/** * @route ajax/authors_get_photo */ public function getAuthorsPhoto() { $auth_bp = $this->blueprint('Author'); $file_bp = $this->blueprint('Files'); if (IDE_HACKS) { $db = \Airship\get_database(); $auth_bp = new Author($db); $file_bp = new Files($db); } $authorId = (int) ($_POST['author'] ?? 0); if (!$this->isSuperUser()) { $authors = $auth_bp->getAuthorIdsForUser($this->getActiveUserId()); if (!\in_array($authorId, $authors)) { \Airship\json_response(['status' => 'ERROR', 'message' => \__('You do not have permission to access this author\'s posts.')]); } } if (!\Airship\all_keys_exist(['context', 'author'], $_POST)) { \Airship\json_response(['status' => 'ERROR', 'message' => 'Insufficient parameters']); } $file = $auth_bp->getPhotoData($authorId, $_POST['context']); if (empty($file)) { // No file selected \Airship\json_response(['status' => 'OK', 'message' => '', 'photo' => null]); } $cabin = $file_bp->getFilesCabin((int) $file['fileid']); \Airship\json_response(['status' => 'OK', 'message' => '', 'photo' => \Airship\LensFunctions\cabin_url($cabin) . 'files/author/' . $file['slug'] . '/' . $auth_bp->getPhotoDirName() . '/' . $file['filename']]); }
/** * @param string $token * @return string */ protected function recoveryMessage(string $token) : string { return \__("To recover your account, visit the URL below.") . "\n\n" . \Airship\LensFunctions\cabin_url() . 'forgot-password/' . $token . "\n\n" . \__("This access token will expire in an hour."); }
/** * Read a blog post * * @param string $year * @param string $month * @param string $slug * * @route blog/{year}/{month}/{slug} */ public function readPost(string $year, string $month, string $slug) { $blogPost = $this->blog->getBlogPost($year, $month, $slug); $post = $this->post(new CommentFilter(), true); if ($post) { if ($this->addComment($post, (int) $blogPost['postid'])) { \Airship\redirect(\Airship\LensFunctions\cabin_url() . 'blog/' . $year . '/' . $month . '/' . $slug . '#comments'); } } $mathJAX = \strpos($blogPost['body'], '$$') !== false; $blogPost['series'] = $this->blog->getPostsSeries((int) $blogPost['postid']); $args = ['meta' => \json_decode($blogPost['metadata'] ?? '[]', true), 'pageTitle' => $blogPost['title'], 'blogpost' => $blogPost, 'author' => $this->blog->getAuthor($blogPost['author']), 'config' => $this->config(), 'mathjax' => $mathJAX]; if (!empty($blogPost['cache'])) { $args['cached'] = true; $this->stasis('blog/read', $args); } else { $comments = $this->blog->getCommentTree((int) $blogPost['postid']); $args['comments'] = $comments; $this->lens('blog/read', $args); } }
/** * Get an author profile's avatar * * @param int $authorId * @param string $which * @return string */ function get_avatar(int $authorId, string $which) : string { static $cache = []; static $db = null; if (!$db) { $db = \Airship\get_database(); } // If someone comments 100 times, we only want to look up their avatar once. $key = CryptoUtil::hash(\http_build_query(['author' => $authorId, 'which' => $which])); if (!isset($cache[$key])) { $file = $db->row("SELECT\n f.*,\n a.slug\n FROM\n hull_blog_author_photos p\n JOIN\n hull_blog_authors a\n ON p.author = a.authorid\n JOIN\n hull_blog_photo_contexts c\n ON p.context = c.contextid\n JOIN\n airship_files f\n ON p.file = f.fileid\n WHERE\n c.label = ? AND a.authorid = ?\n ", $which, $authorId); if (empty($file)) { $cache[$key] = ''; } else { if (empty($file['directory'])) { $cabin = $file['cabin']; } else { $dirId = $file['directory']; do { $dir = $db->row("SELECT parent, cabin FROM airship_dirs WHERE directoryid = ?", $dirId); $dirId = $dir['parent']; } while (!empty($dirId)); $cabin = $dir['cabin']; } $cache[$key] = \Airship\LensFunctions\cabin_url($cabin) . 'files/author/' . $file['slug'] . '/photos/' . $file['filename']; } } return $cache[$key]; }
/** * If a redirect exists at this path, serve it. * * @param string $uri * @return bool */ public function serveRedirect(string $uri) : bool { $lookup = $this->db->row('SELECT * FROM airship_custom_redirect WHERE oldpath = ?', $uri); if (empty($lookup)) { return false; } if ($lookup['same_cabin']) { // Internal redirects only. Don't create open redirect vulnerabilities. \Airship\redirect(\Airship\LensFunctions\cabin_url($lookup['cabin']) . \trim($lookup['newpath'], '/')); } // Cross-cabin redirects can point to other domains. \Airship\redirect(\rtrim($lookup['newpath'], '/')); return true; }