oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
webgui/lib/WebGUI/Operation/Shared.pm
Colin Kuskie 21c4fcb75f This patch adds user invitations, a way for existing users on a site 
to send an email to their friends and invite them to create an account
on the site.  The feature is enabled or disabled in the site Settings.
(Operation/Settings.pm)

It is implemented as a new operation, Invite (Operation/Invite.pm,
Help/Invite.pm, i18n/English/Invite.pm), and the option is displayed
as an option on the user's account screen. (Operation/Shared.pm).
The form is templated, and lives in the Invite namespace.  Once
the invitation is submitted, if the user's email address is not
already in WebGUI, an email is sent and a record is stored in
the userInvitations table.

When the friend gets the invitation, they are taken to the account
creation screen, which conveniently has their email address already
filled in.  This required changes in the Auth modules (Auth.pm, Auth/*.pm),
and ProfileField.pm.  The latter was so that profile fields can have
their values manually set.  The former changes handle inserting the
email address, bypassing the anonymous registration check, and
updating the record in ther userInvitations table.

I refactored some code out of the AdminConsole for finding the url
back to the site and added it to Session/Url.pm.  The method is
called getBackToSiteUrl.
2007-06-10 16:38:43 +00:00

134 lines
4.6 KiB
Perl
Raw Blame History

package WebGUI::Operation::Shared;
#-------------------------------------------------------------------
# WebGUI is Copyright 2001-2006 Plain Black Corporation.
#-------------------------------------------------------------------
# Please read the legal notices (docs/legal.txt) and the license
# (docs/license.txt) that came with this distribution before using
# this software.
#-------------------------------------------------------------------
# http://www.plainblack.com info@plainblack.com
#-------------------------------------------------------------------
use strict;
use WebGUI::International;
use Safe;
=head1 NAME
Package WebGUI::Operation::Shared
=head1 DESCRIPTION
Shared routines for WebGUI Operations.
=head2 accountOptions ( $session )
Copies the requested database link in the form variable C<dlid> if the user
is in group Admin (3). Returns the user to the List Database Links screen.
=cut
#-------------------------------------------------------------------
sub accountOptions {
my $session = shift;
my $i18n = WebGUI::International->new($session);
my @array;
if ($session->user->isInGroup(12)) {
my %hash;
if ($session->var->get("adminOn")) {
$hash{'options.display'} .= '<a href="'.$session->url->page('op=switchOffAdmin').'">'.$i18n->get(12).'</a>';
} else {
$hash{'options.display'} .= '<a href="'.$session->url->page('op=switchOnAdmin').'">'.$i18n->get(63).'</a>';
}
push(@array,\%hash);
}
unless ($session->form->process("op") eq "displayAccount"){
my %hash;
$hash{'options.display'} = '<a href="'.$session->url->page('op=auth;method=init').'">'.$i18n->get(342).'</a>';
push(@array,\%hash);
}
unless ($session->form->process("op") eq "editProfile"){
my %hash;
$hash{'options.display'} = '<a href="'.$session->url->page('op=editProfile').'">'.$i18n->get(341).'</a>';
push(@array,\%hash);
}
unless ($session->form->process("op") eq "viewProfile"){
my %hash;
$hash{'options.display'} = '<a href="'.$session->url->page('op=viewProfile;uid='.$session->user->userId).'">'.$i18n->get(343).'</a>';
push(@array,\%hash);
}
unless ($session->form->process("op") eq "viewInbox"){
my %hash;
$hash{'options.display'} = '<a href="'.$session->url->page('op=viewInbox').'">'.$i18n->get(354).'</a>';
push(@array,\%hash);
}
unless ($session->form->process("op") eq "redeemSubscriptionCode") {
push(@array, {'options.display' => '<a href="'.$session->url->page('op=redeemSubscriptionCode').'">'.$i18n->get('redeem code', 'Subscription').'</a>'});
}
if ($session->setting->get('userInvitationsEnabled')) {
push @array, {
'options.display' => sprintf('<a href=%s>%s</a>', $session->url->page('op=inviteUser'), $i18n->get('invite a friend')),
};
}
my %logout;
$logout{'options.display'} = '<a href="'.$session->url->page('op=auth;method=logout').'">'.$i18n->get(64).'</a>';
push(@array,\%logout);
if ($session->setting->get("selfDeactivation") && !$session->user->isInGroup(3)){
my %hash;
$hash{'options.display'} = '<a href="'.$session->url->page('op=auth;method=deactivateAccount').'">'.$i18n->get(65).'</a>';
push(@array,\%hash);
}
return \@array;
}
=head2 secureEval ( $session, $code )
Eval $code inside of a Safe compartment to prevent sneaky attacks, mainly for use with
the Profile system, where internationalized labels are stored as perl code inside
the database.
=cut
#-------------------------------------------------------------------
# This function is here to replace the dangerous eval calls in the User Profile System.
sub secureEval {
my $session = shift;
my $code = shift;
# Handle WebGUI function calls
my $i18n = WebGUI::International->new($session);
my %trusted = (
'WebGUI::International::get' => sub {$i18n->get(@_)},
'WebGUI::International::getLanguages' => sub { $i18n->getLanguages(@_) },
'WebGUI::DateTime::epochToHuman' => sub { $session->datetime->epochToHuman(@_) },
'$session->datetime->epochToHuman' => sub { $session->datetime->epochToHuman(@_) },
'WebGUI::Icon::getToolbarOptions' => sub { $session->icon->getToolbarOptions() },
);
foreach my $function (keys %trusted ) {
while ($code =~ /($function\(([^)]*)\)\s*;*)/g) {
my $cmd = $1;
my @param = split (/,\s*/,$2);
@param = map { s/^['"]|['"]$//g; $_; } @param;
my $output = $trusted{$function}(@param);
return $output if (ref $output);
$output =~ s/\'/\\\'/g;
$code =~ s/\Q$cmd/\'$output\'/g;
}
}
# Execute simple perl code like ['English'] for default value.
# Inside the Safe compartment there's no WebGUI available
my $compartment = new Safe;
my $eval = $compartment->reval($code);
if ($eval) {
return $eval;
}
return $code;
}
1;
Reference in a new issue View git blame Copy permalink