/** * This method provides a generic item list overview. * * @param string $ot Treated object type. * @param string $sort Sorting field. * @param string $sortdir Sorting direction. * @param int $pos Current pager position. * @param int $num Amount of entries to display. * @param string $tpl Name of alternative template (for alternative display options, feeds and xml output) * @param boolean $raw Optional way to display a template instead of fetching it (needed for standalone output) * @return mixed Output. */ public function view($args) { $ot = $this->request->getGet()->filter('ot', 'category', FILTER_SANITIZE_STRING); $type = $this->request->getGet()->filter('type', 'user', FILTER_SANITIZE_STRING); $func = $this->request->getGet()->filter('func', 'view', FILTER_SANITIZE_STRING); if ($ot == 'category') { $sortdir = ModUtil::getVar('MUBoard', 'sortingCategories'); } if ($ot == 'posting') { $sortdir = ModUtil::getVar('MUBoard', 'sortingPostings'); } //view of postings is blocked if ($ot == 'posting') { return System::redirect(ModUtil::url($this->name, 'user', 'view')); } if (($ot == 'category' || $ot == 'forum') && $type == 'user') { $args['sort'] = 'pos'; if ($sortdir == 'descending') { $args['sortdir'] = 'desc'; } else { $args['sortdir'] = 'asc'; } } // get actual time $nowtime = DateUtil::getDatetime(); // set sessionvar with calling time SessionUtil::setVar('muboardonline', $nowtime); $lastlogin = SessionUtil::getVar('muboardonline'); $this->view->assign('func', $func)->assign('lastlogin', $lastlogin); $dom = ZLanguage::getModuleDomain($this->name); $sitename = ModUtil::getVar('ZConfig', 'sitename'); PageUtil::setVar('title', $sitename . ' - ' . __('Forum - Category Overview', $dom)); return parent::view($args); }
/** * Update the configuration values * @author: Sara Arjona Téllez (sarjona@xtec.cat) * @params The config values from the form * @return Thue if success */ public function confupdate($args) { $skins = FormUtil::getPassedValue('skins', isset($args['skins']) ? $args['skins'] : null, 'POST'); $langs = FormUtil::getPassedValue('langs', isset($args['langs']) ? $args['langs'] : null, 'POST'); $maxdelivers = FormUtil::getPassedValue('maxdelivers', isset($args['maxdelivers']) ? $args['maxdelivers'] : null, 'POST'); $basedisturl = FormUtil::getPassedValue('basedisturl', isset($args['basedisturl']) ? $args['basedisturl'] : null, 'POST'); // Security check if (!SecurityUtil::checkPermission('IWqv::', "::", ACCESS_ADMIN)) { throw new Zikula_Exception_Forbidden(); } // Confirm authorisation code $this->checkCsrfToken(); if (isset($skins)) ModUtil::setVar('IWqv', 'skins', $skins); if (isset($langs)) ModUtil::setVar('IWqv', 'langs', $langs); if (isset($maxdelivers)) ModUtil::setVar('IWqv', 'maxdelivers', $maxdelivers); if (isset($basedisturl)) ModUtil::setVar('IWqv', 'basedisturl', $basedisturl); LogUtil::registerStatus($this->__f('Done! %1$s updated.', $this->__('settings'))); return System::redirect(ModUtil::url('IWqv', 'admin', 'main')); }
/** * This method provides a generic handling of all edit requests. * * @param string $ot Treated object type. * @param string $tpl Name of alternative template (for alternative display options, feeds and xml output) * @param boolean $raw Optional way to display a template instead of fetching it (needed for standalone output) * * @return mixed Output. */ public function edit() { $id = $this->request->query->filter('id', 0); if ($id > 0) { $url = ModUtil::url($this->name, 'user', 'view'); return System::redirect($url); } $controllerHelper = new Reviews_Util_Controller($this->serviceManager); // parameter specifying which type of objects we are treating $objectType = $this->request->query->filter('ot', 'review', FILTER_SANITIZE_STRING); $utilArgs = array('controller' => 'user', 'action' => 'edit'); if (!in_array($objectType, $controllerHelper->getObjectTypes('controllerAction', $utilArgs))) { $objectType = $controllerHelper->getDefaultObjectType('controllerAction', $utilArgs); } $this->throwForbiddenUnless(SecurityUtil::checkPermission($this->name . ':' . ucwords($objectType) . ':', '::', ACCESS_EDIT), LogUtil::getErrorMsgPermission()); // create new Form reference $view = FormUtil::newForm($this->name, $this); // build form handler class name $handlerClass = $this->name . '_Form_Handler_User_' . ucfirst($objectType) . '_Edit'; // determine the output template $viewHelper = new Reviews_Util_View($this->serviceManager); $template = $viewHelper->getViewTemplate($this->view, 'user', $objectType, 'edit', array()); // execute form using supplied template and page event handler return $view->execute($template, new $handlerClass()); }
public function updateConfig($args) { // Security check if (!SecurityUtil::checkPermission('SiriusXtecAuth::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } $items = array( 'ldap_active' => FormUtil::getPassedValue('ldap_active', false, 'POST')?true:false, 'users_creation' => FormUtil::getPassedValue('users_creation', false, 'POST')?true:false, 'new_users_activation' => FormUtil::getPassedValue('new_users_activation', false, 'POST')?true:false, 'iw_write' => FormUtil::getPassedValue('iw_write', false, 'POST')?true:false, 'iw_lastnames' => FormUtil::getPassedValue('iw_lastnames', false, 'POST')?true:false, 'new_users_groups' => FormUtil::getPassedValue('new_users_groups', array(), 'POST'), 'ldap_server' => FormUtil::getPassedValue('ldap_server', false, 'POST'), 'ldap_basedn' => FormUtil::getPassedValue('ldap_basedn', false, 'POST'), 'ldap_searchattr' => FormUtil::getPassedValue('ldap_searchattr', false, 'POST'), 'loginXtecApps' => FormUtil::getPassedValue('loginXtecApps', false, 'POST'), 'logoutXtecApps' => FormUtil::getPassedValue('logoutXtecApps', false, 'POST'), 'gtafProtocol' => FormUtil::getPassedValue('gtafProtocol', false, 'POST'), 'e13Protocol' => FormUtil::getPassedValue('e13Protocol', false, 'POST'), 'gtafURL' => FormUtil::getPassedValue('gtafURL', false, 'POST'), 'e13URL' => FormUtil::getPassedValue('e13URL', false, 'POST'), 'loginTime' => FormUtil::getPassedValue('loginTime', false, 'POST'), 'logoutTime' => FormUtil::getPassedValue('logoutTime', false, 'POST')); ModUtil::setVars($this->name,$items); LogUtil::registerStatus($this->__('S\'ha actualitzat la configuració del mòdul.')); return System::redirect(ModUtil::url('SiriusXtecAuth', 'admin', 'main')); }
function delete() { // security check if (!SecurityUtil::checkPermission('AddressBook::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } $ot = FormUtil::getPassedValue('ot', 'categories', 'GETPOST'); $id = (int) FormUtil::getPassedValue('id', 0, 'GETPOST'); $url = ModUtil::url('AddressBook', 'admin', 'view', array('ot' => $ot)); $class = 'AddressBook_DBObject_' . ucfirst($ot); if (!class_exists($class)) { return z_exit(__f('Error! Unable to load class [%s]', $ot)); } $object = new $class(); $data = $object->get($id); if (!$data) { LogUtil::registerError(__f('%1$s with ID of %2$s doesn\'\\t seem to exist', array($ot, $id))); return System::redirect($url); } $object->delete(); if ($ot == "customfield") { $sql = "ALTER TABLE addressbook_address DROP adr_custom_" . $id; try { DBUtil::executeSQL($sql, -1, -1, true, true); } catch (Exception $e) { } } LogUtil::registerStatus($this->__('Done! Item deleted.')); return System::redirect($url); }
/** * Validate name for ID in URL and redirect if necessary * @param string * @param int * @param string */ public static function validate($strKey, $intId, $strName) { $strValid = $intId . '-' . standardize($strName); if (Input::getAutoItem($strKey) != $strValid) { /** @type \PageModel $objPage */ global $objPage; $strParams = '/' . $strValid; // Check if key is auto_item enabled if (!$GLOBALS['TL_CONFIG']['useAutoItem'] || !in_array($strKey, $GLOBALS['TL_AUTO_ITEM'])) { $strParams = '/' . $strKey . $strParams; } \System::redirect($objPage->getFrontendUrl($strParams), 301); } }
/** * Export data * * @access public * @param string * @return void */ public static function run($dc = null, $strName = 'formsubmissions', $blnHeaders = true) { if (!in_array('!composer', \ModuleLoader::getActive())) { \Message::addError($GLOBALS['TL_LANG']['ERR']['exportExcelNoComposer']); \System::redirect(str_ireplace('&key=exportExcel', '', \Environment::get('request'))); return; } if (!is_file(TL_ROOT . '/composer/vendor/phpoffice/phpexcel/Classes/PHPExcel.php')) { \Message::addError($GLOBALS['TL_LANG']['ERR']['exportExcelNoPHPExcel']); \System::redirect(str_ireplace('&key=exportExcel', '', \Environment::get('request'))); return; } parent::run($dc, $strName, $blnHeaders); }
/** * Session fixation detection. * This method should be called after succesfull login. */ public static function checkSessionFixation() { if (Config::SESSION_FIXATION_DETECTION_ENABLED !== true) { return; } if (!isset($_SESSION[Config::SERVER_FQDN]["remote_addr"]) || !isset($_SESSION[Config::SERVER_FQDN]["http_user_agent"])) { $_SESSION[Config::SERVER_FQDN]["remote_addr"] = $_SERVER["REMOTE_ADDR"]; $_SESSION[Config::SERVER_FQDN]["http_user_agent"] = $_SERVER["HTTP_USER_AGENT"]; } else { if ($_SESSION[Config::SERVER_FQDN]["remote_addr"] !== $_SERVER["REMOTE_ADDR"] || $_SESSION[Config::SERVER_FQDN]["http_user_agent"] !== $_SERVER["HTTP_USER_AGENT"]) { session_unset(); session_destroy(); System::redirect(Config::SITE_PATH . Config::SESSION_FIXATION_REDIRECT_PATH); } } }
public function getYoutubeVideos($channelId = '', $collectionId = 0) { $dom = ZLanguage::getModuleDomain($this->name); $youtubeApi = ModUtil::getVar($this->name, 'youtubeApi'); $collectionRepository = MUVideo_Util_Model::getCollectionRepository(); $collectionObject = $collectionRepository->selectById($collectionId); $api = self::getData("https://www.googleapis.com/youtube/v3/search?part=snippet&channelId=" . $channelId . "&key=" . $youtubeApi); // https://www.googleapis.com/youtube/v3/search?part=snippet&channelId=UCJC8ynLpY_q89tmNhqIf1Sg&key={YOUR_API_KEY} //$api = self::getData("https://www.googleapis.com/youtube/v3/playlistItems?part=snippet&playlistId={DEINE_PLAYLIST_ID}&maxResults=10&fields=items%2Fsnippet&key=" . $youtubeApi); $videos = json_decode($api, true); $movieRepository = MUVideo_Util_Model::getMovieRepository(); $where = 'tbl.urlOfYoutube != \'' . DataUtil::formatForStore('') . '\''; // we look for movies with a youtube url entered $existingYoutubeVideos = $movieRepository->selectWhere($where); if ($existingYoutubeVideos && count($existingYoutubeVideos > 0)) { foreach ($existingYoutubeVideos as $existingYoutubeVideo) { $youtubeId = str_replace('https://www.youtube.com/watch?v=', '', $existingYoutubeVideo['urlOfYoutube']); $videoIds[] = $youtubeId; } } if (is_array($videos['items'])) { foreach ($videos['items'] as $videoData) { if (isset($videoData['id']['videoId'])) { if (isset($videoIds) && is_array($videoIds)) { if (in_array($videoData['id']['videoId'], $videoIds)) { continue; } } $serviceManager = ServiceUtil::getManager(); $entityManager = $serviceManager->getService('doctrine.entitymanager'); $newYoutubeVideo = new MUVideo_Entity_Movie(); $newYoutubeVideo->setTitle($videoData['snippet']['title']); $newYoutubeVideo->setDescription($videoData['snippet']['description']); $newYoutubeVideo->setUrlOfYoutube('https://www.youtube.com/watch?v=' . $videoData['id']['videoId']); $newYoutubeVideo->setWidthOfMovie('400'); $newYoutubeVideo->setHeightOfMovie('300'); $newYoutubeVideo->setWorkflowState('approved'); $newYoutubeVideo->setCollection($collectionObject); $entityManager->persist($newYoutubeVideo); $entityManager->flush(); LogUtil::registerStatus(__('The movie', $dom) . ' ' . $videoData['snippet']['title'] . ' ' . __('was created and put into the collection', $dom) . ' ' . $collectionObject['title']); } } } $redirectUrl = ModUtil::url($this->name, 'user', 'display', array('ot' => 'collection', 'id' => $collectionId)); return System::redirect($redirectUrl); }
/** * Command event handler. * * This event handler is called when a command is issued by the user. */ public function handleCommand(Zikula_Form_View $view, &$args) { parent::HandleCommand($view, $args); $dom = ZLanguage::getModuleDomain($this->name); // we handle the redirect to the frontend after moving an issue // to another forum $work = $this->request->query->filter('work', 'none', FILTER_SANITIZE_STRING); $id = $this->request->query->filter('id', 0, FILTER_SANITIZE_NUMBER_INT); if ($id > 0) { $url = ModUtil::url($this->name, 'user', 'display', array('ot' => 'posting', 'id' => $id)); return LogUtil::registerStatus(__('Done! Moving of issue successful.', $dom), $url); } else { $url = ModUtil::url($this->name, 'user'); LogUtil::registerError('Sorry! Moving the issue failed', $dom); } return System::redirect($url); }
/** * Redirects to a route. */ public function route() { $url = strtolower($_SERVER['REQUEST_URI']); if (strpos($url, Configuration::WEB_ROOT) === 0) { $url = substr($url, strlen(Configuration::WEB_ROOT)); } $url = '/' . trim($url, '/'); foreach ($this->routes as $pattern => $callback) { if (preg_match($pattern, $url, $params)) { array_shift($params); $actions = explode('/', $callback); $class = $actions[0]; $function = $actions[1]; $this->matchfound = true; $route = new $class(); call_user_func_array(array($route, $function), array_values($params)); } } if (!$this->matchfound) { System::redirect(Configuration::NOTFOUND_URI); } }
/** * Generate module */ protected function compile() { // get all dca tables foreach ($GLOBALS['BE_MOD'] as $groupName => $group) { foreach ($group as $moduleName => $modules) { if (is_array($modules['tables'])) { foreach ($modules['tables'] as $table) { $arrGroups[$groupName]['title'] = $GLOBALS['TL_LANG']['MOD'][$groupName]; $arrGroups[$groupName]['tables'][] = array($table, $GLOBALS['TL_LANG']['MOD'][$moduleName][0], $moduleName); } } } } // handle submit if (\Input::post('FORM_SUBMIT') == 'om_backend_id_search' && \Input::post('option')) { // handle post data $arrSelected = explode('::', \Input::post('option')); // get data $objData = $this->Database->prepare("SELECT * FROM " . $arrSelected[1] . " WHERE id=?")->execute(\Input::post('id')); // id exists if ($objData->numRows) { // redirect \System::redirect('contao/main.php?do=' . $arrSelected[0] . '&table=' . $arrSelected[1] . '&act=edit&id=' . \Input::post('id') . '&rt=' . $_SESSION['REQUEST_TOKEN']); } else { // error $this->Template->id = \Input::post('id'); $this->Template->selected = $arrSelected[1]; $this->Template->error = sprintf($GLOBALS['TL_LANG']['om_backend']['error_id_not_found'], \Input::post('id')); } } // set template vars $this->Template->button = $GLOBALS['TL_LANG']['MSC']['backBT']; $this->Template->title = specialchars($GLOBALS['TL_LANG']['MSC']['backBT']); $this->Template->headline = $GLOBALS['TL_LANG']['aid_training_overview']['headline']; $this->Template->groups = $arrGroups; }
public static function initialize() { if (static::$blnInitialized === false) { static::$blnInitialized = true; // Make sure field data is available Haste::getInstance()->call('loadDataContainer', 'tl_iso_product'); \System::loadLanguageFile('tl_iso_product'); // Initialize request cache for product list filters if (\Input::get('isorc') != '') { if (static::getRequestCache()->isEmpty()) { global $objPage; $objPage->noSearch = 1; } elseif (static::getRequestCache()->id != \Input::get('isorc')) { unset($_GET['isorc']); // Unset the language parameter if ($GLOBALS['TL_CONFIG']['addLanguageToUrl']) { unset($_GET['language']); } $strQuery = http_build_query($_GET); \System::redirect(preg_replace('/\\?.*$/i', '', \Environment::get('request')) . ($strQuery ? '?' . $strQuery : '')); } } } }
/** * Update the module configuration * @author: Albert Pérez Monfort (aperezm@xtec.cat) * @param: Configuration values * @return: The form with needed to change the parameters */ public function updateConf($args) { $friendsSystemAvailable = FormUtil::getPassedValue('friendsSystemAvailable', isset($args['friendsSystemAvailable']) ? $args['friendsSystemAvailable'] : 0, 'POST'); $groups = FormUtil::getPassedValue('groups', isset($args['groups']) ? $args['groups'] : null, 'POST'); $usersCanManageName = FormUtil::getPassedValue('usersCanManageName', isset($args['usersCanManageName']) ? $args['usersCanManageName'] : null, 'POST'); $allowUserChangeAvatar = FormUtil::getPassedValue('allowUserChangeAvatar', isset($args['allowUserChangeAvatar']) ? $args['allowUserChangeAvatar'] : 0, 'POST'); $avatarChangeValidationNeeded = FormUtil::getPassedValue('avatarChangeValidationNeeded', isset($args['avatarChangeValidationNeeded']) ? $args['avatarChangeValidationNeeded'] : 0, 'POST'); $usersPictureFolder = FormUtil::getPassedValue('usersPictureFolder', isset($args['usersPictureFolder']) ? $args['usersPictureFolder'] : null, 'POST'); $allowUserSetTheirSex = FormUtil::getPassedValue('allowUserSetTheirSex', isset($args['allowUserSetTheirSex']) ? $args['allowUserSetTheirSex'] : 0, 'POST'); $allowUserDescribeTheirSelves = FormUtil::getPassedValue('allowUserDescribeTheirSelves', isset($args['allowUserDescribeTheirSelves']) ? $args['allowUserDescribeTheirSelves'] : 0, 'POST'); // Security check if (!SecurityUtil::checkPermission('IWusers::', "::", ACCESS_ADMIN)) { throw new Zikula_Exception_Forbidden(); } $this->checkCsrfToken(); $groupsString = '$'; foreach ($groups as $group) { $groupsString .= '$' . $group . '$'; } $this->setVar('friendsSystemAvailable', $friendsSystemAvailable) ->setVar('invisibleGroupsInList', $groupsString) ->setVar('usersPictureFolder', $usersPictureFolder) ->setVar('allowUserChangeAvatar', $allowUserChangeAvatar) ->setVar('avatarChangeValidationNeeded', $avatarChangeValidationNeeded) ->setVar('usersCanManageName', $usersCanManageName) ->setVar('allowUserSetTheirSex', $allowUserSetTheirSex) ->setVar('allowUserDescribeTheirSelves', $allowUserDescribeTheirSelves); LogUtil::registerStatus($this->__('The configuration has changed')); return System::redirect(ModUtil::url('IWusers', 'admin', 'config')); }
public function removeGCalendarUseVar($args) { // Security check $this->throwForbiddenUnless(SecurityUtil::checkPermission('IWagendas::', '::', ACCESS_READ)); $mes = FormUtil::getPassedValue('mes', isset($args['mes']) ? $args['mes'] : date("m"), 'GET'); $any = FormUtil::getPassedValue('any', isset($args['any']) ? $args['any'] : date("Y"), 'GET'); $daid = FormUtil::getPassedValue('daid', isset($args['daid']) ? $args['daid'] : 0, 'GET'); $sv = ModUtil::func('IWmain', 'user', 'genSecurityValue'); $result = ModUtil::func('IWmain', 'user', 'userDelVar', array('uid' => UserUtil::getVar('uid'), 'name' => 'sincroGCalendar', 'module' => 'IWagendas', 'sv' => $sv)); return System::redirect(ModUtil::url('IWagendas', 'user', 'main', array('mes' => $mes, 'any' => $any, 'daid' => $daid))); }
/** * Initialise Zikula. * * Carries out a number of initialisation tasks to get Zikula up and * running. * * @param integer $stage Stage to load. * * @return boolean True initialisation successful false otherwise. */ public function init($stage = self::STAGE_ALL) { $coreInitEvent = new Zikula_Event('core.init', $this); // store the load stages in a global so other API's can check whats loaded $this->stage = $this->stage | $stage; if ($stage & self::STAGE_PRE && $this->stage & ~self::STAGE_PRE) { ModUtil::flushCache(); System::flushCache(); $this->eventManager->notify(new Zikula_Event('core.preinit', $this)); } // Initialise and load configuration if ($stage & self::STAGE_CONFIG) { if (System::isLegacyMode()) { require_once 'lib/legacy/Compat.php'; } // error reporting if (!System::isInstalling()) { // this is here because it depends on the config.php loading. $event = new Zikula_Event('setup.errorreporting', null, array('stage' => $stage)); $this->eventManager->notify($event); } // initialise custom event listeners from config.php settings $coreInitEvent->setArg('stage', self::STAGE_CONFIG); $this->eventManager->notify($coreInitEvent); } // Check that Zikula is installed before continuing if (System::getVar('installed') == 0 && !System::isInstalling()) { System::redirect(System::getBaseUrl() . 'install.php?notinstalled'); System::shutDown(); } if ($stage & self::STAGE_DB) { try { $dbEvent = new Zikula_Event('core.init', $this, array('stage' => self::STAGE_DB)); $this->eventManager->notify($dbEvent); } catch (PDOException $e) { if (!System::isInstalling()) { header('HTTP/1.1 503 Service Unavailable'); require_once System::getSystemErrorTemplate('dbconnectionerror.tpl'); System::shutDown(); } else { return false; } } } if ($stage & self::STAGE_TABLES) { // Initialise dbtables ModUtil::dbInfoLoad('Extensions', 'Extensions'); ModUtil::initCoreVars(); ModUtil::dbInfoLoad('Settings', 'Settings'); ModUtil::dbInfoLoad('Theme', 'Theme'); ModUtil::dbInfoLoad('Users', 'Users'); ModUtil::dbInfoLoad('Groups', 'Groups'); ModUtil::dbInfoLoad('Permissions', 'Permissions'); ModUtil::dbInfoLoad('Categories', 'Categories'); if (!System::isInstalling()) { ModUtil::registerAutoloaders(); } $coreInitEvent->setArg('stage', self::STAGE_TABLES); $this->eventManager->notify($coreInitEvent); } if ($stage & self::STAGE_SESSIONS) { SessionUtil::requireSession(); $coreInitEvent->setArg('stage', self::STAGE_SESSIONS); $this->eventManager->notify($coreInitEvent); } // Have to load in this order specifically since we cant setup the languages until we've decoded the URL if required (drak) // start block if ($stage & self::STAGE_LANGS) { $lang = ZLanguage::getInstance(); } if ($stage & self::STAGE_DECODEURLS) { System::queryStringDecode(); $coreInitEvent->setArg('stage', self::STAGE_DECODEURLS); $this->eventManager->notify($coreInitEvent); } if ($stage & self::STAGE_LANGS) { $lang->setup(); $coreInitEvent->setArg('stage', self::STAGE_LANGS); $this->eventManager->notify($coreInitEvent); } // end block if ($stage & self::STAGE_MODS) { // Set compression on if desired if (System::getVar('UseCompression') == 1) { //ob_start("ob_gzhandler"); } ModUtil::load('SecurityCenter'); $coreInitEvent->setArg('stage', self::STAGE_MODS); $this->eventManager->notify($coreInitEvent); } if ($stage & self::STAGE_THEME) { // register default page vars PageUtil::registerVar('title'); PageUtil::setVar('title', System::getVar('defaultpagetitle')); PageUtil::registerVar('keywords', true); PageUtil::registerVar('stylesheet', true); PageUtil::registerVar('javascript', true); PageUtil::registerVar('jsgettext', true); PageUtil::registerVar('body', true); PageUtil::registerVar('header', true); PageUtil::registerVar('footer', true); $theme = Zikula_View_Theme::getInstance(); // set some defaults // Metadata for SEO $this->serviceManager['zikula_view.metatags']['description'] = System::getVar('defaultmetadescription'); $this->serviceManager['zikula_view.metatags']['keywords'] = System::getVar('metakeywords'); $coreInitEvent->setArg('stage', self::STAGE_THEME); $this->eventManager->notify($coreInitEvent); } // check the users status, if not 1 then log him out if (UserUtil::isLoggedIn()) { $userstatus = UserUtil::getVar('activated'); if ($userstatus != Users_Constant::ACTIVATED_ACTIVE) { UserUtil::logout(); // TODO - When getting logged out this way, the existing session is destroyed and // then a new one is created on the reentry into index.php. The message // set by the registerStatus call below gets lost. LogUtil::registerStatus(__('You have been logged out.')); System::redirect(ModUtil::url('Users', 'user', 'login')); } } if ($stage & self::STAGE_POST && $this->stage & ~self::STAGE_POST) { $this->eventManager->notify(new Zikula_Event('core.postinit', $this, array('stages' => $stage))); } }
/** * This is a standard function to update the configuration parameters of the * module given the information passed back by the modification form */ public function updateconfig() { $this->throwForbiddenUnless(SecurityUtil::checkPermission('Pages::', '::', ACCESS_ADMIN), LogUtil::getErrorMsgPermission()); $this->checkCsrfToken(); // Update module variables $itemsperpage = (int)FormUtil::getPassedValue('itemsperpage', 25, 'POST'); if ($itemsperpage < 1) { $itemsperpage = 25; } $this->setVar('itemsperpage', $itemsperpage); $enablecategorization = (bool)FormUtil::getPassedValue('enablecategorization', false, 'POST'); $this->setVar('enablecategorization', $enablecategorization); $def_displaywrapper = (bool)FormUtil::getPassedValue('def_displaywrapper', false, 'POST'); $this->setVar('def_displaywrapper', $def_displaywrapper); $def_displaytitle = (bool)FormUtil::getPassedValue('def_displaytitle', false, 'POST'); $this->setVar('def_displaytitle', $def_displaytitle); $def_displaycreated = (bool)FormUtil::getPassedValue('def_displaycreated', false, 'POST'); $this->setVar('def_displaycreated', $def_displaycreated); $def_displayupdated = (bool)FormUtil::getPassedValue('def_displayupdated', false, 'POST'); $this->setVar('def_displayupdated', $def_displayupdated); $def_displaytextinfo = (bool)FormUtil::getPassedValue('def_displaytextinfo', false, 'POST'); $this->setVar('def_displaytextinfo', $def_displaytextinfo); $def_displayprint = (bool)FormUtil::getPassedValue('def_displayprint', false, 'POST'); $this->setVar('def_displayprint', $def_displayprint); $addcategorytitletopermalink = (bool)FormUtil::getPassedValue('addcategorytitletopermalink', false, 'POST'); $this->setVar('addcategorytitletopermalink', $addcategorytitletopermalink); $showpermalinkinput = (bool)FormUtil::getPassedValue('showpermalinkinput', false, 'POST'); $this->setVar('showpermalinkinput', $showpermalinkinput); // the module configuration has been updated successfuly LogUtil::registerStatus($this->__('Done! Module configuration updated.')); return System::redirect(ModUtil::url('Pages', 'admin', 'view')); }
/** * download file * * This function downloads the files attached to messages available. * @param integer $msg_id the ID of the message * @param integer $file the number of the file to download * @return file The file request */ public function download($args) { // Get the parameters $msg_id = FormUtil::getPassedValue('msg_id', isset($args['msg_id']) ? $args['msg_id'] : null, 'GET'); $file = FormUtil::getPassedValue('file', isset($args['file']) ? $args['file'] : null, 'GET'); // Security check if (!SecurityUtil::checkPermission('IWmessages::', '::', ACCESS_OVERVIEW) || !UserUtil::isLoggedIn()) { throw new Zikula_Exception_Forbidden(); } // Needed arguments if (!isset($file) || !isset($msg_id) || !is_numeric($msg_id) || !is_numeric($file)) { return LogUtil::registerError($this->__('Error! Could not do what you wanted. Please check your input.')); } $uid = UserUtil::getVar('uid'); // The API function is called. The arguments to the function are passed in // as their own arguments array $item = ModUtil::apiFunc('IWmessages', 'user', 'get', array('uid' => $uid, 'msgid' => $msg_id)); // The return value of the function is checked here, and if the function // suceeded then an appropriate message is posted. Note that if the // function did not succeed then the API function should have already // posted a failure message so no action is required if (!$item || ($item['to_userid'] != $uid && $item['from_userid'] != $uid)) { LogUtil::registerError($this->__('Message not found')); return System::redirect(ModUtil::url('IWmessages', 'user', 'main')); } switch ($file) { case 1: $file = $item['file1']; break; case 2: $file = $item['file2']; break; case 3: $file = $item['file3']; break; } //Create the name of the file to search in the server $fileNameInServer = md5($file . $item['from_userid']); $fileNameInServer = ModUtil::getVar('IWmessages', 'uploadFolder') . '/' . $fileNameInServer; $sv = ModUtil::func('IWmain', 'user', 'genSecurityValue'); return ModUtil::func('IWmain', 'user', 'downloadFile', array('fileName' => $file, 'fileNameInServer' => $fileNameInServer, 'sv' => $sv)); }
function update_company() { // Confirm the forms authorisation key $this->checkCsrfToken(); $ot = FormUtil::getPassedValue('ot', 'address', 'GETPOST'); $id = (int) FormUtil::getPassedValue('id', 0, 'GETPOST'); $oldvalue = (int) FormUtil::getPassedValue('oldvalue', 0, 'GETPOST'); $startnum = FormUtil::getPassedValue('startnum', 1, 'GET'); $letter = FormUtil::getPassedValue('letter', 0); $sort = FormUtil::getPassedValue('sort', ModUtil::getVar('AddressBook', 'addressbooktype') == 1 ? 'sortname ASC' : 'sortcompany ASC'); $search = FormUtil::getPassedValue('search', 0); $category = FormUtil::getPassedValue('category', 0); $private = FormUtil::getPassedValue('private', 0); $url = ModUtil::url('AddressBook', 'user', 'view', array('ot' => $ot, 'startnum' => $startnum, 'letter' => $letter, 'sort' => $sort, 'search' => $search, 'category' => $category, 'private' => $private)); $object = new AddressBook_DBObject_Address(); $data = $object->get($id); // security check // Get user id if (UserUtil::isLoggedIn()) { $user_id = UserUtil::getVar('uid'); } else { $user_id = 0; } if (!(SecurityUtil::checkPermission('AddressBook::', '::', ACCESS_EDIT) || $user_id == $data['user_id'])) { return LogUtil::registerPermissionError(); } $obj = array('company' => $data['company'], 'address1' => $data['address1'], 'address2' => $data['address2'], 'zip' => $data['zip'], 'city' => $data['city'], 'state' => $data['state'], 'country' => $data['country']); $res = DBUtil::updateObject($obj, 'addressbook_address', '', 'company'); if (!$res) { LogUtil::registerError($this->__('Error! Company update failed.')); return System::redirect($url); } // clear respective cache ModUtil::apiFunc('AddressBook', 'user', 'clearItemCache', $data); LogUtil::registerStatus($this->__('Done! Company update successful.')); return System::redirect($url); }
/** * Perform the search. * * @param string $args['g'] query string to search * @param bool $args['firstPage'] is this first search attempt? is so - basic search is performed * @param string $args['searchtype'] (optional) search type (default='AND') * @param string $args['searchorder'] (optional) search order (default='newest') * @param int $args['numlimit'] (optional) number of items to return (default value based on Search settings, -1 for no limit) * @param int $args['page'] (optional) page number (default=1) * @param array $args['active'] (optional) array of search plugins to search (if empty all plugins are used) * @param array $args['modvar'] (optional) array with extrainfo for search plugins * * @return array array of items array and result count, or false on failure */ public function search($args) { // query string and firstPage params are required if (!isset($args['q']) || empty($args['q']) || !isset($args['firstPage'])) { return LogUtil::registerArgsError(); } $vars = array(); $vars['q'] = $args['q']; $vars['searchtype'] = isset($args['searchtype']) && !empty($args['searchtype']) ? $args['searchtype'] : 'AND'; $vars['searchorder'] = isset($args['searchorder']) && !empty($args['searchorder']) ? $args['searchorder'] : 'newest'; $vars['numlimit'] = isset($args['numlimit']) && !empty($args['numlimit']) ? $args['numlimit'] : $this->getVar('itemsperpage', 25); $vars['page'] = isset($args['page']) && !empty($args['page']) ? (int)$args['page'] : 1; $firstPage = isset($args['firstPage']) ? $args['firstPage'] : false; $active = isset($args['active']) && is_array($args['active']) && !empty($args['active']) ? $args['active'] : array(); $modvar = isset($args['modvar']) && is_array($args['modvar']) && !empty($args['modvar']) ? $args['modvar'] : array(); // work out row index from page number $vars['startnum'] = $vars['numlimit'] > 0 ? (($vars['page'] - 1) * $vars['numlimit']) + 1 : 1; // Load database stuff ModUtil::dbInfoLoad('Search'); $dbtable = DBUtil::getTables(); $userId = (int)UserUtil::getVar('uid'); $searchTable = $dbtable['search_result']; $searchColumn = $dbtable['search_result_column']; // Create restriction on result table (so user only sees own results) $userResultWhere = "$searchColumn[session] = '" . session_id() . "'"; // Do all the heavy database stuff on the first page only if ($firstPage) { // Clear current search result for current user - before showing the first page // Clear also older searches from other users. $dbDriverName = strtolower(Doctrine_Manager::getInstance()->getCurrentConnection()->getDriverName()); $where = $userResultWhere; if ($dbDriverName == 'pgsql') { $where .= " OR $searchColumn[found] + INTERVAL '8 HOUR' < NOW()"; } else { $where .= " OR DATE_ADD($searchColumn[found], INTERVAL 8 HOUR) < NOW()"; } DBUtil::deleteWhere('search_result', $where); // get all the search plugins $search_modules = ModUtil::apiFunc('Search', 'user', 'getallplugins'); // Ask active modules to find their items and put them into $searchTable for the current user // At the same time convert modules list from numeric index to modname index $searchModulesByName = array(); foreach ($search_modules as $mod) { // check we've a valid search plugin if (isset($mod['functions']) && (empty($active) || isset($active[$mod['title']]))) { foreach ($mod['functions'] as $contenttype => $function) { if (isset($modvar[$mod['title']])) { $param = array_merge($vars, $modvar[$mod['title']]); } else { $param = $vars; } $searchModulesByName[$mod['name']] = $mod; $ok = ModUtil::apiFunc($mod['title'], 'search', $function, $param); if (!$ok) { LogUtil::registerError($this->__f('Error! \'%1$s\' module returned false in search function \'%2$s\'.', array($mod['title'], $function))); return System::redirect(ModUtil::url('Search', 'user', 'main')); } } } } // Count number of found results $resultCount = DBUtil::selectObjectCount('search_result', $userResultWhere); SessionUtil::setVar('searchResultCount', $resultCount); SessionUtil::setVar('searchModulesByName', $searchModulesByName); } else { $resultCount = SessionUtil::getVar('searchResultCount'); $searchModulesByName = SessionUtil::getVar('searchModulesByName'); } // Fetch search result - do sorting and paging in database // Figure out what to sort by switch ($args['searchorder']) { case 'alphabetical': $sort = 'title'; break; case 'oldest': $sort = 'created'; break; case 'newest': $sort = 'created DESC'; break; default: $sort = 'title'; break; } // Get next N results from the current user's result set // The "checker" object is used to: // 1) do secondary access control (deprecated more or less) // 2) let the modules add "url" to the found (and viewed) items $checker = new search_result_checker($searchModulesByName); $sqlResult = DBUtil::selectObjectArrayFilter('search_result', $userResultWhere, $sort, $vars['startnum'] - 1, $vars['numlimit'], '', $checker, null); // add displayname of modules found $cnt = count($sqlResult); for ($i = 0; $i < $cnt; $i++) { $modinfo = ModUtil::getInfoFromName($sqlResult[$i]['module']); $sqlResult[$i]['displayname'] = $modinfo['displayname']; } $result = array( 'resultCount' => $resultCount, 'sqlResult' => $sqlResult ); return $result; }
/** * Change position or id_parent of an item * @author: Albert Pï¿œrez Monfort (aperezm@xtec.cat) * @param: Array with the identity of the item and his parent * @return: Redirect user to admin main page */ public function movelevel($args) { // Get parameters from whatever input we need $confirmation = FormUtil::getPassedValue('confirmation', isset($args['confirmation']) ? $args['confirmation'] : null, 'POST'); $mid = FormUtil::getPassedValue('mid', isset($args['mid']) ? $args['mid'] : null, 'REQUEST'); $upmid = FormUtil::getPassedValue('upmid', isset($args['upmid']) ? $args['upmid'] : null, 'POST'); if (!SecurityUtil::checkPermission('IWmenu::', '::', ACCESS_ADMIN)) { throw new Zikula_Exception_Forbidden(); } // Get item information $registre = ModUtil::apiFunc('IWmenu', 'admin', 'get', array('mid' => $mid)); if (!$registre) { return LogUtil::registerError($this->__('Menu option not found')); } $text = unserialize($registre['text']); // Ask confirmation to change the level if (empty($confirmation)) { //Agafem els nemï¿œs que tenen per id_parent el mateix que el registre que es vol pujar $records = ModUtil::apiFunc('IWmenu', 'admin', 'getall', array('id_parent' => '-1')); // get all the submenus from the menu $submenusId = ModUtil::func('IWmenu', 'admin', 'getsubmenusIds', array('mid' => $mid)); // add the root in the records array $records_array[] = array('mid' => 0, 'text' => $this->__('Root')); // get current lang code $currentLang = ZLanguage::getLanguageCode(); foreach ($records as $record) { if (!in_array($record['mid'], $submenusId)) { $textArray = unserialize($record['text']); $records_array[] = array('mid' => $record['mid'], 'text' => $textArray[$currentLang]); } } return $this->view->assign('registres', $records_array) ->assign('text', $text[$currentLang]) ->assign('mid', $mid) ->fetch('IWmenu_admin_movelevel.htm'); } // User has confirmed the action // Confirm authorisation code $this->checkCsrfToken(); // Up the item level if (ModUtil::apiFunc('IWmenu', 'admin', 'move_level', array('mid' => $mid, 'id_parent' => $upmid))) { // Update successful LogUtil::registerStatus($this->__('The option has been moved to the parent level')); // Reset the users menus for all users $sv = ModUtil::func('IWmain', 'user', 'genSecurityValue'); ModUtil::func('IWmain', 'user', 'usersVarsDelModule', array('module' => 'IWmenu', 'name' => 'userMenu', 'sv' => $sv)); } // Redirect user to admin main page return System::redirect(ModUtil::url('IWmenu', 'admin', 'main')); }
/** * Update the module configuration * @author: Albert Pérez Monfort (aperezm@xtec.cat) * @return: True if success or false in other case */ public function updateconfig($args) { $check = ModUtil::func('Files', 'user', 'checkingModule'); if ($check['status'] != 'ok') { $this->view->assign('check', $check); return $this->view->fetch('Files_user_failedConf.tpl'); } $folderPath = $check['folderPath']; // Get parameters from whatever input we need. $showHideFiles = FormUtil::getPassedValue('showHideFiles', isset($args['showHideFiles']) ? $args['showHideFiles'] : 0, 'POST'); $usersFolder = FormUtil::getPassedValue('usersFolder', isset($args['usersFolder']) ? $args['usersFolder'] : null, 'POST'); $allowedExtensions = FormUtil::getPassedValue('allowedExtensions', isset($args['allowedExtensions']) ? $args['allowedExtensions'] : null, 'POST'); $defaultQuota = FormUtil::getPassedValue('defaultQuota', isset($args['defaultQuota']) ? $args['defaultQuota'] : null, 'POST'); $filesMaxSize = FormUtil::getPassedValue('filesMaxSize', isset($args['filesMaxSize']) ? $args['filesMaxSize'] : null, 'POST'); $maxWidth = FormUtil::getPassedValue('maxWidth', isset($args['maxWidth']) ? $args['maxWidth'] : null, 'POST'); $maxHeight = FormUtil::getPassedValue('maxHeight', isset($args['maxHeight']) ? $args['maxHeight'] : null, 'POST'); $editableExtensions = FormUtil::getPassedValue('editableExtensions', isset($args['editableExtensions']) ? $args['editableExtensions'] : null, 'POST'); $defaultPublic = FormUtil::getPassedValue('defaultPublic', $args['defaultPublic']==1 ? $args['defaultPublic'] : 0, 'POST'); $scribite_v4 = FormUtil::getPassedValue('scribite_v4', $args['scribite_v4']== true ? true : false, 'POST'); $scribite_v5 = FormUtil::getPassedValue('scribite_v5', $args['scribite_v5']== true ? true : false, 'POST'); $scribite_v4_name = FormUtil::getPassedValue('scribite_v4_name', isset($args['scribite_v4_name']) ? $args['scribite_v4_name'] : '', 'POST'); $scribite_v5_name = FormUtil::getPassedValue('scribite_v5_name', isset($args['scribite_v5_name']) ? $args['scribite_v5_name'] : '', 'POST'); // Security check if (!SecurityUtil::checkPermission('Files::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } // Confirm authorisation code $this->checkCsrfToken(); $moduleVars = array('showHideFiles' => $showHideFiles, 'allowedExtensions' => $allowedExtensions, 'defaultQuota' => $defaultQuota, 'filesMaxSize' => $filesMaxSize, 'maxWidth' => $maxWidth, 'maxHeight' => $maxHeight, 'editableExtensions' => $editableExtensions, 'defaultPublic' => $defaultPublic, 'scribite_v4' => $scribite_v4, 'scribite_v5' => $scribite_v5, 'scribite_v4_name' => $scribite_v4_name, 'scribite_v5_name' => $scribite_v5_name); if ($usersFolder == '' || $usersFolder == null) { LogUtil::registerError($this->__("Users folder can't be empty")); return System::redirect(ModUtil::url('Files', 'admin', 'main')); } $usersFolder = (substr($usersFolder, -1) == '/') ? substr($usersFolder, 0, strlen($usersFolder) - 1) : $usersFolder; $usersFolder = (substr($usersFolder, 0, 1) == '/') ? substr($usersFolder, 1, strlen($usersFolder)) : $usersFolder; $moduleVars['usersFolder'] = $usersFolder; ModUtil::setVars('Files', $moduleVars); LogUtil::registerStatus($this->__('The configuration has been updated')); // This function generated no output, and so now it is complete we redirect // the user to an appropriate page for them to carry on their work return System::redirect(ModUtil::url('Files', 'admin', 'main')); }
/** * Create a comment for a specific item * * This is a standard function that is called with the results of the * form supplied by EZComments_user_view to create a new item * * @param $comment the comment (taken from HTTP put) * @param $mod the name of the module the comment is for (taken from HTTP put) * @param $objectid ID of the item the comment is for (taken from HTTP put) * @param $redirect URL to return to (taken from HTTP put) * @param $subject The subject of the comment (if any) (taken from HTTP put) * @param $replyto The ID of the comment for which this an anser to (taken from HTTP put) * @since 0.1 */ public function create($args) { $mod = isset($args['mod']) ? $args['mod'] : FormUtil::getPassedValue('mod', null, 'POST'); $objectid = isset($args['objectid']) ? $args['objectid'] : FormUtil::getPassedValue('objectid', null, 'POST'); $areaid = isset($args['areaid']) ? $args['areaid'] : FormUtil::getPassedValue('areaid', null, 'POST'); $comment = isset($args['comment']) ? $args['comment'] : FormUtil::getPassedValue('comment', null, 'POST'); $subject = isset($args['subject']) ? $args['subject'] : FormUtil::getPassedValue('subject', null, 'POST'); $replyto = isset($args['replyto']) ? $args['replyto'] : FormUtil::getPassedValue('replyto', null, 'POST'); $owneruid = isset($args['owneruid']) ? $args['owneruid'] : FormUtil::getPassedValue('owneruid', null, 'POST'); $redirect = isset($args['redirect']) ? $args['redirect'] : FormUtil::getPassedValue('redirect', null, 'POST'); $useurl = isset($args['useurl']) ? $args['useurl'] : FormUtil::getPassedValue('useurl', null, 'POST'); // check if the user logged in and if we're allowing anon users to // set a name and email address if (!UserUtil::isLoggedIn()) { $anonname = isset($args['anonname']) ? $args['anonname'] : FormUtil::getPassedValue('anonname', null, 'POST'); $anonmail = isset($args['anonmail']) ? $args['anonmail'] : FormUtil::getPassedValue('anonmail', null, 'POST'); $anonwebsite = isset($args['anonwebsite']) ? $args['anonwebsite'] : FormUtil::getPassedValue('anonwebsite', null, 'POST'); } else { $anonname = ''; $anonmail = ''; $anonwebsite = ''; } if (!isset($owneruid) || !($owneruid > 1)) { $owneruid = 0; } $redirect = str_replace('&', '&', base64_decode($redirect)); $redirect = !empty($redirect) ? $redirect : System::serverGetVar('HTTP_REFERER'); $useurl = base64_decode($useurl); // save the submitted data if any error occurs $ezcomment = unserialize(SessionUtil::getVar('ezcomment', 'a:0:{}')); if (isset($ezcomment[$mod][$objectid])) { unset($ezcomment[$mod][$objectid]); } if (!empty($subject)) { $ezcomment[$mod][$objectid]['subject'] = $subject; } if (!empty($comment)) { $ezcomment[$mod][$objectid]['comment'] = $comment; } if (!empty($anonname)) { $ezcomment[$mod][$objectid]['anonname'] = $anonname; } if (!empty($anonmail)) { $ezcomment[$mod][$objectid]['anonmail'] = $anonmail; } if (!empty($anonwebsite)) { $ezcomment[$mod][$objectid]['anonwebsite'] = $anonwebsite; } // Confirm authorisation code // check csrf token SessionUtil::setVar('ezcomment', serialize($ezcomment)); $this->checkCsrfToken(); SessionUtil::delVar('ezcomment'); // and check we've actually got a comment.... if (empty($comment)) { SessionUtil::setVar('ezcomment', serialize($ezcomment)); return LogUtil::registerError($this->__('Error! The comment contains no text.'), null, $redirect . "#commentform_{$mod}_{$objectid}"); } // Check hooked modules for validation $hookvalidators = $this->notifyHooks(new Zikula_ValidationHook('ezcomments.ui_hooks.comments.validate_edit', new Zikula_Hook_ValidationProviders()))->getValidators(); if ($hookvalidators->hasErrors()) { SessionUtil::setVar('ezcomment', serialize($ezcomment)); return LogUtil::registerError($this->__('Error! The hooked content does not validate. Could it possibly be that a captcha code was entered incorrectly?'), null, $redirect . "#commentform_{$mod}_{$objectid}"); } // now parse out the hostname+subfolder from the url for storing in the DB $url = str_replace(System::getBaseUri(), '', $useurl); $id = ModUtil::apiFunc('EZComments', 'user', 'create', array('mod' => $mod, 'objectid' => $objectid, 'areaid' => $areaid, 'url' => $url, 'comment' => $comment, 'subject' => $subject, 'replyto' => $replyto, 'uid' => UserUtil::getVar('uid'), 'owneruid' => $owneruid, 'useurl' => $useurl, 'redirect' => $redirect, 'anonname' => $anonname, 'anonmail' => $anonmail, 'anonwebsite' => $anonwebsite)); if ($id) { // clear respective cache ModUtil::apiFunc('EZComments', 'user', 'clearItemCache', array('id' => $id, 'modname' => $mod, 'objectid' => $objectid, 'url' => $url)); } else { // redirect if it was not successful SessionUtil::setVar('ezcomment', $ezcomment); System::redirect($redirect . "#commentform_{$mod}_{$objectid}"); } // clean/set the session data if (isset($ezcomment[$mod][$objectid])) { unset($ezcomment[$mod][$objectid]); if (empty($ezcomment[$mod])) { unset($ezcomment[$mod]); } } if (empty($ezcomment)) { SessionUtil::delVar('ezcomment'); } else { SessionUtil::setVar('ezcomment', serialize($ezcomment)); } return System::redirect($redirect . '#comment' . $id); }
/** * Decode the path string into a set of variable/value pairs. * * This API works in conjunction with the new short urls * system to extract a path based variable set into the Get, Post * and request superglobals. * A sample path is /modname/function/var1:value1. * * @return void */ public static function queryStringDecode() { if (self::isInstalling()) { return; } // get our base parameters to work out if we need to decode the url $module = FormUtil::getPassedValue('module', null, 'GETPOST', FILTER_SANITIZE_STRING); $func = FormUtil::getPassedValue('func', null, 'GETPOST', FILTER_SANITIZE_STRING); $type = FormUtil::getPassedValue('type', null, 'GETPOST', FILTER_SANITIZE_STRING); // check if we need to decode the url if (self::getVar('shorturls') && (empty($module) && empty($type) && empty($func))) { // user language is not set at this stage $lang = System::getVar('language_i18n', ''); $customentrypoint = self::getVar('entrypoint'); $expectEntrypoint = !self::getVar('shorturlsstripentrypoint'); $root = empty($customentrypoint) ? 'index.php' : $customentrypoint; // check if we hit baseurl, e.g. domain.com/ and if we require the language URL // then we should redirect to the language URL. if (ZLanguage::isRequiredLangParam() && self::getCurrentUrl() == self::getBaseUrl()) { $uri = $expectEntrypoint ? "{$root}/{$lang}" : "{$lang}"; self::redirect(self::getBaseUrl() . $uri); self::shutDown(); } // check if entry point is part of the URL expectation. If so throw error if it's not present // since this URL is technically invalid. if ($expectEntrypoint && strpos(self::getCurrentUrl(), self::getBaseUrl() . $root) !== 0) { $protocol = System::serverGetVar('SERVER_PROTOCOL'); header("{$protocol} 404 Not Found"); echo __('The requested URL cannot be found'); system::shutDown(); } if (!$expectEntrypoint && self::getCurrentUrl() == self::getBaseUrl() . $root) { self::redirect(self::getHomepageUrl()); self::shutDown(); } if (!$expectEntrypoint && strpos(self::getCurrentUrl(), self::getBaseUrl() . $root) === 0) { $protocol = System::serverGetVar('SERVER_PROTOCOL'); header("{$protocol} 404 Not Found"); echo __('The requested URL cannot be found'); system::shutDown(); } // get base path to work out our current url $parsedURL = parse_url(self::getCurrentUri()); // strip any unwanted content from the provided URL $tobestripped = array(self::getBaseUri(), "{$root}"); $path = str_replace($tobestripped, '', $parsedURL['path']); $path = trim($path, '/'); // split the path into a set of argument strings $args = explode('/', rtrim($path, '/')); // ensure that each argument is properly decoded foreach ($args as $k => $v) { $args[$k] = urldecode($v); } $modinfo = null; $frontController = $expectEntrypoint ? "{$root}/" : ''; // if no arguments present if (!$args[0] && !isset($_GET['lang']) && !isset($_GET['theme'])) { // we are in the homepage, checks if language code is forced if (ZLanguage::getLangUrlRule() && $lang) { // and redirect then System::redirect(self::getCurrentUrl() . "/{$lang}"); System::shutDown(); } } else { // check the existing shortURL parameters // validation of the first parameter as language code if (ZLanguage::isLangParam($args[0]) && in_array($args[0], ZLanguage::getInstalledLanguages())) { // checks if the language is not enforced and this url is passing the default lang if (!ZLanguage::getLangUrlRule() && $lang == $args[0]) { // redirects the passed arguments without the default site language array_shift($args); foreach ($args as $k => $v) { $args[$k] = urlencode($v); } System::redirect(self::getBaseUrl() . $frontController . ($args ? implode('/', $args) : '')); System::shutDown(); } self::queryStringSetVar('lang', $args[0]); array_shift($args); } elseif (ZLanguage::getLangUrlRule()) { // if the lang is forced, redirects the passed arguments plus the lang foreach ($args as $k => $v) { $args[$k] = urlencode($v); } $langTheme = isset($_GET['theme']) ? "{$lang}/{$_GET['theme']}" : $lang; System::redirect(self::getBaseUrl() . $frontController . $langTheme . '/' . implode('/', $args)); System::shutDown(); } // check if there are remaining arguments if ($args) { // try the first argument as a module $modinfo = ModUtil::getInfoFromName($args[0]); if ($modinfo) { array_shift($args); } } // if that fails maybe it's a theme if ($args && !$modinfo) { $themeinfo = ThemeUtil::getInfo(ThemeUtil::getIDFromName($args[0])); if ($themeinfo) { self::queryStringSetVar('theme', $themeinfo['name']); // now shift the vars and continue as before array_shift($args); if ($args) { $modinfo = ModUtil::getInfoFromName($args[0]); if ($modinfo) { array_shift($args); } } } } // if there are parameters (not homepage) // try to see if there's a default shortURLs module if ($args && !$modinfo) { // add the default module handler into the code $modinfo = ModUtil::getInfoFromName(self::getVar('shorturlsdefaultmodule')); } } // check if there is a module and a custom url handler for it // if not decode the url using the default handler if ($modinfo && $modinfo['type'] != 0) { // prepare the arguments to the module handler array_unshift($args, ''); // support for 1.2- empty parameter due the initial explode array_unshift($args, $modinfo['url']); // set the REQUEST parameters self::queryStringSetVar('module', $modinfo['name']); // the user.function name can be the second argument string, set a default // later the custom module handler (if exists) must setup a new one if needed self::queryStringSetVar('type', 'user'); if (isset($args[2])) { self::queryStringSetVar('func', $args[2]); } else { self::queryStringSetVar('func', 'main'); } if (!ModUtil::apiFunc($modinfo['name'], 'user', 'decodeurl', array('vars' => $args))) { // any remaining arguments are specific to the module $argscount = count($args); for ($i = 3; $i < $argscount; $i = $i + 2) { if (isset($args[$i]) && isset($args[$i + 1])) { self::queryStringSetVar($args[$i], urldecode($args[$i + 1])); } } } } } }
/** * This function processes the results of the test form * @author Francesc Bassas i Bullich * @param string args['toname'] name to the recipient * @param string args['toaddress'] the address of the recipient * @param string args['subject'] message subject * @param string args['body'] message body * @param int args['html'] HTML flag * @return bool true if successful, false otherwise */ public function sendmessage($args) { // security check if (!SecurityUtil::checkPermission('SiriusXtecMailer::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } $toaddress = (string) FormUtil::getPassedValue('toaddress', isset($args['toaddress']) ? $args['toaddress'] : null, 'POST'); $subject = (string) FormUtil::getPassedValue('subject', isset($args['subject']) ? $args['subject'] : null, 'POST'); $body = (string) FormUtil::getPassedValue('body', isset($args['body']) ? $args['body'] : null, 'POST'); $html = (bool) FormUtil::getPassedValue('html', isset($args['html']) ? $args['html'] : false, 'POST'); // Confirm authorisation code $this->checkCsrfToken(); $result = ModUtil::apiFunc('Mailer', 'user', 'sendmessage', array('toaddress' => $toaddress, 'subject' => $subject, 'body' => $body, 'html' => $html)); // check our result and return the correct error code if ($result === true) { // Success LogUtil::registerStatus(__('Done! Message sent.')); } elseif ($result === false) { // Failure LogUtil::registerError(__f('Error! Could not send message. %s', '')); } else { // Failure with error LogUtil::registerError(__f('Error! Could not send message. %s', $result)); } // This function generated no output, and so now it is complete we redirect // the user to an appropriate page for them to carry on their work return System::redirect(ModUtil::url('SiriusXtecMailer', 'admin', 'main')); }
/** * create the fields necessary for synchronization * @author: Albert Pérez Monfort (aperezm@xtec.cat) * @param: id of the note, id of the form and ids of the needed fields * @return: True if success and false otherwise */ public function fieldsToDelete($args) { $fid = (isset($args['fid'])) ? $args['fid'] : null; $fmid = (isset($args['fmid'])) ? $args['fmid'] : null; // Security check if (!SecurityUtil::checkPermission('IWforms::', "::", ACCESS_READ)) { throw new Zikula_Exception_Forbidden(); } //check user access to this form $access = ModUtil::func('IWforms', 'user', 'access', array('fid' => $fid)); if ($access['level'] < 7) { LogUtil::registerError($this->__('You can not access this form to view the annotations')); // Redirect to the main site for the user return System::redirect(ModUtil::url('IWforms', 'user', 'main')); } $noteContent = ModUtil::apiFunc('IWforms', 'user', 'getAllNoteContents', array('fid' => $fid, 'fmid' => $fmid)); if (!$noteContent) { LogUtil::registerError($this->__('Note content not found')); return System::redirect(ModUtil::url('IWforms', 'user', 'manage', array('fid' => $fid, 'order' => $order, 'ipp' => $ipp, 'init' => $init, 'filterValue' => $filterValue, 'filter' => $filter))); } $fieldsIdsNoteArray = array(); foreach ($noteContent as $noteContentId) { $fieldsIdsNoteArray[] = $noteContentId['fndid']; } //get form fields $fields = ModUtil::apiFunc('IWforms', 'user', 'getAllFormFields', array('fid' => $fid, 'whereArray' => 'active|1')); if (!$fields) { LogUtil::registerError($this->__('Note fields not found')); return System::redirect(ModUtil::url('IWforms', 'user', 'manage', array('fid' => $fid, 'order' => $order, 'ipp' => $ipp, 'init' => $init, 'filterValue' => $filterValue, 'filter' => $filter))); } foreach ($fields as $field) { if ($field['fieldType'] < 10) { $fieldsIdsArray[] = $field['fndid']; } } // get the fields that must be deleted $toDelete = array_diff($fieldsIdsNoteArray, $fieldsIdsArray); $pntable = DBUtil::getTables(); $c = $pntable['IWforms_note_column']; foreach ($toDelete as $delete) { $where = "$c[fmid]=$fmid AND $c[fndid]=$delete"; if (!DBUTil::deleteWhere('IWforms_note', $where)) { return LogUtil::registerError($this->__('Error! delete attempt failed during field synchronization.')); } } return false; }
include $phpbb_root_path . 'extension.inc'; include $phpbb_root_path . 'common.' . $phpEx; include $phpbb_root_path . 'includes/functions_post.' . $phpEx; $topic = isset($_POST['topic']) ? $_POST['topic'] : $_GET['topic']; $friendname = $_POST['friendname']; $message = $_POST['message']; // Begin PNphpBB2 Module $link = System::getBaseUrl() . append_sid("viewtopic") . "&" . $_GET['link']; // End PNphpBB2 Module $PHP_SELF = $_SERVER['PHP_SELF']; $userdata = session_pagestart($user_ip, PAGE_INDEX); init_userprefs($userdata); if (!$userdata['session_logged_in']) { // ZphpBB2 - use Zikula login and redirect //redirect(append_sid("login.$phpEx?redirect=tellafriend.$phpEx&topic=$topic_title&link=" . POST_TOPIC_URL . "=$topic_id", true)); System::redirect(ModUtil::url('Users', 'user', 'login', array('returnpage' => urlencode(System::getCurrentUri())))); // <= ZphpBB2 } $mail_body = str_replace("{TOPIC}", trim(stripslashes($topic)), $lang['Tell_Friend_Body']); $mail_body = str_replace("{LINK}", $link, $mail_body); $mail_body = str_replace("{SITENAME}", $board_config['sitename'], $mail_body); $template->assign_vars(array('L_TELL_FRIEND_TITLE' => $lang['Tell_Friend_Title'], 'L_TELL_FRIEND_EMAIL_MESSAGE' => $lang['Tell_Friend_Email_Message'], 'L_TELL_FRIEND_SENDER_USER' => $lang['Tell_Friend'], 'L_TELL_FRIEND_SENDER_USER' => $lang['Tell_Friend_Sender_User'], 'L_TELL_FRIEND_SENDER_EMAIL' => $lang['Tell_Friend_Sender_Email'], 'L_TELL_FRIEND_RECIEVER_USER' => $lang['Tell_Friend_Reciever_User'], 'L_TELL_FRIEND_RECIEVER_EMAIL' => $lang['Tell_Friend_Reciever_Email'], 'L_TELL_FRIEND_MSG' => $lang['Tell_Friend_Msg'], 'L_TELL_FRIEND_BODY' => $mail_body, 'SUBMIT_ACTION' => append_sid("tellafriend"), 'L_SUBMIT' => $lang['Send_email'], 'SITENAME' => $board_config['sitename'], 'TOPIC' => trim(stripslashes($topic)), 'LINK' => $link, 'SENDER_NAME' => DataUtil::formatForDisplay($userdata['username']), 'SENDER_MAIL' => $userdata['user_email'])); if (isset($_POST['submit'])) { $error = FALSE; if (!empty($_POST['friendemail']) && strpos($_POST['friendemail'], "@") > 0) { $friendemail = trim(stripslashes($_POST['friendemail'])); if (!$_POST['friendname']) { $friendname = substr($friendemail, 0, strpos($_POST['friendemail'], "@")); } } else { $error = TRUE;
/** * This is a standard function to update the configuration parameters of the * module given the information passed back by the modification form. * * @return boolean True. */ public function updateconfig() { $this->checkCsrfToken(); // Security check $this->throwForbiddenUnless(SecurityUtil::checkPermission('Groups::', '::', ACCESS_ADMIN)); // Update module variables. $itemsperpage = (int) FormUtil::getPassedValue('itemsperpage', 25, 'POST'); $this->setVar('itemsperpage', $itemsperpage); $defaultgroupid = (int) FormUtil::getPassedValue('defaultgroupid', 1, 'POST'); // convert id to name $group = ModUtil::apiFunc('Groups', 'user', 'get', array('gid' => $defaultgroupid)); if ($group == false) { LogUtil::registerError($this->__('Error! Could not save the module configuration.')); return System::redirect(ModUtil::url('Groups', 'admin', 'view')); } $this->setVar('defaultgroup', $group['gid']); $mailwarning = (bool) FormUtil::getPassedValue('mailwarning', false, 'POST'); $this->setVar('mailwarning', $mailwarning); $hideclosed = (bool) FormUtil::getPassedValue('hideclosed', false, 'POST'); $this->setVar('hideclosed', $hideclosed); // the module configuration has been updated successfuly LogUtil::registerStatus($this->__('Done! Saved module configuration.')); // This function generated no output $this->redirect(ModUtil::url('Groups', 'admin', 'view')); }
/** * delete an avatar or, if users use it, forward to listusers * */ public function delete() { if (!SecurityUtil::checkPermission('Avatar::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } $avatar = FormUtil::getPassedValue('avatar', '', 'GETPOST'); if (empty($avatar)) { return System::redirect(ModUtil::url('Avatar', 'Admin', 'main')); } // get all users that use this avatar $users = ModUtil::apiFunc('Avatar', 'admin', 'getusersbyavatar', array('avatar' => $avatar)); if (count($users) != 0) { // there are users, at least one, using this avatar, redirect to listusers return LogUtil::registerError($this->__('Warning! This avatar is in use and cannot be deleted. If you want to delete it, please change the avatars of the users listed below.'), null, ModUtil::url('Avatar', 'admin', 'listusers', array('avatar' => $avatar))); } // ok to delete $submit = FormUtil::getPassedValue('submit', null, 'POST'); if ($submit) { // delete avatar ModUtil::apiFunc('Avatar', 'admin', 'deleteavatar', array('avatar' => $avatar)); return System::redirect(ModUtil::url('Avatar', 'admin', 'main')); } else { $this->view->assign('avatarpath', ModUtil::getVar('Users', 'avatarpath')); $this->view->assign('avatar', $avatar); return $this->view->fetch('Avatar_admin_delete.htm'); } // we should never get here return System::redirect(ModUtil::url('Avatar', 'Admin', 'main')); }
public function summary() { if (!SecurityUtil::checkPermission('IWstats::', '::', ACCESS_ADMIN)) { //throw new Zikula_Exception_Forbidden(); } $days = 7; ModUtil::apiFunc('IWstats', 'admin', 'summary', array('days' => $days, )); // Success LogUtil::registerStatus($this->__('Summary reported')); return System::redirect(ModUtil::url('IWstats', 'admin', 'view')); }