/** * GxMain Admin Function. * This will load the backend controller. Secured, so to access it must be * logged in with a current privilege. Default privilege is 2. * * @author Puguh Wijayanto (www.metalgenix.com) * @since 0.0.1 */ public function admin() { Session::start(); User::secure(); System::gZip(); if (User::access(2)) { Control::handler('backend'); } else { Theme::admin('header'); Control::error('noaccess'); Theme::admin('footer'); } System::Zipped(); }
/** * check access */ protected function checkUserAccess($action_id) { $uid = Yii::app()->user->id; //当前用户ID $this->_access = User::access($uid); if (in_array($uid, $this->supperUsers)) { return true; } if (true === $this->_skip) { return true; } if (is_array($this->_allowAccess) && in_array($action_id, $this->_allowAccess)) { return true; } if (!$this->_access || !in_array($action_id, $this->_access)) { throw new \Exception(__('access deny')); } }
if ($b->error) { if ($fallback_id) { $lock = new Lock('Block', $fallback_id); $b = new Block($fallback_id); $b->new_id = $id; } if ($b->error) { if (User::require_acl('admin', 'admin/edit', 'blocks')) { $fallback_id = $id; echo $tpl->render('blocks/editable', (object) array('id' => $fallback_id, 'locked' => false, 'title' => false)); } return; } } // permissions if ($b->access !== 'public') { if (!User::require_login()) { return; } if (!User::access($b->access)) { return; } } if ($b->show_title == 'yes') { printf('<' . $level . '>%s</' . $level . '>', $b->title); } $b->locked = $lock->exists(); if (User::require_acl('admin', 'admin/edit', 'blocks')) { echo $tpl->render('blocks/editable', $b); } echo $tpl->run_includes($b->body);
* */ define('GX_PATH', realpath(__DIR__ . '/../')); define('GX_LIB', GX_PATH . '/inc/lib/'); define('GX_MOD', GX_PATH . '/inc/mod/'); define('GX_THEME', GX_PATH . '/inc/themes/'); define('GX_ASSET', GX_PATH . '/assets/'); require "../autoload.php"; try { new System(); } catch (Exception $e) { echo $e->getMessage(); } Session::start(); User::secure(); if (User::access(2)) { // A list of permitted file extensions $allowed = array('png', 'jpg', 'jpeg', 'gif'); if (isset($_FILES['file']) && $_FILES['file']['error'] == 0) { $extension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION); if (!in_array(strtolower($extension), $allowed)) { echo '{"status":"error"}'; exit; } if (move_uploaded_file($_FILES['file']['tmp_name'], GX_PATH . '/assets/images/uploads/' . $_FILES['file']['name'])) { $tmp = GX_PATH . '/assets/images/uploads/' . $_FILES['file']['name']; echo Site::$url . '/assets/images/uploads/' . $_FILES['file']['name']; //echo '{"status":"success"}'; exit; } }
/** * Alias of `require_acl('content/' . $access)`, prepending the * `content/` string to the resource name before comparing it. * Where `User::require_acl('resource')` is good for validating * access to any resource type, `User::access('member')` is used * for content access levels. * * Can also be called via `User::access()` and it will return an * array of the access values which the current user may access, * for example: * * array ('public' => 'Public', 'member' => 'Member') */ public static function access($access = null) { if ($access !== null) { return self::require_acl('content/' . $access); } $access = array(); $list = self::access_list(); foreach ($list as $k => $v) { if (User::access($k)) { $access[$k] = $v; } } return $access; }
} // get it from the database $wp = new Webpage($id); // page not found if ($wp->error) { echo $this->error(404, i18n_get('Page not found'), '<p>' . i18n_get('Hmm, we can\'t seem to find the page you wanted at the moment.') . '</p>'); return; } // access control if ($wp->access !== 'public' && !User::is('admin')) { if (!User::require_login()) { $page->title = i18n_get('Login required'); echo $this->run('user/login'); return; } if (!User::access($wp->access)) { $page->title = i18n_get('Login required'); echo $this->run('user/login'); return; } } // set the page properties $page->id = $id; $page->title = $wp->title; $page->_menu_title = $wp->menu_title; $page->_window_title = $wp->window_title; $page->description = $wp->description; $page->keywords = $wp->keywords; $page->layout = $wp->layout; $page->head = $wp->head; // show admin edit buttons
public function create(User $user, $package, $model, $array) { if ($user->getVerified() && $user->access($package, $model, Access::INSERT)) { $table = strtolower($package . "_" . $model); $sql = $this->sql(array('query' => self::$CREATE, 'table' => $table, 'data' => $array)); $db = DataBase::getInstance(); //var_dump($sql); return $db->execute($sql); } else { header('HTTP/1.0 401 Unauthorized'); exit(0); } }