From e7c564133f6f50c2b14be9b0e2cad162f4531726 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Mon, 1 Feb 2010 11:02:36 -0800
Subject: Use single quotes on the <?xml tag for readability.

---
 modules/rss/views/feed.mrss.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules')

diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php
index a61ee96c..cdb4f0f0 100644
--- a/modules/rss/views/feed.mrss.php
+++ b/modules/rss/views/feed.mrss.php
@@ -1,5 +1,5 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
-<? echo "<?xml version=\"1.0\" ?>" ?>
+<? echo '<?xml version="1.0" ?>' ?>
 <rss version="2.0" xmlns:media="http://search.yahoo.com/mrss/"
    xmlns:atom="http://www.w3.org/2005/Atom"
    xmlns:content="http://purl.org/rss/1.0/modules/content/"
-- 
cgit v1.2.3


From 48cb5021c6bd7e65a13a0ff50a9e76f72da7d3a1 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Mon, 1 Feb 2010 16:28:52 -0800
Subject: Add the scheduler component to the admin maintenance screen.

---
 modules/gallery/controllers/admin_maintenance.php | 2 ++
 modules/gallery/views/admin_maintenance.html.php  | 8 ++++++++
 2 files changed, 10 insertions(+)

(limited to 'modules')

diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php
index 3062ea09..d9363d30 100644
--- a/modules/gallery/controllers/admin_maintenance.php
+++ b/modules/gallery/controllers/admin_maintenance.php
@@ -44,6 +44,8 @@ class Admin_Maintenance_Controller extends Admin_Controller {
     $view->content->task_definitions = task::get_definitions();
     $view->content->running_tasks = ORM::factory("task")
       ->where("done", "=", 0)->order_by("updated", "DESC")->find_all();
+    $view->content->schedule_definitions =
+      module::is_active("scheduler") ? scheduler::get_definitions() : "";
     $view->content->finished_tasks = ORM::factory("task")
       ->where("done", "=", 1)->order_by("updated", "DESC")->find_all();
     print $view;
diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php
index ac597715..15d04caa 100644
--- a/modules/gallery/views/admin_maintenance.html.php
+++ b/modules/gallery/views/admin_maintenance.html.php
@@ -33,12 +33,20 @@
               class="g-dialog-link g-button ui-icon-left ui-state-default ui-corner-all">
               <?= t("run") ?>
             </a>
+            <? if (module::is_active("scheduler")): ?>
+            <a href="<?= url::site("form/add/admin/schedule/$task->callback?csrf=$csrf") ?>"
+              class="g-dialog-link g-button ui-icon-left ui-state-default ui-corner-all">
+              <?= t("schedule") ?>
+            </a>
+            <? endif ?>
           </td>
         </tr>
         <? endforeach ?>
       </table>
     </div>
 
+    <?= $schedule_definitions ?>
+
     <? if ($running_tasks->count()): ?>
     <div id="g-running-tasks">
       <h2> <?= t("Running tasks") ?> </h2>
-- 
cgit v1.2.3


From 5ded9e8ac5935e41c08d1766974ce31890efd7f0 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Mon, 1 Feb 2010 16:31:24 -0800
Subject: Refactor starting a task into the task helper so we can call it
 multiple times.

---
 modules/gallery/controllers/admin_maintenance.php | 5 +----
 modules/gallery/helpers/task.php                  | 9 +++++++++
 2 files changed, 10 insertions(+), 4 deletions(-)

(limited to 'modules')

diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php
index d9363d30..487e77a6 100644
--- a/modules/gallery/controllers/admin_maintenance.php
+++ b/modules/gallery/controllers/admin_maintenance.php
@@ -58,13 +58,10 @@ class Admin_Maintenance_Controller extends Admin_Controller {
   public function start($task_callback) {
     access::verify_csrf();
 
-    $tasks = task::get_definitions();
-    $task = task::create($tasks[$task_callback], array());
+    $task = task::start($task_callback);
     $view = new View("admin_maintenance_task.html");
     $view->task = $task;
 
-    $task->log(t("Task %task_name started (task id %task_id)",
-                         array("task_name" => $task->name, "task_id" => $task->id)));
     log::info("tasks", t("Task %task_name started (task id %task_id)",
                          array("task_name" => $task->name, "task_id" => $task->id)),
               html::anchor("admin/maintenance", t("maintenance")));
diff --git a/modules/gallery/helpers/task.php b/modules/gallery/helpers/task.php
index 645850d1..aa0eb94d 100644
--- a/modules/gallery/helpers/task.php
+++ b/modules/gallery/helpers/task.php
@@ -35,6 +35,15 @@ class task_Core {
     return $tasks;
   }
 
+  static function start($task_callback, $context=array()) {
+    $tasks = task::get_definitions();
+    $task = task::create($tasks[$task_callback], array());
+
+    $task->log(t("Task %task_name started (task id %task_id)",
+                 array("task_name" => $task->name, "task_id" => $task->id)));
+    return $task;
+  }
+
   static function create($task_def, $context) {
     $task = ORM::factory("task");
     $task->callback = $task_def->callback;
-- 
cgit v1.2.3


From a10bdd8f0e436e8bb41430ca5d18fb2e1682773c Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Mon, 1 Feb 2010 17:13:29 -0800
Subject: Add a task scheduling module.  In the admin maintenance, create an
 event from an existing task.  When the task becomes due, it will run
 depending on traffic to the web site.  It uses the gallery_shutdown event to
 time slice the task.

---
 modules/scheduler/controllers/admin_schedule.php   | 105 ++++++++++++++++
 modules/scheduler/helpers/scheduler.php            | 133 +++++++++++++++++++++
 modules/scheduler/helpers/scheduler_event.php      |  64 ++++++++++
 modules/scheduler/helpers/scheduler_installer.php  |  42 +++++++
 modules/scheduler/models/schedule.php              |  33 +++++
 modules/scheduler/module.info                      |   3 +
 modules/scheduler/views/admin_schedule.html.php    |  11 ++
 .../views/admin_schedule_confirm.html.php          |   4 +
 .../scheduler/views/scheduler_definitions.html.php |  49 ++++++++
 9 files changed, 444 insertions(+)
 create mode 100644 modules/scheduler/controllers/admin_schedule.php
 create mode 100644 modules/scheduler/helpers/scheduler.php
 create mode 100644 modules/scheduler/helpers/scheduler_event.php
 create mode 100644 modules/scheduler/helpers/scheduler_installer.php
 create mode 100644 modules/scheduler/models/schedule.php
 create mode 100644 modules/scheduler/module.info
 create mode 100644 modules/scheduler/views/admin_schedule.html.php
 create mode 100644 modules/scheduler/views/admin_schedule_confirm.html.php
 create mode 100644 modules/scheduler/views/scheduler_definitions.html.php

(limited to 'modules')

diff --git a/modules/scheduler/controllers/admin_schedule.php b/modules/scheduler/controllers/admin_schedule.php
new file mode 100644
index 00000000..6911cf86
--- /dev/null
+++ b/modules/scheduler/controllers/admin_schedule.php
@@ -0,0 +1,105 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Admin_Schedule_Controller extends Admin_Controller {
+  public function form_add($task_callback) {
+    access::verify_csrf();
+
+    $schedule = ORM::factory("schedule");
+    $schedule->task_callback = $task_callback;
+    $schedule->next_run_datetime = time();
+    $v = new View("admin_schedule.html");
+    $v->form = scheduler::get_form("define", $schedule);
+    $v->method = "define";
+    print $v;
+  }
+
+  public function update_form($id) {
+    access::verify_csrf();
+
+
+    $schedule = ORM::factory("schedule", $id);
+    $v = new View("admin_schedule.html");
+    $v->form = scheduler::get_form("update", $schedule);
+    $v->method = "update";
+    print $v;
+  }
+
+  public function remove_form($id) {
+    access::verify_csrf();
+
+    $schedule = ORM::factory("schedule", $id);
+
+    $v = new View("admin_schedule_confirm.html");
+    $v->name = $schedule->name;
+    $v->form = new Forge("admin/schedule/remove/{$id}", "", "post",
+                         array("id" => "g-remove-schedule"));
+    $group = $v->form->group("remove");
+    $group->submit("")->value(t("Continue"));
+    print $v;
+  }
+
+  public function remove($id) {
+    access::verify_csrf();
+    $schedule = ORM::factory("schedule", $id);
+    $schedule->delete();
+
+    message::success(t("Removed scheduled task: %name", array("name" => $schedule->name)));
+    print json_encode(array("result" => "success", "reload" => 1));
+  }
+
+  public function define() {
+    $this->_handle_request("define");
+   }
+
+  public function update($id=null) {
+    $this->_handle_request("update", $id);
+   }
+
+  private function _handle_request($method, $id=null) {
+    $schedule = ORM::factory("schedule", $id);
+    $form = scheduler::get_form($method, $schedule);
+    $valid = $form->validate();
+    if ($valid) {
+      $schedule->name = $form->schedule_group->schedule_name->value;
+      $schedule->interval = $form->schedule_group->interval->value;
+      $schedule->next_run_datetime =
+        $this->_start_date($form->schedule_group->run_date->dow->selected,
+                           $form->schedule_group->run_date->time->value);
+      $schedule->task_callback = $form->schedule_group->callback->value;
+      $schedule->save();
+      if ($method == "define") {
+        message::success(t("Added scheduled task: %name", array("name" => $schedule->name)));
+      } else {
+        message::success(t("Updated scheduled task: %name", array("name" => $schedule->name)));
+      }
+      print json_encode(array("result" => "success", "reload" => 1));
+    } else {
+      print json_encode(array("result" => "error", "form" => (string) $form));
+    }
+  }
+
+  private function _start_date($dow, $time) {
+    list ($hour, $minutes) = explode(":", $time);
+    $local_time = localtime();
+    $days = ($dow < $local_time[6] ? 7 : 0) + $dow - $local_time[6];
+    return
+      mktime($hour, $minutes, 0, $local_time[4] + 1, $local_time[3] + $days, 1900 + $local_time[5]);
+  }
+}
diff --git a/modules/scheduler/helpers/scheduler.php b/modules/scheduler/helpers/scheduler.php
new file mode 100644
index 00000000..987b1b32
--- /dev/null
+++ b/modules/scheduler/helpers/scheduler.php
@@ -0,0 +1,133 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class scheduler_Core {
+
+  static function intervals() {
+    static $intervals;
+    if (empty($intervals)) {
+      $intervals = array("3600" => t("Hourly"), "86400" => t("Daily"),
+                         "604800" => t("Weekly"), "2419200" => t("Monthly"));
+    }
+    return $intervals;
+  }
+
+  static function get_form($method, $schedule) {
+    if ($method == "define") {
+      $title = t("Create a scheduled event");
+      $button_text = t("Create");
+    } else {
+      $title = t("Update a scheduled event");
+      $button_text = t("Update");
+    }
+
+    $id = empty($schedule->id) ? "" : "/$schedule->id";
+    $form = new Forge("admin/schedule/$method{$id}", "", "post",
+                      array("id" => "g-{$method}-schedule"));
+    $group = $form->group("schedule_group")->label($title);
+    $group->input("schedule_name")
+      ->label(t("Description"))
+      ->id("g-schedule-name")
+      ->rules("required|length[0, 128]")
+      ->error_messages("required", t("You must provide a description"))
+      ->error_messages("length", t("Your description is too long"))
+      ->value(!empty($schedule->name) ? $schedule->name : "");
+
+    list ($dow, $display_time) = scheduler::format_time($schedule->next_run_datetime);
+    $next = $group->group("run_date")->label(t("Scheduled Date"));
+    $next->dropdown("dow")
+      ->label(t("Day"))
+      ->id("g-schedule-day")
+      ->rules("required")
+      ->options(array(t("Sunday"), t("Monday"), t("Tuesday"), t("Wednesday"),
+                      t("Thursday"), t("Friday"), t("Saturday")))
+      ->selected($dow);
+
+    $next->input("time")
+      ->label(t("Hour"))
+      ->id("g-schedule-time")
+      ->rules("required")
+      ->error_messages("required", t("You must provide a time"))
+      ->error_messages("time_invalid", t("Invalid time"))
+      ->callback("scheduler::valid_time")
+      ->value($display_time);
+
+    // need to set the top padding to zero on g-define-schedule li.g-error
+    $group->dropdown("interval")->label(t("How often"))->id("g-schedule-frequency")
+      ->options(scheduler::intervals())
+      ->rules("required")
+      ->error_messages("required", t("You must provide an interval"))
+      ->selected(!empty($schedule->interval) ? $schedule->interval : "2419200");
+    $group->hidden("callback")->value($schedule->task_callback);
+    $group->submit("")->value($button_text);
+
+    return $form;
+  }
+
+  static function format_time($time) {
+    $local_time = localtime($time);
+    $display_time = str_pad($local_time[2], 2, "0", STR_PAD_LEFT) . ":" .
+      str_pad($local_time[1], 2, "0", STR_PAD_LEFT);
+    return array($local_time[6], $display_time);
+  }
+
+  static function valid_time($field) {
+    if (preg_match("/([0-9]{1,2}):([0-9]{2})/", $field->value, $matches)) {
+      $hour = (int)$matches[1];
+      $minutes = (int)$matches[2];
+      if (!(0 <= $hour && $hour<= 23 || 0 <= $minutes && $minutes <= 59)) {
+        $field->add_error("time_invalid", 1);
+      }
+    } else {
+      $field->add_error("time_invalid", 1);
+    }
+  }
+
+  static function get_definitions() {
+    $v = "";
+    $events = ORM::factory("schedule")
+      ->order_by("next_run_datetime", "asc")
+      ->find_all();
+    if ($events->count()) {
+      $v = new View("scheduler_definitions.html");
+      $v->schedule_definitions = array();
+      foreach ($events as $schedule) {
+        $entry[] = $schedule->id;
+        $entry[] = $schedule->name;
+        $run_date = strftime("%A, %b %e, %Y %H:%M ", $schedule->next_run_datetime);
+        $intervals = scheduler::intervals();
+        $interval = $intervals[$schedule->interval];
+        if (!empty($schedule->task_id)) {
+          $status = t("Running");
+        } else if ($schedule->next_run_datetime < time()) {
+          $status = t("Overdue");
+        } else  {
+          $status = t("Scheduled");
+        }
+
+        $v->schedule_definitions[] = (object)array("id" => $schedule->id,
+                                                   "name" => $schedule->name,
+                                                   "run_date" => $run_date,
+                                                   "interval" => $interval,
+                                                   "status" => $status);
+      }
+    }
+    return $v;
+  }
+}
\ No newline at end of file
diff --git a/modules/scheduler/helpers/scheduler_event.php b/modules/scheduler/helpers/scheduler_event.php
new file mode 100644
index 00000000..365b1df1
--- /dev/null
+++ b/modules/scheduler/helpers/scheduler_event.php
@@ -0,0 +1,64 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+class scheduler_event_Core {
+  /**
+   * At this point, the output has been sent to the browser, so we can take some time
+   * to run a schedule task.
+   */
+  static function gallery_shutdown() {
+    try {
+      $schedule = ORM::factory("schedule")
+        ->where("next_run_datetime", "<=", time())
+        ->where("busy", "!=", 1)
+        ->order_by("next_run_datetime")
+        ->find_all(1);
+
+      if ($schedule->count()) {
+        $schedule = $schedule->current();
+        $schedule->busy = true;
+        $schedule->save();
+
+        try {
+          if (empty($schedule->task_id)) {
+            $task = task::start($schedule->task_callback);
+            $schedule->task_id = $task->id;
+          }
+
+          $task = task::run($schedule->task_id);
+
+          if ($task->done) {
+            $schedule->next_run_datetime += $schedule->interval;
+            $schedule->task_id = null;
+          }
+
+          $schedule->busy = false;
+          $schedule->save();
+        } catch (Exception $e) {
+          $schedule->busy = false;
+          $schedule->save();
+          throw $e;
+        }
+      }
+    } catch (Exception $e) {
+      Kohana_Log::add("error", (string)$e);
+    }
+  }
+}
diff --git a/modules/scheduler/helpers/scheduler_installer.php b/modules/scheduler/helpers/scheduler_installer.php
new file mode 100644
index 00000000..46be4a81
--- /dev/null
+++ b/modules/scheduler/helpers/scheduler_installer.php
@@ -0,0 +1,42 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class scheduler_installer {
+  static function install() {
+    $db = Database::instance();
+    $db->query("CREATE TABLE {schedules} (
+                 `id` int(9) NOT NULL auto_increment,
+                 `name` varchar(128) NOT NULL,
+                 `task_callback` varchar(128) NOT NULL,
+                 `task_id` int(9) NULL,
+                 `next_run_datetime` int(9) NOT NULL,
+                 `interval` int(9) NOT NULL,
+                 `busy` bool NOT NULL DEFAULT 0,
+                 PRIMARY KEY (`id`),
+                 KEY `run_date` (`next_run_datetime`, `busy`),
+                 UNIQUE KEY (`name`))
+               DEFAULT CHARSET=utf8;");
+    module::set_version("scheduler", $version = 1);
+  }
+
+  static function uninstall() {
+    $db = Database::instance();
+    $db->query("DROP TABLE IF EXISTS {schedules}");
+  }
+}
diff --git a/modules/scheduler/models/schedule.php b/modules/scheduler/models/schedule.php
new file mode 100644
index 00000000..b83b5738
--- /dev/null
+++ b/modules/scheduler/models/schedule.php
@@ -0,0 +1,33 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Schedule_Model extends ORM {
+  public function tasks() {
+    return ORM::factory("task")
+      ->join("schedules_tasks", "task.id", "schedules_tasks.task_id")
+      ->where("schedule_id", "=", $this->id)
+      ->find_all();
+  }
+
+  public function add_task($task) {
+    db::build()
+      ->insert("schedules_tasks", array("schedule_id" => $this->id,"task_id" => $task->id))
+      ->execute();
+  }
+}
diff --git a/modules/scheduler/module.info b/modules/scheduler/module.info
new file mode 100644
index 00000000..15355dfb
--- /dev/null
+++ b/modules/scheduler/module.info
@@ -0,0 +1,3 @@
+name = "Scheduler"
+description = "Schedule tasks to run at specific times and intervals"
+version = 1
diff --git a/modules/scheduler/views/admin_schedule.html.php b/modules/scheduler/views/admin_schedule.html.php
new file mode 100644
index 00000000..3d45dc53
--- /dev/null
+++ b/modules/scheduler/views/admin_schedule.html.php
@@ -0,0 +1,11 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<style>
+#g-define-schedule fieldset fieldset li {
+  margin-right: .5em;
+}
+
+#g-schedule-time {
+  width: 40px !important;
+}
+</style>
+<?= $form ?>
diff --git a/modules/scheduler/views/admin_schedule_confirm.html.php b/modules/scheduler/views/admin_schedule_confirm.html.php
new file mode 100644
index 00000000..5d09654d
--- /dev/null
+++ b/modules/scheduler/views/admin_schedule_confirm.html.php
@@ -0,0 +1,4 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<h1 style="display:none"><?= t("Confirm task removal") ?></h1>
+<p class="g-warning"><?= t("Really remove the task: %name", array("name" => $name)) ?></p>
+<?= $form ?>
diff --git a/modules/scheduler/views/scheduler_definitions.html.php b/modules/scheduler/views/scheduler_definitions.html.php
new file mode 100644
index 00000000..0ab46f2b
--- /dev/null
+++ b/modules/scheduler/views/scheduler_definitions.html.php
@@ -0,0 +1,49 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<div id="g-sheduled-tasks">
+  <h2> <?= t("Scheduled tasks") ?> </h2>
+  <table>
+    <tr>
+      <th>
+        <?= t("Name") ?>
+      </th>
+      <th>
+        <?= t("Next run") ?>
+      </th>
+      <th>
+        <?= t("Interval") ?>
+      </th>
+      <th>
+        <?= t("Status") ?>
+      </th>
+      <th>
+        <?= t("Action") ?>
+      </th>
+    </tr>
+    <? foreach ($schedule_definitions as $entry): ?>
+    <tr class="<?= text::alternate("g-odd", "g-even") ?>">
+      <td>
+        <?= html::clean($entry->name) ?>
+      </td>
+      <td>
+        <?= html::clean($entry->run_date) ?>
+      </td>
+      <td>
+        <?= html::clean($entry->interval) ?>
+      </td>
+      <td>
+        <?= html::clean($entry->status) ?>
+      </td>
+      <td>
+        <a href="<?= url::site("admin/schedule/update_form/$entry->id?csrf=$csrf") ?>"
+           class="g-dialog-link g-button ui-icon-left ui-state-default ui-corner-all">
+          <?= t("edit") ?>
+        </a>
+        <a href="<?= url::site("admin/schedule/remove_form/$entry->id?csrf=$csrf") ?>"
+           class="g-dialog-link g-button ui-icon-left ui-state-default ui-corner-all">
+          <?= t("remove") ?>
+        </a>
+      </td>
+    </tr>
+    <? endforeach ?>
+  </table>
+</div>
-- 
cgit v1.2.3


From 6030d4eb6540d5c10eb1ab862d81a48420e1ec78 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Mon, 1 Feb 2010 21:13:07 -0800
Subject: Fix a bug in valid_name where it wasn't checking for name collisions
 on new users.

---
 modules/user/models/user.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules')

diff --git a/modules/user/models/user.php b/modules/user/models/user.php
index baac9315..9871ca00 100644
--- a/modules/user/models/user.php
+++ b/modules/user/models/user.php
@@ -122,7 +122,7 @@ class User_Model extends ORM implements User_Definition {
   public function valid_name(Validation $v, $field) {
     if (db::build()->from("users")
         ->where("name", "=", $this->name)
-        ->where("id", "<>", $this->id)
+        ->merge_where($this->id ? array(array("id", "<>", $this->id)) : null)
         ->count_records() == 1) {
       $v->add_error("name", "conflict");
     }
-- 
cgit v1.2.3


From 22ea03847ab8251a2f068b801599043014834e98 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Mon, 1 Feb 2010 21:27:01 -0800
Subject: Localize validation errors.

---
 modules/user/controllers/admin_users.php | 39 ++++++++++++++++++++++----------
 modules/user/controllers/users.php       |  1 +
 2 files changed, 28 insertions(+), 12 deletions(-)

(limited to 'modules')

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 03d9858b..48847433 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -287,16 +287,22 @@ class Admin_Users_Controller extends Admin_Controller {
     $form = new Forge(
       "admin/users/edit_user/$user->id", "", "post", array("id" => "g-edit-user-form"));
     $group = $form->group("edit_user")->label(t("Edit user"));
-    $group->input("name")->label(t("Username"))->id("g-username")->value($user->name);
-    $group->inputs["name"]->error_messages(
-      "conflict", t("There is already a user with that username"));
-    $group->input("full_name")->label(t("Full name"))->id("g-fullname")->value($user->full_name);
-    self::_add_locale_dropdown($group, $user);
-    $group->password("password")->label(t("Password"))->id("g-password");
+    $group->input("name")->label(t("Username"))->id("g-username")->value($user->name)
+      ->error_messages("conflict", t("There is already a user with that username"));
+    $group->input("full_name")->label(t("Full name"))->id("g-fullname")->value($user->full_name)
+      ->error_messages("length", t("This name is too long"));
+    $group->password("password")->label(t("Password"))->id("g-password")
+      ->error_messages("min_length", t("This password is too short"));
     $group->password("password2")->label(t("Confirm password"))->id("g-password2")
+      ->error_messages("matches", t("The passwords you entered do not match"))
       ->matches($group->password);
-    $group->input("email")->label(t("Email"))->id("g-email")->value($user->email);
-    $group->input("url")->label(t("URL"))->id("g-url")->value($user->url);
+    $group->input("email")->label(t("Email"))->id("g-email")->value($user->email)
+      ->error_messages("required", t("You must enter a valid email address"))
+      ->error_messages("length", t("This email address is too long"))
+      ->error_messages("email", t("You must enter a valid email address"));
+    $group->input("url")->label(t("URL"))->id("g-url")->value($user->url)
+      ->error_messages("url", t("You must enter a valid URL"));
+    self::_add_locale_dropdown($group, $user);
     $group->checkbox("admin")->label(t("Admin"))->id("g-admin")->checked($user->admin);
 
     module::event("user_edit_form_admin", $user, $form);
@@ -308,13 +314,22 @@ class Admin_Users_Controller extends Admin_Controller {
     $form = new Forge("admin/users/add_user", "", "post", array("id" => "g-add-user-form"));
     $group = $form->group("add_user")->label(t("Add user"));
     $group->input("name")->label(t("Username"))->id("g-username")
+      ->error_messages("required", t("A name is required"))
+      ->error_messages("length", t("This name is too long"))
       ->error_messages("conflict", t("There is already a user with that username"));
-    $group->input("full_name")->label(t("Full name"))->id("g-fullname");
-    $group->password("password")->label(t("Password"))->id("g-password");
+    $group->input("full_name")->label(t("Full name"))->id("g-fullname")
+      ->error_messages("length", t("This name is too long"));
+    $group->password("password")->label(t("Password"))->id("g-password")
+      ->error_messages("min_length", t("This password is too short"));
     $group->password("password2")->label(t("Confirm password"))->id("g-password2")
+      ->error_messages("matches", t("The passwords you entered do not match"))
       ->matches($group->password);
-    $group->input("email")->label(t("Email"))->id("g-email");
-    $group->input("url")->label(t("URL"))->id("g-url");
+    $group->input("email")->label(t("Email"))->id("g-email")
+      ->error_messages("required", t("You must enter a valid email address"))
+      ->error_messages("length", t("This email address is too long"))
+      ->error_messages("email", t("You must enter a valid email address"));
+    $group->input("url")->label(t("URL"))->id("g-url")
+      ->error_messages("url", t("You must enter a valid URL"));
     self::_add_locale_dropdown($group);
     $group->checkbox("admin")->label(t("Admin"))->id("g-admin");
 
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index d0c67dd1..43a92b44 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -90,6 +90,7 @@ class Users_Controller extends Controller {
       ->error_messages("matches", t("The passwords you entered do not match"));
     $group->input("email")->label(t("Email"))->id("g-email")->value($user->email)
       ->error_messages("email", t("You must enter a valid email address"))
+      ->error_messages("length", t("Your email address is too long"))
       ->error_messages("required", t("You must enter a valid email address"));
     $group->input("url")->label(t("URL"))->id("g-url")->value($user->url);
 
-- 
cgit v1.2.3


From 81a1df4a504fdd7cdbef2b92e2b1257a65da98f9 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Mon, 1 Feb 2010 21:41:16 -0800
Subject: Localize the name "conflict" validation error when creating a new
 album.

---
 modules/gallery/helpers/album.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'modules')

diff --git a/modules/gallery/helpers/album.php b/modules/gallery/helpers/album.php
index 389f6e48..15e0c3ca 100644
--- a/modules/gallery/helpers/album.php
+++ b/modules/gallery/helpers/album.php
@@ -36,7 +36,8 @@ class album_Core {
     $group->input("name")->label(t("Directory name"))
       ->error_messages("no_slashes", t("The directory name can't contain the \"/\" character"))
       ->error_messages("required", t("You must provide a directory name"))
-      ->error_messages("length", t("Your directory name is too long"));
+      ->error_messages("length", t("Your directory name is too long"))
+      ->error_messages("conflict", t("There is already a movie, photo or album with this name"));
     $group->input("slug")->label(t("Internet Address"))
       ->error_messages(
         "not_url_safe",
@@ -51,7 +52,8 @@ class album_Core {
   }
 
   static function get_edit_form($parent) {
-    $form = new Forge("albums/update/{$parent->id}", "", "post", array("id" => "g-edit-album-form"));
+    $form = new Forge(
+      "albums/update/{$parent->id}", "", "post", array("id" => "g-edit-album-form"));
     $form->hidden("from_id");
     $group = $form->group("edit_item")->label(t("Edit Album"));
 
@@ -61,8 +63,7 @@ class album_Core {
     $group->textarea("description")->label(t("Description"))->value($parent->description);
     if ($parent->id != 1) {
       $group->input("name")->label(t("Directory Name"))->value($parent->name)
-        ->error_messages(
-          "conflict", t("There is already a movie, photo or album with this name"))
+        ->error_messages("conflict", t("There is already a movie, photo or album with this name"))
         ->error_messages("no_slashes", t("The directory name can't contain a \"/\""))
         ->error_messages("no_trailing_period", t("The directory name can't end in \".\""))
         ->error_messages("required", t("You must provide a directory name"))
-- 
cgit v1.2.3


From 370faf5f265e634b0828be9695cd6eb9676ff6f7 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 2 Feb 2010 10:55:22 -0800
Subject: Display the error message for the in place edit.  Also improve the
 double click guard. Fixes ticket #1000.

---
 lib/gallery.in_place_edit.js                 | 44 ++++++++++++----------------
 modules/gallery/views/in_place_edit.html.php |  6 ++++
 2 files changed, 24 insertions(+), 26 deletions(-)

(limited to 'modules')

diff --git a/lib/gallery.in_place_edit.js b/lib/gallery.in_place_edit.js
index c10400e3..5a815dac 100644
--- a/lib/gallery.in_place_edit.js
+++ b/lib/gallery.in_place_edit.js
@@ -10,10 +10,10 @@
      },
 
      _show: function(target) {
-       if ($(this).data("gallery_in_place_edit") == true) {
+       if ($(target).data("gallery_in_place_edit") == true) {
          return;
        }
-       $(this).data("gallery_in_place_edit", true);
+       $(target).data("gallery_in_place_edit", true);
        var self = this;
        var tag_width = $(target).width();
        $(self).data("tag_width", tag_width);
@@ -27,26 +27,28 @@
          var parent = $(target).parent();
          parent.children().hide();
          parent.append(data);
-         parent.find("form :text")
-           .width(tag_width)
-           .focus();
-         $(".g-short-form").gallery_short_form();
-         parent.find("form .g-cancel").click(function(event) {
-           self._cancel();
-           event.preventDefault();
-           return false;
-         });
-         self._ajaxify_edit();
+         self._setup_form(parent.find("form"));
        });
+     },
 
+     _setup_form: function(form) {
+       var self = this;
+       var width = $(self).data("tag_width");
+       form.find(":text").width(width).focus();
+       form.find(".g-cancel").click(function(event) {
+         self._cancel();
+         event.preventDefault();
+         return false;
+       });
+       $(".g-short-form").gallery_short_form();
+       this._ajaxify_edit();
      },
 
      _cancel: function() {
        var parent = $("#g-in-place-edit-form").parent();
-       $(parent).find("form").remove();
+       $("#g-in-place-edit-form").remove();
        $(parent).children().show();
-       $("#g-in-place-edit-message").remove();
-       $(this).data("gallery_in_place_edit", false);
+       $(parent).find(".g-editable").data("gallery_in_place_edit", false);
      },
 
      _ajaxify_edit: function() {
@@ -60,17 +62,7 @@
            } else {
              var parent = $(form).parent();
              $(form).replaceWith(data.form);
-             var width = $(self).data("tag_width");
-             $(parent).find("form :text")
-               .width(width)
-               .focus();
-             $(".g-short-form").gallery_short_form();
-             $(parent).find("form .g-cancel").click(function(event) {
-               self._cancel();
-               event.preventDefault();
-               return false;
-             });
-             self._ajaxify_edit();
+             self._setup_form(parent.find("form"));
            }
          }
        });
diff --git a/modules/gallery/views/in_place_edit.html.php b/modules/gallery/views/in_place_edit.html.php
index 05a16ad4..2d6cbe90 100644
--- a/modules/gallery/views/in_place_edit.html.php
+++ b/modules/gallery/views/in_place_edit.html.php
@@ -9,7 +9,13 @@
       <?= form::submit(array("class" => "submit ui-state-default"), t("Save")) ?>
     </li>
     <li><a href="#" class="g-cancel"><?= t("Cancel") ?></a></li>
+    <? if (!empty($errors["input"])): ?>
+    <li>
+      <p id="g-in-place-edit-message" class="g-error"><?= $errors["input"] ?></p>
+    </li>
+    <? endif ?>
   </ul>
 </form>
 
 
+
-- 
cgit v1.2.3


From fe11e34cea8ea31c048af5f38d63220850b0293d Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 2 Feb 2010 11:42:13 -0800
Subject: Change the view to display 'empty' when the variable value is a null
 string(""). Fixes ticket #987.

---
 modules/gallery/views/admin_advanced_settings.html.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'modules')

diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php
index 2d4b11a1..1f7d2f64 100644
--- a/modules/gallery/views/admin_advanced_settings.html.php
+++ b/modules/gallery/views/admin_advanced_settings.html.php
@@ -25,10 +25,10 @@
           <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/" . html::clean($var->name)) ?>"
             class="g-dialog-link"
             title="<?= t("Edit %var (%module_name)", array("var" => $var->name, "module_name" => $var->module_name))->for_html_attr() ?>">
-            <? if (isset($var->value)): ?>
-            <?= html::clean($var->value) ?>
-            <? else: ?>
+            <? if (!isset($var->value) || $var->value === ""): ?>
             <i> <?= t("empty") ?> </i>
+            <? else: ?>
+            <?= html::clean($var->value) ?>
             <? endif ?>
         </a>
         </td>
-- 
cgit v1.2.3


From 3c3671cff25f28e21a702b1f665a6baa282d045f Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 2 Feb 2010 12:30:23 -0800
Subject: Remove the test-transform:uppercase from the l10n css as it was
 causing problems with other text fields in IE and it violates our case
 standards. Fixes ticket #912

---
 modules/gallery/css/l10n_client.css | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'modules')

diff --git a/modules/gallery/css/l10n_client.css b/modules/gallery/css/l10n_client.css
index 053b4432..90034d0c 100644
--- a/modules/gallery/css/l10n_client.css
+++ b/modules/gallery/css/l10n_client.css
@@ -45,7 +45,6 @@
   display:block;
   position:absolute; right:0em;
   height:2em; line-height:2em;
-  text-transform:uppercase;
   text-align:center; background:#000;
 }
 #l10n-client-toggler a {
@@ -62,7 +61,7 @@
   height:1em; line-height:1em;
   padding: .5em; margin:0px;
   font-size:1em;
-  text-transform:uppercase;}
+}
 
 #l10n-client .strings h2 {
   border:0px;}
-- 
cgit v1.2.3


From 19fee6b5e4ceb8a5f90cafe4ad770856ece108ef Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 2 Feb 2010 14:34:50 -0800
Subject: Refactor the admin maintenance screen so that events are used to
 pupluate the action buttons and other content such as the list of scheduled
 tasks.

---
 modules/gallery/controllers/admin_maintenance.php | 11 +++++++++--
 modules/gallery/views/admin_maintenance.html.php  | 16 +++++++---------
 2 files changed, 16 insertions(+), 11 deletions(-)

(limited to 'modules')

diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php
index 487e77a6..8e4845a9 100644
--- a/modules/gallery/controllers/admin_maintenance.php
+++ b/modules/gallery/controllers/admin_maintenance.php
@@ -44,10 +44,17 @@ class Admin_Maintenance_Controller extends Admin_Controller {
     $view->content->task_definitions = task::get_definitions();
     $view->content->running_tasks = ORM::factory("task")
       ->where("done", "=", 0)->order_by("updated", "DESC")->find_all();
-    $view->content->schedule_definitions =
-      module::is_active("scheduler") ? scheduler::get_definitions() : "";
     $view->content->finished_tasks = ORM::factory("task")
       ->where("done", "=", 1)->order_by("updated", "DESC")->find_all();
+    $task_buttons =
+      new ArrayObject(array((object)array("text" => t("run"),
+                                          "url" =>url::site("admin/maintenance/start"))));
+    module::event("admin_maintenance_task_buttons", $task_buttons);
+    $view->content->task_buttons = $task_buttons;
+
+    $maintenance_content = new ArrayObject();
+    module::event("admin_maintenance_content", $maintenance_content);
+    $view->content->task_maintenance_content = $maintenance_content;
     print $view;
   }
 
diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php
index 15d04caa..444bf1fe 100644
--- a/modules/gallery/views/admin_maintenance.html.php
+++ b/modules/gallery/views/admin_maintenance.html.php
@@ -29,23 +29,21 @@
             <?= $task->description ?>
           </td>
           <td>
-            <a href="<?= url::site("admin/maintenance/start/$task->callback?csrf=$csrf") ?>"
+            <? foreach ($task_buttons as $button): ?>
+            <a href="<?= "{$button->url}/$task->callback?csrf=$csrf" ?>"
               class="g-dialog-link g-button ui-icon-left ui-state-default ui-corner-all">
-              <?= t("run") ?>
+              <?= html::clean($button->text) ?>
             </a>
-            <? if (module::is_active("scheduler")): ?>
-            <a href="<?= url::site("form/add/admin/schedule/$task->callback?csrf=$csrf") ?>"
-              class="g-dialog-link g-button ui-icon-left ui-state-default ui-corner-all">
-              <?= t("schedule") ?>
-            </a>
-            <? endif ?>
+            <? endforeach ?>
           </td>
         </tr>
         <? endforeach ?>
       </table>
     </div>
 
-    <?= $schedule_definitions ?>
+    <? foreach ($task_maintenance_content as $content): ?>
+    <?= $content ?>
+    <? endforeach ?>
 
     <? if ($running_tasks->count()): ?>
     <div id="g-running-tasks">
-- 
cgit v1.2.3


From d5a231225d3b4f1fe6a08f350b93b6410b2d1914 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 2 Feb 2010 14:37:26 -0800
Subject: Move the scheduler module to the -contrib repository for this
 release.

---
 modules/scheduler/controllers/admin_schedule.php   | 105 ----------------
 modules/scheduler/helpers/scheduler.php            | 133 ---------------------
 modules/scheduler/helpers/scheduler_event.php      |  64 ----------
 modules/scheduler/helpers/scheduler_installer.php  |  42 -------
 modules/scheduler/models/schedule.php              |  33 -----
 modules/scheduler/module.info                      |   3 -
 modules/scheduler/views/admin_schedule.html.php    |  11 --
 .../views/admin_schedule_confirm.html.php          |   4 -
 .../scheduler/views/scheduler_definitions.html.php |  49 --------
 9 files changed, 444 deletions(-)
 delete mode 100644 modules/scheduler/controllers/admin_schedule.php
 delete mode 100644 modules/scheduler/helpers/scheduler.php
 delete mode 100644 modules/scheduler/helpers/scheduler_event.php
 delete mode 100644 modules/scheduler/helpers/scheduler_installer.php
 delete mode 100644 modules/scheduler/models/schedule.php
 delete mode 100644 modules/scheduler/module.info
 delete mode 100644 modules/scheduler/views/admin_schedule.html.php
 delete mode 100644 modules/scheduler/views/admin_schedule_confirm.html.php
 delete mode 100644 modules/scheduler/views/scheduler_definitions.html.php

(limited to 'modules')

diff --git a/modules/scheduler/controllers/admin_schedule.php b/modules/scheduler/controllers/admin_schedule.php
deleted file mode 100644
index 6911cf86..00000000
--- a/modules/scheduler/controllers/admin_schedule.php
+++ /dev/null
@@ -1,105 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Admin_Schedule_Controller extends Admin_Controller {
-  public function form_add($task_callback) {
-    access::verify_csrf();
-
-    $schedule = ORM::factory("schedule");
-    $schedule->task_callback = $task_callback;
-    $schedule->next_run_datetime = time();
-    $v = new View("admin_schedule.html");
-    $v->form = scheduler::get_form("define", $schedule);
-    $v->method = "define";
-    print $v;
-  }
-
-  public function update_form($id) {
-    access::verify_csrf();
-
-
-    $schedule = ORM::factory("schedule", $id);
-    $v = new View("admin_schedule.html");
-    $v->form = scheduler::get_form("update", $schedule);
-    $v->method = "update";
-    print $v;
-  }
-
-  public function remove_form($id) {
-    access::verify_csrf();
-
-    $schedule = ORM::factory("schedule", $id);
-
-    $v = new View("admin_schedule_confirm.html");
-    $v->name = $schedule->name;
-    $v->form = new Forge("admin/schedule/remove/{$id}", "", "post",
-                         array("id" => "g-remove-schedule"));
-    $group = $v->form->group("remove");
-    $group->submit("")->value(t("Continue"));
-    print $v;
-  }
-
-  public function remove($id) {
-    access::verify_csrf();
-    $schedule = ORM::factory("schedule", $id);
-    $schedule->delete();
-
-    message::success(t("Removed scheduled task: %name", array("name" => $schedule->name)));
-    print json_encode(array("result" => "success", "reload" => 1));
-  }
-
-  public function define() {
-    $this->_handle_request("define");
-   }
-
-  public function update($id=null) {
-    $this->_handle_request("update", $id);
-   }
-
-  private function _handle_request($method, $id=null) {
-    $schedule = ORM::factory("schedule", $id);
-    $form = scheduler::get_form($method, $schedule);
-    $valid = $form->validate();
-    if ($valid) {
-      $schedule->name = $form->schedule_group->schedule_name->value;
-      $schedule->interval = $form->schedule_group->interval->value;
-      $schedule->next_run_datetime =
-        $this->_start_date($form->schedule_group->run_date->dow->selected,
-                           $form->schedule_group->run_date->time->value);
-      $schedule->task_callback = $form->schedule_group->callback->value;
-      $schedule->save();
-      if ($method == "define") {
-        message::success(t("Added scheduled task: %name", array("name" => $schedule->name)));
-      } else {
-        message::success(t("Updated scheduled task: %name", array("name" => $schedule->name)));
-      }
-      print json_encode(array("result" => "success", "reload" => 1));
-    } else {
-      print json_encode(array("result" => "error", "form" => (string) $form));
-    }
-  }
-
-  private function _start_date($dow, $time) {
-    list ($hour, $minutes) = explode(":", $time);
-    $local_time = localtime();
-    $days = ($dow < $local_time[6] ? 7 : 0) + $dow - $local_time[6];
-    return
-      mktime($hour, $minutes, 0, $local_time[4] + 1, $local_time[3] + $days, 1900 + $local_time[5]);
-  }
-}
diff --git a/modules/scheduler/helpers/scheduler.php b/modules/scheduler/helpers/scheduler.php
deleted file mode 100644
index 987b1b32..00000000
--- a/modules/scheduler/helpers/scheduler.php
+++ /dev/null
@@ -1,133 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class scheduler_Core {
-
-  static function intervals() {
-    static $intervals;
-    if (empty($intervals)) {
-      $intervals = array("3600" => t("Hourly"), "86400" => t("Daily"),
-                         "604800" => t("Weekly"), "2419200" => t("Monthly"));
-    }
-    return $intervals;
-  }
-
-  static function get_form($method, $schedule) {
-    if ($method == "define") {
-      $title = t("Create a scheduled event");
-      $button_text = t("Create");
-    } else {
-      $title = t("Update a scheduled event");
-      $button_text = t("Update");
-    }
-
-    $id = empty($schedule->id) ? "" : "/$schedule->id";
-    $form = new Forge("admin/schedule/$method{$id}", "", "post",
-                      array("id" => "g-{$method}-schedule"));
-    $group = $form->group("schedule_group")->label($title);
-    $group->input("schedule_name")
-      ->label(t("Description"))
-      ->id("g-schedule-name")
-      ->rules("required|length[0, 128]")
-      ->error_messages("required", t("You must provide a description"))
-      ->error_messages("length", t("Your description is too long"))
-      ->value(!empty($schedule->name) ? $schedule->name : "");
-
-    list ($dow, $display_time) = scheduler::format_time($schedule->next_run_datetime);
-    $next = $group->group("run_date")->label(t("Scheduled Date"));
-    $next->dropdown("dow")
-      ->label(t("Day"))
-      ->id("g-schedule-day")
-      ->rules("required")
-      ->options(array(t("Sunday"), t("Monday"), t("Tuesday"), t("Wednesday"),
-                      t("Thursday"), t("Friday"), t("Saturday")))
-      ->selected($dow);
-
-    $next->input("time")
-      ->label(t("Hour"))
-      ->id("g-schedule-time")
-      ->rules("required")
-      ->error_messages("required", t("You must provide a time"))
-      ->error_messages("time_invalid", t("Invalid time"))
-      ->callback("scheduler::valid_time")
-      ->value($display_time);
-
-    // need to set the top padding to zero on g-define-schedule li.g-error
-    $group->dropdown("interval")->label(t("How often"))->id("g-schedule-frequency")
-      ->options(scheduler::intervals())
-      ->rules("required")
-      ->error_messages("required", t("You must provide an interval"))
-      ->selected(!empty($schedule->interval) ? $schedule->interval : "2419200");
-    $group->hidden("callback")->value($schedule->task_callback);
-    $group->submit("")->value($button_text);
-
-    return $form;
-  }
-
-  static function format_time($time) {
-    $local_time = localtime($time);
-    $display_time = str_pad($local_time[2], 2, "0", STR_PAD_LEFT) . ":" .
-      str_pad($local_time[1], 2, "0", STR_PAD_LEFT);
-    return array($local_time[6], $display_time);
-  }
-
-  static function valid_time($field) {
-    if (preg_match("/([0-9]{1,2}):([0-9]{2})/", $field->value, $matches)) {
-      $hour = (int)$matches[1];
-      $minutes = (int)$matches[2];
-      if (!(0 <= $hour && $hour<= 23 || 0 <= $minutes && $minutes <= 59)) {
-        $field->add_error("time_invalid", 1);
-      }
-    } else {
-      $field->add_error("time_invalid", 1);
-    }
-  }
-
-  static function get_definitions() {
-    $v = "";
-    $events = ORM::factory("schedule")
-      ->order_by("next_run_datetime", "asc")
-      ->find_all();
-    if ($events->count()) {
-      $v = new View("scheduler_definitions.html");
-      $v->schedule_definitions = array();
-      foreach ($events as $schedule) {
-        $entry[] = $schedule->id;
-        $entry[] = $schedule->name;
-        $run_date = strftime("%A, %b %e, %Y %H:%M ", $schedule->next_run_datetime);
-        $intervals = scheduler::intervals();
-        $interval = $intervals[$schedule->interval];
-        if (!empty($schedule->task_id)) {
-          $status = t("Running");
-        } else if ($schedule->next_run_datetime < time()) {
-          $status = t("Overdue");
-        } else  {
-          $status = t("Scheduled");
-        }
-
-        $v->schedule_definitions[] = (object)array("id" => $schedule->id,
-                                                   "name" => $schedule->name,
-                                                   "run_date" => $run_date,
-                                                   "interval" => $interval,
-                                                   "status" => $status);
-      }
-    }
-    return $v;
-  }
-}
\ No newline at end of file
diff --git a/modules/scheduler/helpers/scheduler_event.php b/modules/scheduler/helpers/scheduler_event.php
deleted file mode 100644
index 365b1df1..00000000
--- a/modules/scheduler/helpers/scheduler_event.php
+++ /dev/null
@@ -1,64 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-
-class scheduler_event_Core {
-  /**
-   * At this point, the output has been sent to the browser, so we can take some time
-   * to run a schedule task.
-   */
-  static function gallery_shutdown() {
-    try {
-      $schedule = ORM::factory("schedule")
-        ->where("next_run_datetime", "<=", time())
-        ->where("busy", "!=", 1)
-        ->order_by("next_run_datetime")
-        ->find_all(1);
-
-      if ($schedule->count()) {
-        $schedule = $schedule->current();
-        $schedule->busy = true;
-        $schedule->save();
-
-        try {
-          if (empty($schedule->task_id)) {
-            $task = task::start($schedule->task_callback);
-            $schedule->task_id = $task->id;
-          }
-
-          $task = task::run($schedule->task_id);
-
-          if ($task->done) {
-            $schedule->next_run_datetime += $schedule->interval;
-            $schedule->task_id = null;
-          }
-
-          $schedule->busy = false;
-          $schedule->save();
-        } catch (Exception $e) {
-          $schedule->busy = false;
-          $schedule->save();
-          throw $e;
-        }
-      }
-    } catch (Exception $e) {
-      Kohana_Log::add("error", (string)$e);
-    }
-  }
-}
diff --git a/modules/scheduler/helpers/scheduler_installer.php b/modules/scheduler/helpers/scheduler_installer.php
deleted file mode 100644
index 46be4a81..00000000
--- a/modules/scheduler/helpers/scheduler_installer.php
+++ /dev/null
@@ -1,42 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class scheduler_installer {
-  static function install() {
-    $db = Database::instance();
-    $db->query("CREATE TABLE {schedules} (
-                 `id` int(9) NOT NULL auto_increment,
-                 `name` varchar(128) NOT NULL,
-                 `task_callback` varchar(128) NOT NULL,
-                 `task_id` int(9) NULL,
-                 `next_run_datetime` int(9) NOT NULL,
-                 `interval` int(9) NOT NULL,
-                 `busy` bool NOT NULL DEFAULT 0,
-                 PRIMARY KEY (`id`),
-                 KEY `run_date` (`next_run_datetime`, `busy`),
-                 UNIQUE KEY (`name`))
-               DEFAULT CHARSET=utf8;");
-    module::set_version("scheduler", $version = 1);
-  }
-
-  static function uninstall() {
-    $db = Database::instance();
-    $db->query("DROP TABLE IF EXISTS {schedules}");
-  }
-}
diff --git a/modules/scheduler/models/schedule.php b/modules/scheduler/models/schedule.php
deleted file mode 100644
index b83b5738..00000000
--- a/modules/scheduler/models/schedule.php
+++ /dev/null
@@ -1,33 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Schedule_Model extends ORM {
-  public function tasks() {
-    return ORM::factory("task")
-      ->join("schedules_tasks", "task.id", "schedules_tasks.task_id")
-      ->where("schedule_id", "=", $this->id)
-      ->find_all();
-  }
-
-  public function add_task($task) {
-    db::build()
-      ->insert("schedules_tasks", array("schedule_id" => $this->id,"task_id" => $task->id))
-      ->execute();
-  }
-}
diff --git a/modules/scheduler/module.info b/modules/scheduler/module.info
deleted file mode 100644
index 15355dfb..00000000
--- a/modules/scheduler/module.info
+++ /dev/null
@@ -1,3 +0,0 @@
-name = "Scheduler"
-description = "Schedule tasks to run at specific times and intervals"
-version = 1
diff --git a/modules/scheduler/views/admin_schedule.html.php b/modules/scheduler/views/admin_schedule.html.php
deleted file mode 100644
index 3d45dc53..00000000
--- a/modules/scheduler/views/admin_schedule.html.php
+++ /dev/null
@@ -1,11 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<style>
-#g-define-schedule fieldset fieldset li {
-  margin-right: .5em;
-}
-
-#g-schedule-time {
-  width: 40px !important;
-}
-</style>
-<?= $form ?>
diff --git a/modules/scheduler/views/admin_schedule_confirm.html.php b/modules/scheduler/views/admin_schedule_confirm.html.php
deleted file mode 100644
index 5d09654d..00000000
--- a/modules/scheduler/views/admin_schedule_confirm.html.php
+++ /dev/null
@@ -1,4 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<h1 style="display:none"><?= t("Confirm task removal") ?></h1>
-<p class="g-warning"><?= t("Really remove the task: %name", array("name" => $name)) ?></p>
-<?= $form ?>
diff --git a/modules/scheduler/views/scheduler_definitions.html.php b/modules/scheduler/views/scheduler_definitions.html.php
deleted file mode 100644
index 0ab46f2b..00000000
--- a/modules/scheduler/views/scheduler_definitions.html.php
+++ /dev/null
@@ -1,49 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<div id="g-sheduled-tasks">
-  <h2> <?= t("Scheduled tasks") ?> </h2>
-  <table>
-    <tr>
-      <th>
-        <?= t("Name") ?>
-      </th>
-      <th>
-        <?= t("Next run") ?>
-      </th>
-      <th>
-        <?= t("Interval") ?>
-      </th>
-      <th>
-        <?= t("Status") ?>
-      </th>
-      <th>
-        <?= t("Action") ?>
-      </th>
-    </tr>
-    <? foreach ($schedule_definitions as $entry): ?>
-    <tr class="<?= text::alternate("g-odd", "g-even") ?>">
-      <td>
-        <?= html::clean($entry->name) ?>
-      </td>
-      <td>
-        <?= html::clean($entry->run_date) ?>
-      </td>
-      <td>
-        <?= html::clean($entry->interval) ?>
-      </td>
-      <td>
-        <?= html::clean($entry->status) ?>
-      </td>
-      <td>
-        <a href="<?= url::site("admin/schedule/update_form/$entry->id?csrf=$csrf") ?>"
-           class="g-dialog-link g-button ui-icon-left ui-state-default ui-corner-all">
-          <?= t("edit") ?>
-        </a>
-        <a href="<?= url::site("admin/schedule/remove_form/$entry->id?csrf=$csrf") ?>"
-           class="g-dialog-link g-button ui-icon-left ui-state-default ui-corner-all">
-          <?= t("remove") ?>
-        </a>
-      </td>
-    </tr>
-    <? endforeach ?>
-  </table>
-</div>
-- 
cgit v1.2.3


From f69493d1384108bf65fc2b92d25fc3b854dee929 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 2 Feb 2010 14:51:06 -0800
Subject: Update the xss golden file to reflect the changes to the admin
 screen.

---
 modules/gallery/tests/xss_data.txt | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

(limited to 'modules')

diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index 65b45a08..8d7236fa 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -81,18 +81,20 @@ modules/gallery/views/admin_maintenance.html.php             24  DIRTY_ATTR log:
 modules/gallery/views/admin_maintenance.html.php             25  DIRTY_ATTR log::severity_class($task->severity)
 modules/gallery/views/admin_maintenance.html.php             26  DIRTY    $task->name
 modules/gallery/views/admin_maintenance.html.php             29  DIRTY    $task->description
-modules/gallery/views/admin_maintenance.html.php             70  DIRTY_ATTR text::alternate("g-odd","g-even")
-modules/gallery/views/admin_maintenance.html.php             70  DIRTY_ATTR $task->state=="stalled"?"g-warning":""
-modules/gallery/views/admin_maintenance.html.php             71  DIRTY_ATTR $task->state=="stalled"?"g-warning":""
-modules/gallery/views/admin_maintenance.html.php             72  DIRTY    gallery::date_time($task->updated)
-modules/gallery/views/admin_maintenance.html.php             75  DIRTY    $task->name
-modules/gallery/views/admin_maintenance.html.php             90  DIRTY    $task->status
-modules/gallery/views/admin_maintenance.html.php             141 DIRTY_ATTR text::alternate("g-odd","g-even")
-modules/gallery/views/admin_maintenance.html.php             141 DIRTY_ATTR $task->state=="success"?"g-success":"g-error"
-modules/gallery/views/admin_maintenance.html.php             142 DIRTY_ATTR $task->state=="success"?"g-success":"g-error"
-modules/gallery/views/admin_maintenance.html.php             143 DIRTY    gallery::date_time($task->updated)
-modules/gallery/views/admin_maintenance.html.php             146 DIRTY    $task->name
-modules/gallery/views/admin_maintenance.html.php             158 DIRTY    $task->status
+modules/gallery/views/admin_maintenance.html.php             33  DIRTY_JS "{$button->url}/$task->callback?csrf=$csrf"
+modules/gallery/views/admin_maintenance.html.php             45  DIRTY    $content
+modules/gallery/views/admin_maintenance.html.php             76  DIRTY_ATTR text::alternate("g-odd","g-even")
+modules/gallery/views/admin_maintenance.html.php             76  DIRTY_ATTR $task->state=="stalled"?"g-warning":""
+modules/gallery/views/admin_maintenance.html.php             77  DIRTY_ATTR $task->state=="stalled"?"g-warning":""
+modules/gallery/views/admin_maintenance.html.php             78  DIRTY    gallery::date_time($task->updated)
+modules/gallery/views/admin_maintenance.html.php             81  DIRTY    $task->name
+modules/gallery/views/admin_maintenance.html.php             96  DIRTY    $task->status
+modules/gallery/views/admin_maintenance.html.php             147 DIRTY_ATTR text::alternate("g-odd","g-even")
+modules/gallery/views/admin_maintenance.html.php             147 DIRTY_ATTR $task->state=="success"?"g-success":"g-error"
+modules/gallery/views/admin_maintenance.html.php             148 DIRTY_ATTR $task->state=="success"?"g-success":"g-error"
+modules/gallery/views/admin_maintenance.html.php             149 DIRTY    gallery::date_time($task->updated)
+modules/gallery/views/admin_maintenance.html.php             152 DIRTY    $task->name
+modules/gallery/views/admin_maintenance.html.php             164 DIRTY    $task->status
 modules/gallery/views/admin_maintenance_show_log.html.php    8   DIRTY_JS url::site("admin/maintenance/save_log/$task->id?csrf=$csrf")
 modules/gallery/views/admin_maintenance_show_log.html.php    13  DIRTY    $task->name
 modules/gallery/views/admin_maintenance_task.html.php        55  DIRTY    $task->name
-- 
cgit v1.2.3


From 1c0e5eaa0d9b65863c9fd04aff940c1a2b7e682d Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 2 Feb 2010 15:00:05 -0800
Subject: use html::purify to cleans the additional content on the admin
 maintence page.

---
 modules/gallery/tests/xss_data.txt               | 1 -
 modules/gallery/views/admin_maintenance.html.php | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

(limited to 'modules')

diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index 8d7236fa..e53502ee 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -82,7 +82,6 @@ modules/gallery/views/admin_maintenance.html.php             25  DIRTY_ATTR log:
 modules/gallery/views/admin_maintenance.html.php             26  DIRTY    $task->name
 modules/gallery/views/admin_maintenance.html.php             29  DIRTY    $task->description
 modules/gallery/views/admin_maintenance.html.php             33  DIRTY_JS "{$button->url}/$task->callback?csrf=$csrf"
-modules/gallery/views/admin_maintenance.html.php             45  DIRTY    $content
 modules/gallery/views/admin_maintenance.html.php             76  DIRTY_ATTR text::alternate("g-odd","g-even")
 modules/gallery/views/admin_maintenance.html.php             76  DIRTY_ATTR $task->state=="stalled"?"g-warning":""
 modules/gallery/views/admin_maintenance.html.php             77  DIRTY_ATTR $task->state=="stalled"?"g-warning":""
diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php
index 444bf1fe..19375670 100644
--- a/modules/gallery/views/admin_maintenance.html.php
+++ b/modules/gallery/views/admin_maintenance.html.php
@@ -42,7 +42,7 @@
     </div>
 
     <? foreach ($task_maintenance_content as $content): ?>
-    <?= $content ?>
+    <?= html::purify($content) ?>
     <? endforeach ?>
 
     <? if ($running_tasks->count()): ?>
-- 
cgit v1.2.3


From 225fe81ce0121176dc11a646d78b3c3dcc479fa9 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 2 Feb 2010 20:50:34 -0800
Subject: Add an upgrade path to prevent the item title field from being empty.

---
 modules/gallery/helpers/gallery_installer.php | 14 +++++++++++++-
 modules/gallery/module.info                   |  2 +-
 2 files changed, 14 insertions(+), 2 deletions(-)

(limited to 'modules')

diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php
index bffef8e6..761843b0 100644
--- a/modules/gallery/helpers/gallery_installer.php
+++ b/modules/gallery/helpers/gallery_installer.php
@@ -287,7 +287,7 @@ class gallery_installer {
     // @todo this string needs to be picked up by l10n_scanner
     module::set_var("gallery", "credits", "Powered by <a href=\"%url\">Gallery %version</a>");
     module::set_var("gallery", "simultaneous_upload_limit", 5);
-    module::set_version("gallery", 25);
+    module::set_version("gallery", 26);
   }
 
   static function upgrade($version) {
@@ -514,6 +514,18 @@ class gallery_installer {
       }
       module::set_version("gallery", $version = 25);
     }
+
+    if ($version == 25) {
+      db::build()
+        ->update("items")
+        ->set("title", new Database_Expression("`name`"))
+        ->and_open()
+        ->where("title", "IS", null)
+        ->or_where("title", "=", "")
+        ->close()
+        ->execute();
+      module::set_version("gallery", $version = 26);
+    }
   }
 
   static function uninstall() {
diff --git a/modules/gallery/module.info b/modules/gallery/module.info
index 50a1505f..fd241066 100644
--- a/modules/gallery/module.info
+++ b/modules/gallery/module.info
@@ -1,3 +1,3 @@
 name = "Gallery 3"
 description = "Gallery core application"
-version = 25
+version = 26
-- 
cgit v1.2.3


From b351ee48fe09efd570e22a02b82174c39ad86d46 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 2 Feb 2010 21:34:20 -0800
Subject: Fix a bug in valid_password() where an empty password was considered
 valid.

---
 modules/user/models/user.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules')

diff --git a/modules/user/models/user.php b/modules/user/models/user.php
index 9871ca00..4404ee63 100644
--- a/modules/user/models/user.php
+++ b/modules/user/models/user.php
@@ -136,7 +136,7 @@ class User_Model extends ORM implements User_Definition {
       return;
     }
 
-    if (!$this->loaded() || $this->password_length) {
+    if (!$this->loaded() || isset($this->password_length)) {
       $minimum_length = module::get_var("user", "mininum_password_length", 5);
       if ($this->password_length < $minimum_length) {
         $v->add_error("password", "min_length");
-- 
cgit v1.2.3


From 6e1b761b12e13566875804c33efe2ae130ffa32e Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 2 Feb 2010 21:36:01 -0800
Subject: Require the current password to change your password. Fixes ticket
 #585.

Separate out the password change form from the regular edit user form.
Require the old password to enter a new one.  While I'm at it, roll
the password strength javascript into a Form_Script element so that we
can get rid of the old view (which incidentally fixes a bug where the
password strength meter would go away on form errors).
---
 modules/gallery/views/user_profile.html.php |  7 ++-
 modules/user/controllers/users.php          | 78 +++++++++++++++++++++++------
 modules/user/helpers/user.php               |  6 +++
 modules/user/views/user_form.html.php       |  7 ---
 4 files changed, 75 insertions(+), 23 deletions(-)
 delete mode 100644 modules/user/views/user_form.html.php

(limited to 'modules')

diff --git a/modules/gallery/views/user_profile.html.php b/modules/gallery/views/user_profile.html.php
index f35f8c3f..78e1c579 100644
--- a/modules/gallery/views/user_profile.html.php
+++ b/modules/gallery/views/user_profile.html.php
@@ -57,13 +57,16 @@
     </a>
     <? endif ?>
     <? if ($editable): ?>
-       <a class="g-button ui-icon-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("form/edit/users/{$user->id}") ?>">
+    <a class="g-button ui-icon-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("form/edit/users/{$user->id}") ?>">
       <?= t("Edit") ?>
     </a>
+    <a class="g-button ui-icon-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("users/form_change_password/{$user->id}") ?>">
+      <?= t("Change password") ?>
+    </a>
     <? endif ?>
 
     <a id="g-profile-return" class="g-button ui-icon-right ui-state-default ui-corner-all" href="#">
       <?= t("Return") ?>
     </a>
   </div>
-</div>
\ No newline at end of file
+</div>
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index 43a92b44..c11f22ff 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -20,7 +20,6 @@
 class Users_Controller extends Controller {
   public function update($id) {
     $user = user::lookup($id);
-
     if ($user->guest || $user->id != identity::active_user()->id) {
       access::forbidden();
     }
@@ -29,9 +28,6 @@ class Users_Controller extends Controller {
     try {
       $valid = $form->validate();
       $user->full_name = $form->edit_user->full_name->value;
-      if ($form->edit_user->password->value) {
-        $user->password = $form->edit_user->password->value;
-      }
       $user->email = $form->edit_user->email->value;
       $user->url = $form->edit_user->url->value;
 
@@ -57,7 +53,38 @@ class Users_Controller extends Controller {
 
       $user->save();
       module::event("user_edit_form_completed", $user, $form);
-      message::success(t("User information updated."));
+      message::success(t("User information updated"));
+      print json_encode(
+        array("result" => "success",
+              "resource" => url::site("users/{$user->id}")));
+    } else {
+      print json_encode(array("result" => "error", "form" => (string) $form));
+    }
+  }
+
+  public function change_password($id) {
+    $user = user::lookup($id);
+    if ($user->guest || $user->id != identity::active_user()->id) {
+      access::forbidden();
+    }
+
+    $form = $this->_get_change_password_form($user);
+    try {
+      $valid = $form->validate();
+      $user->password = $form->change_password->password->value;
+      $user->validate();
+    } catch (ORM_Validation_Exception $e) {
+      // Translate ORM validation errors into form error messages
+      foreach ($e->validation->errors() as $key => $error) {
+        $form->change_password->inputs[$key]->add_error($error, 1);
+     }
+      $valid = false;
+    }
+
+    if ($valid) {
+      $user->save();
+      module::event("user_change_password_form_completed", $user, $form);
+      message::success(t("Password changed"));
       print json_encode(
         array("result" => "success",
               "resource" => url::site("users/{$user->id}")));
@@ -72,22 +99,45 @@ class Users_Controller extends Controller {
       access::forbidden();
     }
 
-    $v = new View("user_form.html");
-    $v->form = $this->_get_edit_form($user);
-    print $v;
+    print $this->_get_edit_form($user);
+  }
+
+  public function form_change_password($id) {
+    $user = user::lookup($id);
+    if ($user->guest || $user->id != identity::active_user()->id) {
+      access::forbidden();
+    }
+
+    print $this->_get_change_password_form($user);
+  }
+
+  private function _get_change_password_form($user) {
+    $form = new Forge(
+      "users/change_password/$user->id", "", "post", array("id" => "g-change-password-user-form"));
+    $group = $form->group("change_password")->label(t("Change your password"));
+    $group->password("old_password")->label(t("Old password"))->id("g-password")
+      ->callback("user::valid_password")
+      ->error_messages("invalid", t("Incorrect password"));
+    $group->password("password")->label(t("New password"))->id("g-password")
+      ->error_messages("min_length", t("Your new password is too short"));
+    $group->script("")
+      ->text(
+        '$("form").ready(function(){$(\'input[name="password"]\').user_password_strength();});');
+    $group->password("password2")->label(t("Confirm new password"))->id("g-password2")
+      ->matches($group->password)
+      ->error_messages("matches", t("The passwords you entered do not match"));
+
+    module::event("user_change_password_form", $user, $form);
+    $group->submit("")->value(t("Save"));
+    return $form;
   }
 
   private function _get_edit_form($user) {
     $form = new Forge("users/update/$user->id", "", "post", array("id" => "g-edit-user-form"));
-    $group = $form->group("edit_user")->label(t("Edit User: %name", array("name" => $user->name)));
+    $group = $form->group("edit_user")->label(t("Edit your profile"));
     $group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name)
       ->error_messages("length", t("Your name is too long"));
     self::_add_locale_dropdown($group, $user);
-    $group->password("password")->label(t("Password"))->id("g-password")
-      ->error_messages("min_length", t("Your password is too short"));
-    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
-      ->matches($group->password)
-      ->error_messages("matches", t("The passwords you entered do not match"));
     $group->input("email")->label(t("Email"))->id("g-email")->value($user->email)
       ->error_messages("email", t("You must enter a valid email address"))
       ->error_messages("length", t("Your email address is too long"))
diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php
index 3561021f..7ceca6a5 100644
--- a/modules/user/helpers/user.php
+++ b/modules/user/helpers/user.php
@@ -70,6 +70,12 @@ class user_Core {
     return false;
   }
 
+  static function valid_password($password_input) {
+    if (!user::is_correct_password(identity::active_user(), $password_input->value)) {
+      $password_input->add_error("invalid", 1);
+    }
+  }
+
   /**
    * Create the hashed passwords.
    * @param string $password a plaintext password
diff --git a/modules/user/views/user_form.html.php b/modules/user/views/user_form.html.php
deleted file mode 100644
index 4ce2b532..00000000
--- a/modules/user/views/user_form.html.php
+++ /dev/null
@@ -1,7 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<script type="text/javascript">
-  $("form").ready(function(){
-    $('input[name="password"]').user_password_strength();
-  });
-</script>
-<?= $form ?>
-- 
cgit v1.2.3


From 99a7f470b93d35717f8d5979d05da6cf05a1dd20 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 2 Feb 2010 21:48:01 -0800
Subject: Protect password changes against brute force attacks.

---
 modules/gallery/helpers/auth.php          | 10 ++++++++--
 modules/gallery/helpers/gallery_event.php | 12 ++++++++++--
 modules/user/controllers/users.php        | 12 ++++++++++--
 3 files changed, 28 insertions(+), 6 deletions(-)

(limited to 'modules')

diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php
index 16f8915a..717cf40a 100644
--- a/modules/gallery/helpers/auth.php
+++ b/modules/gallery/helpers/auth.php
@@ -78,10 +78,16 @@ class auth_Core {
     }
   }
 
+  static function validate_too_many_failed_password_changes($password_input) {
+    if (self::too_many_failed_logins(identity::active_user()->name)) {
+      $password_input->add_error("too_many_failed_password_changes", 1);
+    }
+  }
+
   /**
    * Record a failed login for this user
    */
-  static function record_failed_login($name) {
+  static function record_failed_auth_attempts($name) {
     $failed_login = ORM::factory("failed_login")
       ->where("name", "=", $name)
       ->find();
@@ -96,7 +102,7 @@ class auth_Core {
   /**
    * Clear any failed logins for this user
    */
-  static function record_successful_login($user) {
+  static function clear_failed_logins($user) {
     db::build()
       ->delete("failed_logins")
       ->where("name", "=", $user->name)
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 6479e2c3..7b538c49 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -110,11 +110,19 @@ class gallery_event_Core {
       graphics::choose_default_toolkit();
       module::clear_var("gallery", "choose_default_tookit");
     }
-    auth::record_successful_login($user);
+    auth::clear_failed_auth_attempts($user);
   }
 
   static function user_login_failed($name) {
-    auth::record_failed_login($name);
+    auth::record_failed_auth_attempts($name);
+  }
+
+  static function user_password_changed($user) {
+    auth::clear_failed_auth_attempts($user);
+  }
+
+  static function user_password_change_failed($name) {
+    auth::record_failed_auth_attempts($name);
   }
 
   static function item_index_data($item, $data) {
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index c11f22ff..166ff8b2 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -77,7 +77,7 @@ class Users_Controller extends Controller {
       // Translate ORM validation errors into form error messages
       foreach ($e->validation->errors() as $key => $error) {
         $form->change_password->inputs[$key]->add_error($error, 1);
-     }
+      }
       $valid = false;
     }
 
@@ -85,10 +85,14 @@ class Users_Controller extends Controller {
       $user->save();
       module::event("user_change_password_form_completed", $user, $form);
       message::success(t("Password changed"));
+      module::event("user_password_change", $user);
       print json_encode(
         array("result" => "success",
               "resource" => url::site("users/{$user->id}")));
     } else {
+      log::warning("user", t("Failed password change for %name", array("name" => $user->name)));
+      $name = $user->name;
+      module::event("user_password_change_failed", $name);
       print json_encode(array("result" => "error", "form" => (string) $form));
     }
   }
@@ -116,8 +120,12 @@ class Users_Controller extends Controller {
       "users/change_password/$user->id", "", "post", array("id" => "g-change-password-user-form"));
     $group = $form->group("change_password")->label(t("Change your password"));
     $group->password("old_password")->label(t("Old password"))->id("g-password")
+      ->callback("auth::validate_too_many_failed_password_changes")
       ->callback("user::valid_password")
-      ->error_messages("invalid", t("Incorrect password"));
+      ->error_messages("invalid", t("Incorrect password"))
+      ->error_messages(
+        "too_many_failed_password_changes",
+        t("Too many incorrect passwords.  Try again later"));
     $group->password("password")->label(t("New password"))->id("g-password")
       ->error_messages("min_length", t("Your new password is too short"));
     $group->script("")
-- 
cgit v1.2.3