/**
* set contact information.
*
* @access public
* @return void
*/
public function setContact()
{
if (!empty($_POST)) {
if (!empty($_POST['email'])) {
if (!validater::checkEmail($this->post->email)) {
$this->send(array('result' => 'fail', 'message' => $this->lang->company->error->email));
}
}
$contact = array('contact' => helper::jsonEncode($_POST));
$result = $this->loadModel('setting')->setItems('system.common.company', $contact);
if ($result) {
$this->send(array('result' => 'success', 'message' => $this->lang->setSuccess));
}
$this->send(array('result' => 'fail', 'message' => $this->lang->fail));
}
$this->view->title = $this->lang->company->setContact;
$this->view->contact = json_decode($this->config->company->contact);
$this->display();
}
public function update($assetID)
{
$skipFields = '';
$skipFields .= $this->loadModel('custom')->dealWithCustomArrayField();
$oldAsset = $this->getAssetById($assetID);
$now = helper::now();
$address = fixer::input('post')->get('address');
$extendaddress = fixer::input('post')->get('extendaddress');
$devicenumber = fixer::input('post')->get('devicenumber');
$code = fixer::input('post')->get('code');
$module = $this->loadModel('info')->getAllChildId(fixer::input('post')->cleanInt('module')->setDefault('module', 0)->get('module'), 'asset');
$result1 = $this->dao->select('*')->from(TABLE_INFOASSET)->where('address')->eq($extendaddress)->andWhere('address')->ne('IP Format Error')->andWhere('address')->ne('Conflict!')->andWhere('address')->ne('')->beginIF($module)->andWhere('module')->in($module)->fi()->fetchAll();
$result2 = $this->dao->select('*')->from(TABLE_INFOASSET)->where('extendaddress')->eq($address)->andWhere('extendaddress')->ne('IP Format Error')->andWhere('extendaddress')->ne('Conflict!')->andWhere('extendaddress')->ne('')->beginIF($module)->andWhere('module')->in($module)->fi()->fetchAll();
$asset = fixer::input('post')->cleanInt('module')->setDefault('module', 0)->add('lastEditedBy', $this->app->user->account)->add('lastEditedDate', $now)->setDefault('lenddate', '0000-00-00')->setDefault('returndate', '0000-00-00')->setDefault('product', '0')->setDefault('project', '0')->setIF(!(strlen(trim($extendaddress)) == 0) && !validater::checkIP($extendaddress), 'extendaddress', 'IP Format Error')->setIF(!(strlen(trim($address)) == 0) && !validater::checkIP($address), 'address', 'IP Format Error')->removeIF(trim($address) == trim($extendaddress), 'extendaddress')->setIF($result1, 'extendaddress', 'Conflict!')->setIF($result2, 'address', 'Conflict!')->get();
$condition = "`lib` = '{$asset->lib}' AND module = '{$asset->module}' and id != '{$assetID}'";
$conditionaddress = $condition . " and address != 'IP Format Error' and address != 'Conflict!'";
$conditionextaddress = $condition . " and extendaddress != 'IP Format Error' and extendaddress != 'Conflict!'";
$this->dao->update(TABLE_INFOASSET)->data($asset)->autoCheck($skipFields)->batchCheck($this->config->asset->edit->requiredFields, 'notempty')->check('hostname', 'unique', $condition)->checkIF(!(strlen(trim($address)) == 0), 'address', 'unique', $conditionaddress)->checkIF(!(strlen(trim($extendaddress)) == 0), 'extendaddress', 'unique', $conditionextaddress)->checkIF(!(strlen(trim($devicenumber)) == 0), 'devicenumber', 'unique', $condition)->checkIF(!(strlen(trim($code)) == 0), 'code', 'unique', $condition)->where('id')->eq((int) $assetID)->exec();
$asset->editedCount = $asset->editedCount - 1;
if (!dao::isError()) {
return common::createChanges($oldAsset, $asset);
}
}
/**
* Detect email config auto.
*
* @access public
* @return void
*/
public function detect()
{
if ($_POST) {
if ($this->post->fromAddress == false) {
$error = sprintf($this->lang->error->notempty, $this->lang->mail->fromAddress);
$message = array('fromAddress' => $error);
$this->send(array('result' => 'fail', 'message' => $message));
}
if (!validater::checkEmail($this->post->fromAddress)) {
$error = sprintf($this->lang->error->email, $this->lang->mail->fromAddress);
$message = array('fromAddress' => $error);
$this->send(array('result' => 'fail', 'message' => $message));
}
$mailConfig = $this->mail->autoDetect($this->post->fromAddress);
$mailConfig->fromAddress = $this->post->fromAddress;
$this->session->set('mailConfig', $mailConfig);
$this->send(array('result' => 'success', 'message' => $this->lang->saveSuccess, 'locate' => inlink('edit')));
}
$this->view->title = $this->lang->mail->common . $this->lang->colon . $this->lang->mail->detect;
$this->view->position[] = html::a(inlink('index'), $this->lang->mail->common);
$this->view->position[] = $this->lang->mail->detect;
$this->view->fromAddress = $this->session->mailConfig ? $this->session->mailConfig->fromAddress : '';
$this->display();
}
/**
* Detect email config auto.
*
* @access public
* @return void
*/
public function detect()
{
if ($_POST) {
$error = '';
if ($this->post->fromAddress == false) {
$error = sprintf($this->lang->error->notempty, $this->lang->mail->fromAddress);
}
if (!validater::checkEmail($this->post->fromAddress)) {
$error .= '\\n' . sprintf($this->lang->error->email, $this->lang->mail->fromAddress);
}
if ($error) {
die(js::alert($error));
}
$mailConfig = $this->mail->autoDetect($this->post->fromAddress);
$mailConfig->fromAddress = $this->post->fromAddress;
$this->session->set('mailConfig', $mailConfig);
die(js::locate(inlink('edit'), 'parent'));
}
$this->view->title = $this->lang->mail->common . $this->lang->colon . $this->lang->mail->detect;
$this->view->position[] = html::a(inlink('index'), $this->lang->mail->common);
$this->view->position[] = $this->lang->mail->detect;
$this->view->fromAddress = $this->session->mailConfig ? $this->session->mailConfig->fromAddress : '';
$this->display();
}
/**
* Edit for the source file.
*
* @param int $fileID
* @access public
* @return void
*/
public function sourceEdit($fileID)
{
$this->file->setSavePath('source');
$file = $this->file->getById($fileID);
if (!empty($_POST)) {
if (!$this->file->checkSavePath()) {
$this->send(array('result' => 'fail', 'message' => $this->lang->file->errorUnwritable));
}
if ($this->post->filename == false or $this->post->filename == '') {
$this->send(array('result' => 'fail', 'message' => $this->lang->file->nameEmpty));
}
$filename = $this->post->filename;
if (!validater::checkFileName($filename)) {
$this->send(array('result' => 'fail', 'message' => $this->lang->file->evilChar));
}
if (!$this->post->continue) {
$extension = $this->file->getExtension($_FILES['upFile']['name']);
$sameUpFile = $this->file->checkSameFile(str_replace('.' . $extension, '', $_FILES['upFile']['name']), $fileID);
$sameFilename = $this->file->checkSameFile($this->post->filename, $fileID);
if (!empty($sameUpFile) or !empty($sameFilename)) {
$this->send(array('result' => 'fail', 'error' => $this->lang->file->sameName));
}
}
$result = $this->file->sourceEdit($file, $filename);
if ($result) {
$this->send(array('result' => 'success', 'message' => $this->lang->saveSuccess, 'locate' => $this->createLink('file', 'browseSource')));
}
$this->send(array('result' => 'fail', 'message' => dao::getError()));
}
$this->view->title = $this->lang->file->edit;
$this->view->modalWidth = 500;
$this->view->file = $file;
$this->display();
}
/**
* Update a public.
*
* @param int $publicID
* @access public
* @return void
*/
public function update($publicID)
{
if (!validater::checkReg($this->post->token, '|^[a-zA-Z0-9]{1}[a-zA-Z0-9]{1,30}[a-zA-Z0-9]{1}$|')) {
dao::$errors['token'][] = $this->lang->error->token;
}
$public = fixer::input('post')->get();
$this->dao->update(TABLE_WX_PUBLIC)->data($public)->autoCheck()->batchCheck($this->config->wechat->require->edit, 'notempty')->where('id')->eq($publicID)->exec();
return !dao::isError();
}
/**
* Check the passwds posted.
*
* @access public
* @return bool
*/
public function checkPassword()
{
if ($this->post->password1 != false) {
if ($this->post->password1 != $this->post->password2) {
dao::$errors['password'][] = $this->lang->error->passwordsame;
}
if (!validater::checkReg($this->post->password1, '|(.){6,}|')) {
dao::$errors['password'][] = $this->lang->error->passwordrule;
}
}
return !dao::isError();
}
/**
* Check phone number.
*
* @param string $var
* @static
* @access public
* @return void
*/
public static function checkPhone($var)
{
return validater::checkTel($var) or validater::checkMobile($var);
}
/**
* Update project member.
*
* @access public
* @return void
*/
public function upgradeProjectMember()
{
$projects = $this->loadModel('project', 'oa')->getList();
foreach ($projects as $project) {
$member = new stdclass();
$member->type = 'project';
$member->id = $project->id;
/* Move master to team table. */
if (!empty($project->master)) {
$member->account = $project->master;
$member->role = 'role';
$this->dao->replace(TABLE_TEAM)->data($member)->exec();
}
/* Move members to team table. */
if (!empty($project->member)) {
$members = explode(',', $project->member);
$member->role = 'member';
foreach ($members as $account) {
if ($account == $project->master) {
continue;
}
if (!validater::checkAccount($account)) {
continue;
}
$member->account = $account;
$this->dao->replace(TABLE_TEAM)->data($member)->exec();
}
}
return true;
}
}
/**
* Save settings.
*
* @access public
* @return void
*/
public function saveSetting()
{
$errors = '';
if (!$this->post->payment) {
$errors['payment'] = array($this->lang->order->paymentRequired);
}
if (!$this->post->confirmLimit) {
$errors['confirmLimit'] = array($this->lang->order->confirmLimitRequired);
}
if (in_array('alipay', $this->post->payment) and strlen($this->post->pid) != 16) {
$errors['pid'] = array($this->lang->order->placeholder->pid);
}
if (in_array('alipay', $this->post->payment) and strlen($this->post->key) != 32) {
$errors['key'] = array($this->lang->order->placeholder->key);
}
if (in_array('alipay', $this->post->payment) and !validater::checkEmail($this->post->email)) {
$errors['email'] = array(sprintf($this->lang->error->email, $this->lang->order->alipayEmail));
}
if (!empty($errors)) {
return array('result' => 'fail', 'message' => $errors);
}
$shopSetting = array();
$shopSetting['payment'] = join(',', $this->post->payment);
$shopSetting['confirmLimit'] = $this->post->confirmLimit;
$this->loadModel('setting')->setItems('system.common.shop', $shopSetting);
$alipaySetting = array();
$alipaySetting['pid'] = $this->post->pid;
$alipaySetting['key'] = $this->post->key;
$alipaySetting['email'] = $this->post->email;
$result = $this->loadModel('setting')->setItems('system.common.alipay', $alipaySetting);
return array('result' => 'success', 'message' => $this->lang->saveSuccess);
}
/**
* Edit for the source file.
*
* @param int $fileID
* @access public
* @return void
*/
public function sourceEdit($fileID)
{
$this->file->setSavePath('source');
$file = $this->file->getById($fileID);
if (!empty($_POST)) {
if (!$this->file->checkSavePath()) {
$this->send(array('result' => 'fail', 'message' => $this->lang->file->errorUnwritable));
}
if ($this->post->filename == false or $this->post->filename == '') {
$this->send(array('result' => 'fail', 'message' => $this->lang->file->nameEmpty));
}
$filename = $this->post->filename;
if (!validater::checkFileName($filename)) {
$this->send(array('result' => 'fail', 'message' => $this->lang->file->evilChar));
}
$result = $this->file->sourceEdit($file, $filename);
if ($result) {
$this->send(array('result' => 'success', 'message' => $this->lang->saveSuccess, 'locate' => $this->createLink('file', 'browseSource')));
}
$this->send(array('result' => 'fail', 'message' => dao::getError()));
}
$this->view->title = $this->lang->file->edit;
$this->view->modalWidth = 500;
$this->view->file = $file;
$this->display();
}
/**
* Identify a user.
*
* @param string $account the account
* @param string $password the password the plain password or the md5 hash
* @access public
* @return object if is valid user, return the user object.
*/
public function identify($account, $password)
{
if (!$account or !$password) {
return false;
}
/* First get the user from database by account or email. */
$user = $this->dao->setAutolang(false)->select('*')->from(TABLE_USER)->beginIF(validater::checkEmail($account))->where('email')->eq($account)->fi()->beginIF(!validater::checkEmail($account))->where('account')->eq($account)->fi()->fetch();
/* Then check the password hash. */
if (!$user) {
return false;
}
/* Can not login before ten minutes when user is locked. */
if ($user->locked != '0000-00-00 00:00:00') {
$dateDiff = (strtotime($user->locked) - time()) / 60;
/* Check the type of lock and show it. */
if ($dateDiff > 0 && $dateDiff <= 3) {
$this->lang->user->loginFailed = sprintf($this->lang->user->locked, '3' . $this->lang->date->minute);
return false;
} elseif ($dateDiff > 3) {
$dateDiff = ceil($dateDiff / 60 / 24);
$this->lang->user->loginFailed = $dateDiff <= 30 ? sprintf($this->lang->user->locked, $dateDiff . $this->lang->date->day) : $this->lang->user->lockedForEver;
return false;
} else {
$user->fails = 0;
$user->locked = '0000-00-00 00:00:00';
}
}
/* The password can be the plain or the password after md5. */
if (!$this->compareHashPassword($password, $user) and $user->password != $this->createPassword($password, $user->account)) {
/* Save login log if user is admin. */
if ($user->admin == 'super' or $user->admin == 'common') {
$this->saveLog($user->account, 'fail');
}
$user->fails++;
if ($user->fails > 2 * 4) {
$user->locked = date('Y-m-d H:i:s', time() + 3 * 60);
}
$this->dao->setAutolang(false)->update(TABLE_USER)->data($user)->where('id')->eq($user->id)->exec();
return false;
}
/* Update user data. */
$user->ip = $this->server->remote_addr;
$user->last = helper::now();
$user->fails = 0;
$user->visits++;
/* Save login log if user is admin. */
if ($user->admin == 'super' or $user->admin == 'common') {
$this->saveLog($user->account, 'success');
}
$this->dao->setAutolang(false)->update(TABLE_USER)->data($user)->where('account')->eq($account)->exec();
$user->realname = $this->computeRealname($user);
$user->shortLast = substr($user->last, 5, -3);
$user->shortJoin = substr($user->join, 5, -3);
unset($_SESSION['random']);
if (commonModel::isAvailable('score')) {
$viewType = $this->app->getViewType();
if ($user) {
$this->app->user->account = $account;
if ($user->maxLogin > 0) {
$this->app->loadConfig('score');
$login = $this->config->score->counts->login;
$this->dao->update(TABLE_USER)->set('maxLogin = maxLogin - ' . $login)->where('account')->eq($account)->exec();
$this->loadModel('score')->earn('login', '', '', 'LOGIN');
}
}
}
return $user;
}
if (validater::checkCode(substr($name, 0, 1)) and validater::checkCode(substr($name, 1, 1))) {
$rightName .= strtoupper(substr($name, 1, 1));
}
?>
<?php
if (validater::checkCode(substr($name, 0, 1)) and !validater::checkCode(substr($name, 1, 1))) {
$rightName .= strtoupper(substr($name, 1, 3));
}
?>
<?php
if (!validater::checkCode(substr($name, 0, 1)) and validater::checkCode(substr($name, 3, 1))) {
$rightName .= strtoupper(substr($name, 3, 1));
}
?>
<?php
if (!validater::checkCode(substr($name, 0, 1)) and !validater::checkCode(substr($name, 3, 1))) {
$rightName .= substr($name, 3, 3);
}
?>
<i class='icon icon-default' style="background-color: hsl(<?php
echo $right['id'] * 47 % 360;
?>
, 100%, 40%)"> <span><?php
echo $rightName;
?>
</span></i>
<?php
}
?>
<?php
echo html::checkbox('apps', array($code => $right['name']), $right['right'] == '1' ? $code : '');
/**
* Edit file.
*
* @param int $fileID
* @access public
* @return void
*/
public function edit($fileID)
{
$this->replaceFile($fileID);
$fileInfo = fixer::input('post')->remove('upFile')->get();
if (!validater::checkFileName($fileInfo->title)) {
return false;
}
$fileInfo->lang = 'all';
$this->dao->update(TABLE_FILE)->data($fileInfo)->autoCheck()->batchCheck($this->config->file->require->edit, 'notempty')->where('id')->eq($fileID)->exec();
$this->dao->setAutoLang(false)->update(TABLE_FILE)->data($fileInfo)->autoCheck()->batchCheck($this->config->file->require->edit, 'notempty')->where('id')->eq($fileID)->exec();
}
/**
* Identify a user.
*
* @param string $account the account
* @param string $password the password the plain password or the md5 hash
* @access public
* @return object if is valid user, return the user object.
*/
public function identify($account, $password)
{
if (!$account or !$password) {
return false;
}
/* First get the user from database by account or email. */
$user = $this->dao->select('*')->from(TABLE_USER)->where('deleted')->eq('0')->beginIF(validater::checkEmail($account))->andWhere('email')->eq($account)->fi()->beginIF(!validater::checkEmail($account))->andWhere('account')->eq($account)->fi()->fetch();
/* Then check the password hash. */
if (!$user) {
return false;
}
/* Can not login before ten minutes when user is locked. */
if ($user->locked != '0000-00-00 00:00:00') {
$dateDiff = (strtotime($user->locked) - time()) / 60;
/* Check the type of lock and show it. */
if ($dateDiff > 0 && $dateDiff <= 10) {
$this->lang->user->loginFailed = sprintf($this->lang->user->locked, '10' . $this->lang->date->minute);
return false;
} elseif ($dateDiff > 10) {
$dateDiff = ceil($dateDiff / 60 / 24);
$this->lang->user->loginFailed = $dateDiff <= 30 ? sprintf($this->lang->user->locked, $dateDiff . $this->lang->date->day) : $this->lang->user->lockedForEver;
return false;
} else {
$user->fails = 0;
$user->locked = '0000-00-00 00:00:00';
}
}
/* The password can be the plain or the password after md5. */
if (!$this->compareHashPassword($password, $user)) {
$user->fails++;
if ($user->fails > 2) {
$user->locked = date('Y-m-d H:i:s', time() + 10 * 60);
}
$this->dao->update(TABLE_USER)->data($user)->where('id')->eq($user->id)->exec();
return false;
}
/* Update user data. */
$user->ip = $this->server->remote_addr;
$user->last = helper::now();
$user->ping = helper::now();
$user->fails = 0;
$user->visits++;
/* Update password when create password by oldCreatePassword function. */
$this->dao->update(TABLE_USER)->data($user)->where('account')->eq($account)->exec();
$user->realname = empty($user->realname) ? $account : $user->realname;
$user->shortLast = substr($user->last, 5, -3);
$user->shortJoin = substr($user->join, 5, -3);
unset($_SESSION['random']);
/* Save sign in info. */
$this->loadModel('attend', 'oa')->signIn($user->account);
/* Return him.*/
return $user;
}
/**
* Send mail code.
*
* @access public
* @return void
*/
public function sendMailCode($account = '')
{
$account = ($account and $account != 'qq') ? $account : $this->app->user->account;
$user = $this->loadModel('user')->getByAccount($account);
$email = $this->post->email ? $this->post->email : $user->email;
$lastSendVar = "lastSendTo{$account}";
$lastSendTime = $this->session->{$lastSendVar};
if (time() - $lastSendTime < 180) {
$this->send(array('result' => 'fail', 'message' => $this->lang->mail->trySendlater));
}
if (!$this->config->mail->turnon) {
$this->send(array('result' => 'fail', 'message' => $this->lang->mail->noConfigure));
}
if (empty($email)) {
$this->send(array('result' => 'fail', 'message' => $this->lang->mail->noEmail));
}
if (!validater::checkEmail($email)) {
$this->send(array('result' => 'fail', 'message' => $this->lang->mail->error));
}
if (!$lastSendTime or time() - $lastSendTime > 1800 or !$this->session->verifyCode) {
$this->session->set('verifyCode', mt_rand());
}
$content = sprintf($this->lang->mail->sendContent, $account, $this->config->site->name, $this->server->http_host, $this->session->verifyCode, $this->config->site->name);
$this->loadModel('mail')->send($email, $this->lang->mail->captcha, $content, true);
if (!$this->mail->isError()) {
$this->session->set('lastSendTo' . $account, time());
$this->send(array('result' => 'success', 'message' => sprintf($this->lang->mail->sendSuccess, $email)));
}
$error = str_replace('\\n', "<br />", join('', $this->mail->getError()));
$this->send(array('result' => 'fail', 'message' => $error));
}
/**
* Print block.
*
* @param int $index
* @access public
* @return void
*/
public function printBlock($index)
{
$block = $this->block->getBlock($index);
if (empty($block)) {
return false;
}
$html = '';
if ($block->block == 'html') {
$html = "<div class='article-content'>" . htmlspecialchars_decode($block->params->html) . '</div>';
} elseif ($block->block == 'rss') {
$html = $this->block->getRss($block);
} elseif ($block->source != '') {
$html = $this->block->getEntry($block);
} elseif ($block->block == 'allEntries') {
$entries = $this->loadModel('entry')->getEntries();
$html = "<div id='allEntriesBlock' class='all-entries'><table class='table'><tr>";
foreach ($entries as $entry) {
$class = !$entry->buildin ? "class='iframe'" : '';
$size = $entry->size != 'max' ? json_decode($entry->size) : '';
$width = isset($size->width) ? "width={$size->width}" : '';
$height = isset($size->height) ? "height={$size->height}" : '';
$image = html::image($entry->logo, "width=18");
if (!$entry->logo) {
$hue = $entry->id * 47 % 360;
$name = $entry->abbr ? $entry->abbr : $entry->name;
$entryName = validater::checkCode(substr($name, 0, 1)) ? strtoupper(substr($name, 0, 1)) : substr($name, 0, 3);
if (validater::checkCode(substr($name, 0, 1)) and validater::checkCode(substr($name, 1, 1))) {
$entryName .= strtoupper(substr($name, 1, 1));
}
if (validater::checkCode(substr($name, 0, 1)) and !validater::checkCode(substr($name, 1, 1))) {
$entryName .= strtoupper(substr($name, 1, 3));
}
if (!validater::checkCode(substr($name, 0, 1)) and validater::checkCode(substr($name, 3, 1))) {
$entryName .= strtoupper(substr($name, 3, 1));
}
if (!validater::checkCode(substr($name, 0, 1)) and !validater::checkCode(substr($name, 3, 1))) {
$entryName .= substr($name, 3, 3);
}
$image = "<i class='icon icon-default' style='background-color: hsl({$hue}, 100%, 40%)'> <span>" . $entryName . "</span></i> ";
}
$html .= "<td class='pull-left' width='33%'>" . html::a($entry->login, $image . $entry->name, "{$class} {$width} {$height}") . "</td>";
}
$html .= "</tr></table></div>";
} elseif ($block->block == 'dynamic') {
$html = $this->fetch('block', 'dynamic');
}
die($html);
}
/**
* Check the passwds posted.
*
* @access public
* @return bool
*/
public function checkPassword($canNoPassword = false)
{
if (!$canNoPassword and empty($_POST['password1'])) {
dao::$errors['password'][] = sprintf($this->lang->error->notempty, $this->lang->user->password);
}
if ($this->post->password1 != false) {
if ($this->post->password1 != $this->post->password2) {
dao::$errors['password'][] = $this->lang->error->passwordsame;
}
if (!validater::checkReg($this->post->password1, '|(.){6,}|')) {
dao::$errors['password'][] = $this->lang->error->passwordrule;
}
}
return !dao::isError();
}
/**
* Get info of uploaded files.
*
* @param string $htmlTagName
* @access public
* @return array
*/
public function getUpload($htmlTagName = 'files')
{
$files = array();
if (!isset($_FILES[$htmlTagName])) {
return $files;
}
$this->app->loadClass('purifier', true);
$config = HTMLPurifier_Config::createDefault();
$config->set('Cache.DefinitionImpl', null);
$purifier = new HTMLPurifier($config);
/* If the file var name is an array. */
if (is_array($_FILES[$htmlTagName]['name'])) {
extract($_FILES[$htmlTagName]);
foreach ($name as $id => $filename) {
if (empty($filename)) {
continue;
}
if (!validater::checkFileName($filename)) {
continue;
}
$file['extension'] = $this->getExtension($filename);
$file['pathname'] = $this->setPathName($id, $file['extension']);
$file['title'] = !empty($_POST['labels'][$id]) ? htmlspecialchars($_POST['labels'][$id]) : str_replace('.' . $file['extension'], '', $filename);
$file['title'] = $purifier->purify($file['title']);
$file['size'] = $size[$id];
$file['tmpname'] = $tmp_name[$id];
$files[] = $file;
}
} else {
if (empty($_FILES[$htmlTagName]['name'])) {
return $files;
}
extract($_FILES[$htmlTagName]);
if (!validater::checkFileName($name)) {
return array();
}
$file['extension'] = $this->getExtension($name);
$file['pathname'] = $this->setPathName(0, $file['extension']);
$file['title'] = !empty($_POST['labels'][0]) ? htmlspecialchars($_POST['labels'][0]) : substr($name, 0, strpos($name, $file['extension']) - 1);
$file['title'] = $purifier->purify($file['title']);
$file['size'] = $size;
$file['tmpname'] = $tmp_name;
return array($file);
}
return $files;
}
/**
* Batch check trades.
*
* @param array $trades
* @access public
* @return void
*/
public function batchCheck($trades)
{
$this->app->loadClass('filter', true);
$errors = array();
foreach ($trades as $key => $trade) {
$item = $this->lang->trade->money;
if (empty($trade->money) or !validater::checkFloat($trade->money)) {
$errors["money" . $key] = sprintf($this->lang->error->notempty, $item) . sprintf($this->lang->error->float, $item);
}
$item = $this->lang->trade->handlers;
if (empty($trade->handlers)) {
$errors['handlers' . $key] = sprintf($this->lang->error->notempty, $item);
}
$item = $this->lang->trade->date;
if (empty($trade->date) or !validater::checkDate($trade->date)) {
$errors['date' . $key] = sprintf($this->lang->error->date, $item) . sprintf($this->lang->error->notempty, $item);
}
}
return $errors;
}
/**
* Set log.
*
* @access public
* @return void
*/
public function setStat()
{
if (!empty($_POST)) {
$setting = fixer::input('post')->get();
if (!$setting->saveDays or !validater::checkInt($setting->saveDays)) {
$this->send(array('result' => 'fail', 'message' => $this->lang->site->saveDaysTip));
}
$result = $this->loadModel('setting')->setItems('system.common.site', $setting);
if ($result) {
$this->send(array('result' => 'success', 'message' => $this->lang->setSuccess));
}
$this->send(array('result' => 'fail', 'message' => $this->lang->fail));
}
$this->view->title = $this->lang->site->setStat;
$this->display();
}
/**
* Add a blacklist item.
*
* @access public
* @return void
*/
public function addBlacklist()
{
$typeList = $this->lang->guarder->blacklistModes;
if ($_POST) {
$item = $this->post->identity;
$type = 'keywords';
if (validater::checkIP($item)) {
$type = 'ip';
}
if (validater::checkEmail($item)) {
$type = 'email';
}
if (validater::checkAccount($item)) {
$user = $this->loadModel('user')->getByAccount($item);
if (!empty($user)) {
$type = 'account';
}
}
$result = $this->guarder->punish($type, $item, $this->post->reason, $this->post->expired);
if ($result) {
$this->send(array('result' => 'success', 'message' => $this->lang->setSuccess, 'locate' => inlink('blacklist', "mode={$type}")));
}
$this->send(array('result' => 'fail', 'message' => dao::geterror()));
}
$this->view->title = $this->lang->guarder->addBlacklist;
$this->display();
}
/**
* Reply a message.
*
* @param int $messageID
* @access public
* @return void
*/
public function reply($messageID)
{
$account = $this->app->user->account;
$admin = $this->app->user->admin;
$message = $this->getByID($messageID);
$reply = fixer::input('post')->add('objectType', $message->type == 'reply' ? $message->objectType : $message->type)->add('objectID', $message->id)->add('to', $message->account)->add('type', 'reply')->add('date', helper::now())->add('status', '0')->add('public', 1)->setIF($account != 'guest', 'account', $account)->setIF($admin == 'super', 'status', '1')->add('ip', $this->server->REMOTE_ADDR)->get();
$this->dao->insert(TABLE_MESSAGE)->data($reply, $skip = 'captcha')->autoCheck()->check('captcha', 'captcha')->check('type', 'in', $this->config->message->types)->batchCheck($this->config->message->require->reply, 'notempty')->exec();
$replyID = $this->dao->lastInsertId();
if (!dao::isError()) {
if ($admin == 'super') {
$this->dao->update(TABLE_MESSAGE)->set('status')->eq(1)->where('status')->eq(0)->andWhere('id')->eq($messageID)->exec();
if (dao::isError()) {
return false;
}
}
/* if message type is comment , check is user want to receive email reminder */
if (validater::checkEmail($message->email) && ($message->type != 'comment' || $message->receiveEmail)) {
$mail = new stdclass();
$mail->to = $message->email;
$mail->subject = sprintf($this->lang->message->replySubject, $this->config->site->name);
$mail->body = $reply->content;
$this->loadModel('mail')->send($mail->to, $mail->subject, $mail->body);
}
return $replyID;
}
return false;
}
/**
* Update thread.
*
* @param int $threadID
* @access public
* @return void
*/
public function update($threadID)
{
$thread = $this->getByID($threadID);
$isAdmin = $this->app->user->admin == 'super';
$canManage = $this->canManage($thread->board);
$allowedTags = $this->app->user->admin == 'super' ? $this->config->allowedTags->admin : $this->config->allowedTags->front;
$thread = fixer::input('post')->setIF(!$canManage, 'readonly', 0)->setIF(!$this->post->isLink, 'link', '')->stripTags('content,link', $allowedTags)->setForce('editor', $this->session->user->account)->setForce('editedDate', helper::now())->setDefault('readonly', 0)->remove('files,labels, views, replies, stick, hidden')->get();
if (isset($this->config->site->filterSensitive) and $this->config->site->filterSensitive == 'open') {
$dicts = !empty($this->config->site->sensitive) ? $this->config->site->sensitive : $this->config->sensitive;
$dicts = explode(',', $dicts);
if (!validater::checkSensitive($thread, $dicts)) {
return array('result' => 'fail', 'message' => $this->lang->error->sensitive);
}
}
$this->dao->update(TABLE_THREAD)->data($thread, $skip = "{$this->session->captchaInput}, uid, isLink")->autoCheck()->batchCheckIF(!$this->post->isLink, $this->config->thread->require->edit, 'notempty')->batchCheckIF($this->post->isLink, $this->config->thread->require->link, 'notempty')->check($this->session->captchaInput, 'captcha')->where('id')->eq($threadID)->exec();
$this->loadModel('file')->updateObjectID($this->post->uid, $threadID, 'thread');
if (dao::isError()) {
return false;
}
/* Upload file.*/
$this->loadModel('file')->saveUpload('thread', $threadID);
$thread = $this->getByID($threadID);
if (empty($thread)) {
return false;
}
return $this->loadModel('search')->save('thread', $thread);
}
/**
* Get upload files.
*
* @access public
* @return array
*/
public function getUpload()
{
$files = array();
if (!isset($_FILES['files'])) {
return $files;
}
if (!$this->loadModel('file')->canUpload()) {
return $files;
}
extract($_FILES['files']);
foreach ($name as $id => $filename) {
if (empty($filename)) {
continue;
}
if (!validater::checkFileName($filename)) {
continue;
}
$file['extension'] = $this->file->getExtension($filename);
$file['size'] = $size[$id];
$file['tmpname'] = $tmp_name[$id];
$files[] = $file;
}
return $files;
}
/**
* Update a reply.
*
* @param int $replyID
* @access public
* @return void
*/
public function update($replyID)
{
$allowedTags = $this->app->user->admin == 'super' ? $this->config->allowedTags->admin : $this->config->allowedTags->front;
$reply = fixer::input('post')->setForce('editor', $this->session->user->account)->setForce('editedDate', helper::now())->stripTags('content', $allowedTags)->remove('files,labels,hidden')->get();
if (isset($this->config->site->filterSensitive) and $this->config->site->filterSensitive == 'open') {
$dicts = !empty($this->config->site->sensitive) ? $this->config->site->sensitive : $this->config->sensitive;
$dicts = explode(',', $dicts);
if (!validater::checkSensitive($reply, $dicts)) {
return array('result' => 'fail', 'message' => $this->lang->error->sensitive);
}
}
$this->dao->update(TABLE_REPLY)->data($reply, $skip = 'captcha, uid')->autoCheck()->batchCheck($this->config->reply->require->post, 'notempty')->check('captcha', 'captcha')->where('id')->eq($replyID)->exec();
$this->loadModel('file')->updateObjectID($this->post->uid, $replyID, 'reply');
if (!dao::isError()) {
$this->loadModel('file')->saveUpload('reply', $replyID);
return true;
}
return false;
}
