/**
* GxMain Admin Function.
* This will load the backend controller. Secured, so to access it must be
* logged in with a current privilege. Default privilege is 2.
*
* @author Puguh Wijayanto (www.metalgenix.com)
* @since 0.0.1
*/
public function admin()
{
Session::start();
User::secure();
System::gZip();
if (User::access(2)) {
Control::handler('backend');
} else {
Theme::admin('header');
Control::error('noaccess');
Theme::admin('footer');
}
System::Zipped();
}
/**
* check access
*/
protected function checkUserAccess($action_id)
{
$uid = Yii::app()->user->id;
//当前用户ID
$this->_access = User::access($uid);
if (in_array($uid, $this->supperUsers)) {
return true;
}
if (true === $this->_skip) {
return true;
}
if (is_array($this->_allowAccess) && in_array($action_id, $this->_allowAccess)) {
return true;
}
if (!$this->_access || !in_array($action_id, $this->_access)) {
throw new \Exception(__('access deny'));
}
}
if ($b->error) {
if ($fallback_id) {
$lock = new Lock('Block', $fallback_id);
$b = new Block($fallback_id);
$b->new_id = $id;
}
if ($b->error) {
if (User::require_acl('admin', 'admin/edit', 'blocks')) {
$fallback_id = $id;
echo $tpl->render('blocks/editable', (object) array('id' => $fallback_id, 'locked' => false, 'title' => false));
}
return;
}
}
// permissions
if ($b->access !== 'public') {
if (!User::require_login()) {
return;
}
if (!User::access($b->access)) {
return;
}
}
if ($b->show_title == 'yes') {
printf('<' . $level . '>%s</' . $level . '>', $b->title);
}
$b->locked = $lock->exists();
if (User::require_acl('admin', 'admin/edit', 'blocks')) {
echo $tpl->render('blocks/editable', $b);
}
echo $tpl->run_includes($b->body);
*
*/
define('GX_PATH', realpath(__DIR__ . '/../'));
define('GX_LIB', GX_PATH . '/inc/lib/');
define('GX_MOD', GX_PATH . '/inc/mod/');
define('GX_THEME', GX_PATH . '/inc/themes/');
define('GX_ASSET', GX_PATH . '/assets/');
require "../autoload.php";
try {
new System();
} catch (Exception $e) {
echo $e->getMessage();
}
Session::start();
User::secure();
if (User::access(2)) {
// A list of permitted file extensions
$allowed = array('png', 'jpg', 'jpeg', 'gif');
if (isset($_FILES['file']) && $_FILES['file']['error'] == 0) {
$extension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
if (!in_array(strtolower($extension), $allowed)) {
echo '{"status":"error"}';
exit;
}
if (move_uploaded_file($_FILES['file']['tmp_name'], GX_PATH . '/assets/images/uploads/' . $_FILES['file']['name'])) {
$tmp = GX_PATH . '/assets/images/uploads/' . $_FILES['file']['name'];
echo Site::$url . '/assets/images/uploads/' . $_FILES['file']['name'];
//echo '{"status":"success"}';
exit;
}
}
/**
* Alias of `require_acl('content/' . $access)`, prepending the
* `content/` string to the resource name before comparing it.
* Where `User::require_acl('resource')` is good for validating
* access to any resource type, `User::access('member')` is used
* for content access levels.
*
* Can also be called via `User::access()` and it will return an
* array of the access values which the current user may access,
* for example:
*
* array ('public' => 'Public', 'member' => 'Member')
*/
public static function access($access = null)
{
if ($access !== null) {
return self::require_acl('content/' . $access);
}
$access = array();
$list = self::access_list();
foreach ($list as $k => $v) {
if (User::access($k)) {
$access[$k] = $v;
}
}
return $access;
}
}
// get it from the database
$wp = new Webpage($id);
// page not found
if ($wp->error) {
echo $this->error(404, i18n_get('Page not found'), '<p>' . i18n_get('Hmm, we can\'t seem to find the page you wanted at the moment.') . '</p>');
return;
}
// access control
if ($wp->access !== 'public' && !User::is('admin')) {
if (!User::require_login()) {
$page->title = i18n_get('Login required');
echo $this->run('user/login');
return;
}
if (!User::access($wp->access)) {
$page->title = i18n_get('Login required');
echo $this->run('user/login');
return;
}
}
// set the page properties
$page->id = $id;
$page->title = $wp->title;
$page->_menu_title = $wp->menu_title;
$page->_window_title = $wp->window_title;
$page->description = $wp->description;
$page->keywords = $wp->keywords;
$page->layout = $wp->layout;
$page->head = $wp->head;
// show admin edit buttons
public function create(User $user, $package, $model, $array)
{
if ($user->getVerified() && $user->access($package, $model, Access::INSERT)) {
$table = strtolower($package . "_" . $model);
$sql = $this->sql(array('query' => self::$CREATE, 'table' => $table, 'data' => $array));
$db = DataBase::getInstance();
//var_dump($sql);
return $db->execute($sql);
} else {
header('HTTP/1.0 401 Unauthorized');
exit(0);
}
}
