public function save(Validation $validation = NULL) { $this->user_id = User::active_user()->id; $this->client_id = sha1($this->user_id . uniqid() . microtime()); $this->client_secret = sha1($this->user_id . uniqid() . microtime()); return parent::save($validation); }
public static function get_active_user() { if (empty(self::$active_user)) { if (isset($_SESSION['user_uid'])) { self::$active_user = User::get_user_and_update($_SESSION['user_uid']); } if (empty(self::$active_user)) { return false; } } return self::$active_user; }
/** * Sending mails * * @since 1.0.0 First time this method was introduced * @since 1.1.0 Added jQuery Textarea Characters Counter Plugin * * @link http://roy-jin.appspot.com/jsp/textareaCounter.jsp * * @uses Request::query * @uses Route::get * @uses Route::uri * @uses URL::query * @uses URL::site * @uses Validation::rule * @uses Config::get * @uses Config::load * @uses Assets::js */ public function action_mail() { $this->title = __('Contact us'); $config = Config::load('contact'); Assets::js('textareaCounter', 'media/js/jquery.textareaCounter.plugin.js', array('jquery'), FALSE, array('weight' => 10)); Assets::js('greet/form', 'media/js/greet.form.js', array('textareaCounter'), FALSE, array('weight' => 15)); //Add schema.org support $this->schemaType = 'ContactPage'; // Set form destination $destination = !is_null($this->request->query('destination')) ? array('destination' => $this->request->query('destination')) : array(); // Set form action $action = Route::get('contact')->uri(array('action' => $this->request->action())) . URL::query($destination); // Get user $user = User::active_user(); // Set mail types $types = $config->get('types', array()); $view = View::factory('contact/form')->set('destination', $destination)->set('action', $action)->set('config', $config)->set('types', $types)->set('user', $user)->bind('post', $post)->bind('errors', $this->_errors); // Initiate Captcha if ($config->get('use_captcha', FALSE) and !$this->_auth->logged_in()) { $captcha = Captcha::instance(); $view->set('captcha', $captcha); } if ($this->valid_post('contact')) { $post = Validation_Contact::factory($this->request->post()); if ($post->check()) { // Create the email subject $subject = __('[:category] :subject', array(':category' => $types[$post['category']], ':subject' => Text::plain($post['subject']))); // Create the email body $body = View::factory('email/contact')->set('name', $post['name'])->set('body', $post['body'])->set('config', Config::load('site'))->render(); // Create an email message $email = Email::factory()->to(Text::plain($this->_config->get('site_email', '*****@*****.**')), __('Webmaster :site', array(':site' => Template::getSiteName())))->subject($subject)->from($post['email'], Text::plain($post['name']))->message($body, 'text/html'); // @todo message type should be configurable // Send the message $email->send(); Log::info(':name sent an e-mail regarding :cat', array(':name' => Text::plain($post['name']), ':cat' => $types[$post['category']])); Message::success(__('Your message has been sent.')); // Always redirect after a successful POST to prevent refresh warnings $this->request->redirect(Route::get('contact')->uri(), 200); } else { $this->_errors = $post->errors('contact', TRUE); } } $this->response->body($view); }
/** * Make sure the user has permission to do the action on this object * * Similar to [Comment::access] but this return TRUE/FALSE instead of exception * * @param string $action The action `view|edit|delete` default `view` * @param ORM $comment The comment object * @param Model_User $user The user object to check permission, defaults to loaded in user * @param string $misc The misc element usually `id|slug` for logging purpose * * @return boolean * * @throws HTTP_Exception_404 * * @uses User::active_user * @uses Module::event */ public static function comment($action = 'view', ORM $comment, Model_User $user = NULL, $misc = NULL) { if (!in_array($action, array('view', 'edit', 'delete', 'add', 'list'), TRUE)) { // If the $action was not one of the supported ones, we return access denied. Log::notice('Unauthorized attempt to access non-existent action :act.', array(':act' => $action)); return FALSE; } if (!$comment->loaded()) { // If the $action was not one of the supported ones, we return access denied. throw HTTP_Exception::factory(404, 'Attempt to access non-existent comment.'); } // If no user object is supplied, the access check is for the current user. if (is_null($user)) { $user = User::active_user(); } if (self::check('bypass comment access', $user)) { return TRUE; } // Allow other modules to interact with access Module::event('comment_access', $action, $comment); if ($action === 'view') { if ($comment->status === 'publish' and self::check('access comment', $user)) { return TRUE; } elseif ($comment->status != 'publish' and $comment->author == (int) $user->id and $user->id != 1) { return TRUE; } elseif (self::check('administer comment', $user)) { return TRUE; } else { return FALSE; } } if ($action === 'edit') { if (self::check('edit own comment') and $comment->author == (int) $user->id and $user->id != 1) { return TRUE; } elseif (self::check('administer comment', $user)) { return TRUE; } else { return FALSE; } } if ($action === 'delete') { if ((self::check('delete own comment') or self::check('delete any comment')) and $comment->author == (int) $user->id and $user->id != 1) { return TRUE; } elseif (self::check('administer comment', $user)) { return TRUE; } else { return FALSE; } } return TRUE; }
/** * Updates or Creates the record depending on loaded() * * @param Validation $validation Validation object [Optional] * @return Post * * @uses URL::site * @uses User::active_user * @uses Config::get * @uses Cache::delete */ public function save(Validation $validation = NULL) { // Set some defaults $this->status = empty($this->status) ? 'draft' : $this->status; $this->promote = empty($this->promote) ? 0 : $this->promote; $this->sticky = empty($this->sticky) ? 0 : $this->sticky; $this->comment = empty($this->comment) ? 0 : $this->comment; $this->created = empty($this->created) ? time() : $this->created; $this->pubdate = empty($this->pubdate) ? time() : $this->pubdate; $this->updated = empty($this->updated) ? time() : $this->updated; //Ugly existing image check, not sure why empty behaves strange on $this->rawimage $image = isset($this->_original_values['image']) ? $this->_original_values['image'] : FALSE; $this->image = empty($image) ? NULL : $image; $this->type = empty($this->type) ? $this->_post_type : $this->type; $this->author = empty($this->author) ? User::active_user()->id : $this->author; $this->format = empty($this->format) ? Config::get('inputfilter.default_format', 1) : $this->format; // Always save only raw text, unformated text $this->teaser = empty($this->rawteaser) ? $this->_teaser() : $this->rawteaser; $this->body = $this->rawbody; parent::save($validation); if ($this->loaded()) { // Add or remove terms $this->_terms(); // Add or remove tags $this->_tags(); // Add or remove path aliases $this->aliases(); } Cache::instance($this->type)->delete($this->type . '-' . $this->id); return $this; }
/** * Detect language based on the user language settings. * * // Get the language * $lang = I18n::userLocale(); * * @return string */ public static function userLocale() { // Can't set guest users locale, default's to site locale if (User::is_guest()) { // Respect cookie if its set already or use default $locale = strtolower(Cookie::get(self::$_cookie, I18n::$default)); } else { $locale = User::active_user()->language; } if (self::isAvailable($locale)) { return $locale; } return FALSE; }
/** * Make sure the user has permission to do the action on this object * * Similar to Comment::access but this return True/False instead of exception * * @param bool|string $action The action view|edit|delete default view * @param Model_User $user The user object to check permission, defaults to logged in user * @param string $misc The misc element usually id|slug for logging purpose * * @throws HTTP_Exception_404 * * @return boolean|Model_Comment * * @uses Log::add * @uses User::active_user * @uses ACL::check * @uses Module::event */ public function user_can($action = FALSE, Model_User $user = NULL, $misc = NULL) { if (!$action) { $action = 'view'; } if (!in_array($action, array('view', 'edit', 'delete', 'add', 'list'), TRUE)) { // If the $action was not one of the supported ones, we return access denied. Log::notice('Unauthorised attempt to access non-existent action :act.', array(':act' => $action)); return FALSE; } if (!$this->loaded()) { // If the $action was not one of the supported ones, we return access denied. throw HTTP_Exception::factory(404, 'Attempt to access non-existent comment.'); } // If no user object is supplied, the access check is for the current user. if (empty($user)) { $user = User::active_user(); } if (ACL::check('bypass comment access', $user)) { return TRUE; } //allow other modules to interact with access Module::event('comment_access', $action, $this); // can view? if ($action === 'view') { if ($this->status === 'publish' and ACL::check('access comment', $user)) { return $this; } elseif ($this->status != 'publish' and $this->author == (int) $user->id and $user->id != 1) { return $this; } elseif (ACL::check('administer comment', $user)) { return $this; } else { Log::notice('Unauthorised attempt to view comment :post.', array(':post' => $this->id)); return FALSE; } } // can edit? if ($action === 'edit') { if (ACL::check('edit own comment') and $this->author == (int) $user->id and $user->id != 1) { return $this; } elseif (ACL::check('administer comment', $user)) { return $this; } else { Log::notice('Unauthorised attempt to edit comment :post.', array(':post' => $this->id)); return FALSE; } } // can delete? if ($action === 'delete') { if ((ACL::check('delete own comment') or ACL::check('delete any comment')) and $this->author == (int) $user->id and $user->id != 1) { return $this; } elseif (ACL::check('administer comment', $user)) { return $this; } else { Log::notice('Unauthorised attempt to delete comment :post.', array(':post' => $this->id)); return FALSE; } } return TRUE; }
/** * Load messages list * * Example: * ~~~ * // Get all messages from inbox. Sorting mode is ascending * ORM::factory('message')->load(PM::INBOX, 'asc'); * * // Get all messages from outbox. Sorting mode is descending * ORM::factory('message')->load(PM::OUTBOX); * * // Get all draft messages. Sorting mode is descending * ORM::factory('message')->load(PM::DRAFTS); * * // Get all messages from inbox, outbox and drafts * // Sorting mode is descending * ORM::factory('message')->load(); * ~~~ * * [!!] Note: The $direction may be 'asc' for ascending sort mode, * or 'desc' for descending sort mode. * * For message type constants see [PM] class * * @param integer $type Message type, eg. PM::INBOX, PM::OUTBOX, PM::DRAFTS [Optional] * @param string $direction Sort mode of messages [Optional] * * @return Model_Message * * @todo Cache */ public function load($type = 0, $direction = self::DESC) { if (!$this->loaded()) { $this->order_by('created', $direction); $user = User::active_user(); switch ($type) { case PM::INBOX: $this->where_open()->where('recipient', '=', $user->id)->and_where('status', '!=', PM::STATUS_DRAFT)->where_close(); break; case PM::OUTBOX: $this->where_open()->where('sender', '=', $user->id)->and_where('status', '!=', PM::STATUS_DRAFT)->where_close(); break; case PM::DRAFTS: $this->where_open()->where('sender', '=', $user->id)->and_where('status', '=', PM::STATUS_DRAFT)->where_close(); break; default: $this->where_open()->where('sender', '=', $user->id)->or_where('recipient', '=', $user->id)->where_close(); } } return $this; }