diff options
Diffstat (limited to 'actions')
69 files changed, 1919 insertions, 1794 deletions
diff --git a/actions/admin/delete_admin_notice.php b/actions/admin/delete_admin_notice.php new file mode 100644 index 000000000..a9c3b8758 --- /dev/null +++ b/actions/admin/delete_admin_notice.php @@ -0,0 +1,13 @@ +<?php +/** + * Removes an admin notice. + */ + +$guid = get_input('guid'); +$notice = get_entity($guid); + +if (!(elgg_instanceof($notice, 'object', 'admin_notice') && $notice->delete())) { + register_error(elgg_echo("admin:notices:could_not_delete")); +} + +forward(REFERER);
\ No newline at end of file diff --git a/actions/admin/menu/save.php b/actions/admin/menu/save.php new file mode 100644 index 000000000..66ce71082 --- /dev/null +++ b/actions/admin/menu/save.php @@ -0,0 +1,34 @@ +<?php +/** + * Save menu items. + * + * @package Elgg + * @subpackage Core + */ + +// featured menu items +$featured_names = get_input('featured_menu_names', array()); +$featured_names = array_unique($featured_names); +if (in_array(' ', $featured_names)) { + unset($featured_names[array_search(' ', $featured_names)]); +} +elgg_save_config('site_featured_menu_names', $featured_names); + +// custom menu items +$custom_menu_titles = get_input('custom_menu_titles', array()); +$custom_menu_urls = get_input('custom_menu_urls', array()); +$num_menu_items = count($custom_menu_titles); +$custom_menu_items = array(); +for ($i = 0; $i < $num_menu_items; $i++) { + if (trim($custom_menu_urls[$i]) && trim($custom_menu_titles[$i])) { + $url = $custom_menu_urls[$i]; + $title = $custom_menu_titles[$i]; + $custom_menu_items[$title] = $url; + } +} +elgg_save_config('site_custom_menu_items', $custom_menu_items); + + +system_message(elgg_echo('admin:menu_items:saved')); + +forward(REFERER); diff --git a/actions/admin/plugins/activate.php b/actions/admin/plugins/activate.php new file mode 100644 index 000000000..5234a4ca5 --- /dev/null +++ b/actions/admin/plugins/activate.php @@ -0,0 +1,59 @@ +<?php +/** + * Activate a plugin or plugins. + * + * Plugins to be activated are passed via $_REQUEST['plugin_guids'] as GUIDs. + * After activating the plugin(s), the views cache and simplecache are invalidated. + * + * @uses mixed $_GET['plugin_guids'] The GUIDs of the plugin to activate. Can be an array. + * + * @package Elgg.Core + * @subpackage Administration.Plugins + */ + +$plugin_guids = get_input('plugin_guids'); + +if (!is_array($plugin_guids)) { + $plugin_guids = array($plugin_guids); +} + +$activated_guids = array(); +foreach ($plugin_guids as $guid) { + $plugin = get_entity($guid); + + if (!($plugin instanceof ElggPlugin)) { + register_error(elgg_echo('admin:plugins:activate:no', array($guid))); + continue; + } + + if ($plugin->activate()) { + $activated_guids[] = $guid; + } else { + $msg = $plugin->getError(); + $string = ($msg) ? 'admin:plugins:activate:no_with_msg' : 'admin:plugins:activate:no'; + register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError()))); + } +} + +// don't regenerate the simplecache because the plugin won't be +// loaded until next run. Just invalidate and let it regenerate as needed +elgg_invalidate_simplecache(); +elgg_reset_system_cache(); + +if (count($activated_guids) === 1) { + $url = 'admin/plugins'; + $query = (string)parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY); + if ($query) { + $url .= "?$query"; + } + $plugin = get_entity($plugin_guids[0]); + $id = $css_id = preg_replace('/[^a-z0-9-]/i', '-', $plugin->getID()); + forward("$url#$id"); +} else { + // forward to top of page with a failure so remove any #foo + $url = $_SERVER['HTTP_REFERER']; + if (strpos($url, '#')) { + $url = substr(0, strpos($url, '#')); + } + forward($url); +}
\ No newline at end of file diff --git a/actions/admin/plugins/activate_all.php b/actions/admin/plugins/activate_all.php new file mode 100644 index 000000000..4514ccbdf --- /dev/null +++ b/actions/admin/plugins/activate_all.php @@ -0,0 +1,33 @@ +<?php +/** + * Activates all specified installed and inactive plugins. + * + * All specified plugins in the mod/ directory are that aren't active are activated and the views + * cache and simplecache are invalidated. + * + * @package Elgg.Core + * @subpackage Administration.Plugins + */ + +$guids = get_input('guids'); +$guids = explode(',', $guids); + +foreach ($guids as $guid) { + $plugin = get_entity($guid); + if (!$plugin->isActive()) { + if ($plugin->activate()) { + //system_message(elgg_echo('admin:plugins:activate:yes', array($plugin->getManifest()->getName()))); + } else { + $msg = $plugin->getError(); + $string = ($msg) ? 'admin:plugins:activate:no_with_msg' : 'admin:plugins:activate:no'; + register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError()))); + } + } +} + +// don't regenerate the simplecache because the plugin won't be +// loaded until next run. Just invalidate and let it regnerate as needed +elgg_invalidate_simplecache(); +elgg_reset_system_cache(); + +forward(REFERER);
\ No newline at end of file diff --git a/actions/admin/plugins/deactivate.php b/actions/admin/plugins/deactivate.php new file mode 100644 index 000000000..354f4717d --- /dev/null +++ b/actions/admin/plugins/deactivate.php @@ -0,0 +1,53 @@ +<?php +/** + * Deactivate a plugin or plugins. + * + * Plugins to be deactivated are passed via $_REQUEST['plugin_guids'] as GUIDs. + * After deactivating the plugin(s), the views cache and simplecache are invalidated. + * + * @uses mixed $_GET['plugin_guids'] The GUIDs of the plugin to deactivate. Can be an array. + * + * @package Elgg.Core + * @subpackage Administration.Plugins + */ + +$plugin_guids = get_input('plugin_guids'); + +if (!is_array($plugin_guids)) { + $plugin_guids = array($plugin_guids); +} + +foreach ($plugin_guids as $guid) { + $plugin = get_entity($guid); + + if (!($plugin instanceof ElggPlugin)) { + register_error(elgg_echo('admin:plugins:deactivate:no', array($guid))); + continue; + } + + if ($plugin->deactivate()) { + //system_message(elgg_echo('admin:plugins:deactivate:yes', array($plugin->getManifest()->getName()))); + } else { + $msg = $plugin->getError(); + $string = ($msg) ? 'admin:plugins:deactivate:no_with_msg' : 'admin:plugins:deactivate:no'; + register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError()))); + } +} + +// don't regenerate the simplecache because the plugin won't be +// loaded until next run. Just invalidate and let it regnerate as needed +elgg_invalidate_simplecache(); +elgg_reset_system_cache(); + +if (count($plugin_guids) == 1) { + $url = 'admin/plugins'; + $query = (string)parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY); + if ($query) { + $url .= "?$query"; + } + $plugin = get_entity($plugin_guids[0]); + $id = preg_replace('/[^a-z0-9-]/i', '-', $plugin->getID()); + forward("$url#$id"); +} else { + forward(REFERER); +} diff --git a/actions/admin/plugins/deactivate_all.php b/actions/admin/plugins/deactivate_all.php new file mode 100644 index 000000000..8b347a633 --- /dev/null +++ b/actions/admin/plugins/deactivate_all.php @@ -0,0 +1,33 @@ +<?php +/** + * Disable all specified installed plugins. + * + * Specified plugins in the mod/ directory are disabled and the views cache and simplecache + * are reset. + * + * @package Elgg.Core + * @subpackage Administration.Plugins + */ + +$guids = get_input('guids'); +$guids = explode(',', $guids); + +foreach ($guids as $guid) { + $plugin = get_entity($guid); + if ($plugin->isActive()) { + if ($plugin->deactivate()) { + //system_message(elgg_echo('admin:plugins:activate:yes', array($plugin->getManifest()->getName()))); + } else { + $msg = $plugin->getError(); + $string = ($msg) ? 'admin:plugins:deactivate:no_with_msg' : 'admin:plugins:deactivate:no'; + register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError()))); + } + } +} + +// don't regenerate the simplecache because the plugin won't be +// loaded until next run. Just invalidate and let it regnerate as needed +elgg_invalidate_simplecache(); +elgg_reset_system_cache(); + +forward(REFERER); diff --git a/actions/admin/plugins/disable.php b/actions/admin/plugins/disable.php deleted file mode 100644 index 32ae451a7..000000000 --- a/actions/admin/plugins/disable.php +++ /dev/null @@ -1,42 +0,0 @@ -<?php - /** - * Disable plugin action. - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ - - require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php"); - - // block non-admin users - admin_gatekeeper(); - - // Validate the action - action_gatekeeper(); - - // Get the plugin - $plugin = get_input('plugin'); - if (!is_array($plugin)) - $plugin = array($plugin); - - foreach ($plugin as $p) - { - // Disable - if (disable_plugin($p)) - system_message(sprintf(elgg_echo('admin:plugins:disable:yes'), $p)); - else - register_error(sprintf(elgg_echo('admin:plugins:disable:no'), $p)); - } -
- elgg_view_regenerate_simplecache(); - - $cache = elgg_get_filepath_cache(); - $cache->delete('view_paths');
- - forward($_SERVER['HTTP_REFERER']); - exit; -?>
\ No newline at end of file diff --git a/actions/admin/plugins/disableall.php b/actions/admin/plugins/disableall.php deleted file mode 100644 index a01b74fa5..000000000 --- a/actions/admin/plugins/disableall.php +++ /dev/null @@ -1,39 +0,0 @@ -<?php - /** - * Disable plugin action. - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ - - require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php"); - - // block non-admin users - admin_gatekeeper(); - - // Validate the action - action_gatekeeper(); - - $plugins = get_installed_plugins(); - - foreach ($plugins as $p => $data) - { - // Disable - if (disable_plugin($p)) - system_message(sprintf(elgg_echo('admin:plugins:disable:yes'), $p)); - else - register_error(sprintf(elgg_echo('admin:plugins:disable:no'), $p)); - } -
- elgg_view_regenerate_simplecache(); - - $cache = elgg_get_filepath_cache(); - $cache->delete('view_paths');
- - forward($_SERVER['HTTP_REFERER']); - exit; -?>
\ No newline at end of file diff --git a/actions/admin/plugins/enable.php b/actions/admin/plugins/enable.php deleted file mode 100644 index d81ab0551..000000000 --- a/actions/admin/plugins/enable.php +++ /dev/null @@ -1,42 +0,0 @@ -<?php - /** - * Enable plugin action. - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ - - require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php"); - - // block non-admin users - admin_gatekeeper(); - - // Validate the action - action_gatekeeper(); - - // Get the plugin - $plugin = get_input('plugin'); - if (!is_array($plugin)) - $plugin = array($plugin); - - foreach ($plugin as $p) - { - // Disable - if (enable_plugin($p)) - system_message(sprintf(elgg_echo('admin:plugins:enable:yes'), $p)); - else - register_error(sprintf(elgg_echo('admin:plugins:enable:no'), $p)); - } -
- elgg_view_regenerate_simplecache(); - - $cache = elgg_get_filepath_cache(); - $cache->delete('view_paths'); - - forward($_SERVER['HTTP_REFERER']); - exit; -?>
\ No newline at end of file diff --git a/actions/admin/plugins/enableall.php b/actions/admin/plugins/enableall.php deleted file mode 100644 index f31b4593d..000000000 --- a/actions/admin/plugins/enableall.php +++ /dev/null @@ -1,42 +0,0 @@ -<?php - /** - * Enable plugin action. - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ - - require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php"); - - // block non-admin users - admin_gatekeeper(); - - // Validate the action - action_gatekeeper(); - - $plugins = get_installed_plugins(); - - foreach ($plugins as $p => $data) - { - // Enable - if (enable_plugin($p)) - system_message(sprintf(elgg_echo('admin:plugins:enable:yes'), $p)); - else - register_error(sprintf(elgg_echo('admin:plugins:enable:no'), $p)); - } - - // Regen view cache - elgg_view_regenerate_simplecache(); - - // Regen paths cache - $cache = elgg_get_filepath_cache(); - $cache->delete('view_paths'); - - forward($_SERVER['HTTP_REFERER']); - exit; - -?>
\ No newline at end of file diff --git a/actions/admin/plugins/reorder.php b/actions/admin/plugins/reorder.php deleted file mode 100644 index 0e328f54d..000000000 --- a/actions/admin/plugins/reorder.php +++ /dev/null @@ -1,56 +0,0 @@ -<?php
- /**
- * Reorder plugin action.
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
-
- require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php");
-
- // block non-admin users
- admin_gatekeeper();
-
- // Validate the action
- action_gatekeeper();
-
- // Get the plugin
- $mod = get_input('plugin');
- $mod = str_replace('.','',$mod);
- $mod = str_replace('/','',$mod);
-
- // Get the new order
- $order = (int) get_input('order');
-
- // Get the current plugin list
- $plugins = get_plugin_list();
-
- // Inject the plugin order back into the list
- if ($key = array_search($mod, $plugins)) {
-
- unset($plugins[$key]);
- while (isset($plugins[$order])) {
- $order++;
- }
-
- $plugins[$order] = $mod;
- }
-
- // Disable
- if (regenerate_plugin_list($plugins))
- system_message(sprintf(elgg_echo('admin:plugins:reorder:yes'), $plugin));
- else
- register_error(sprintf(elgg_echo('admin:plugins:reorder:no'), $plugin));
-
- elgg_view_regenerate_simplecache(); - - $cache = elgg_get_filepath_cache(); - $cache->delete('view_paths');
-
- forward($_SERVER['HTTP_REFERER']);
-
-?>
\ No newline at end of file diff --git a/actions/admin/plugins/set_priority.php b/actions/admin/plugins/set_priority.php new file mode 100644 index 000000000..edd735371 --- /dev/null +++ b/actions/admin/plugins/set_priority.php @@ -0,0 +1,39 @@ +<?php +/** + * Changes the load priority of a plugin. + * + * Plugin priority affects view, action, and page handler + * overriding as well as the order of view extensions. Plugins with higher + * priority are loaded after and override plugins with lower priorities. + * + * NOTE: When viewing the plugin admin page, plugins LOWER on the page + * have HIGHER priority and will override views, etc from plugins above them. + * + * @package Elgg.Core + * @subpackage Administration.Plugins + */ + +$plugin_guid = get_input('plugin_guid'); +$priority = get_input('priority'); + +$plugin = get_entity($plugin_guid); + +if (!($plugin instanceof ElggPlugin)) { + register_error(elgg_echo('admin:plugins:set_priority:no', array($plugin_guid))); + forward(REFERER); +} + +if ($plugin->setPriority($priority)) { + //system_message(elgg_echo('admin:plugins:set_priority:yes', array($plugin->getManifest()->getName()))); +} else { + $msg = $plugin->getError(); + $string = ($msg) ? 'admin:plugins:set_priority:no_with_msg' : 'admin:plugins:set_priority:no'; + register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError()))); +} + +// don't regenerate the simplecache because the plugin won't be +// loaded until next run. Just invalidate and let it regnerate as needed +elgg_invalidate_simplecache(); +elgg_reset_system_cache(); + +forward(REFERER);
\ No newline at end of file diff --git a/actions/admin/site/flush_cache.php b/actions/admin/site/flush_cache.php new file mode 100644 index 000000000..ebb8296c7 --- /dev/null +++ b/actions/admin/site/flush_cache.php @@ -0,0 +1,10 @@ +<?php +/** + * Flush all the caches + */ + +elgg_invalidate_simplecache(); +elgg_reset_system_cache(); + +system_message(elgg_echo('admin:cache:flushed')); +forward(REFERER);
\ No newline at end of file diff --git a/actions/admin/site/regenerate_secret.php b/actions/admin/site/regenerate_secret.php new file mode 100644 index 000000000..3112fb5f3 --- /dev/null +++ b/actions/admin/site/regenerate_secret.php @@ -0,0 +1,11 @@ +<?php +/** + * Generate a new site secret + */ + +init_site_secret(); +elgg_reset_system_cache(); + +system_message(elgg_echo('admin:site:secret_regenerated')); + +forward(REFERER); diff --git a/actions/admin/site/unlock_upgrade.php b/actions/admin/site/unlock_upgrade.php new file mode 100644 index 000000000..b625b1d26 --- /dev/null +++ b/actions/admin/site/unlock_upgrade.php @@ -0,0 +1,10 @@ +<?php +/** + * Unlocks the upgrade script + */ + +if (_elgg_upgrade_is_locked()) { + _elgg_upgrade_unlock(); +} +system_message(elgg_echo('upgrade:unlock:success')); +forward(REFERER); diff --git a/actions/admin/site/update_advanced.php b/actions/admin/site/update_advanced.php new file mode 100644 index 000000000..4888b0a8d --- /dev/null +++ b/actions/admin/site/update_advanced.php @@ -0,0 +1,98 @@ +<?php +/** + * Updates the advanced settings for the primary site object. + * + * Options are saved among metadata on the site object, entries + * in the datalist table, and entries in the config table. + * + * @package Elgg.Core + * @subpackage Administration.Site + */ + +if ($site = elgg_get_site_entity()) { + if (!($site instanceof ElggSite)) { + throw new InstallationException(elgg_echo('InvalidParameterException:NonElggSite')); + } + + $site->url = rtrim(get_input('wwwroot', '', false), '/') . '/'; + + datalist_set('path', sanitise_filepath(get_input('path', '', false))); + $dataroot = sanitise_filepath(get_input('dataroot', '', false)); + + // check for relative paths + if (stripos(PHP_OS, 'win') === 0) { + if (strpos($dataroot, ':') !== 1) { + $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot)); + register_error($msg); + forward(REFERER); + } + } else { + if (strpos($dataroot, '/') !== 0) { + $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot)); + register_error($msg); + forward(REFERER); + } + } + + datalist_set('dataroot', $dataroot); + + if (get_input('simplecache_enabled')) { + elgg_enable_simplecache(); + } else { + elgg_disable_simplecache(); + } + + if (get_input('system_cache_enabled')) { + elgg_enable_system_cache(); + } else { + elgg_disable_system_cache(); + } + + set_config('default_access', get_input('default_access', ACCESS_PRIVATE), $site->getGUID()); + + $user_default_access = (get_input('allow_user_default_access')) ? 1 : 0; + set_config('allow_user_default_access', $user_default_access, $site->getGUID()); + + $debug = get_input('debug'); + if ($debug) { + set_config('debug', $debug, $site->getGUID()); + } else { + unset_config('debug', $site->getGUID()); + } + + // allow new user registration? + if (get_input('allow_registration', FALSE)) { + set_config('allow_registration', TRUE, $site->getGUID()); + } else { + set_config('allow_registration', FALSE, $site->getGUID()); + } + + // setup walled garden + if (get_input('walled_garden', FALSE)) { + set_config('walled_garden', TRUE, $site->getGUID()); + } else { + set_config('walled_garden', FALSE, $site->getGUID()); + } + + $https_login = get_input('https_login'); + if ($https_login) { + set_config('https_login', 1, $site->getGUID()); + } else { + unset_config('https_login', $site->getGUID()); + } + + $api = get_input('api'); + if ($api) { + unset_config('disable_api', $site->getGUID()); + } else { + set_config('disable_api', 'disabled', $site->getGUID()); + } + + if ($site->save()) { + system_message(elgg_echo("admin:configuration:success")); + } else { + register_error(elgg_echo("admin:configuration:fail")); + } + + forward(REFERER); +}
\ No newline at end of file diff --git a/actions/admin/site/update_basic.php b/actions/admin/site/update_basic.php index a106a22f0..9765182cc 100644 --- a/actions/admin/site/update_basic.php +++ b/actions/admin/site/update_basic.php @@ -1,98 +1,27 @@ -<?php
-
- /**
- * Elgg update site action
- *
- * This is an update version of the sitesettings/install action which is used by the admin panel to modify basic settings.
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
-
- global $CONFIG;
-
- // block non-admin users
- admin_gatekeeper();
- action_gatekeeper();
-
- if (get_input('settings') == 'go') {
-
- if (datalist_get('default_site')) {
-
- $site = get_entity(datalist_get('default_site'));
- if (!($site instanceof ElggSite))
- throw new InstallationException(elgg_echo('InvalidParameterException:NonElggSite'));
-
- $site->description = get_input('sitedescription');
- $site->name = get_input('sitename');
- $site->email = get_input('siteemail');
- $site->url = get_input('wwwroot');
-
- datalist_set('path',sanitise_filepath(get_input('path')));
- datalist_set('dataroot',sanitise_filepath(get_input('dataroot')));
- if (get_input('simplecache_enabled')) {
- elgg_view_enable_simplecache();
- } else {
- elgg_view_disable_simplecache();
- }
-
- set_config('language', get_input('language'), $site->getGUID());
-
- set_config('default_access', get_input('default_access'), $site->getGUID());
-
- if (get_input('allow_user_default_access')) {
- set_config('allow_user_default_access', 1, $site->getGUID());
- } else {
- set_config('allow_user_default_access', 0, $site->getGUID());
- }
-
- set_config('view', get_input('view'), $site->getGUID());
-
- $debug = get_input('debug');
- if ($debug)
- set_config('debug', 1, $site->getGUID());
- else
- unset_config('debug', $site->getGUID());
-
- $https_login = get_input('https_login');
- if ($https_login)
- set_config('https_login', 1, $site->getGUID());
- else
- unset_config('https_login', $site->getGUID());
-
- $usage = get_input('usage');
- if ($usage)
- unset_config('ping_home', $site->getGUID());
- else
- set_config('ping_home', 'disabled', $site->getGUID());
-
- $api = get_input('api');
- if ($api)
- unset_config('disable_api', $site->getGUID());
- else
- set_config('disable_api', 'disabled', $site->getGUID());
-
- // Now ping home
- //if ((!isset($usage)) || ($usage!='disabled'))
- //{
- // ping_home($site);
- //}
-
- if ($site->save())
- system_message(elgg_echo("admin:configuration:success"));
- else
- register_error(elgg_echo("admin:configuration:fail"));
-
- //header("Location: {$CONFIG->wwwroot}admin/site/");
- forward($_SERVER['HTTP_REFERER']);
- exit;
-
- }
-
- }
-
-?>
\ No newline at end of file +<?php +/** + * Updates the basic settings for the primary site object. + * + * Basic site settings are saved as metadata on the site object, + * with the exception of the default language, which is saved in + * the config table. + * + * @package Elgg.Core + * @subpackage Administration.Site + */ + +if ($site = elgg_get_site_entity()) { + if (!($site instanceof ElggSite)) { + throw new InstallationException(elgg_echo('InvalidParameterException:NonElggSite')); + } + + $site->description = get_input('sitedescription'); + $site->name = strip_tags(get_input('sitename')); + $site->email = get_input('siteemail'); + $site->save(); + + set_config('language', get_input('language'), $site->getGUID()); +} + +system_message(elgg_echo('admin:configuration:success')); +forward(REFERER);
\ No newline at end of file diff --git a/actions/admin/user/ban.php b/actions/admin/user/ban.php index 65590f044..209ece2a0 100644 --- a/actions/admin/user/ban.php +++ b/actions/admin/user/ban.php @@ -1,39 +1,30 @@ <?php - /** - * Elgg ban user - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ +/** + * Bans a user. + * + * User entities are banned by setting the 'banned' column + * to 'yes' in the users_entity table. + * + * @package Elgg.Core + * @subpackage Administration.User + */ - require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php"); - - // block non-admin users - admin_gatekeeper(); - action_gatekeeper(); - - // Get the user - $guid = get_input('guid'); - $obj = get_entity($guid); - - if ( ($obj instanceof ElggUser) && ($obj->canEdit())) - { - // Now actually disable it - if ($obj->ban('banned')) {
- system_message(elgg_echo('admin:user:ban:yes'));
- } - else - register_error(elgg_echo('admin:user:ban:no')); - } else {
- $canedit = $obj->canEdit();
- $isinstance = ($obj instanceof ElggUser);
- register_error(elgg_echo('admin:user:ban:no'));
+$guid = get_input('guid'); +$user = get_entity($guid); + +if ($guid == elgg_get_logged_in_user_guid()) { + register_error(elgg_echo('admin:user:self:ban:no')); + forward(REFERER); +} + +if (($user instanceof ElggUser) && ($user->canEdit())) { + if ($user->ban('banned')) { + system_message(elgg_echo('admin:user:ban:yes')); + } else { + register_error(elgg_echo('admin:user:ban:no')); } - - forward('pg/admin/user/'); - exit; -?>
\ No newline at end of file +} else { + register_error(elgg_echo('admin:user:ban:no')); +} + +forward(REFERER);
\ No newline at end of file diff --git a/actions/admin/user/delete.php b/actions/admin/user/delete.php index 0ee87a98d..7cfbd0925 100644 --- a/actions/admin/user/delete.php +++ b/actions/admin/user/delete.php @@ -1,35 +1,40 @@ <?php - /** - * Elgg delete user - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ +/** + * Delete a user. + * + * The user will be deleted recursively, meaning all entities + * owned or contained by the user will also be removed. + * + * @package Elgg.Core + * @subpackage Administration.User + */ - require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php"); +// Get the user +$guid = get_input('guid'); +$user = get_entity($guid); - // block non-admin users - admin_gatekeeper(); - action_gatekeeper(); - - // Get the user - $guid = get_input('guid'); - $obj = get_entity($guid); - - if ( ($obj instanceof ElggUser) && ($obj->canEdit())) - { - if ($obj->delete()) - system_message(elgg_echo('admin:user:delete:yes')); - else - register_error(elgg_echo('admin:user:delete:no')); - } - else +if ($guid == elgg_get_logged_in_user_guid()) { + register_error(elgg_echo('admin:user:self:delete:no')); + forward(REFERER); +} + +$name = $user->name; +$username = $user->username; + +if (($user instanceof ElggUser) && ($user->canEdit())) { + if ($user->delete()) { + system_message(elgg_echo('admin:user:delete:yes', array($name))); + } else { register_error(elgg_echo('admin:user:delete:no')); - - forward($_SERVER['HTTP_REFERER']); - exit; -?>
\ No newline at end of file + } +} else { + register_error(elgg_echo('admin:user:delete:no')); +} + +// forward to user administration if on a user's page as it no longer exists +$forward = REFERER; +if (strpos($_SERVER['HTTP_REFERER'], $username) != FALSE) { + $forward = "admin/users/newest"; +} + +forward($forward); diff --git a/actions/admin/user/makeadmin.php b/actions/admin/user/makeadmin.php index 440dd616a..54b0b7070 100644 --- a/actions/admin/user/makeadmin.php +++ b/actions/admin/user/makeadmin.php @@ -1,37 +1,27 @@ <?php - /** - * Make another user an admin. - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ +/** + * Grants admin privileges to a user. + * + * In >=1.7.1, admin is flagged by setting the admin + * column in the users_entity table. + * + * In <1.7.1, admin is a piece of metadata on the user object. + * + * @package Elgg.Core + * @subpackage Administration.User + */ - require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php"); - global $CONFIG; - - // block non-admin users - admin_gatekeeper(); - action_gatekeeper(); - - // Get the user - $guid = get_input('guid'); - $obj = get_entity($guid); - - if ( ($obj instanceof ElggUser) && ($obj->canEdit())) - { - $obj->admin = 'yes'; - if ($obj->admin) - system_message(elgg_echo('admin:user:makeadmin:yes')); - else - register_error(elgg_echo('admin:user:makeadmin:no')); - } - else +$guid = get_input('guid'); +$user = get_entity($guid); + +if (($user instanceof ElggUser) && ($user->canEdit())) { + if ($user->makeAdmin()) { + system_message(elgg_echo('admin:user:makeadmin:yes')); + } else { register_error(elgg_echo('admin:user:makeadmin:no')); - - forward($_SERVER['HTTP_REFERER']); + } +} else { + register_error(elgg_echo('admin:user:makeadmin:no')); +} -?>
\ No newline at end of file +forward(REFERER); diff --git a/actions/admin/user/removeadmin.php b/actions/admin/user/removeadmin.php index 7cd06bc05..8cebc7078 100644 --- a/actions/admin/user/removeadmin.php +++ b/actions/admin/user/removeadmin.php @@ -1,37 +1,27 @@ <?php - /** - * Make another user an admin. - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ +/** + * Revokes admin privileges from a user. + * + * @package Elgg.Core + * @subpackage Administration.User + */ - require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php"); - global $CONFIG; - - // block non-admin users - admin_gatekeeper(); - action_gatekeeper(); - - // Get the user - $guid = get_input('guid'); - $obj = get_entity($guid); - - if ( ($obj instanceof ElggUser) && ($obj->canEdit())) - { - $obj->admin = ''; - if (!$obj->admin) - system_message(elgg_echo('admin:user:removeadmin:yes')); - else - register_error(elgg_echo('admin:user:removeadmin:no')); - } - else +$guid = get_input('guid'); +$user = get_entity($guid); + +if ($guid == elgg_get_logged_in_user_guid()) { + register_error(elgg_echo('admin:user:self:removeadmin:no')); + forward(REFERER); +} + +if (($user instanceof ElggUser) && ($user->canEdit())) { + if ($user->removeAdmin()) { + system_message(elgg_echo('admin:user:removeadmin:yes')); + } else { register_error(elgg_echo('admin:user:removeadmin:no')); - - forward($_SERVER['HTTP_REFERER']); + } +} else { + register_error(elgg_echo('admin:user:removeadmin:no')); +} -?>
\ No newline at end of file +forward(REFERER); diff --git a/actions/admin/user/resetpassword.php b/actions/admin/user/resetpassword.php index 18574d143..d019a7f55 100644 --- a/actions/admin/user/resetpassword.php +++ b/actions/admin/user/resetpassword.php @@ -1,44 +1,43 @@ <?php - /** - * Admin password reset. - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ +/** + * Reset a user's password. + * + * This is an admin action that generates a new salt and password + * for a user, then emails the password to the user's registered + * email address. + * + * NOTE: This is different to the "reset password" link users + * can use in that it does not first email the user asking if + * they want to have their password reset. + * + * @package Elgg.Core + * @subpackage Administration.User + */ - require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php"); - global $CONFIG; - - // block non-admin users - admin_gatekeeper(); - action_gatekeeper(); - - // Get the user - $guid = get_input('guid'); - $obj = get_entity($guid); - - if ( ($obj instanceof ElggUser) && ($obj->canEdit())) - { - $password = generate_random_cleartext_password(); - - $obj->salt = generate_random_cleartext_password(); // Reset the salt - $obj->password = generate_user_password($obj, $password); - - if ($obj->save()) - { - system_message(elgg_echo('admin:user:resetpassword:yes')); - - notify_user($obj->guid, $CONFIG->site->guid, elgg_echo('email:resetpassword:subject'), sprintf(elgg_echo('email:resetpassword:body'), $obj->username, $password), NULL, 'email'); - } else - register_error(elgg_echo('admin:user:resetpassword:no')); - } - else +$guid = get_input('guid'); +$user = get_entity($guid); + +if (($user instanceof ElggUser) && ($user->canEdit())) { + $password = generate_random_cleartext_password(); + + // Always reset the salt before generating the user password. + $user->salt = generate_random_cleartext_password(); + $user->password = generate_user_password($user, $password); + + if ($user->save()) { + system_message(elgg_echo('admin:user:resetpassword:yes')); + + notify_user($user->guid, + elgg_get_site_entity()->guid, + elgg_echo('email:resetpassword:subject'), + elgg_echo('email:resetpassword:body', array($user->username, $password)), + NULL, + 'email'); + } else { register_error(elgg_echo('admin:user:resetpassword:no')); - - forward($_SERVER['HTTP_REFERER']); - exit; -?>
\ No newline at end of file + } +} else { + register_error(elgg_echo('admin:user:resetpassword:no')); +} + +forward(REFERER);
\ No newline at end of file diff --git a/actions/admin/user/unban.php b/actions/admin/user/unban.php index 06f71d47c..7a772a0d3 100644 --- a/actions/admin/user/unban.php +++ b/actions/admin/user/unban.php @@ -1,41 +1,27 @@ <?php - /** - * Elgg ban user - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ +/** + * Unbans a user. + * + * @package Elgg.Core + * @subpackage Administration.User + */ - require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php"); - - // block non-admin users - admin_gatekeeper(); - action_gatekeeper(); - - $access_status = access_get_show_hidden_status(); - access_show_hidden_entities(true); - - // Get the user - $guid = get_input('guid'); - $obj = get_entity($guid); - - if ( ($obj instanceof ElggUser) && ($obj->canEdit())) - { - // Now actually disable it - if ($obj->unban()) - system_message(elgg_echo('admin:user:unban:yes')); - else - register_error(elgg_echo('admin:user:unban:no')); - } - else +$access_status = access_get_show_hidden_status(); +access_show_hidden_entities(true); + +$guid = get_input('guid'); +$user = get_entity($guid); + +if (($user instanceof ElggUser) && ($user->canEdit())) { + if ($user->unban()) { + system_message(elgg_echo('admin:user:unban:yes')); + } else { register_error(elgg_echo('admin:user:unban:no')); - - access_show_hidden_entities($access_status); - - forward($_SERVER['HTTP_REFERER']); - exit; -?>
\ No newline at end of file + } +} else { + register_error(elgg_echo('admin:user:unban:no')); +} + +access_show_hidden_entities($access_status); + +forward(REFERER); diff --git a/actions/avatar/crop.php b/actions/avatar/crop.php new file mode 100644 index 000000000..b9a80f331 --- /dev/null +++ b/actions/avatar/crop.php @@ -0,0 +1,72 @@ +<?php +/** + * Avatar crop action + * + */ + +$guid = get_input('guid'); +$owner = get_entity($guid); + +if (!$owner || !($owner instanceof ElggUser) || !$owner->canEdit()) { + register_error(elgg_echo('avatar:crop:fail')); + forward(REFERER); +} + +$x1 = (int) get_input('x1', 0); +$y1 = (int) get_input('y1', 0); +$x2 = (int) get_input('x2', 0); +$y2 = (int) get_input('y2', 0); + +$filehandler = new ElggFile(); +$filehandler->owner_guid = $owner->getGUID(); +$filehandler->setFilename("profile/" . $owner->guid . "master" . ".jpg"); +$filename = $filehandler->getFilenameOnFilestore(); + +// ensuring the avatar image exists in the first place +if (!file_exists($filename)) { + register_error(elgg_echo('avatar:crop:fail')); + forward(REFERER); +} + +$icon_sizes = elgg_get_config('icon_sizes'); +unset($icon_sizes['master']); + +// get the images and save their file handlers into an array +// so we can do clean up if one fails. +$files = array(); +foreach ($icon_sizes as $name => $size_info) { + $resized = get_resized_image_from_existing_file($filename, $size_info['w'], $size_info['h'], $size_info['square'], $x1, $y1, $x2, $y2, $size_info['upscale']); + + if ($resized) { + //@todo Make these actual entities. See exts #348. + $file = new ElggFile(); + $file->owner_guid = $guid; + $file->setFilename("profile/{$guid}{$name}.jpg"); + $file->open('write'); + $file->write($resized); + $file->close(); + $files[] = $file; + } else { + // cleanup on fail + foreach ($files as $file) { + $file->delete(); + } + + register_error(elgg_echo('avatar:resize:fail')); + forward(REFERER); + } +} + +$owner->icontime = time(); + +$owner->x1 = $x1; +$owner->x2 = $x2; +$owner->y1 = $y1; +$owner->y2 = $y2; + +system_message(elgg_echo('avatar:crop:success')); +$view = 'river/user/default/profileiconupdate'; +elgg_delete_river(array('subject_guid' => $owner->guid, 'view' => $view)); +add_to_river($view, 'update', $owner->guid, $owner->guid); + +forward(REFERER); diff --git a/actions/avatar/remove.php b/actions/avatar/remove.php new file mode 100644 index 000000000..9cb40a760 --- /dev/null +++ b/actions/avatar/remove.php @@ -0,0 +1,36 @@ +<?php +/** + * Avatar remove action + */ + +$user_guid = get_input('guid'); +$user = get_user($user_guid); + +if (!$user || !$user->canEdit()) { + register_error(elgg_echo('avatar:remove:fail')); + forward(REFERER); +} + +// Delete all icons from diskspace +$icon_sizes = elgg_get_config('icon_sizes'); +foreach ($icon_sizes as $name => $size_info) { + $file = new ElggFile(); + $file->owner_guid = $user_guid; + $file->setFilename("profile/{$user_guid}{$name}.jpg"); + $filepath = $file->getFilenameOnFilestore(); + if (!$file->delete()) { + elgg_log("Avatar file remove failed. Remove $filepath manually, please.", 'WARNING'); + } +} + +// Remove crop coords +unset($user->x1); +unset($user->x2); +unset($user->y1); +unset($user->y2); + +// Remove icon +unset($user->icontime); + +system_message(elgg_echo('avatar:remove:success')); +forward(REFERER); diff --git a/actions/avatar/upload.php b/actions/avatar/upload.php new file mode 100644 index 000000000..0752615e0 --- /dev/null +++ b/actions/avatar/upload.php @@ -0,0 +1,62 @@ +<?php +/** + * Avatar upload action + */ + +$guid = get_input('guid'); +$owner = get_entity($guid); + +if (!$owner || !($owner instanceof ElggUser) || !$owner->canEdit()) { + register_error(elgg_echo('avatar:upload:fail')); + forward(REFERER); +} + +if ($_FILES['avatar']['error'] != 0) { + register_error(elgg_echo('avatar:upload:fail')); + forward(REFERER); +} + +$icon_sizes = elgg_get_config('icon_sizes'); + +// get the images and save their file handlers into an array +// so we can do clean up if one fails. +$files = array(); +foreach ($icon_sizes as $name => $size_info) { + $resized = get_resized_image_from_uploaded_file('avatar', $size_info['w'], $size_info['h'], $size_info['square'], $size_info['upscale']); + + if ($resized) { + //@todo Make these actual entities. See exts #348. + $file = new ElggFile(); + $file->owner_guid = $guid; + $file->setFilename("profile/{$guid}{$name}.jpg"); + $file->open('write'); + $file->write($resized); + $file->close(); + $files[] = $file; + } else { + // cleanup on fail + foreach ($files as $file) { + $file->delete(); + } + + register_error(elgg_echo('avatar:resize:fail')); + forward(REFERER); + } +} + +// reset crop coordinates +$owner->x1 = 0; +$owner->x2 = 0; +$owner->y1 = 0; +$owner->y2 = 0; + +$owner->icontime = time(); +if (elgg_trigger_event('profileiconupdate', $owner->type, $owner)) { + system_message(elgg_echo("avatar:upload:success")); + + $view = 'river/user/default/profileiconupdate'; + elgg_delete_river(array('subject_guid' => $owner->guid, 'view' => $view)); + add_to_river($view, 'update', $owner->guid, $owner->guid); +} + +forward(REFERER); diff --git a/actions/comments/add.php b/actions/comments/add.php index ea3b0326e..5bd741413 100644 --- a/actions/comments/add.php +++ b/actions/comments/add.php @@ -1,58 +1,62 @@ -<?php
-
- /**
- * Elgg add comment action
- *
- * @package Elgg
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider <curverider.co.uk>
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
-
- // Make sure we're logged in; forward to the front page if not
- gatekeeper();
- action_gatekeeper();
-
- // Get input
- $entity_guid = (int) get_input('entity_guid');
- $comment_text = get_input('generic_comment');
-
- // Let's see if we can get an entity with the specified GUID
- if ($entity = get_entity($entity_guid)) {
-
- // If posting the comment was successful, say so
- if ($entity->annotate('generic_comment',$comment_text,$entity->access_id, $_SESSION['guid'])) {
-
- if ($entity->owner_guid != $_SESSION['user']->getGUID())
- notify_user($entity->owner_guid, $_SESSION['user']->getGUID(), elgg_echo('generic_comment:email:subject'),
- sprintf(
- elgg_echo('generic_comment:email:body'),
- $entity->title,
- $_SESSION['user']->name,
- $comment_text,
- $entity->getURL(),
- $_SESSION['user']->name,
- $_SESSION['user']->getURL()
- )
- );
-
- system_message(elgg_echo("generic_comment:posted"));
- //add to river
- add_to_river('annotation/annotate','comment',$_SESSION['user']->guid,$entity->guid);
-
-
- } else {
- register_error(elgg_echo("generic_comment:failure"));
- }
-
- } else {
-
- register_error(elgg_echo("generic_comment:notfound"));
-
- }
-
- // Forward to the
- forward($entity->getURL());
-
-?>
\ No newline at end of file +<?php +/** + * Elgg add comment action + * + * @package Elgg.Core + * @subpackage Comments + */ + +$entity_guid = (int) get_input('entity_guid'); +$comment_text = get_input('generic_comment'); + +if (empty($comment_text)) { + register_error(elgg_echo("generic_comment:blank")); + forward(REFERER); +} + +// Let's see if we can get an entity with the specified GUID +$entity = get_entity($entity_guid); +if (!$entity) { + register_error(elgg_echo("generic_comment:notfound")); + forward(REFERER); +} + +$user = elgg_get_logged_in_user_entity(); + +$annotation = create_annotation($entity->guid, + 'generic_comment', + $comment_text, + "", + $user->guid, + $entity->access_id); + +// tell user annotation posted +if (!$annotation) { + register_error(elgg_echo("generic_comment:failure")); + forward(REFERER); +} + +// notify if poster wasn't owner +if ($entity->owner_guid != $user->guid) { + + notify_user($entity->owner_guid, + $user->guid, + elgg_echo('generic_comment:email:subject'), + elgg_echo('generic_comment:email:body', array( + $entity->title, + $user->name, + $comment_text, + $entity->getURL(), + $user->name, + $user->getURL() + )) + ); +} + +system_message(elgg_echo("generic_comment:posted")); + +//add to river +add_to_river('river/annotation/generic_comment/create', 'comment', $user->guid, $entity->guid, "", 0, $annotation); + +// Forward to the page the action occurred on +forward(REFERER); diff --git a/actions/comments/delete.php b/actions/comments/delete.php index 76c29449a..c6b481da4 100644 --- a/actions/comments/delete.php +++ b/actions/comments/delete.php @@ -1,35 +1,18 @@ -<?php
-
- /**
- * Elgg delete comment action
- *
- * @package Elgg
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider <curverider.co.uk>
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
-
- // Ensure we're logged in
- if (!isloggedin()) forward();
-
- // Make sure we can get the comment in question
- $annotation_id = (int) get_input('annotation_id');
- if ($comment = get_annotation($annotation_id)) {
-
- $entity = get_entity($comment->entity_guid);
-
- if ($comment->canEdit()) {
- $comment->delete();
- system_message(elgg_echo("generic_comment:deleted"));
- forward($entity->getURL());
- }
-
- } else {
- $url = "";
- }
-
- register_error(elgg_echo("generic_comment:notdeleted"));
- forward($entity->getURL());
-
-?>
\ No newline at end of file +<?php +/** + * Elgg delete comment action + * + * @package Elgg + */ + +// Make sure we can get the comment in question +$annotation_id = (int) get_input('annotation_id'); +$comment = elgg_get_annotation_from_id($annotation_id); +if ($comment && $comment->canEdit()) { + $comment->delete(); + system_message(elgg_echo("generic_comment:deleted")); +} else { + register_error(elgg_echo("generic_comment:notdeleted")); +} + +forward(REFERER);
\ No newline at end of file diff --git a/actions/email/save.php b/actions/email/save.php deleted file mode 100644 index 9e3434cf0..000000000 --- a/actions/email/save.php +++ /dev/null @@ -1,55 +0,0 @@ -<?php - /** - * Action for saving a new email address for a user and triggering a confirmation. - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ - - require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); - global $CONFIG; - - gatekeeper(); - - $email = get_input('email'); - $user_id = get_input('guid'); - $user = ""; - - if (!$user_id) - $user = $_SESSION['user']; - else - $user = get_entity($user_id); - - if ($user) - { - if (strcmp($email,$user->email)!=0) - { - - if (!get_user_by_email($email)) - { -
- if ($user->email != $email) { - $user->email = $email; - if ($user->save()) - { - request_user_validation($user->getGUID()); - system_message(elgg_echo('email:save:success')); - } - else - register_error(elgg_echo('email:save:fail'));
- } - } - else - register_error(elgg_echo('registration:dupeemail')); - } - } - else - register_error(elgg_echo('email:save:fail')); - - //forward($_SERVER['HTTP_REFERER']); - //exit; -?>
\ No newline at end of file diff --git a/actions/entities/delete.php b/actions/entities/delete.php index 9eb465363..251e1f01c 100644 --- a/actions/entities/delete.php +++ b/actions/entities/delete.php @@ -1,32 +1,22 @@ <?php - /** - * Default entity delete action - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ +/** + * Default entity delete action + * + * @package Elgg + * @subpackage Core + */ - require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); - - gatekeeper(); - - $guid = get_input('guid'); - - $entity = get_entity($guid); - - if (($entity) && ($entity->canEdit())) - { - if ($entity->delete()) - system_message(sprintf(elgg_echo('entity:delete:success'), $guid)); - else - register_error(sprintf(elgg_echo('entity:delete:fail'), $guid)); +$guid = get_input('guid'); +$entity = get_entity($guid); + +if (($entity) && ($entity->canEdit())) { + if ($entity->delete()) { + system_message(elgg_echo('entity:delete:success', array($guid))); + } else { + register_error(elgg_echo('entity:delete:fail', array($guid))); } - else - register_error(sprintf(elgg_echo('entity:delete:fail'), $guid)); - - forward($_SERVER['HTTP_REFERER']); -?>
\ No newline at end of file +} else { + register_error(elgg_echo('entity:delete:fail', array($guid))); +} + +forward(REFERER); diff --git a/actions/friends/add.php b/actions/friends/add.php index 9dd8397bc..d1800ee14 100644 --- a/actions/friends/add.php +++ b/actions/friends/add.php @@ -1,39 +1,35 @@ -<?php
-
- /**
- * Elgg add friend action
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
-
- // Ensure we are logged in
- gatekeeper();
-
- // Get the GUID of the user to friend
- $friend_guid = get_input('friend');
- $friend = get_entity($friend_guid);
-
- $errors = false;
-
- // Get the user
- try {
- if (!$_SESSION['user']->addFriend($friend_guid)) $errors = true;
- } catch (Exception $e) {
- register_error(sprintf(elgg_echo("friends:add:failure"),$friend->name));
- $errors = true;
- }
- if (!$errors){
- // add to river
- add_to_river('friends/river/create','friend',$_SESSION['user']->guid,$friend_guid);
- system_message(sprintf(elgg_echo("friends:add:successful"),$friend->name));
- }
-
- // Forward to the user friends page
- forward("pg/friends/" . $_SESSION['user']->username . "/");
-
-?>
\ No newline at end of file +<?php +/** + * Elgg add friend action + * + * @package Elgg.Core + * @subpackage Friends.Management + */ + +// Get the GUID of the user to friend +$friend_guid = get_input('friend'); +$friend = get_entity($friend_guid); +if (!$friend) { + register_error(elgg_echo('error:missing_data')); + forward(REFERER); +} + +$errors = false; + +// Get the user +try { + if (!elgg_get_logged_in_user_entity()->addFriend($friend_guid)) { + $errors = true; + } +} catch (Exception $e) { + register_error(elgg_echo("friends:add:failure", array($friend->name))); + $errors = true; +} +if (!$errors) { + // add to river + add_to_river('river/relationship/friend/create', 'friend', elgg_get_logged_in_user_guid(), $friend_guid); + system_message(elgg_echo("friends:add:successful", array($friend->name))); +} + +// Forward back to the page you friended the user on +forward(REFERER); diff --git a/actions/friends/addcollection.php b/actions/friends/addcollection.php deleted file mode 100644 index 27dfc1547..000000000 --- a/actions/friends/addcollection.php +++ /dev/null @@ -1,50 +0,0 @@ -<?php
-
- /**
- * Elgg collection add page
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
-
- //must be logged in
- gatekeeper(); - action_gatekeeper();
-
- $collection_name = get_input('collection_name');
- $friends = get_input('friends_collection');
-
- //first check to make sure that a collection name has been set and create the new colection
- if($collection_name){
-
- //create the collection
- $create_collection = create_access_collection($collection_name, $_SESSION['user']->getGUID());
-
- //if the collection was created and the user passed some friends from the form, add them
- if($create_collection && (!empty($friends))){
-
- //add friends to the collection
- foreach($friends as $friend){
- add_user_to_access_collection($friend, $create_collection);
- }
-
- }
-
- // Success message
- system_message(elgg_echo("friends:collectionadded"));
- // Forward to the collections page
- forward("pg/collections/" . $_SESSION['user']->username);
-
- } else {
-
- register_error(elgg_echo("friends:nocollectionname"));
- // Forward to the add collection page
- forward("pg/collections/add");
-
- }
-
-?>
\ No newline at end of file diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php new file mode 100644 index 000000000..e63a149f7 --- /dev/null +++ b/actions/friends/collections/add.php @@ -0,0 +1,31 @@ +<?php +/** + * Elgg collection add page + * + * @package Elgg.Core + * @subpackage Friends.Collections + */ + +$collection_name = htmlspecialchars(get_input('collection_name', '', false), ENT_QUOTES, 'UTF-8'); +$friends = get_input('friends_collection'); + +if (!$collection_name) { + register_error(elgg_echo("friends:nocollectionname")); + forward(REFERER); +} + +$id = create_access_collection($collection_name); + +if ($id) { + $result = update_access_collection($id, $friends); + if ($result) { + system_message(elgg_echo("friends:collectionadded")); + forward("collections/" . elgg_get_logged_in_user_entity()->username); + } else { + register_error(elgg_echo("friends:nocollectionname")); + forward(REFERER); + } +} else { + register_error(elgg_echo("friends:nocollectionname")); + forward(REFERER); +}
\ No newline at end of file diff --git a/actions/friends/collections/delete.php b/actions/friends/collections/delete.php new file mode 100644 index 000000000..ff8f1fb55 --- /dev/null +++ b/actions/friends/collections/delete.php @@ -0,0 +1,23 @@ +<?php +/** + * Elgg friends: delete collection action + * + * @package Elgg.Core + * @subpackage Friends.Collections + */ + +$collection_id = (int) get_input('collection'); + +// check the ACL exists and we can edit +if (!can_edit_access_collection($collection_id)) { + register_error(elgg_echo("friends:collectiondeletefailed")); + forward(REFERER); +} + +if (delete_access_collection($collection_id)) { + system_message(elgg_echo("friends:collectiondeleted")); +} else { + register_error(elgg_echo("friends:collectiondeletefailed")); +} + +forward(REFERER); diff --git a/actions/friends/collections/edit.php b/actions/friends/collections/edit.php new file mode 100644 index 000000000..9eb5e1eab --- /dev/null +++ b/actions/friends/collections/edit.php @@ -0,0 +1,23 @@ +<?php +/** + * Friends collection edit action + * + * @package Elgg.Core + * @subpackage Friends.Collections + */ + +$collection_id = get_input('collection_id'); +$friends = get_input('friend'); + +// check it exists and we can edit +if (!can_edit_access_collection($collection_id)) { + system_message(elgg_echo('friends:collection:edit_failed')); +} + +if (update_access_collection($collection_id, $friends)) { + system_message(elgg_echo('friends:collections:edited')); +} else { + system_message(elgg_echo('friends:collection:edit_failed')); +} + +forward(REFERER);
\ No newline at end of file diff --git a/actions/friends/deletecollection.php b/actions/friends/deletecollection.php deleted file mode 100644 index 99bfdc832..000000000 --- a/actions/friends/deletecollection.php +++ /dev/null @@ -1,52 +0,0 @@ -<?php
-
- /**
- * Elgg friends: delete collection action
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
-
- // Make sure we're logged in (send us to the front page if not)
- gatekeeper();
-
- // Get input data
- $collection_id = (int) get_input('collection');
-
- // Check to see that the access collection exist and grab its owner
- $get_collection = get_access_collection($collection_id);
-
- if($get_collection){
-
- if($get_collection->owner_guid == $_SESSION['user']->getGUID()){
-
- $delete_collection = delete_access_collection($collection_id);
-
- // Success message
- if ($delete_collection) - system_message(elgg_echo("friends:collectiondeleted")); - else - register_error(elgg_echo("friends:collectiondeletefailed"));
-
- } else {
-
- // Failure message
- register_error(elgg_echo("friends:collectiondeletefailed"));
-
- }
-
- } else {
-
- // Failure message
- register_error(elgg_echo("friends:collectiondeletefailed"));
-
- }
-
- // Forward to the collections page
- forward("pg/collections/" . $_SESSION['user']->username);
-
-?>
\ No newline at end of file diff --git a/actions/friends/editcollection.php b/actions/friends/editcollection.php deleted file mode 100644 index 5b828e190..000000000 --- a/actions/friends/editcollection.php +++ /dev/null @@ -1,20 +0,0 @@ -<?php
-
- /**
- * Elgg collection add page
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
-
- $collection_id = get_input('collection_id');
- $friends = get_input('friend');
-
- //chech the collection exists and the current user owners it
- update_access_collection($collection_id, $friends);
-
-?>
\ No newline at end of file diff --git a/actions/friends/remove.php b/actions/friends/remove.php index debb0f7c2..d69d18f31 100644 --- a/actions/friends/remove.php +++ b/actions/friends/remove.php @@ -1,41 +1,32 @@ -<?php
-
- /**
- * Elgg remove friend action
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
-
- // Ensure we are logged in
- gatekeeper();
-
- // Get the GUID of the user to friend
- $friend_guid = get_input('friend');
- $friend = get_entity($friend_guid);
- $errors = false;
-
- // Get the user
- try{ - if ($friend instanceof ElggUser)
- $_SESSION['user']->removeFriend($friend_guid); - else - { - register_error(sprintf(elgg_echo("friends:remove:failure"),$friend->name)); - $errors = true; - }
- } catch (Exception $e) {
- register_error(sprintf(elgg_echo("friends:remove:failure"),$friend->name));
- $errors = true;
- }
- if (!$errors)
- system_message(sprintf(elgg_echo("friends:remove:successful"),$friend->name));
-
- // Forward to the user friends page
- forward("pg/friends/" . $_SESSION['user']->username . "/");
-
-?>
\ No newline at end of file +<?php +/** + * Elgg remove friend action + * + * @package Elgg.Core + * @subpackage Friends.Management + */ + +// Get the GUID of the user to friend +$friend_guid = get_input('friend'); +$friend = get_entity($friend_guid); +$errors = false; + +// Get the user +try{ + if ($friend instanceof ElggUser) { + elgg_get_logged_in_user_entity()->removeFriend($friend_guid); + } else { + register_error(elgg_echo("friends:remove:failure", array($friend->name))); + $errors = true; + } +} catch (Exception $e) { + register_error(elgg_echo("friends:remove:failure", array($friend->name))); + $errors = true; +} + +if (!$errors) { + system_message(elgg_echo("friends:remove:successful", array($friend->name))); +} + +// Forward back to the page you made the friend on +forward(REFERER); diff --git a/actions/import/opendd.php b/actions/import/opendd.php index dcf11f55f..e63607145 100644 --- a/actions/import/opendd.php +++ b/actions/import/opendd.php @@ -1,32 +1,22 @@ <?php - /** - * Elgg OpenDD import action. - * - * This action accepts data to import (in OpenDD format) and performs and import. It accepts - * data as $data. - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ +/** + * Elgg OpenDD import action. + * + * This action accepts data to import (in OpenDD format) and performs and import. It accepts + * data as $data. + * + * @package Elgg + * @subpackage Core + */ - // Safety - admin_gatekeeper(); - action_gatekeeper(); - - // Get input - $data = get_input('data', '', false); - - // Import - $return = import($data); - - if ($return) - system_message(elgg_echo('importsuccess')); - else - register_error(elgg_echo('importfail')); - - forward($_SERVER['HTTP_REFERER']); -?>
\ No newline at end of file +$data = get_input('data', '', false); + +$return = import($data); + +if ($return) { + system_message(elgg_echo('importsuccess')); +} else { + register_error(elgg_echo('importfail')); +} + +forward(REFERER); diff --git a/actions/login.php b/actions/login.php index d937dc2f7..bd7f91299 100644 --- a/actions/login.php +++ b/actions/login.php @@ -1,80 +1,69 @@ -<?php
-
- /**
- * Elgg login action
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
- - // Safety first - action_gatekeeper(); -
- // Get username and password
-
- $username = get_input('username');
- $password = get_input("password");
- $persistent = get_input("persistent", false);
-
- // If all is present and correct, try to log in
- $result = false;
- if (!empty($username) && !empty($password)) {
- if ($user = authenticate($username,$password)) {
- $result = login($user, $persistent);
- }
- }
-
- // Set the system_message as appropriate
-
- if ($result) {
- system_message(elgg_echo('loginok'));
- if ($_SESSION['last_forward_from']) - { - $forward_url = $_SESSION['last_forward_from']; - $_SESSION['last_forward_from'] = ""; - forward($forward_url); - } - else - { - if ( - (isadminloggedin()) && - (!datalist_get('first_admin_login')) - ) - { - system_message(elgg_echo('firstadminlogininstructions')); - - datalist_set('first_admin_login', time()); - - forward('pg/admin/plugins'); - } else - forward("pg/dashboard/"); - }
- } else {
- $error_msg = elgg_echo('loginerror');
- // figure out why the login failed
- if (!empty($username) && !empty($password)) {
- // See if it exists and is disabled
- $access_status = access_get_show_hidden_status();
- access_show_hidden_entities(true);
- if (($user = get_user_by_username($username)) && !$user->validated) {
- // give plugins a chance to respond
- if (!trigger_plugin_hook('unvalidated_login_attempt','user',array('entity'=>$user))) {
- // if plugins have not registered an action, the default action is to
- // trigger the validation event again and assume that the validation
- // event will display an appropriate message
- trigger_elgg_event('validate', 'user', $user);
- }
- } else {
- register_error(elgg_echo('loginerror'));
- }
- access_show_hidden_entities($access_status);
- } else {
- register_error(elgg_echo('loginerror'));
- }
- }
-
-?>
\ No newline at end of file +<?php +/** + * Elgg login action + * + * @package Elgg.Core + * @subpackage User.Authentication + */ + +// set forward url +if (!empty($_SESSION['last_forward_from'])) { + $forward_url = $_SESSION['last_forward_from']; +} elseif (get_input('returntoreferer')) { + $forward_url = REFERER; +} else { + // forward to main index page + $forward_url = ''; +} + +$username = get_input('username'); +$password = get_input('password', null, false); +$persistent = (bool) get_input("persistent"); +$result = false; + +if (empty($username) || empty($password)) { + register_error(elgg_echo('login:empty')); + forward(); +} + +// check if logging in with email address +if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) { + $username = $users[0]->username; +} + +$result = elgg_authenticate($username, $password); +if ($result !== true) { + register_error($result); + forward(REFERER); +} + +$user = get_user_by_username($username); +if (!$user) { + register_error(elgg_echo('login:baduser')); + forward(REFERER); +} + +try { + login($user, $persistent); + // re-register at least the core language file for users with language other than site default + register_translations(dirname(dirname(__FILE__)) . "/languages/"); +} catch (LoginException $e) { + register_error($e->getMessage()); + forward(REFERER); +} + +// elgg_echo() caches the language and does not provide a way to change the language. +// @todo we need to use the config object to store this so that the current language +// can be changed. Refs #4171 +if ($user->language) { + $message = elgg_echo('loginok', array(), $user->language); +} else { + $message = elgg_echo('loginok'); +} + +if (isset($_SESSION['last_forward_from'])) { + unset($_SESSION['last_forward_from']); +} + +system_message($message); +forward($forward_url); diff --git a/actions/logout.php b/actions/logout.php index 4e6bb393e..c48a26b15 100644 --- a/actions/logout.php +++ b/actions/logout.php @@ -1,25 +1,18 @@ -<?php
-
- /**
- * Elgg logout action
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
-
- // Log out
- $result = logout();
-
- // Set the system_message as appropriate
-
- if ($result) {
- system_message(elgg_echo('logoutok'));
- } else {
- register_error(elgg_echo('logouterror'));
- }
-
-?>
\ No newline at end of file +<?php +/** + * Elgg logout action + * + * @package Elgg + * @subpackage Core + */ + +// Log out +$result = logout(); + +// Set the system_message as appropriate +if ($result) { + system_message(elgg_echo('logoutok')); + forward(); +} else { + register_error(elgg_echo('logouterror')); +}
\ No newline at end of file diff --git a/actions/notifications/settings/usersettings/save.php b/actions/notifications/settings/usersettings/save.php index a6a21c8a0..455a444e1 100644 --- a/actions/notifications/settings/usersettings/save.php +++ b/actions/notifications/settings/usersettings/save.php @@ -1,37 +1,29 @@ <?php - /** - * Elgg notifications user preference save acion. - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ +/** + * Elgg notifications user preference save acion. + * + * @package Elgg + * @subpackage Core + */ - // Method - $method = get_input('method'); - gatekeeper(); - - $result = false; - foreach ($method as $k => $v) - { - $result = set_user_notification_setting($_SESSION['user']->guid, $k, ($v == 'yes') ? true : false); - - if (!$result) - { - register_error(elgg_echo('notifications:usersettings:save:fail')); - //forward($_SERVER['HTTP_REFERER']); - - //exit; - } +$method = get_input('method'); + +$current_settings = get_user_notification_settings(); + +$result = false; +foreach ($method as $k => $v) { + // check if setting has changed and skip if not + if ($current_settings->$k == ($v == 'yes')) { + continue; } - - if ($result) - system_message(elgg_echo('notifications:usersettings:save:ok')); - else + + $result = set_user_notification_setting(elgg_get_logged_in_user_guid(), $k, ($v == 'yes') ? true : false); + + if (!$result) { register_error(elgg_echo('notifications:usersettings:save:fail')); - - //forward($_SERVER['HTTP_REFERER']); -?>
\ No newline at end of file + } +} + +if ($result) { + system_message(elgg_echo('notifications:usersettings:save:ok')); +} diff --git a/actions/plugins/settings/save.php b/actions/plugins/settings/save.php index 574b98ef2..581a2f9ec 100644 --- a/actions/plugins/settings/save.php +++ b/actions/plugins/settings/save.php @@ -1,42 +1,43 @@ <?php - /** - * Elgg plugin settings save action. - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ +/** + * Saves global plugin settings. + * + * This action can be overriden for a specific plugin by creating the + * <plugin_id>/settings/save action in that plugin. + * + * @uses array $_REQUEST['params'] A set of key/value pairs to save to the ElggPlugin entity + * @uses int $_REQUEST['plugin_id'] The ID of the plugin + * + * @package Elgg.Core + * @subpackage Plugins.Settings + */ - $params = get_input('params'); - $plugin = get_input('plugin'); +$params = get_input('params'); +$plugin_id = get_input('plugin_id'); +$plugin = elgg_get_plugin_from_id($plugin_id); - gatekeeper(); - action_gatekeeper(); - - $result = false; - - foreach ($params as $k => $v) - { - // Save - $result = set_plugin_setting($k, $v, $plugin); - - // Error? - if (!$result) - { - register_error(sprintf(elgg_echo('plugins:settings:save:fail'), $plugin)); - - forward($_SERVER['HTTP_REFERER']); - +if (!($plugin instanceof ElggPlugin)) { + register_error(elgg_echo('plugins:settings:save:fail', array($plugin_id))); + forward(REFERER); +} + +$plugin_name = $plugin->getManifest()->getName(); + +$result = false; + +// allow a plugin to override the save action for their settings +if (elgg_action_exists("$plugin_id/settings/save")) { + action("$plugin_id/settings/save"); +} else { + foreach ($params as $k => $v) { + $result = $plugin->setSetting($k, $v); + if (!$result) { + register_error(elgg_echo('plugins:settings:save:fail', array($plugin_name))); + forward(REFERER); exit; } } +} - // An event to tell any interested plugins of the change is settings - //trigger_elgg_event('plugin_settings_save', $plugin, find_plugin_settings($plugin)); // replaced by plugin:setting event - - system_message(sprintf(elgg_echo('plugins:settings:save:ok'), $plugin)); - forward($_SERVER['HTTP_REFERER']); -?>
\ No newline at end of file +system_message(elgg_echo('plugins:settings:save:ok', array($plugin_name))); +forward(REFERER);
\ No newline at end of file diff --git a/actions/plugins/usersettings/save.php b/actions/plugins/usersettings/save.php index b34c80828..f6b8ab0b6 100644 --- a/actions/plugins/usersettings/save.php +++ b/actions/plugins/usersettings/save.php @@ -1,42 +1,58 @@ <?php - /** - * Elgg plugin user settings save action. - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ - - $params = get_input('params'); - $plugin = get_input('plugin'); - - gatekeeper(); - action_gatekeeper(); - - $result = false; - - foreach ($params as $k => $v) - { +/** + * Saves user-specific plugin settings. + * + * This action can be overriden for a specific plugin by creating the + * <plugin_id>/usersettings/save action in that plugin. + * + * @uses array $_REQUEST['params'] A set of key/value pairs to save to the ElggPlugin entity + * @uses int $_REQUEST['plugin_id'] The id of the plugin + * @uses int $_REQUEST['user_guid'] The GUID of the user to save settings for. + * + * @package Elgg.Core + * @subpackage Plugins.Settings + */ + +$params = get_input('params'); +$plugin_id = get_input('plugin_id'); +$user_guid = get_input('user_guid', elgg_get_logged_in_user_guid()); +$plugin = elgg_get_plugin_from_id($plugin_id); +$user = get_entity($user_guid); + +if (!($plugin instanceof ElggPlugin)) { + register_error(elgg_echo('plugins:usersettings:save:fail', array($plugin_id))); + forward(REFERER); +} + +if (!($user instanceof ElggUser)) { + register_error(elgg_echo('plugins:usersettings:save:fail', array($plugin_id))); + forward(REFERER); +} + +$plugin_name = $plugin->getManifest()->getName(); + +// make sure we're admin or the user +if (!$user->canEdit()) { + register_error(elgg_echo('plugins:usersettings:save:fail', array($plugin_name))); + forward(REFERER); +} + +$result = false; + +if (elgg_action_exists("$plugin_id/usersettings/save")) { + action("$plugin_id/usersettings/save"); +} else { + foreach ($params as $k => $v) { // Save - $result = set_plugin_usersetting($k, $v, $_SESSION['user']->guid, $plugin); - + $result = $plugin->setUserSetting($k, $v, $user->guid); + // Error? - if (!$result) - { - register_error(sprintf(elgg_echo('plugins:usersettings:save:fail'), $plugin)); - - forward($_SERVER['HTTP_REFERER']); - - exit; + if (!$result) { + register_error(elgg_echo('plugins:usersettings:save:fail', array($plugin_name))); + forward(REFERER); } } +} - // An event to tell any interested plugins of the change is settings - //trigger_elgg_event('plugin_usersettings_save', $plugin, find_plugin_settings($plugin)); // replaced by plugin:usersetting event - - system_message(sprintf(elgg_echo('plugins:usersettings:save:ok'), $plugin)); - forward($_SERVER['HTTP_REFERER']); -?>
\ No newline at end of file +system_message(elgg_echo('plugins:usersettings:save:ok', array($plugin_name))); +forward(REFERER); diff --git a/actions/profile/edit.php b/actions/profile/edit.php new file mode 100644 index 000000000..e1f066e82 --- /dev/null +++ b/actions/profile/edit.php @@ -0,0 +1,116 @@ +<?php +/** + * Elgg profile edit action + * + */ + +elgg_make_sticky_form('profile:edit'); + +$guid = get_input('guid'); +$owner = get_entity($guid); + +if (!$owner || !($owner instanceof ElggUser) || !$owner->canEdit()) { + register_error(elgg_echo('profile:edit:fail')); + forward(REFERER); +} + +// grab the defined profile field names and their load the values from POST. +// each field can have its own access, so sort that too. +$input = array(); +$accesslevel = get_input('accesslevel'); + +if (!is_array($accesslevel)) { + $accesslevel = array(); +} + +/** + * wrapper for recursive array walk decoding + */ +function profile_array_decoder(&$v) { + $v = _elgg_html_decode($v); +} + +$profile_fields = elgg_get_config('profile_fields'); +foreach ($profile_fields as $shortname => $valuetype) { + // the decoding is a stop gap to prevent && showing up in profile fields + // because it is escaped on both input (get_input()) and output (view:output/text). see #561 and #1405. + // must decode in utf8 or string corruption occurs. see #1567. + $value = get_input($shortname); + if (is_array($value)) { + array_walk_recursive($value, 'profile_array_decoder'); + } else { + $value = _elgg_html_decode($value); + } + + // limit to reasonable sizes + // @todo - throwing away changes due to this is dumb! + if (!is_array($value) && $valuetype != 'longtext' && elgg_strlen($value) > 250) { + $error = elgg_echo('profile:field_too_long', array(elgg_echo("profile:{$shortname}"))); + register_error($error); + forward(REFERER); + } + + if ($value && $valuetype == 'url' && !preg_match('~^https?\://~i', $value)) { + $value = "http://$value"; + } + + if ($valuetype == 'tags') { + $value = string_to_tag_array($value); + } + + $input[$shortname] = $value; +} + +// display name is handled separately +$name = strip_tags(get_input('name')); +if ($name) { + if (elgg_strlen($name) > 50) { + register_error(elgg_echo('user:name:fail')); + } elseif ($owner->name != $name) { + $owner->name = $name; + $owner->save(); + } +} + +// go through custom fields +if (sizeof($input) > 0) { + foreach ($input as $shortname => $value) { + $options = array( + 'guid' => $owner->guid, + 'metadata_name' => $shortname, + 'limit' => false + ); + elgg_delete_metadata($options); + + if (!is_null($value) && ($value !== '')) { + // only create metadata for non empty values (0 is allowed) to prevent metadata records with empty string values #4858 + + if (isset($accesslevel[$shortname])) { + $access_id = (int) $accesslevel[$shortname]; + } else { + // this should never be executed since the access level should always be set + $access_id = ACCESS_DEFAULT; + } + if (is_array($value)) { + $i = 0; + foreach ($value as $interval) { + $i++; + $multiple = ($i > 1) ? TRUE : FALSE; + create_metadata($owner->guid, $shortname, $interval, 'text', $owner->guid, $access_id, $multiple); + } + } else { + create_metadata($owner->getGUID(), $shortname, $value, 'text', $owner->getGUID(), $access_id); + } + } + } + + $owner->save(); + + // Notify of profile update + elgg_trigger_event('profileupdate', $owner->type, $owner); + + elgg_clear_sticky_form('profile:edit'); + system_message(elgg_echo("profile:saved")); +} + +forward($owner->getUrl()); diff --git a/actions/profile/fields/add.php b/actions/profile/fields/add.php new file mode 100644 index 000000000..fce783092 --- /dev/null +++ b/actions/profile/fields/add.php @@ -0,0 +1,40 @@ +<?php +/** + * Elgg profile plugin edit default profile action + * + */ + +$label = get_input('label'); +$type = get_input('type'); + +$fieldlist = elgg_get_config('profile_custom_fields'); +if (!$fieldlist) { + $fieldlist = ''; + $id = 1; +} else { + $fieldlistarray = explode(',', $fieldlist); + foreach ($fieldlistarray as $key => $value) { + $fieldlistarray[$key] = (int)$value; + } + $id = max($fieldlistarray) + 1; +} + +if (($label) && ($type)) { + if (!empty($fieldlist)) { + $fieldlist .= ','; + } + $fieldlist .= "$id"; + + if (elgg_save_config("admin_defined_profile_$id", $label) && + elgg_save_config("admin_defined_profile_type_$id", $type) && + elgg_save_config('profile_custom_fields', $fieldlist)) { + + system_message(elgg_echo('profile:editdefault:success')); + } else { + register_error(elgg_echo('profile:editdefault:fail')); + } +} else { + register_error(elgg_echo('profile:editdefault:fail')); +} + +forward(REFERER);
\ No newline at end of file diff --git a/actions/profile/fields/delete.php b/actions/profile/fields/delete.php new file mode 100644 index 000000000..9879feb3f --- /dev/null +++ b/actions/profile/fields/delete.php @@ -0,0 +1,28 @@ +<?php +/** + * Elgg profile plugin edit default profile action removal + * + */ + +$id = get_input('id'); + +$fieldlist = elgg_get_config('profile_custom_fields'); +if (!$fieldlist) { + $fieldlist = ''; +} + +$fieldlist = str_replace("{$id},", "", $fieldlist); +$fieldlist = str_replace(",{$id}", "", $fieldlist); +$fieldlist = str_replace("{$id}", "", $fieldlist); + +if ($id && + unset_config("admin_defined_profile_$id") && + unset_config("admin_defined_profile_type_$id") && + elgg_save_config('profile_custom_fields', $fieldlist)) { + + system_message(elgg_echo('profile:editdefault:delete:success')); +} else { + register_error(elgg_echo('profile:editdefault:delete:fail')); +} + +forward(REFERER);
\ No newline at end of file diff --git a/actions/profile/fields/edit.php b/actions/profile/fields/edit.php new file mode 100644 index 000000000..5fc84ff11 --- /dev/null +++ b/actions/profile/fields/edit.php @@ -0,0 +1,20 @@ +<?php +/** + * Edit a custom profile field + */ + +$id = get_input('id'); +$label = get_input('label'); + +if (!elgg_get_config("admin_defined_profile_$id")) { + register_error(elgg_echo('profile:editdefault:fail')); + forward(REFERER); +} + +if (elgg_save_config("admin_defined_profile_$id", $label)) { + system_message(elgg_echo('profile:editdefault:success')); +} else { + register_error(elgg_echo('profile:editdefault:fail')); +} + +forward(REFERER);
\ No newline at end of file diff --git a/actions/profile/fields/reorder.php b/actions/profile/fields/reorder.php new file mode 100644 index 000000000..27c716749 --- /dev/null +++ b/actions/profile/fields/reorder.php @@ -0,0 +1,12 @@ +<?php +/** + * Elgg profile plugin reorder fields + * + */ + +$ordering = get_input('fieldorder'); + +$result = elgg_save_config('profile_custom_fields', $ordering); + +// called by ajax so we exit +exit; diff --git a/actions/profile/fields/reset.php b/actions/profile/fields/reset.php new file mode 100644 index 000000000..19efae479 --- /dev/null +++ b/actions/profile/fields/reset.php @@ -0,0 +1,20 @@ +<?php +/** + * Reset profile fields action + * + */ + +$fieldlist = elgg_get_config('profile_custom_fields'); +if ($fieldlist) { + $fieldlistarray = explode(',', $fieldlist); + foreach ($fieldlistarray as $listitem) { + unset_config("admin_defined_profile_{$listitem}"); + unset_config("admin_defined_profile_type_{$listitem}"); + } +} + +unset_config('profile_custom_fields'); + +system_message(elgg_echo('profile:defaultprofile:reset')); + +forward(REFERER);
\ No newline at end of file diff --git a/actions/register.php b/actions/register.php index 748c06ce6..73926232c 100644 --- a/actions/register.php +++ b/actions/register.php @@ -1,77 +1,80 @@ -<?php
-
- /**
- * Elgg registration action
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
+<?php +/** + * Elgg registration action + * + * @package Elgg.Core + * @subpackage User.Account + */ - require_once(dirname(dirname(__FILE__)) . "/engine/start.php"); - global $CONFIG; - - action_gatekeeper(); -
- // Get variables
- $username = get_input('username');
- $password = get_input('password');
- $password2 = get_input('password2');
- $email = get_input('email');
- $name = get_input('name');
- $friend_guid = (int) get_input('friend_guid',0);
- $invitecode = get_input('invitecode');
- - $admin = get_input('admin'); - if (is_array($admin)) $admin = $admin[0]; - - - if (!$CONFIG->disable_registration) - {
- // For now, just try and register the user - - try {
- if ( - ( - (trim($password)!="") && - (strcmp($password, $password2)==0) - ) && - ($guid = register_user($username, $password, $name, $email, false, $friend_guid, $invitecode)) - ) { - - $new_user = get_entity($guid); - if (($guid) && ($admin)) - { - admin_gatekeeper(); // Only admins can make someone an admin - $new_user->admin = 'yes'; - } - - // Send user validation request on register only - request_user_validation($guid); - - if (!$new_user->admin) - $new_user->disable('new_user'); // Now disable if not an admin -
- system_message(sprintf(elgg_echo("registerok"),$CONFIG->sitename)); - - forward(); // Forward on success, assume everything else is an error...
- } else {
- register_error(elgg_echo("registerbad"));
- } - } catch (RegistrationException $r) { - register_error($r->getMessage()); +elgg_make_sticky_form('register'); + +// Get variables +$username = get_input('username'); +$password = get_input('password', null, false); +$password2 = get_input('password2', null, false); +$email = get_input('email'); +$name = get_input('name'); +$friend_guid = (int) get_input('friend_guid', 0); +$invitecode = get_input('invitecode'); + +if (elgg_get_config('allow_registration')) { + try { + if (trim($password) == "" || trim($password2) == "") { + throw new RegistrationException(elgg_echo('RegistrationException:EmptyPassword')); + } + + if (strcmp($password, $password2) != 0) { + throw new RegistrationException(elgg_echo('RegistrationException:PasswordMismatch')); + } + + $guid = register_user($username, $password, $name, $email, false, $friend_guid, $invitecode); + + if ($guid) { + $new_user = get_entity($guid); + + // allow plugins to respond to self registration + // note: To catch all new users, even those created by an admin, + // register for the create, user event instead. + // only passing vars that aren't in ElggUser. + $params = array( + 'user' => $new_user, + 'password' => $password, + 'friend_guid' => $friend_guid, + 'invitecode' => $invitecode + ); + + // @todo should registration be allowed no matter what the plugins return? + if (!elgg_trigger_plugin_hook('register', 'user', $params, TRUE)) { + $ia = elgg_set_ignore_access(true); + $new_user->delete(); + elgg_set_ignore_access($ia); + // @todo this is a generic messages. We could have plugins + // throw a RegistrationException, but that is very odd + // for the plugin hooks system. + throw new RegistrationException(elgg_echo('registerbad')); } + + elgg_clear_sticky_form('register'); + system_message(elgg_echo("registerok", array(elgg_get_site_entity()->name))); + + // if exception thrown, this probably means there is a validation + // plugin that has disabled the user + try { + login($new_user); + } catch (LoginException $e) { + // do nothing + } + + // Forward on success, assume everything else is an error... + forward(); + } else { + register_error(elgg_echo("registerbad")); } - else - register_error(elgg_echo('registerdisabled')); - - $qs = explode('?',$_SERVER['HTTP_REFERER']); - $qs = $qs[0]; - $qs .= "?u=" . urlencode($username) . "&e=" . urlencode($email) . "&n=" . urlencode($name) . "&friend_guid=" . $friend_guid; - - forward($qs);
-
-?>
\ No newline at end of file + } catch (RegistrationException $r) { + register_error($r->getMessage()); + } +} else { + register_error(elgg_echo('registerdisabled')); +} + +forward(REFERER); diff --git a/actions/river/delete.php b/actions/river/delete.php new file mode 100644 index 000000000..0d8297932 --- /dev/null +++ b/actions/river/delete.php @@ -0,0 +1,21 @@ +<?php +/** + * River item delete action + * + * @package Elgg + * @subpackage Core + */ + +$id = get_input('id', false); + +if ($id !== false && elgg_is_admin_logged_in()) { + if (elgg_delete_river(array('id' => $id))) { + system_message(elgg_echo('river:delete:success')); + } else { + register_error(elgg_echo('river:delete:fail')); + } +} else { + register_error(elgg_echo('river:delete:fail')); +} + +forward(REFERER); diff --git a/actions/security/refreshtoken.php b/actions/security/refreshtoken.php new file mode 100644 index 000000000..74a72c4af --- /dev/null +++ b/actions/security/refreshtoken.php @@ -0,0 +1,5 @@ +<?php +$ts = time(); +$token = generate_action_token($ts); + +echo json_encode(array('__elgg_ts' => $ts, '__elgg_token' => $token));
\ No newline at end of file diff --git a/actions/systemsettings/install.php b/actions/systemsettings/install.php deleted file mode 100644 index 9fbbd3802..000000000 --- a/actions/systemsettings/install.php +++ /dev/null @@ -1,121 +0,0 @@ -<?php
-
- /**
- * Elgg install site action
- *
- * Creates a nwe site and sets it as the default
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
-
- elgg_set_viewtype('failsafe'); // Set failsafe again incase we get an exception thrown
-
- if (is_installed()) forward();
-
- if (get_input('settings') == 'go') {
-
- if (!datalist_get('default_site')) {
-
- // Sanitise
- $path = sanitise_filepath(get_input('path'));
- $dataroot = sanitise_filepath(get_input('dataroot'));
-
- // Blank?
- if ($dataroot == "/")
- throw new InstallationException(elgg_echo('InstallationException:DatarootBlank'));
-
- // That it's valid
- if (stripos($dataroot, $path)!==false)
- throw new InstallationException(sprintf(elgg_echo('InstallationException:DatarootUnderPath'), $dataroot));
-
- // Check data root is writable
- if (!is_writable($dataroot))
- throw new InstallationException(sprintf(elgg_echo('InstallationException:DatarootNotWritable'), $dataroot));
-
-
- $site = new ElggSite();
- $site->name = get_input('sitename');
- $site->url = get_input('wwwroot');
- $site->description = get_input('sitedescription');
- $site->email = get_input('siteemail');
- $site->access_id = ACCESS_PUBLIC;
- $guid = $site->save();
-
- if (!$guid)
- throw new InstallationException(sprintf(elgg_echo('InstallationException:CantCreateSite'), get_input('sitename'), get_input('wwwroot')));
-
- datalist_set('installed',time());
-
- datalist_set('path', $path);
- datalist_set('dataroot', $dataroot);
-
- datalist_set('default_site',$site->getGUID());
-
- set_config('view', get_input('view'), $site->getGUID());
- set_config('language', get_input('language'), $site->getGUID());
- set_config('default_access', get_input('default_access'), $site->getGUID());
-
- $debug = get_input('debug');
- if ($debug)
- set_config('debug', 1, $site->getGUID());
- else
- unset_config('debug', $site->getGUID());
-
- $usage = get_input('usage');
- if (is_array($usage)) $usage = $usage[0];
-
- if ($usage)
- unset_config('ping_home', $site->getGUID());
- else
- set_config('ping_home', 'disabled', $site->getGUID());
-
- $api = get_input('api');
- if ($api)
- unset_config('disable_api', $site->getGUID());
- else
- set_config('disable_api', 'disabled', $site->getGUID());
-
- $https_login = get_input('https_login');
- if ($https_login)
- set_config('https_login', 1, $site->getGUID());
- else
- unset_config('https_login', $site->getGUID());
-
- // activate some plugins by default
- if (isset($CONFIG->default_plugins))
- {
- $plugins = explode(',', $CONFIG->default_plugins);
- foreach ($plugins as $plugin)
- enable_plugin(trim($plugins), $site->getGUID());
- }
- else
- {
- enable_plugin('profile', $site->getGUID());
- enable_plugin('river', $site->getGUID());
- enable_plugin('updateclient', $site->getGUID());
- enable_plugin('logbrowser', $site->getGUID());
- enable_plugin('diagnostics', $site->getGUID());
- enable_plugin('uservalidationbyemail', $site->getGUID());
- }
-
- // Now ping home
- if ($usage)
- {
- ping_home($site);
- }
-
- system_message(elgg_echo("installation:configuration:success"));
-
- header("Location: ../../account/register.php");
- exit;
-
- }
-
- }
-
-?>
\ No newline at end of file diff --git a/actions/user/default_access.php b/actions/user/default_access.php deleted file mode 100644 index 264bfb45b..000000000 --- a/actions/user/default_access.php +++ /dev/null @@ -1,46 +0,0 @@ -<?php - /** - * Action for changing a user's default access level - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ - - require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); - global $CONFIG;
-
- if ($CONFIG->allow_user_default_access) { - - gatekeeper(); - - $default_access = get_input('default_access'); - $user_id = get_input('guid'); - $user = ""; - - if (!$user_id) - $user = $_SESSION['user']; - else - $user = get_entity($user_id); - - if ($user) - {
- $current_default_access = $user->getPrivateSetting('elgg_default_access'); - if ($default_access != $current_default_access) - { - if ($user->setPrivateSetting('elgg_default_access',$default_access)) - system_message(elgg_echo('user:default_access:success')); - else - register_error(elgg_echo('user:default_access:fail')); - } - } - else - register_error(elgg_echo('user:default_access:fail'));
- } - - //forward($_SERVER['HTTP_REFERER']); - //exit; -?>
\ No newline at end of file diff --git a/actions/user/language.php b/actions/user/language.php deleted file mode 100644 index ec910c12a..000000000 --- a/actions/user/language.php +++ /dev/null @@ -1,43 +0,0 @@ -<?php - /** - * Action for changing a user's personal language settings - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ - - require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); - global $CONFIG; - - gatekeeper(); - - $language = get_input('language'); - $user_id = get_input('guid'); - $user = ""; - - if (!$user_id) - $user = $_SESSION['user']; - else - $user = get_entity($user_id); - - if (($user) && ($language)) - { - if (strcmp($language, $user->language)!=0) - { - $user->language = $language; - if ($user->save()) - system_message(elgg_echo('user:language:success')); - else - register_error(elgg_echo('user:language:fail')); - } - } - else - register_error(elgg_echo('user:language:fail')); - - //forward($_SERVER['HTTP_REFERER']); - //exit; -?>
\ No newline at end of file diff --git a/actions/user/name.php b/actions/user/name.php deleted file mode 100644 index a69d44487..000000000 --- a/actions/user/name.php +++ /dev/null @@ -1,43 +0,0 @@ -<?php - /** - * Action for changing a user's name - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ - - require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); - global $CONFIG; - - gatekeeper(); - - $name = get_input('name'); - $user_id = get_input('guid'); - $user = ""; - - if (!$user_id) - $user = $_SESSION['user']; - else - $user = get_entity($user_id); - - if (($user) && ($name)) - { - if (strcmp($name, $user->name)!=0) - { - $user->name = $name; - if ($user->save()) - system_message(elgg_echo('user:name:success')); - else - register_error(elgg_echo('user:name:fail')); - } - } - else - register_error(elgg_echo('user:name:fail')); - - //forward($_SERVER['HTTP_REFERER']); - //exit; -?>
\ No newline at end of file diff --git a/actions/user/password.php b/actions/user/password.php deleted file mode 100644 index 7e097e132..000000000 --- a/actions/user/password.php +++ /dev/null @@ -1,50 +0,0 @@ -<?php - /** - * Action for changing a user's password - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ - - require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); - global $CONFIG; - - gatekeeper(); - - $password = get_input('password'); - $password2 = get_input('password2'); - $user_id = get_input('guid'); - $user = ""; - - if (!$user_id) - $user = $_SESSION['user']; - else - $user = get_entity($user_id); - - if (($user) && ($password!="")) - { - if (strlen($password)>=4) - { - if ($password == $password2) - { - $user->salt = generate_random_cleartext_password(); // Reset the salt - $user->password = generate_user_password($user, $password); - if ($user->save()) - system_message(elgg_echo('user:password:success')); - else - register_error(elgg_echo('user:password:fail')); - } - else - register_error(elgg_echo('user:password:fail:notsame')); - } - else - register_error(elgg_echo('user:password:fail:tooshort')); - } - - //forward($_SERVER['HTTP_REFERER']); - //exit; -?>
\ No newline at end of file diff --git a/actions/user/passwordreset.php b/actions/user/passwordreset.php index e7bfbdebd..201d6abcf 100644 --- a/actions/user/passwordreset.php +++ b/actions/user/passwordreset.php @@ -1,27 +1,19 @@ <?php - /** - * Action to reset a password and send success email. - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ +/** + * Action to reset a password and send success email. + * + * @package Elgg + * @subpackage Core + */ - require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); - global $CONFIG; - - $user_guid = get_input('u'); - $code = get_input('c'); - - if (execute_new_password_request($user_guid, $code)) - system_message(elgg_echo('user:password:success')); - else - register_error(elgg_echo('user:password:fail')); - - forward($_SERVER['HTTP_REFERER']); - exit; - -?>
\ No newline at end of file +$user_guid = get_input('u'); +$code = get_input('c'); + +if (execute_new_password_request($user_guid, $code)) { + system_message(elgg_echo('user:password:success')); +} else { + register_error(elgg_echo('user:password:fail')); +} + +forward(); +exit; diff --git a/actions/user/requestnewpassword.php b/actions/user/requestnewpassword.php index 0e685adde..f1d4fa43c 100644 --- a/actions/user/requestnewpassword.php +++ b/actions/user/requestnewpassword.php @@ -1,43 +1,27 @@ <?php - /** - * Action to request a new password. - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ +/** + * Action to request a new password. + * + * @package Elgg.Core + * @subpackage User.Account + */ - require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); - global $CONFIG; - - action_gatekeeper(); - - $username = get_input('username'); -
- $access_status = access_get_show_hidden_status();
- access_show_hidden_entities(true); - $user = get_user_by_username($username); - if ($user) - {
- if ($user->validated) { - if (send_new_password_request($user->guid)) - system_message(elgg_echo('user:password:resetreq:success')); - else - register_error(elgg_echo('user:password:resetreq:fail'));
- } else if (!trigger_plugin_hook('unvalidated_requestnewpassword','user',array('entity'=>$user))) {
- // if plugins have not registered an action, the default action is to
- // trigger the validation event again and assume that the validation
- // event will display an appropriate message
- trigger_elgg_event('validate', 'user', $user);
- } +$username = get_input('username'); + +// allow email addresses +if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) { + $username = $users[0]->username; +} + +$user = get_user_by_username($username); +if ($user) { + if (send_new_password_request($user->guid)) { + system_message(elgg_echo('user:password:resetreq:success')); + } else { + register_error(elgg_echo('user:password:resetreq:fail')); } - else - register_error(sprintf(elgg_echo('user:username:notfound'), $username));
- - access_show_hidden_entities($access_status); - forward($_SERVER['HTTP_REFERER']); - exit; -?>
\ No newline at end of file +} else { + register_error(elgg_echo('user:username:notfound', array($username))); +} + +forward(); diff --git a/actions/user/spotlight.php b/actions/user/spotlight.php index b43af2f16..202dde387 100644 --- a/actions/user/spotlight.php +++ b/actions/user/spotlight.php @@ -1,15 +1,19 @@ -<?php
-
- gatekeeper();
-
- $closed = get_input('closed','true');
- if ($closed != 'true') {
- $closed = false;
- } else {
- $closed = true;
- }
-
- $_SESSION['user']->spotlightclosed = $closed;
- exit;
-
-?>
\ No newline at end of file +<?php +/** + * Close or open spotlight. + * + * @package Elgg.Core + * @subpackage Spotlight + * @todo This is deprecated in 1.8 + */ + +$closed = get_input('closed', 'true'); +if ($closed != 'true') { + $closed = false; +} else { + $closed = true; +} + +elgg_get_logged_in_user_entity()->spotlightclosed = $closed; +// exit as this action is called through Ajax +exit;
\ No newline at end of file diff --git a/actions/useradd.php b/actions/useradd.php index e6e071f01..17459021b 100644 --- a/actions/useradd.php +++ b/actions/useradd.php @@ -1,58 +1,69 @@ <?php +/** + * Elgg add action + * + * @package Elgg + * @subpackage Core + */ - /** - * Elgg add action - * - * @package Elgg - * @subpackage Core - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd - * @copyright Curverider Ltd 2008-2009 - * @link http://elgg.org/ - */ - - require_once(dirname(dirname(__FILE__)) . "/engine/start.php"); - - admin_gatekeeper(); // Only admins can make someone an admin - action_gatekeeper(); - - // Get variables
- global $CONFIG; - $username = get_input('username'); - $password = get_input('password'); - $password2 = get_input('password2'); - $email = get_input('email'); - $name = get_input('name'); - - $admin = get_input('admin'); - if (is_array($admin)) $admin = $admin[0]; - - // For now, just try and register the user - try { - if ( - ( - (trim($password)!="") && - (strcmp($password, $password2)==0) - ) && - ($guid = register_user($username, $password, $name, $email, true)) - ) { - $new_user = get_entity($guid); - if (($guid) && ($admin)) - $new_user->admin = 'yes'; - - $new_user->admin_created = true; -
-
- notify_user($new_user->guid, $CONFIG->site->guid, elgg_echo('useradd:subject'), sprintf(elgg_echo('useradd:body'), $name, $CONFIG->site->name, $CONFIG->site->url, $username, $password));
- - system_message(sprintf(elgg_echo("adduser:ok"),$CONFIG->sitename)); - } else { - register_error(elgg_echo("adduser:bad")); +elgg_make_sticky_form('useradd'); + +// Get variables +$username = get_input('username'); +$password = get_input('password', null, false); +$password2 = get_input('password2', null, false); +$email = get_input('email'); +$name = get_input('name'); + +$admin = get_input('admin'); +if (is_array($admin)) { + $admin = $admin[0]; +} + +// no blank fields +if ($username == '' || $password == '' || $password2 == '' || $email == '' || $name == '') { + register_error(elgg_echo('register:fields')); + forward(REFERER); +} + +if (strcmp($password, $password2) != 0) { + register_error(elgg_echo('RegistrationException:PasswordMismatch')); + forward(REFERER); +} + +// For now, just try and register the user +try { + $guid = register_user($username, $password, $name, $email, TRUE); + + if ($guid) { + $new_user = get_entity($guid); + if ($new_user && $admin && elgg_is_admin_logged_in()) { + $new_user->makeAdmin(); } - } catch (RegistrationException $r) { - register_error($r->getMessage()); + + elgg_clear_sticky_form('useradd'); + + $new_user->admin_created = TRUE; + // @todo ugh, saving a guid as metadata! + $new_user->created_by_guid = elgg_get_logged_in_user_guid(); + + $subject = elgg_echo('useradd:subject'); + $body = elgg_echo('useradd:body', array( + $name, + elgg_get_site_entity()->name, + elgg_get_site_entity()->url, + $username, + $password, + )); + + notify_user($new_user->guid, elgg_get_site_entity()->guid, $subject, $body); + + system_message(elgg_echo("adduser:ok", array(elgg_get_site_entity()->name))); + } else { + register_error(elgg_echo("adduser:bad")); } +} catch (RegistrationException $r) { + register_error($r->getMessage()); +} - forward($_SERVER['HTTP_REFERER']); - exit; -?>
\ No newline at end of file +forward(REFERER); diff --git a/actions/usersettings/save.php b/actions/usersettings/save.php index 04d7532d0..eb6cdbd5d 100644 --- a/actions/usersettings/save.php +++ b/actions/usersettings/save.php @@ -1,22 +1,11 @@ -<?php
- /**
- * Aggregate action for saving settings
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
-
- require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
- global $CONFIG;
-
- gatekeeper(); - action_gatekeeper();
-
- trigger_plugin_hook('usersettings:save','user');
-
- forward($_SERVER['HTTP_REFERER']);
-
-?>
+<?php +/** + * Aggregate action for saving settings + * + * @package Elgg.Core + * @subpackage UserSettings + */ + +elgg_trigger_plugin_hook('usersettings:save', 'user'); + +forward(REFERER); diff --git a/actions/widgets/add.php b/actions/widgets/add.php index ff4af4a47..d7b2f291c 100644 --- a/actions/widgets/add.php +++ b/actions/widgets/add.php @@ -1,43 +1,42 @@ -<?php
-
- /**
- * Elgg widget add action
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
-
- $guid = get_input('user');
- $handler = get_input('handler');
- $context = get_input('context');
- $column = get_input('column');
-
- $result = false;
-
- if (!empty($guid)) {
-
- if ($user = get_entity($guid)) {
-
- if ($user->canEdit()) {
-
- $result = add_widget($user->getGUID(),$handler,$context,0,$column);
-
- }
-
- }
-
- }
-
- if ($result) {
- system_message(elgg_echo('widgets:save:success'));
- } else {
- register_error(elgg_echo('widgets:save:failure'));
- }
-
- forward($_SERVER['HTTP_REFERER']);
-
-?>
\ No newline at end of file +<?php +/** + * Elgg widget add action + * + * @package Elgg.Core + * @subpackage Widgets.Management + */ + +$owner_guid = get_input('owner_guid'); +$handler = get_input('handler'); +$context = get_input('context'); +$show_access = (bool)get_input('show_access', true); +$column = get_input('column', 1); +$default_widgets = get_input('default_widgets', 0); + +elgg_push_context($context); +if ($default_widgets) { + elgg_push_context('default_widgets'); +} +elgg_push_context('widgets'); + +if (!empty($owner_guid)) { + $owner = get_entity($owner_guid); + if ($owner && $owner->canEdit()) { + $guid = elgg_create_widget($owner->getGUID(), $handler, $context); + if ($guid) { + $widget = get_entity($guid); + + // position the widget + $widget->move($column, 0); + + // send widget html for insertion + echo elgg_view_entity($widget, array('show_access' => $show_access)); + + //system_message(elgg_echo('widgets:add:success')); + forward(REFERER); + } + } +} + +register_error(elgg_echo('widgets:add:failure')); +forward(REFERER); diff --git a/actions/widgets/delete.php b/actions/widgets/delete.php new file mode 100644 index 000000000..47920013d --- /dev/null +++ b/actions/widgets/delete.php @@ -0,0 +1,20 @@ +<?php +/** + * Elgg widget delete action + * + * @package Elgg.Core + * @subpackage Widgets.Management + */ + +$widget_guid = get_input('widget_guid'); +$owner_guid = get_input('owner_guid', elgg_get_logged_in_user_guid()); + +$widget = get_entity($widget_guid); +$owner = get_entity($owner_guid); + +if ($widget && $owner->canEdit() && $widget->delete()) { + forward(REFERER); +} + +register_error(elgg_echo('widgets:remove:failure')); +forward(REFERER); diff --git a/actions/widgets/move.php b/actions/widgets/move.php new file mode 100644 index 000000000..eab650c9c --- /dev/null +++ b/actions/widgets/move.php @@ -0,0 +1,24 @@ +<?php +/** + * Elgg widget move action + * + * @package Elgg.Core + * @subpackage Widgets.Management + */ + +$widget_guid = get_input('widget_guid'); +$column = get_input('column', 1); +$position = get_input('position'); +$owner_guid = get_input('owner_guid', elgg_get_logged_in_user_guid()); + +$widget = get_entity($widget_guid); +$owner = get_entity($owner_guid); + + +if ($widget && $owner->canEdit()) { + $widget->move($column, $position); + forward(REFERER); +} + +register_error(elgg_echo('widgets:move:failure')); +forward(REFERER);
\ No newline at end of file diff --git a/actions/widgets/reorder.php b/actions/widgets/reorder.php index 47f799889..e43a0ba73 100644 --- a/actions/widgets/reorder.php +++ b/actions/widgets/reorder.php @@ -1,32 +1,24 @@ -<?php
-
- /**
- * Elgg widget reorder action
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
-
-
- $owner = get_input('owner');
- $context = get_input('context');
-
- $maincontent = get_input('debugField1');
- $sidebar = get_input('debugField2');
- $rightbar = get_input('debugField3');
-
- $result = reorder_widgets_from_panel($maincontent, $sidebar, $rightbar, $context, $owner);
-
- if ($result) {
- system_message(elgg_echo('widgets:panel:save:success'));
- } else {
- register_error(elgg_echo('widgets:panel:save:failure'));
- }
-
- forward($_SERVER['HTTP_REFERER']);
-
-?>
\ No newline at end of file +<?php +/** + * Elgg widget reorder action + * + * @package Elgg.Core + * @subpackage Widgets.Management + */ + +$owner = get_input('owner'); +$context = get_input('context'); + +$maincontent = get_input('debugField1'); +$sidebar = get_input('debugField2'); +$rightbar = get_input('debugField3'); + +$result = reorder_widgets_from_panel($maincontent, $sidebar, $rightbar, $context, $owner); + +if ($result) { + system_message(elgg_echo('widgets:panel:save:success')); +} else { + register_error(elgg_echo('widgets:panel:save:failure')); +} + +forward(REFERER);
\ No newline at end of file diff --git a/actions/widgets/save.php b/actions/widgets/save.php index e86632c6e..e15deab77 100644 --- a/actions/widgets/save.php +++ b/actions/widgets/save.php @@ -1,38 +1,44 @@ -<?php
-
- /**
- * Elgg widget save action
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
-
- action_gatekeeper(); -
- $guid = get_input('guid');
- $params = $_REQUEST['params'];
- $pageurl = get_input('pageurl');
- $noforward = get_input('noforward',false);
-
- $result = false;
-
- if (!empty($guid)) {
-
- $result = save_widget_info($guid,$params);
-
- }
-
- if ($result) {
- system_message(elgg_echo('widgets:save:success'));
- } else {
- register_error(elgg_echo('widgets:save:failure'));
- }
-
- if (!$noforward)
- forward($_SERVER['HTTP_REFERER']);
-
-?>
\ No newline at end of file +<?php +/** + * Elgg save widget settings action + * + * @package Elgg.Core + * @subpackage Widgets.Management + * + * @uses int $_REQUEST['guid'] The guid of the widget to save + * @uses array $_REQUEST['params'] An array of params to set on the widget. + * @uses int $_REQUEST['default_widgets'] Flag for if these settings are for default wigets. + * @uses string $_REQUEST['context'] An optional context of the widget. Used to return + * the correct output if widget content changes + * depending on context. + * + */ + +elgg_set_context('widgets'); + +$guid = get_input('guid'); +$params = get_input('params'); +$default_widgets = get_input('default_widgets', 0); +$context = get_input('context'); + +$widget = get_entity($guid); +if ($widget && $widget->saveSettings($params)) { + elgg_set_page_owner_guid($widget->getContainerGUID()); + if ($context) { + elgg_push_context($context); + } + + if (!$default_widgets) { + if (elgg_view_exists("widgets/$widget->handler/content")) { + $view = "widgets/$widget->handler/content"; + } else { + elgg_deprecated_notice("widgets use content as the display view", 1.8); + $view = "widgets/$widget->handler/view"; + } + echo elgg_view($view, array('entity' => $widget)); + } +} else { + register_error(elgg_echo('widgets:save:failure')); +} + +forward(REFERER);
\ No newline at end of file diff --git a/actions/widgets/upgrade.php b/actions/widgets/upgrade.php new file mode 100644 index 000000000..0a5cf8d48 --- /dev/null +++ b/actions/widgets/upgrade.php @@ -0,0 +1,65 @@ +<?php +/** + * Upgrade default widgets for Elgg 1.8 + * + * Pre-1.8, default widgets were stored as metadata on a defaultwidgets object. + * Now they are stored as widget objects owned by the site. + * + * @package Elgg.Core + * @subpackage Widgets.Management + */ + +$object = elgg_get_entities(array( + 'type' => 'object', + 'subtype' => 'moddefaultwidgets', + 'limit' => 1, +)); + +if (!$object) { + forward(REFERER); +} + +$object = $object[0]; + +$site = elgg_get_site_entity(); + +$ia = elgg_set_ignore_access(true); +foreach (array('profile', 'dashboard') as $context) { + if (isset($object->$context)) { + elgg_push_context($context); + elgg_push_context('default_widgets'); + elgg_push_context('widgets'); + + // deserialize the widget information + list($left, $middle, $right) = split('%%', $object->$context); + $left_widgets = split('::', $left); + $middle_widgets = split('::', $middle); + $right_widgets = split('::', $right); + + // 1st column is right column in default theme + $widgets = array( + 1 => array_reverse($right_widgets), + 2 => array_reverse($middle_widgets), + 3 => array_reverse($left_widgets), + ); + + foreach ($widgets as $column => $column_widgets) { + foreach ($column_widgets as $handler) { + $guid = elgg_create_widget($site->getGUID(), $handler, $context); + if ($guid) { + $widget = get_entity($guid); + $widget->move($column, 0); + } + } + } + + elgg_pop_context(); + elgg_pop_context(); + elgg_pop_context(); + } +} +elgg_set_ignore_access($ia); + +$object->delete(); +system_message(elgg_echo('upgrade:core')); +forward(REFERER); |