private function tryProcessPostData($postData) { $reqfields = array('link_path', 'link_target', 'link_priority'); if (!$postData->hasValues($reqfields)) { $this->errorMessage = 'Please specify: <ul> <li>Path</li> <li>Target</li> <li>Priority</li> </ul>'; return; } $fields = $reqfields; extract($postData->filter($fields)); $link_priority = intval($link_priority); if ($link_priority < 0 || $link_priority > 1000) { $this->errorMessage = 'Priority must be between 0 and 1000'; return; } $dbc = Application::dbConnection(); $entry = $dbc->links()->addLink('regex', $link_path, $link_target, Authorization::user()->id); if (!$entry) { $this->errorMessage = 'An internal error occurred while creating the short URL. Please try again or ask an administrator for help.'; return; } $success = $dbc->links()->setPriority($entry->id, $link_priority); if (!$success) { $url = self::getURL('links/details', array('link' => $entry->id)); $this->errorMessage = 'The link was created, but the priority could not be set. Please <a href="' . WebRenderer::escapeAttr($url) . '">try again</a>'; return; } self::redirectTo('links/details', array('link' => $entry->id)); exit; }
/** * Retrieves a user from the current authorization context which should be * used for permission checks. */ public static function currentUser() { if (Authorization::switched()) { return Authorization::realUser(); } return Authorization::user(); }
private function tryProcessPostData($postData) { $reqfields = array('target_link'); if (!$postData->hasValues($reqfields)) { $this->errorMessage = 'Please enter a target link.'; return; } $fields = $reqfields; $fields[] = 'use_custom_path'; $fields[] = 'custom_path'; $fields[] = 'override_wildcards'; extract($postData->filter($fields)); if ($override_wildcards) { if (!self::hasPermission('link.override_wildcards')) { $this->errorMessage = 'You are not permitted to override wildcards.'; return; } } $dbc = Application::dbConnection(); $opts = $dbc->options()->getOptions(array('linkgen_chars', 'linkgen_length', 'custom_links_regex')); extract($opts); if ($use_custom_path) { if (!$custom_path) { $this->errorMessage = 'Please enter a valid short path or uncheck the custom path option.'; return; } if (!self::hasPermission('link.custom_path')) { $this->errorMessage = 'You are not permitted to use custom paths.'; return; } if (!preg_match("/{$custom_links_regex}/", $custom_path)) { $this->errorMessage = 'The chosen short path is not allowed due to administrative restrictions.'; return; } $shortpath = $custom_path; } else { $linkgen_length = intval($linkgen_length); $shortpath = $dbc->links()->findAvailablePath($linkgen_length, $linkgen_chars); } $conflict = $dbc->links()->checkConflictsStatic($shortpath); $this->allowOverrideWildcards = !!$conflict && self::hasPermission('link.override_wildcards'); if ($conflict) { if ($conflict->type === 'static') { $this->errorMessage = 'Another link with the same path or a conflicting path already exists.'; return; } if ($conflict->type === 'regex' && !$override_wildcards) { $url = self::getURL('links/details', array('link' => $conflict->id))->build(); $this->errorMessage = 'This path would override <a href="' . WebRenderer::escapeAttr($url) . '">a defined wildcard</a>.'; return; } } $entry = $dbc->links()->addLink('static', $shortpath, $target_link, Authorization::user()->id); if (!$entry) { $this->errorMessage = 'An internal error occurred while creating the short URL. Please try again or ask an administrator for help.'; return; } self::redirectTo('links/details', array('link' => $entry->id)); exit; }
private static function initWebRenderer($options) { $renderer = new WebRenderer($options); $renderer->provide('pageURL', function ($path, $params = array()) { return Page::getURL($path, $params)->build(); }); $renderer->provide('theUser', Authorization::user()); $renderer->provide('theNonce', Authorization::getNonce()); return $renderer; }
public function init($params) { self::requireLogin(); $dbc = Application::dbConnection(); $this->settings = $dbc->options()->getOptions(array('allow_name_changes')); $this->userInfo = Authorization::user(); $postData = \tniessen\tinyIt\HttpParams::_POST(); if ($postData && !$postData->isEmpty()) { $this->currentParams = $postData; $this->tryProcessPostData($postData); $this->userInfo = Authorization::user('reload'); } }
public function init($params) { self::requireLogin(); $dbc = Application::dbConnection(); if ($uid = $this->userId) { $this->userInfo = $dbc->users()->getUser($uid); if ($this->userInfo) { if ($this->userId !== Authorization::user()->id) { if (self::hasPermission('session.switch_user')) { $this->canSwitchUser = true; } } if ($this->deleteMode) { self::requireNonce(); $allowed = self::hasPermission('user.delete_accounts'); $allowed |= $uid === Authorization::user()->id && self::hasPermission('user.delete_self'); if ($allowed) { $dbc->links()->removeLinksByUser($uid); if ($dbc->users()->removeUser($uid)) { self::redirectTo('users/list'); exit; } else { $this->errorMessage = 'Internal error while deleting user'; } } else { $this->errorMessage = 'You are not permitted to delete this user account.'; } } else { if (isset($params['setGroup'])) { $newgroup = intval($params['setGroup']); $ok = true; if ($newgroup) { $g = $dbc->groups()->getGroup($newgroup); if (!$g) { $ok = false; $this->errorMessage = 'The selected group was not found.'; } } if ($ok) { $dbc->users()->setGroup($uid, $newgroup); $this->userInfo = $dbc->users()->getUser($uid); } } } if ($this->userInfo->group_id) { $this->groupInfo = $dbc->groups()->getGroup($this->userInfo->group_id); } $this->availableGroups = $dbc->groups()->getGroups(0, 100); } } }
public function init($params) { self::requireLogin(); $dbc = Application::dbConnection(); if ($lid = $this->linkId) { $this->linkInfo = $dbc->links()->getLink($lid); if ($this->linkInfo) { if ($this->editMode) { $allowed = self::hasPermission('link.edit_links'); $allowed |= $this->linkInfo->owner_id === Authorization::user()->id && self::hasPermission('link.edit_own_links'); if ($allowed) { $postData = \tniessen\tinyIt\HttpParams::_POST(); if ($postData && !$postData->isEmpty()) { $this->currentParams = $postData; $this->tryProcessEditPostData($postData); } } else { $this->editMode = false; $this->errorMessage = 'You are not permitted to edit this link.'; } } elseif ($this->deleteMode) { self::requireNonce(); $allowed = self::hasPermission('link.delete_links'); $allowed |= $this->linkInfo->owner_id === Authorization::user()->id && self::hasPermission('link.delete_own_links'); if ($allowed) { if ($dbc->links()->removeLink($lid)) { self::redirectTo('links/list'); exit; } else { $this->errorMessage = 'Internal error while deleting link'; } } else { $this->errorMessage = 'You are not permitted to delete this link.'; } } if ($oid = $this->linkInfo->owner_id) { $this->linkInfo->userInfo = $dbc->users()->getUser($oid); } if ($this->linkInfo->type === 'static') { $this->linkInfo->fullURL = Application::getBaseURL()->build() . $this->linkInfo->path; } } } }
<?php $r->render('dashboard', array('title' => 'Home')); ?> <div class="page-header"> <h1>Welcome <small><?php echo $r->escapeHtml(\tniessen\tinyIt\Security\Authorization::user()->display_name); ?> </small></h1> </div> <div class="jumbotron"> <h1>What do you want to do?</h1> <p>Choose one of these possibilities to begin or use the navigation menu at the top.</p> <ul> <li><a href="<?php echo $r->escapeAttr($pageURL('links/shorten')); ?> ">Shorten a link</a></li> <li><a href="<?php echo $r->escapeAttr($pageURL('links/list')); ?> ">View shortened links</a></li> <li><a href="<?php echo $r->escapeAttr($pageURL('users/list')); ?> ">Manage users</a></li> <li><a href="<?php echo $r->escapeAttr($pageURL('settings/own/account')); ?> ">Change account settings</a></li> </ul>