1<?php 2/** 3 * @package tikiwiki 4 */ 5// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project 6// 7// All Rights Reserved. See copyright.txt for details and a complete list of authors. 8// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. 9// $Id$ 10 11require_once('tiki-setup.php'); 12$usermoduleslib = TikiLib::lib('usermodules'); 13$smarty = TikiLib::lib('smarty'); 14global $tiki_p_configure_modules, $prefs, $user; 15$actions = [ 16 'mc_unassign' => [ 17 'method' => 'unassign_user_module', 18 'success' => tr('User module unassigned'), 19 'error' => tr('User module not unassigned'), 20 ], 21 'mc_up' => [ 22 'method' => 'swap_up_user_module', 23 'success' => tr('User module moved up'), 24 'error' => tr('User module not moved up'), 25 ], 26 'mc_down' => [ 27 'method' => 'swap_down_user_module', 28 'success' => tr('User module moved down'), 29 'error' => tr('User module not moved down'), 30 ], 31 'mc_move' => [ 32 'method' => 'move_module', 33 'success' => tr('User module moved to opposite side'), 34 'error' => tr('User module not moved to opposite side'), 35 ], 36]; 37$actions = array_intersect_key($actions, $_REQUEST); 38$check_req = count($actions); 39if ($tiki_p_configure_modules != 'y' && $check_req) { 40 Feedback::errorPage(['mes' => tr('You do not have permission to use this feature'), 'errortype' => 401]); 41} 42if ($prefs['user_assigned_modules'] != 'y' && $check_req) { 43 Feedback::errorPage(tr('This feature is disabled') . ': user_assigned_modules'); 44} 45if (! $user && $check_req) { 46 Feedback::errorPage(tr('You must log in to use this feature')); 47} 48$request_uri = $url = isset($_SERVER["REQUEST_URI"]) ? $_SERVER['REQUEST_URI'] : ''; 49$access = TikiLib::lib('access'); 50foreach ($actions as $action => $settings) { 51 if (isset($_REQUEST[$action]) && $access->checkCsrf()) { 52 // Assign default user modules if user has not yet configured modules 53 if (! $usermoduleslib->user_has_assigned_modules($user)) { 54 $usermoduleslib->create_user_assigned_modules($user); 55 } 56 $method = $settings['method']; 57 $result = $usermoduleslib->$method($_REQUEST[$action], $user); 58 /** @var TikiDb_Pdo_Result|TikiDb_Adodb_Result $result */ 59 if ($result && $result->numRows()) { 60 Feedback::success($settings['success']); 61 } else { 62 Feedback::error($settings['error']); 63 } 64 65 } 66 // Remove module movemet paramaters from an URL 67 // \todo What if 'mc_xxx' arg was not at the end? (if smbd fix URL by hands...) 68 // should I handle this very special (hack?) case? 69 $url = preg_replace('/(.*)(\?|&){1}(mc_up|mc_down|mc_move|mc_unassign)=[^&]*/', '\1', $url); 70} 71 72// Fix locaton if parameter was removed... 73if ($url != $request_uri || (isset($_POST['redirect']) && $_POST['redirect'])) { 74 $access->redirect($url); 75} 76$smarty->assign('current_location', $url); 77$smarty->assign('mpchar', (strpos($url, '?') ? '&' : '?')); 78