aboutsummaryrefslogtreecommitdiff
path: root/actions
diff options
context:
space:
mode:
Diffstat (limited to 'actions')
-rw-r--r--actions/admin/delete_admin_notice.php13
-rw-r--r--actions/admin/menu/save.php34
-rw-r--r--actions/admin/plugins/activate.php59
-rw-r--r--actions/admin/plugins/activate_all.php33
-rw-r--r--actions/admin/plugins/deactivate.php53
-rw-r--r--actions/admin/plugins/deactivate_all.php33
-rw-r--r--actions/admin/plugins/set_priority.php39
-rw-r--r--actions/admin/site/flush_cache.php10
-rw-r--r--actions/admin/site/regenerate_secret.php11
-rw-r--r--actions/admin/site/unlock_upgrade.php10
-rw-r--r--actions/admin/site/update_advanced.php98
-rw-r--r--actions/admin/site/update_basic.php27
-rw-r--r--actions/admin/user/ban.php30
-rw-r--r--actions/admin/user/delete.php40
-rw-r--r--actions/admin/user/makeadmin.php27
-rw-r--r--actions/admin/user/removeadmin.php27
-rw-r--r--actions/admin/user/resetpassword.php43
-rw-r--r--actions/admin/user/unban.php27
-rw-r--r--actions/avatar/crop.php72
-rw-r--r--actions/avatar/remove.php36
-rw-r--r--actions/avatar/upload.php62
-rw-r--r--actions/comments/add.php62
-rw-r--r--actions/comments/delete.php18
-rw-r--r--actions/entities/delete.php22
-rw-r--r--actions/friends/add.php35
-rw-r--r--actions/friends/collections/add.php31
-rw-r--r--actions/friends/collections/delete.php23
-rw-r--r--actions/friends/collections/edit.php23
-rw-r--r--actions/friends/remove.php32
-rw-r--r--actions/import/opendd.php22
-rw-r--r--actions/login.php69
-rw-r--r--actions/logout.php18
-rw-r--r--actions/notifications/settings/usersettings/save.php29
-rw-r--r--actions/plugins/settings/save.php43
-rw-r--r--actions/plugins/usersettings/save.php58
-rw-r--r--actions/profile/edit.php116
-rw-r--r--actions/profile/fields/add.php40
-rw-r--r--actions/profile/fields/delete.php28
-rw-r--r--actions/profile/fields/edit.php20
-rw-r--r--actions/profile/fields/reorder.php12
-rw-r--r--actions/profile/fields/reset.php20
-rw-r--r--actions/register.php80
-rw-r--r--actions/river/delete.php21
-rw-r--r--actions/security/refreshtoken.php5
-rw-r--r--actions/tasks/comments/add.php169
-rw-r--r--actions/tasks/delete.php32
-rw-r--r--actions/tasks/edit.php110
-rw-r--r--actions/user/passwordreset.php19
-rw-r--r--actions/user/requestnewpassword.php27
-rw-r--r--actions/user/spotlight.php19
-rw-r--r--actions/useradd.php69
-rw-r--r--actions/usersettings/save.php11
-rw-r--r--actions/widgets/add.php42
-rw-r--r--actions/widgets/delete.php20
-rw-r--r--actions/widgets/move.php24
-rw-r--r--actions/widgets/reorder.php24
-rw-r--r--actions/widgets/save.php44
-rw-r--r--actions/widgets/upgrade.php65
58 files changed, 1975 insertions, 311 deletions
diff --git a/actions/admin/delete_admin_notice.php b/actions/admin/delete_admin_notice.php
new file mode 100644
index 000000000..a9c3b8758
--- /dev/null
+++ b/actions/admin/delete_admin_notice.php
@@ -0,0 +1,13 @@
+<?php
+/**
+ * Removes an admin notice.
+ */
+
+$guid = get_input('guid');
+$notice = get_entity($guid);
+
+if (!(elgg_instanceof($notice, 'object', 'admin_notice') && $notice->delete())) {
+ register_error(elgg_echo("admin:notices:could_not_delete"));
+}
+
+forward(REFERER); \ No newline at end of file
diff --git a/actions/admin/menu/save.php b/actions/admin/menu/save.php
new file mode 100644
index 000000000..66ce71082
--- /dev/null
+++ b/actions/admin/menu/save.php
@@ -0,0 +1,34 @@
+<?php
+/**
+ * Save menu items.
+ *
+ * @package Elgg
+ * @subpackage Core
+ */
+
+// featured menu items
+$featured_names = get_input('featured_menu_names', array());
+$featured_names = array_unique($featured_names);
+if (in_array(' ', $featured_names)) {
+ unset($featured_names[array_search(' ', $featured_names)]);
+}
+elgg_save_config('site_featured_menu_names', $featured_names);
+
+// custom menu items
+$custom_menu_titles = get_input('custom_menu_titles', array());
+$custom_menu_urls = get_input('custom_menu_urls', array());
+$num_menu_items = count($custom_menu_titles);
+$custom_menu_items = array();
+for ($i = 0; $i < $num_menu_items; $i++) {
+ if (trim($custom_menu_urls[$i]) && trim($custom_menu_titles[$i])) {
+ $url = $custom_menu_urls[$i];
+ $title = $custom_menu_titles[$i];
+ $custom_menu_items[$title] = $url;
+ }
+}
+elgg_save_config('site_custom_menu_items', $custom_menu_items);
+
+
+system_message(elgg_echo('admin:menu_items:saved'));
+
+forward(REFERER);
diff --git a/actions/admin/plugins/activate.php b/actions/admin/plugins/activate.php
new file mode 100644
index 000000000..5234a4ca5
--- /dev/null
+++ b/actions/admin/plugins/activate.php
@@ -0,0 +1,59 @@
+<?php
+/**
+ * Activate a plugin or plugins.
+ *
+ * Plugins to be activated are passed via $_REQUEST['plugin_guids'] as GUIDs.
+ * After activating the plugin(s), the views cache and simplecache are invalidated.
+ *
+ * @uses mixed $_GET['plugin_guids'] The GUIDs of the plugin to activate. Can be an array.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.Plugins
+ */
+
+$plugin_guids = get_input('plugin_guids');
+
+if (!is_array($plugin_guids)) {
+ $plugin_guids = array($plugin_guids);
+}
+
+$activated_guids = array();
+foreach ($plugin_guids as $guid) {
+ $plugin = get_entity($guid);
+
+ if (!($plugin instanceof ElggPlugin)) {
+ register_error(elgg_echo('admin:plugins:activate:no', array($guid)));
+ continue;
+ }
+
+ if ($plugin->activate()) {
+ $activated_guids[] = $guid;
+ } else {
+ $msg = $plugin->getError();
+ $string = ($msg) ? 'admin:plugins:activate:no_with_msg' : 'admin:plugins:activate:no';
+ register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError())));
+ }
+}
+
+// don't regenerate the simplecache because the plugin won't be
+// loaded until next run. Just invalidate and let it regenerate as needed
+elgg_invalidate_simplecache();
+elgg_reset_system_cache();
+
+if (count($activated_guids) === 1) {
+ $url = 'admin/plugins';
+ $query = (string)parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY);
+ if ($query) {
+ $url .= "?$query";
+ }
+ $plugin = get_entity($plugin_guids[0]);
+ $id = $css_id = preg_replace('/[^a-z0-9-]/i', '-', $plugin->getID());
+ forward("$url#$id");
+} else {
+ // forward to top of page with a failure so remove any #foo
+ $url = $_SERVER['HTTP_REFERER'];
+ if (strpos($url, '#')) {
+ $url = substr(0, strpos($url, '#'));
+ }
+ forward($url);
+} \ No newline at end of file
diff --git a/actions/admin/plugins/activate_all.php b/actions/admin/plugins/activate_all.php
new file mode 100644
index 000000000..4514ccbdf
--- /dev/null
+++ b/actions/admin/plugins/activate_all.php
@@ -0,0 +1,33 @@
+<?php
+/**
+ * Activates all specified installed and inactive plugins.
+ *
+ * All specified plugins in the mod/ directory are that aren't active are activated and the views
+ * cache and simplecache are invalidated.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.Plugins
+ */
+
+$guids = get_input('guids');
+$guids = explode(',', $guids);
+
+foreach ($guids as $guid) {
+ $plugin = get_entity($guid);
+ if (!$plugin->isActive()) {
+ if ($plugin->activate()) {
+ //system_message(elgg_echo('admin:plugins:activate:yes', array($plugin->getManifest()->getName())));
+ } else {
+ $msg = $plugin->getError();
+ $string = ($msg) ? 'admin:plugins:activate:no_with_msg' : 'admin:plugins:activate:no';
+ register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError())));
+ }
+ }
+}
+
+// don't regenerate the simplecache because the plugin won't be
+// loaded until next run. Just invalidate and let it regnerate as needed
+elgg_invalidate_simplecache();
+elgg_reset_system_cache();
+
+forward(REFERER); \ No newline at end of file
diff --git a/actions/admin/plugins/deactivate.php b/actions/admin/plugins/deactivate.php
new file mode 100644
index 000000000..354f4717d
--- /dev/null
+++ b/actions/admin/plugins/deactivate.php
@@ -0,0 +1,53 @@
+<?php
+/**
+ * Deactivate a plugin or plugins.
+ *
+ * Plugins to be deactivated are passed via $_REQUEST['plugin_guids'] as GUIDs.
+ * After deactivating the plugin(s), the views cache and simplecache are invalidated.
+ *
+ * @uses mixed $_GET['plugin_guids'] The GUIDs of the plugin to deactivate. Can be an array.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.Plugins
+ */
+
+$plugin_guids = get_input('plugin_guids');
+
+if (!is_array($plugin_guids)) {
+ $plugin_guids = array($plugin_guids);
+}
+
+foreach ($plugin_guids as $guid) {
+ $plugin = get_entity($guid);
+
+ if (!($plugin instanceof ElggPlugin)) {
+ register_error(elgg_echo('admin:plugins:deactivate:no', array($guid)));
+ continue;
+ }
+
+ if ($plugin->deactivate()) {
+ //system_message(elgg_echo('admin:plugins:deactivate:yes', array($plugin->getManifest()->getName())));
+ } else {
+ $msg = $plugin->getError();
+ $string = ($msg) ? 'admin:plugins:deactivate:no_with_msg' : 'admin:plugins:deactivate:no';
+ register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError())));
+ }
+}
+
+// don't regenerate the simplecache because the plugin won't be
+// loaded until next run. Just invalidate and let it regnerate as needed
+elgg_invalidate_simplecache();
+elgg_reset_system_cache();
+
+if (count($plugin_guids) == 1) {
+ $url = 'admin/plugins';
+ $query = (string)parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY);
+ if ($query) {
+ $url .= "?$query";
+ }
+ $plugin = get_entity($plugin_guids[0]);
+ $id = preg_replace('/[^a-z0-9-]/i', '-', $plugin->getID());
+ forward("$url#$id");
+} else {
+ forward(REFERER);
+}
diff --git a/actions/admin/plugins/deactivate_all.php b/actions/admin/plugins/deactivate_all.php
new file mode 100644
index 000000000..8b347a633
--- /dev/null
+++ b/actions/admin/plugins/deactivate_all.php
@@ -0,0 +1,33 @@
+<?php
+/**
+ * Disable all specified installed plugins.
+ *
+ * Specified plugins in the mod/ directory are disabled and the views cache and simplecache
+ * are reset.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.Plugins
+ */
+
+$guids = get_input('guids');
+$guids = explode(',', $guids);
+
+foreach ($guids as $guid) {
+ $plugin = get_entity($guid);
+ if ($plugin->isActive()) {
+ if ($plugin->deactivate()) {
+ //system_message(elgg_echo('admin:plugins:activate:yes', array($plugin->getManifest()->getName())));
+ } else {
+ $msg = $plugin->getError();
+ $string = ($msg) ? 'admin:plugins:deactivate:no_with_msg' : 'admin:plugins:deactivate:no';
+ register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError())));
+ }
+ }
+}
+
+// don't regenerate the simplecache because the plugin won't be
+// loaded until next run. Just invalidate and let it regnerate as needed
+elgg_invalidate_simplecache();
+elgg_reset_system_cache();
+
+forward(REFERER);
diff --git a/actions/admin/plugins/set_priority.php b/actions/admin/plugins/set_priority.php
new file mode 100644
index 000000000..edd735371
--- /dev/null
+++ b/actions/admin/plugins/set_priority.php
@@ -0,0 +1,39 @@
+<?php
+/**
+ * Changes the load priority of a plugin.
+ *
+ * Plugin priority affects view, action, and page handler
+ * overriding as well as the order of view extensions. Plugins with higher
+ * priority are loaded after and override plugins with lower priorities.
+ *
+ * NOTE: When viewing the plugin admin page, plugins LOWER on the page
+ * have HIGHER priority and will override views, etc from plugins above them.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.Plugins
+ */
+
+$plugin_guid = get_input('plugin_guid');
+$priority = get_input('priority');
+
+$plugin = get_entity($plugin_guid);
+
+if (!($plugin instanceof ElggPlugin)) {
+ register_error(elgg_echo('admin:plugins:set_priority:no', array($plugin_guid)));
+ forward(REFERER);
+}
+
+if ($plugin->setPriority($priority)) {
+ //system_message(elgg_echo('admin:plugins:set_priority:yes', array($plugin->getManifest()->getName())));
+} else {
+ $msg = $plugin->getError();
+ $string = ($msg) ? 'admin:plugins:set_priority:no_with_msg' : 'admin:plugins:set_priority:no';
+ register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError())));
+}
+
+// don't regenerate the simplecache because the plugin won't be
+// loaded until next run. Just invalidate and let it regnerate as needed
+elgg_invalidate_simplecache();
+elgg_reset_system_cache();
+
+forward(REFERER); \ No newline at end of file
diff --git a/actions/admin/site/flush_cache.php b/actions/admin/site/flush_cache.php
new file mode 100644
index 000000000..ebb8296c7
--- /dev/null
+++ b/actions/admin/site/flush_cache.php
@@ -0,0 +1,10 @@
+<?php
+/**
+ * Flush all the caches
+ */
+
+elgg_invalidate_simplecache();
+elgg_reset_system_cache();
+
+system_message(elgg_echo('admin:cache:flushed'));
+forward(REFERER); \ No newline at end of file
diff --git a/actions/admin/site/regenerate_secret.php b/actions/admin/site/regenerate_secret.php
new file mode 100644
index 000000000..3112fb5f3
--- /dev/null
+++ b/actions/admin/site/regenerate_secret.php
@@ -0,0 +1,11 @@
+<?php
+/**
+ * Generate a new site secret
+ */
+
+init_site_secret();
+elgg_reset_system_cache();
+
+system_message(elgg_echo('admin:site:secret_regenerated'));
+
+forward(REFERER);
diff --git a/actions/admin/site/unlock_upgrade.php b/actions/admin/site/unlock_upgrade.php
new file mode 100644
index 000000000..b625b1d26
--- /dev/null
+++ b/actions/admin/site/unlock_upgrade.php
@@ -0,0 +1,10 @@
+<?php
+/**
+ * Unlocks the upgrade script
+ */
+
+if (_elgg_upgrade_is_locked()) {
+ _elgg_upgrade_unlock();
+}
+system_message(elgg_echo('upgrade:unlock:success'));
+forward(REFERER);
diff --git a/actions/admin/site/update_advanced.php b/actions/admin/site/update_advanced.php
new file mode 100644
index 000000000..4888b0a8d
--- /dev/null
+++ b/actions/admin/site/update_advanced.php
@@ -0,0 +1,98 @@
+<?php
+/**
+ * Updates the advanced settings for the primary site object.
+ *
+ * Options are saved among metadata on the site object, entries
+ * in the datalist table, and entries in the config table.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.Site
+ */
+
+if ($site = elgg_get_site_entity()) {
+ if (!($site instanceof ElggSite)) {
+ throw new InstallationException(elgg_echo('InvalidParameterException:NonElggSite'));
+ }
+
+ $site->url = rtrim(get_input('wwwroot', '', false), '/') . '/';
+
+ datalist_set('path', sanitise_filepath(get_input('path', '', false)));
+ $dataroot = sanitise_filepath(get_input('dataroot', '', false));
+
+ // check for relative paths
+ if (stripos(PHP_OS, 'win') === 0) {
+ if (strpos($dataroot, ':') !== 1) {
+ $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot));
+ register_error($msg);
+ forward(REFERER);
+ }
+ } else {
+ if (strpos($dataroot, '/') !== 0) {
+ $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot));
+ register_error($msg);
+ forward(REFERER);
+ }
+ }
+
+ datalist_set('dataroot', $dataroot);
+
+ if (get_input('simplecache_enabled')) {
+ elgg_enable_simplecache();
+ } else {
+ elgg_disable_simplecache();
+ }
+
+ if (get_input('system_cache_enabled')) {
+ elgg_enable_system_cache();
+ } else {
+ elgg_disable_system_cache();
+ }
+
+ set_config('default_access', get_input('default_access', ACCESS_PRIVATE), $site->getGUID());
+
+ $user_default_access = (get_input('allow_user_default_access')) ? 1 : 0;
+ set_config('allow_user_default_access', $user_default_access, $site->getGUID());
+
+ $debug = get_input('debug');
+ if ($debug) {
+ set_config('debug', $debug, $site->getGUID());
+ } else {
+ unset_config('debug', $site->getGUID());
+ }
+
+ // allow new user registration?
+ if (get_input('allow_registration', FALSE)) {
+ set_config('allow_registration', TRUE, $site->getGUID());
+ } else {
+ set_config('allow_registration', FALSE, $site->getGUID());
+ }
+
+ // setup walled garden
+ if (get_input('walled_garden', FALSE)) {
+ set_config('walled_garden', TRUE, $site->getGUID());
+ } else {
+ set_config('walled_garden', FALSE, $site->getGUID());
+ }
+
+ $https_login = get_input('https_login');
+ if ($https_login) {
+ set_config('https_login', 1, $site->getGUID());
+ } else {
+ unset_config('https_login', $site->getGUID());
+ }
+
+ $api = get_input('api');
+ if ($api) {
+ unset_config('disable_api', $site->getGUID());
+ } else {
+ set_config('disable_api', 'disabled', $site->getGUID());
+ }
+
+ if ($site->save()) {
+ system_message(elgg_echo("admin:configuration:success"));
+ } else {
+ register_error(elgg_echo("admin:configuration:fail"));
+ }
+
+ forward(REFERER);
+} \ No newline at end of file
diff --git a/actions/admin/site/update_basic.php b/actions/admin/site/update_basic.php
new file mode 100644
index 000000000..9765182cc
--- /dev/null
+++ b/actions/admin/site/update_basic.php
@@ -0,0 +1,27 @@
+<?php
+/**
+ * Updates the basic settings for the primary site object.
+ *
+ * Basic site settings are saved as metadata on the site object,
+ * with the exception of the default language, which is saved in
+ * the config table.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.Site
+ */
+
+if ($site = elgg_get_site_entity()) {
+ if (!($site instanceof ElggSite)) {
+ throw new InstallationException(elgg_echo('InvalidParameterException:NonElggSite'));
+ }
+
+ $site->description = get_input('sitedescription');
+ $site->name = strip_tags(get_input('sitename'));
+ $site->email = get_input('siteemail');
+ $site->save();
+
+ set_config('language', get_input('language'), $site->getGUID());
+}
+
+system_message(elgg_echo('admin:configuration:success'));
+forward(REFERER); \ No newline at end of file
diff --git a/actions/admin/user/ban.php b/actions/admin/user/ban.php
new file mode 100644
index 000000000..209ece2a0
--- /dev/null
+++ b/actions/admin/user/ban.php
@@ -0,0 +1,30 @@
+<?php
+/**
+ * Bans a user.
+ *
+ * User entities are banned by setting the 'banned' column
+ * to 'yes' in the users_entity table.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
+ */
+
+$guid = get_input('guid');
+$user = get_entity($guid);
+
+if ($guid == elgg_get_logged_in_user_guid()) {
+ register_error(elgg_echo('admin:user:self:ban:no'));
+ forward(REFERER);
+}
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ if ($user->ban('banned')) {
+ system_message(elgg_echo('admin:user:ban:yes'));
+ } else {
+ register_error(elgg_echo('admin:user:ban:no'));
+ }
+} else {
+ register_error(elgg_echo('admin:user:ban:no'));
+}
+
+forward(REFERER); \ No newline at end of file
diff --git a/actions/admin/user/delete.php b/actions/admin/user/delete.php
new file mode 100644
index 000000000..7cfbd0925
--- /dev/null
+++ b/actions/admin/user/delete.php
@@ -0,0 +1,40 @@
+<?php
+/**
+ * Delete a user.
+ *
+ * The user will be deleted recursively, meaning all entities
+ * owned or contained by the user will also be removed.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
+ */
+
+// Get the user
+$guid = get_input('guid');
+$user = get_entity($guid);
+
+if ($guid == elgg_get_logged_in_user_guid()) {
+ register_error(elgg_echo('admin:user:self:delete:no'));
+ forward(REFERER);
+}
+
+$name = $user->name;
+$username = $user->username;
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ if ($user->delete()) {
+ system_message(elgg_echo('admin:user:delete:yes', array($name)));
+ } else {
+ register_error(elgg_echo('admin:user:delete:no'));
+ }
+} else {
+ register_error(elgg_echo('admin:user:delete:no'));
+}
+
+// forward to user administration if on a user's page as it no longer exists
+$forward = REFERER;
+if (strpos($_SERVER['HTTP_REFERER'], $username) != FALSE) {
+ $forward = "admin/users/newest";
+}
+
+forward($forward);
diff --git a/actions/admin/user/makeadmin.php b/actions/admin/user/makeadmin.php
new file mode 100644
index 000000000..54b0b7070
--- /dev/null
+++ b/actions/admin/user/makeadmin.php
@@ -0,0 +1,27 @@
+<?php
+/**
+ * Grants admin privileges to a user.
+ *
+ * In >=1.7.1, admin is flagged by setting the admin
+ * column in the users_entity table.
+ *
+ * In <1.7.1, admin is a piece of metadata on the user object.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
+ */
+
+$guid = get_input('guid');
+$user = get_entity($guid);
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ if ($user->makeAdmin()) {
+ system_message(elgg_echo('admin:user:makeadmin:yes'));
+ } else {
+ register_error(elgg_echo('admin:user:makeadmin:no'));
+ }
+} else {
+ register_error(elgg_echo('admin:user:makeadmin:no'));
+}
+
+forward(REFERER);
diff --git a/actions/admin/user/removeadmin.php b/actions/admin/user/removeadmin.php
new file mode 100644
index 000000000..8cebc7078
--- /dev/null
+++ b/actions/admin/user/removeadmin.php
@@ -0,0 +1,27 @@
+<?php
+/**
+ * Revokes admin privileges from a user.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
+ */
+
+$guid = get_input('guid');
+$user = get_entity($guid);
+
+if ($guid == elgg_get_logged_in_user_guid()) {
+ register_error(elgg_echo('admin:user:self:removeadmin:no'));
+ forward(REFERER);
+}
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ if ($user->removeAdmin()) {
+ system_message(elgg_echo('admin:user:removeadmin:yes'));
+ } else {
+ register_error(elgg_echo('admin:user:removeadmin:no'));
+ }
+} else {
+ register_error(elgg_echo('admin:user:removeadmin:no'));
+}
+
+forward(REFERER);
diff --git a/actions/admin/user/resetpassword.php b/actions/admin/user/resetpassword.php
new file mode 100644
index 000000000..d019a7f55
--- /dev/null
+++ b/actions/admin/user/resetpassword.php
@@ -0,0 +1,43 @@
+<?php
+/**
+ * Reset a user's password.
+ *
+ * This is an admin action that generates a new salt and password
+ * for a user, then emails the password to the user's registered
+ * email address.
+ *
+ * NOTE: This is different to the "reset password" link users
+ * can use in that it does not first email the user asking if
+ * they want to have their password reset.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
+ */
+
+$guid = get_input('guid');
+$user = get_entity($guid);
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ $password = generate_random_cleartext_password();
+
+ // Always reset the salt before generating the user password.
+ $user->salt = generate_random_cleartext_password();
+ $user->password = generate_user_password($user, $password);
+
+ if ($user->save()) {
+ system_message(elgg_echo('admin:user:resetpassword:yes'));
+
+ notify_user($user->guid,
+ elgg_get_site_entity()->guid,
+ elgg_echo('email:resetpassword:subject'),
+ elgg_echo('email:resetpassword:body', array($user->username, $password)),
+ NULL,
+ 'email');
+ } else {
+ register_error(elgg_echo('admin:user:resetpassword:no'));
+ }
+} else {
+ register_error(elgg_echo('admin:user:resetpassword:no'));
+}
+
+forward(REFERER); \ No newline at end of file
diff --git a/actions/admin/user/unban.php b/actions/admin/user/unban.php
new file mode 100644
index 000000000..7a772a0d3
--- /dev/null
+++ b/actions/admin/user/unban.php
@@ -0,0 +1,27 @@
+<?php
+/**
+ * Unbans a user.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
+ */
+
+$access_status = access_get_show_hidden_status();
+access_show_hidden_entities(true);
+
+$guid = get_input('guid');
+$user = get_entity($guid);
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ if ($user->unban()) {
+ system_message(elgg_echo('admin:user:unban:yes'));
+ } else {
+ register_error(elgg_echo('admin:user:unban:no'));
+ }
+} else {
+ register_error(elgg_echo('admin:user:unban:no'));
+}
+
+access_show_hidden_entities($access_status);
+
+forward(REFERER);
diff --git a/actions/avatar/crop.php b/actions/avatar/crop.php
new file mode 100644
index 000000000..b9a80f331
--- /dev/null
+++ b/actions/avatar/crop.php
@@ -0,0 +1,72 @@
+<?php
+/**
+ * Avatar crop action
+ *
+ */
+
+$guid = get_input('guid');
+$owner = get_entity($guid);
+
+if (!$owner || !($owner instanceof ElggUser) || !$owner->canEdit()) {
+ register_error(elgg_echo('avatar:crop:fail'));
+ forward(REFERER);
+}
+
+$x1 = (int) get_input('x1', 0);
+$y1 = (int) get_input('y1', 0);
+$x2 = (int) get_input('x2', 0);
+$y2 = (int) get_input('y2', 0);
+
+$filehandler = new ElggFile();
+$filehandler->owner_guid = $owner->getGUID();
+$filehandler->setFilename("profile/" . $owner->guid . "master" . ".jpg");
+$filename = $filehandler->getFilenameOnFilestore();
+
+// ensuring the avatar image exists in the first place
+if (!file_exists($filename)) {
+ register_error(elgg_echo('avatar:crop:fail'));
+ forward(REFERER);
+}
+
+$icon_sizes = elgg_get_config('icon_sizes');
+unset($icon_sizes['master']);
+
+// get the images and save their file handlers into an array
+// so we can do clean up if one fails.
+$files = array();
+foreach ($icon_sizes as $name => $size_info) {
+ $resized = get_resized_image_from_existing_file($filename, $size_info['w'], $size_info['h'], $size_info['square'], $x1, $y1, $x2, $y2, $size_info['upscale']);
+
+ if ($resized) {
+ //@todo Make these actual entities. See exts #348.
+ $file = new ElggFile();
+ $file->owner_guid = $guid;
+ $file->setFilename("profile/{$guid}{$name}.jpg");
+ $file->open('write');
+ $file->write($resized);
+ $file->close();
+ $files[] = $file;
+ } else {
+ // cleanup on fail
+ foreach ($files as $file) {
+ $file->delete();
+ }
+
+ register_error(elgg_echo('avatar:resize:fail'));
+ forward(REFERER);
+ }
+}
+
+$owner->icontime = time();
+
+$owner->x1 = $x1;
+$owner->x2 = $x2;
+$owner->y1 = $y1;
+$owner->y2 = $y2;
+
+system_message(elgg_echo('avatar:crop:success'));
+$view = 'river/user/default/profileiconupdate';
+elgg_delete_river(array('subject_guid' => $owner->guid, 'view' => $view));
+add_to_river($view, 'update', $owner->guid, $owner->guid);
+
+forward(REFERER);
diff --git a/actions/avatar/remove.php b/actions/avatar/remove.php
new file mode 100644
index 000000000..9cb40a760
--- /dev/null
+++ b/actions/avatar/remove.php
@@ -0,0 +1,36 @@
+<?php
+/**
+ * Avatar remove action
+ */
+
+$user_guid = get_input('guid');
+$user = get_user($user_guid);
+
+if (!$user || !$user->canEdit()) {
+ register_error(elgg_echo('avatar:remove:fail'));
+ forward(REFERER);
+}
+
+// Delete all icons from diskspace
+$icon_sizes = elgg_get_config('icon_sizes');
+foreach ($icon_sizes as $name => $size_info) {
+ $file = new ElggFile();
+ $file->owner_guid = $user_guid;
+ $file->setFilename("profile/{$user_guid}{$name}.jpg");
+ $filepath = $file->getFilenameOnFilestore();
+ if (!$file->delete()) {
+ elgg_log("Avatar file remove failed. Remove $filepath manually, please.", 'WARNING');
+ }
+}
+
+// Remove crop coords
+unset($user->x1);
+unset($user->x2);
+unset($user->y1);
+unset($user->y2);
+
+// Remove icon
+unset($user->icontime);
+
+system_message(elgg_echo('avatar:remove:success'));
+forward(REFERER);
diff --git a/actions/avatar/upload.php b/actions/avatar/upload.php
new file mode 100644
index 000000000..0752615e0
--- /dev/null
+++ b/actions/avatar/upload.php
@@ -0,0 +1,62 @@
+<?php
+/**
+ * Avatar upload action
+ */
+
+$guid = get_input('guid');
+$owner = get_entity($guid);
+
+if (!$owner || !($owner instanceof ElggUser) || !$owner->canEdit()) {
+ register_error(elgg_echo('avatar:upload:fail'));
+ forward(REFERER);
+}
+
+if ($_FILES['avatar']['error'] != 0) {
+ register_error(elgg_echo('avatar:upload:fail'));
+ forward(REFERER);
+}
+
+$icon_sizes = elgg_get_config('icon_sizes');
+
+// get the images and save their file handlers into an array
+// so we can do clean up if one fails.
+$files = array();
+foreach ($icon_sizes as $name => $size_info) {
+ $resized = get_resized_image_from_uploaded_file('avatar', $size_info['w'], $size_info['h'], $size_info['square'], $size_info['upscale']);
+
+ if ($resized) {
+ //@todo Make these actual entities. See exts #348.
+ $file = new ElggFile();
+ $file->owner_guid = $guid;
+ $file->setFilename("profile/{$guid}{$name}.jpg");
+ $file->open('write');
+ $file->write($resized);
+ $file->close();
+ $files[] = $file;
+ } else {
+ // cleanup on fail
+ foreach ($files as $file) {
+ $file->delete();
+ }
+
+ register_error(elgg_echo('avatar:resize:fail'));
+ forward(REFERER);
+ }
+}
+
+// reset crop coordinates
+$owner->x1 = 0;
+$owner->x2 = 0;
+$owner->y1 = 0;
+$owner->y2 = 0;
+
+$owner->icontime = time();
+if (elgg_trigger_event('profileiconupdate', $owner->type, $owner)) {
+ system_message(elgg_echo("avatar:upload:success"));
+
+ $view = 'river/user/default/profileiconupdate';
+ elgg_delete_river(array('subject_guid' => $owner->guid, 'view' => $view));
+ add_to_river($view, 'update', $owner->guid, $owner->guid);
+}
+
+forward(REFERER);
diff --git a/actions/comments/add.php b/actions/comments/add.php
new file mode 100644
index 000000000..5bd741413
--- /dev/null
+++ b/actions/comments/add.php
@@ -0,0 +1,62 @@
+<?php
+/**
+ * Elgg add comment action
+ *
+ * @package Elgg.Core
+ * @subpackage Comments
+ */
+
+$entity_guid = (int) get_input('entity_guid');
+$comment_text = get_input('generic_comment');
+
+if (empty($comment_text)) {
+ register_error(elgg_echo("generic_comment:blank"));
+ forward(REFERER);
+}
+
+// Let's see if we can get an entity with the specified GUID
+$entity = get_entity($entity_guid);
+if (!$entity) {
+ register_error(elgg_echo("generic_comment:notfound"));
+ forward(REFERER);
+}
+
+$user = elgg_get_logged_in_user_entity();
+
+$annotation = create_annotation($entity->guid,
+ 'generic_comment',
+ $comment_text,
+ "",
+ $user->guid,
+ $entity->access_id);
+
+// tell user annotation posted
+if (!$annotation) {
+ register_error(elgg_echo("generic_comment:failure"));
+ forward(REFERER);
+}
+
+// notify if poster wasn't owner
+if ($entity->owner_guid != $user->guid) {
+
+ notify_user($entity->owner_guid,
+ $user->guid,
+ elgg_echo('generic_comment:email:subject'),
+ elgg_echo('generic_comment:email:body', array(
+ $entity->title,
+ $user->name,
+ $comment_text,
+ $entity->getURL(),
+ $user->name,
+ $user->getURL()
+ ))
+ );
+}
+
+system_message(elgg_echo("generic_comment:posted"));
+
+//add to river
+add_to_river('river/annotation/generic_comment/create', 'comment', $user->guid, $entity->guid, "", 0, $annotation);
+
+// Forward to the page the action occurred on
+forward(REFERER);
diff --git a/actions/comments/delete.php b/actions/comments/delete.php
new file mode 100644
index 000000000..c6b481da4
--- /dev/null
+++ b/actions/comments/delete.php
@@ -0,0 +1,18 @@
+<?php
+/**
+ * Elgg delete comment action
+ *
+ * @package Elgg
+ */
+
+// Make sure we can get the comment in question
+$annotation_id = (int) get_input('annotation_id');
+$comment = elgg_get_annotation_from_id($annotation_id);
+if ($comment && $comment->canEdit()) {
+ $comment->delete();
+ system_message(elgg_echo("generic_comment:deleted"));
+} else {
+ register_error(elgg_echo("generic_comment:notdeleted"));
+}
+
+forward(REFERER); \ No newline at end of file
diff --git a/actions/entities/delete.php b/actions/entities/delete.php
new file mode 100644
index 000000000..251e1f01c
--- /dev/null
+++ b/actions/entities/delete.php
@@ -0,0 +1,22 @@
+<?php
+/**
+ * Default entity delete action
+ *
+ * @package Elgg
+ * @subpackage Core
+ */
+
+$guid = get_input('guid');
+$entity = get_entity($guid);
+
+if (($entity) && ($entity->canEdit())) {
+ if ($entity->delete()) {
+ system_message(elgg_echo('entity:delete:success', array($guid)));
+ } else {
+ register_error(elgg_echo('entity:delete:fail', array($guid)));
+ }
+} else {
+ register_error(elgg_echo('entity:delete:fail', array($guid)));
+}
+
+forward(REFERER);
diff --git a/actions/friends/add.php b/actions/friends/add.php
new file mode 100644
index 000000000..d1800ee14
--- /dev/null
+++ b/actions/friends/add.php
@@ -0,0 +1,35 @@
+<?php
+/**
+ * Elgg add friend action
+ *
+ * @package Elgg.Core
+ * @subpackage Friends.Management
+ */
+
+// Get the GUID of the user to friend
+$friend_guid = get_input('friend');
+$friend = get_entity($friend_guid);
+if (!$friend) {
+ register_error(elgg_echo('error:missing_data'));
+ forward(REFERER);
+}
+
+$errors = false;
+
+// Get the user
+try {
+ if (!elgg_get_logged_in_user_entity()->addFriend($friend_guid)) {
+ $errors = true;
+ }
+} catch (Exception $e) {
+ register_error(elgg_echo("friends:add:failure", array($friend->name)));
+ $errors = true;
+}
+if (!$errors) {
+ // add to river
+ add_to_river('river/relationship/friend/create', 'friend', elgg_get_logged_in_user_guid(), $friend_guid);
+ system_message(elgg_echo("friends:add:successful", array($friend->name)));
+}
+
+// Forward back to the page you friended the user on
+forward(REFERER);
diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php
new file mode 100644
index 000000000..e63a149f7
--- /dev/null
+++ b/actions/friends/collections/add.php
@@ -0,0 +1,31 @@
+<?php
+/**
+ * Elgg collection add page
+ *
+ * @package Elgg.Core
+ * @subpackage Friends.Collections
+ */
+
+$collection_name = htmlspecialchars(get_input('collection_name', '', false), ENT_QUOTES, 'UTF-8');
+$friends = get_input('friends_collection');
+
+if (!$collection_name) {
+ register_error(elgg_echo("friends:nocollectionname"));
+ forward(REFERER);
+}
+
+$id = create_access_collection($collection_name);
+
+if ($id) {
+ $result = update_access_collection($id, $friends);
+ if ($result) {
+ system_message(elgg_echo("friends:collectionadded"));
+ forward("collections/" . elgg_get_logged_in_user_entity()->username);
+ } else {
+ register_error(elgg_echo("friends:nocollectionname"));
+ forward(REFERER);
+ }
+} else {
+ register_error(elgg_echo("friends:nocollectionname"));
+ forward(REFERER);
+} \ No newline at end of file
diff --git a/actions/friends/collections/delete.php b/actions/friends/collections/delete.php
new file mode 100644
index 000000000..ff8f1fb55
--- /dev/null
+++ b/actions/friends/collections/delete.php
@@ -0,0 +1,23 @@
+<?php
+/**
+ * Elgg friends: delete collection action
+ *
+ * @package Elgg.Core
+ * @subpackage Friends.Collections
+ */
+
+$collection_id = (int) get_input('collection');
+
+// check the ACL exists and we can edit
+if (!can_edit_access_collection($collection_id)) {
+ register_error(elgg_echo("friends:collectiondeletefailed"));
+ forward(REFERER);
+}
+
+if (delete_access_collection($collection_id)) {
+ system_message(elgg_echo("friends:collectiondeleted"));
+} else {
+ register_error(elgg_echo("friends:collectiondeletefailed"));
+}
+
+forward(REFERER);
diff --git a/actions/friends/collections/edit.php b/actions/friends/collections/edit.php
new file mode 100644
index 000000000..9eb5e1eab
--- /dev/null
+++ b/actions/friends/collections/edit.php
@@ -0,0 +1,23 @@
+<?php
+/**
+ * Friends collection edit action
+ *
+ * @package Elgg.Core
+ * @subpackage Friends.Collections
+ */
+
+$collection_id = get_input('collection_id');
+$friends = get_input('friend');
+
+// check it exists and we can edit
+if (!can_edit_access_collection($collection_id)) {
+ system_message(elgg_echo('friends:collection:edit_failed'));
+}
+
+if (update_access_collection($collection_id, $friends)) {
+ system_message(elgg_echo('friends:collections:edited'));
+} else {
+ system_message(elgg_echo('friends:collection:edit_failed'));
+}
+
+forward(REFERER); \ No newline at end of file
diff --git a/actions/friends/remove.php b/actions/friends/remove.php
new file mode 100644
index 000000000..d69d18f31
--- /dev/null
+++ b/actions/friends/remove.php
@@ -0,0 +1,32 @@
+<?php
+/**
+ * Elgg remove friend action
+ *
+ * @package Elgg.Core
+ * @subpackage Friends.Management
+ */
+
+// Get the GUID of the user to friend
+$friend_guid = get_input('friend');
+$friend = get_entity($friend_guid);
+$errors = false;
+
+// Get the user
+try{
+ if ($friend instanceof ElggUser) {
+ elgg_get_logged_in_user_entity()->removeFriend($friend_guid);
+ } else {
+ register_error(elgg_echo("friends:remove:failure", array($friend->name)));
+ $errors = true;
+ }
+} catch (Exception $e) {
+ register_error(elgg_echo("friends:remove:failure", array($friend->name)));
+ $errors = true;
+}
+
+if (!$errors) {
+ system_message(elgg_echo("friends:remove:successful", array($friend->name)));
+}
+
+// Forward back to the page you made the friend on
+forward(REFERER);
diff --git a/actions/import/opendd.php b/actions/import/opendd.php
new file mode 100644
index 000000000..e63607145
--- /dev/null
+++ b/actions/import/opendd.php
@@ -0,0 +1,22 @@
+<?php
+/**
+ * Elgg OpenDD import action.
+ *
+ * This action accepts data to import (in OpenDD format) and performs and import. It accepts
+ * data as $data.
+ *
+ * @package Elgg
+ * @subpackage Core
+ */
+
+$data = get_input('data', '', false);
+
+$return = import($data);
+
+if ($return) {
+ system_message(elgg_echo('importsuccess'));
+} else {
+ register_error(elgg_echo('importfail'));
+}
+
+forward(REFERER);
diff --git a/actions/login.php b/actions/login.php
new file mode 100644
index 000000000..bd7f91299
--- /dev/null
+++ b/actions/login.php
@@ -0,0 +1,69 @@
+<?php
+/**
+ * Elgg login action
+ *
+ * @package Elgg.Core
+ * @subpackage User.Authentication
+ */
+
+// set forward url
+if (!empty($_SESSION['last_forward_from'])) {
+ $forward_url = $_SESSION['last_forward_from'];
+} elseif (get_input('returntoreferer')) {
+ $forward_url = REFERER;
+} else {
+ // forward to main index page
+ $forward_url = '';
+}
+
+$username = get_input('username');
+$password = get_input('password', null, false);
+$persistent = (bool) get_input("persistent");
+$result = false;
+
+if (empty($username) || empty($password)) {
+ register_error(elgg_echo('login:empty'));
+ forward();
+}
+
+// check if logging in with email address
+if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) {
+ $username = $users[0]->username;
+}
+
+$result = elgg_authenticate($username, $password);
+if ($result !== true) {
+ register_error($result);
+ forward(REFERER);
+}
+
+$user = get_user_by_username($username);
+if (!$user) {
+ register_error(elgg_echo('login:baduser'));
+ forward(REFERER);
+}
+
+try {
+ login($user, $persistent);
+ // re-register at least the core language file for users with language other than site default
+ register_translations(dirname(dirname(__FILE__)) . "/languages/");
+} catch (LoginException $e) {
+ register_error($e->getMessage());
+ forward(REFERER);
+}
+
+// elgg_echo() caches the language and does not provide a way to change the language.
+// @todo we need to use the config object to store this so that the current language
+// can be changed. Refs #4171
+if ($user->language) {
+ $message = elgg_echo('loginok', array(), $user->language);
+} else {
+ $message = elgg_echo('loginok');
+}
+
+if (isset($_SESSION['last_forward_from'])) {
+ unset($_SESSION['last_forward_from']);
+}
+
+system_message($message);
+forward($forward_url);
diff --git a/actions/logout.php b/actions/logout.php
new file mode 100644
index 000000000..c48a26b15
--- /dev/null
+++ b/actions/logout.php
@@ -0,0 +1,18 @@
+<?php
+/**
+ * Elgg logout action
+ *
+ * @package Elgg
+ * @subpackage Core
+ */
+
+// Log out
+$result = logout();
+
+// Set the system_message as appropriate
+if ($result) {
+ system_message(elgg_echo('logoutok'));
+ forward();
+} else {
+ register_error(elgg_echo('logouterror'));
+} \ No newline at end of file
diff --git a/actions/notifications/settings/usersettings/save.php b/actions/notifications/settings/usersettings/save.php
new file mode 100644
index 000000000..455a444e1
--- /dev/null
+++ b/actions/notifications/settings/usersettings/save.php
@@ -0,0 +1,29 @@
+<?php
+/**
+ * Elgg notifications user preference save acion.
+ *
+ * @package Elgg
+ * @subpackage Core
+ */
+
+$method = get_input('method');
+
+$current_settings = get_user_notification_settings();
+
+$result = false;
+foreach ($method as $k => $v) {
+ // check if setting has changed and skip if not
+ if ($current_settings->$k == ($v == 'yes')) {
+ continue;
+ }
+
+ $result = set_user_notification_setting(elgg_get_logged_in_user_guid(), $k, ($v == 'yes') ? true : false);
+
+ if (!$result) {
+ register_error(elgg_echo('notifications:usersettings:save:fail'));
+ }
+}
+
+if ($result) {
+ system_message(elgg_echo('notifications:usersettings:save:ok'));
+}
diff --git a/actions/plugins/settings/save.php b/actions/plugins/settings/save.php
new file mode 100644
index 000000000..581a2f9ec
--- /dev/null
+++ b/actions/plugins/settings/save.php
@@ -0,0 +1,43 @@
+<?php
+/**
+ * Saves global plugin settings.
+ *
+ * This action can be overriden for a specific plugin by creating the
+ * <plugin_id>/settings/save action in that plugin.
+ *
+ * @uses array $_REQUEST['params'] A set of key/value pairs to save to the ElggPlugin entity
+ * @uses int $_REQUEST['plugin_id'] The ID of the plugin
+ *
+ * @package Elgg.Core
+ * @subpackage Plugins.Settings
+ */
+
+$params = get_input('params');
+$plugin_id = get_input('plugin_id');
+$plugin = elgg_get_plugin_from_id($plugin_id);
+
+if (!($plugin instanceof ElggPlugin)) {
+ register_error(elgg_echo('plugins:settings:save:fail', array($plugin_id)));
+ forward(REFERER);
+}
+
+$plugin_name = $plugin->getManifest()->getName();
+
+$result = false;
+
+// allow a plugin to override the save action for their settings
+if (elgg_action_exists("$plugin_id/settings/save")) {
+ action("$plugin_id/settings/save");
+} else {
+ foreach ($params as $k => $v) {
+ $result = $plugin->setSetting($k, $v);
+ if (!$result) {
+ register_error(elgg_echo('plugins:settings:save:fail', array($plugin_name)));
+ forward(REFERER);
+ exit;
+ }
+ }
+}
+
+system_message(elgg_echo('plugins:settings:save:ok', array($plugin_name)));
+forward(REFERER); \ No newline at end of file
diff --git a/actions/plugins/usersettings/save.php b/actions/plugins/usersettings/save.php
new file mode 100644
index 000000000..f6b8ab0b6
--- /dev/null
+++ b/actions/plugins/usersettings/save.php
@@ -0,0 +1,58 @@
+<?php
+/**
+ * Saves user-specific plugin settings.
+ *
+ * This action can be overriden for a specific plugin by creating the
+ * <plugin_id>/usersettings/save action in that plugin.
+ *
+ * @uses array $_REQUEST['params'] A set of key/value pairs to save to the ElggPlugin entity
+ * @uses int $_REQUEST['plugin_id'] The id of the plugin
+ * @uses int $_REQUEST['user_guid'] The GUID of the user to save settings for.
+ *
+ * @package Elgg.Core
+ * @subpackage Plugins.Settings
+ */
+
+$params = get_input('params');
+$plugin_id = get_input('plugin_id');
+$user_guid = get_input('user_guid', elgg_get_logged_in_user_guid());
+$plugin = elgg_get_plugin_from_id($plugin_id);
+$user = get_entity($user_guid);
+
+if (!($plugin instanceof ElggPlugin)) {
+ register_error(elgg_echo('plugins:usersettings:save:fail', array($plugin_id)));
+ forward(REFERER);
+}
+
+if (!($user instanceof ElggUser)) {
+ register_error(elgg_echo('plugins:usersettings:save:fail', array($plugin_id)));
+ forward(REFERER);
+}
+
+$plugin_name = $plugin->getManifest()->getName();
+
+// make sure we're admin or the user
+if (!$user->canEdit()) {
+ register_error(elgg_echo('plugins:usersettings:save:fail', array($plugin_name)));
+ forward(REFERER);
+}
+
+$result = false;
+
+if (elgg_action_exists("$plugin_id/usersettings/save")) {
+ action("$plugin_id/usersettings/save");
+} else {
+ foreach ($params as $k => $v) {
+ // Save
+ $result = $plugin->setUserSetting($k, $v, $user->guid);
+
+ // Error?
+ if (!$result) {
+ register_error(elgg_echo('plugins:usersettings:save:fail', array($plugin_name)));
+ forward(REFERER);
+ }
+ }
+}
+
+system_message(elgg_echo('plugins:usersettings:save:ok', array($plugin_name)));
+forward(REFERER);
diff --git a/actions/profile/edit.php b/actions/profile/edit.php
new file mode 100644
index 000000000..e1f066e82
--- /dev/null
+++ b/actions/profile/edit.php
@@ -0,0 +1,116 @@
+<?php
+/**
+ * Elgg profile edit action
+ *
+ */
+
+elgg_make_sticky_form('profile:edit');
+
+$guid = get_input('guid');
+$owner = get_entity($guid);
+
+if (!$owner || !($owner instanceof ElggUser) || !$owner->canEdit()) {
+ register_error(elgg_echo('profile:edit:fail'));
+ forward(REFERER);
+}
+
+// grab the defined profile field names and their load the values from POST.
+// each field can have its own access, so sort that too.
+$input = array();
+$accesslevel = get_input('accesslevel');
+
+if (!is_array($accesslevel)) {
+ $accesslevel = array();
+}
+
+/**
+ * wrapper for recursive array walk decoding
+ */
+function profile_array_decoder(&$v) {
+ $v = _elgg_html_decode($v);
+}
+
+$profile_fields = elgg_get_config('profile_fields');
+foreach ($profile_fields as $shortname => $valuetype) {
+ // the decoding is a stop gap to prevent &amp;&amp; showing up in profile fields
+ // because it is escaped on both input (get_input()) and output (view:output/text). see #561 and #1405.
+ // must decode in utf8 or string corruption occurs. see #1567.
+ $value = get_input($shortname);
+ if (is_array($value)) {
+ array_walk_recursive($value, 'profile_array_decoder');
+ } else {
+ $value = _elgg_html_decode($value);
+ }
+
+ // limit to reasonable sizes
+ // @todo - throwing away changes due to this is dumb!
+ if (!is_array($value) && $valuetype != 'longtext' && elgg_strlen($value) > 250) {
+ $error = elgg_echo('profile:field_too_long', array(elgg_echo("profile:{$shortname}")));
+ register_error($error);
+ forward(REFERER);
+ }
+
+ if ($value && $valuetype == 'url' && !preg_match('~^https?\://~i', $value)) {
+ $value = "http://$value";
+ }
+
+ if ($valuetype == 'tags') {
+ $value = string_to_tag_array($value);
+ }
+
+ $input[$shortname] = $value;
+}
+
+// display name is handled separately
+$name = strip_tags(get_input('name'));
+if ($name) {
+ if (elgg_strlen($name) > 50) {
+ register_error(elgg_echo('user:name:fail'));
+ } elseif ($owner->name != $name) {
+ $owner->name = $name;
+ $owner->save();
+ }
+}
+
+// go through custom fields
+if (sizeof($input) > 0) {
+ foreach ($input as $shortname => $value) {
+ $options = array(
+ 'guid' => $owner->guid,
+ 'metadata_name' => $shortname,
+ 'limit' => false
+ );
+ elgg_delete_metadata($options);
+
+ if (!is_null($value) && ($value !== '')) {
+ // only create metadata for non empty values (0 is allowed) to prevent metadata records with empty string values #4858
+
+ if (isset($accesslevel[$shortname])) {
+ $access_id = (int) $accesslevel[$shortname];
+ } else {
+ // this should never be executed since the access level should always be set
+ $access_id = ACCESS_DEFAULT;
+ }
+ if (is_array($value)) {
+ $i = 0;
+ foreach ($value as $interval) {
+ $i++;
+ $multiple = ($i > 1) ? TRUE : FALSE;
+ create_metadata($owner->guid, $shortname, $interval, 'text', $owner->guid, $access_id, $multiple);
+ }
+ } else {
+ create_metadata($owner->getGUID(), $shortname, $value, 'text', $owner->getGUID(), $access_id);
+ }
+ }
+ }
+
+ $owner->save();
+
+ // Notify of profile update
+ elgg_trigger_event('profileupdate', $owner->type, $owner);
+
+ elgg_clear_sticky_form('profile:edit');
+ system_message(elgg_echo("profile:saved"));
+}
+
+forward($owner->getUrl());
diff --git a/actions/profile/fields/add.php b/actions/profile/fields/add.php
new file mode 100644
index 000000000..fce783092
--- /dev/null
+++ b/actions/profile/fields/add.php
@@ -0,0 +1,40 @@
+<?php
+/**
+ * Elgg profile plugin edit default profile action
+ *
+ */
+
+$label = get_input('label');
+$type = get_input('type');
+
+$fieldlist = elgg_get_config('profile_custom_fields');
+if (!$fieldlist) {
+ $fieldlist = '';
+ $id = 1;
+} else {
+ $fieldlistarray = explode(',', $fieldlist);
+ foreach ($fieldlistarray as $key => $value) {
+ $fieldlistarray[$key] = (int)$value;
+ }
+ $id = max($fieldlistarray) + 1;
+}
+
+if (($label) && ($type)) {
+ if (!empty($fieldlist)) {
+ $fieldlist .= ',';
+ }
+ $fieldlist .= "$id";
+
+ if (elgg_save_config("admin_defined_profile_$id", $label) &&
+ elgg_save_config("admin_defined_profile_type_$id", $type) &&
+ elgg_save_config('profile_custom_fields', $fieldlist)) {
+
+ system_message(elgg_echo('profile:editdefault:success'));
+ } else {
+ register_error(elgg_echo('profile:editdefault:fail'));
+ }
+} else {
+ register_error(elgg_echo('profile:editdefault:fail'));
+}
+
+forward(REFERER); \ No newline at end of file
diff --git a/actions/profile/fields/delete.php b/actions/profile/fields/delete.php
new file mode 100644
index 000000000..9879feb3f
--- /dev/null
+++ b/actions/profile/fields/delete.php
@@ -0,0 +1,28 @@
+<?php
+/**
+ * Elgg profile plugin edit default profile action removal
+ *
+ */
+
+$id = get_input('id');
+
+$fieldlist = elgg_get_config('profile_custom_fields');
+if (!$fieldlist) {
+ $fieldlist = '';
+}
+
+$fieldlist = str_replace("{$id},", "", $fieldlist);
+$fieldlist = str_replace(",{$id}", "", $fieldlist);
+$fieldlist = str_replace("{$id}", "", $fieldlist);
+
+if ($id &&
+ unset_config("admin_defined_profile_$id") &&
+ unset_config("admin_defined_profile_type_$id") &&
+ elgg_save_config('profile_custom_fields', $fieldlist)) {
+
+ system_message(elgg_echo('profile:editdefault:delete:success'));
+} else {
+ register_error(elgg_echo('profile:editdefault:delete:fail'));
+}
+
+forward(REFERER); \ No newline at end of file
diff --git a/actions/profile/fields/edit.php b/actions/profile/fields/edit.php
new file mode 100644
index 000000000..5fc84ff11
--- /dev/null
+++ b/actions/profile/fields/edit.php
@@ -0,0 +1,20 @@
+<?php
+/**
+ * Edit a custom profile field
+ */
+
+$id = get_input('id');
+$label = get_input('label');
+
+if (!elgg_get_config("admin_defined_profile_$id")) {
+ register_error(elgg_echo('profile:editdefault:fail'));
+ forward(REFERER);
+}
+
+if (elgg_save_config("admin_defined_profile_$id", $label)) {
+ system_message(elgg_echo('profile:editdefault:success'));
+} else {
+ register_error(elgg_echo('profile:editdefault:fail'));
+}
+
+forward(REFERER); \ No newline at end of file
diff --git a/actions/profile/fields/reorder.php b/actions/profile/fields/reorder.php
new file mode 100644
index 000000000..27c716749
--- /dev/null
+++ b/actions/profile/fields/reorder.php
@@ -0,0 +1,12 @@
+<?php
+/**
+ * Elgg profile plugin reorder fields
+ *
+ */
+
+$ordering = get_input('fieldorder');
+
+$result = elgg_save_config('profile_custom_fields', $ordering);
+
+// called by ajax so we exit
+exit;
diff --git a/actions/profile/fields/reset.php b/actions/profile/fields/reset.php
new file mode 100644
index 000000000..19efae479
--- /dev/null
+++ b/actions/profile/fields/reset.php
@@ -0,0 +1,20 @@
+<?php
+/**
+ * Reset profile fields action
+ *
+ */
+
+$fieldlist = elgg_get_config('profile_custom_fields');
+if ($fieldlist) {
+ $fieldlistarray = explode(',', $fieldlist);
+ foreach ($fieldlistarray as $listitem) {
+ unset_config("admin_defined_profile_{$listitem}");
+ unset_config("admin_defined_profile_type_{$listitem}");
+ }
+}
+
+unset_config('profile_custom_fields');
+
+system_message(elgg_echo('profile:defaultprofile:reset'));
+
+forward(REFERER); \ No newline at end of file
diff --git a/actions/register.php b/actions/register.php
new file mode 100644
index 000000000..73926232c
--- /dev/null
+++ b/actions/register.php
@@ -0,0 +1,80 @@
+<?php
+/**
+ * Elgg registration action
+ *
+ * @package Elgg.Core
+ * @subpackage User.Account
+ */
+
+elgg_make_sticky_form('register');
+
+// Get variables
+$username = get_input('username');
+$password = get_input('password', null, false);
+$password2 = get_input('password2', null, false);
+$email = get_input('email');
+$name = get_input('name');
+$friend_guid = (int) get_input('friend_guid', 0);
+$invitecode = get_input('invitecode');
+
+if (elgg_get_config('allow_registration')) {
+ try {
+ if (trim($password) == "" || trim($password2) == "") {
+ throw new RegistrationException(elgg_echo('RegistrationException:EmptyPassword'));
+ }
+
+ if (strcmp($password, $password2) != 0) {
+ throw new RegistrationException(elgg_echo('RegistrationException:PasswordMismatch'));
+ }
+
+ $guid = register_user($username, $password, $name, $email, false, $friend_guid, $invitecode);
+
+ if ($guid) {
+ $new_user = get_entity($guid);
+
+ // allow plugins to respond to self registration
+ // note: To catch all new users, even those created by an admin,
+ // register for the create, user event instead.
+ // only passing vars that aren't in ElggUser.
+ $params = array(
+ 'user' => $new_user,
+ 'password' => $password,
+ 'friend_guid' => $friend_guid,
+ 'invitecode' => $invitecode
+ );
+
+ // @todo should registration be allowed no matter what the plugins return?
+ if (!elgg_trigger_plugin_hook('register', 'user', $params, TRUE)) {
+ $ia = elgg_set_ignore_access(true);
+ $new_user->delete();
+ elgg_set_ignore_access($ia);
+ // @todo this is a generic messages. We could have plugins
+ // throw a RegistrationException, but that is very odd
+ // for the plugin hooks system.
+ throw new RegistrationException(elgg_echo('registerbad'));
+ }
+
+ elgg_clear_sticky_form('register');
+ system_message(elgg_echo("registerok", array(elgg_get_site_entity()->name)));
+
+ // if exception thrown, this probably means there is a validation
+ // plugin that has disabled the user
+ try {
+ login($new_user);
+ } catch (LoginException $e) {
+ // do nothing
+ }
+
+ // Forward on success, assume everything else is an error...
+ forward();
+ } else {
+ register_error(elgg_echo("registerbad"));
+ }
+ } catch (RegistrationException $r) {
+ register_error($r->getMessage());
+ }
+} else {
+ register_error(elgg_echo('registerdisabled'));
+}
+
+forward(REFERER);
diff --git a/actions/river/delete.php b/actions/river/delete.php
new file mode 100644
index 000000000..0d8297932
--- /dev/null
+++ b/actions/river/delete.php
@@ -0,0 +1,21 @@
+<?php
+/**
+ * River item delete action
+ *
+ * @package Elgg
+ * @subpackage Core
+ */
+
+$id = get_input('id', false);
+
+if ($id !== false && elgg_is_admin_logged_in()) {
+ if (elgg_delete_river(array('id' => $id))) {
+ system_message(elgg_echo('river:delete:success'));
+ } else {
+ register_error(elgg_echo('river:delete:fail'));
+ }
+} else {
+ register_error(elgg_echo('river:delete:fail'));
+}
+
+forward(REFERER);
diff --git a/actions/security/refreshtoken.php b/actions/security/refreshtoken.php
new file mode 100644
index 000000000..74a72c4af
--- /dev/null
+++ b/actions/security/refreshtoken.php
@@ -0,0 +1,5 @@
+<?php
+$ts = time();
+$token = generate_action_token($ts);
+
+echo json_encode(array('__elgg_ts' => $ts, '__elgg_token' => $token)); \ No newline at end of file
diff --git a/actions/tasks/comments/add.php b/actions/tasks/comments/add.php
deleted file mode 100644
index 6221eccbd..000000000
--- a/actions/tasks/comments/add.php
+++ /dev/null
@@ -1,169 +0,0 @@
-<?php
-/**
- * Tasks add comment action
- *
- * @package ElggTasks
- */
-
-group_gatekeeper();
-
-elgg_load_library('elgg:tasks');
-
-$entity_guid = (int) get_input('entity_guid');
-$comment_text = get_input('generic_comment');
-$state_action = get_input('state_action', false);
-
-
-// Let's see if we can get an entity with the specified GUID
-$entity = get_entity($entity_guid);
-if (!$entity) {
- register_error(elgg_echo("generic_comment:notfound"));
- forward(REFERER);
-}
-
-$user = elgg_get_logged_in_user_entity();
-
-if($comment_text) {
- $annotation = create_annotation($entity->guid,
- 'generic_comment',
- $comment_text,
- "",
- $user->guid,
- $entity->access_id);
-
- // tell user annotation posted
- if (!$annotation) {
- register_error(elgg_echo("generic_comment:failure"));
- forward(REFERER);
- }
-}
-switch ($state_action) {
- case 'assign':
- add_entity_relationship(elgg_get_logged_in_user_guid(), 'subscribes', $entity_guid);
- break;
- case 'activate':
- add_entity_relationship(elgg_get_logged_in_user_guid(), 'is_doing', $entity_guid);
- break;
- case 'assign_and_activate':
- add_entity_relationship(elgg_get_logged_in_user_guid(), 'subscribes', $entity_guid);
- add_entity_relationship(elgg_get_logged_in_user_guid(), 'is_doing', $entity_guid);
- break;
- case 'deactivate':
- remove_entity_relationship(elgg_get_logged_in_user_guid(), 'is_doing', $entity_guid);
- break;
- case 'leave':
- remove_entity_relationship(elgg_get_logged_in_user_guid(), 'is_doing', $entity_guid);
- remove_entity_relationship(elgg_get_logged_in_user_guid(), 'subscribes', $entity_guid);
- break;
- case 'reopen':
- remove_entity_relationships($entity_guid, 'is_doing', true);
- remove_entity_relationships($entity_guid, 'subscribes', true);
- break;
-}
-
-if (in_array($state_action, array('activate', 'assign_and_activate'))) {
- if($active_task = tasks_get_user_active_task($user->guid)) {
- $active_task->status = 'assigned';
-
- create_annotation($active_task->guid,
- 'task_state_changed',
- 'assigned',
- "",
- $user->guid,
- $active_task->access_id);
- }
-}
-
-$new_state = tasks_get_state_from_action($state_action);
-
-if ($state_action == 'leave') {
- $have_participants_yet = elgg_get_entities_from_relationship(array(
- 'relationship' => 'subscribes',
- 'relationship_guid' => $entity->guid,
- 'inverse_relationship' => true,
- 'count' => true,
- ));
- if ($have_participants_yet) {
- $new_state = $entity->status;
- }
-}
-
-if ($state_action == 'deactivate') {
- $have_participants_yet = elgg_get_entities_from_relationship(array(
- 'relationship' => 'is_doing',
- 'relationship_guid' => $entity->guid,
- 'inverse_relationship' => true,
- 'count' => true,
- ));
- if ($have_participants_yet) {
- $new_state = $entity->status;
- }
-}
-
-if ($state_action == 'assign' && $entity->status == 'active') {
- $new_state = $entity->status;
-}
-
-if($new_state) {
- $entity->status = $new_state;
- create_annotation($entity->guid,
- 'task_state_changed',
- $state_action,
- "",
- $user->guid,
- $entity->access_id);
-}
-
-// notify if poster wasn't owner
-if ($entity->owner_guid != $user->guid) {
-
- if($new_state) {
- notify_user($entity->owner_guid,
- $user->guid,
- elgg_echo('tasks:email:subject'),
- elgg_echo('tasks:email:body', array(
- $user->name,
- $entity->title,
- $new_state,
- $comment_text,
- $entity->getURL(),
- $user->name,
- $user->getURL()
- ))
- );
- } else {
- notify_user($entity->owner_guid,
- $user->guid,
- elgg_echo('generic_comment:email:subject'),
- elgg_echo('generic_comment:email:body', array(
- $entity->title,
- $user->name,
- $comment_text,
- $entity->getURL(),
- $user->name,
- $user->getURL()
- ))
- );
- }
-}
-
-if ($new_state) {
- system_message(elgg_echo("tasks:status:changed"));
- $action = $state_action;
-} else {
- system_message(elgg_echo("generic_comment:posted"));
- $action = 'comment';
-}
-
-//add to river
-if (!in_array($state_action, array('activate', 'deactivate'))) {
- $river = 'river/annotation/generic_comment/create';
- add_to_river($river, $action, $user->guid, $entity->guid, "", 0, $annotation);
-}
-
-if ($new_state) {
- echo "{\"new_state\": \"$new_state\"}";
-}
-
-// Forward to the page the action occurred on
-forward(REFERER);
diff --git a/actions/tasks/delete.php b/actions/tasks/delete.php
deleted file mode 100644
index 9e15831f4..000000000
--- a/actions/tasks/delete.php
+++ /dev/null
@@ -1,32 +0,0 @@
-<?php
-/**
- * Remove a task
- *
- * @package ElggTasks
- */
-
-$guid = get_input('guid');
-$task = get_entity($guid);
-if ($task) {
- if ($task->canEdit()) {
- $container = get_entity($task->container_guid);
- $list = $task->list_guid;
-
- if ($task->delete()) {
- system_message(elgg_echo('tasks:delete:success'));
- if ($list) {
- if ($list = get_entity($list)) {
- forward($list->getURL());
- }
- }
- if (elgg_instanceof($container, 'group')) {
- forward("tasks/group/$container->guid/all");
- } else {
- forward("tasks/owner/$container->username");
- }
- }
- }
-}
-
-register_error(elgg_echo('tasks:delete:failure'));
-forward(REFERER);
diff --git a/actions/tasks/edit.php b/actions/tasks/edit.php
deleted file mode 100644
index a69ddafe9..000000000
--- a/actions/tasks/edit.php
+++ /dev/null
@@ -1,110 +0,0 @@
-<?php
-/**
- * Create or edit a task
- *
- * @package ElggTasks
- */
-
-$variables = elgg_get_config('tasks');
-$input = array();
-foreach ($variables as $name => $type) {
- $input[$name] = get_input($name);
- if ($name == 'title') {
- $input[$name] = strip_tags($input[$name]);
- }
- if ($type == 'tags') {
- $input[$name] = string_to_tag_array($input[$name]);
- }
-}
-
-// Get guids
-$task_guid = (int)get_input('task_guid');
-$container_guid = (int)get_input('container_guid');
-$referer_guid = (int)get_input('referer_guid');
-
-$container = get_entity($container_guid);
-
-elgg_make_sticky_form('task');
-
-if (!$input['title']) {
- register_error(elgg_echo('tasks:error:no_title'));
- forward(REFERER);
-}
-
-if (!$container) {
- forward(REFERER);
-}
-
-if ($input['priority'] == null) {
- $input['priority'] = '2'; // normal is default
-}
-
-if ($task_guid) {
- $task = get_entity($task_guid);
- if (!$task || !$task->canEdit()) {
- register_error(elgg_echo('tasks:error:no_save'));
- forward(REFERER);
- }
- $new_task = false;
-} else {
- $task = new ElggObject();
- $task->subtype = 'task';
- $task->status = 'new';
- $task->time_status_changed = time();
- $new_task = true;
-}
-
-if (sizeof($input) > 0) {
- foreach ($input as $name => $value) {
- $task->$name = $value;
- }
-}
-
-$list_guid = $input['list_guid'];
-
-if ($list_guid) {
- $task->list_guid = $list_guid;
-}
-else {
- $task->list_guid = 0;
-}
-$task->container_guid = $container_guid;
-
-if ($task->save()) {
-
- elgg_clear_sticky_form('task');
-
- // Now save description as an annotation
- $task->annotate('task', $task->description, $task->access_id);
-
- system_message(elgg_echo('tasks:saved'));
-
- if ($new_task) {
- add_to_river('river/object/task/create', 'create', elgg_get_logged_in_user_guid(), $task->guid);
- }
-
- if ($new_task && $referer_guid && ($referer_entity = get_entity($referer_guid))) {
- $link = elgg_view('output/url', array(
- 'href' => $task->getURL(),
- 'text' => $task->title,
- ));
- $annotation = create_annotation($referer_entity->guid,
- 'generic_comment',
- elgg_echo('tasks:this:referer:comment', array($link)),
- "",
- elgg_get_logged_in_user_guid(),
- $referer_entity->access_id);
- }
-
- $task_json = array();
- foreach ($task->getExportableValues() as $v) {
- $task_json[$v] = $task->$v;
- }
- $task_json['list_guid'] = $task->list_guid;
- echo json_encode($task_json);
-
- forward($task->getURL());
-} else {
- register_error(elgg_echo('tasks:error:no_save'));
- forward(REFERER);
-}
diff --git a/actions/user/passwordreset.php b/actions/user/passwordreset.php
new file mode 100644
index 000000000..201d6abcf
--- /dev/null
+++ b/actions/user/passwordreset.php
@@ -0,0 +1,19 @@
+<?php
+/**
+ * Action to reset a password and send success email.
+ *
+ * @package Elgg
+ * @subpackage Core
+ */
+
+$user_guid = get_input('u');
+$code = get_input('c');
+
+if (execute_new_password_request($user_guid, $code)) {
+ system_message(elgg_echo('user:password:success'));
+} else {
+ register_error(elgg_echo('user:password:fail'));
+}
+
+forward();
+exit;
diff --git a/actions/user/requestnewpassword.php b/actions/user/requestnewpassword.php
new file mode 100644
index 000000000..f1d4fa43c
--- /dev/null
+++ b/actions/user/requestnewpassword.php
@@ -0,0 +1,27 @@
+<?php
+/**
+ * Action to request a new password.
+ *
+ * @package Elgg.Core
+ * @subpackage User.Account
+ */
+
+$username = get_input('username');
+
+// allow email addresses
+if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) {
+ $username = $users[0]->username;
+}
+
+$user = get_user_by_username($username);
+if ($user) {
+ if (send_new_password_request($user->guid)) {
+ system_message(elgg_echo('user:password:resetreq:success'));
+ } else {
+ register_error(elgg_echo('user:password:resetreq:fail'));
+ }
+} else {
+ register_error(elgg_echo('user:username:notfound', array($username)));
+}
+
+forward();
diff --git a/actions/user/spotlight.php b/actions/user/spotlight.php
new file mode 100644
index 000000000..202dde387
--- /dev/null
+++ b/actions/user/spotlight.php
@@ -0,0 +1,19 @@
+<?php
+/**
+ * Close or open spotlight.
+ *
+ * @package Elgg.Core
+ * @subpackage Spotlight
+ * @todo This is deprecated in 1.8
+ */
+
+$closed = get_input('closed', 'true');
+if ($closed != 'true') {
+ $closed = false;
+} else {
+ $closed = true;
+}
+
+elgg_get_logged_in_user_entity()->spotlightclosed = $closed;
+// exit as this action is called through Ajax
+exit; \ No newline at end of file
diff --git a/actions/useradd.php b/actions/useradd.php
new file mode 100644
index 000000000..17459021b
--- /dev/null
+++ b/actions/useradd.php
@@ -0,0 +1,69 @@
+<?php
+/**
+ * Elgg add action
+ *
+ * @package Elgg
+ * @subpackage Core
+ */
+
+elgg_make_sticky_form('useradd');
+
+// Get variables
+$username = get_input('username');
+$password = get_input('password', null, false);
+$password2 = get_input('password2', null, false);
+$email = get_input('email');
+$name = get_input('name');
+
+$admin = get_input('admin');
+if (is_array($admin)) {
+ $admin = $admin[0];
+}
+
+// no blank fields
+if ($username == '' || $password == '' || $password2 == '' || $email == '' || $name == '') {
+ register_error(elgg_echo('register:fields'));
+ forward(REFERER);
+}
+
+if (strcmp($password, $password2) != 0) {
+ register_error(elgg_echo('RegistrationException:PasswordMismatch'));
+ forward(REFERER);
+}
+
+// For now, just try and register the user
+try {
+ $guid = register_user($username, $password, $name, $email, TRUE);
+
+ if ($guid) {
+ $new_user = get_entity($guid);
+ if ($new_user && $admin && elgg_is_admin_logged_in()) {
+ $new_user->makeAdmin();
+ }
+
+ elgg_clear_sticky_form('useradd');
+
+ $new_user->admin_created = TRUE;
+ // @todo ugh, saving a guid as metadata!
+ $new_user->created_by_guid = elgg_get_logged_in_user_guid();
+
+ $subject = elgg_echo('useradd:subject');
+ $body = elgg_echo('useradd:body', array(
+ $name,
+ elgg_get_site_entity()->name,
+ elgg_get_site_entity()->url,
+ $username,
+ $password,
+ ));
+
+ notify_user($new_user->guid, elgg_get_site_entity()->guid, $subject, $body);
+
+ system_message(elgg_echo("adduser:ok", array(elgg_get_site_entity()->name)));
+ } else {
+ register_error(elgg_echo("adduser:bad"));
+ }
+} catch (RegistrationException $r) {
+ register_error($r->getMessage());
+}
+
+forward(REFERER);
diff --git a/actions/usersettings/save.php b/actions/usersettings/save.php
new file mode 100644
index 000000000..eb6cdbd5d
--- /dev/null
+++ b/actions/usersettings/save.php
@@ -0,0 +1,11 @@
+<?php
+/**
+ * Aggregate action for saving settings
+ *
+ * @package Elgg.Core
+ * @subpackage UserSettings
+ */
+
+elgg_trigger_plugin_hook('usersettings:save', 'user');
+
+forward(REFERER);
diff --git a/actions/widgets/add.php b/actions/widgets/add.php
new file mode 100644
index 000000000..d7b2f291c
--- /dev/null
+++ b/actions/widgets/add.php
@@ -0,0 +1,42 @@
+<?php
+/**
+ * Elgg widget add action
+ *
+ * @package Elgg.Core
+ * @subpackage Widgets.Management
+ */
+
+$owner_guid = get_input('owner_guid');
+$handler = get_input('handler');
+$context = get_input('context');
+$show_access = (bool)get_input('show_access', true);
+$column = get_input('column', 1);
+$default_widgets = get_input('default_widgets', 0);
+
+elgg_push_context($context);
+if ($default_widgets) {
+ elgg_push_context('default_widgets');
+}
+elgg_push_context('widgets');
+
+if (!empty($owner_guid)) {
+ $owner = get_entity($owner_guid);
+ if ($owner && $owner->canEdit()) {
+ $guid = elgg_create_widget($owner->getGUID(), $handler, $context);
+ if ($guid) {
+ $widget = get_entity($guid);
+
+ // position the widget
+ $widget->move($column, 0);
+
+ // send widget html for insertion
+ echo elgg_view_entity($widget, array('show_access' => $show_access));
+
+ //system_message(elgg_echo('widgets:add:success'));
+ forward(REFERER);
+ }
+ }
+}
+
+register_error(elgg_echo('widgets:add:failure'));
+forward(REFERER);
diff --git a/actions/widgets/delete.php b/actions/widgets/delete.php
new file mode 100644
index 000000000..47920013d
--- /dev/null
+++ b/actions/widgets/delete.php
@@ -0,0 +1,20 @@
+<?php
+/**
+ * Elgg widget delete action
+ *
+ * @package Elgg.Core
+ * @subpackage Widgets.Management
+ */
+
+$widget_guid = get_input('widget_guid');
+$owner_guid = get_input('owner_guid', elgg_get_logged_in_user_guid());
+
+$widget = get_entity($widget_guid);
+$owner = get_entity($owner_guid);
+
+if ($widget && $owner->canEdit() && $widget->delete()) {
+ forward(REFERER);
+}
+
+register_error(elgg_echo('widgets:remove:failure'));
+forward(REFERER);
diff --git a/actions/widgets/move.php b/actions/widgets/move.php
new file mode 100644
index 000000000..eab650c9c
--- /dev/null
+++ b/actions/widgets/move.php
@@ -0,0 +1,24 @@
+<?php
+/**
+ * Elgg widget move action
+ *
+ * @package Elgg.Core
+ * @subpackage Widgets.Management
+ */
+
+$widget_guid = get_input('widget_guid');
+$column = get_input('column', 1);
+$position = get_input('position');
+$owner_guid = get_input('owner_guid', elgg_get_logged_in_user_guid());
+
+$widget = get_entity($widget_guid);
+$owner = get_entity($owner_guid);
+
+
+if ($widget && $owner->canEdit()) {
+ $widget->move($column, $position);
+ forward(REFERER);
+}
+
+register_error(elgg_echo('widgets:move:failure'));
+forward(REFERER); \ No newline at end of file
diff --git a/actions/widgets/reorder.php b/actions/widgets/reorder.php
new file mode 100644
index 000000000..e43a0ba73
--- /dev/null
+++ b/actions/widgets/reorder.php
@@ -0,0 +1,24 @@
+<?php
+/**
+ * Elgg widget reorder action
+ *
+ * @package Elgg.Core
+ * @subpackage Widgets.Management
+ */
+
+$owner = get_input('owner');
+$context = get_input('context');
+
+$maincontent = get_input('debugField1');
+$sidebar = get_input('debugField2');
+$rightbar = get_input('debugField3');
+
+$result = reorder_widgets_from_panel($maincontent, $sidebar, $rightbar, $context, $owner);
+
+if ($result) {
+ system_message(elgg_echo('widgets:panel:save:success'));
+} else {
+ register_error(elgg_echo('widgets:panel:save:failure'));
+}
+
+forward(REFERER); \ No newline at end of file
diff --git a/actions/widgets/save.php b/actions/widgets/save.php
new file mode 100644
index 000000000..e15deab77
--- /dev/null
+++ b/actions/widgets/save.php
@@ -0,0 +1,44 @@
+<?php
+/**
+ * Elgg save widget settings action
+ *
+ * @package Elgg.Core
+ * @subpackage Widgets.Management
+ *
+ * @uses int $_REQUEST['guid'] The guid of the widget to save
+ * @uses array $_REQUEST['params'] An array of params to set on the widget.
+ * @uses int $_REQUEST['default_widgets'] Flag for if these settings are for default wigets.
+ * @uses string $_REQUEST['context'] An optional context of the widget. Used to return
+ * the correct output if widget content changes
+ * depending on context.
+ *
+ */
+
+elgg_set_context('widgets');
+
+$guid = get_input('guid');
+$params = get_input('params');
+$default_widgets = get_input('default_widgets', 0);
+$context = get_input('context');
+
+$widget = get_entity($guid);
+if ($widget && $widget->saveSettings($params)) {
+ elgg_set_page_owner_guid($widget->getContainerGUID());
+ if ($context) {
+ elgg_push_context($context);
+ }
+
+ if (!$default_widgets) {
+ if (elgg_view_exists("widgets/$widget->handler/content")) {
+ $view = "widgets/$widget->handler/content";
+ } else {
+ elgg_deprecated_notice("widgets use content as the display view", 1.8);
+ $view = "widgets/$widget->handler/view";
+ }
+ echo elgg_view($view, array('entity' => $widget));
+ }
+} else {
+ register_error(elgg_echo('widgets:save:failure'));
+}
+
+forward(REFERER); \ No newline at end of file
diff --git a/actions/widgets/upgrade.php b/actions/widgets/upgrade.php
new file mode 100644
index 000000000..0a5cf8d48
--- /dev/null
+++ b/actions/widgets/upgrade.php
@@ -0,0 +1,65 @@
+<?php
+/**
+ * Upgrade default widgets for Elgg 1.8
+ *
+ * Pre-1.8, default widgets were stored as metadata on a defaultwidgets object.
+ * Now they are stored as widget objects owned by the site.
+ *
+ * @package Elgg.Core
+ * @subpackage Widgets.Management
+ */
+
+$object = elgg_get_entities(array(
+ 'type' => 'object',
+ 'subtype' => 'moddefaultwidgets',
+ 'limit' => 1,
+));
+
+if (!$object) {
+ forward(REFERER);
+}
+
+$object = $object[0];
+
+$site = elgg_get_site_entity();
+
+$ia = elgg_set_ignore_access(true);
+foreach (array('profile', 'dashboard') as $context) {
+ if (isset($object->$context)) {
+ elgg_push_context($context);
+ elgg_push_context('default_widgets');
+ elgg_push_context('widgets');
+
+ // deserialize the widget information
+ list($left, $middle, $right) = split('%%', $object->$context);
+ $left_widgets = split('::', $left);
+ $middle_widgets = split('::', $middle);
+ $right_widgets = split('::', $right);
+
+ // 1st column is right column in default theme
+ $widgets = array(
+ 1 => array_reverse($right_widgets),
+ 2 => array_reverse($middle_widgets),
+ 3 => array_reverse($left_widgets),
+ );
+
+ foreach ($widgets as $column => $column_widgets) {
+ foreach ($column_widgets as $handler) {
+ $guid = elgg_create_widget($site->getGUID(), $handler, $context);
+ if ($guid) {
+ $widget = get_entity($guid);
+ $widget->move($column, 0);
+ }
+ }
+ }
+
+ elgg_pop_context();
+ elgg_pop_context();
+ elgg_pop_context();
+ }
+}
+elgg_set_ignore_access($ia);
+
+$object->delete();
+system_message(elgg_echo('upgrade:core'));
+forward(REFERER);