public function onDefault()
{
if (form::isPostBack()) {
$post = array();
$post['username'] = request::post('username');
$post['password'] = request::post('password');
$post['logintime'] = time();
$user = zotop::model('zotop.user');
$data = $user->read($post['username'], 'username');
//zotop::dump($data);
if ($data == false) {
msg::error('登陆失败', zotop::t('账户名称`{$username}`不存在,请检查!', array('username' => $post['username'])));
}
zotop::user($data);
msg::success('登陆成功', '登陆成功,系统正在加载中', 'reload', 2);
}
if (zotop::user() != null) {
zotop::redirect('zotop/index');
}
$header['title'] = '用户登录';
$header['js'] = url::module() . '/admin/js/login.js';
$header['body']['class'] = "login";
page::header($header);
block::header(array('id' => 'LoginWindow', 'title' => '用户登录'));
form::header(array('title' => '', 'description' => '请输入用户名和密码', 'class' => 'small'));
form::field(array('type' => 'text', 'label' => zotop::t('帐 户(U)'), 'name' => 'username', 'value' => zotop::user('username'), 'valid' => 'required:true'));
form::field(array('type' => 'password', 'label' => zotop::t('密 码(P)'), 'name' => 'password', 'value' => ''));
form::buttons(array('type' => 'submit', 'value' => '登 陆'), array('type' => 'button', 'name' => 'options', 'value' => '选 项'));
form::footer();
block::footer();
page::footer();
}
public function actionPassword()
{
$user = zotop::model('system.user');
$user->id = (int) zotop::user('id');
$user->username = (string) zotop::user('username');
if (form::isPostBack()) {
$user->read();
$password = zotop::post('password');
$newpassword = zotop::post('newpassword');
if ($user->password($password) != $user->password) {
msg::error(zotop::t('您输入的原密码:<b>{$password}</b>错误,请确认', array('password' => $password)));
}
if ($newpassword != request::post('newpassword2')) {
msg::error(zotop::t('两次输入的新密码不一致,请确认'));
}
if ($newpassword != $password) {
$update = $user->update(array('id' => $user->id, 'password' => $user->password($newpassword)));
}
msg::success(zotop::t('密码修改成功,请记住您的新密码'), url::current());
}
$page = new page();
$page->title = zotop::t('个人中心');
$page->set('user', $user);
$page->set('navbar', $this->navbar());
$page->display();
}
public function editAction($tablename)
{
if (form::isPostBack()) {
$tablename = request::post('tablename');
$name = request::post('name');
$comment = request::post('comment');
$primary = request::post('primary');
if (strtolower($tablename) !== strtolower($name)) {
$rename = zotop::db()->table($tablename)->rename($name);
}
if ($comment !== NULL) {
$comment = zotop::db()->table($name)->comment($comment);
}
if ($primary) {
$primary = zotop::db()->table($name)->primary($primary);
}
$this->success('数据表设置成功,正在刷新页面,请稍后……', zotop::url('database/table'));
}
$db = zotop::db();
$database = $db->config();
$tables = $db->tables(true);
$table = $tables[$tablename];
if (!isset($table)) {
$this->error(zotop::t('数据表{$tablename}不存在', array('tablename' => $tablename)));
}
$page = new dialog();
$page->title = '数据库管理:' . $database['database'] . ' @ ' . $database['hostname'] . '<i>></i> 编辑:' . $tablename;
$page->set('database', $database);
$page->set('table', $table);
$page->display();
}
public function onChangePassword()
{
$user = zotop::model('zotop.user');
$user->id = (int) zotop::user('id');
$user->username = (string) zotop::user('username');
if (form::isPostBack()) {
$user->read();
$password = request::post('password');
$newpassword = request::post('newpassword');
if ($user->password($password) != $user->password) {
msg::error('输入错误', zotop::t('您输入的原密码:<b>{$password}</b>错误,请确认', array('password' => $password)));
}
if ($newpassword != request::post('newpassword2')) {
msg::error('输入错误', zotop::t('两次输入的新密码不一致,请确认'));
}
if ($newpassword != $password) {
$update = $user->update(array('id' => $user->id, 'password' => $user->password($newpassword)));
}
msg::success('修改成功', zotop::t('密码修改成功,请记住您的新密码'), 'reload');
}
$page['title'] = '修改我的密码';
page::header($page);
page::top();
page::navbar($this->navbar());
form::header(array('title' => '修改密码', 'description' => '为确保账户安全,请不要使用过于简单的密码,并及时的更换密码', 'icon' => ''));
form::field(array('type' => 'label', 'label' => zotop::t('账户名称'), 'name' => 'username', 'value' => $user->username, 'valid' => '', 'description' => zotop::t('')));
form::field(array('type' => 'password', 'label' => zotop::t('原密码'), 'name' => 'password', 'value' => '', 'valid' => 'required:true', 'description' => zotop::t('为确保安全,请输入你的密码')));
form::field(array('type' => 'password', 'label' => zotop::t('新密码'), 'id' => 'newpassword', 'name' => 'newpassword', 'value' => '', 'valid' => 'required:true,minlength:6,maxlength:32', 'description' => zotop::t('请输入您的新密码,6~32位之间')));
form::field(array('type' => 'password', 'label' => zotop::t('确认新密码'), 'name' => 'newpassword2', 'value' => '', 'valid' => 'required:true,equalTo:"#newpassword"', 'description' => zotop::t('为确保安全,请再次输入您的新密码')));
form::buttons(array('type' => 'submit'), array('type' => 'back'));
form::footer();
page::bottom();
page::footer();
}
public function indexAction()
{
$user = zotop::model('zotop.user');
if (form::isPostBack()) {
$post = array();
$post['username'] = request::post('username');
$post['password'] = request::post('password');
$post['logintime'] = time();
zotop::cookie('admin.username', $post['username'], 3600);
if (empty($post['username'])) {
msg::error(zotop::t('登陆失败,请输入登陆账户名称'));
}
if (empty($post['password'])) {
msg::error(zotop::t('登陆失败,请输入登陆账户密码'));
}
if (!$user->isValidUserName($post['username'])) {
msg::error(zotop::t('登陆失败,请输入有效的账户名称'));
}
if (!$user->isValidPassword($post['password'])) {
msg::error(zotop::t('登陆失败,请输入有效的账户密码'));
}
//读取用户
$data = $user->read(array('username', '=', $post['username']));
//验证
if ($data == false) {
msg::error(zotop::t('账户名称`{$username}`不存在,请检查是否输入有误!', array('username' => $post['username'])));
}
if ($user->password($post['password']) != $data['password']) {
msg::error(zotop::t('账户密码`{$password}`错误,请检查是否输入有误!', array('password' => $post['password'])));
}
//用户登入
$user->login();
//跳转
msg::success('登陆成功,系统正在加载中', url::current(), 2);
}
if (!empty($this->user)) {
$this->redirect('zotop/index');
}
$data = $user->read(array('username', '=', 'admin'));
$page = new page();
$page->title = '系统登陆';
$page->body = array('class' => 'login');
$page->addScript('$this/js/login.js');
$page->display();
}
function confirm()
{
$code = request::post('pppcode')->toString();
$user = session::get('username');
if ($code) {
if (User::authenticate(new PppAuthentication($user, (string) $code))) {
printf('<h1>Success.</h1>');
return;
} else {
printf('Failure');
}
}
$code = PppAuthentication::getNextIdentifier($user);
printf('<form action="/ppp/confirm" method="post">');
printf('<p>Enter code <b>%s</b>: <input type="text" name="pppcode"></p>', PppAuthentication::cardIndexToString($code));
printf('<p><input type="submit"></p>');
printf('</form>');
}
function upload()
{
if (request::isPost()) {
$file = request::post('userfile');
printf('<p>%s</p>', $file);
$dest = APP_PATH . 'cache/image.jpg';
printf('<p>%s</p>', $dest);
if ($file->save($dest)) {
print '<p><img src="/cache/image.jpg"></p>';
} else {
print '<p><b>Failed to save the image</b></p>';
}
}
print '<form enctype="multipart/form-data" action="/default/upload" method="POST">';
print 'Send this file: <input name="userfile" type="file">';
print '<input type="submit" value="Send File">';
print '</form>';
}
public function onEdit($file)
{
if (form::isPostBack()) {
$content = request::post('source');
msg::success('保存测试', '测试,继续编辑或者返回' . zotop::dump($content, true), 'reload');
}
$source = file::read(ROOT . $file);
$page['title'] = '文件编辑器';
page::header($page);
page::top();
page::navbar($this->navbar());
form::header(array('class' => 'sourceEditor'));
form::field(array('type' => 'label', 'label' => zotop::t('文件名称'), 'name' => 'filename', 'value' => $file, 'valid' => '', 'description' => zotop::t('')));
form::field(array('type' => 'source', 'label' => zotop::t('文件内容'), 'name' => 'source', 'value' => $source, 'valid' => 'required:true', 'description' => zotop::t('')));
form::buttons(array('type' => 'submit', 'value' => '保存文件'), array('type' => 'back'));
form::footer();
page::bottom();
page::footer();
}
public function actionUpload($globalid, $field, $image = '')
{
$file = zotop::model('zotop.image');
if (form::isPostBack()) {
$file->globalid = $globalid;
$file->field = $field;
$file->description = request::post('description');
$files = $file->upload();
if (!$file->error() && isset($files[0]['path'])) {
msg::success('图片上传成功', zotop::url('zotop/image/preview', array('globalid' => $globalid, 'field' => $field, 'image' => url::encode($files[0]['path']))));
}
msg::error($file->msg());
}
$page = new dialog();
$page->set('title', '本地上传');
$page->set('navbar', $this->navbar($globalid, $field, $image));
$page->set('alowexts', $file->upload->alowexts);
$page->set('maxsize', $file->upload->maxsize);
$page->display();
}
public function actionImageFromLocal($globalid, $field, $image)
{
$upload = zotop::model('zotop.upload');
$upload->alowexts = array('jpg', 'jpeg', 'gif', 'png', 'bmp');
if (form::isPostBack()) {
$upload->bind('globalid', request::post('globalid'));
$upload->bind('field', request::post('field'));
$upload->bind('description', request::post('description'));
$files = $upload->save();
$image = $files[0];
if ($upload->error() == 0 && $image) {
msg::success($upload->msg(), zotop::url('zotop/upload/imagePreview', array('globalid' => $globalid, 'field' => $field, 'image' => url::encode($image['path']))));
}
msg::error($upload->msg());
}
$page = new dialog();
$page->set('title', '本地上传');
$page->set('navbar', $this->navbar($globalid, $field, $image));
$page->set('alowexts', $upload->alowexts);
$page->set('maxsize', $upload->maxsize);
$page->display();
}
public function actionEdit($file = '')
{
$file = empty($file) ? zotop::get('file') : $file;
$file = trim(url::decode($file), '/');
$filepath = ZOTOP_PATH_ROOT . DS . str_replace('/', DS, $file);
if (form::isPostBack()) {
$content = request::post('source');
$content = trim($content);
if (empty($content)) {
msg::error('内容为空,无法保存!');
}
file::write($filepath, trim($content));
msg::success('内容保存成功!');
}
$filecontent = file::read($filepath);
$page = new dialog();
$page->title = '文件编辑器';
$page->set('file', $file);
$page->set('filepath', $filepath);
$page->set('filecontent', $filecontent);
$page->display();
}
public function actionEdit($file)
{
$filepath = realpath(ZOTOP_PATH_ROOT . DS . trim($file, '/'));
if (empty($file)) {
return false;
}
if (form::isPostBack()) {
$content = request::post('source');
$content = trim($content);
if (empty($content)) {
msg::error('内容为空,无法保存!');
}
file::write($filepath, trim($content));
msg::success('内容保存成功!');
}
$content = file::read($filepath);
$page = new dialog();
$page->title = '文件编辑器';
$page->set('file', $file);
$page->set('filepath', $filepath);
$page->set('content', $content);
$page->display();
}
public static function referer($url = '')
{
static $referer;
if (empty($url)) {
$url = request::post('_REFERER');
return $url;
}
$referer = $url;
return $referer;
}
/**
* Sanitizes global GET, POST and COOKIE data. Also takes care of
* magic_quotes and register_globals, if they have been enabled.
*
* @return void
*/
public function __construct()
{
// Use XSS clean?
$this->use_xss_clean = (bool) Eight::config('core.global_xss_filtering');
if (self::$instance === nil) {
// Convert all global variables to UTF-8.
$_GET = Input::clean($_GET);
$_POST = Input::clean($_POST);
$_COOKIE = Input::clean($_COOKIE);
$_SERVER = Input::clean($_SERVER);
if (PHP_SAPI == 'cli') {
// Convert command line arguments
$_SERVER['argv'] = Input::clean($_SERVER['argv']);
}
// magic_quotes_runtime is enabled
if (get_magic_quotes_runtime()) {
exit('Disable magic_quotes_runtime! It is evil and deprecated: http://php.net/magic_quotes');
}
// magic_quotes_gpc is enabled
if (get_magic_quotes_gpc()) {
exit('Disable magic_quotes_gpc! It is evil and deprecated: http://php.net/magic_quotes');
}
// register_globals is enabled
if (ini_get('register_globals')) {
exit('Disable register_globals! It is evil and deprecated: http://php.net/register_globals');
}
if (is_array($_GET)) {
foreach ($_GET as $key => $val) {
// Sanitize $_GET
$_GET[$this->clean_input_keys($key)] = $this->clean_input_data($val);
}
} else {
$_GET = array();
}
if (is_array($_POST)) {
foreach ($_POST as $key => $val) {
// Sanitize $_POST
$_POST[$this->clean_input_keys($key)] = $this->clean_input_data($val);
}
} else {
$_POST = array();
}
if (is_array($_COOKIE)) {
foreach ($_COOKIE as $key => $val) {
// Sanitize $_COOKIE
$_COOKIE[$this->clean_input_keys($key)] = $this->clean_input_data($val);
}
} else {
$_COOKIE = array();
}
// Create a singleton
self::$instance = $this;
Eight::log('debug', 'Global GET, POST and COOKIE data sanitized');
}
// Assign global vars to request helper vars
request::$get = $_GET;
request::$post = $_POST;
request::$input = array_merge(URI::instance()->segments(2, YES), $_REQUEST);
}
public function onEdit($tablename, $fieldname)
{
if (form::isPostBack()) {
$field = array();
$field['name'] = request::post('name');
$field['length'] = request::post('len');
$field['type'] = request::post('type');
$field['collation'] = request::post('collation');
$field['null'] = request::post('null');
$field['default'] = request::post('default');
$field['attribute'] = request::post('attribute');
$field['extra'] = request::post('extra');
$field['comment'] = request::post('comment');
$field['position'] = request::post('position');
$fieldname = request::post('fieldname');
$result = zotop::db()->table($tablename)->field($fieldname)->rename($field['name']);
$result = zotop::db()->table($tablename)->modify($field);
if ($result) {
msg::success('修改成功', '<h2>字段修改成功</h2>', form::referer());
}
}
$tables = zotop::db()->tables(true);
$table = $tables[$tablename];
$fields = array();
if (isset($table)) {
$fields = zotop::db()->table($tablename)->fields(true);
}
$field = $fields[$fieldname];
if (!isset($field)) {
zotop::error(-10, '字段不存在,请勿修改浏览器参数');
}
$positions = array();
$positions[-1] = '位于表头';
if ($fields) {
foreach ($fields as $key => $val) {
$positions[$key] = '位于 ' . $key . ' 之后';
}
}
$positions[0] = ' ';
$header['title'] = '<a href="' . zotop::url('zotop/database') . '">数据库管理</a> <i>></i> <a href="' . zotop::url('system/database/fields/', array('table' => $tablename)) . '">数据表 [ ' . $tablename . ' ] </a> <i>></i> 字段修改';
page::header($header);
page::top();
page::navbar($this->navbar($tablename), 'edit');
form::header();
form::field(array('type' => 'hidden', 'name' => 'fieldname', 'label' => '字段名称', 'value' => $field['name'], 'valid' => '{required:true}'));
form::field(array('type' => 'text', 'name' => 'name', 'label' => '字段名称', 'value' => $field['name'], 'valid' => '{required:true}', 'description' => '请输入字段的名称,3到32位,请勿使用特殊字符'));
form::field(array('type' => 'text', 'name' => 'type', 'label' => '字段类型', 'value' => $field['type'], 'valid' => '{required:true}'));
form::field(array('type' => 'text', 'name' => 'len', 'label' => '长度/值', 'value' => $field['length'], 'valid' => '{number:true,min:1}', 'description' => '请输入字段的长度,如果字段无须定义长度,请保持空值'));
form::field(array('type' => 'hidden', 'name' => 'collation', 'label' => '整理', 'value' => $field['collation'], 'valid' => '', 'description' => '默认使用 <b>utf8_general_ci</b>: Unicode (多语言), 不区分大小写'));
form::field(array('type' => 'select', 'options' => array('' => ' ', 'UNSIGNED' => 'UNSIGNED', 'UNSIGNED ZEROFILL' => 'UNSIGNED ZEROFILL', 'ON UPDATE CURRENT_TIMESTAMP' => 'ON UPDATE CURRENT_TIMESTAMP'), 'name' => 'attribute', 'label' => '属性', 'value' => $field['attribute'], 'valid' => ''));
form::field(array('type' => 'select', 'options' => array('' => 'NULL', 'NOT NULL' => 'NOT NULL'), 'name' => 'null', 'label' => 'null', 'value' => $field['null'], 'valid' => ''));
form::field(array('type' => 'text', 'name' => 'default', 'label' => '默认值', 'value' => $field['default'], 'valid' => '', 'description' => '如果需要可以为字段设置一个默认值'));
form::field(array('type' => 'select', 'options' => array('' => '', 'AUTO_INCREMENT' => 'AUTO_INCREMENT'), 'name' => 'extra', 'label' => '额外', 'value' => $field['extra'], 'valid' => '', 'description' => '设置为自动增加:<b>AUTO_INCREMENT</b>时,该字段必须为数字类型'));
form::field(array('type' => 'text', 'name' => 'comment', 'label' => '注释', 'value' => $field['comment'], 'valid' => ''));
form::field(array('type' => 'select', 'name' => 'position', 'options' => $positions, 'label' => zotop::t('字段位置'), 'value' => $position, 'description' => ''));
form::buttons(array('type' => 'submit'), array('type' => 'reset'));
form::footer();
page::bottom();
page::footer();
}
public function actionEdit($tablename, $fieldname)
{
if (form::isPostBack()) {
$field = array();
$field['name'] = request::post('name');
$field['length'] = request::post('len');
$field['type'] = request::post('type');
$field['collation'] = request::post('collation');
$field['null'] = request::post('null');
$field['default'] = request::post('default');
$field['attribute'] = request::post('attribute');
$field['extra'] = request::post('extra');
$field['comment'] = request::post('comment');
$field['position'] = request::post('position');
$fieldname = request::post('fieldname');
if ($fieldname != $field['name']) {
$result = zotop::db()->table($tablename)->field($fieldname)->rename($field['name']);
}
$result = zotop::db()->table($tablename)->modify($field);
if ($result) {
msg::success('字段修改成功', zotop::url('database/field/index', array('tablename' => $tablename)));
}
}
$tables = zotop::db()->tables(true);
$table = $tables[$tablename];
$fields = array();
if (isset($table)) {
$fields = zotop::db()->table($tablename)->fields(true);
}
$field = $fields[$fieldname];
if (!isset($field)) {
msg::error('字段不存在,请勿修改浏览器参数');
}
$positions = array();
$positions[-1] = '位于表头';
if ($fields) {
foreach ($fields as $key => $val) {
$positions[$key] = '位于 ' . $key . ' 之后';
}
}
$positions[0] = ' ';
$page = new dialog();
$page->title = '编辑字段';
$page->set('database', $database);
$page->set('tables', $tables);
$page->set('field', $field);
$page->set('positions', $positions);
$page->display();
}
public function onEdit($tablename)
{
if (form::isPostBack()) {
$tablename = request::post('tablename');
$name = request::post('name');
$comment = request::post('comment');
$primary = request::post('primary');
if (strtolower($tablename) !== strtolower($name)) {
$rename = zotop::db()->table($tablename)->rename($name);
}
if ($comment !== NULL) {
$comment = zotop::db()->table($name)->comment($comment);
}
if ($primary) {
$primary = zotop::db()->table($name)->primary($primary);
}
msg::success('操作成功', '<h2>数据表设置成功</h2>正在刷新页面,请稍后……', form::referer());
}
$tables = zotop::db()->tables(true);
$table = $tables[$tablename];
if (!isset($table)) {
msg::error('参数错误', zotop::t('数据表{$tablename}不存在', array('tablename' => $tablename)));
}
$header['title'] = '数据库管理 <i>></i> 数据表设置:' . $tablename . ' ';
page::header($header);
page::top();
page::navbar($this->navbar(), 'edit');
form::header();
form::field(array('type' => 'hidden', 'name' => 'tablename', 'label' => '数据表名称', 'value' => $table['name'], 'valid' => '{required:true}'));
form::field(array('type' => 'text', 'name' => 'name', 'label' => '数据表名称', 'value' => $table['name'], 'valid' => '{required:true}'));
form::field(array('type' => 'text', 'name' => 'comment', 'label' => '数据表注释', 'value' => $table['comment'], 'valid' => ''));
form::buttons(array('type' => 'submit'), array('type' => 'button', 'value' => '返回前页', 'class' => 'back', 'onclick' => 'history.go(-1);'));
form::footer();
page::bottom();
page::footer();
}
/**
* Sanitizes global GET, POST and COOKIE data. Also takes care of
* magic_quotes and register_globals, if they have been enabled.
*
* @return void
*/
public function __construct()
{
// Use XSS clean?
$this->use_xss_clean = (bool) Eight::config('core.global_xss_filtering');
if (self::$instance === nil) {
// Convert all global variables to UTF-8.
$_GET = Input::clean($_GET);
$_POST = Input::clean($_POST);
$_COOKIE = Input::clean($_COOKIE);
$_SERVER = Input::clean($_SERVER);
if (PHP_SAPI == 'cli') {
// Convert command line arguments
$_SERVER['argv'] = Input::clean($_SERVER['argv']);
}
// magic_quotes_runtime is enabled
if (get_magic_quotes_runtime()) {
set_magic_quotes_runtime(0);
Eight::log('debug', 'Disable magic_quotes_runtime! It is evil and deprecated: http://php.net/magic_quotes');
}
// magic_quotes_gpc is enabled
if (get_magic_quotes_gpc()) {
$this->magic_quotes_gpc = YES;
Eight::log('debug', 'Disable magic_quotes_gpc! It is evil and deprecated: http://php.net/magic_quotes');
}
// register_globals is enabled
if (ini_get('register_globals')) {
if (isset($_REQUEST['GLOBALS'])) {
// Prevent GLOBALS override attacks
exit('Global variable overload attack.');
}
// Destroy the REQUEST global
$_REQUEST = array();
// These globals are standard and should not be removed
$preserve = array('GLOBALS', '_REQUEST', '_GET', '_POST', '_FILES', '_COOKIE', '_SERVER', '_ENV', '_SESSION');
// This loop has the same effect as disabling register_globals
foreach ($GLOBALS as $key => $val) {
if (!in_array($key, $preserve)) {
global ${$key};
${$key} = nil;
// Unset the global variable
unset($GLOBALS[$key], ${$key});
}
}
// Warn the developer about register globals
Eight::log('debug', 'Disable register_globals! It is evil and deprecated: http://php.net/register_globals');
}
if (is_array($_GET)) {
foreach ($_GET as $key => $val) {
// Sanitize $_GET
$_GET[$this->clean_input_keys($key)] = $this->clean_input_data($val);
}
} else {
$_GET = array();
}
if (is_array($_POST)) {
foreach ($_POST as $key => $val) {
// Sanitize $_POST
$_POST[$this->clean_input_keys($key)] = $this->clean_input_data($val);
}
} else {
$_POST = array();
}
if (is_array($_COOKIE)) {
foreach ($_COOKIE as $key => $val) {
// Sanitize $_COOKIE
$_COOKIE[$this->clean_input_keys($key)] = $this->clean_input_data($val);
}
} else {
$_COOKIE = array();
}
// Create a singleton
self::$instance = $this;
Eight::log('debug', 'Global GET, POST and COOKIE data sanitized');
}
// Assign global vars to request helper vars
request::$get = $_GET;
request::$post = $_POST;
request::$input = array_merge(URI::instance()->segments(2, YES), $_REQUEST);
}
