protected function _gridRead($params) { if (1 == count($this->_iaCore->requestPath)) { switch ($this->_iaCore->requestPath[0]) { case 'documentation': return $this->_getDocumentation($params['name']); case 'install': case 'reinstall': case 'uninstall': $action = $this->_iaCore->requestPath[0]; $iaAcl = $this->_iaCore->factory('acl'); if (!$iaAcl->isAccessible($this->getName(), $action)) { return iaView::accessDenied(); } $pluginName = $_POST['name']; return 'uninstall' == $action ? $this->_uninstall($pluginName) : $this->_install($pluginName, $action); } } $output = array(); $start = isset($params['start']) ? (int) $params['start'] : 0; $limit = isset($params['limit']) ? (int) $params['limit'] : 15; $sort = isset($params['sort']) ? $params['sort'] : ''; $dir = in_array($params['dir'], array(iaDb::ORDER_ASC, iaDb::ORDER_DESC)) ? $params['dir'] : iaDb::ORDER_ASC; $filter = empty($params['filter']) ? '' : $params['filter']; switch ($params['type']) { case 'installed': $output = $this->_getInstalledPlugins($start, $limit, $sort, $dir, $filter); break; case 'local': $output = $this->_getLocalPlugins($start, $limit, $dir, $filter); break; case 'remote': $output = $this->_getRemotePlugins($start, $limit, $dir, $filter); } return $output; }
if ($memberId && isset($_POST['plan_id']) && is_numeric($_POST['plan_id'])) { $plan = $iaPlan->getById($_POST['plan_id']); $usergroup = $plan['usergroup'] ? $plan['usergroup'] : iaUsers::MEMBERSHIP_REGULAR; $iaDb->update(array('id' => $memberId, 'usergroup_id' => $usergroup), 0, 0, iaUsers::getTable()); if ($plan['cost'] > 0) { $itemData['id'] = $memberId; $itemData['member_id'] = $memberId; if ($url = $iaPlan->prePayment($iaUsers->getItemName(), $itemData, $plan['id'])) { iaUtil::redirect(iaLanguage::get('thanks'), iaLanguage::get('member_created'), $url); } } } } } elseif ('register_confirm' == $iaView->name()) { if (!isset($_GET['email']) || !isset($_GET['key'])) { return iaView::accessDenied(); } $error = true; if ($iaUsers->confirmation($_GET['email'], $_GET['key'])) { $messages[] = $iaCore->get('members_autoapproval') ? iaLanguage::get('reg_confirmed') : iaLanguage::get('reg_confirm_adm_approve'); $error = false; $url = $iaCore->get('members_autoapproval') ? IA_URL . 'login/' : IA_URL; iaUtil::redirect(iaLanguage::get('reg_confirmation'), $messages, $url); } else { $messages[] = iaLanguage::get('confirmation_key_incorrect'); } $iaView->assign('success', !$error); } } switch ($iaView->name()) { case 'member_password_forgot':
private function _checkActions($page, &$iaView) { $iaAcl = $this->_iaCore->factory('acl'); $adminActions = $iaView->getValues('admin_actions'); foreach ($this->_actions as $index => $action) { if (!$iaAcl->checkAccess($this->getName() . $action)) { unset($adminActions['db_' . $action], $this->_actions[$index]); } } $iaView->assign('admin_actions', $adminActions); if (!$iaAcl->checkAccess($this->getName() . $page)) { return iaView::accessDenied(); } }
private function _save(&$iaView) { $iaAcl = $this->_iaCore->factory('acl'); if (!$iaAcl->checkAccess($iaView->name() . iaAcl::SEPARATOR . iaCore::ACTION_EDIT)) { return iaView::accessDenied(); } $where = "`type` != 'hidden' " . ($this->_type ? 'AND `custom` = 1' : ''); $params = $this->_iaDb->keyvalue(array('name', 'type'), $where, iaCore::getConfigTable()); // correct admin dashboard URL generation $adminPage = $this->_iaCore->get('admin_page'); iaUtil::loadUTF8Functions('ascii', 'validation', 'bad', 'utf8_to_ascii'); $messages = array(); $error = false; if ($_POST['v'] && is_array($_POST['v'])) { $values = $_POST['v']; $this->_iaCore->startHook('phpConfigurationChange', array('configurationValues' => &$values)); $this->_iaDb->setTable(iaCore::getConfigTable()); foreach ($values as $key => $value) { $s = strpos($key, '_items_enabled'); if ($s !== false) { $p = $this->_iaCore->get($key, '', !is_null($this->_type)); $array = $p ? explode(',', $p) : array(); $data = array(); array_shift($value); if ($diff = array_diff($value, $array)) { foreach ($diff as $item) { array_push($data, array('action' => '+', 'item' => $item)); } } if ($diff = array_diff($array, $value)) { foreach ($diff as $item) { array_push($data, array('action' => '-', 'item' => $item)); } } $extra = substr($key, 0, $s); $this->_iaCore->startHook('phpPackageItemChangedForPlugin', array('data' => $data), $extra); } if (is_array($value)) { $value = implode(',', $value); } if (!utf8_is_valid($value)) { $value = utf8_bad_replace($value); trigger_error('Bad UTF-8 detected (replacing with "?") in configuration', E_USER_NOTICE); } if (self::TYPE_IMAGE == $params[$key]) { if (isset($_POST['delete'][$key])) { $value = ''; } elseif (!empty($_FILES[$key]['name'])) { if (!(bool) $_FILES[$key]['error']) { if (@is_uploaded_file($_FILES[$key]['tmp_name'])) { $ext = strtolower(utf8_substr($_FILES[$key]['name'], -3)); // if jpeg if ($ext == 'peg') { $ext = 'jpg'; } if (!array_key_exists(strtolower($_FILES[$key]['type']), $this->_imageTypes) || !in_array($ext, $this->_imageTypes, true) || !getimagesize($_FILES[$key]['tmp_name'])) { $error = true; $messages[] = iaLanguage::getf('file_type_error', array('extension' => implode(', ', array_unique($this->_imageTypes)))); } else { if ($this->_iaCore->get($key) && file_exists(IA_UPLOADS . $this->_iaCore->get($key))) { iaUtil::deleteFile(IA_UPLOADS . $this->_iaCore->get($key)); } $value = $fileName = $key . '.' . $ext; @move_uploaded_file($_FILES[$key]['tmp_name'], IA_UPLOADS . $fileName); @chmod(IA_UPLOADS . $fileName, 0777); } } } } else { $value = $this->_iaCore->get($key, '', !is_null($this->_type)); } } if ($this->_type) { $where = sprintf("`name` = '%s' AND `type` = '%s' AND `type_id` = %d", $key, $this->_type, $this->_typeId); $this->_iaDb->setTable(iaCore::getCustomConfigTable()); if ($_POST['c'][$key]) { $values = array('name' => $key, 'value' => $value, 'type' => $this->_type, 'type_id' => $this->_typeId); if ($this->_iaDb->exists($where)) { unset($values['value']); $this->_iaDb->bind($where, $values); $this->_iaDb->update(array('value' => $value), $where); } else { $this->_iaDb->insert($values); } } else { $this->_iaDb->delete($where); } $this->_iaDb->resetTable(); } else { $this->_iaDb->update(array('value' => $value), iaDb::convertIds($key, 'name')); } } $this->_iaDb->resetTable(); $this->_iaCore->iaCache->clearAll(); } if (!$error) { $iaView->setMessages(iaLanguage::get('saved'), iaView::SUCCESS); if (isset($_POST['param']['admin_page']) && $_POST['param']['admin_page'] != $adminPage) { iaUtil::go_to(IA_URL . $_POST['param']['admin_page'] . '/configuration/general/'); } } elseif ($messages) { $iaView->setMessages($messages); } }
protected function _checkPermissions() { $iaAcl = $this->factory('acl'); if (self::ACCESS_ADMIN == $this->getAccessType()) { if (!iaUsers::hasIdentity()) { iaView::errorPage(iaView::ERROR_UNAUTHORIZED); } elseif (!$iaAcl->isAdmin()) { iaView::accessDenied(); } } elseif (iaView::PAGE_ERROR == $this->iaView->name()) { return; } $iaAcl->isAccessible($this->iaView->get('name'), $this->iaView->get('action')) || iaView::accessDenied(); }
private function _processAction(&$iaView) { $iaAcl = $this->_iaCore->factory('acl'); $iaLog = $this->_iaCore->factory('log'); $package = iaSanitize::sql($this->_iaCore->requestPath[0]); $action = $this->_iaCore->requestPath[1]; $error = false; switch ($action) { case 'activate': case 'deactivate': if (!$iaAcl->isAccessible($this->getName(), 'activate')) { return iaView::accessDenied(); } if ($this->_activate($package, 'deactivate' == $action)) { $type = 'deactivate' == $action ? iaLog::ACTION_DISABLE : iaLog::ACTION_ENABLE; $iaLog->write($type, array('type' => iaExtra::TYPE_PACKAGE, 'name' => $package), $package); } else { $error = true; } break; case 'set_default': if (!$iaAcl->isAccessible($this->getName(), $action)) { return iaView::accessDenied(); } $error = !$this->_setDefault($package); break; case 'reset': if (!$iaAcl->isAccessible($this->getName(), 'set_default')) { return iaView::accessDenied(); } $error = !$this->_reset($iaView->domain); break; case iaExtra::ACTION_INSTALL: case iaExtra::ACTION_UPGRADE: if (!$iaAcl->isAccessible($this->getName(), $action)) { return iaView::accessDenied(); } if ($this->_install($package, $action, $iaView->domain)) { // log this event $action = $this->getHelper()->isUpgrade ? iaLog::ACTION_UPGRADE : iaLog::ACTION_INSTALL; $iaLog->write($action, array('type' => iaExtra::TYPE_PACKAGE, 'name' => $package, 'to' => $this->getHelper()->itemData['info']['version']), $package); // $iaSitemap = $this->_iaCore->factory('sitemap', iaCore::ADMIN); $iaSitemap->generate(); } else { $error = true; } break; case iaExtra::ACTION_UNINSTALL: if (!$iaAcl->isAccessible($this->getName(), $action)) { return iaView::accessDenied(); } if ($this->_uninstall($package)) { $iaLog->write(iaLog::ACTION_UNINSTALL, array('type' => iaExtra::TYPE_PACKAGE, 'name' => $package), $package); } else { $error = true; } } $this->_iaCore->iaCache->clearAll(); $iaView->setMessages($this->getMessages(), $error ? iaView::ERROR : iaView::SUCCESS); iaUtil::go_to($this->getPath()); }