function deletePage($key) { global $dbPages; global $Language; if ($dbPages->delete($key)) { Alert::set($Language->g('The page has been deleted successfully')); Redirect::page('admin', 'manage-pages'); } else { Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to delete the page.'); } }
function addPage($args) { global $dbPages; global $Language; // Add the page. if ($dbPages->add($args)) { Alert::set($Language->g('Page added successfully')); Redirect::page('admin', 'manage-pages'); } else { Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to create the page.'); } }
function deletePost($key) { global $dbPosts; global $Language; if ($dbPosts->delete($key)) { // Reindex tags, this function is in 70.posts.php reIndexTagsPosts(); Alert::set($Language->g('The post has been deleted successfully')); Redirect::page('admin', 'manage-posts'); } else { Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to delete the post.'); } }
function deletePage($key) { global $dbPages; global $Language; if ($dbPages->delete($key)) { // Call the plugins after post created. Theme::plugins('afterPageDelete'); Alert::set($Language->g('The page has been deleted successfully')); Redirect::page('admin', 'manage-pages'); } else { Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to delete the page.'); } }
function addPost($args) { global $dbPosts; global $Language; // Add the page. if ($dbPosts->add($args)) { // Reindex tags, this function is in 70.posts.php reIndexTagsPosts(); Alert::set($Language->g('Post added successfully')); Redirect::page('admin', 'manage-posts'); } else { Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to create the post.'); } return false; }
function addPage($args) { global $dbPages; global $Language; // Add the page, if the $key is FALSE the creation of the post failure. $key = $dbPages->add($args); if ($key) { // Call the plugins after page created. Theme::plugins('afterPageCreate'); // Alert the user Alert::set($Language->g('Page added successfully')); Redirect::page('admin', 'manage-pages'); } else { Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to create the page.'); } }
function addPost($args) { global $dbPosts; global $Language; // Page status, published or draft. if (isset($args['publish'])) { $args['status'] = "published"; } else { $args['status'] = "draft"; } // Add the page. if ($dbPosts->add($args)) { Alert::set($Language->g('Post added successfully')); Redirect::page('admin', 'manage-posts'); } else { Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to create the post.'); } }
function addPost($args) { global $dbPosts; global $Language; // Add the page, if the $key is FALSE the creation of the post failure. $key = $dbPosts->add($args); if ($key) { // Reindex tags, this function is in 70.posts.php reIndexTagsPosts(); // Call the plugins after post created. Theme::plugins('afterPostCreate'); // Alert for the user Alert::set($Language->g('Post added successfully')); Redirect::page('admin', 'manage-posts'); } else { Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to create the post.'); } return false; }
function checkGet($args) { global $Security; global $Language; global $Login; if ($Security->isBlocked()) { Alert::set($Language->g('IP address has been blocked') . '<br>' . $Language->g('Try again in a few minutes')); return false; } // Verify User sanitize the input if ($Login->verifyUserByToken($args['username'], $args['tokenEmail'])) { // Renew the tokenCRFS. This token will be the same inside the session for multiple forms. $Security->generateToken(); Redirect::page('admin', 'dashboard'); return true; } // Bruteforce protection, add IP to blacklist. $Security->addLoginFail(); return false; }
public function restore($file) { global $Language; // get the absolute path to $file $serveur = pluginBackup::full_path(); // redirection $zip = new ZipArchive(); $res = $zip->open($file); $removeDir = pluginBackup::removeDir(PATH_CONTENT); if ($res === TRUE) { $removeDir; // Y ESO PARA QUE? if (!is_dir(PATH_CONTENT) && (!@mkdir(PATH_CONTENT) || !@chmod(PATH_CONTENT, 0777))) { } // extract it to the path we determined above $zip->extractTo(PATH_CONTENT); $zip->close(); Alert::set($Language->get("Archive is restored!")); Redirect::page('admin', 'configure-plugin/pluginBackup'); } else { Alert::set($Language->get("There was a problem to restore the ZIP archive")); Redirect::page('admin', 'configure-plugin/pluginBackup'); } }
<?php defined('BLUDIT') or die('Bludit CMS.'); // ============================================================================ // Check role // ============================================================================ if ($Login->role() !== 'admin') { Alert::set($Language->g('you-do-not-have-sufficient-permissions')); Redirect::page('admin', 'dashboard'); } // ============================================================================ // Main after POST // ============================================================================ // ============================================================================ // POST Method // ============================================================================ // ============================================================================ // Main after POST // ============================================================================ $themes = buildThemes();
// ============================================================================ // POST Method // ============================================================================ if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Prevent editors to administrate other users. if ($Login->role() !== 'admin') { $_POST['username'] = $Login->username(); unset($_POST['role']); } if (isset($_POST['delete-user-all'])) { deleteUser($_POST, true); } elseif (isset($_POST['delete-user-associate'])) { deleteUser($_POST, false); } elseif (!empty($_POST['new-password']) && !empty($_POST['confirm-password'])) { setPassword($_POST['username'], $_POST['new-password'], $_POST['confirm-password']); } else { editUser($_POST); } } // ============================================================================ // Main after POST // ============================================================================ if ($Login->role() !== 'admin') { $layout['parameters'] = $Login->username(); } $_user = $dbUsers->getDb($layout['parameters']); // If the user doesn't exist, redirect to the users list. if ($_user === false) { Redirect::page('admin', 'users'); } $_user['username'] = $layout['parameters'];
// ============================================================================ // Functions // ============================================================================ // ============================================================================ // Main before POST // ============================================================================ $_Plugin = false; $pluginClassName = $layout['parameters']; foreach ($plugins['all'] as $P) { if ($P->className() == $pluginClassName) { $_Plugin = $P; } } // Check if the plugin exists. if ($_Plugin === false) { Redirect::page('admin', 'plugins'); } // Check if the plugin has the method form() if (!method_exists($_Plugin, 'form')) { Redirect::page('admin', 'plugins'); } // ============================================================================ // POST Method // ============================================================================ if ($_SERVER['REQUEST_METHOD'] == 'POST') { $_Plugin->setDb($_POST); Alert::set($Language->g('the-changes-have-been-saved')); } // ============================================================================ // Main after POST // ============================================================================
<?php defined('BLUDIT') or die('Bludit CMS.'); // ============================================================================ // Variables // ============================================================================ // ============================================================================ // Functions // ============================================================================ // ============================================================================ // Main before POST // ============================================================================ // ============================================================================ // POST Method // ============================================================================ if ($_SERVER['REQUEST_METHOD'] == 'POST') { $token = isset($_POST['token']) ? Sanitize::html($_POST['token']) : false; if (!$Security->validateToken($token)) { Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying validate the token. Token ID: ' . $token); // Destroy the session. Session::destroy(); // Redirect to login panel. Redirect::page('admin', 'login'); } else { unset($_POST['token']); } } // ============================================================================ // Main after POST // ============================================================================
public function write_shortcode() { global $Language; # Shortcode file Path $shortcodeFile = dirname(__FILE__) . DS . 'shortcodes.php'; $shortcodes = isset($_POST['shortcodes']) ? $_POST['shortcodes'] : ''; # Write in file file_put_contents($shortcodeFile, $shortcodes); # Write finish :) Alert::set($Language->get("Shortcodes updated!")); Redirect::page('admin', 'configure-plugin/pluginShorcode'); }
/** * Users submits the completed survey. * * @param int $bID */ public function action_submit_form($bID = false) { if ($this->bID != $bID) { return false; } $ip = Core::make('helper/validation/ip'); $this->view(); if ($ip->isBanned()) { $this->set('invalidIP', $ip->getErrorMessage()); return; } $txt = Core::make('helper/text'); $db = Database::connection(); //question set id $qsID = intval($_POST['qsID']); if ($qsID == 0) { throw new Exception(t("Oops, something is wrong with the form you posted (it doesn't have a question set id).")); } $token = Core::make('token'); if (!$token->validate('form_block_submit_qs_' . $qsID)) { throw new Exception(t("Invalid Request")); } //get all questions for this question set $rows = $db->GetArray("SELECT * FROM {$this->btQuestionsTablename} WHERE questionSetId=? AND bID=? order by position asc, msqID", [$qsID, intval($this->bID)]); if (!count($rows)) { throw new Exception(t("Oops, something is wrong with the form you posted (it doesn't have any questions).")); } $errorDetails = []; // check captcha if activated if ($this->displayCaptcha) { $captcha = Core::make('helper/validation/captcha'); if (!$captcha->check()) { $errors['captcha'] = t("Incorrect captcha code"); $_REQUEST['ccmCaptchaCode'] = ''; } } //checked required fields foreach ($rows as $row) { if ($row['inputType'] == 'datetime') { if (!isset($datetime)) { $datetime = Core::make('helper/form/date_time'); } $translated = $datetime->translate('Question' . $row['msqID']); if ($translated) { $_POST['Question' . $row['msqID']] = $translated; } } if (intval($row['required']) == 1) { $notCompleted = 0; if ($row['inputType'] == 'email') { if (!Core::make('helper/validation/strings')->email($_POST['Question' . $row['msqID']])) { $errors['emails'] = t('You must enter a valid email address.'); $errorDetails[$row['msqID']]['emails'] = $errors['emails']; } } if ($row['inputType'] == 'checkboxlist') { $answerFound = 0; foreach ($_POST as $key => $val) { if (strstr($key, 'Question' . $row['msqID'] . '_') && strlen($val)) { $answerFound = 1; } } if (!$answerFound) { $notCompleted = 1; } } elseif ($row['inputType'] == 'fileupload') { if (!isset($_FILES['Question' . $row['msqID']]) || !is_uploaded_file($_FILES['Question' . $row['msqID']]['tmp_name'])) { $notCompleted = 1; } } elseif (!strlen(trim($_POST['Question' . $row['msqID']]))) { $notCompleted = 1; } if ($notCompleted) { $errors['CompleteRequired'] = t("Complete required fields *"); $errorDetails[$row['msqID']]['CompleteRequired'] = $errors['CompleteRequired']; } } } //try importing the file if everything else went ok $tmpFileIds = []; if (!count($errors)) { foreach ($rows as $row) { if ($row['inputType'] != 'fileupload') { continue; } $questionName = 'Question' . $row['msqID']; if (!intval($row['required']) && (!isset($_FILES[$questionName]['tmp_name']) || !is_uploaded_file($_FILES[$questionName]['tmp_name']))) { continue; } $fi = new FileImporter(); $resp = $fi->import($_FILES[$questionName]['tmp_name'], $_FILES[$questionName]['name']); if (!$resp instanceof Version) { switch ($resp) { case FileImporter::E_FILE_INVALID_EXTENSION: $errors['fileupload'] = t('Invalid file extension.'); $errorDetails[$row['msqID']]['fileupload'] = $errors['fileupload']; break; case FileImporter::E_FILE_INVALID: $errors['fileupload'] = t('Invalid file.'); $errorDetails[$row['msqID']]['fileupload'] = $errors['fileupload']; break; } } else { $tmpFileIds[intval($row['msqID'])] = $resp->getFileID(); if (intval($this->addFilesToSet)) { $fs = new FileSet(); $fs = $fs->getByID($this->addFilesToSet); if ($fs->getFileSetID()) { $fs->addFileToSet($resp); } } } } } if (count($errors)) { $this->set('formResponse', t('Please correct the following errors:')); $this->set('errors', $errors); $this->set('errorDetails', $errorDetails); } else { //no form errors //save main survey record $u = new User(); $uID = 0; if ($u->isRegistered()) { $uID = $u->getUserID(); } $q = "insert into {$this->btAnswerSetTablename} (questionSetId, uID) values (?,?)"; $db->query($q, [$qsID, $uID]); $answerSetID = $db->Insert_ID(); $this->lastAnswerSetId = $answerSetID; $questionAnswerPairs = []; if (Config::get('concrete.email.form_block.address') && strstr(Config::get('concrete.email.form_block.address'), '@')) { $formFormEmailAddress = Config::get('concrete.email.form_block.address'); } else { $adminUserInfo = UserInfo::getByID(USER_SUPER_ID); $formFormEmailAddress = $adminUserInfo->getUserEmail(); } $replyToEmailAddress = $formFormEmailAddress; //loop through each question and get the answers foreach ($rows as $row) { //save each answer $answerDisplay = ''; if ($row['inputType'] == 'checkboxlist') { $answer = []; $answerLong = ""; $keys = array_keys($_POST); foreach ($keys as $key) { if (strpos($key, 'Question' . $row['msqID'] . '_') === 0) { $answer[] = $txt->sanitize($_POST[$key]); } } } elseif ($row['inputType'] == 'text') { $answerLong = $txt->sanitize($_POST['Question' . $row['msqID']]); $answer = ''; } elseif ($row['inputType'] == 'fileupload') { $answerLong = ""; $answer = intval($tmpFileIds[intval($row['msqID'])]); if ($answer > 0) { $answerDisplay = File::getByID($answer)->getVersion()->getDownloadURL(); } else { $answerDisplay = t('No file specified'); } } elseif ($row['inputType'] == 'url') { $answerLong = ""; $answer = $txt->sanitize($_POST['Question' . $row['msqID']]); } elseif ($row['inputType'] == 'email') { $answerLong = ""; $answer = $txt->sanitize($_POST['Question' . $row['msqID']]); if (!empty($row['options'])) { $settings = unserialize($row['options']); if (is_array($settings) && array_key_exists('send_notification_from', $settings) && $settings['send_notification_from'] == 1) { $email = $txt->email($answer); if (!empty($email)) { $replyToEmailAddress = $email; } } } } elseif ($row['inputType'] == 'telephone') { $answerLong = ""; $answer = $txt->sanitize($_POST['Question' . $row['msqID']]); } else { $answerLong = ""; $answer = $txt->sanitize($_POST['Question' . $row['msqID']]); } if (is_array($answer)) { $answer = implode(',', $answer); } $questionAnswerPairs[$row['msqID']]['question'] = $row['question']; $questionAnswerPairs[$row['msqID']]['answer'] = $txt->sanitize($answer . $answerLong); $questionAnswerPairs[$row['msqID']]['answerDisplay'] = strlen($answerDisplay) ? $answerDisplay : $questionAnswerPairs[$row['msqID']]['answer']; $v = [$row['msqID'], $answerSetID, $answer, $answerLong]; $q = "insert into {$this->btAnswersTablename} (msqID,asID,answer,answerLong) values (?,?,?,?)"; $db->query($q, $v); } $foundSpam = false; $submittedData = ''; foreach ($questionAnswerPairs as $questionAnswerPair) { $submittedData .= $questionAnswerPair['question'] . "\r\n" . $questionAnswerPair['answer'] . "\r\n" . "\r\n"; } $antispam = Core::make('helper/validation/antispam'); if (!$antispam->check($submittedData, 'form_block')) { // found to be spam. We remove it $foundSpam = true; $q = "delete from {$this->btAnswerSetTablename} where asID = ?"; $v = [$this->lastAnswerSetId]; $db->Execute($q, $v); $db->Execute("delete from {$this->btAnswersTablename} where asID = ?", [$this->lastAnswerSetId]); } if (intval($this->notifyMeOnSubmission) > 0 && !$foundSpam) { if (Config::get('concrete.email.form_block.address') && strstr(Config::get('concrete.email.form_block.address'), '@')) { $formFormEmailAddress = Config::get('concrete.email.form_block.address'); } else { $adminUserInfo = UserInfo::getByID(USER_SUPER_ID); $formFormEmailAddress = $adminUserInfo->getUserEmail(); } $mh = Core::make('helper/mail'); $mh->to($this->recipientEmail); $mh->from($formFormEmailAddress); $mh->replyto($replyToEmailAddress); $mh->addParameter('formName', $this->surveyName); $mh->addParameter('questionSetId', $this->questionSetId); $mh->addParameter('questionAnswerPairs', $questionAnswerPairs); $mh->load('block_form_submission'); $mh->setSubject(t('%s Form Submission', $this->surveyName)); //echo $mh->body.'<br>'; @$mh->sendMail(); } //launch form submission event with dispatch method $formEventData = []; $formEventData['bID'] = intval($this->bID); $formEventData['questionSetID'] = $this->questionSetId; $formEventData['replyToEmailAddress'] = $replyToEmailAddress; $formEventData['formFormEmailAddress'] = $formFormEmailAddress; $formEventData['questionAnswerPairs'] = $questionAnswerPairs; $event = new \Symfony\Component\EventDispatcher\GenericEvent(); $event->setArgument('formData', $formEventData); Events::dispatch('on_form_submission', $event); if (!$this->noSubmitFormRedirect) { $targetPage = null; if ($this->redirectCID == HOME_CID) { $targetPage = Page::getByID(HOME_CID); } elseif ($this->redirectCID > 0) { $pg = Page::getByID($this->redirectCID); if (is_object($pg) && $pg->cID) { $targetPage = $pg; } } if (is_object($targetPage)) { $response = \Redirect::page($targetPage); } else { $response = \Redirect::page(Page::getCurrentPage()); $url = $response->getTargetUrl() . "?surveySuccess=1&qsid=" . $this->questionSetId . "#formblock" . $this->bID; $response->setTargetUrl($url); } $response->send(); exit; } } }
<?php defined('BLUDIT') or die('Bludit CMS.'); // ============================================================================ // Check role // ============================================================================ if ($Login->role() !== 'admin') { Alert::set($Language->g('you-do-not-have-sufficient-permissions')); Redirect::page('admin', 'dashboard'); } // ============================================================================ // Functions // ============================================================================ // ============================================================================ // Main before POST // ============================================================================ // ============================================================================ // POST Method // ============================================================================ // ============================================================================ // Main after POST // ============================================================================ $themeDirname = $layout['parameters']; if (Sanitize::pathFile(PATH_THEMES . $themeDirname)) { $Site->set(array('theme' => $themeDirname)); Alert::set($Language->g('The changes have been saved')); } else { Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to install the theme: ' . $themeDirname); } Redirect::page('admin', 'themes');
if ($Site->set($args)) { Alert::set($Language->g('the-changes-have-been-saved')); } else { Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to save the settings.'); } return true; } // ============================================================================ // Main after POST // ============================================================================ // ============================================================================ // POST Method // ============================================================================ if ($_SERVER['REQUEST_METHOD'] == 'POST') { setSettings($_POST); Redirect::page('admin', $layout['controller']); } // ============================================================================ // Main after POST // ============================================================================ // Default home page $_homePageList = array('' => $Language->g('Show blog')); foreach ($pagesParents as $parentKey => $pageList) { foreach ($pageList as $Page) { if ($parentKey !== NO_PARENT_CHAR) { $parentTitle = $pages[$Page->parentKey()]->title() . '->'; } else { $parentTitle = ''; } if ($Page->published()) { $_homePageList[$Page->key()] = $Language->g('Page') . ': ' . $parentTitle . $Page->title();