public function output(Pagemill_Data $data, Pagemill_Stream $stream) { $data = $data->fork(); $apps = array(); foreach (Typeframe::Registry()->pages() as $page) { if ($page->siteid() == Typeframe::CurrentPage()->siteid()) { if (strpos($page->uri(), '/admin/') !== false) { if ($page->allow()) { $apps[] = array('title' => $page->title(), 'icon' => $page->icon(), 'uri' => $page->uri()); } } } } $data['applications'] = $apps; if (class_exists('Model_Site')) { $sites = new Model_Site(); if (Typeframe::User()->get('usergroupid') != TYPEF_ADMIN_USERGROUPID) { $sites->innerJoin('perm', 'Model_User_Site', 'id = perm.siteid'); $sites->where('perm.userid = ?', Typeframe::User()->get('userid')); $primary = new Model_User_Site(); $primary->where('userid = ?', Typeframe::User()->get('userid')); $primary->where('siteid = ?', 0); $data['admin_primary'] = $primary->count() > 0; } else { $data['admin_primary'] = 1; } $data['sites'] = $sites; } $data->sortNodes(array('applications', 'title')); if (defined('TYPEF_HOST')) { $data['primary_host'] = TYPEF_HOST; } parent::output($data, $stream); }
public function allow() { // Users in the admin group always pass permission tests. if (Typeframe::User()->get('usergroupid') == TYPEF_ADMIN_USERGROUPID) { return true; } if ($this->_page->pageid()) { $pageperm = new Model_PagePerm(); $pageperm->where('pageid = ?', $this->_page->pageid()); $pageperm->where('usergroupid = ? OR usergroupid = 0', Typeframe::User()->get('usergroupid')); return $pageperm->count() > 0; } return true; }
public function process(\Pagemill_Tag $tag, \Pagemill_Data $data, \Pagemill_Stream $stream) { //if (!$this->_runOnce) { $this->_runOnce = true; if (defined('TYPEF_DEBUG')) { if (TYPEF_DEBUG == 'all' || TYPEF_DEBUG == 'admin' && Typeframe::User()->get('usergroupid') == TYPEF_ADMIN_USERGROUPID) { // Don't include debug info in AJAX requests if (!isset($_SERVER['HTTP_X_REQUESTED_WITH']) || $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { $debug = new Typeframe_Tag_Debug('debug', array(), $tag); } } } //} }
public function allow() { if (!Typeframe::User()->loggedIn()) { return false; } if (Typeframe::User()->get('usergroupid') == TYPEF_ADMIN_USERGROUPID) { return true; } $relativeUri = substr($this->page()->uri(), strlen(TYPEF_WEB_DIR)); if ($relativeUri == '/admin' || $relativeUri == '/admin/') { // Main admin page. Just check to see if the user has access to any other applications. $rs = Typeframe::Database()->execute('SELECT * FROM #__usergroup_admin WHERE usergroupid = ' . Typeframe::User()->get('usergroupid')); return count($rs) > 0; } $rs = Typeframe::Database()->execute('SELECT * FROM #__usergroup_admin WHERE usergroupid = ' . Typeframe::User()->get('usergroupid') . ' AND application = \'' . $this->page()->application()->name() . '\''); return $rs->count() > 0; }
<?php /** * User logout controller. * * Provides a logout form and logs the user out. * * @package User */ // process form if ('POST' == $_SERVER['REQUEST_METHOD']) { Typeframe::User()->logout(); Typeframe::Redirect('Logout complete.', TYPEF_WEB_DIR . '/'); return; } // set template (controller is at root, but template lives in users directory Typeframe::SetPageTemplate('/users/logout.html');
/** * Request a URL by proxy. */ public static function GetByProxy($url) { $url = 'http://' . (TYPEF_HOST ? TYPEF_HOST : 'localhost') . $url; $cookie = ''; if (Typeframe::User()->get('username') && Typeframe::User()->get('passhash')) { $cookie = 'typef_username='******'username') . '; typef_passhash=' . Typeframe::User()->get('passhash'); } $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 2); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_COOKIE, $cookie); $buffer = curl_exec($curl); $response = curl_getinfo($curl, CURLINFO_HTTP_CODE); curl_close($curl); if ($response == 200) { return $buffer; } else { return ''; } }
<?php if (empty($_REQUEST['userid'])) { Typeframe::Redirect('No user specified.', Typeframe::CurrentPage()->applicationUri(), 1); } else { $user = Model_User::Get($_REQUEST['userid']); if ($user->exists()) { if ($user['userid'] == Typeframe::User()->get('userid')) { Typeframe::Redirect('You cannot delete an account while you are logged into it.', Typeframe::CurrentPage()->applicationUri(), -1); } else { $pm->setVariable('user', $user); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $user->delete(); Typeframe::Redirect('User deleted.', Typeframe::CurrentPage()->applicationUri()); } } } }
/** * Typeframe News application * * client-side preview controller */ // save some typing below $typef_app_dir = Typeframe::CurrentPage()->applicationUri(); // requires post if ('POST' != $_SERVER['REQUEST_METHOD']) { Typeframe::Redirect('Invalid request method.', isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $typef_app_dir); return; } // create news article object $article = new News_Article(); // set author user id and name $article->set('authorid', Typeframe::User()->get('userid')); $article->set('author', @$_POST['author']); // get and validate category id $categoryid = @$_POST['categoryid']; $category = new News_Category($categoryid); if (!$category->exists()) { $category = null; } // get, validate, and set incoming the values $article->set('categoryid', $categoryid); $article->set('title', $_POST['title']); $article->set('article', $_POST['article']); $article->set('status', News_Article::ValidateField('status', @$_POST['status'])); $article->set('pubdate', News_Article::ValidateField('pubdate', @$_POST['pubdate'])); $article->set('expdate', @$_POST['expdate']); // handle (auto)summary
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { $base = TYPEF_DIR . '/files/public/userfiles/' . Typeframe::User()->get('userid'); if (!file_exists($base)) { mkdir($base); } $folder = isset($_REQUEST['folder']) ? $_REQUEST['folder'] : ''; $currentFolder = "{$base}/{$folder}"; $moved = FileManager::MoveUpload($_FILES['upload']['tmp_name'], "{$currentFolder}/{$_FILES['upload']['name']}"); $message = ''; if ($moved) { $moved = basename($moved); } else { $moved = ''; $message = 'Upload failed.'; } if (!empty($_REQUEST['command']) && $_REQUEST['command'] == 'BrowserUpload') { Typeframe::Redirect('File uploaded.', TYPEF_WEB_DIR . '/ckeditor/browse?type=' . $_REQUEST['type'] . '&folder=' . $_REQUEST['folder'] . '&CKEditorFuncNum=' . $_REQUEST['CKEditorFuncNum']); } else { if ($moved) { $pm->setVariable('file', TYPEF_WEB_DIR . '/files/public/userfiles/' . Typeframe::User()->get('userid') . ($folder ? '/' . $folder : '') . '/' . $moved); } $pm->setVariable('funcnum', $_REQUEST['CKEditorFuncNum']); $pm->setVariable('message', $message); } }
/** * Repopulate the SESSION data with what is in the database. */ public function refresh() { if (Typeframe::User()->loggedIn()) { $user = Model_User::Get($_SESSION['typef_user']['userid']); if ($user->exists()) { $row = $user->getArray(); unset($row['salt']); unset($row['hashtype']); $_SESSION['typef_user'] = $row; } } }
<?php /** * Typeframe News application * * admin-side delete controller */ // save some typing below $typef_app_dir = Typeframe::CurrentPage()->applicationUri(); // if not posting, bounce out of here if ('POST' != $_SERVER['REQUEST_METHOD']) { Typeframe::Redirect('Nothing to do.', $typef_app_dir); return; } // create news article object from given id $newsid = @$_POST['newsid']; $article = Model_News_Article::Get($newsid); // news article must exist to proceed if (!$article->exists()) { Typeframe::Redirect('Invalid article id specified.', $typef_app_dir); return; } // current user must be the author of the article or an admin if (Typeframe::User()->get('userid') != $article['authorid'] && Typeframe::User()->get('usergroupid') != TYPEF_ADMIN_USERGROUPID) { Typeframe::Redirect("You cannot delete other users' news items.", $typef_app_dir, 1, false); return; } // perform the delete $article->delete(); // done Typeframe::Redirect('Article has been deleted.', Plugin_Breadcrumbs::SavedState($typef_app_dir));
$form = new Form_Handler_Comment(); if ($form->validate()) { $badCaptcha = false; if (defined('COMMENTS_REQUIRE_CAPTCHA') && COMMENTS_REQUIRE_CAPTCHA && !Typeframe::User()->loggedIn()) { if (!isset($_SESSION['captcha']) || empty($_SESSION['captcha']) || !isset($_POST['captcha']) || $_POST['captcha'] != $_SESSION['captcha']) { $badCaptcha = true; } } if ($badCaptcha) { $pm->addLoop('errors', array('message' => 'Captcha code was incorrect.')); $pm->setVariable('comment', $_POST); } else { $comment = Model_Comment::Create(); $comment->setArray($form->input()); $comment['urlmetaid'] = $_POST['urlmetaid']; $comment['userid'] = Typeframe::User()->get('userid'); $comment->save(); // TODO: Redirect to the originating page. $urlmeta = Model_UrlMeta::Get($section['urlmetaid']); Typeframe::Redirect('Comment submitted.', $urlmeta['fullpath']); } } else { //$pm->setVariable('referer', $referer); // add user input (as comment) to template $pm->setVariable('comment', $_POST); // add section to template //$pm->setVariable('sectionid', $sectionid); // add require captcha flag to template $pm->setVariable('errors', $form->errors()); } } else {
// if no resets or invalid user, report error if (!$reset->exists() || !$user->exists()) { Typeframe::Redirect('Invalid reset key.', TYPEF_WEB_DIR . '/', -1); return; } // process form if ('POST' == $_SERVER['REQUEST_METHOD']) { // get password and password2 $password = trim(@$_POST['password']); $password2 = trim(@$_POST['password2']); // check for errors if (!strlen($password) && !strlen($password2)) { $pm->addLoop('errors', array('message' => 'A password is required.')); } elseif ($password != $password2) { $pm->addLoop('errors', array('message' => 'The passwords you entered did not match.')); } else { // reset it for this user $user->set('password', $password); $user->save(); $reset->delete(); Typeframe::User()->login($user->get('username'), $password); Typeframe::Log('Password changed.'); Typeframe::Redirect('Your password has been reset.', TYPEF_WEB_DIR . '/', 1); return; } } $pm->setVariable('userid', $userid); $pm->setVariable('username', $user->get('username')); $pm->setVariable('resetkey', $resetkey); // set template (controller is at root, but template lives in users directory Typeframe::SetPageTemplate('/users/password-new.html');
$extensions = null; $type = ''; if (isset($_REQUEST['type'])) { $type = $_REQUEST['type']; // TODO: Check if file types are being enforced for uploads. switch ($_REQUEST['type']) { case 'image': $extensions = array('jpg', 'jpeg', 'gif', 'png'); break; case 'flash': $extensions = array('swf'); break; } } $base = TYPEF_DIR . '/files/public/userfiles/' . Typeframe::User()->get('userid'); if (!file_exists($base)) { mkdir($base); } $folder = isset($_REQUEST['folder']) ? $_REQUEST['folder'] : ''; $currentFolder = "{$base}/{$folder}"; if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['newfolder'])) { if (!preg_match('/[^a-z0-9\\-_]/i', $_POST['newfolder'])) { mkdir("{$currentFolder}/{$_POST['newfolder']}"); $folder = ($folder ? $folder . '/' : '') . $_POST['newfolder']; $currentFolder = "{$currentFolder}/{$_POST['newfolder']}"; } } if ($dh = opendir("{$currentFolder}")) { while (($file = readdir($dh)) !== false) { if ($file != "." && $file != "..") {
<?php // Add user data to Pagemill // TODO: This trigger isn't strictly necessary anymore, since it's easy to pass get/post/session/cookie data into templates // (and as of this writing, the kernel.php trigger does so) Typeframe::Pagemill()->setVariable('loggedin', Typeframe::User()->loggedIn()); if (Typeframe::User()->loggedIn()) { Typeframe::Pagemill()->setVariable('typef_session_username', Typeframe::User()->get('username')); Typeframe::Pagemill()->setVariable('typef_session_userid', Typeframe::User()->get('userid')); Typeframe::Pagemill()->setVariable('typef_session_usergroupid', Typeframe::User()->get('usergroupid')); }
// create an entry in the user confirmation table $user_confirm = Model_UserConfirm::Create(); $user_confirm->set('confirmkey', $confirmkey); $user_confirm->set('userid', $userid); $user_confirm->set('expire', $expire); $user_confirm->save(); // construct e-mail body $mm = new Pagemill($pm->root()->fork()); $mm->setVariable('username', $user->get('username')); $mm->setVariable('confirmurl', sprintf('http://%s%s/confirm?userid=%d&confirmkey=%s', $_SERVER['HTTP_HOST'], TYPEF_WEB_DIR, $userid, $confirmkey)); $body = str_replace('&', '&', $mm->writeString('<pm:include template="/users/register/confirmation.eml" />', true)); // e-mail the user so they can confirm their registration $mailer = new Mailer(); $mailer->Configure(); $mailer->IsHTML(true); $mailer->AddAddress($_POST['email']); $mailer->Subject = 'Your Account Confirmation from ' . TYPEF_TITLE; $mailer->Body = $body; $mailer->Send(); } else { // if confirmation is not required, log the user in immediately Typeframe::User()->login($_POST['username'], $_POST['password']); Typeframe::Redirect('Registration complete. Welcome!', TYPEF_WEB_DIR . '/', 1); return; } // registratino is complete Typeframe::SetPageTemplate('/users/register/complete.html'); } } // populate form fields $pm->setVariable('fields', $form->fields());