public function execute(HTTPRequestCustom $request) { $id = $request->get_getint('id', 0); if (!empty($id)) { try { $this->weblink = WebService::get_weblink('WHERE web.id = :id', array('id' => $id)); } catch (RowNotFoundException $e) { $error_controller = PHPBoostErrors::unexisting_page(); DispatchManager::redirect($error_controller); } } if ($this->weblink !== null && !DownloadAuthorizationsService::check_authorizations($this->weblink->get_id_category())->read()) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } else { if ($this->weblink !== null && $this->weblink->is_visible()) { $this->weblink->set_number_views($this->weblink->get_number_views() + 1); WebService::update_number_views($this->weblink); WebCache::invalidate(); AppContext::get_response()->redirect($this->weblink->get_url()->absolute()); } else { $error_controller = PHPBoostErrors::unexisting_page(); DispatchManager::redirect($error_controller); } } }
private function check_authorizations() { if (!(CalendarAuthorizationsService::check_authorizations()->write() || CalendarAuthorizationsService::check_authorizations()->contribution() || CalendarAuthorizationsService::check_authorizations()->moderation())) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } }
private function check_authorizations() { if (!BugtrackerAuthorizationsService::check_authorizations()->read()) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } }
private function check_authorizations() { if (!NewsletterAuthorizationsService::check_authorizations()->subscribe()) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } }
private function check_authorizations() { $id_cat = $this->get_category()->get_id(); if (!CalendarAuthorizationsService::check_authorizations($id_cat)->read()) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } }
public function execute(HTTPRequestCustom $request) { $this->init(); if (!$this->user->check_level(User::MEMBER_LEVEL)) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } $this->build_form(); return $this->build_response($this->tpl); }
private function check_authorizations() { if (!BugtrackerAuthorizationsService::check_authorizations()->moderation() && $this->current_user->get_id() != $this->bug->get_assigned_to_id()) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } if (AppContext::get_current_user()->is_readonly()) { $controller = PHPBoostErrors::user_in_read_only(); DispatchManager::redirect($controller); } }
private function check_authorizations() { if (!$this->downloadfile->is_authorized_to_delete()) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } if (AppContext::get_current_user()->is_readonly()) { $error_controller = PHPBoostErrors::user_in_read_only(); DispatchManager::redirect($error_controller); } }
private function check_authorizations(ShoutboxMessage $message) { if (!$message->is_authorized_to_delete()) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } if (AppContext::get_current_user()->is_readonly()) { $controller = PHPBoostErrors::user_in_read_only(); DispatchManager::redirect($controller); } }
private function check_authorizations() { if (!$this->event->get_content()->is_registration_authorized()) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } if (time() > $this->event->get_start_date()->get_timestamp()) { $error_controller = new UserErrorController(LangLoader::get_message('error', 'status-messages-common'), LangLoader::get_message('calendar.notice.unsuscribe.event_date_expired', 'common', 'calendar')); DispatchManager::redirect($error_controller); } if (AppContext::get_current_user()->is_readonly()) { $error_controller = PHPBoostErrors::user_in_read_only(); DispatchManager::redirect($error_controller); } }
public function execute(HTTPRequestCustom $request) { $id = $request->get_getint('id', 0); if (!empty($id)) { try { $this->downloadfile = DownloadService::get_downloadfile('WHERE download.id = :id', array('id' => $id)); } catch (RowNotFoundException $e) { $error_controller = PHPBoostErrors::unexisting_page(); DispatchManager::redirect($error_controller); } } if ($this->downloadfile !== null && !DownloadAuthorizationsService::check_authorizations($this->downloadfile->get_id_category())->read()) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } else { if ($this->downloadfile !== null && $this->downloadfile->is_visible()) { $this->downloadfile->set_number_downloads($this->downloadfile->get_number_downloads() + 1); DownloadService::update_number_downloads($this->downloadfile); DownloadCache::invalidate(); $status = 200; $file_headers = get_headers($this->downloadfile->get_url()->absolute(), true); if (is_array($file_headers)) { if (preg_match('/^HTTP\\/[12]\\.[01] (\\d\\d\\d)/', $file_headers[0], $matches)) { $status = (int) $matches[1]; } } if ($status == 200) { header('Content-Disposition: attachment; filename="' . urldecode(basename($this->downloadfile->get_url()->absolute())) . '"'); header('Content-Description: File Transfer'); header('Content-Transfer-Encoding: binary'); header('Accept-Ranges: bytes'); header('Content-Type: application/force-download'); set_time_limit(0); readfile($this->downloadfile->get_url()->absolute()); } else { $error_controller = new UserErrorController(LangLoader::get_message('error', 'status-messages-common'), LangLoader::get_message('download.message.error.file_not_found', 'common', 'download'), UserErrorController::WARNING); DispatchManager::redirect($error_controller); } } else { $error_controller = PHPBoostErrors::unexisting_page(); DispatchManager::redirect($error_controller); } } }
public function execute(HTTPRequestCustom $request) { AppContext::get_session()->csrf_get_protect(); $news = $this->get_news($request); if (!$news->is_authorized_to_delete()) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } if (AppContext::get_current_user()->is_readonly()) { $controller = PHPBoostErrors::user_in_read_only(); DispatchManager::redirect($controller); } NewsService::delete('WHERE id=:id', array('id' => $news->get_id())); NewsService::get_keywords_manager()->delete_relations($news->get_id()); PersistenceContext::get_querier()->delete(DB_TABLE_EVENTS, 'WHERE module=:module AND id_in_module=:id', array('module' => 'news', 'id' => $news->get_id())); CommentsService::delete_comments_topic_module('news', $news->get_id()); Feed::clear_cache('news'); AppContext::get_response()->redirect($request->get_url_referrer() ? $request->get_url_referrer() : NewsUrlBuilder::home(), StringVars::replace_vars(LangLoader::get_message('news.message.success.delete', 'common', 'news'), array('name' => $news->get_name()))); }
public function execute(HTTPRequestCustom $request) { $this->init(); $user_id = $request->get_getint('user_id', AppContext::get_current_user()->get_id()); try { $this->user = UserService::get_user($user_id); } catch (RowNotFoundException $e) { $error_controller = PHPBoostErrors::unexisting_element(); DispatchManager::redirect($error_controller); } try { $this->internal_auth_infos = PHPBoostAuthenticationMethod::get_auth_infos($user_id); } catch (RowNotFoundException $e) { } $this->user_auth_types = AuthenticationService::get_user_types_authentication($user_id); if (!$this->check_authorizations($user_id)) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } $associate_type = $request->get_getvalue('associate', false); if ($associate_type) { if (!in_array($associate_type, $this->user_auth_types)) { $authentication_method = AuthenticationService::get_authentication_method($associate_type); AuthenticationService::associate($authentication_method, $user_id); AppContext::get_response()->redirect(UserUrlBuilder::edit_profile($user_id)); } } $dissociate_type = $request->get_getvalue('dissociate', false); if ($dissociate_type) { if (in_array($dissociate_type, $this->user_auth_types) && count($this->user_auth_types) > 1) { $authentication_method = AuthenticationService::get_authentication_method($dissociate_type); AuthenticationService::dissociate($authentication_method, $user_id); AppContext::get_response()->redirect(UserUrlBuilder::edit_profile($user_id)); } } $this->build_form(); if ($this->submit_button->has_been_submited() && $this->form->validate()) { $this->save($request); } $this->tpl->put('FORM', $this->form->display()); return $this->build_response(); }
private function check_authorizations() { $weblink = $this->get_weblink(); $not_authorized = !WebAuthorizationsService::check_authorizations($weblink->get_id_category())->moderation() && (!WebAuthorizationsService::check_authorizations($weblink->get_id_category())->write() && $weblink->get_author_user()->get_id() != AppContext::get_current_user()->get_id()); switch ($weblink->get_approbation_type()) { case WebLink::APPROVAL_NOW: if (!WebAuthorizationsService::check_authorizations($weblink->get_id_category())->read() && $not_authorized) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } break; case WebLink::NOT_APPROVAL: if ($not_authorized) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } break; case WebLink::APPROVAL_DATE: if (!$weblink->is_visible() && $not_authorized) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } break; default: $error_controller = PHPBoostErrors::unexisting_page(); DispatchManager::redirect($error_controller); break; } }
private function check_authorizations() { $article = $this->get_article(); $auth_write = ArticlesAuthorizationsService::check_authorizations($article->get_id_category())->write(); $auth_moderation = ArticlesAuthorizationsService::check_authorizations($article->get_id_category())->moderation(); $not_authorized = !$auth_moderation && (!$auth_write && $article->get_author_user()->get_id() != AppContext::get_current_user()->get_id()); switch ($article->get_publishing_state()) { case Article::PUBLISHED_NOW: if (!ArticlesAuthorizationsService::check_authorizations($article->get_id_category())->read() && $not_authorized) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } break; case Article::NOT_PUBLISHED: if ($not_authorized) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } break; case Article::PUBLISHED_DATE: if (!$article->is_published() && $not_authorized) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } break; default: $error_controller = PHPBoostErrors::unexisting_page(); DispatchManager::redirect($error_controller); break; } }
private function get_error($authorizations_type) { DispatchManager::redirect(PHPBoostErrors::user_not_authorized()); return; }
public function get_right_controller_regarding_authorizations() { if (!AppContext::get_current_user()->check_auth(UserAccountsConfig::load()->get_auth_read_members(), UserAccountsConfig::AUTH_READ_MEMBERS_BIT)) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } return $this; }
public function get_right_controller_regarding_authorizations() { if (!AppContext::get_current_user()->check_auth(CommentsConfig::load()->get_authorizations(), CommentsAuthorizations::READ_AUTHORIZATIONS)) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } return $this; }
$error_controller = PHPBoostErrors::unexisting_page(); DispatchManager::redirect($error_controller); } $category = ForumService::get_categories_manager()->get_categories_cache()->get_category($topic['idcat']); $topic_name = !empty($topic['title']) ? stripslashes($topic['title']) : ''; $Bread_crumb->add($config->get_forum_name(), 'index.php'); $Bread_crumb->add($category->get_name(), 'forum' . url('.php?id=' . $topic['idcat'], '-' . $topic['idcat'] . '+' . $category->get_rewrited_name() . '.php')); $Bread_crumb->add($topic['title'], 'topic' . url('.php?id=' . $alert, '-' . $alert . '-' . Url::encode_rewrite($topic_name) . '.php')); $Bread_crumb->add($LANG['alert_topic'], ''); define('TITLE', $LANG['alert_topic']); require_once '../kernel/header.php'; if (empty($alert) && empty($alert_post) || empty($topic['idcat'])) { AppContext::get_response()->redirect('/forum/index' . url('.php')); } if (!AppContext::get_current_user()->check_level(User::MEMBER_LEVEL)) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } $tpl = new FileTemplate('forum/forum_alert.tpl'); //On fait un formulaire d'alerte if (!empty($alert) && empty($alert_post)) { //On vérifie qu'une alerte sur le même sujet n'ait pas été postée $nbr_alert = PersistenceContext::get_querier()->count(PREFIX . 'forum_alerts', 'WHERE idtopic=:idtopic AND status = 0', array('idtopic' => $alert)); if (empty($nbr_alert)) { $editor = AppContext::get_content_formatting_service()->get_default_editor(); $editor->set_identifier('contents'); $tpl->put_all(array('KERNEL_EDITOR' => $editor->display(), 'L_ALERT' => $LANG['alert_topic'], 'L_ALERT_EXPLAIN' => $LANG['alert_modo_explain'], 'L_ALERT_TITLE' => $LANG['alert_title'], 'L_ALERT_CONTENTS' => $LANG['alert_contents'], 'L_REQUIRE' => LangLoader::get_message('form.explain_required_fields', 'status-messages-common'), 'L_REQUIRE_TEXT' => $LANG['require_text'], 'L_REQUIRE_TITLE' => $LANG['require_title'])); $tpl->assign_block_vars('alert_form', array('TITLE' => $topic_name, 'U_TOPIC' => 'topic' . url('.php?id=' . $alert, '-' . $alert . '-' . Url::encode_rewrite($topic_name) . '.php'), 'ID_ALERT' => $alert)); } else { $tpl->put_all(array('L_ALERT' => $LANG['alert_topic'], 'L_BACK_TOPIC' => $LANG['alert_back'], 'URL_TOPIC' => 'topic' . url('.php?id=' . $alert, '-' . $alert . '-' . Url::encode_rewrite($topic_name) . '.php'))); $tpl->assign_block_vars('alert_confirm', array('MSG' => $LANG['alert_topic_already_done']));
$tpl->put_all(array('ID' => $page_infos['id'], 'TITLE' => stripslashes(stripslashes($page_infos['title'])), 'CONTENTS' => pages_second_parse($page_infos['contents']), 'COUNT_HITS' => $page_infos['count_hits'] ? sprintf($LANG['page_hits'], $page_infos['hits'] + 1) : ' ', 'L_LINKS' => $LANG['pages_links_list'], 'L_PAGE_OUTILS' => $LANG['pages_links_list'])); $tpl->display(); } elseif ((!empty($encoded_title) || $id_com > 0) && $num_rows == 0) { $error_controller = PHPBoostErrors::unexisting_page(); DispatchManager::redirect($error_controller); } elseif ($id_com > 0) { //Commentaires activés pour cette page ? if ($page_infos['activ_com'] == 0) { DispatchManager::redirect(PHPBoostErrors::unexisting_page()); } //Autorisation particulière ? $special_auth = !empty($page_infos['auth']); $array_auth = unserialize($page_infos['auth']); //Vérification de l'autorisation de voir la page if ($special_auth && !AppContext::get_current_user()->check_auth($array_auth, READ_PAGE) || !$special_auth && !AppContext::get_current_user()->check_auth($config_authorizations, READ_PAGE) && ($special_auth && !AppContext::get_current_user()->check_auth($array_auth, READ_COM)) || !$special_auth && !AppContext::get_current_user()->check_auth($config_authorizations, READ_COM)) { DispatchManager::redirect(PHPBoostErrors::user_not_authorized()); } $tpl = new FileTemplate('pages/com.tpl'); $comments_topic = new PagesCommentsTopic(); $comments_topic->set_id_in_module($id_com); $comments_topic->set_url(new Url(PagesUrlBuilder::get_link_item_com($id_com, '%s'))); $tpl->put_all(array('COMMENTS' => CommentsService::display($comments_topic)->render())); $tpl->display(); } else { $modulesLoader = AppContext::get_extension_provider_service(); $module = $modulesLoader->get_provider('pages'); if ($module->has_extension_point(HomePageExtensionPoint::EXTENSION_POINT)) { echo $module->get_extension_point(HomePageExtensionPoint::EXTENSION_POINT)->get_home_page()->get_view()->display(); } } require_once '../kernel/footer.php';
private function check_authorizations() { $bug = $this->get_bug(); if ($bug->get_id() === null) { if (!$bug->is_authorized_to_add()) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } } else { if (!($bug->is_authorized_to_edit() || $bug->get_assigned_to_id() && $this->current_user->get_id() == $bug->get_assigned_to_id())) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } } if (AppContext::get_current_user()->is_readonly()) { $error_controller = PHPBoostErrors::user_in_read_only(); DispatchManager::redirect($error_controller); } }
private function check_authorizations() { $event = $this->get_event(); if (!CalendarAuthorizationsService::check_authorizations($event->get_content()->get_category_id())->read() && (!(CalendarAuthorizationsService::check_authorizations($event->get_content()->get_category_id())->write() || CalendarAuthorizationsService::check_authorizations($event->get_content()->get_category_id())->contribution() && !$event->get_content()->is_approved()) && $event->get_content()->get_author_user()->get_id() != AppContext::get_current_user()->get_id())) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } }
private function check_authorizations() { $message = $this->get_message(); if ($message->get_id() === null) { if (!GuestbookAuthorizationsService::check_authorizations()->write()) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } } else { if (!$message->is_authorized_edit()) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } } if (AppContext::get_current_user()->is_readonly()) { $controller = PHPBoostErrors::user_in_read_only(); DispatchManager::redirect($controller); } }
private function check_authorizations() { if (AppContext::get_current_user()->is_guest()) { if ($this->config->are_descriptions_displayed_to_guests() && (!Authorizations::check_auth(RANK_TYPE, User::MEMBER_LEVEL, $this->get_category()->get_authorizations(), Category::READ_AUTHORIZATIONS) || $this->config->get_category_display_type() == DownloadConfig::DISPLAY_ALL_CONTENT) || !$this->config->are_descriptions_displayed_to_guests() && !DownloadAuthorizationsService::check_authorizations($this->get_category()->get_id())->read()) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } } else { if (!DownloadAuthorizationsService::check_authorizations($this->get_category()->get_id())->read()) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } } }
private static function register_notation(Notation $notation) { if (self::$user->check_level(User::MEMBER_LEVEL)) { $note_is_valid = $notation->get_note() >= 0 && $notation->get_note() <= $notation->get_notation_scale() ? true : false; $member_already_notation = self::$db_querier->count(DB_TABLE_NOTE, 'WHERE user_id=:user_id AND module_name=:module_name AND id_in_module=:id_in_module', array('module_name' => $notation->get_module_name(), 'id_in_module' => $notation->get_id_in_module(), 'user_id' => $notation->get_user_id())); if (!$member_already_notation && $note_is_valid) { self::$db_querier->insert(DB_TABLE_NOTE, array('module_name' => $notation->get_module_name(), 'id_in_module' => $notation->get_id_in_module(), 'user_id' => $notation->get_user_id(), 'note' => $notation->get_note())); $condition = 'WHERE module_name=:module_name AND id_in_module=:id_in_module'; $parameters = array('module_name' => $notation->get_module_name(), 'id_in_module' => $notation->get_id_in_module()); $nbr_notes = self::$db_querier->count(DB_TABLE_AVERAGE_NOTES, $condition, $parameters); if ($nbr_notes == 0) { self::$db_querier->insert(DB_TABLE_AVERAGE_NOTES, array('module_name' => $notation->get_module_name(), 'id_in_module' => $notation->get_id_in_module(), 'average_notes' => self::calculates_average_notes($notation), 'number_notes' => 1)); } else { self::$db_querier->update(DB_TABLE_AVERAGE_NOTES, array('average_notes' => self::calculates_average_notes($notation), 'number_notes' => self::get_number_notes($notation) + 1), $condition, $parameters); } } } else { DispatchManager::redirect(PHPBoostErrors::user_not_authorized()); } }
private function check_authorizations() { $downloadfile = $this->get_downloadfile(); if ($downloadfile->get_id() === null) { if (!$downloadfile->is_authorized_to_add()) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } } else { if (!$downloadfile->is_authorized_to_edit()) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } } if (AppContext::get_current_user()->is_readonly()) { $controller = PHPBoostErrors::user_in_read_only(); DispatchManager::redirect($controller); } }
private static function verificate_authorized_edit_or_delete_comment($authorizations, $comment_id) { $is_authorized = self::is_authorized_edit_or_delete_comment($authorizations, $comment_id); if (!CommentsManager::comment_exists($comment_id)) { $error_controller = PHPBoostErrors::unexisting_page(); DispatchManager::redirect($error_controller); } else { if (!$is_authorized) { $error_controller = PHPBoostErrors::user_not_authorized(); DispatchManager::redirect($error_controller); } } }