public function __construct($gallery, $filename) { parent::__construct('editImageForm'); $sanitizer = new Sanitizer(); $gallery = $sanitizer->filterUint('gallery'); $filename = $sanitizer->filterString('filename'); $sql = 'SELECT i.filename, i.gallery, i.caption, i.promo, i.published, g.title FROM images i, galleries g WHERE i.gallery = g.id AND g.id = :gallery AND i.filename = :filename LIMIT 1'; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue(':gallery', $gallery); $stmt->bindValue(':filename', $filename); $stmt->execute(); if ($stmt->numRows() == 0) { throw new Exception('Image entry not found in the database. The image may exist on the filesystem.'); } $current = $stmt->fetchRow(); $this->addElement(new ElementHidden('mode', null, 'editImage')); $this->addElement(new ElementHidden('gallery', null, $gallery)); $this->addElement(new ElementHidden('filename', null, $filename)); $this->addElement(new ElementInput('caption', 'Caption', $current['caption'])); $this->addElement(new ElementCheckbox('promo', 'Promotional image', $current['promo'], 'Is this image a promotional image? Promotional images are used on the homepage.')); $this->addElement(new ElementCheckbox('published', 'Published', $current['published'])); $this->addButtons(Form::BTN_SUBMIT); $this->setTitle('<a href = "gallery.php">Galleries</a> » Gallery: <a href = "viewGallery.php?id=' . $gallery . '">' . $current['title'] . '</a> » Edit image'); }
<?php require_once 'includes/common.php'; use libAllure\ElementHidden; use libAllure\Sanitizer; $sanitizer = new Sanitizer(); $form = $sanitizer->filterAlphaNumeric('form'); $form = new $form(); $form->addElement(new ElementHidden('form', null, get_class($form))); $redirect = $sanitizer->filterString('redirect'); if (!empty($redirect)) { $form->addElement(new ElementHidden('redirect', null, $redirect)); } if ($form->validate()) { $form->process(); if (!empty($redirect)) { redirect($redirect, 'You are being redirected.'); } } require_once 'includes/widgets/header.php'; if (isset($showSidebar)) { require_once 'includes/widgets/sidebar.php'; } $tpl->assignForm($form); $tpl->display('form.tpl'); require_once 'includes/widgets/footer.php';
<?php require_once 'includes/common.php'; require_once 'includes/classes/Group.php'; require_once 'includes/classes/FormUpdateGroupPrivileges.php'; require_once 'includes/classes/FormGroupEdit.php'; require_once 'includes/classes/FormGroupCreate.php'; use libAllure\Sanitizer; use libAllure\Session; use libAllure\DatabaseFactory; use libAllure\ElementHidden; use libAllure\User; $sanitizer = new Sanitizer(); $action = $sanitizer->filterString('action'); switch ($action) { case 'makePrimary': Session::requirePriv('GROUP_PRIMARY'); $groupId = $sanitizer->filterUint('group'); $userId = $sanitizer->filterUint('user'); $sql = 'UPDATE users SET `group` = :groupId WHERE id = :userId LIMIT 1'; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue(':groupId', $groupId); $stmt->bindValue(':userId', $userId); $stmt->execute(); redirect('profile.php?id=' . $userId, 'Primary group changed for user.'); break; case 'delete': Session::requirePriv('GROUP_DELETE'); try { $id = $sanitizer->filterUint('id'); $group = new Group($id);
<?php require_once 'includes/common.php'; require_once 'includes/classes/Basket.php'; require_once 'includes/classes/Events.php'; use libAllure\Session; use libAllure\Sanitizer; if (!Session::isLoggedIn()) { redirect('login.php', 'You must login to use the checkout!'); } if (Basket::isEmpty()) { redirect('basket.php', 'You cannot go to the checkout with an empty basket!'); } $sanitizer = new Sanitizer(); $cost = Basket::getTotal(); switch ($sanitizer->filterString('action')) { case 'cash': $f = new FormPayTicketCash(); if ($f->validate()) { $f->process(); foreach (Basket::getContents() as $ticket) { Events::setSignupStatus(Session::getUser()->getId(), $ticket['eventId'], 'CASH_IN_POST'); } Basket::clear(); redirect('account.php', 'Thanks, you will be marked as PAID by an admin when they receive the cash.'); } require_once 'includes/widgets/header.php'; $f->addElementHidden('action', 'cash'); $tpl->assignForm($f); $tpl->display('form.tpl'); require_once 'includes/widgets/footer.php';
<?php require_once 'includes/common.php'; require_once 'libAllure/Inflector.php'; use libAllure\Sanitizer; use libAllure\FormHandler; use libAllure\Inflector; $sanitizer = new Sanitizer(); $gallery = $sanitizer->filterUint('gallery'); $filename = $sanitizer->filterString('filename'); $handler = new FormHandler('FormGalleryImageEdit', $tpl); $handler->setConstructorArgument(0, $gallery); $handler->setConstructorArgument(1, $filename); $handler->setRedirect('viewGalleryImage.php?gallery=' . $gallery . '&filename=' . $filename, 'Gallery image edited.'); $handler->handle();
<?php require_once 'includes/common.php'; require_once 'includes/classes/Galleries.php'; require_once 'includes/classes/FormGalleryEdit.php'; require_once 'includes/classes/ItemGallery.php'; use libAllure\Sanitizer; use libAllure\Session; $sanitizer = new Sanitizer(); $mode = $sanitizer->filterString('mode'); if (!getSiteSetting('galleryFeature')) { redirect('index.php', 'Gallery feature is disabled.'); } switch ($mode) { case 'editImage': requirePrivOrRedirect('GALLERY_UPDATE_IMAGE'); require_once 'updateGalleryImage.php'; break; case 'addImage': requirePrivOrRedirect('GALLERY_CREATE_IMAGE'); $gallery = intval($_REQUEST['gallery']); $filename = $_REQUEST['filename']; $sql = 'INSERT INTO images (gallery, filename) VALUES (:gallery, :filename) '; $stmt = $db->prepare($sql); $stmt->bindValue(':gallery', $gallery); $stmt->bindValue(':filename', $filename); $stmt->execute(); redirect('viewGalleryImage.php?filename=' . $filename . '&gallery=' . $gallery, 'Image added to database.'); break; case 'makeCoverImage': requirePrivOrRedirect('GALLERY_SET_COVER_IMAGE');
<?php require_once 'includes/common.php'; use libAllure\Sanitizer; $sanitizer = new Sanitizer(); $gallery = Galleries::GetById($sanitizer->filterUint('gallery')); $image = Galleries::getImage($sanitizer->filterString('filename'), $gallery); require_once 'includes/widgets/header.php'; require_once 'includes/widgets/sidebar.php'; Galleries::getPrevNext($image['filename'], $gallery, $prev, $next, $cii, $count); $tpl->assign('imageNumber', $cii + 1); $tpl->assign('imageCount', $count); $tpl->assign('prevFilename', $prev); $tpl->assign('nextFilename', $next); $tpl->assign('image', $image); $tpl->assign('gallery', $gallery); if (strpos($image['filename'], '.jpg') != null) { $tpl->assign('exifData', \libAllure\array_flatten(@exif_read_data($gallery['fullPath'] . $image['filename']))); } else { $tpl->assign('exifData', null); } $tpl->display('viewGalleryImage.tpl'); require_once 'includes/widgets/footer.php';