/**
* List current set of users
*
* @version 1.0
* @since 1.0.0
* @author Dan Aldridge
*
* @return void
*/
public function manage()
{
$objSQL = Core_Classes_coreObj::getDBO();
$objTPL = Core_Classes_coreObj::getTPL();
$objTime = Core_Classes_coreObj::getTime();
$objUser = Core_Classes_coreObj::getUser();
$objTPL->set_filenames(array('body' => cmsROOT . Core_Classes_Page::$THEME_ROOT . 'block.tpl', 'panel' => cmsROOT . 'modules/core/views/admin/users/list.tpl'));
$query = $objSQL->queryBuilder()->select('*')->from('#__users')->orderby('id')->build();
$users = $objSQL->fetchAll($query, 'id');
if (!$users) {
msgDie('INFO', 'Cant query users :/');
return false;
}
foreach ($users as $id => $user) {
switch ($user['userlevel']) {
case ADMIN:
$role = 'Administrator';
break;
case MOD:
$role = 'Moderator';
break;
case USER:
$role = 'User';
break;
}
$objTPL->assign_block_vars('user', array('ID' => $id, 'NAME' => $objUser->makeUsername($id), 'EMAIL' => $user['email'], 'DATE_REGISTERED' => $objTime->mk_time($user['register_date']), 'ROLE' => $role, 'STATUS' => $user['active'] == '1' ? 'Active' : 'Disabled', 'STATUS_LABEL' => $user['active'] == '1' ? 'success' : 'error'));
}
$objTPL->parse('panel', false);
Core_Classes_coreObj::getAdminCP()->setupBlock('body', array('cols' => 3, 'vars' => array('TITLE' => 'User Management', 'CONTENT' => $objTPL->get_html('panel', false), 'ICON' => 'fa-icon-user'), 'custom_html' => array('HTML' => Core_Classes_coreObj::getForm()->inputBox('search_user', 'text', '', array('class' => 'input-mini', 'placeholder' => 'Search..')))));
}
/**
* Generate a date string from a timestamp
*
* @version 1.0
* @since 1.0.0
* @author Dan Aldridge
*
* @param int $timestamp
* @param string $format
* @param bool $format
*
* @return string
*/
public function mk_time($timestamp, $format = 'db', $return = 0)
{
// Get the instances we need
$objUser = Core_Classes_coreObj::getUser();
$translate = array();
$format = $format == 'db' ? $this->config('site', 'time', 'jS F h:ia') : $format;
$timestamp = isset($timestamp) ? $timestamp : time();
$timestamp = date('I') == 0 ? $this->mod_time($timestamp, 0, 0, 1) : $timestamp;
// If User is logged in, Use his/her timezone
if (Core_Classes_User::$IS_ONLINE && $objUser->grab('timezone')) {
$this->mod_time($timestamp, 0, 0, $objUser->grab('timezone'));
}
// Translate the date if it's possible
if (empty($translate) && $this->currentLanguage != 'en') {
$lang_date = langVar('DATETIME');
reset($lang_date);
while (list($match, $replace) = each($lang_date)) {
$translate[$match] = $replace;
}
}
// If we're not meant to return anything,
if ($return === 0) {
$return = gmdate($format, $timestamp);
// Execute translation if there is a translation
if (!empty($translate)) {
$return = strtr($return, $translate);
}
} else {
$return = $timestamp;
}
// Tidy up
unset($objUser, $translate, $format, $timestamp, $lang_date, $match, $replace, $format);
return $return;
}
public function login_process()
{
$objUser = Core_Classes_coreObj::getUser();
$objLogin = Core_Classes_coreObj::getLogin();
$objPage = Core_Classes_coreObj::getPage();
if ($objLogin->process() !== true) {
$this->login_form();
return;
}
$objPage->redirect(doArgs('referer', '/' . root(), $_SESSION['login']), 0);
}
/**
* Set the view for the method.
*
* @version 1.0
* @since 1.0.0
* @author Dan Aldridge
*
* @param string $view
*
* @return mixed
*/
public function setView($view = 'default')
{
$objTPL = Core_Classes_coreObj::getTPL();
$objUser = Core_Classes_coreObj::getUser();
$classPrefixes = array('Modules_', 'Admin_');
$module = $this->getVar('_module');
$method = $this->getVar('_method');
$view = str_replace('.tpl', '', $view);
$moduleInfo = explode('_', $module);
if (is_empty($view)) {
trigger_error('You did not set a view for this method.');
return false;
}
// Allow Developers to test custom views
/*if( !empty( $_GET['view'] ) ) { // @TODO Add && IS_ADMIN
$tempPath = sprintf('modules/%s/views/%s.tpl', $module, $_GET['view']);
if( is_readable( $tempPath ) ) {
$view = $_GET['view'];
} else {
trigger_error('The view overide you attempted to use dow work');
return false;
}
}*/
// define a path for the views, & check for an override within there too
$path = sprintf('modules/%s/views/%s.tpl', str_replace($classPrefixes, '', $module), $view);
if (in_array('Override', $moduleInfo)) {
$module = str_replace($classPrefixes, '', get_parent_class($this));
$file = sprintf('themes/%1$s/override/modules/%2$s/%3$s.tpl', $objUser->grab('theme'), $module, $view);
if (is_file($file)) {
$path = $file;
}
}
if (!is_file($path)) {
trigger_error($path . ' is not a valid path');
return false;
}
$objTPL->set_filenames(array('body' => $path));
$this->setVar('viewSet', true);
return $objTPL;
}
/**
* Gathers Output info for the Config Array
*
* @version 1.0
* @since 1.0.0
* @author Dan Aldridge
*
* @return array
*/
public function getConfig()
{
$count = 0;
$content = '';
$perms = array('IS_ONLINE' => Core_Classes_User::$IS_ONLINE, 'IS_USER' => Core_Classes_User::$IS_USER, 'IS_MOD' => Core_Classes_User::$IS_MOD, 'IS_ADMIN' => Core_Classes_User::$IS_ADMIN);
$objUser = Core_Classes_coreObj::getUser();
$content .= dump($perms, 'Global User Perms for ' . $objUser->grab('username'));
$config = $this->config();
// wipe it out on the dev page, dont mind the debug showing but no need to output our db stuff :P
if ($_SERVER['HTTP_HOST'] == 'dev.cybershade.org') {
unset($config['db']);
}
$content .= dump($config, 'config');
return array('count' => $count, 'content' => $content);
}
/**
* Displays a confirmation messagebox.
*
* @version 1.0
* @since 1.0.0
* @author Dan Aldridge
*
* @param string $type
* @param string $msg
* @param string $title
* @param string $tplVar
*
* @return bool
*/
function confirmMsg($type, $msg, $title = NULL, $tplVar = NULL)
{
$objPage = Core_Classes_coreObj::getPage();
$objForm = Core_Classes_coreObj::getForm();
$objUser = Core_Classes_coreObj::getUser();
//check if we have confirmed either way yet
if (!HTTP_POST) {
//setup redirects and session ids
$_SESSION['site']['confirm']['return'] = isset($_SERVER['HTTP_REFERER']) && !is_empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/' . root() . '';
$_SESSION['site']['confirm']['sessid'] = $sessid = $objUser->mkPassword($objUser->grab('username') . time());
//and the form, atm its gotta be crude, it'll be sexied up for the rebuild
$newMsg = $objForm->start('msg', array('method' => 'POST'));
$newMsg .= $msg . '<br />';
$newMsg .= $objForm->inputbox('sessid', 'hidden', $sessid) . '<br />';
$newMsg .= '<div align="center">' . $objForm->button('submit', 'Continue') . ' ' . $objForm->button('submit', 'Go Back', array('class' => 'black')) . '</div>';
$newMsg .= $objForm->finish();
//use msg() to output and return false so the code wont exec below
echo msg($type, $newMsg, $tplVar, $title);
return false;
} else {
//now we have confirmed, lets do a little sanity checking
$redir = $_SESSION['site']['confirm']['return'];
//we have the sessid
if (!isset($_POST['sessid'])) {
hmsgDie('FAIL', 'Error: Please confirm your intentions via the form.');
}
if ($_POST['sessid'] != $_SESSION['site']['confirm']['sessid']) {
hmsgDie('FAIL', 'Error: Could not verify your intentions.');
}
//dont need this anymore
unset($_SESSION['site']['confirm']);
//make sure we actually have the submit
if (!isset($_POST['submit'])) {
hmsgDie('FAIL', 'Error: Could not verify your intentions.');
}
//now check for what we expect and act accordingly
if ($_POST['submit'] == 'Continue') {
return true;
}
if ($_POST['submit'] == 'Go Back') {
$objPage->redirect($redir, 3, 0);
hmsgDie('INFO', 'Redirecting you back.');
}
//if we get here, they tried to play us, so lets just return false anyway
return false;
}
}
<?php
/*======================================================================*\
|| Cybershade CMS - Your CMS, Your Way ||
\*======================================================================*/
define('INDEX_CHECK', true);
define('cmsDEBUG', true);
$GET = $_GET;
require_once 'core/core.php';
$objRoute = Core_Classes_coreObj::getRoute();
$objPage = Core_Classes_coreObj::getPage();
$objTPL = Core_Classes_coreObj::getTPL();
$objAdmin = Core_Classes_coreObj::getAdminCP('', $GET);
$objUser = Core_Classes_coreObj::getUser();
$objRoute->modifyGET($GET);
if (!Core_Classes_User::$IS_ONLINE || !Core_Classes_User::$IS_ADMIN) {
// Need to sort out login
// $objRoute->throwHTTP(404);
$objPage->redirect('/' . root() . 'login');
exit;
}
$objPage->setTheme('perfectum-mootools');
$objPage->addBreadcrumbs(array(array('url' => '/' . root() . $objAdmin->mode . '/', 'name' => ucwords($objAdmin->mode) . ' Control Panel')));
$objPage->setTitle('Cybershade CMS Administration Panel');
// grab the nav and throw the baSic tpl setups together
$objAdmin->getNav();
$objPage->tplGlobals();
// sort the route out, see what we need to do
$objAdmin->invokeRoute();
// and then output..something
$objPage->showHeader();
/**
* Returns the html for the pagination
*
* @version 1.0
* @since 1.0.0
* @author Dan Aldridge
*
* @param array $options
*
* @return int
*/
public function getPagination($options = array())
{
$options = array('url' => doArgs('url', '', $options), 'controls' => doArgs('controls', false, $options), 'type' => doArgs('type', 'pagination-mini', $options), 'showOne' => doArgs('showOne', false, $options));
$objTPL = Core_Classes_coreObj::getTPL();
$objUser = Core_Classes_coreObj::getUser();
// if we have 1 or less pages, then unless we specifically want to see it, hide the pagination
if ($this->getTotalPages() <= 1) {
if ($options['showOne'] === false) {
return '';
}
}
// generate the pagination handle - each one has to be diff, to support > 1 on a page
$handle = 'pagination_' . randCode(6);
$objTPL->set_filenames(array($handle => cmsROOT . 'modules/core/views/markup.tpl'));
// figure out which one we want to use
$switch = IS_ONLINE ? $objUser->get('paginationStyle') : '1';
if (!method_exists($this, 'paginationStyle' . $switch)) {
$switch = '1';
}
$pages = $this->{'paginationStyle' . $switch}($options['controls']);
$pages = isset($pages) ? $pages : array();
// setup the output
$objTPL->assign_block_vars('pagination', array('TYPE' => $options['type']));
foreach ($pages as $page) {
$objTPL->assign_block_vars('pagination.page', array('NUM' => doArgs('label', doArgs('count', '0', $page), $page), 'STATE' => doArgs('state', '', $page)));
if (doArgs('url', true, $page)) {
$objTPL->assign_block_vars('pagination.page.url', array('URL' => doArgs('url', true, $page) ? $this->url . $this->instance . '=' . doArgs('count', '0', $page) : ''));
} else {
$objTPL->assign_block_vars('pagination.page.span', array());
}
}
// and output
$objTPL->parse($handle, false);
return $objTPL->get_html($handle);
}
public function tplGlobals()
{
$objUser = Core_Classes_coreObj::getUser();
$tplGlobals = array('ROOT' => root(), 'THEME_ROOT' => root() . self::$THEME_ROOT, 'SITE_TITLE' => $this->config('site', 'title'), 'USERNAME' => $objUser->grab('username'), 'U_UCP' => '/' . root() . 'user/', 'L_UCP' => langVar('L_UCP'));
if (!Core_Classes_User::$IS_ONLINE) {
$tplGlobals += array('U_LOGIN' => '/' . root() . 'login', 'L_LOGIN' => 'Login');
} else {
$tplGlobals += array('U_LOGIN' => '/' . root() . 'logout?check=' . $objUser->grab('usercode'), 'L_LOGIN' => 'Logout');
}
$moreTPL = Core_Classes_coreObj::getPlugins()->hook('CMS_PAGE_TPL_GLOBALS');
if (is_array($moreTPL) && count($moreTPL) > 1) {
foreach ($moreTPL as $vars) {
$tplGlobals = array_merge($tplGlobals, $vars);
}
}
Core_Classes_coreObj::getTPL()->assign_vars($tplGlobals);
}
/**
* Checks whether the user has exceeded the login quota
*
* @version 1.0
* @since 1.0.0
* @author Daniel Noel-Davies
*
* @param bool $dontUpdate
*
* @return bool
*/
public function attemptsCheck($dontUpdate = false)
{
if ($this->onlineData['login_time'] >= time()) {
return false;
} elseif ($this->onlineData['login_attempts'] > $this->config('login', 'max_login_tries')) {
if ($this->onlineData['login_time'] == '0') {
$objSQL = Core_Classes_coreObj::getDBO();
$objTime = Core_Classes_coreObj::getTime();
$objUser = Core_Classes_coreObj::getUser();
$query = $objSQL->queryBuilder()->update('#__sessions')->set(array('login_time' => $objTime->mod_time(time(), 0, 15), 'login_attempts' => '0'))->where('sid', '=', $objUser->grab('userkey'))->build();
$objSQL->query($query);
}
return false;
}
if ($dontUpdate === true) {
return true;
}
if ($this->userData['login_attempts'] >= $this->config('login', 'max_login_tries')) {
if ($this->userData['login_attempts'] === $this->config('login', 'max_login_tries')) {
//deactivate the users account
Core_Classes_coreObj::getUser()->toggle($this->userData['id'], 'active', false);
}
return false;
}
return true;
}
/**
* Invokes the action of a route
*
* @version 1.0
* @since 1.0.0
* @author Daniel Noel-Davies & Dan Aldridge
*
* @return bool
*/
public function invokeRoute()
{
$route = $this->getVar('route');
if (is_empty($route)) {
$this->throwHTTP(404);
return;
}
cmsDEBUG ? memoryUsage('Route: Executing Route ' . dump($route)) : '';
$objUser = Core_Classes_coreObj::getUser();
// Check if the route is a redirection
if (!is_empty($route['redirect'])) {
// TODO: Add Internal Redirections (Internal, meaning no 301, just different internal processing)
$this->throwHTTP(301, $route['redirect']);
return true;
}
// We assume the invoke is a module call, Let's go!
$module = $route['arguments']['module'];
$method = $route['arguments']['method'];
// Check the class and subsequent method are callable, else trigger an error
if (class_exists($module) === false || is_callable(array($module, $method)) === false) {
trigger_error('The module or method you are trying to call, dosen\'t exist.');
$a = array('module' => $module, 'method' => $method);
echo dump($a, 'You are trying to call..');
return false;
}
// test for override within the directory
$_module = str_replace('Modules_', '', $module);
$path = cmsROOT . 'themes/%1$s/override/modules/%2$s/%3$s/class.%3$s.php';
if (is_readable(sprintf($path, $objUser->grab('theme'), $_module, $method)) === true) {
$overrideClass = 'Override_Modules_' . $_module . '_' . $method;
$getMethod = new ReflectionMethod($overrideClass, $method);
// test to see if its callable, & declared in the right bloody class >.<
if (is_callable(array($overrideClass, $method)) && $getMethod->getDeclaringClass()->name === $overrideClass) {
$module = $overrideClass;
}
}
// Retrieve the info we need about the class and method
$refMethod = new ReflectionMethod($module, $method);
$params = $refMethod->getParameters();
$args = array();
// Loop through the parameters the method asks for, and match them up with our arguments
foreach ($params as $k => $name) {
$var = $name->getName();
// check if the var they asked for is in the params
if (!isset($route['arguments'][$var])) {
$args[$var] = null;
continue;
}
// and then check if we have to throw the var at them as a reference
if ($name->isPassedByReference()) {
$args[$var] =& $route['arguments'][$var];
} else {
$args[$var] = $route['arguments'][$var];
}
}
// GO! $Module!, $Module used $Method($args)... It was super effective!
ob_start();
$objModule = new $module();
$objModule->setVars(array('_method' => $method, '_module' => $module, '_params' => $route['arguments']));
$refMethod->invokeArgs($objModule, $args);
$objPage = Core_Classes_coreObj::getPage();
$objPage->addMeta(array('name' => 'module', 'content' => $module));
$objPage->addMeta(array('name' => 'method', 'content' => $method));
$objPage->setVar('contents', ob_get_clean());
return $objModule;
}
/**
* Authorizes a peice of uploaded content
*
* @version 1.0
* @since 1.0.0
* @author Richard Clifford
*
* @param int $fid The file ID
* @param bool $confirm Confirm with the user that the upload has been authorized
*
* @return bool
*/
public function authorize($fid, $confirm = false)
{
if (is_empty($fid)) {
return false;
}
$objPlugins = Core_Classes_coreObj::getPlugins();
$objSQL = Core_Classes_coreObj::getDBO();
$objUser = Core_Classes_coreObj::getUser();
// Check if the file is already authorized
$checkAuth = $objSQL->queryBuilder()->select('authorized', 'uid')->from('#__uploads')->where('id', '=', $fid)->build();
$fileAuth = $objSQL->fetchLine($checkAuth);
$objPlugins->hook('CMS_AUTHORIZE_UPLOAD');
// return true if the file is already authorized
if (isset($fileAuth['authorized']) && $fileAuth['authorized'] == '1') {
return true;
}
// Update the uploads content to be authorized
$query = $objSQL->queryBuilder()->update('#__uploads')->set(array('authorized' => 1))->where('id', '=', $fid)->build();
$result = $objSQL->query($query);
if ($result) {
$uid = !is_empty($fileAuth['uid']) ? $fileAuth['uid'] : false;
if ($confirm && $uid) {
$to = $objUser->get('email', $fileAuth['uid']);
$from = sprintf('no-reply@', ltrim($_SERVER['SERVER_NAME'], 'www.'));
$subject = sprintf('Your upload has been authorized - %s', $_SERVER['SERVER_NAME']);
$message = sprintf('Your upload has now been authorized at %s', $_SERVER['SERVER_NAME']);
_mailer($to, $from, $subject, $message);
}
return true;
}
return false;
}
/**
* Assign a user Moderator status over a group
*
* @version 1.0
* @since 1.0.0
* @author Dan Aldridge
*
* @param int $uid User's ID
* @param int $gid Group ID
*
* @return bool
*/
function makeModerator($uid, $gid)
{
if (!is_number($uid)) {
trigger_error('$uid is not valid');
return false;
}
if (!is_number($gid)) {
trigger_error('$gid is not valid');
return false;
}
$group = $this->getGroup($gid);
// test to make sure group isnt a single user group
if ($group['single_user_group']) {
trigger_error('Group is user specific, Cannot reassign Moderator');
return false;
}
$objSQL = Core_Classes_coreObj::getDBO();
$objUser = Core_Classes_coreObj::getUser();
// make sure old moderator is a subscriber
$oldModQuery = $objSQL->queryBuilder()->select('*')->from('#__group_subs')->where(sprintf('gid = "%s" AND uid = "%s"', $gid, $group['moderator']))->limit(1)->build();
$oldModerator = $objSQL->fetchLine($oldModQuery);
if (is_empty($oldModerator)) {
$this->joinGroup($group['moderator'], $gid, 0);
}
// make $uid new moderator
if ($group['moderator'] != $uid) {
unset($update);
$update['moderator'] = $uid;
$update = $objSQL->queryBuilder()->update('#__group_subs')->set($update)->where(sprintf('id = "%s"', $gid))->build();
$log = 'User Groups: ' . $objUser->profile($uid, RAW) . ' has been made group Moderator of ' . $group['name'];
Core_Classes_coreObj::getPlugins()->hook('CMSGroups_changeModerator', array($uid, $gid));
}
// make the moderator a subscriber too
$this->joinGroup($uid, $gid, 0);
return true;
}
/**
* Gets the form token for the session
*
* @version 1.0
* @since 1.0.0
* @author Dan Aldridge
*
* @param bool $forceNew
*
* @return string $token
*/
public function getFormToken($forceNew = false)
{
$objUser = Core_Classes_coreObj::getUser();
return self::getToken($forceNew);
}
