public function action_point()
{
$xy = Security::xss_clean($this->request->param('id', 0));
$e = explode('-', $xy);
$x = round($e[0]);
$y = round($e[1]);
}
public function action_questions()
{
$list = ORM::factory('Expert_Question')->where('is_answered', '=', 1);
$search = Security::xss_clean(Arr::get($_POST, 'search', ''));
if (!empty($search)) {
$list->and_where('question', 'LIKE', '%' . $search . '%');
}
$list = $list->order_by('date', 'DESC');
$paginate = Paginate::factory($list)->paginate(NULL, NULL, 10)->render();
$list = $list->find_all();
$this->set('search', $search);
$this->set('list', $list);
$this->set('paginate', $paginate);
if ($this->request->method() == Request::POST) {
if (Auth::instance()->logged_in()) {
try {
$user_id = Auth::instance()->get_user()->id;
$question = ORM::factory('Expert_Question');
$question->user_id = $user_id;
$question->question = Arr::get($_POST, 'question', '');
$question->date = date('Y-m-d H:i:s');
$question->save();
} catch (ORM_Validation_Exception $e) {
}
} else {
Message::success(i18n::get('You have to login'));
}
}
$this->add_cumb('Question-answer', '/');
}
public function action_spam()
{
$id = (int) $this->request->param('id', 0);
$question = ORM::factory('Feedback_Question', $id);
$user_id = $this->user->id;
if (!$question->loaded()) {
$this->redirect('manage/feedback');
}
$token = Arr::get($_POST, 'token', false);
$return = Security::xss_clean(Arr::get($_GET, 'r', 'manage/expert'));
$this->set('return', Url::media($return));
if ($this->request->method() == Request::POST && Security::token() === $token) {
$question->is_spam = ($question->is_spam + 1) % 2;
$question->spam_mod_id = $user_id;
$question->save();
if ($question->is_spam == 1) {
Message::success(i18n::get('The question is marked as spam'));
} else {
Message::success(i18n::get('Marked "Spam" is removed from the question'));
}
$this->redirect($return);
} else {
if ($question->loaded()) {
$this->set('question', $question)->set('token', Security::token(true));
} else {
$this->redirect('manage/expert');
}
}
}
public function before()
{
parent::before();
$this->detect_language();
/* Вспомогательный класс */
$this->api = new Api();
$this->auth_token = $this->request->headers('tokenAuth');
/* Обрабатываем POST со строкой json */
$this->post = json_decode($HTTP_RAW_POST_DATA = file_get_contents('php://input'), true);
/* Инициализация параметров limit и offset для запроса, по умолчанию limit = 10, offset = 0 */
$this->offset = Security::xss_clean(Arr::get($this->post, 'offset', 0));
$this->limit = Security::xss_clean(Arr::get($this->post, 'limit', 10));
//Инициализация типа для запроса и id Для запроса
$option = Security::xss_clean(Arr::get($this->post, 'option', array()));
$this->entryType = strtolower(Security::xss_clean(Arr::get($option, 'entryType', '')));
$this->entryId = Security::xss_clean(Arr::get($option, 'entryId', ''));
/* строка поиска */
$this->searchText = Security::xss_clean(Arr::get($option, 'searchText', ''));
/* текст коммента */
$this->text = Security::xss_clean(Arr::get($this->post, 'text', ''));
$this->id = (int) $this->request->param('id', 0);
/* обновление времени жизни токена если он существует и если его ещё надо обновлять (живой ли?) */
if (!empty($this->auth_token)) {
if ($this->api->token_expires($this->auth_token)) {
$token_auth = Security::xss_clean(Arr::get($this->post, 'tokenAuth', ''));
$this->api->update_token($token_auth);
}
}
}
public function action_edit()
{
$id = $this->request->param('id', 0);
$thank = ORM::factory('Thank', $id);
$errors = NULL;
$uploader = View::factory('storage/image')->set('user_id', $this->user->id)->render();
if ($post = $this->request->post()) {
try {
if ($id == 0) {
$last = ORM::factory('Thank')->order_by('order', 'Desc')->find();
$thank->order = $last->order + 1;
}
$post['date'] = date('Y-m-d H:i:s');
$thank->name = Security::xss_clean(Arr::get($post, 'name', ''));
$thank->text = Security::xss_clean(Arr::get($post, 'text', ''));
$thank->values($post, array('image', 'published', 'date'))->save();
$this->redirect('manage/thanks/view/' . $thank->id);
} catch (ORM_Validation_Exception $e) {
$errors = $e->errors($e->alias());
$this->set('errors', $errors);
}
}
$this->set('uploader', $uploader);
$this->set('item', $thank);
}
public function action_index()
{
header('Access-Control-Allow-Origin: *');
$search = Security::xss_clean(isset($_GET['search']) ? $_GET['search'] : '');
if (!empty($search)) {
$query_b = '%' . $search . '%';
$this->searchText = Database::instance()->escape($search);
$query_a = DB::expr(' AGAINST(' . $this->searchText . ') ');
$list = ORM::factory('Publication')->distinct('true')->where(DB::expr('MATCH(title_' . $this->language . ')'), '', $query_a)->or_where(DB::expr('MATCH(desc_' . $this->language . ')'), '', $query_a)->or_where(DB::expr('MATCH(text_' . $this->language . ')'), '', $query_a)->or_where('title_' . $this->language, 'like', $query_b)->and_where('published', '=', 1)->limit($this->limit)->offset($this->offset)->find_all();
} else {
$list = ORM::factory('Publication')->where('title_' . $this->language, '<>', '')->where('published', '=', 1)->order_by('order', 'DESC');
$this->data['page_count'] = Paginate::factory($list)->paginate(NULL, NULL, 10)->page_count();
$list = $list->find_all();
}
$pub = array();
$this->data['search'] = $search;
foreach ($list as $k => $v) {
$pub['id'] = $v->id;
$pub['url'] = 'http://' . $_SERVER['HTTP_HOST'] . '/' . $this->language . URL::site('api/smartpublications/view/' . $v->id);
$pub['title'] = $v->title;
$pub['desc'] = strip_tags($v->desc);
$pub['image'] = 'http://' . $_SERVER['HTTP_HOST'] . URL::media('/images/w205-h160/' . $v->picture->file_path);
$this->data['publications'][] = $pub;
}
$this->response->body(json_encode($this->data));
}
public function action_edit()
{
$id = $this->request->param('id', 0);
$leader = ORM::factory('Leader', $id);
$errors = NULL;
$uploader = View::factory('storage/image')->set('user_id', $this->user->id)->render();
if ($post = $this->request->post()) {
try {
$leader->name = Security::xss_clean(Arr::get($post, 'name', ''));
$leader->post = Security::xss_clean(Arr::get($post, 'post', ''));
$leader->contact = Security::xss_clean(Arr::get($post, 'contact', ''));
$leader->phone = Security::xss_clean(Arr::get($post, 'phone', ''));
$leader->fax = Security::xss_clean(Arr::get($post, 'fax', ''));
$leader->contact_name = Security::xss_clean(Arr::get($post, 'contact_name', ''));
$leader->text = Security::xss_clean(Arr::get($post, 'text', ''));
$leader->values($post, array('image', 'published'))->save();
$this->redirect('manage/leaders/view/' . $leader->id);
} catch (ORM_Validation_Exception $e) {
$errors = $e->errors($e->alias());
$this->set('errors', $errors);
}
}
$this->set('uploader', $uploader);
$this->set('item', $leader);
}
public function action_index()
{
$qv = ORM::factory('qv')->order_by('id')->find_all();
$this->set('qv', $qv);
if ($this->request->method() == Request::POST) {
$input1 = Security::xss_clean(Arr::get($_POST, '1', 0));
$input2 = Security::xss_clean(Arr::get($_POST, '2', 0));
$input3 = Security::xss_clean(Arr::get($_POST, '3', 0));
$input4 = Security::xss_clean(Arr::get($_POST, '4', 0));
$input5 = Security::xss_clean(Arr::get($_POST, '5', 0));
$input6 = Security::xss_clean(Arr::get($_POST, '6', 0));
$input7 = Security::xss_clean(Arr::get($_POST, '7', 0));
$input8 = Security::xss_clean(Arr::get($_POST, '8', 0));
$input9 = Security::xss_clean(Arr::get($_POST, '9', 0));
$input10 = Security::xss_clean(Arr::get($_POST, '10', 0));
$input11 = Security::xss_clean(Arr::get($_POST, '11', 0));
$input12 = Security::xss_clean(Arr::get($_POST, '12', 0));
$input13 = Security::xss_clean(Arr::get($_POST, '13', 0));
$input14 = Security::xss_clean(Arr::get($_POST, '14', 0));
$input15 = Security::xss_clean(Arr::get($_POST, '15', 0));
$input16 = Security::xss_clean(Arr::get($_POST, '16', 0));
$input17 = Security::xss_clean(Arr::get($_POST, '17', 0));
$input18 = Security::xss_clean(Arr::get($_POST, '18', 0));
$input19 = Security::xss_clean(Arr::get($_POST, '19', 0));
$input20 = Security::xss_clean(Arr::get($_POST, '20', 0));
}
}
public function action_edit()
{
$id = $this->request->param('id', 0);
$slider = ORM::factory('Slider', $id);
$type = Arr::get($_GET, 'type', 'slider');
$uploader = View::factory('storage/image')->set('user_id', $this->user->id)->render();
$this->set('uploader', $uploader);
$this->set('slider', $slider)->set('r', Url::media('manage/sliders?type=' . $type))->set('type', $type);
if ($post = $this->request->post()) {
if ($id == 0) {
$slider_last = ORM::factory('Slider')->order_by('order', 'desc')->find();
if (!empty($slider_last->id)) {
$slider->order = $slider_last->order + 1;
} else {
$slider->order = 1;
}
$slider->link_ru = Security::xss_clean(Arr::get($post, 'link', ''));
$slider->link_kz = Security::xss_clean(Arr::get($post, 'link', ''));
$slider->link_en = Security::xss_clean(Arr::get($post, 'link', ''));
} else {
$slider->link = Security::xss_clean(Arr::get($post, 'link', ''));
}
$slider->type = $type;
$slider->title = Security::xss_clean(Arr::get($post, 'title', ''));
$slider->values($post, array('image', 'is_active'))->save();
$event = $id ? 'edit' : 'create';
$loger = new Loger($event, $slider->link);
$loger->log($slider);
$this->redirect('manage/sliders?type=' . $type);
}
}
public function action_edit()
{
$id = $this->request->param('id', 0);
$infograph = ORM::factory('Infograph', $id);
$language = $infograph->loaded() ? $infograph->language : $this->language;
$this->set('language', $language);
$errors = NULL;
$uploader = View::factory('storage/image')->set('user_id', $this->user->id)->render();
if ($post = $this->request->post()) {
try {
$post['date'] = date('Y-m-d H:i:s', strtotime($post['date']));
$infograph->title = Security::xss_clean(Arr::get($post, 'title', ''));
if ($infograph->id == 0) {
$new_order = ORM::factory('Infograph')->find_all();
foreach ($new_order as $val) {
$val->order = $val->order + 1;
$val->save();
}
}
$infograph->values($post, array('image', 'published', 'language', 'date'))->save();
$event = $id ? 'edit' : 'create';
$loger = new Loger($event, $infograph->title);
$loger->log($infograph);
$this->redirect('manage/infographs/view/' . $infograph->id);
} catch (ORM_Validation_Exception $e) {
$errors = $e->errors($e->alias());
$this->set('errors', $errors);
}
}
$this->set('uploader', $uploader);
$this->set('item', $infograph);
}
/**
* Load pages from database, static view files,
* or display 404 error page.
*/
public function action_load()
{
Kohana::$log->add(Kohana::DEBUG, 'Executing Controller_Cms_Page::action_load');
$page = Request::instance()->param('page');
$page = Security::xss_clean($page);
// Check if page is in cache
if (Kohana::$caching === TRUE and $file = Kohana::cache('page_' . $page)) {
$this->template->content = $file;
return;
}
// Default values
$contents = NULL;
$found = FALSE;
// Check if page is in database
$db = DB::select('title', 'text')->from('pages')->where('slug', '=', $page)->execute();
if ($db->count() == 1) {
$contents = $db->current();
$contents = $contents['text'];
$found = TRUE;
} else {
if (Kohana::find_file('views', 'static/' . $page)) {
$contents = new View('static/' . $page);
$found = TRUE;
} else {
Kohana::$log->add(Kohana::ERROR, 'Page controller error loading non-existent page, ' . $page);
$contents = new View('errors/404');
}
}
if (Kohana::$caching === TRUE and $found) {
Kohana::cache('page_' . $page, $contents);
}
$this->template->content = $contents;
}
public function paginate($page = null, $link = null, $count = null)
{
if ($page == null) {
$page = Arr::get($_GET, 'page', 1);
}
if (!empty($_GET['item_count'])) {
$this->count = (int) Arr::get($_GET, 'item_count');
$count = $this->count;
} else {
if ($count == null) {
$count = $this->count;
} else {
$this->count = (int) $count;
}
}
if ($link == null) {
$link = Request::initial()->uri();
}
$count = (int) $count;
$page = (int) $page;
$start = $page * $count - $count;
$max_page = $this->page_count();
if ($page < 1) {
$page = 1;
} else {
$page = min($page, $max_page);
}
$prev = $page == 1 ? false : true;
$next = $page == $max_page ? false : true;
$this->orm->limit($count)->offset($start);
$this->view_vars = array('page' => $page, 'max_page' => $max_page, 'key' => $this->config->get('key', 'page'), 'count' => $count, 'link' => Security::xss_clean(HTML::chars($link)), 'next' => $next, 'prev' => $prev);
return Security::xss_clean(HTML::chars($this));
}
public function action_index()
{
$opinionId = Security::xss_clean(Arr::get($this->post, 'opinionId', ''));
$voteValue = strtolower(Security::xss_clean(Arr::get($this->post, 'voteValue', '')));
if (!empty($opinionId) and !empty($voteValue)) {
$user = ORM::factory('User', $this->user_id);
$opinion = ORM::factory('Debate_Opinion', $opinionId);
$poll_user = ORM::factory('Debate_Poll')->where('user_id', '=', $this->user_id)->and_where('branch_id', '=', $opinionId)->find();
if ($poll_user->loaded()) {
$this->data['error'] = 'You have already voted';
$this->response->body(json_encode($this->data));
} elseif ($opinion->debate->author_id == $this->user_id or $opinion->debate->opponent_email == $user->email) {
$this->data['error'] = 'Member can not vote';
$this->response->body(json_encode($this->data));
} else {
$poll = ORM::factory('Debate_Poll');
$poll->branch_id = $opinionId;
$poll->variant = 1;
$poll->user_id = $this->user_id;
$poll->save();
switch ($voteValue) {
case 'like':
$opinion->plus += 1;
break;
case 'dislike':
$opinion->minus += 1;
break;
}
$opinion->save();
$this->response->body(json_encode(true));
}
}
}
public function action_index()
{
$list = ORM::factory('Material')->where('is_moderator', '=', 1)->and_where('is_journal', '=', 0);
$sort = Security::xss_clean(Arr::get($_GET, 'sort', 'work'));
switch ($sort) {
case "work":
$list->and_where('status', '=', 2);
$this->set('sort', 'work');
break;
case "accept":
$list->and_where('status', '=', 1);
$this->set('sort', 'accept');
break;
case "reject":
$list->and_where('status', '=', 0);
$this->set('sort', 'reject');
break;
default:
$this->set('sort', 'all');
}
$list->order_by('date', 'DESC');
$paginate = Paginate::factory($list)->paginate(NULL, NULL, 10)->render();
$list = $list->find_all();
$this->set('materials', $list);
$this->set('paginate', $paginate);
}
/**
* Verify the Facebook credentials.
*
* @throws Kohana_Exception
* @param string the service name
* @return boolean
*/
public function verify($service = MMI_API::SERVICE_FACEBOOK)
{
$access_token = NULL;
if (!array_key_exists('fragment', $_GET)) {
$this->_convert_fragment_to_parameter();
} else {
$fragment = urldecode(Security::xss_clean($_GET['fragment']));
parse_str($fragment, $parms);
$access_token = Arr::get($parms, 'access_token');
unset($parms);
}
// Ensure the access token is set
if (empty($access_token)) {
MMI_Log::log_error(__METHOD__, __LINE__, 'Access token parameter missing');
throw new Kohana_Exception('Access token parameter missing in :method.', array(':method' => __METHOD__));
}
// Load existing data from the database
$auth_config = $this->_auth_config;
$username = Arr::get($auth_config, 'username');
$model;
if (!empty($username)) {
$model = Model_MMI_API_Tokens::select_by_service_and_username($service, $username, FALSE);
} else {
$consumer_key = Arr::get($auth_config, 'api_key');
$model = Model_MMI_API_Tokens::select_by_service_and_consumer_key($service, $consumer_key, FALSE);
}
$success = FALSE;
$previously_verified = FALSE;
if ($model->loaded()) {
// Check if the credentials were previously verified
$previously_verified = $model->verified;
$success = $previously_verified;
}
if (!$previously_verified) {
// Create an access token
$token = new OAuthToken($access_token, $service . '-' . time());
// Update the token credentials in the database
$svc = MMI_API::factory($service);
if (isset($token) and $svc->is_valid_token($token)) {
$encrypt = Encrypt::instance();
$model->service = $service;
$model->consumer_key = 'consumer-' . $service;
$model->consumer_secret = $encrypt->encode($service . '-' . time());
$model->token_key = $token->key;
$model->token_secret = $encrypt->encode($token->secret);
unset($encrypt);
$model->verified = 1;
$model->verification_code = $service . '-' . time();
$model->username = $username;
if (array_key_exists('expires_in', $_GET)) {
$model->attributes = array('expires_in' => urldecode(Security::xss_clean($_GET['expires_in'])));
}
$success = MMI_Jelly::save($model, $errors);
if (!$success and $this->_debug) {
MMI_Debug::dead($errors);
}
}
}
return $success;
}
public function action_reply()
{
$id = $this->request->param('id', 0);
$questions = ORM::factory('Expert_Question', $id);
$cancel_url = Security::xss_clean(Arr::get($_GET, 'r', 'manage/expertquestions'));
if (!$questions->loaded()) {
$this->redirect($cancel_url);
}
$user_id = $this->user->id;
$this->set('cancel_url', Url::media('manage/expertquestions/page-' . $this->page . '?sort=' . $this->sort))->set('page', $this->page)->set('sort', $this->sort);
$this->set('questions', $questions);
if ($this->request->method() == 'POST') {
$answer = Arr::get($_POST, 'answer', '');
try {
$answers = ORM::factory('Expert_Answer');
$answers->answer = $answer;
$answers->date = date('Y-m-d G:i:s');
$answers->question_id = $id;
$answers->respondent_id = $user_id;
$answers->save();
$questions->is_answered = 1;
$questions->save();
Message::success(i18n::get('The answer to the question is saved'));
$this->redirect(Url::media('manage/expertquestions/page-' . $this->page . '?sort=' . $this->sort));
exit;
} catch (ORM_Validation_Exception $e) {
$errors = $e->errors($e->alias());
$this->set('answer', $answer);
$this->set('errors', $errors);
}
}
}
/**
* Verify the Flickr credentials.
*
* @throws Kohana_Exception
* @return boolean
*/
public function verify()
{
// Set the service
$service = $this->_service;
if (empty($service)) {
MMI_Log::log_error(__METHOD__, __LINE__, 'Service not set');
throw new Kohana_Exception('Service not set in :method.', array(':method' => __METHOD__));
}
// Ensure the frob is set
$frob = NULL;
if (array_key_exists('frob', $_GET)) {
$frob = urldecode(Security::xss_clean($_GET['frob']));
}
if (empty($frob)) {
MMI_Log::log_error(__METHOD__, __LINE__, 'Frob parameter missing');
throw new Kohana_Exception('Frob parameter missing in :method.', array(':method' => __METHOD__));
}
// Load existing data from the database
$auth_config = $this->_auth_config;
$username = Arr::get($auth_config, 'username');
$model;
if (!empty($username)) {
$model = Model_MMI_API_Tokens::select_by_service_and_username($service, $username, FALSE);
} else {
$model = Jelly::factory('MMI_API_Tokens');
}
$success = FALSE;
if ($model->loaded()) {
// Check if the credentials were previously verified
$previously_verified = $model->verified;
if ($previously_verified) {
$success = TRUE;
} else {
// Create a dummy verification code
$verification_code = $service . '-' . time();
}
// Do database update
if (!$previously_verified) {
// Get an access token
$svc = MMI_API::factory($service);
$token = $svc->get_access_token($verification_code, array('token_key' => $frob, 'token_secret' => $service . '-' . time()));
// Update the token credentials in the database
if (isset($token) and $svc->is_valid_token($token)) {
$model->token_key = $token->key;
$model->token_secret = Encrypt::instance()->encode($token->secret);
$model->verified = 1;
$model->verification_code = $verification_code;
if (!empty($token->attributes)) {
$model->attributes = $token->attributes;
}
$success = MMI_Jelly::save($model, $errors);
if (!$success and $this->_debug) {
MMI_Debug::dead($errors);
}
}
}
}
return $success;
}
public function before()
{
parent::before();
$this->page = Security::xss_clean((int) $this->request->param('page', 0));
if (empty($this->page)) {
$this->page = 1;
}
}
public function addMaterial($categoryId, $content, $name, $material_image)
{
$this->category_id = $categoryId;
$this->content = Security::xss_clean($content);
$this->name = $name;
$this->material_image = $material_image;
$this->save();
}
/**
* Save the user information.
*
* @param array $post
*/
public function save(array $post)
{
$avatar = Avatar::factory($this->user, array('driver' => $post['avatar-type']));
$this->user->set_property('avatar', $avatar->data($post));
$this->user->set_property('about', Security::xss_clean(Arr::get($post, 'about')));
$this->user->set_property('signature', Security::xss_clean(Arr::get($post, 'signature')));
$this->user->update();
// Save cached_properties.
}
public function demo_clean()
{
$this->content = View::factory('demo/purifier/clean')->bind('dirty', $dirty)->bind('clean', $clean);
// Get dirty input from GET or POST
$dirty = Arr::get($_REQUEST, 'dirty');
if (isset($dirty)) {
// Clean dirty input
$clean = Security::xss_clean($dirty);
}
}
/**
* Get all of the input and files for the request.
*
* @param bool $cleanse
*
* @return array
*/
public static function all($cleanse = null)
{
$all = static::$app['request']->all();
$global_cleanse = static::$app['config']->get('xssinput::xssinput.xss_filter_all_inputs');
if ($cleanse === true || $cleanse === NULL && $global_cleanse) {
foreach ($all as &$value) {
$value = Security::xss_clean($value);
}
}
return $all;
}
public function action_index()
{
$contents = ORM::factory('Pages_Content')->find_all();
foreach ($contents as $item) {
$content = ORM::factory('Pages_Content', $item->id);
$content->text_ru = Security::xss_clean($item->text_ru);
$content->text_kz = Security::xss_clean($item->text_kz);
$content->text_en = Security::xss_clean($item->text_en);
$content->save();
set_time_limit(2500);
}
}
public function action_edit()
{
$id = (int) $this->request->param('id', 0);
$minister = ORM::factory('Page', $id);
$errors = 0;
$minister_content = ORM::factory('Pages_Content')->where('page_id', '=', $id)->find();
$uploader = View::factory('storage/image')->set('user_id', $this->user->id)->render();
$this->set('uploader', $uploader);
if ($this->request->method() == 'POST') {
try {
$minister->name = Security::xss_clean($_POST['title']);
//$minister->description = Security::xss_clean($_POST['desc']);
$minister->key = 'minister';
$minister->static = 1;
$minister->save();
$minister_content->page_id = $minister->id;
$minister_content->type = 'static';
$minister_content->title = Security::xss_clean($_POST['title']);
$minister_content->description = Security::xss_clean($_POST['desc']);
$minister_content->date = date('Y-m-d H:i:s');
$minister_content->published = 1;
$minister_content->text = Security::xss_clean($_POST['text']);
$minister_content->image = (int) $_POST['image'];
$minister_content->save();
//заполнение publication_type, publication_id в storage
$storage = ORM::factory('Storage', $minister_content->image);
$storage->publication_type = 'page';
$storage->publication_id = $minister->id;
$storage->save();
$pattern = '/<img.+?src="\\/?(.+?)".*?>/';
if (preg_match_all($pattern, $_POST['text'], $matches)) {
foreach ($matches[1] as $match) {
$storage_path = ORM::factory('Storage')->where('file_path', 'like', $match)->find();
if ($storage_path) {
$st = ORM::factory('Storage', $storage_path->id);
}
if ($st->loaded()) {
$st->publication_type = 'page';
$st->publication_id = $minister->id;
$st->save();
}
}
}
///////////////////////////////////
$this->redirect('manage/minister/index');
} catch (ORM_Validation_Exception $e) {
$errors = 1;
}
$this->set('errors', $errors);
}
$this->set('item', $minister)->set('item_cont', $minister_content);
}
/**
* Removes broken HTML and XSS from text using [HTMLPurifier](http://htmlpurifier.org/).
*
* $text = Security::xss_clean(Arr::get($_POST, 'message'));
*
* The original content is returned with all broken HTML and XSS removed.
*
* @param mixed text to clean, or an array to clean recursively
* @return mixed
*/
public static function xss_clean($str)
{
if (is_array($str)) {
foreach ($str as $i => $s) {
// Recursively clean arrays
$str[$i] = Security::xss_clean($s);
}
return $str;
}
// Load HTML Purifier
$purifier = Security::htmlpurifier();
// Clean the HTML and return it
return $purifier->purify($str);
}
public function action_index()
{
$expires_time = ORM::factory('Api_Token')->where('token', '=', Security::xss_clean(Arr::get($this->post, 'tokenAuth', 0)))->find();
if ($expires_time->loaded()) {
if ($this->api->token_expires($this->post['tokenAuth'], $interval = 172800)) {
$this->data[] = true;
} else {
$this->data[] = false;
}
} else {
$this->data[] = false;
}
$this->response->body(json_encode($this->data));
}
public function save($message, $table, $object_id)
{
$user_id = Auth::instance()->get_user()->id;
$comment = ORM::factory('Comment');
try {
$comment->user_id = $user_id;
$comment->object_id = $object_id;
$comment->table = Security::xss_clean($table);
$comment->text = $message;
$comment->date = date("Y:m:d H:i:s");
$comment->save();
return $comment;
} catch (ORM_Validation_Exception $e) {
}
}
public function action_index()
{
$alphabet = array('ru' => array('А', 'Б', 'В', 'Г', 'Д', 'Е', 'Ё', 'Ж', 'З', 'И', 'Й', 'К', 'Л', 'М', 'Н', 'О', 'П', 'Р', 'С', 'Т', 'У', 'Ф', 'Х', 'Ц', 'Ч', 'Ш', 'Щ', 'Ъ', 'Ы', 'Ь', 'Э', 'Ю', 'Я'), 'kz' => array('А', 'Ә', 'Б', 'В', 'Г', 'Ғ', 'Д', 'Е', 'Ё', 'Ж', 'З', 'И', 'Й', 'К', 'Қ', 'Л', 'М', 'Н', 'Ң', 'О', 'Ө', 'П', 'Р', 'С', 'Т', 'У', 'Ү', 'Ұ', 'Ф', 'Х', 'Һ', 'Ц', 'Ч', 'Ш', 'Щ', 'Ъ', 'Ы', 'I', 'Ь', 'Э', 'Ю', 'Я'), 'en' => array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'));
$lang = Security::xss_clean($this->request->param('language'));
foreach ($alphabet[$lang] as $alpha) {
$biog = ORM::factory('Biography')->where('published', '=', 1)->where_open()->where('name_' . $lang, 'like', $alpha . '%')->or_where('name_' . $lang, 'like', '% ' . $alpha . '%')->where_close()->find();
if ($biog->loaded()) {
$alphabet_new[] = $alpha;
}
}
$this->set('alphabet', $alphabet_new);
$categories1 = ORM::factory('Biography_Category')->where('era', '=', '1')->find_all();
$halyk_kaharmany = ORM::factory('Biography_Category', 9);
$this->set('halyk_kaharmany', $halyk_kaharmany);
$categories2 = ORM::factory('Biography_Category')->where('era', '=', '2')->find_all();
$this->set('categories1', $categories1)->set('categories2', $categories2);
$category = (int) $this->request->param('category', 0);
$alpha = Security::xss_clean($this->request->param('alpha', ""));
//SEO. закрываем сортировку
if ($alpha != '') {
$sort = 1;
Kotwig_View::set_global('sort', $sort);
}
//end_SEO
$biography = ORM::factory('Biography')->where('published', '=', 1)->where('name_' . $this->language, '<>', '');
if ($category != 0) {
$biography = $biography->where('category_id', '=', $category);
$this->add_cumb('Personalia', 'biography');
$cat = ORM::factory('Biography_Category', $category);
$this->add_cumb($cat->title, '/');
} else {
$biography = $biography->where('category_id', 'NOT IN', array(3, 4, 6, 7, 8, 15));
$this->add_cumb('Personalia', '/');
}
if (!empty($alpha)) {
$biography = $biography->where_open()->where('name_' . $lang, 'like', $alpha . '%')->or_where('name_' . $lang, 'like', '% ' . $alpha . '%')->where_close();
}
$biography = $biography->order_by('order');
$paginate = Paginate::factory($biography)->paginate(NUll, NULL, 10)->render();
$biography = $biography->find_all();
if (count($biography) == 0) {
$this->set('error', I18n::get('Sorry.'));
}
/* метатэг description */
$biography_meta = ORM::factory('Page')->where('key', '=', 'biography_' . $category . '_1')->find();
$this->metadata->description($biography_meta->description);
$this->set('list', $biography)->set('paginate', $paginate)->set('category', $category)->set('alpha', $alpha);
}
public function action_coor()
{
$xy = Security::xss_clean($this->request->param('id', 0));
$e = explode('-', $xy);
if (count($e) != 3) {
throw new HTTP_Exception_404();
}
$point_id = (int) $e[0];
$x = round($e[1]);
$y = round($e[2]);
$point = ORM::factory('Point', $point_id);
$point->x = $x;
$point->y = $y;
$point->save();
$this->redirect('manage/maps/view/' . $point->district_id);
}
public function action_edit()
{
$id = (int) $this->request->param('id', 0);
$document = ORM::factory('Document', $id);
$errors = 0;
if ($this->request->method() == 'POST') {
try {
$document->name = Security::xss_clean($_POST['name']);
$document->save();
$this->redirect('manage/documents');
} catch (ORM_Validation_Exception $e) {
$errors = 1;
}
$this->set('errors', $errors);
}
$this->set('item', $document);
}
