From 12d286988dbcdff5aad3620838e7ab777ac67a92 Mon Sep 17 00:00:00 2001 From: brettp Date: Wed, 14 Oct 2009 20:41:19 +0000 Subject: Standardized actions/* git-svn-id: http://code.elgg.org/elgg/trunk@3542 36083f99-b078-4883-b0ff-0f9b5a30f544 --- actions/email/save.php | 86 ++++---- actions/entities/delete.php | 52 +++-- actions/friends/add.php | 65 +++--- actions/friends/addcollection.php | 91 ++++---- actions/friends/deletecollection.php | 91 ++++---- actions/friends/editcollection.php | 28 ++- actions/friends/remove.php | 68 +++--- actions/import/opendd.php | 56 ++--- actions/login.php | 141 ++++++------ actions/logout.php | 38 ++-- .../notifications/settings/usersettings/save.php | 57 +++-- actions/plugins/settings/save.php | 62 +++--- actions/plugins/usersettings/save.php | 62 +++--- actions/register.php | 137 ++++++------ actions/systemsettings/install.php | 238 ++++++++++----------- actions/user/default_access.php | 71 +++--- actions/user/language.php | 68 +++--- actions/user/name.php | 68 +++--- actions/user/password.php | 79 ++++--- actions/user/passwordreset.php | 45 ++-- actions/user/requestnewpassword.php | 75 ++++--- actions/user/spotlight.php | 30 +-- actions/useradd.php | 100 +++++---- actions/usersettings/save.php | 30 ++- actions/widgets/add.php | 63 +++--- actions/widgets/reorder.php | 46 ++-- actions/widgets/save.php | 56 +++-- 27 files changed, 940 insertions(+), 1063 deletions(-) diff --git a/actions/email/save.php b/actions/email/save.php index 2d226552a..046ac6a9d 100644 --- a/actions/email/save.php +++ b/actions/email/save.php @@ -1,53 +1,49 @@ email)!=0) - { - - if (!get_user_by_email($email)) - { - - if ($user->email != $email) { - $user->email = $email; - if ($user->save()) - { - request_user_validation($user->getGUID()); - system_message(elgg_echo('email:save:success')); - } - else - register_error(elgg_echo('email:save:fail')); +gatekeeper(); + +$email = get_input('email'); +$user_id = get_input('guid'); +$user = ""; + +if (!$user_id) { + $user = $_SESSION['user']; +} else { + $user = get_entity($user_id); +} + +if ($user) { + if (strcmp($email,$user->email)!=0) { + if (!get_user_by_email($email)) { + if ($user->email != $email) { + + $user->email = $email; + if ($user->save()) { + request_user_validation($user->getGUID()); + system_message(elgg_echo('email:save:success')); + } else { + register_error(elgg_echo('email:save:fail')); } } - else - register_error(elgg_echo('registration:dupeemail')); + } else { + register_error(elgg_echo('registration:dupeemail')); } } - else - register_error(elgg_echo('email:save:fail')); - - //forward($_SERVER['HTTP_REFERER']); - //exit; +} else { + register_error(elgg_echo('email:save:fail')); +} + +//forward($_SERVER['HTTP_REFERER']); +//exit; ?> \ No newline at end of file diff --git a/actions/entities/delete.php b/actions/entities/delete.php index fb9d98d1c..4f0e3b7ba 100644 --- a/actions/entities/delete.php +++ b/actions/entities/delete.php @@ -1,30 +1,28 @@ canEdit())) - { - if ($entity->delete()) - system_message(sprintf(elgg_echo('entity:delete:success'), $guid)); - else - register_error(sprintf(elgg_echo('entity:delete:fail'), $guid)); - } - else +require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); + +gatekeeper(); + +$guid = get_input('guid'); +$entity = get_entity($guid); + +if (($entity) && ($entity->canEdit())) { + if ($entity->delete()) { + system_message(sprintf(elgg_echo('entity:delete:success'), $guid)); + } else { register_error(sprintf(elgg_echo('entity:delete:fail'), $guid)); - - forward($_SERVER['HTTP_REFERER']); -?> \ No newline at end of file + } +} else { + register_error(sprintf(elgg_echo('entity:delete:fail'), $guid)); +} + +forward($_SERVER['HTTP_REFERER']); \ No newline at end of file diff --git a/actions/friends/add.php b/actions/friends/add.php index 63f1e2d94..f58d49b88 100644 --- a/actions/friends/add.php +++ b/actions/friends/add.php @@ -1,40 +1,37 @@ addFriend($friend_guid)) { + $errors = true; + } +} catch (Exception $e) { + register_error(sprintf(elgg_echo("friends:add:failure"),$friend->name)); + $errors = true; +} +if (!$errors){ + // add to river + add_to_river('friends/river/create','friend',$_SESSION['user']->guid,$friend_guid); + system_message(sprintf(elgg_echo("friends:add:successful"),$friend->name)); +} - $errors = false; - - // Get the user - try { - if (!$_SESSION['user']->addFriend($friend_guid)) $errors = true; - } catch (Exception $e) { - register_error(sprintf(elgg_echo("friends:add:failure"),$friend->name)); - $errors = true; - } - if (!$errors){ - // add to river - add_to_river('friends/river/create','friend',$_SESSION['user']->guid,$friend_guid); - system_message(sprintf(elgg_echo("friends:add:successful"),$friend->name)); - } - - // Forward to the user friends page - forward("pg/friends/" . $_SESSION['user']->username . "/"); - -?> \ No newline at end of file +// Forward to the user friends page +forward("pg/friends/" . $_SESSION['user']->username . "/"); diff --git a/actions/friends/addcollection.php b/actions/friends/addcollection.php index 7dfba1ee7..6a15805ec 100644 --- a/actions/friends/addcollection.php +++ b/actions/friends/addcollection.php @@ -1,50 +1,45 @@ getGUID()); - - //if the collection was created and the user passed some friends from the form, add them - if($create_collection && (!empty($friends))){ - - //add friends to the collection - foreach($friends as $friend){ - add_user_to_access_collection($friend, $create_collection); - } - - } - - // Success message - system_message(elgg_echo("friends:collectionadded")); - // Forward to the collections page - forward("pg/collections/" . $_SESSION['user']->username); - - } else { - - register_error(elgg_echo("friends:nocollectionname")); - // Forward to the add collection page - forward("pg/collections/add"); - - } - -?> \ No newline at end of file +/** + * Elgg collection add page + * + * @package Elgg + * @subpackage Core + + * @author Curverider Ltd + + * @link http://elgg.org/ + */ + +//must be logged in +gatekeeper(); +action_gatekeeper(); + +$collection_name = get_input('collection_name'); +$friends = get_input('friends_collection'); + +//first check to make sure that a collection name has been set and create the new colection +if($collection_name){ + + //create the collection + $create_collection = create_access_collection($collection_name, $_SESSION['user']->getGUID()); + + //if the collection was created and the user passed some friends from the form, add them + if($create_collection && (!empty($friends))){ + //add friends to the collection + foreach($friends as $friend) { + add_user_to_access_collection($friend, $create_collection); + } + } + + // Success message + system_message(elgg_echo("friends:collectionadded")); + // Forward to the collections page + forward("pg/collections/" . $_SESSION['user']->username); + +} else { + register_error(elgg_echo("friends:nocollectionname")); + + // Forward to the add collection page + forward("pg/collections/add"); +} diff --git a/actions/friends/deletecollection.php b/actions/friends/deletecollection.php index bdfcc9b2c..1e18adcea 100644 --- a/actions/friends/deletecollection.php +++ b/actions/friends/deletecollection.php @@ -1,52 +1,45 @@ owner_guid == $_SESSION['user']->getGUID()){ - - $delete_collection = delete_access_collection($collection_id); - - // Success message - if ($delete_collection) - system_message(elgg_echo("friends:collectiondeleted")); - else - register_error(elgg_echo("friends:collectiondeletefailed")); - - } else { - - // Failure message - register_error(elgg_echo("friends:collectiondeletefailed")); - - } - +/** + * Elgg friends: delete collection action + * + * @package Elgg + * @subpackage Core + + * @author Curverider Ltd + + * @link http://elgg.org/ + */ + +// Make sure we're logged in (send us to the front page if not) +gatekeeper(); + +// Get input data +$collection_id = (int) get_input('collection'); + +// Check to see that the access collection exist and grab its owner +$get_collection = get_access_collection($collection_id); + +if($get_collection){ + + if($get_collection->owner_guid == $_SESSION['user']->getGUID()) { + + $delete_collection = delete_access_collection($collection_id); + + // Success message + if ($delete_collection) { + system_message(elgg_echo("friends:collectiondeleted")); } else { - - // Failure message - register_error(elgg_echo("friends:collectiondeletefailed")); - - } - - // Forward to the collections page - forward("pg/collections/" . $_SESSION['user']->username); - -?> \ No newline at end of file + register_error(elgg_echo("friends:collectiondeletefailed")); + } + } else { + // Failure message + register_error(elgg_echo("friends:collectiondeletefailed")); + } +} else { + // Failure message + register_error(elgg_echo("friends:collectiondeletefailed")); +} + +// Forward to the collections page +forward("pg/collections/" . $_SESSION['user']->username); diff --git a/actions/friends/editcollection.php b/actions/friends/editcollection.php index ede61b4b0..4d346e823 100644 --- a/actions/friends/editcollection.php +++ b/actions/friends/editcollection.php @@ -1,20 +1,16 @@ \ No newline at end of file +//chech the collection exists and the current user owners it +update_access_collection($collection_id, $friends); \ No newline at end of file diff --git a/actions/friends/remove.php b/actions/friends/remove.php index 20181bc84..83dd377e6 100644 --- a/actions/friends/remove.php +++ b/actions/friends/remove.php @@ -1,42 +1,38 @@ removeFriend($friend_guid); + } else{ + register_error(sprintf(elgg_echo("friends:remove:failure"), $friend->name)); + $errors = true; + } +} catch (Exception $e) { + register_error(sprintf(elgg_echo("friends:remove:failure"), $friend->name)); + $errors = true; +} - // Ensure we are logged in - gatekeeper(); - action_gatekeeper(); - - // Get the GUID of the user to friend - $friend_guid = get_input('friend'); - $friend = get_entity($friend_guid); - $errors = false; +if (!$errors) { + system_message(sprintf(elgg_echo("friends:remove:successful"), $friend->name)); +} - // Get the user - try{ - if ($friend instanceof ElggUser) - $_SESSION['user']->removeFriend($friend_guid); - else - { - register_error(sprintf(elgg_echo("friends:remove:failure"),$friend->name)); - $errors = true; - } - } catch (Exception $e) { - register_error(sprintf(elgg_echo("friends:remove:failure"),$friend->name)); - $errors = true; - } - if (!$errors) - system_message(sprintf(elgg_echo("friends:remove:successful"),$friend->name)); - - // Forward to the user friends page - forward("pg/friends/" . $_SESSION['user']->username . "/"); - -?> \ No newline at end of file +// Forward to the user friends page +forward("pg/friends/" . $_SESSION['user']->username . "/"); diff --git a/actions/import/opendd.php b/actions/import/opendd.php index 9f01c879d..b91a38dc4 100644 --- a/actions/import/opendd.php +++ b/actions/import/opendd.php @@ -1,30 +1,30 @@ \ No newline at end of file +// Safety +admin_gatekeeper(); +action_gatekeeper(); + +// Get input +$data = get_input('data', '', false); + +// Import +$return = import($data); + +if ($return) { + system_message(elgg_echo('importsuccess')); +} else { + register_error(elgg_echo('importfail')); +} + +forward($_SERVER['HTTP_REFERER']); \ No newline at end of file diff --git a/actions/login.php b/actions/login.php index f3a60af6d..26a144045 100644 --- a/actions/login.php +++ b/actions/login.php @@ -1,82 +1,69 @@ validated) { - // give plugins a chance to respond - if (!trigger_plugin_hook('unvalidated_login_attempt','user',array('entity'=>$user))) { - // if plugins have not registered an action, the default action is to - // trigger the validation event again and assume that the validation - // event will display an appropriate message - trigger_elgg_event('validate', 'user', $user); - } - } else { - register_error(elgg_echo('loginerror')); - } - access_show_hidden_entities($access_status); - } else { - register_error(elgg_echo('loginerror')); - } - } - -?> \ No newline at end of file +// If all is present and correct, try to log in +$result = false; +if (!empty($username) && !empty($password)) { + if ($user = authenticate($username,$password)) { + $result = login($user, $persistent); + } +} + +// Set the system_message as appropriate +if ($result) { + system_message(elgg_echo('loginok')); + if ($_SESSION['last_forward_from']) { + $forward_url = $_SESSION['last_forward_from']; + $_SESSION['last_forward_from'] = ""; + forward($forward_url); + } else { + if ( (isadminloggedin()) && (!datalist_get('first_admin_login'))) { + system_message(elgg_echo('firstadminlogininstructions')); + datalist_set('first_admin_login', time()); + + forward('pg/admin/plugins'); + } else if (get_input('returntoreferer')) { + forward($_SERVER['HTTP_REFERER']); + } else { + forward("pg/dashboard/"); + } + } +} else { + $error_msg = elgg_echo('loginerror'); + // figure out why the login failed + if (!empty($username) && !empty($password)) { + // See if it exists and is disabled + $access_status = access_get_show_hidden_status(); + access_show_hidden_entities(true); + if (($user = get_user_by_username($username)) && !$user->validated) { + // give plugins a chance to respond + if (!trigger_plugin_hook('unvalidated_login_attempt','user',array('entity'=>$user))) { + // if plugins have not registered an action, the default action is to + // trigger the validation event again and assume that the validation + // event will display an appropriate message + trigger_elgg_event('validate', 'user', $user); + } + } else { + register_error(elgg_echo('loginerror')); + } + access_show_hidden_entities($access_status); + } else { + register_error(elgg_echo('loginerror')); + } +} \ No newline at end of file diff --git a/actions/logout.php b/actions/logout.php index 67ca6ad65..de062edd4 100644 --- a/actions/logout.php +++ b/actions/logout.php @@ -1,25 +1,19 @@ \ No newline at end of file +// Set the system_message as appropriate +if ($result) { + system_message(elgg_echo('logoutok')); +} else { + register_error(elgg_echo('logouterror')); +} \ No newline at end of file diff --git a/actions/notifications/settings/usersettings/save.php b/actions/notifications/settings/usersettings/save.php index 41e9e2b17..159dd501b 100644 --- a/actions/notifications/settings/usersettings/save.php +++ b/actions/notifications/settings/usersettings/save.php @@ -1,35 +1,28 @@ $v) - { - $result = set_user_notification_setting($_SESSION['user']->guid, $k, ($v == 'yes') ? true : false); - - if (!$result) - { - register_error(elgg_echo('notifications:usersettings:save:fail')); - //forward($_SERVER['HTTP_REFERER']); - - //exit; - } - } - - if ($result) - system_message(elgg_echo('notifications:usersettings:save:ok')); - else +// Method +$method = get_input('method'); +gatekeeper(); + +$result = false; +foreach ($method as $k => $v) { + $result = set_user_notification_setting($_SESSION['user']->guid, $k, ($v == 'yes') ? true : false); + + if (!$result) { register_error(elgg_echo('notifications:usersettings:save:fail')); - - //forward($_SERVER['HTTP_REFERER']); -?> \ No newline at end of file + } +} + +if ($result) { + system_message(elgg_echo('notifications:usersettings:save:ok')); +} else { + register_error(elgg_echo('notifications:usersettings:save:fail')); +} \ No newline at end of file diff --git a/actions/plugins/settings/save.php b/actions/plugins/settings/save.php index 25eba2d72..8abc3703b 100644 --- a/actions/plugins/settings/save.php +++ b/actions/plugins/settings/save.php @@ -1,40 +1,32 @@ $v) - { - // Save - $result = set_plugin_setting($k, $v, $plugin); - - // Error? - if (!$result) - { - register_error(sprintf(elgg_echo('plugins:settings:save:fail'), $plugin)); - - forward($_SERVER['HTTP_REFERER']); - - exit; - } +gatekeeper(); +action_gatekeeper(); + +$result = false; + +foreach ($params as $k => $v) { + // Save + $result = set_plugin_setting($k, $v, $plugin); + + // Error? + if (!$result) { + register_error(sprintf(elgg_echo('plugins:settings:save:fail'), $plugin)); + forward($_SERVER['HTTP_REFERER']); + exit; } +} - // An event to tell any interested plugins of the change is settings - //trigger_elgg_event('plugin_settings_save', $plugin, find_plugin_settings($plugin)); // replaced by plugin:setting event - - system_message(sprintf(elgg_echo('plugins:settings:save:ok'), $plugin)); - forward($_SERVER['HTTP_REFERER']); -?> \ No newline at end of file +system_message(sprintf(elgg_echo('plugins:settings:save:ok'), $plugin)); +forward($_SERVER['HTTP_REFERER']); \ No newline at end of file diff --git a/actions/plugins/usersettings/save.php b/actions/plugins/usersettings/save.php index 61e5c7afc..172e8ee04 100644 --- a/actions/plugins/usersettings/save.php +++ b/actions/plugins/usersettings/save.php @@ -1,40 +1,32 @@ $v) - { - // Save - $result = set_plugin_usersetting($k, $v, $_SESSION['user']->guid, $plugin); - - // Error? - if (!$result) - { - register_error(sprintf(elgg_echo('plugins:usersettings:save:fail'), $plugin)); - - forward($_SERVER['HTTP_REFERER']); - - exit; - } +gatekeeper(); +action_gatekeeper(); + +$result = false; + +foreach ($params as $k => $v) { + // Save + $result = set_plugin_usersetting($k, $v, $_SESSION['user']->guid, $plugin); + + // Error? + if (!$result) { + register_error(sprintf(elgg_echo('plugins:usersettings:save:fail'), $plugin)); + forward($_SERVER['HTTP_REFERER']); + exit; } +} - // An event to tell any interested plugins of the change is settings - //trigger_elgg_event('plugin_usersettings_save', $plugin, find_plugin_settings($plugin)); // replaced by plugin:usersetting event - - system_message(sprintf(elgg_echo('plugins:usersettings:save:ok'), $plugin)); - forward($_SERVER['HTTP_REFERER']); -?> \ No newline at end of file +system_message(sprintf(elgg_echo('plugins:usersettings:save:ok'), $plugin)); +forward($_SERVER['HTTP_REFERER']); \ No newline at end of file diff --git a/actions/register.php b/actions/register.php index 5c69624b3..5abd55a4b 100644 --- a/actions/register.php +++ b/actions/register.php @@ -1,81 +1,74 @@ disable_registration) - { - // For now, just try and register the user - - try { - if ( - ( - (trim($password)!="") && - (strcmp($password, $password2)==0) - ) && - ($guid = register_user($username, $password, $name, $email, false, $friend_guid, $invitecode)) - ) { - - $new_user = get_entity($guid); - if (($guid) && ($admin)) - { - admin_gatekeeper(); // Only admins can make someone an admin - $new_user->admin = 'yes'; - } - - // Send user validation request on register only - global $registering_admin; - if (!$registering_admin) - request_user_validation($guid); - - if (!$new_user->admin) - $new_user->disable('new_user', false); // Now disable if not an admin - // Don't do a recursive disable. Any entities owned by the user at this point - // are products of plugins that - - system_message(sprintf(elgg_echo("registerok"),$CONFIG->sitename)); - - forward(); // Forward on success, assume everything else is an error... - } else { - register_error(elgg_echo("registerbad")); - } - } catch (RegistrationException $r) { - register_error($r->getMessage()); +if (!$CONFIG->disable_registration) { +// For now, just try and register the user + try { + $guid = register_user($username, $password, $name, $email, false, $friend_guid, $invitecode); + if (((trim($password) != "") && (strcmp($password, $password2) == 0)) && ($guid)) { + $new_user = get_entity($guid); + if (($guid) && ($admin)) { + // Only admins can make someone an admin + admin_gatekeeper(); + $new_user->admin = 'yes'; } + + // Send user validation request on register only + global $registering_admin; + if (!$registering_admin) { + request_user_validation($guid); + } + + if (!$new_user->admin) { + // Now disable if not an admin + // Don't do a recursive disable. Any entities owned by the user at this point + // are products of plugins that hook into create user and might need + // access to the entities. + $new_user->disable('new_user', false); + } + + system_message(sprintf(elgg_echo("registerok"),$CONFIG->sitename)); + + // Forward on success, assume everything else is an error... + forward(); + } else { + register_error(elgg_echo("registerbad")); } - else - register_error(elgg_echo('registerdisabled')); - - $qs = explode('?',$_SERVER['HTTP_REFERER']); - $qs = $qs[0]; - $qs .= "?u=" . urlencode($username) . "&e=" . urlencode($email) . "&n=" . urlencode($name) . "&friend_guid=" . $friend_guid; - - forward($qs); + } catch (RegistrationException $r) { + register_error($r->getMessage()); + } +} else { + register_error(elgg_echo('registerdisabled')); +} + +$qs = explode('?',$_SERVER['HTTP_REFERER']); +$qs = $qs[0]; +$qs .= "?u=" . urlencode($username) . "&e=" . urlencode($email) . "&n=" . urlencode($name) . "&friend_guid=" . $friend_guid; -?> \ No newline at end of file +forward($qs); \ No newline at end of file diff --git a/actions/systemsettings/install.php b/actions/systemsettings/install.php index 8b0a31ced..819ef08ee 100644 --- a/actions/systemsettings/install.php +++ b/actions/systemsettings/install.php @@ -1,125 +1,125 @@ name = get_input('sitename'); - $site->url = get_input('wwwroot'); - $site->description = get_input('sitedescription'); - $site->email = get_input('siteemail'); - $site->access_id = ACCESS_PUBLIC; - $guid = $site->save(); - - if (!$guid) - throw new InstallationException(sprintf(elgg_echo('InstallationException:CantCreateSite'), get_input('sitename'), get_input('wwwroot'))); - - datalist_set('installed',time()); - - datalist_set('path', $path); - datalist_set('dataroot', $dataroot); - - datalist_set('default_site',$site->getGUID()); - - set_config('view', get_input('view'), $site->getGUID()); - set_config('language', get_input('language'), $site->getGUID()); - set_config('default_access', get_input('default_access'), $site->getGUID()); - - $debug = get_input('debug'); - if ($debug) - set_config('debug', 1, $site->getGUID()); - else - unset_config('debug', $site->getGUID()); - - $usage = get_input('usage'); - if (is_array($usage)) $usage = $usage[0]; - - if ($usage) - unset_config('ping_home', $site->getGUID()); - else - set_config('ping_home', 'disabled', $site->getGUID()); - - $api = get_input('api'); - if ($api) - unset_config('disable_api', $site->getGUID()); - else - set_config('disable_api', 'disabled', $site->getGUID()); - - $https_login = get_input('https_login'); - if ($https_login) - set_config('https_login', 1, $site->getGUID()); - else - unset_config('https_login', $site->getGUID()); - - // activate some plugins by default - if (isset($CONFIG->default_plugins)) - { - if (!is_array($CONFIG->default_plugins)) - $plugins = explode(',', $CONFIG->default_plugins); - else - $CONFIG->default_plugins = $CONFIG->default_plugins; - - foreach ($plugins as $plugin) - enable_plugin(trim($plugin), $site->getGUID()); - } - else - { - enable_plugin('profile', $site->getGUID()); - enable_plugin('river', $site->getGUID()); - enable_plugin('logbrowser', $site->getGUID()); - enable_plugin('diagnostics', $site->getGUID()); - enable_plugin('uservalidationbyemail', $site->getGUID()); - enable_plugin('htmlawed', $site->getGUID()); +elgg_set_viewtype('failsafe'); // Set failsafe again incase we get an exception thrown + +if (is_installed()) { + forward(); +} + +if (get_input('settings') == 'go') { + if (!datalist_get('default_site')) { + // Sanitise + $path = sanitise_filepath(get_input('path')); + $dataroot = sanitise_filepath(get_input('dataroot')); + + // Blank? + if ($dataroot == "/") { + throw new InstallationException(elgg_echo('InstallationException:DatarootBlank')); + } + + // That it's valid + if (stripos($dataroot, $path)!==false) { + throw new InstallationException(sprintf(elgg_echo('InstallationException:DatarootUnderPath'), $dataroot)); + } + + // Check data root is writable + if (!is_writable($dataroot)) { + throw new InstallationException(sprintf(elgg_echo('InstallationException:DatarootNotWritable'), $dataroot)); + } + + $site = new ElggSite(); + $site->name = get_input('sitename'); + $site->url = get_input('wwwroot'); + $site->description = get_input('sitedescription'); + $site->email = get_input('siteemail'); + $site->access_id = ACCESS_PUBLIC; + $guid = $site->save(); + + if (!$guid) { + throw new InstallationException(sprintf(elgg_echo('InstallationException:CantCreateSite'), get_input('sitename'), get_input('wwwroot'))); + } + + datalist_set('installed',time()); + + datalist_set('path', $path); + datalist_set('dataroot', $dataroot); + + datalist_set('default_site',$site->getGUID()); + + set_config('view', get_input('view'), $site->getGUID()); + set_config('language', get_input('language'), $site->getGUID()); + set_config('default_access', get_input('default_access'), $site->getGUID()); + + $debug = get_input('debug'); + if ($debug) { + set_config('debug', 1, $site->getGUID()); + } else { + unset_config('debug', $site->getGUID()); + } + + $usage = get_input('usage'); + if (is_array($usage)) { + $usage = $usage[0]; + } + + if ($usage) { + unset_config('ping_home', $site->getGUID()); + } else { + set_config('ping_home', 'disabled', $site->getGUID()); + } + + $api = get_input('api'); + if ($api) { + unset_config('disable_api', $site->getGUID()); + } else { + set_config('disable_api', 'disabled', $site->getGUID()); + } + + $https_login = get_input('https_login'); + if ($https_login) { + set_config('https_login', 1, $site->getGUID()); + } else { + unset_config('https_login', $site->getGUID()); + } + + // activate some plugins by default + if (isset($CONFIG->default_plugins)) { + if (!is_array($CONFIG->default_plugins)) { + $plugins = explode(',', $CONFIG->default_plugins); + } else { + $CONFIG->default_plugins = $CONFIG->default_plugins; } - - // Now ping home - if ($usage) - { - ping_home($site); + + foreach ($plugins as $plugin){ + enable_plugin(trim($plugin), $site->getGUID()); } - - system_message(elgg_echo("installation:configuration:success")); - - header("Location: ../../account/register.php"); - exit; - + } else { + enable_plugin('profile', $site->getGUID()); + enable_plugin('river', $site->getGUID()); + enable_plugin('logbrowser', $site->getGUID()); + enable_plugin('diagnostics', $site->getGUID()); + enable_plugin('uservalidationbyemail', $site->getGUID()); + enable_plugin('htmlawed', $site->getGUID()); } - - } -?> \ No newline at end of file + // Now ping home + if ($usage) { + ping_home($site); + } + + system_message(elgg_echo("installation:configuration:success")); + + header("Location: ../../account/register.php"); + exit; + } +} diff --git a/actions/user/default_access.php b/actions/user/default_access.php index b79200ad0..2e08631a1 100644 --- a/actions/user/default_access.php +++ b/actions/user/default_access.php @@ -1,44 +1,39 @@ allow_user_default_access) { +require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); +global $CONFIG; - gatekeeper(); - - $default_access = get_input('default_access'); - $user_id = get_input('guid'); - $user = ""; - - if (!$user_id) - $user = $_SESSION['user']; - else - $user = get_entity($user_id); - - if ($user) - { - $current_default_access = $user->getPrivateSetting('elgg_default_access'); - if ($default_access != $current_default_access) - { - if ($user->setPrivateSetting('elgg_default_access',$default_access)) - system_message(elgg_echo('user:default_access:success')); - else - register_error(elgg_echo('user:default_access:fail')); +if ($CONFIG->allow_user_default_access) { + gatekeeper(); + + $default_access = get_input('default_access'); + $user_id = get_input('guid'); + $user = ""; + + if (!$user_id) { + $user = $_SESSION['user']; + } else { + $user = get_entity($user_id); + } + + if ($user) { + $current_default_access = $user->getPrivateSetting('elgg_default_access'); + if ($default_access != $current_default_access) { + if ($user->setPrivateSetting('elgg_default_access',$default_access)) { + system_message(elgg_echo('user:default_access:success')); + } else { + register_error(elgg_echo('user:default_access:fail')); } } - else - register_error(elgg_echo('user:default_access:fail')); + } else { + register_error(elgg_echo('user:default_access:fail')); } - - //forward($_SERVER['HTTP_REFERER']); - //exit; -?> \ No newline at end of file +} \ No newline at end of file diff --git a/actions/user/language.php b/actions/user/language.php index cec650d7d..f0837e1e5 100644 --- a/actions/user/language.php +++ b/actions/user/language.php @@ -1,41 +1,37 @@ language)!=0) - { - $user->language = $language; - if ($user->save()) - system_message(elgg_echo('user:language:success')); - else - register_error(elgg_echo('user:language:fail')); +gatekeeper(); + +$language = get_input('language'); +$user_id = get_input('guid'); +$user = ""; + +if (!$user_id) { + $user = $_SESSION['user']; +} else { + $user = get_entity($user_id); +} + +if (($user) && ($language)) { + if (strcmp($language, $user->language)!=0) { + $user->language = $language; + if ($user->save()) { + system_message(elgg_echo('user:language:success')); + } else { + register_error(elgg_echo('user:language:fail')); } } - else - register_error(elgg_echo('user:language:fail')); - - //forward($_SERVER['HTTP_REFERER']); - //exit; -?> \ No newline at end of file +} else { + register_error(elgg_echo('user:language:fail')); +} diff --git a/actions/user/name.php b/actions/user/name.php index 1c102c25f..19a3422e8 100644 --- a/actions/user/name.php +++ b/actions/user/name.php @@ -1,41 +1,37 @@ name)!=0) - { - $user->name = $name; - if ($user->save()) - system_message(elgg_echo('user:name:success')); - else - register_error(elgg_echo('user:name:fail')); +gatekeeper(); + +$name = get_input('name'); +$user_id = get_input('guid'); +$user = ""; + +if (!$user_id) { + $user = $_SESSION['user']; +} else { + $user = get_entity($user_id); +} + +if (($user) && ($name)) { + if (strcmp($name, $user->name)!=0) { + $user->name = $name; + if ($user->save()) { + system_message(elgg_echo('user:name:success')); + } else { + register_error(elgg_echo('user:name:fail')); } } - else - register_error(elgg_echo('user:name:fail')); - - //forward($_SERVER['HTTP_REFERER']); - //exit; -?> \ No newline at end of file +} else { + register_error(elgg_echo('user:name:fail')); +} \ No newline at end of file diff --git a/actions/user/password.php b/actions/user/password.php index e8d67a87b..d2fcb95d8 100644 --- a/actions/user/password.php +++ b/actions/user/password.php @@ -1,48 +1,43 @@ =4) - { - if ($password == $password2) - { - $user->salt = generate_random_cleartext_password(); // Reset the salt - $user->password = generate_user_password($user, $password); - if ($user->save()) - system_message(elgg_echo('user:password:success')); - else - register_error(elgg_echo('user:password:fail')); +gatekeeper(); + +$password = get_input('password'); +$password2 = get_input('password2'); +$user_id = get_input('guid'); +$user = ""; + +if (!$user_id) { + $user = $_SESSION['user']; +} else { + $user = get_entity($user_id); +} + +if (($user) && ($password!="")) { + if (strlen($password)>=4) { + if ($password == $password2) { + $user->salt = generate_random_cleartext_password(); // Reset the salt + $user->password = generate_user_password($user, $password); + if ($user->save()) { + system_message(elgg_echo('user:password:success')); + } else { + register_error(elgg_echo('user:password:fail')); } - else - register_error(elgg_echo('user:password:fail:notsame')); + } else { + register_error(elgg_echo('user:password:fail:notsame')); } - else - register_error(elgg_echo('user:password:fail:tooshort')); + } else { + register_error(elgg_echo('user:password:fail:tooshort')); } - - //forward($_SERVER['HTTP_REFERER']); - //exit; -?> \ No newline at end of file +} \ No newline at end of file diff --git a/actions/user/passwordreset.php b/actions/user/passwordreset.php index ea744b955..c6d8a70b1 100644 --- a/actions/user/passwordreset.php +++ b/actions/user/passwordreset.php @@ -1,25 +1,24 @@ \ No newline at end of file +require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); +global $CONFIG; + +$user_guid = get_input('u'); +$code = get_input('c'); + +if (execute_new_password_request($user_guid, $code)) { + system_message(elgg_echo('user:password:success')); +} else { + register_error(elgg_echo('user:password:fail')); +} + +forward(); +exit; diff --git a/actions/user/requestnewpassword.php b/actions/user/requestnewpassword.php index a54e71b7e..d951e2ede 100644 --- a/actions/user/requestnewpassword.php +++ b/actions/user/requestnewpassword.php @@ -1,41 +1,40 @@ validated) { - if (send_new_password_request($user->guid)) - system_message(elgg_echo('user:password:resetreq:success')); - else - register_error(elgg_echo('user:password:resetreq:fail')); - } else if (!trigger_plugin_hook('unvalidated_requestnewpassword','user',array('entity'=>$user))) { - // if plugins have not registered an action, the default action is to - // trigger the validation event again and assume that the validation - // event will display an appropriate message - trigger_elgg_event('validate', 'user', $user); - } +require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); +global $CONFIG; + +action_gatekeeper(); + +$username = get_input('username'); + +$access_status = access_get_show_hidden_status(); +access_show_hidden_entities(true); +$user = get_user_by_username($username); +if ($user) { + if ($user->validated) { + if (send_new_password_request($user->guid)) { + system_message(elgg_echo('user:password:resetreq:success')); + } else { + register_error(elgg_echo('user:password:resetreq:fail')); + } + } else if (!trigger_plugin_hook('unvalidated_requestnewpassword','user',array('entity'=>$user))) { + // if plugins have not registered an action, the default action is to + // trigger the validation event again and assume that the validation + // event will display an appropriate message + trigger_elgg_event('validate', 'user', $user); } - else - register_error(sprintf(elgg_echo('user:username:notfound'), $username)); - - access_show_hidden_entities($access_status); - forward(); - exit; -?> \ No newline at end of file +} else { + register_error(sprintf(elgg_echo('user:username:notfound'), $username)); +} + +access_show_hidden_entities($access_status); +forward(); +exit; \ No newline at end of file diff --git a/actions/user/spotlight.php b/actions/user/spotlight.php index 8f50df2c8..ff111461e 100644 --- a/actions/user/spotlight.php +++ b/actions/user/spotlight.php @@ -1,15 +1,21 @@ spotlightclosed = $closed; - exit; +gatekeeper(); -?> \ No newline at end of file +$closed = get_input('closed','true'); +if ($closed != 'true') { + $closed = false; +} else { + $closed = true; +} + +$_SESSION['user']->spotlightclosed = $closed; +exit; \ No newline at end of file diff --git a/actions/useradd.php b/actions/useradd.php index 0149a9753..2a8f64fd5 100644 --- a/actions/useradd.php +++ b/actions/useradd.php @@ -1,57 +1,53 @@ admin = 'yes'; - - $new_user->admin_created = true; - $new_user->created_by_guid = get_loggedin_userid(); - - - notify_user($new_user->guid, $CONFIG->site->guid, elgg_echo('useradd:subject'), sprintf(elgg_echo('useradd:body'), $name, $CONFIG->site->name, $CONFIG->site->url, $username, $password)); - - system_message(sprintf(elgg_echo("adduser:ok"),$CONFIG->sitename)); - } else { - register_error(elgg_echo("adduser:bad")); +require_once(dirname(dirname(__FILE__)) . "/engine/start.php"); + +admin_gatekeeper(); // Only admins can add a user +action_gatekeeper(); + +// Get variables +global $CONFIG; +$username = get_input('username'); +$password = get_input('password'); +$password2 = get_input('password2'); +$email = get_input('email'); +$name = get_input('name'); + +$admin = get_input('admin'); +if (is_array($admin)) { + $admin = $admin[0]; +} + +// For now, just try and register the user +try { + $guid = register_user($username, $password, $name, $email, true); + + if (((trim($password) != "") && (strcmp($password, $password2)==0)) && ($guid)) { + $new_user = get_entity($guid); + if (($guid) && ($admin)) { + $new_user->admin = 'yes'; } - } catch (RegistrationException $r) { - register_error($r->getMessage()); + + $new_user->admin_created = true; + $new_user->created_by_guid = get_loggedin_userid(); + + notify_user($new_user->guid, $CONFIG->site->guid, elgg_echo('useradd:subject'), sprintf(elgg_echo('useradd:body'), $name, $CONFIG->site->name, $CONFIG->site->url, $username, $password)); + + system_message(sprintf(elgg_echo("adduser:ok"),$CONFIG->sitename)); + } else { + register_error(elgg_echo("adduser:bad")); } +} catch (RegistrationException $r) { + register_error($r->getMessage()); +} - forward($_SERVER['HTTP_REFERER']); - exit; -?> \ No newline at end of file +forward($_SERVER['HTTP_REFERER']); +exit; \ No newline at end of file diff --git a/actions/usersettings/save.php b/actions/usersettings/save.php index 8c920def1..cf551cc7c 100644 --- a/actions/usersettings/save.php +++ b/actions/usersettings/save.php @@ -1,22 +1,18 @@ +forward($_SERVER['HTTP_REFERER']); \ No newline at end of file diff --git a/actions/widgets/add.php b/actions/widgets/add.php index 14653eb18..66d133195 100644 --- a/actions/widgets/add.php +++ b/actions/widgets/add.php @@ -1,43 +1,32 @@ canEdit()) { - - $result = add_widget($user->getGUID(),$handler,$context,0,$column); - - } - - } - - } - - if ($result) { - system_message(elgg_echo('widgets:save:success')); - } else { - register_error(elgg_echo('widgets:save:failure')); +if (!empty($guid)) { + if ($user = get_entity($guid)) { + if ($user->canEdit()) { + $result = add_widget($user->getGUID(),$handler,$context,0,$column); } - - forward($_SERVER['HTTP_REFERER']); + } +} + +if ($result) { + system_message(elgg_echo('widgets:save:success')); +} else { + register_error(elgg_echo('widgets:save:failure')); +} -?> \ No newline at end of file +forward($_SERVER['HTTP_REFERER']); \ No newline at end of file diff --git a/actions/widgets/reorder.php b/actions/widgets/reorder.php index 3e3a98ebb..9398630ca 100644 --- a/actions/widgets/reorder.php +++ b/actions/widgets/reorder.php @@ -1,32 +1,26 @@ \ No newline at end of file +forward($_SERVER['HTTP_REFERER']); \ No newline at end of file diff --git a/actions/widgets/save.php b/actions/widgets/save.php index 6fdf79c11..60861acb8 100644 --- a/actions/widgets/save.php +++ b/actions/widgets/save.php @@ -1,38 +1,32 @@ \ No newline at end of file +if (!$noforward) { + forward($_SERVER['HTTP_REFERER']); +} \ No newline at end of file -- cgit v1.2.3