Ejemplo n.º 1
0
 /**
  * Delete the user
  * @Developer brandon
  * @Date May 19, 2010
  */
 public function delete()
 {
     user::require_login();
     user::current()->delete();
     Auth::instance()->logout();
     url::redirect('login');
 }
Ejemplo n.º 2
0
 /**
  * Store a new comment in the database.
  *
  * @param   string     $hash  Unique hash value of the parent page.
  * @return  Response
  */
 public function create($hash)
 {
     // Retrieve the parent page
     $page = $this->findPageByHash($hash);
     // Create a comment from the post data
     $comment = comment::fromInput();
     $comment->set('page_uri', $page->uri());
     // Collect user information
     $comment->set('author_ip', visitor::ip());
     $comment->set('author_agent', visitor::ua());
     // Handle signed-in users
     if ($user = user::current()) {
         $fullname = trim($user->firstname() . ' ' . $user->lastname());
         $fullname = empty($fullname) ? $user->username() : $fullname;
         $comment->set('author', $fullname);
         $comment->set('author_email', $user->email());
         $comment->set('username', $user->username());
     }
     // Ensure the required comment fields are set
     if (!$comment->validate()) {
         $msg = l('comments.error.incomplete', 'Missing required fields');
         return $this->error($msg, 400, array('input' => $comment->toArray(), 'errors' => $comment->errors()->toArray()));
     }
     // Check the honeypot fields. Pretend everything went fine.
     if ($this->isBot()) {
         return $this->success();
     }
     // Throttle comment posting
     if ($this->isPartOfFlood($comment)) {
         $msg = l('comments.error.throttle', 'Number of allowed comments per interval exceeded');
         return $this->error($msg, 429, array('input' => $comment->toArray(), 'errors' => array('other' => $msg)));
     }
     // Check for duplicate contents
     if ($this->isDuplicate($comment)) {
         $msg = l('comments.error.duplicate', 'Duplicate content');
         return $this->error($msg, 409, array('input' => $comment->toArray(), 'errors' => array('text' => $msg)));
     }
     // Classify comment as spam or ham using Akismet. In addition allow to
     // blacklist authors.
     $discard = false;
     if ($this->isSpam($comment, $discard) || $this->isBlocked($comment)) {
         $comment->set('status', Comment::STATUS_SPAM);
     }
     // Save the comment to the database. Pretend the comment was saved
     // successfully for comments containing `blatant spam`.
     if ($discard && $comment->isSpam() || $comment->save()) {
         $msg = l('comments.success.saved', 'Comment saved');
         return $this->success($msg, 201, array('id' => $comment->id()));
     } else {
         $msg = l('comments.error.save', 'Could not save comment');
         return $this->error($msg, 400, array('input' => $comment->toArray(), 'errors' => $comment->errors()->toArray()));
     }
 }
Ejemplo n.º 3
0
 /**
  * Show the installation page.
  *
  * @param   integer   $step  Progress of the installation.
  * @return  Response
  */
 public function index($progress = 1)
 {
     // Cache frequently used variables
     $user = user::current();
     $access = $user && $user->isAdmin();
     $root = $this->hub()->finder()->views() . DS . 'installation';
     $wizard = new Wizard($root);
     // Force login before continuing with installation wizard
     if (!$access && $progress > 1) {
         $this->redirect($wizard->url(1));
     } else {
         if ($access && $progress == 1) {
             $this->redirect($wizard->url($progress + 1));
         }
     }
     // Step 1: Login
     $wizard->add(array('title' => 'Step 1', 'desc' => 'Authentication', 'required' => true, 'rules' => array('username' => 'required|user', 'password' => 'required')));
     // Step 2 (Required)
     $default = $this->hub()->config()->get('database.default');
     $connections = $this->hub()->config()->get('database.connections');
     $wizard->add(array('title' => 'Step 2', 'desc' => 'Database Connection', 'required' => true, 'connection' => $connections[$default]));
     // Step 3 (Required)
     $wizard->add(array('title' => 'Step 3', 'desc' => 'Database Tables', 'required' => true, 'tables' => array(c::get('db.prefix', '') . 'comments')));
     // Step 4 (Optional)
     $wizard->add(array('title' => 'Step 4', 'desc' => 'Import', 'required' => false, 'rules' => array('head' => 'required', 'delimiter' => 'required|max:1', 'enclosure' => 'required|max:1'), 'columns' => array('id', 'status', 'page_uri', 'created_at', 'updated_at', 'text', 'author', 'author_email', 'author_url', 'author_ip', 'author_agent', 'username', 'rating', 'parent_id')));
     // Step 5 (Optional)
     $wizard->add(array('title' => 'Step 5', 'desc' => 'Comments Field', 'required' => false));
     // Include partials
     $wizard->nest('header', $root . DS . 'header.php');
     $wizard->nest('nav', $root . DS . 'nav.php')->with(array('step' => $progress, 'items' => $wizard->queue()));
     // Register event handler
     $wizard->nth(1)->on('submit', array($this, 'login'));
     $wizard->nth(2)->on('submit', array($this, 'connect'));
     $wizard->nth(3)->on('submit', array($this, 'tables'));
     $wizard->nth(4)->on('submit', array($this, 'import'));
     $wizard->nth(5)->on('submit', array($this, 'installField'));
     // Execute the proper wizard step
     return $wizard->launch($progress);
 }
Ejemplo n.º 4
0
 /**
  * Check to see if the user is an admin
  * @Developer brandon
  * @Date May 27, 2010
  */
 public static function is_admin()
 {
     return user::logged_in() && user::current()->has(ORM::factory('role', 'admin'));
 }
Ejemplo n.º 5
0
 /**
  * Get a link to the panel that allows to edit the current comment. Only
  * available to registered users.
  *
  * @return  Brick|string
  */
 public function editLink()
 {
     // Ensure the current user is allowed to edit the comment
     if (!$this->exists || !$this->currentUserCan('update')) {
         return '';
     }
     // Ensure the user has access to the panel
     if (!($user = user::current()) || !$user->hasPanelAccess()) {
         return '';
     }
     $link = new Brick('a');
     $link->attr('href', $this->panelUrl('edit'));
     $link->addClass('comment-update-link');
     $link->text(l('comments.comment.edit', 'Edit'));
     return $link;
 }
Ejemplo n.º 6
0
"><span>Dashboard</span></a>
        </li>
        <li>
          <a href="<?php 
echo $parent->url();
?>
"><span>Kirby Comments</span></a>
        </li>
      </ul>

    </nav>

  </nav>

  <?php 
if ($user = user::current()) {
    ?>
    <a class="nav-icon nav-icon-right" href="<?php 
    echo url('panel/logout');
    ?>
" title="Logout: <?php 
    echo $user->username();
    ?>
">
      <i class="icon fa fa-user fa-lg"></i>
    </a>
  <?php 
}
?>

</header>
Ejemplo n.º 7
0
 /**
  * Register default comment form fields.
  */
 public function defaults()
 {
     if (!user::current()) {
         $this->field('author', array('id' => 'author', 'type' => 'text', 'label' => l('comments.field.author', 'Name'), 'size' => 30, 'required' => true));
         $this->field('author_email', array('id' => 'email', 'type' => 'email', 'label' => l('comments.field.author_email', 'E-Mail'), 'size' => 30, 'required' => true, 'rules' => 'email'));
         $this->field('author_url', array('id' => 'url', 'type' => 'url', 'label' => l('comments.field.author_url', 'Website'), 'size' => 30, 'rules' => 'url'));
     } else {
         // Get currently logged in user and a link to the profile page
         $user = user::current()->username();
         $link = new Brick('a', $user, array('href' => url('panel/#/users/edit/' . $user)));
         // Add a paragraph showing the currently logged in user
         $this->append(new Brick('p', sprintf(l('comments.field.user', 'Logged in as %1$s'), $link)));
     }
     $this->field('text', array('id' => 'text', 'type' => 'textarea', 'label' => l('comments.field.text', 'Comment'), 'rows' => 8, 'cols' => 45, 'required' => true, 'rules' => 'min:5'));
 }
Ejemplo n.º 8
0
function userlogin()
{
    global $db;
    unset($GLOBALS["CURUSER"]);
    $ip = vars::$ip;
    $nip = ip2long($ip);
    $res = $db->query("SELECT * FROM bannedip WHERE '" . $nip . "' >= first AND '" . $nip . "' <= last") or sqlerr(__FILE__, __LINE__);
    if ($res->num_rows > 0) {
        header("HTTP/1.0 403 Forbidden");
        print "<html><body><h1>403 Forbidden</h1>Unauthorized IP address.</body></html>\n";
        die;
    }
    // guest
    if (empty($_COOKIE["uid"]) || empty($_COOKIE["pass"])) {
        $id = 1;
    }
    if (!isset($_COOKIE["uid"])) {
        $_COOKIE["uid"] = 1;
    }
    $id = max(1, (int) $_COOKIE["uid"]);
    // it's guest
    if (!$id) {
        $id = 1;
    }
    $res = $db->query("SELECT users.topicsperpage, users.postsperpage, users.torrentsperpage, users.flag, users.avatar, UNIX_TIMESTAMP(users.lastconnect) AS lastconnect, UNIX_TIMESTAMP(users.joined) AS joined, users.id AS uid, users.username, users.password, users.loginhash, users.random, users.email, users.language, users.style, users.time_offset, users_level.* \n\t    FROM users INNER JOIN users_level ON users.id_level = users_level.id \n\t\tWHERE users.id = " . $id);
    $row = $res->fetch_array(MYSQLI_BOTH);
    user::prepare_user($row);
    if (!$row) {
        $id = 1;
        $res = $db->query("SELECT users.topicsperpage, users.postsperpage, users.torrentsperpage, users.flag, users.avatar, UNIX_TIMESTAMP(users.lastconnect) AS lastconnect, UNIX_TIMESTAMP(users.joined) AS joined, users.id AS uid, users.username, users.password, users.loginhash, users.random, users.email, users.language, users.style, users.time_offset, users_level.* \n\t\t    FROM users INNER JOIN users_level ON users.id_level = users_level.id WHERE users.id = 1");
        $row = $res->fetch_array(MYSQLI_BOTH);
    }
    if (!isset($_COOKIE["pass"])) {
        $_COOKIE["pass"] = "";
    }
    if ($_COOKIE["pass"] != md5($GLOBALS["salting"] . $row["random"] . $row["password"] . $row["random"]) && $id != 1) {
        $id = 1;
        $res = $db->query("SELECT users.topicsperpage, users.postsperpage, users.torrentsperpage, users.flag, users.avatar, UNIX_TIMESTAMP(users.lastconnect) AS lastconnect, UNIX_TIMESTAMP(users.joined) AS joined, users.id AS uid, users.username, users.password, users.loginhash, users.random, users.email, users.language, users.style, users.time_offset, users_level.* \n\t\t    FROM users INNER JOIN users_level ON users.id_level = users_level.id \n\t\t\tWHERE users.id = 1");
        $row = $res->fetch_array(MYSQLI_BOTH);
    }
    #Hide Staff IP's by Yupy... Because we <3 our Staff...
    $hide_ips = array("Moderator" => 6, "Administrator" => 7, "Owner" => 8);
    // Staff ID level's
    $ip = $row["id_level"] != $hide_ips["Moderator"] ? $ip : "127.0.0.1";
    $ip = $row["id_level"] != $hide_ips["Administrator"] ? $ip : "127.0.0.1";
    $ip = $row["id_level"] != $hide_ips["Owner"] ? $ip : "127.0.0.1";
    if ($id > 1) {
        $db->query("UPDATE users SET lastconnect = NOW(), lip = " . $nip . ", cip = '" . AddSlashes($ip) . "' WHERE id = " . $id);
    } else {
        $db->query("UPDATE users SET lastconnect = NOW(), lip = 0, cip = NULL WHERE id = 1");
    }
    user::$current = $row;
    $GLOBALS['CURUSER'] =& user::$current;
    unset($row);
}
Ejemplo n.º 9
0
function userlogin()
{
    global $db, $tpl;
    unset($GLOBALS['CURUSER']);
    require_once CLASS_PATH . 'class.Cached.php';
    $ip = vars::$ip;
    $nip = ip2long($ip);
    $ipf = vars::$realip;
    #Check if User is Banned...
    #if (!($row['flags'] & BIT_26)) -- TO-DO
    #$banned = false;
    if (Cached::bans($ip, $reason)) {
        $banned = true;
    } else {
        if ($ip != $ipf) {
            if (Cached::bans($ipf, $reason)) {
                $banned = true;
            }
        }
    }
    if ($banned) {
        header('Content-Type: text/html; charset=utf-8');
        $banned_message = security::html_safe($reason);
        $tpl->assign('banned_message', $banned_message);
        $banned_msg = $tpl->draw('style/base/tpl/banned_message', $return_string = true);
        echo $banned_msg;
        die;
    }
    #End Banned User...
    // guest
    if (empty($_COOKIE["uid"]) || empty($_COOKIE["pass"])) {
        $id = 1;
    }
    if (!isset($_COOKIE["uid"]) && _string::is_hex($_COOKIE["uid"])) {
        $_COOKIE["uid"] = 1;
    }
    $id = max(1, (int) $_COOKIE["uid"]);
    // it's guest
    if (!$id) {
        $id = 1;
    }
    $res = $db->query("SELECT users.pid, users.topicsperpage, users.postsperpage, users.torrentsperpage, users.flag, users.avatar, UNIX_TIMESTAMP(users.lastconnect) AS lastconnect, UNIX_TIMESTAMP(users.joined) AS joined, users.id AS uid, users.username, users.password, users.loginhash, users.random, users.email, users.language, users.style, users.time_offset, users_level.* \n\t    FROM users INNER JOIN users_level ON users.id_level = users_level.id \n\t\tWHERE users.id = " . $id);
    $row = $res->fetch_array(MYSQLI_BOTH);
    user::prepare_user($row);
    if (!$row) {
        $id = 1;
        $res = $db->query("SELECT users.topicsperpage, users.postsperpage, users.torrentsperpage, users.flag, users.avatar, UNIX_TIMESTAMP(users.lastconnect) AS lastconnect, UNIX_TIMESTAMP(users.joined) AS joined, users.id AS uid, users.username, users.password, users.loginhash, users.random, users.email, users.language, users.style, users.time_offset, users_level.* \n\t\t    FROM users INNER JOIN users_level ON users.id_level = users_level.id WHERE users.id = 1");
        $row = $res->fetch_array(MYSQLI_BOTH);
    }
    if (!isset($_COOKIE["pass"])) {
        $_COOKIE["pass"] = "";
    }
    if ($_COOKIE["pass"] != md5($GLOBALS["salting"] . $row["random"] . $row["password"] . $row["random"]) && $id != 1) {
        $id = 1;
        $res = $db->query("SELECT users.topicsperpage, users.postsperpage, users.torrentsperpage, users.flag, users.avatar, UNIX_TIMESTAMP(users.lastconnect) AS lastconnect, UNIX_TIMESTAMP(users.joined) AS joined, users.id AS uid, users.username, users.password, users.loginhash, users.random, users.email, users.language, users.style, users.time_offset, users_level.* \n\t\t    FROM users INNER JOIN users_level ON users.id_level = users_level.id \n\t\t\tWHERE users.id = 1");
        $row = $res->fetch_array(MYSQLI_BOTH);
    }
    #Hide Staff IP's by Yupy...
    $hide_ips = array("Moderator" => 6, "Administrator" => 7, "Owner" => 8);
    // Staff ID level's
    $ip = $row["id_level"] != $hide_ips["Moderator"] ? $ip : "127.0.0.1";
    $ip = $row["id_level"] != $hide_ips["Administrator"] ? $ip : "127.0.0.1";
    $ip = $row["id_level"] != $hide_ips["Owner"] ? $ip : "127.0.0.1";
    if ($id > 1) {
        $db->query("UPDATE users SET lastconnect = NOW(), lip = " . $nip . ", cip = '" . AddSlashes($ip) . "' WHERE id = " . $id);
    } else {
        $db->query("UPDATE users SET lastconnect = NOW(), lip = 0, cip = NULL WHERE id = 1");
    }
    user::$current = $row;
    $GLOBALS['CURUSER'] =& user::$current;
    unset($row);
}
Ejemplo n.º 10
0
<?php

/**
 * Plugin Filters
 *
 * Allows to register filters that can be used to run application logic just
 * before a route action is executed.
 *
 * @see  CommentPlugin::routes()
 * @var  array
 */
return array('auth' => function () {
    if (!user::current() || !user::current()->isAdmin()) {
        redirect::to('plugin/comments/wizard');
    }
}, 'installed' => function () {
    if ($this->isInstalled()) {
        redirect::home();
    }
}, 'userCanCreate' => function () {
    $route = plugin('comments')->route();
    $hash = a::first($route->arguments());
    $page = site()->index()->findBy('hash', $hash);
    return $page instanceof Page && $page->isVisible();
}, 'userCanRead' => function () {
    $route = plugin('comments')->route();
    $hash = a::first($route->arguments());
    $page = site()->index()->findBy('hash', $hash);
    return $page instanceof Page && $page->isVisible();
}, 'userCanUpdate' => function () {
    $route = plugin('comments')->route();
Ejemplo n.º 11
0
 public static function loggedUser()
 {
     //return Kirby current user
     return user::current();
 }
Ejemplo n.º 12
0
 /**
  * Delete a journal, but only if it belongs to the user
  * @Developer brandon
  * @Date May 17, 2010
  */
 public function delete()
 {
     $journal = ORM::factory($this->model_name, $this->input->post('id'));
     if ($journal->user->id != user::current()->id) {
         url::redirect('');
     }
     parent::delete();
 }