PluginProbe ʕ •ᴥ•ʔ
VikAppointments Services Booking Calendar / trunk
VikAppointments Services Booking Calendar vtrunk
trunk 1.2.17 1.2.18 1.2.19
vikappointments / admin / controllers / media.php
vikappointments / admin / controllers Last commit date
analytics.php 4 years ago apiban.php 4 years ago apilog.php 4 years ago apiplugin.php 4 years ago apiuser.php 4 years ago backup.php 4 years ago calendar.php 4 years ago city.php 4 years ago closure.php 1 month ago configapp.php 4 years ago configcldays.php 2 years ago configcron.php 4 years ago configemp.php 4 years ago configsmsapi.php 4 years ago configuration.php 1 month ago conversion.php 1 year ago country.php 4 years ago coupon.php 4 years ago coupongroup.php 4 years ago cronjob.php 2 years ago cronjoblog.php 4 years ago customer.php 4 months ago customf.php 1 year ago dashboard.php 4 years ago emplocwdays.php 4 years ago employee.php 1 year ago emprates.php 4 years ago export.php 4 years ago exportres.php 4 years ago file.php 4 months ago findreservation.php 1 month ago group.php 4 years ago import.php 4 years ago index.html 4 years ago invoice.php 1 month ago langcustomf.php 4 years ago langemployee.php 4 years ago langgroup.php 4 years ago langmedia.php 4 years ago langoption.php 4 years ago langoptiongroup.php 4 years ago langpackage.php 4 years ago langpackgroup.php 4 years ago langpayment.php 4 years ago langservice.php 4 years ago langstatuscode.php 4 years ago langsubscr.php 4 years ago langtax.php 4 years ago location.php 4 years ago mailtext.php 2 years ago makerecurrence.php 1 month ago media.php 4 years ago multiorder.php 4 years ago option.php 4 months ago optiongroup.php 4 years ago package.php 2 years ago packgroup.php 4 years ago packorder.php 1 year ago payment.php 4 years ago rate.php 4 years ago reportsemp.php 4 years ago reportsser.php 4 years ago reservation.php 1 month ago restriction.php 4 years ago review.php 4 years ago service.php 1 year ago serworkday.php 4 months ago state.php 4 years ago statuscode.php 4 years ago subscription.php 4 years ago subscrorder.php 4 years ago tag.php 4 years ago tax.php 4 years ago usernote.php 4 years ago waitinglist.php 4 years ago webhook.php 4 years ago wizard.php 1 year ago
media.php
339 lines
1 <?php
2 /**
3 * @package VikAppointments
4 * @subpackage core
5 * @author E4J s.r.l.
6 * @copyright Copyright (C) 2021 E4J s.r.l. All Rights Reserved.
7 * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL
8 * @link https://vikwp.com
9 */
10
11 // No direct access
12 defined('ABSPATH') or die('No script kiddies please!');
13
14 VAPLoader::import('libraries.mvc.controllers.admin');
15
16 /**
17 * VikAppointments media controller.
18 *
19 * @since 1.7
20 */
21 class VikAppointmentsControllerMedia extends VAPControllerAdmin
22 {
23 /**
24 * Task used to access the creation page of a new record.
25 *
26 * @return boolean
27 */
28 public function add()
29 {
30 $app = JFactory::getApplication();
31 $user = JFactory::getUser();
32
33 // unset user state for being recovered again
34 $app->setUserState('vap.media.data', array());
35
36 // check user permissions
37 if (!$user->authorise('core.create', 'com_vikappointments') || !$user->authorise('core.access.media', 'com_vikappointments'))
38 {
39 // back to main list, not authorised to create records
40 $app->enqueueMessage(JText::translate('JERROR_ALERTNOAUTHOR'), 'error');
41 $this->cancel();
42
43 return false;
44 }
45
46 $url = 'index.php?option=com_vikappointments&view=newmedia';
47
48 if ($app->input->getBool('configure'))
49 {
50 // append configuration flag
51 $url .= '&configure=1';
52 }
53
54 $this->setRedirect($url);
55
56 return true;
57 }
58
59 /**
60 * Task used to access the management page of an existing record.
61 *
62 * @return boolean
63 */
64 public function edit()
65 {
66 $app = JFactory::getApplication();
67 $user = JFactory::getUser();
68
69 // unset user state for being recovered again
70 $app->setUserState('vap.media.data', array());
71
72 // check user permissions
73 if (!$user->authorise('core.edit', 'com_vikappointments') || !$user->authorise('core.access.media', 'com_vikappointments'))
74 {
75 // back to main list, not authorised to edit records
76 $app->enqueueMessage(JText::translate('JERROR_ALERTNOAUTHOR'), 'error');
77 $this->cancel();
78
79 return false;
80 }
81
82 $cid = $app->input->getString('cid', array(''));
83
84 $this->setRedirect('index.php?option=com_vikappointments&view=managemedia&cid[]=' . $cid[0]);
85
86 return true;
87 }
88
89 /**
90 * Task used to save the record data set in the request.
91 * After saving, the user is redirected to the main list.
92 *
93 * @return void
94 */
95 public function saveclose()
96 {
97 if ($this->save())
98 {
99 $this->setRedirect('index.php?option=com_vikappointments&view=media');
100 }
101 }
102
103 /**
104 * Task used to save the record data set in the request.
105 * After saving, the user is redirected to the creation
106 * page of a new record.
107 *
108 * @return void
109 */
110 public function savenew()
111 {
112 if ($this->save())
113 {
114 $this->setRedirect('index.php?option=com_vikappointments&task=media.add');
115 }
116 }
117
118 /**
119 * Task used to save the record data set in the request.
120 * After saving, the user is redirected to the management
121 * page of the record that has been saved.
122 *
123 * @return boolean
124 */
125 public function save()
126 {
127 $app = JFactory::getApplication();
128 $input = $app->input;
129 $user = JFactory::getUser();
130
131 /**
132 * Added token validation.
133 *
134 * @since 1.7
135 */
136 if (!JSession::checkToken())
137 {
138 // back to main list, missing CSRF-proof token
139 $app->enqueueMessage(JText::translate('JINVALID_TOKEN'), 'error');
140 $this->cancel();
141
142 return false;
143 }
144
145 $args = array();
146 $args['id'] = $input->get('media', null, 'string');
147 $args['name'] = $input->get('name', null, 'string');
148 $args['action'] = $input->get('action', 0, 'uint');
149 $args['oriwres'] = $input->get('oriwres', 512, 'uint');
150 $args['orihres'] = $input->get('orihres', 512, 'uint');
151 $args['smallwres'] = $input->get('smallwres', 256, 'uint');
152 $args['smallhres'] = $input->get('smallhres', 256, 'uint');
153 $args['isresize'] = $input->get('isresize', 0, 'uint');
154 $args['alt'] = $input->get('alt', '', 'string');
155 $args['title'] = $input->get('title', '', 'string');
156 $args['caption'] = $input->get('caption', '', 'string');
157
158 $args['file'] = $input->files->get('file', null, 'array');
159
160 $rule = 'core.' . ($args['id'] ? 'edit' : 'create');
161
162 // check user permissions
163 if (!$user->authorise($rule, 'com_vikappointments') || !$user->authorise('core.access.media', 'com_vikappointments'))
164 {
165 // back to main list, not authorised to create/edit records
166 $app->enqueueMessage(JText::translate('JERROR_ALERTNOAUTHOR'), 'error');
167 $this->cancel();
168
169 return false;
170 }
171
172 // get media model
173 $media = $this->getModel();
174
175 // try to save arguments
176 $id = $media->save($args);
177
178 if ($id === false)
179 {
180 // get string error
181 $error = $media->getError(null, true);
182
183 // display error message
184 $app->enqueueMessage(JText::sprintf('JLIB_APPLICATION_ERROR_SAVE_FAILED', $error), 'error');
185
186 if ($args['id'])
187 {
188 $url = 'index.php?option=com_vikappointments&view=managemedia&cid[]=' . $args['id'];
189 }
190 else
191 {
192 $url = 'index.php?option=com_vikappointments&view=newmedia';
193 }
194
195 // redirect to new/edit page
196 $this->setRedirect($url);
197
198 return false;
199 }
200
201 // display generic successful message
202 $app->enqueueMessage(JText::translate('JLIB_APPLICATION_SAVE_SUCCESS'));
203
204 // redirect to edit page
205 $this->setRedirect('index.php?option=com_vikappointments&task=media.edit&cid[]=' . $id);
206
207 return true;
208 }
209
210 /**
211 * Task used to upload files via AJAX.
212 *
213 * @return void
214 */
215 public function dropupload()
216 {
217 $input = JFactory::getApplication()->input;
218
219 /**
220 * Added token validation.
221 *
222 * @since 1.7
223 */
224 if (!JSession::checkToken())
225 {
226 // missing CSRF-proof token
227 UIErrorFactory::raiseError(403, JText::translate('JINVALID_TOKEN'));
228 }
229
230 $args = array();
231 $args['file'] = 'file';
232 $args['path'] = $input->get('path', null, 'base64');
233 $args['oriwres'] = $input->get('oriwres', null, 'uint');
234 $args['orihres'] = $input->get('orihres', null, 'uint');
235 $args['smallwres'] = $input->get('smallwres', null, 'uint');
236 $args['smallhres'] = $input->get('smallhres', null, 'uint');
237 $args['isresize'] = $input->get('isresize', 0, 'uint');
238
239 // get media model
240 $media = $this->getModel();
241
242 // try to save arguments
243 $id = $media->save($args);
244
245 if ($id === false)
246 {
247 // get string error
248 $error = $media->getError(null, true);
249
250 // something went wrong, raise error
251 UIErrorFactory::raiseError(500, $error);
252 }
253
254 // get saved data
255 $data = $media->getData();
256
257 // in case of success, retrieve media properties
258 $resp = AppointmentsHelper::getFileProperties($data['file']);
259
260 if ($resp)
261 {
262 // include HTML preview of the media file
263 $resp['html'] = $media->renderMedia($resp['file']);
264 }
265
266 $this->sendJSON($resp);
267 }
268
269 /**
270 * Deletes a list of records set in the request.
271 *
272 * @return boolean
273 */
274 public function delete()
275 {
276 $app = JFactory::getApplication();
277 $user = JFactory::getUser();
278
279 /**
280 * Added token validation.
281 * Both GET and POST are supported.
282 *
283 * @since 1.7
284 */
285 if (!JSession::checkToken() && !JSession::checkToken('get'))
286 {
287 // back to main list, missing CSRF-proof token
288 $app->enqueueMessage(JText::translate('JINVALID_TOKEN'), 'error');
289 $this->cancel();
290
291 return false;
292 }
293
294 $cid = $app->input->get('cid', array(), 'string');
295 $ajax = $app->input->getBool('ajax');
296 $path = $app->input->getBase64('path', null);
297
298 // check user permissions
299 if (!$user->authorise('core.delete', 'com_vikappointments') || !$user->authorise('core.access.media', 'com_vikappointments'))
300 {
301 if ($ajax)
302 {
303 UIErrorFactory::raiseError(403, JText::translate('JERROR_ALERTNOAUTHOR'));
304 }
305 else
306 {
307 // back to main list, not authorised to delete records
308 $app->enqueueMessage(JText::translate('JERROR_ALERTNOAUTHOR'), 'error');
309 $this->cancel();
310
311 return false;
312 }
313 }
314
315 // delete selected records
316 $res = $this->getModel()->delete($cid, $path);
317
318 if ($ajax)
319 {
320 $this->sendJSON($res);
321 }
322
323 // back to main list
324 $this->cancel();
325
326 return true;
327 }
328
329 /**
330 * Redirects the users to the main records list.
331 *
332 * @return void
333 */
334 public function cancel()
335 {
336 $this->setRedirect('index.php?option=com_vikappointments&view=media');
337 }
338 }
339