $files = HttpVars::getFiles(); $uploads = new FileUploads($files); $this->_view = new AdminSiteLocalesListView($this->_blogInfo); // we can first of all move the file to the destionation folder $result = $uploads->process($this->_config->getValue("locale_folder")); // the only thing that can happen is that the file was not correctly saved if ($result[0]->getError() != 0) { $this->_view->setErrorMessage($this->_locale->tr("error_saving_locale")); return false; } // and once it's there, we can do as if we were adding a locale code $upload = new FileUpload($files["localeFile"]); $res = preg_match(REGEXP_VALID_LOCALE, $upload->getFileName(), $matches); $localeCode = $matches[1]; // add the file to the list of locales $locales = new Locales(); $locales->addLocale($localeCode); $this->_view->setSuccessMessage($this->_locale->pr("locale_added_ok", $localeCode)); return true; }
/** * Saves the session data * @private */ function saveSession() { $this->_session->setValue("blogInfo", $this->_blogInfo); $this->_session->setValue("userInfo", $this->_userInfo); //$_SESSION["SessionInfo"] = $this->_session; $session = HttpVars::getSession(); $session["SessionInfo"] = $this->_session; HttpVars::setSession($session); }
//ini_set('memory_limit', "16M"); if (!defined("PLOG_CLASS_PATH")) { define("PLOG_CLASS_PATH", dirname(__FILE__) . "/"); } include_once PLOG_CLASS_PATH . "class/controller/blogcontroller.class.php"; include_once PLOG_CLASS_PATH . "class/net/http/session/sessionmanager.class.php"; include_once PLOG_CLASS_PATH . "class/dao/userinfo.class.php"; include_once PLOG_CLASS_PATH . "class/dao/bloginfo.class.php"; include_once PLOG_CLASS_PATH . "class/plugin/pluginmanager.class.php"; // just to make php use & as the separator when adding the PHPSESSID // variable to our requests ini_set("arg_seperator.output", "&"); ini_set("magic_quotes_runtime", 0); // // a security check, or else people might forget to remove the wizard.php script // if (File::isReadable("wizard.php")) { print "<span style=\"color:red\">The wizard.php script has to be removed after the installation process.</span><br/><br/>\n Please remove it first to continue."; die; } // initialize the session SessionManager::init(); $controller = new BlogController(); // load the plugins, this needs to be done *before* we call the // Controller::process() method, as some of the plugins _might_ // add new actions to the controller $pluginManager =& PluginManager::getPluginManager(); $pluginManager->loadPlugins(); // give control to the, ehem, controller :) $controller->process(HttpVars::getRequest(), "op"); //xdebug_dump_function_profile(4);
} return true; } /** * * whoa believe it or not, in pLog you can also find php code that is not within a class! :-) * * perhaps the code below should be cleaned up and put into a TrackbackServer class or something * like that but since it works the way it is, we'll leave it like it is! * */ // prepare everything... $config =& Config::getConfig(); // get the post and get parameters trackbackLog("** Request received"); $params = new Properties(HttpVars::getRequest()); dumpRequest($params); // check that they are correct and quit if they're not if ($params->getValue("id") == "" || $params->getValue("id") <= 0) { $result = errorResponse("Incorrect or missing id parameter."); print $result; trackbackLog("Sending error response: {$result}"); trackbackLog("** End"); die; } if ($params->getValue("url") == "") { $result = errorResponse("The url parameter must be present."); print $result; trackbackLog("Sending error response: {$result}"); trackbackLog("** End"); die;
if (!defined("PLOG_CLASS_PATH")) { define("PLOG_CLASS_PATH", dirname(__FILE__) . "/"); } include_once PLOG_CLASS_PATH . "class/config/config.class.php"; include_once PLOG_CLASS_PATH . "class/net/http/httpvars.class.php"; include_once PLOG_CLASS_PATH . "class/net/customurlhandler.class.php"; // get the configuration data $config =& Config::getConfig(); // in order to maintain compatilibity with previous version, and the alternative // format of search-engine friendly urls if ($config->getValue("request_format_mode") == SEARCH_ENGINE_FRIENDLY_MODE) { include_once PLOG_CLASS_PATH . "error.php"; die; } $server = HttpVars::getServer(); $requestParser = new CustomUrlHandler(); $requestParser->process($server["REQUEST_URI"]); $vars = $requestParser->getVars(); $params = $requestParser->getParams(); $includeFile = $requestParser->getIncludeFile(); // // fill in the request with the parameters we need // $vars["op"] = "op"; foreach ($vars as $key => $value) { if (is_array($params) && array_key_exists($key, $params) && $params["{$key}"] != "") { HttpVars::setRequestValue($vars["{$key}"], $params["{$key}"]); } } // and transfer execution to the main script include_once PLOG_CLASS_PATH . $includeFile;
* * To get this to work, we need a provider which allows to use * .htaccess files in their accounts and at the same time, allows * to have ErrorDocument directives in the .htaccess file. * * This should be the content of the file: * * ErrorDocument 401 /plog/error.php * ErrorDocument 403 /plog/error.php * ErrorDocument 404 /plog/error.php * * If pLog is running somewhere else other than /plog/, then that * should be changed since an absolute URL is required. */ $config =& Config::getConfig(); if ($config->getValue("request_format_mode") == SEARCH_ENGINE_FRIENDLY_MODE) { $server = HttpVars::getServer(); $request = HttpVars::getRequest(); $parts = split("/", $server["REQUEST_URI"]); $userParam = $parts[count($parts) - 1]; if (is_numeric($userParam)) { $request["blogId"] = $userParam; } else { $request["blogUserName"] = $userParam; } HttpVars::setRequest($request); $scriptName = $config->getValue("script_name", DEFAULT_SCRIPT_NAME); include_once PLOG_CLASS_PATH . $scriptName; } else { include_once PLOG_CLASS_PATH . "blog.php"; }
/** * sets a value in the session * * @param key the key assigned to this vlaue * @param value The value assigned * @return always true */ function setSessionValue($key, $value) { // switch that informs whether the session manager has already been initialized or not global $__sessionManagerInitialized; // check if the session manager has already been initialized if (!$__sessionManagerInitialized) { throw new Exception("SessionManager::init() must be called before SessionManager::getSessionValue()"); die; } // get the session and SessionInfo object $session = HttpVars::getSession(); $sessionInfo = $session["SessionInfo"]; // set the value and save it to the session $sessionInfo->setValue($key, $value); $session["SessionInfo"] = $sessionInfo; HttpVars::setSession($session); return true; }
/** * gets the current page from the HTTP request * * @return the page number from the request * @static */ function getCurrentPageFromRequest() { // get the value from the request $page = HttpVars::getRequestValue(VIEW_DEFAULT_PAGE_PARAMETER); // but first of all, validate it $val = new IntegerValidator(); if (!$val->validate($page)) { $page = VIEW_DEFAULT_START_PAGE; } return $page; }
/** * Processess the HTTP request sent by the client * * @param httpRequest HTTP request sent by the client */ function process($httpRequest) { // get the name of the action $request = new Request($httpRequest); $i = 0; $performed = false; while (!$performed) { // get the value of this varilable, every loop global $_plogController_forwardAction; global $_plogController_previousAction; // jondaley: 08/29/2005, what are these here for?? // perhaps the global statements should be moved // inside the elseif loop below? $_plogController_forwardAction; $_plogController_previousAction; if ($i == 0) { // if this is the first iteration, then we have to take this path... // since we will use the http request to determine which action to // use next $actionName = $request->getValue($this->_actionParam); $actionClass = $this->_getActionClassName($request->getValue($this->_actionParam)); } elseif (!empty($_plogController_forwardAction)) { // if we're forwarding the current execution flow to another action, then // we'll go this way $actionName = $_plogController_forwardAction; $actionClass = $this->_getActionClassName($_plogController_forwardAction); $httpRequest = HttpVars::getRequest(); $_plogController_forwardAction = null; } else { // if there's nothing else to do, finish $performed = true; } if (!$performed) { // load the class if it hasn't been loaded yet $this->loadActionClass($actionClass); $actionInfo = new ActionInfo($this->_actionParam, $actionName); $actionObject = new $actionClass($actionInfo, $httpRequest); $actionObject->setPreviousAction($_plogController_previousAction); // we can use the validate method to check the values of the form variables. If validate() // returns 'true', then we call the 'perform' method. If not, then we won't :) if ($actionObject->validate()) { if ($actionObject->perform()) { $actionObject->setSuccess(true); } else { $actionObject->setSuccess(false); } } } $i++; } // once the operation has been carried out, fetch and send the view // to the client $view = $actionObject->getView(); // this is not good... if (empty($view)) { $e = new Exception('The view is empty after calling the perform method.'); throw $e; } else { $view->render(); } }
/** * Carries out the action */ function perform() { // need to check the ip of the client $clientIp = Client::getIp(); // fetch the same article again so that we can have all the comments from // the database, plus this last one $articles = new Articles(); $article = $articles->getBlogArticle($this->_articleId, $this->_blogInfo->getId()); // check if the user wanted to receive comments for this article // or not... if ($article->getCommentsEnabled() == false) { $this->_view = new ErrorView($this->_blogInfo); $this->_view->setValue("message", "Comments have been disabled for this article."); $this->setCommonData(); return false; } $this->notifyEvent(EVENT_POST_LOADED, array("article" => &$article)); // we have already checked all the data, so we are sure that everything's in place $comments = new ArticleComments(); $comment = new UserComment($this->_articleId, $this->_parentId, $this->_commentTopic, $this->_commentText, null, $this->_userName, $this->_userEmail, $this->_userUrl, $clientIp); // check if there is already a comment with the same text, topic and made from the same // IP already in the database because if so, then we will not add the comment that // the user is trying to add (a reload button mistake, perhaps?) if (!$comments->getIdenticalComment($this->_commentTopic, $this->_commentText, $this->_articleId, $this->_parentId, $this->_userName, $this->_userEmail, $this->_userUrl, $clientIp)) { // fire an event $this->notifyEvent(EVENT_PRE_COMMENT_ADD, array("comment" => &$comment)); if (!$comments->addComment($comment)) { // show an error message if problems $this->_view = new ErrorView($this->_blogInfo); $this->_view->setValue("message", "error_adding_comment"); $this->setCommonData(); return false; } } // finally, check if there was any user who wanted to be notified of new comments // to this post... $notifier = new ArticleNotifications(); $notifier->notifyUsers($article->getId(), $this->_blogInfo); // fire the post event... $this->notifyEvent(EVENT_POST_COMMENT_ADD, array("comment" => &$comment)); // // clear caches. This should be done in a more granular way, because right now // we're either removing *all* of them or none. I guess we should only remove the // cache whose identifier corresponds with the blog and article that we just removed, // but let's leave it as it is for the time being... // CacheControl::resetBlogCache($this->_blogInfo->getId()); // clean up the request, there's a parameter called 'userName' also used by // ViewArticleAction but that doesn't have the same meaning so we better remove it // before it's too late! We also need to add a new request commentUserName to replace // original userName, in case developer need it in filter or event plugin. $request = HttpVars::getRequest(); $request["commentUserName"] = $request["userName"]; $request["userName"] = ""; HttpVars::setRequest($request); // forward the action to ViewArticleAction return BlogController::setForwardAction("ViewArticle"); }
function filter() { // get some info $blogInfo = $this->_pipelineRequest->getBlogInfo(); $request = $this->_pipelineRequest->getHttpRequest(); $session = HttpVars::getSession(); // get the article id from the request, since if it is available, then we know // that we have to ask for the password before we can let users watch it $articleId = $request->getValue("articleId"); // If we use custom url mode, the article id is not available, we need to use // - articleName // - userId // - categoryId // - date // and $articles->getBlogArticleByTitle() to find the value if ($articleId == "") { $articleName = $request->getValue("articleName"); $categoryId = $request->getValue("postCategoryId", -1); $categoryName = $request->getValue("postCategoryName"); $userId = $request->getValue("userId", -1); $userName = $request->getValue("userName"); $date = $request->getValue("Date", -1); // If userName available, use it to find userId if ($userName) { $users =& new Users(); $user = $users->getUserInfoFromUsername($userName); if (!$user) { $result = new PipelineResult(true); return $result; } // if there was a user, use his/her id $userId = $user->getId(); } // If categoryName available, use it to find categoryId if ($categoryName) { $categories =& new ArticleCategories(); $category = $categories->getCategoryByName($categoryName, $blogInfo->getId()); if (!$category) { $result = new PipelineResult(true); return $result; } // if there was a user, use his/her id $categoryId = $category->getId(); } // fetch the article // the article identifier can be either its internal id number or its mangled topic $articles =& new Articles(); $article = $articles->getBlogArticleByTitle($articleName, $blogInfo->getId(), false, $date, $categoryId, $userId, POST_STATUS_PUBLISHED); if ($article) { $articleId = $article->getId(); } else { $result = new PipelineResult(true); return $result; } } // check if the article should be protected or not $secretItems = new SecretItems(); if ($secretItems->articleIsSecret($articleId)) { // if so, first check if the password does not already exist in the session $itemPassword = $request->getValue("itemPassword"); // do we already have this information in the session? $sessionKey = "article_" . $articleId . "_auth"; if ($session["{$sessionKey}"] != "") { // check if the information is correct if ($secretItems->authenticateItemHash($articleId, $session["{$sessionKey}"])) { // if all correct, go ahead! $result = new PipelineResult(true); return $result; } } // if not, check if we are authenticating now... if ($itemPassword != "") { // authenticate using the given password if (!$secretItems->authenticateItem($articleId, $itemPassword)) { $result = new PipelineResult(false, 500, "Better luck next time!"); } else { // if the user authenticated correctly, then put the information in the session _debug("authenticated correctly!"); $session = HttpVars::getSession(); $session["{$sessionKey}"] = md5($itemPassword); $result = new PipelineResult(true); HttpVars::setSession($session); } } else { $ts = new TemplateService(); $t = $ts->PluginTemplate("secret", "passwordform"); $t->assign("locale", $blogInfo->getLocale()); $t->assign("params", $request->getAsArray()); $t->assign("articleId", $articleId); $t->assign("url", RequestGenerator::getRequestGenerator($blogInfo)); $message = $t->fetch(); $result = new PipelineResult(false, 500, $message); } return $result; } // if everything went fine, we can say so by returning // a positive PipelineResult object $result = new PipelineResult(true); return $result; }
/** * Returns the base URL of the script * * @return A string containing the base URL of the script * @static */ function getBaseUrl() { $serverVars = HttpVars::getServer(); if (!isset($serverVars['HTTPS']) || strtolower($serverVars['HTTPS']) != 'on') { $protocol = 'http://'; } else { $protocol = 'https://'; } $host = $serverVars["HTTP_HOST"]; $scriptUrl = $serverVars["PHP_SELF"]; return $protocol . $host . $scriptUrl; }
function _performUploadTemplate() { // get the temporary folder $config =& Config::getConfig(); $tmpFolder = $config->getValue("temp_folder"); // move it to the temporary folder $files = HttpVars::getFiles(); if (count($files) == 0 || $files["templateFile"]["name"] == "") { $this->_view = new AdminTemplatedView($this->_blogInfo, "newblogtemplate"); $this->_view->setValue("templateFolder", TemplateSetStorage::getBlogBaseTemplateFolder($this->_blogInfo->getId())); $this->_view->setErrorMessage($this->_locale->tr("error_must_upload_file")); $this->setCommonData(); return false; } $uploads = new FileUploads($files); $result = $uploads->process($tmpFolder); if ($result < 0) { $this->_view = new AdminBlogTemplateSetsListView($this->_blogInfo); $this->_view->setErrorMessage($this->_locale->tr("error_uploads_disabled")); $this->setCommonData(); return false; } $upload = new FileUpload($files["templateFile"]); // and make it go through the template sandbox to check if // we're dealing with a 'healthy' file $templateSandbox = new TemplateSandbox(); $valid = $templateSandbox->checkTemplateSet($upload->getFileName(), $tmpFolder . "/"); if ($valid < 0) { $this->_view = new AdminBlogTemplateSetsListView($this->_blogInfo); $this->_view->setErrorMessage(AdminAddTemplateAction::_checkTemplateSandboxResult($valid)); $this->setCommonData(); return false; } // // :KLUDGE: // // maybe we should simply move the files rather than unpacking the whole // thing again, but this indeed makes things easier! ;) // // since it is a local template, the path has to be $template_folder/blog_x/$templateName $ts = new TemplateSetStorage(); $blogTemplateFolder = $ts->createBlogTemplateFolder($this->_blogInfo->getId()); // it should be there now... we can continue $destFolder = $blogTemplateFolder . "/"; $unpacker = new Unpacker(); if (!$unpacker->unpack($tmpFolder . "/" . $upload->getFileName(), $destFolder)) { $this->_view = new AdminBlogTemplateSetsListView($this->_blogInfo); $this->_view->setErrorMessage($this->_locale->tr("error_installing_template")); $this->setCommonData(); // remove the file before returning! File::delete($tmpFolder . "/" . $upload->getFileName()); return false; } // if the template set was installed ok in the template folder, we can record // it as a valid set $fileParts = explode(".", $upload->getFileName()); $templateName = $fileParts[0]; $ts->addTemplate($templateName, $this->_blogInfo->getId()); // remove the file File::delete($tmpFolder . "/" . $upload->getFileName()); $this->_view = new AdminBlogTemplateSetsListView($this->_blogInfo); $this->_view->setSuccessMessage($this->_locale->pr("template_installed_ok", $templateName)); $this->setCommonData(); return true; }
/** * Carries out the specified action */ function perform() { // get the parameters, which have already been validated $this->_userName = Textfilter::filterAllHTML($this->_request->getValue("userName")); $this->_userPassword = $this->_request->getValue("userPassword"); $this->_op = Textfilter::filterAllHTML($this->_request->getValue("op")); // create a plugin manager $pm =& PluginManager::getPluginManager(); // try to authenticate the user $users = new Users(); if (!$users->authenticateUser($this->_userName, $this->_userPassword)) { $this->_view = new AdminDefaultView(); $this->_view->setErrorMessage($this->_locale->tr("error_incorrect_username_or_password")); $this->setCommonData(); $pm->notifyEvent(EVENT_LOGIN_FAILURE, array("user" => $this->_userName)); return false; } // if the user is correct, get and put his or her information in the session $userInfo = $users->getUserInfo($this->_userName, $this->_userPassword); if (!$userInfo) { $this->_view = new AdminDefaultView(); $this->_view->setErrorMessage($this->_locale->tr("error_incorrect_username_or_password")); $this->setCommonData(); $pm->notifyEvent(EVENT_LOGIN_FAILURE, array("user" => $this->_userName)); return false; } $pm->notifyEvent(EVENT_USER_LOADED, array("user" => &$userInfo, "from" => "Login")); //$sessionInfo = $_SESSION["SessionInfo"]; $session = HttpVars::getSession(); $sessionInfo = $session["SessionInfo"]; $sessionInfo->setValue("userInfo", $userInfo); $session["SessionInfo"] = $sessionInfo; HttpVars::setSession($session); // get the list of blogs to which the user belongs $userBlogs = $users->getUsersBlogs($userInfo->getId(), BLOG_STATUS_ACTIVE); // but if he or she does not belong to any yet, we quit if (empty($userBlogs)) { $this->_view = new AdminDefaultView(); $this->_view->setErrorMessage($this->_locale->tr("error_dont_belong_to_any_blog")); $this->setCommonData(); return false; } $pm->notifyEvent(EVENT_BLOGS_LOADED, array("blogs" => &$userBlogs, "from" => "Login")); // check if we are skipping the dashboard if ($this->_config->getValue("skip_dashboard")) { // get the first blog that came $this->_blogInfo = end($userBlogs); // set it in the session $session = HttpVars::getSession(); $session["SessionInfo"]->setValue("blogInfo", $this->_blogInfo); HttpVars::setSession($session); // and then continue... AdminController::setForwardAction("newPost"); } else { $this->_view = new AdminDashboardView($userInfo, $userBlogs); } // better to return true if everything's fine return true; }
/** * Saves the information from the session */ function saveSession() { //$_SESSION['SessionInfo'] = $this->_session; $session = HttpVars::getSession(); $session['SessionInfo'] = $this->_session; HttpVars::setSession($session); }
include_once PLOG_CLASS_PATH . "class/data/timestamp.class.php"; include_once PLOG_CLASS_PATH . "class/net/http/httpvars.class.php"; include_once PLOG_CLASS_PATH . "class/dao/articles.class.php"; include_once PLOG_CLASS_PATH . "class/data/timestamp.class.php"; include_once PLOG_CLASS_PATH . "class/config/config.class.php"; include_once PLOG_CLASS_PATH . "class/gallery/dao/galleryresources.class.php"; include_once PLOG_CLASS_PATH . "class/gallery/dao/galleryalbums.class.php"; include_once PLOG_CLASS_PATH . "plugins/moblog/class/log/mobloglogger.class.php"; include_once PLOG_CLASS_PATH . "plugins/moblog/class/moblog/moblogrequest.class.php"; include_once PLOG_CLASS_PATH . "plugins/moblog/class/moblog/moblogresponse.class.php"; include_once PLOG_CLASS_PATH . "plugins/moblog/class/moblog/moblogconstants.properties.php"; include_once PLOG_CLASS_PATH . "class/template/cachecontrol.class.php"; // initialize the logging system MoblogLogger::log("-- Initialized"); // get the request $request = HttpVars::getRequest(); $message = $request["message"]; if ($message == "") { MoblogLogger::log("There was no message!"); die; } // check if we need to remove any quotes.. if (get_magic_quotes_gpc()) { $message = stripslashes($message); } MoblogLogger::log("-- message --"); MoblogLogger::log($message); MoblogLogger::log("-- end --"); // parse the message $request = new MoblogRequest($request); // let's see what we get...