/**
* Allows to add something to inner of form, for example, hidden session input to prevent CSRF
*
* @static
*
* @return string
*/
protected static function form_csrf()
{
if (class_exists('\\cs\\User', false) && ($User = User::instance(true))) {
return static::input(['value' => $User->get_session(), 'type' => 'hidden', 'name' => 'session']);
}
return '';
}
/**
* Get stream
*
* @param int|int[] $id
*
* @return array|array[]|bool
*/
function get($id)
{
if (is_array($id)) {
foreach ($id as &$i) {
$i = $this->get($i);
}
return $id;
}
$id = (int) $id;
if (User::instance()->admin()) {
$streams = $this->db()->qf(["SELECT *\n\t\t\t\tFROM `{$this->table}`\n\t\t\t\tWHERE `id` = '%s'\n\t\t\t\tLIMIT 1", $id]);
foreach ($streams as &$stream) {
$stream['tags'] = $this->db()->qfas(["SELECT `tag`\n\t\t\t\t\tFROM `[prefix]streams_streams_tags`\n\t\t\t\t\tWHERE `id` = '%s'", $stream['id']]);
}
}
return $this->cache->get($id, function () use($id) {
$data = $this->db()->qf(["SELECT\n\t\t\t\t\t`id`,\n\t\t\t\t\t`stream_url`,\n\t\t\t\t\t`lat`,\n\t\t\t\t\t`lng`\n\t\t\t\tFROM `{$this->table}`\n\t\t\t\tWHERE\n\t\t\t\t\t`id`\t\t= '%s' AND\n\t\t\t\t\t`approved`\t= 1 AND\n\t\t\t\t\t`abuse`\t\t< 5\n\t\t\t\tLIMIT 1", $id]) ?: false;
$data['tags'] = $this->db()->qfas(["SELECT `tag`\n\t\t\t\tFROM `[prefix]streams_streams_tags`\n\t\t\t\tWHERE `id` = '%s'", $id]);
return $data;
});
}
/**
* @package Home
* @category modules
* @author Nazar Mokrynskyi <*****@*****.**>
* @copyright Copyright (c) 2014, Nazar Mokrynskyi
* @license MIT License, see license.txt
*/
namespace cs\modules\Home;
use cs\User;
if (!isset($_POST['stream_code'], $_POST['lat'], $_POST['lng'])) {
error_code(400);
return;
}
$User = User::instance();
if (!in_array(STREAMER_GROUP, $User->get_groups())) {
error_code(403);
return;
}
$stream_code = trim($_POST['stream_code']);
if (preg_match('/ustream.tv\\/(channel|embed)\\/([0-9]+)/', $stream_code, $m)) {
$stream_code = "https://www.ustream.tv/embed/{$m['2']}";
} elseif (preg_match('/(youtube.com\\/embed\\/|youtube.com\\/watch\\?v=)([0-9a-z\\-]+)/i', $stream_code, $m)) {
$stream_code = "https://www.youtube.com/embed/{$m['2']}";
} elseif ($stream_code != '') {
error_code(400);
return;
}
$User->set_data('stream_url', $stream_code);
$Events = Events::instance();
/**
* Get new access_token with refresh_token
*
* @param string $refresh_token
* @param string $client Client id
* @param string $secret Client secret
*
* @return array|bool <i>false</i> on failure,
* otherwise array ['access_token' => md5, 'refresh_token' => md5, 'expires_in' => seconds, 'token_type' => 'bearer']
*/
function refresh_token($refresh_token, $client, $secret)
{
$client = $this->get_client($client);
if (!is_md5($refresh_token) || !$client || $client['secret'] != $secret) {
return false;
}
$data = $this->db_prime()->qf(["SELECT\n\t\t\t\t`user`,\n\t\t\t\t`access_token`,\n\t\t\t\t`session`\n\t\t\tFROM `[prefix]oauth2_clients_sessions`\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t= '%s' AND\n\t\t\t\t`refresh_token`\t= '%s'\n\t\t\tLIMIT 1", $client['id'], $refresh_token]);
$this->db_prime()->q("DELETE FROM `[prefix]oauth2_clients_sessions`\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t= '%s' AND\n\t\t\t\t`refresh_token`\t= '%s'\n\t\t\tLIMIT 1", $client['id'], $refresh_token);
if (!$data) {
return false;
}
unset($this->cache->{"tokens/{$data['access_token']}"});
$User = User::instance();
$id = $User->get_session_user($data['session']);
if ($id != $data['user']) {
return false;
}
$User->add_session($id);
$result = $this->get_code($this->add_code($client['id'], 'code'), $client['id'], $client['secret']);
$User->del_session();
return $result;
}
}
if (in_array($plugin, $Config->components['plugins'])) {
$current_version = file_get_json(PLUGINS . "/{$plugin}/meta.json")['version'];
$new_version = file_get_json("{$tmp_dir}/meta.json")['version'];
if (!version_compare($current_version, $new_version, '<')) {
$Page->warning($L->update_plugin_impossible_older_version($plugin));
unlink($tmp_file);
break;
}
$check_dependencies = check_dependencies($plugin, 'plugin', $tmp_dir);
if (!$check_dependencies && $Config->core['simple_admin_mode']) {
break;
}
$rc[2] = 'update';
$Page->title($L->updating_of_plugin($plugin));
rename($tmp_file, $tmp_file = TEMP . '/' . User::instance()->get_session() . '_plugin_update.phar.php');
$a->content(h::{'p.lead.cs-center'}($L->update_plugin($plugin, $current_version, $new_version)) . h::{'input[type=hidden]'}(['name' => 'mode', 'value' => $rc[2]]) . h::{'input[type=hidden]'}(['name' => 'plugin', 'value' => $rc[3]]));
$a->cancel_button_back = true;
$a->content(h::{'button[type=submit]'}($L->{$check_dependencies ? $L->yes : 'force_update_not_recommended'}));
return;
}
if (!file_exists(PLUGINS . "/{$plugin}") && !mkdir(PLUGINS . "/{$plugin}", 0700)) {
$Page->warning($L->cant_unpack_plugin_no_write_permissions);
unlink($tmp_file);
break;
}
$fs = file_get_json("{$tmp_dir}/fs.json");
$extract = array_product(array_map(function ($index, $file) use($tmp_dir, $plugin) {
if (!file_exists(dirname(PLUGINS . "/{$plugin}/{$file}")) && !mkdir(dirname(PLUGINS . "/{$plugin}/{$file}"), 0700, true)) {
return 0;
}
<?php
/**
* @package Static Pages
* @category modules
* @author Nazar Mokrynskyi <*****@*****.**>
* @copyright Copyright (c) 2011-2014, Nazar Mokrynskyi
* @license MIT License, see license.txt
*/
namespace cs\modules\Static_pages;
use cs\Cache, cs\User, cs\Trigger;
Trigger::instance()->register('admin/System/components/modules/uninstall/process', function ($data) {
if ($data['name'] != 'Static_pages' || !User::instance()->admin()) {
return true;
}
time_limit_pause();
$Static_pages = Static_pages::instance();
$structure = $Static_pages->get_structure();
while (!empty($structure['categories'])) {
foreach ($structure['categories'] as $category) {
$Static_pages->del_category($category['id']);
}
$structure = $Static_pages->get_structure();
}
unset($category);
if (!empty($structure['pages'])) {
foreach ($structure['pages'] as $page) {
$Static_pages->del($page);
}
unset($page);
/**
* Deletion of additional data item(s) of specified user
*
* @param string|string[] $item
*
* @return bool|string|string[]
*/
function del_data($item)
{
return User::instance()->del_data($item, $this->id);
}
/**
* Set driver
*
* @param $lat
* @param $lng
* @param $busy
* @param $user
*
* @return bool|int
*/
function set($lat, $lng, $busy, $user = false)
{
$User = User::instance();
$user = $user ?: $User->id;
return $this->db_prime()->q("INSERT INTO `{$this->table}`\n\t\t\t\t(`id`, `timeout`, `lat`, `lng`, `busy`)\n\t\t\tVALUES\n\t\t\t\t('%s', '%s', '%s', '%s', '%s')\n\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\t`timeout`\t= VALUES(`timeout`),\n\t\t\t\t`lat`\t\t= VALUES(`lat`),\n\t\t\t\t`lng`\t\t= VALUES(`lng`),\n\t\t\t\t`busy`\t\t= VALUES(`busy`)", $user, TIME + 30, $lat, $lng, (int) (bool) $busy);
}
/**
* Page generation
*/
function __finish()
{
static $executed = false;
if ($executed) {
return;
}
$executed = true;
/**
* Cleaning of output
*/
if (OUT_CLEAN) {
ob_end_clean();
}
/**
* Detection of compression
*/
$ob = false;
$Config = Config::instance(true);
if (API || $Config && !zlib_compression() && $Config->core['gzip_compression']) {
ob_start('ob_gzhandler');
$ob = true;
}
/**
* For AJAX and API requests only content without page template
*/
if (!$this->interface) {
/**
* Processing of replacing in content
*/
echo $this->process_replacing($this->Content ?: (API ? 'null' : ''));
} else {
Trigger::instance()->run('System/Page/pre_display');
class_exists('\\cs\\Error', false) && Error::instance(true)->display();
/**
* Processing of template, substituting of content, preparing for the output
*/
$this->prepare();
/**
* Processing of replacing in content
*/
$this->Html = $this->process_replacing($this->Html);
/**
* Getting of debug information
*/
if (DEBUG && (User::instance(true)->admin() || $Config->can_be_admin && $Config->core['ip_admin_list_only'])) {
$this->get_debug_info();
}
Trigger::instance()->run('System/Page/display');
echo str_replace(['<!--debug_info-->', '<!--generate time-->', '<!--peak memory usage-->'], [$this->debug_info ? h::level(h::{'div#cs-debug.uk-modal div.uk-modal-dialog-large'}(h::level($this->debug_info), ['title' => Language::instance()->debug, 'style' => 'margin-left: -45%; width: 90%;']), $this->level['debug_info']) : '', format_time(round(microtime(true) - MICROTIME, 5)), format_filesize(memory_get_usage(), 5) . h::{'sup[level=0]'}(format_filesize(memory_get_peak_usage(), 5))], rtrim($this->Html));
}
if ($ob) {
ob_end_flush();
}
}
/**
* Get HybridAuth instance with current configuration. Strongly recommended for usage
*
* @param null|string $provider
* @param null|string $base_url
*
* @return Hybrid_Auth
*/
function get_hybridauth_instance($provider = null, $base_url = null)
{
require_once __DIR__ . '/../Hybrid/Auth.php';
$Config = Config::instance();
$User = User::instance();
$HybridAuth = new Hybrid_Auth(['base_url' => $base_url ?: $Config->base_url() . "/HybridAuth/{$provider}/endpoint/" . $User->get_session(), 'providers' => $Config->module('HybridAuth')->providers]);
if ($User->user() && MODULE != 'HybridAuth') {
$HybridAuth->restoreSessionData(serialize($User->get_data('HybridAuth_session')));
}
return $HybridAuth;
}
$Page->error(['access_denied', 'client_secret do not corresponds client_id']);
}
$token_data = $OAuth2->get_token($access_token, $client_id, $client['secret']);
} else {
$token_data = $OAuth2->get_token($access_token, $client_id, $client['secret']);
if ($token_data['type'] == 'code') {
error_code(403);
$Page->error(['invalid_request', "This access_token can't be used without client_secret"]);
}
}
if (!$token_data) {
error_code(403);
$Page->error(['access_denied', 'access_token expired']);
}
$_POST['session'] = $_REQUEST['session'] = $token_data['session'];
_setcookie('session', $token_data['session']);
if (!Config::instance()->module('OAuth2')->guest_tokens) {
Trigger::instance()->register('System/User/construct/after', function () {
if (!User::instance()->user()) {
error_code(403);
Page::instance()->error(['access_denied', 'Guest tokens disabled']);
}
});
}
})->register('System/Index/mainmenu', function ($data) {
if ($data['path'] == 'OAuth2') {
$data['hide'] = true;
return false;
}
return true;
});
/**
* Executes plugins processing, blocks and module page generation
*/
function __finish()
{
static $finished = false;
if ($finished) {
return;
}
$finished = true;
$Config = Config::instance();
$Page = Page::instance();
/**
* If site is closed, user is not admin, and it is not request for sign in
*/
if (!$Config->core['site_mode'] && !(User::instance()->admin() || API && $Config->route === ['user', 'sign_in'])) {
code_header(503);
return;
}
if (defined('ERROR_CODE')) {
$Page->error();
}
Trigger::instance()->run('System/Index/preload');
if (!IN_ADMIN && !$this->api && file_exists(MODULES . '/' . MODULE . '/index.html')) {
ob_start();
_include(MODULES . '/' . MODULE . '/index.html', false, false);
$Page->content(ob_get_clean());
if ($this->title_auto) {
$Page->title(Language::instance()->{HOME ? 'home' : MODULE});
}
} elseif (!defined('ERROR_CODE') && !$this->stop) {
$this->init_auto && $this->init();
}
if ($this->generate_auto) {
$this->generate();
}
if ($this->stop) {
if (_getcookie('sign_out') && !(API && MODULE == 'System' && $Config->route == ['user', 'sign_out'])) {
_setcookie('sign_out', '');
}
return;
}
if (defined('ERROR_CODE')) {
$Page->error();
} elseif (_getcookie('sign_out') && !(API && MODULE == 'System' && $Config->route == ['user', 'sign_out'])) {
_setcookie('sign_out', '');
}
Trigger::instance()->run('System/Index/postload');
}
$cache[$class] = realpath($file);
file_put_json(CACHE . '/classes_autoloading', $cache);
return true;
}
return false;
}, true, true);
/**
* Correct termination
*/
register_shutdown_function(function () {
if (!class_exists('\\cs\\Core', false)) {
return;
}
Index::instance(true)->__finish();
Page::instance()->__finish();
User::instance(true)->__finish();
});
/**
* Enable of errors processing
*/
function errors_on()
{
error_reporting(defined('DEBUG') && DEBUG ? E_ALL : E_ERROR | E_WARNING | E_PARSE);
if (defined('CS_ERROR_HANDLER') && CS_ERROR_HANDLER && class_exists('\\cs\\Error', false)) {
Error::instance()->error = true;
}
}
/**
* Disabling of errors processing
*/
function errors_off()
<?php
/**
* @package Moderation
* @category modules
* @author Nazar Mokrynskyi <*****@*****.**>
* @copyright Copyright (c) 2014, Nazar Mokrynskyi
* @license MIT License, see license.txt
*/
namespace cs\modules\Precincts;
use cs\Index, cs\Page, cs\User;
$Index = Index::instance();
if (!isset($_POST['status'], $Index->route_ids[0])) {
error_code(400);
return;
}
$Violations = Violations::instance();
$action = $_POST['status'] ? 'approve' : 'decline';
$violation = $Violations->get($Index->route_ids[0]);
if (!$Violations->{$action}($violation['id'])) {
error_code(500);
return;
}
Page::instance()->json(['user' => (int) $violation['user'], 'rating' => (int) $Violations->user_rating($violation['user']), 'username' => User::instance()->username($violation['user'])]);
protected function get_all_internal()
{
$User = User::instance();
$admin = $User->admin();
$user_id = $User->id;
if ($admin) {
return $this->db()->qfas(["SELECT `id`\n\t\t\t\tFROM `{$this->table}`\n\t\t\t\tWHERE\n\t\t\t\t\t(\n\t\t\t\t\t\t`timeout`\t> '%s' OR\n\t\t\t\t\t\t`timeout`\t= 0\n\t\t\t\t\t) AND\n\t\t\t\t\t`lat`\t\t!= 0 AND\n\t\t\t\t\t`lng`\t\t!= 0\n\t\t\t\tORDER BY `added` DESC", TIME]);
}
$groups = $User->get_groups();
if (in_array(AUTOMAIDAN_COORD_GROUP, $groups ?: [])) {
return $this->db()->qfas(["SELECT `id`\n\t\t\t\tFROM `{$this->table}`\n\t\t\t\tWHERE\n\t\t\t\t\t(\n\t\t\t\t\t\t`timeout`\t> '%s' OR\n\t\t\t\t\t\t`timeout`\t= 0\n\t\t\t\t\t) AND\n\t\t\t\t\t(\n\t\t\t\t\t\t`confirmed`\t= 0 OR\n\t\t\t\t\t\t`category` IN (1, 3, 6, 7, 8, 17, 21, 22)\n\t\t\t\t\t) AND\n\t\t\t\t\t`lat`\t\t!= 0 AND\n\t\t\t\t\t`lng`\t\t!= 0\n\t\t\t\tORDER BY `added` DESC", TIME]);
}
$groups[] = 0;
if ($User->user()) {
$groups[] = 1;
}
$groups = implode(',', $groups);
return $this->db()->qfas(["SELECT `id`\n\t\t\tFROM `{$this->table}`\n\t\t\tWHERE\n\t\t\t\t(\n\t\t\t\t\t(\n\t\t\t\t\t\t`visible` IN({$groups}) AND\n\t\t\t\t\t\t`confirmed`\t> 0\n\t\t\t\t\t) OR\n\t\t\t\t\t`user`\t= {$user_id}\n\t\t\t\t) AND\n\t\t\t\t(\n\t\t\t\t\t`timeout`\t> '%s' OR\n\t\t\t\t\t`timeout`\t= 0\n\t\t\t\t) AND\n\t\t\t\t`lat`\t!= 0 AND\n\t\t\t\t`lng`\t!= 0\n\t\t\tORDER BY `added` DESC", TIME]);
}
<?php
/**
* @package CleverStyle CMS
* @subpackage System module
* @category modules
* @author Nazar Mokrynskyi <*****@*****.**>
* @copyright Copyright (c) 2011-2014, Nazar Mokrynskyi
* @license MIT License, see license.txt
*/
namespace cs;
use h;
$Config = Config::instance();
$L = Language::instance();
Index::instance()->content(h::{'table.cs-table-borderless.cs-left-even.cs-right-odd tr'}([h::td([h::info('key_expire'), h::{'input[type=number]'}(['name' => 'core[key_expire]', 'value' => $Config->core['key_expire'], 'min' => 1]) . $L->seconds]), h::td([h::info('ip_black_list'), h::textarea($Config->core['ip_black_list'], ['name' => 'core[ip_black_list]'])]), h::td([h::info('ip_admin_list_only'), h::{'input[type=radio]'}(['name' => 'core[ip_admin_list_only]', 'checked' => $Config->core['ip_admin_list_only'], 'value' => [0, 1], 'in' => [$L->off, $L->on]])]), h::td([h::info('ip_admin_list'), h::textarea($Config->core['ip_admin_list'], ['name' => 'core[ip_admin_list]']) . h::br() . $L->current_ip . ': ' . h::b(User::instance()->ip)])]));