AAAAPK+B\V index.htmlnuW+A PK+B\"d plugins.phpnuW+A true)) { $model = parent::getModel($name, $prefix, $config); return $model; } } PK+B\桜} plugin.phpnuW+A Order allow,deny Deny from all PK\B\G category.phpnuW+Aextension)) { $this->extension = JRequest::getCmd('extension', 'com_content'); } } /** * Method to check if you can add a new record. * * @param array $data An array of input data. * * @return boolean * * @since 1.6 */ protected function allowAdd($data = array()) { $user = JFactory::getUser(); return ($user->authorise('core.create', $this->extension) || count($user->getAuthorisedCategories($this->extension, 'core.create'))); } /** * Method to check if you can edit a record. * * @param array $data An array of input data. * @param string $key The name of the key for the primary key. * * @return boolean * * @since 1.6 */ protected function allowEdit($data = array(), $key = 'parent_id') { // Initialise variables. $recordId = (int) isset($data[$key]) ? $data[$key] : 0; $user = JFactory::getUser(); $userId = $user->get('id'); // Check general edit permission first. if ($user->authorise('core.edit', $this->extension)) { return true; } // Check specific edit permission. if ($user->authorise('core.edit', $this->extension . '.category.' . $recordId)) { return true; } // Fallback on edit.own. // First test if the permission is available. if ($user->authorise('core.edit.own', $this->extension . '.category.' . $recordId) || $user->authorise('core.edit.own', $this->extension)) { // Now test the owner is the user. $ownerId = (int) isset($data['created_user_id']) ? $data['created_user_id'] : 0; if (empty($ownerId) && $recordId) { // Need to do a lookup from the model. $record = $this->getModel()->getItem($recordId); if (empty($record)) { return false; } $ownerId = $record->created_user_id; } // If the owner matches 'me' then do the test. if ($ownerId == $userId) { return true; } } return false; } /** * Method to run batch operations. * * @param object $model The model. * * @return boolean True if successful, false otherwise and internal error is set. * * @since 1.6 */ public function batch($model = null) { JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN')); // Set the model $model = $this->getModel('Category'); // Preset the redirect $this->setRedirect('index.php?option=com_categories&view=categories&extension=' . $this->extension); return parent::batch($model); } /** * Gets the URL arguments to append to an item redirect. * * @param integer $recordId The primary key id for the item. * @param string $urlVar The name of the URL variable for the id. * * @return string The arguments to append to the redirect URL. * * @since 1.6 */ protected function getRedirectToItemAppend($recordId = null, $urlVar = 'id') { $append = parent::getRedirectToItemAppend($recordId); $append .= '&extension=' . $this->extension; return $append; } /** * Gets the URL arguments to append to a list redirect. * * @return string The arguments to append to the redirect URL. * * @since 1.6 */ protected function getRedirectToListAppend() { $append = parent::getRedirectToListAppend(); $append .= '&extension=' . $this->extension; return $append; } } PK\B\>,n n categories.phpnuW+A true)) { $model = parent::getModel($name, $prefix, $config); return $model; } /** * Rebuild the nested set tree. * * @return bool False on failure or error, true on success. * @since 1.6 */ public function rebuild() { JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN')); $extension = JRequest::getCmd('extension'); $this->setRedirect(JRoute::_('index.php?option=com_categories&view=categories&extension='.$extension, false)); // Initialise variables. $model = $this->getModel(); if ($model->rebuild()) { // Rebuild succeeded. $this->setMessage(JText::_('COM_CATEGORIES_REBUILD_SUCCESS')); return true; } else { // Rebuild failed. $this->setMessage(JText::_('COM_CATEGORIES_REBUILD_FAILURE')); return false; } } /** * Save the manual order inputs from the categories list page. * * @return void * @since 1.6 */ public function saveorder() { JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN')); // Get the arrays from the Request $order = JRequest::getVar('order', null, 'post', 'array'); $originalOrder = explode(',', JRequest::getString('original_order_values')); // Make sure something has changed if (!($order === $originalOrder)) { parent::saveorder(); } else { // Nothing to reorder $this->setRedirect(JRoute::_('index.php?option='.$this->option.'&view='.$this->view_list, false)); return true; } } /** Deletes and returns correctly. * * @return void * @since 2.5.12 */ public function delete() { JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN')); // Get items to remove from the request. $cid = JRequest::getVar('cid', array(), '', 'array'); $extension = JRequest::getVar('extension', null); if (!is_array($cid) || count($cid) < 1) { JError::raiseWarning(500, JText::_($this->text_prefix . '_NO_ITEM_SELECTED')); } else { // Get the model. $model = $this->getModel(); // Make sure the item ids are integers jimport('joomla.utilities.arrayhelper'); JArrayHelper::toInteger($cid); // Remove the items. if ($model->delete($cid)) { $this->setMessage(JText::plural($this->text_prefix . '_N_ITEMS_DELETED', count($cid))); } else { $this->setMessage($model->getError()); } } $this->setRedirect(JRoute::_('index.php?option=' . $this->option . '&extension=' . $extension, false)); } } PKeB\u weblink.phpnuW+AsetRedirect($this->getReturnPage()); } } /** * Method override to check if you can add a new record. * * @param array $data An array of input data. * @return boolean * @since 1.6 */ protected function allowAdd($data = array()) { // Initialise variables. $user = JFactory::getUser(); $categoryId = JArrayHelper::getValue($data, 'catid', JRequest::getInt('id'), 'int'); $allow = null; if ($categoryId) { // If the category has been passed in the URL check it. $allow = $user->authorise('core.create', $this->option.'.category.'.$categoryId); } if ($allow === null) { // In the absense of better information, revert to the component permissions. return parent::allowAdd($data); } else { return $allow; } } /** * Method to check if you can add a new record. * * @param array $data An array of input data. * @param string $key The name of the key for the primary key. * * @return boolean * @since 1.6 */ protected function allowEdit($data = array(), $key = 'id') { // Initialise variables. $recordId = (int) isset($data[$key]) ? $data[$key] : 0; $categoryId = 0; if ($recordId) { $categoryId = (int) $this->getModel()->getItem($recordId)->catid; } if ($categoryId) { // The category has been set. Check the category permissions. return JFactory::getUser()->authorise('core.edit', $this->option.'.category.'.$categoryId); } else { // Since there is no asset tracking, revert to the component permissions. return parent::allowEdit($data, $key); } } /** * Method to cancel an edit. * * @param string $key The name of the primary key of the URL variable. * * @return Boolean True if access level checks pass, false otherwise. * @since 1.6 */ public function cancel($key = 'w_id') { parent::cancel($key); // Redirect to the return page. $this->setRedirect($this->getReturnPage()); } /** * Method to edit an existing record. * * @param string $key The name of the primary key of the URL variable. * @param string $urlVar The name of the URL variable if different from the primary key (sometimes required to avoid router collisions). * * @return Boolean True if access level check and checkout passes, false otherwise. * @since 1.6 */ public function edit($key = null, $urlVar = 'w_id') { $result = parent::edit($key, $urlVar); return $result; } /** * Method to get a model object, loading it if required. * * @param string $name The model name. Optional. * @param string $prefix The class prefix. Optional. * @param array $config Configuration array for model. Optional. * * @return object The model. * @since 1.5 */ public function getModel($name = 'form', $prefix = '', $config = array('ignore_request' => true)) { $model = parent::getModel($name, $prefix, $config); return $model; } /** * Gets the URL arguments to append to an item redirect. * * @param int $recordId The primary key id for the item. * @param string $urlVar The name of the URL variable for the id. * * @return string The arguments to append to the redirect URL. * @since 1.6 */ protected function getRedirectToItemAppend($recordId = null, $urlVar = null) { $append = parent::getRedirectToItemAppend($recordId, $urlVar); $itemId = JRequest::getInt('Itemid'); $return = $this->getReturnPage(); if ($itemId) { $append .= '&Itemid='.$itemId; } if ($return) { $append .= '&return='.base64_encode($return); } return $append; } /** * Get the return URL. * * If a "return" variable has been passed in the request * * @return string The return URL. * @since 1.6 */ protected function getReturnPage() { $return = JRequest::getVar('return', null, 'default', 'base64'); if (empty($return) || !JUri::isInternal(base64_decode($return))) { return JURI::base(); } else { return base64_decode($return); } } /** * Function that allows child controller access to model data after the data has been saved. * * @param JModel $model The data model object. * @param array $validData The validated data. * * @return void * @since 1.6 */ protected function postSaveHook(JModel &$model, $validData = array()) { $task = $this->getTask(); if ($task == 'save') { $this->setRedirect(JRoute::_('index.php?option=com_weblinks&view=category&id='.$validData['catid'], false)); } } /** * Method to save a record. * * @param string $key The name of the primary key of the URL variable. * @param string $urlVar The name of the URL variable if different from the primary key (sometimes required to avoid router collisions). * * @return Boolean True if successful, false otherwise. * @since 1.6 */ public function save($key = null, $urlVar = 'w_id') { $result = parent::save($key, $urlVar); // If ok, redirect to the return page. if ($result) { $this->setRedirect($this->getReturnPage()); } return $result; } /** * Go to a weblink * * @return void * @since 1.6 */ public function go() { // Get the ID from the request $id = JRequest::getInt('id'); // Get the model, requiring published items $modelLink = $this->getModel('Weblink', '', array('ignore_request' => true)); $modelLink->setState('filter.published', 1); // Get the item $link = $modelLink->getItem($id); // Make sure the item was found. if (empty($link)) { return JError::raiseWarning(404, JText::_('COM_WEBLINKS_ERROR_WEBLINK_NOT_FOUND')); } // Check whether item access level allows access. $user = JFactory::getUser(); $groups = $user->getAuthorisedViewLevels(); if (!in_array($link->access, $groups)) { return JError::raiseError(403, JText::_('JERROR_ALERTNOAUTHOR')); } // Check whether category access level allows access. $modelCat = $this->getModel('Category', 'WeblinksModel', array('ignore_request' => true)); $modelCat->setState('filter.published', 1); // Get the category $category = $modelCat->getCategory($link->catid); // Make sure the category was found. if (empty($category)) { return JError::raiseWarning(404, JText::_('COM_WEBLINKS_ERROR_WEBLINK_NOT_FOUND')); } // Check whether item access level allows access. if (!in_array($category->access, $groups)) { return JError::raiseError(403, JText::_('JERROR_ALERTNOAUTHOR')); } // Redirect to the URL // TODO: Probably should check for a valid http link if ($link->url) { $modelLink->hit($id); JFactory::getApplication()->redirect($link->url); } else { return JError::raiseWarning(404, JText::_('COM_WEBLINKS_ERROR_WEBLINK_URL_INVALID')); } } } PKtB\?@ modules.phpnuW+AgetModel(); $model->duplicate($pks); $this->setMessage(JText::plural('COM_MODULES_N_MODULES_DUPLICATED', count($pks))); } catch (Exception $e) { JError::raiseWarning(500, $e->getMessage()); } $this->setRedirect('index.php?option=com_modules&view=modules'); } /** * Method to get a model object, loading it if required. * * @param string $name The model name. Optional. * @param string $prefix The class prefix. Optional. * @param array $config Configuration array for model. Optional. * * @return object The model. * * @since 1.6 */ public function getModel($name = 'Module', $prefix = 'ModulesModel', $config = array('ignore_request' => true)) { $model = parent::getModel($name, $prefix, $config); return $model; } } PKtB\̪ module.phpnuW+Ainput->get('eid', 0, 'int'); if (empty($extensionId)) { $this->setRedirect(JRoute::_('index.php?option='.$this->option.'&view='.$this->view_item.'&layout=edit', false)); return JError::raiseWarning(500, JText::_('COM_MODULES_ERROR_INVALID_EXTENSION')); } $app->setUserState('com_modules.add.module.extension_id', $extensionId); $app->setUserState('com_modules.add.module.params', null); // Parameters could be coming in for a new item, so let's set them. $params = $app->input->get('params', array(), 'array'); $app->setUserState('com_modules.add.module.params', $params); } /** * Override parent cancel method to reset the add module state. * * @param string $key The name of the primary key of the URL variable. * * @return boolean True if access level checks pass, false otherwise. * * @since 1.6 */ public function cancel($key = null) { // Initialise variables. $app = JFactory::getApplication(); $result = parent::cancel(); $app->setUserState('com_modules.add.module.extension_id', null); $app->setUserState('com_modules.add.module.params', null); return $result; } /** * Override parent allowSave method. * * @param array $data An array of input data. * @param string $key The name of the key for the primary key. * * @return boolean * * @since 1.6 */ protected function allowSave($data, $key = 'id') { // use custom position if selected if (empty($data['position'])) { $data['position'] = $data['custom_position']; } unset($data['custom_position']); return parent::allowSave($data, $key); } /** * Method to run batch operations. * * @param string $model The model * * @return boolean True on success. * * @since 1.7 */ public function batch($model = null) { JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN')); // Set the model $model = $this->getModel('Module', '', array()); // Preset the redirect $this->setRedirect(JRoute::_('index.php?option=com_modules&view=modules'.$this->getRedirectToListAppend(), false)); return parent::batch($model); } /** * Function that allows child controller access to model data after the data has been saved. * * @param JModel &$model The data model object. * @param array $validData The validated data. * * @return void * * @since 1.6 */ protected function postSaveHook(JModel &$model, $validData = array()) { // Initialise variables. $app = JFactory::getApplication(); $task = $this->getTask(); switch ($task) { case 'save2new': $app->setUserState('com_modules.add.module.extension_id', $model->getState('module.extension_id')); break; default: $app->setUserState('com_modules.add.module.extension_id', null); break; } $app->setUserState('com_modules.add.module.params', null); } } PKitB\~# featured.phpnuW+A $id) { if (!$user->authorise('core.delete', 'com_content.article.'.(int) $id)) { // Prune items that you can't delete. unset($ids[$i]); JError::raiseNotice(403, JText::_('JERROR_CORE_DELETE_NOT_PERMITTED')); } } if (empty($ids)) { JError::raiseWarning(500, JText::_('JERROR_NO_ITEMS_SELECTED')); } else { // Get the model. $model = $this->getModel(); // Remove the items. if (!$model->featured($ids, 0)) { JError::raiseWarning(500, $model->getError()); } } $this->setRedirect('index.php?option=com_content&view=featured'); } /** * Method to publish a list of articles. * * @return void * @since 1.0 */ function publish() { parent::publish(); $this->setRedirect('index.php?option=com_content&view=featured'); } /** * Method to get a model object, loading it if required. * * @param string $name The model name. Optional. * @param string $prefix The class prefix. Optional. * @param array $config Configuration array for model. Optional. * * @return object The model. * * @since 1.6 */ public function getModel($name = 'Feature', $prefix = 'ContentModel', $config = array('ignore_request' => true)) { $model = parent::getModel($name, $prefix, $config); return $model; } } PKitB\'( ( articles.phpnuW+Aview_list = 'featured'; } parent::__construct($config); $this->registerTask('unfeatured', 'featured'); } /** * Method to toggle the featured setting of a list of articles. * * @return void * @since 1.6 */ function featured() { // Check for request forgeries JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN')); // Initialise variables. $user = JFactory::getUser(); $ids = JRequest::getVar('cid', array(), '', 'array'); $values = array('featured' => 1, 'unfeatured' => 0); $task = $this->getTask(); $value = JArrayHelper::getValue($values, $task, 0, 'int'); // Access checks. foreach ($ids as $i => $id) { if (!$user->authorise('core.edit.state', 'com_content.article.'.(int) $id)) { // Prune items that you can't change. unset($ids[$i]); JError::raiseNotice(403, JText::_('JLIB_APPLICATION_ERROR_EDITSTATE_NOT_PERMITTED')); } } if (empty($ids)) { JError::raiseWarning(500, JText::_('JERROR_NO_ITEMS_SELECTED')); } else { // Get the model. $model = $this->getModel(); // Publish the items. if (!$model->featured($ids, $value)) { JError::raiseWarning(500, $model->getError()); } } $this->setRedirect('index.php?option=com_content&view=articles'); } /** * Proxy for getModel. * * @param string $name The name of the model. * @param string $prefix The prefix for the PHP class name. * * @return JModel * @since 1.6 */ public function getModel($name = 'Article', $prefix = 'ContentModel', $config = array('ignore_request' => true)) { $model = parent::getModel($name, $prefix, $config); return $model; } } PKitB\:: article.phpnuW+Aview_list = 'featured'; $this->view_item = 'article&return=featured'; } parent::__construct($config); } /** * Method override to check if you can add a new record. * * @param array $data An array of input data. * * @return boolean * * @since 1.6 */ protected function allowAdd($data = array()) { // Initialise variables. $user = JFactory::getUser(); $categoryId = JArrayHelper::getValue($data, 'catid', JRequest::getInt('filter_category_id'), 'int'); $allow = null; if ($categoryId) { // If the category has been passed in the data or URL check it. $allow = $user->authorise('core.create', 'com_content.category.' . $categoryId); } if ($allow === null) { // In the absense of better information, revert to the component permissions. return parent::allowAdd(); } else { return $allow; } } /** * Method override to check if you can edit an existing record. * * @param array $data An array of input data. * @param string $key The name of the key for the primary key. * * @return boolean * * @since 1.6 */ protected function allowEdit($data = array(), $key = 'id') { // Initialise variables. $recordId = (int) isset($data[$key]) ? $data[$key] : 0; $user = JFactory::getUser(); $userId = $user->get('id'); // Check general edit permission first. if ($user->authorise('core.edit', 'com_content.article.' . $recordId)) { return true; } // Fallback on edit.own. // First test if the permission is available. if ($user->authorise('core.edit.own', 'com_content.article.' . $recordId)) { // Now test the owner is the user. $ownerId = (int) isset($data['created_by']) ? $data['created_by'] : 0; if (empty($ownerId) && $recordId) { // Need to do a lookup from the model. $record = $this->getModel()->getItem($recordId); if (empty($record)) { return false; } $ownerId = $record->created_by; } // If the owner matches 'me' then do the test. if ($ownerId == $userId) { return true; } } // Since there is no asset tracking, revert to the component permissions. return parent::allowEdit($data, $key); } /** * Method to run batch operations. * * @param object $model The model. * * @return boolean True if successful, false otherwise and internal error is set. * * @since 1.6 */ public function batch($model = null) { JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN')); // Set the model $model = $this->getModel('Article', '', array()); // Preset the redirect $this->setRedirect(JRoute::_('index.php?option=com_content&view=articles' . $this->getRedirectToListAppend(), false)); return parent::batch($model); } } PKB\$$ levels.phpnuW+A true)); } } PKB\note.phpnuW+Ainput->get('u_id', 0, 'int'); if ($userId) { $append .= '&u_id=' . $userId; } return $append; } } PKB\$@[ level.phpnuW+Aauthorise('core.admin', $this->option) && parent::allowSave($data, $key)); } /** * Method to remove a record. */ public function delete() { // Check for request forgeries. JSession::checkToken() or jexit(JText::_('JInvalid_Token')); // Initialise variables. $user = JFactory::getUser(); $ids = JRequest::getVar('cid', array(), '', 'array'); if (!JFactory::getUser()->authorise('core.admin', $this->option)) { JError::raiseError(500, JText::_('JERROR_ALERTNOAUTHOR')); jexit(); } elseif (empty($ids)) { JError::raiseWarning(500, JText::_('COM_USERS_NO_LEVELS_SELECTED')); } else { // Get the model. $model = $this->getModel(); JArrayHelper::toInteger($ids); // Remove the items. if (!$model->delete($ids)) { JError::raiseWarning(500, $model->getError()); } else { $this->setMessage(JText::plural('COM_USERS_N_LEVELS_DELETED', count($ids))); } } $this->setRedirect('index.php?option=com_users&view=levels'); } } PKB\IJ! ! users.phpnuW+AregisterTask('block', 'changeBlock'); $this->registerTask('unblock', 'changeBlock'); } /** * Proxy for getModel. * * @param string $name The model name. Optional. * @param string $prefix The class prefix. Optional. * @param array $config Configuration array for model. Optional. * * @return object The model. * * @since 1.6 */ public function getModel($name = 'User', $prefix = 'UsersModel', $config = array('ignore_request' => true)) { return parent::getModel($name, $prefix, $config); } /** * Method to change the block status on a record. * * @return void * * @since 1.6 */ public function changeBlock() { // Check for request forgeries. JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN')); // Initialise variables. $ids = JRequest::getVar('cid', array(), '', 'array'); $values = array('block' => 1, 'unblock' => 0); $task = $this->getTask(); $value = JArrayHelper::getValue($values, $task, 0, 'int'); if (empty($ids)) { JError::raiseWarning(500, JText::_('COM_USERS_USERS_NO_ITEM_SELECTED')); } else { // Get the model. $model = $this->getModel(); // Change the state of the records. if (!$model->block($ids, $value)) { JError::raiseWarning(500, $model->getError()); } else { if ($value == 1) { $this->setMessage(JText::plural('COM_USERS_N_USERS_BLOCKED', count($ids))); } elseif ($value == 0) { $this->setMessage(JText::plural('COM_USERS_N_USERS_UNBLOCKED', count($ids))); } } } $this->setRedirect('index.php?option=com_users&view=users'); } /** * Method to activate a record. * * @return void * * @since 1.6 */ public function activate() { // Check for request forgeries. JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN')); // Initialise variables. $ids = JRequest::getVar('cid', array(), '', 'array'); if (empty($ids)) { JError::raiseWarning(500, JText::_('COM_USERS_USERS_NO_ITEM_SELECTED')); } else { // Get the model. $model = $this->getModel(); // Change the state of the records. if (!$model->activate($ids)) { JError::raiseWarning(500, $model->getError()); } else { $this->setMessage(JText::plural('COM_USERS_N_USERS_ACTIVATED', count($ids))); } } $this->setRedirect('index.php?option=com_users&view=users'); } } PKB\ Ey# # groups.phpnuW+A true)); } /** * Removes an item. * * Overrides JControllerAdmin::delete to check the core.admin permission. * * @since 1.6 */ function delete() { if (!JFactory::getUser()->authorise('core.admin', $this->option)) { JError::raiseError(500, JText::_('JERROR_ALERTNOAUTHOR')); jexit(); } return parent::delete(); } /** * Method to publish a list of records. * * Overrides JControllerAdmin::publish to check the core.admin permission. * * @since 1.6 */ function publish() { if (!JFactory::getUser()->authorise('core.admin', $this->option)) { JError::raiseError(500, JText::_('JERROR_ALERTNOAUTHOR')); jexit(); } return parent::publish(); } /** * Changes the order of one or more records. * * Overrides JControllerAdmin::reorder to check the core.admin permission. * * @since 1.6 */ public function reorder() { if (!JFactory::getUser()->authorise('core.admin', $this->option)) { JError::raiseError(500, JText::_('JERROR_ALERTNOAUTHOR')); jexit(); } return parent::reorder(); } /** * Method to save the submitted ordering values for records. * * Overrides JControllerAdmin::saveorder to check the core.admin permission. * * @since 1.6 */ public function saveorder() { if (!JFactory::getUser()->authorise('core.admin', $this->option)) { JError::raiseError(500, JText::_('JERROR_ALERTNOAUTHOR')); jexit(); } return parent::saveorder(); } /** * Check in of one or more records. * * Overrides JControllerAdmin::checkin to check the core.admin permission. * * @since 1.6 */ public function checkin() { if (!JFactory::getUser()->authorise('core.admin', $this->option)) { JError::raiseError(500, JText::_('JERROR_ALERTNOAUTHOR')); jexit(); } return parent::checkin(); } } PKB\&\}}mail.phpnuW+A */ defined('_JEXEC') or die; /** * Users mail controller. * * @package Joomla.Administrator * @subpackage com_users */ class UsersControllerMail extends JControllerLegacy { public function send() { // Check for request forgeries. JSession::checkToken('request') or jexit(JText::_('JINVALID_TOKEN')); $model = $this->getModel('Mail'); if ($model->send()) { $type = 'message'; } else { $type = 'error'; } $msg = $model->getError(); $this->setredirect('index.php?option=com_users&view=mail', $msg, $type); } public function cancel() { // Check for request forgeries. JSession::checkToken('request') or jexit(JText::_('JINVALID_TOKEN')); $this->setRedirect('index.php'); } } PKB\sZ  user.phpnuW+Aauthorise('core.admin')) { return false; } } return parent::allowEdit($data, $key); } /** * Method to run batch operations. * * @param object $model The model. * * @return boolean True on success, false on failure * * @since 2.5 */ public function batch($model = null) { JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN')); // Set the model $model = $this->getModel('User', '', array()); // Preset the redirect $this->setRedirect(JRoute::_('index.php?option=com_users&view=users' . $this->getRedirectToListAppend(), false)); return parent::batch($model); } /** * Overrides parent save method to check the submitted passwords match. * * @param string $key The name of the primary key of the URL variable. * @param string $urlVar The name of the URL variable if different from the primary key (sometimes required to avoid router collisions). * * @return boolean True if successful, false otherwise. * * @since 1.6 */ public function save($key = null, $urlVar = null) { $data = JRequest::getVar('jform', array(), 'post', 'array'); // TODO: JForm should really have a validation handler for this. if (isset($data['password']) && isset($data['password2'])) { // Check the passwords match. if ($data['password'] != $data['password2']) { $this->setMessage(JText::_('JLIB_USER_ERROR_PASSWORD_NOT_MATCH'), 'warning'); $this->setRedirect(JRoute::_('index.php?option=com_users&view=user&layout=edit', false)); } unset($data['password2']); } return parent::save(); } } PKB\gd22 notes.phpnuW+A true)) { return parent::getModel($name, $prefix, $config); } } PKB\{{ group.phpnuW+Aauthorise('core.admin', $this->option) && parent::allowSave($data, $key)); } /** * Overrides JControllerForm::allowEdit * * Checks that non-Super Admins are not editing Super Admins. * * @param array An array of input data. * @param string The name of the key for the primary key. * * @return boolean * @since 1.6 */ protected function allowEdit($data = array(), $key = 'id') { // Check if this group is a Super Admin if (JAccess::checkGroup($data[$key], 'core.admin')) { // If I'm not a Super Admin, then disallow the edit. if (!JFactory::getUser()->authorise('core.admin')) { return false; } } return parent::allowEdit($data, $key); } } PK+B\V index.htmlnuW+APK+B\"d Yplugins.phpnuW+APK+B\桜} ^plugin.phpnuW+APK+B\) `.htaccessnuW+APK\B\G category.phpnuW+APK\B\>,n n categories.phpnuW+APKeB\u $weblink.phpnuW+APKtB\?@ Amodules.phpnuW+APKtB\̪ Hmodule.phpnuW+APKitB\~# Wfeatured.phpnuW+APKitB\'( ( _articles.phpnuW+APKitB\:: Hjarticle.phpnuW+APKB\$$ xlevels.phpnuW+APKB\|note.phpnuW+APKB\$@[ +level.phpnuW+APKB\IJ! !  users.phpnuW+APKB\ Ey# # fgroups.phpnuW+APKB\&\}}àmail.phpnuW+APKB\sZ  xuser.phpnuW+APKB\gd22 notes.phpnuW+APKB\{{ )group.phpnuW+APKݺ