protected function mergeMessage() { self::$message['toid'] = (int) _get('toid'); self::$message['fromid'] = (int) _get('fromid'); self::$message['title'] = (string) _get('title'); self::$message['content'] = (string) _get('content'); }
function insert() { global $db; $table = _get('table'); $id = _get('id'); $pkey = get_pkey($table); if ($id) { $row = $db->queryRow("SELECT * FROM {$table} WHERE {$pkey} = {$id}"); } $desc = get_desc($table, true); foreach ($desc as $Field => $d) { if (filter_input(INPUT_POST, $Field . '_is_null')) { $values[$Field] = null; } elseif (isset($_POST[$Field])) { $values[$Field] = $_POST[$Field]; } elseif ($id) { $values[$Field] = $row[$Field]; } else { $values[$Field] = ''; } } $keys = implode(',', array_map(function ($key) { return "`{$key}`"; }, array_keys($values))); $val = implode(',', array_map(function ($value) use($db) { return $value === null ? 'NULL' : $db->quote($value); }, $values)); $confirm_sql = "INSERT INTO `{$table}` ({$keys}) VALUES ({$val})"; render(__DIR__ . '/view/insert.html', compact('values', 'table', 'pkey', 'confirm_sql'), LAYOUT); }
function setCardToUser() { $ret = ''; if (count($_POST) > 0) { $cardID = $_POST['cardID'] or trigger_error('Undefined userID', PM_FATAL); print '<pre>'; $card = new Card($cardID); print_r($_POST); # $res print '</pre>'; # new template('dump',$_POST); $ret .= 'no yet'; } else { $action = "/admin/?cmd=cards&act=setCardToUser&cardID=" . $item->getItemData('cardID'); $ret .= ' <style type="text/css"> .h16str {margin-top:10px;} .h16str, .h16str * {line-height:16px;vertical-align:middle;} </style> <form action="' . $action . '" method="post">'; $pmUsers = new pmUsers(array('isUserGroup' => '0')); $ret .= '<select name="userID">'; foreach ($pmUsers->items as $itemID => $item) { $cardStr = $item->getItemData('cardID') == '0' ? '' : ' #cardID: ' . $item->getItemData('cardID'); $ret .= '<option value="' . $itemID . '">' . $item->getItemData('FirstName') . ' ' . $item->getItemData('LastName') . ' [' . $item->getItemData('Login') . ' - ' . $itemID . ']' . $cardStr . '</option>'; } $ret .= '</select>'; $ret .= '<div class="h16str"><b>№ карты:</b> <input type="text" name="cardID" value="' . _get('cardID') . '"/></div>'; $ret .= '<div class="h16str"> <input type="submit" name="submit" value="Назначить"/> </div>'; $ret .= '<form>'; } return $ret; }
function build_table_sql($table, $where = null) { global $db; $order = _get('order'); $asc = _get('asc', 0); $map = ['ASC', 'DESC']; if ($order) { $order = "ORDER BY `{$order}` {$map[$asc]}"; } else { $order = ''; } $where_str = ''; if ($where) { $where = array_filter($where, function ($v) { return $v !== ''; }); $where_str = array(); foreach ($where as $key => $value) { $where_str[] = "`{$key}`=" . $db->quote($value); } $where_str = $where_str ? 'WHERE ' . implode(' AND ', $where_str) : ''; } $sql = "SELECT * FROM `{$table}` {$where_str} {$order} LIMIT 111"; return $sql; }
function isAllowedIP() { if (in_array(getIP(), _get("allowIP"))) { return true; } return false; }
function _getActionName() { $action = _get(ACTION); if (!$action){ $action = _get(OTHERACTION); } $action or $action = 'index'; return $action; }
/** * Demo for article with comments */ public function indexAction() { $id = _get('id', 'int') ?: rand(1, 5); $page = _get('page', 'int') ?: 1; $paginator = Paginator::factory(100, array('limit' => 10, 'page' => $page, 'url_options' => array('params' => array('id' => $id, 'enable' => 'yes')))); $this->view()->assign(array('title' => sprintf(__('Demo article #%d'), $id), 'paginator' => $paginator)); $this->view()->setTemplate('demo'); }
/** * Show all tag of website. */ public function listAction() { $tag = _get('tag'); $limit = (int) $this->config('item_per_page'); $page = _get('page') ? (int) _get('page') : 1; $offset = (int) ($page - 1) * $limit; $module = _get('m'); $type = null; $moduleTitle = ''; $modules = Pi::registry('modulelist')->read(); if ($module && !isset($modules[$module])) { $module = ''; } if ($module) { $moduleTitle = $modules[$module]['title']; } $paginator = null; $list = array(); $count = Pi::service('tag')->getCount($tag, $module, $type); if ($count) { $items = Pi::service('tag')->getList($tag, $module, $type, $limit, $offset); $content = array(); $batches = array(); foreach ($items as $item) { //$key = $item['module'] . '-' . $item['type']; $batches[$item['module']][$item['type']][] = $item['item']; } $vars = array('id', 'title', 'link', 'time'); foreach ($batches as $m => $mData) { foreach ($mData as $t => $tData) { $content[$m . '-' . $t] = Pi::service('module')->content($vars, array('module' => $m, 'type' => $t, 'id' => $tData)); } } $list = array(); array_walk($items, function ($item) use($modules, $content, &$list) { $key = $item['module'] . '-' . $item['type']; if (isset($content[$key]) && isset($modules[$item['module']])) { $found = false; foreach ($content[$key] as $data) { if ($data['id'] == $item['item']) { $item['url'] = $data['link']; $item['title'] = $data['title']; $item['time'] = $data['time']; $found = true; break; } } if ($found) { $item['module'] = $modules[$item['module']]['title']; $list[] = $item; } } }); $paginator = Paginator::factory($count, array('limit' => $limit, 'page' => $page, 'url_options' => array('route' => 'tag', 'params' => array('tag' => $tag, 'm' => $module)))); } $this->view()->assign(array('paginator' => $paginator, 'list' => $list, 'tag' => $tag, 'count' => $count, 'm' => $module, 'moduleTitle' => $moduleTitle)); $this->view()->setTemplate('list'); }
/** * Check view and edit permissions. * * @param $op * The type of operation. Either 'view' or 'edit'. */ function have_access($op) { global $user; $db = DBConnection::instance(); $field_id = (int) _post('fid'); if (!$field_id) { $field_id = (int) _get('fid'); } $field = (object) $db->dq("SELECT entity_id, entity_type, delta FROM {mytinytodo_fields} WHERE id = ?", $field_id)->fetch_assoc(); $field_info = field_info_field_by_id($field->delta); if ($field->entity_type == 'node') { if (!($node = node_load($field->entity_id))) { return false; } $node_access = $op == 'edit' ? 'update' : $op; if (node_access($node_access, $node, $user) && field_access($op, $field_info, $field->entity_type, $node, $user)) { return true; } } else { if ($field->entity_type == 'user') { if (!($account = user_load($field->entity_id))) { return false; } if (field_access($op, $field_info, $field->entity_type, $account, $user)) { return true; } } else { if ($field->entity_type == 'comment') { if (!($comment = comment_load($field->entity_id))) { return false; } if ($op == 'view' && !user_access('access comments')) { return false; } else { if ($op == 'edit' && !comment_access($op, $comment)) { return false; } } if (field_access($op, $field_info, $field->entity_type, $comment, $user)) { return true; } } else { if (module_exists('entity')) { if (!($entity = entity_load($field_id))) { return false; } $entity_access = $op == 'edit' ? 'update' : $op; if (entity_access($entity_access, $field->entity_type, $entity, $user) && field_access($op, $field_info, $field->entity_type, $entity, $user)) { return true; } } } } } return false; }
public function proStatus() { $project_hash = _get('get.token', null, '/^[a-z0-9]{30}$/'); if ($project_hash) { $obj = new Model('project'); if ($obj->where("project_hash = '" . $project_hash . "'")->update(array('status' => '1'))) { echo 'ok'; } } }
public function login() { $pass = _get('pass'); $name = I('get.name'); $arr = array("xx" => $pass, "name" => $name); \GZ_Api::outPut($arr); // $out= json_encode($arr); // exit($out); //$this->show('<style type="text/css">*{ padding: 0; margin: 0; } div{ padding: 4px 48px;} body{ background: #fff; font-family: "微软雅黑"; color: #333;font-size:24px} h1{ font-size: 100px; font-weight: normal; margin-bottom: 12px; } p{ line-height: 1.8em; font-size: 36px } a,a:hover,{color:blue;}</style><div style="padding: 24px 48px;"> <h1>:)</h1><p>欢迎使用 <b>ThinkPHP</b>!</p><br/>版本 V{$Think.version}</div><script type="text/javascript" src="http://ad.topthink.com/Public/static/client.js"></script><thinkad id="ad_55e75dfae343f5a1"></thinkad><script type="text/javascript" src="http://tajs.qq.com/stats?sId=9347272" charset="UTF-8"></script>','utf-8'); }
function _action_view() { $ruleId = _get('id'); $rule = $this->getRuleManager()->getRule($ruleId); if (is_null($rule)) { $this->redirect("index.php?action=browse!list"); } else { $this->viewBean->rule = $rule; $this->set_view("view.php"); } }
function COOKIE($cookie, $value = false, $time = 300000, $redirect = false, $URL = false) { if ($value) { setcookie($cookie, filter($value), time() + $time, "/"); if ($redirect) { redirect(isset($URL) ? $URL : _get("webBase")); } } else { return isset($_COOKIE[$cookie]) ? filter($_COOKIE[$cookie]) : false; } }
function login_POST() { $username = _post('username'); $password = _post('password'); if ($user = User::check($username, $password)) { $user->login(); $back_url = _get('back_url') ?: DEFAULT_LOGIN_REDIRECT_URL; redirect($back_url); } else { $GLOBALS['msg'] = $GLOBALS['config']['error']['info']['USERNAME_OR_PASSWORD_INCORRECT']; } }
/** * For page render */ public function viewAction() { $id = _get('id'); $row = $this->getModel('page')->find($id); $page = $row->toArray(); $page['module'] = $this->getModule(); $form = new BaseForm(); $form->add(array('name' => 'tag', 'type' => 'tag')); $this->view()->assign('form', $form); $this->view()->assign('page', $page); $this->view()->setTemplate('page-content'); }
public function testGET() { $input = 'Hello World'; $this->assertEqual(_get($input), 'Hello World'); $input = array('str' => 'Hello World'); $this->assertEqual(_get($input), array('str' => 'Hello World')); $input = 'Hello <a href="javascript:alert(\'xss\');">World</a>'; $this->assertEqual(_get($input), 'Hello World'); $input = array('str' => 'Hello World', 'xss' => 'Hello <a href="javascript:alert(\'xss\');">World</a>'); $this->assertEqual(_get($input), array('str' => 'Hello World', 'xss' => 'Hello <a href="javascript:alert(\'xss\');">World</a>')); $input = '<IMG SRC=javascript:alert("XSS")>'; $this->assertEqual(_get($input), ''); }
function search_teacher($q) { $s = Teacher::search(); if ($q) { $s = $s->filterBy('name', "%{$q}%", 'LIKE'); } $school = _get('school'); if ($school !== '') { $s = $s->filterBy('school', $school); } $teachers = $s->find(); render_view('master', compact('teachers', 'q')); }
function getContent() { $param = _get("param"); if ($param) { $banner = $this->getBannerByParam($param); $this->incClick($banner['banID']); //echo "location: ".$banner['link']. " from ".$_SERVER['HTTP_REFERER']."<br>"; header("location: " . $banner['link']); } else { $content = $this->getRandomBanner(); return $content; } }
/** * xxx todo: error handling */ function route() { $actionParam = _get("action"); $paramParts = explode("!", $actionParam); $controller = $paramParts[0]; $action = $paramParts[1]; $controllerDir = controller_dir($controller); $controllerFile = $controllerDir . "/controller.php"; require_once $controllerFile; $controllerClassName = "Controller_{$controller}"; $controllerInstance = new $controllerClassName(); $actionRouter = new ActionRouter($controllerInstance, $action, $controllerDir); $actionRouter->route(); }
function getContent() { switch (_get('act')) { case 'edit': return $this->editUser(); break; case 'del': return $this->delUser(); break; default: return $this->getList(); } return "xzzxz"; }
public function submitProduct() { $proName = _get('proName'); $description = _get('description'); $proPrice = _get('proPrice'); $proType = _get('proType'); $proStatus = _get('proStatus'); $imagePath = _get('imagePath'); $res = $this->productModel->submitProduct($proName, $description, $proPrice, $proType, $proStatus, $imagePath); if ($res) { parent::redirect("login/main"); } else { $this->view = View::build('failure'); } }
/** * User list by role * * @return array|void */ public function roleAction() { $page = (int) $this->params('p', 1); $limit = 10; $offset = (int) ($page - 1) * $limit; $order = 'id DESC'; $condition = array(); $condition['front_role'] = _get('front_role') ?: ''; $condition['admin_role'] = _get('admin_role') ?: ''; $fields = array('id', 'identity', 'name', 'email', 'time_created'); $roles = array('front' => $condition['front_role'], 'admin' => $condition['admin_role']); $data = $this->queryByRole($roles, $limit, $offset, $order, $fields); /* // Get user count $count = $this->getCountByRole($roles); // Get users if ($count) { $users = $this->getUsersByRole( $roles, $limit, $offset, '', $fields ); $users = $this->renderRole($users); } else { $users = array(); $message = _a('No user available.'); } */ array_walk($data['users'], function (&$user) use($fields) { foreach ($fields as $field) { if (!isset($user[$field])) { $user[$field] = null; } } if ($user['time_created']) { $user['time_created'] = _date($user['time_created']); } }); // Set paginator $paginator = array('count' => $data['count'], 'limit' => $limit, 'page' => $page); return array('users' => array_values($data['users']), 'paginator' => $paginator); }
/** * {@inheritDoc} */ public function init() { $config = $this->config; // Get config data. $this->add(array('name' => 'identity', 'type' => 'Pi\\Form\\Element\\LoginField', 'options' => array('fields' => $config['login_field']))); $this->add(array('name' => 'credential', 'options' => array('label' => __('Password')), 'attributes' => array('type' => 'password'))); if (!empty($config['login_captcha'])) { $this->add(array('name' => 'captcha', 'type' => 'captcha', 'options' => array('label' => __('Please type the word.'), 'separator' => '<br />'))); } if (!empty($config['rememberme'])) { $this->add(array('name' => 'rememberme', 'type' => 'checkbox', 'options' => array('label' => __('Remember me')), 'attributes' => array('value' => '1', 'description' => __('Remember me')))); } $this->add(array('name' => 'security', 'type' => 'csrf')); $redirect = _get('redirect') ?: Pi::service('url')->getRequestUri(); $redirect = $redirect ? rawurlencode($redirect) : ''; $this->add(array('name' => 'redirect', 'type' => 'hidden', 'attributes' => array('value' => $redirect))); $this->add(array('name' => 'submit', 'attributes' => array('type' => 'submit', 'value' => __('Login'), 'class' => 'btn btn-primary'))); }
/** * Sanitize input values from GET * @param mixed $get The value or The array of values being sanitized. * @return mixed The cleaned value */ function _get($get) { if (is_array($get)) { foreach ($get as $name => $value) { if (is_array($value)) { $get[$name] = _get($value); } else { $value = _sanitize($value); $value = urldecode($value); $get[$name] = $value; } } return $get; } else { $value = strip_tags(trim($get)); return urldecode($value); } }
/** * Search user info buy display name * * @return array */ public function profileAction() { $field = _get('field') ?: 'name'; $data = _get('data'); $user = Pi::service('user')->getUser($data, $field); if (!$user) { $this->response->setStatusCode(404); return array('message' => 'User not found'); } $uid = $user->get('id'); $profile = $this->getProfileGroup($uid); $user = Pi::api('user', 'user')->get($uid, array('identity', 'name', 'email', 'time_activated', 'time_disabled')); $user['time_activated'] = $user['time_activated'] ? _date($user['time_activated']) : 0; $user['time_disabled'] = $user['time_disabled'] ? _date($user['time_disabled']) : 0; $user['link'] = $this->url('user', array('controller' => 'home', 'action' => 'view', 'uid' => $uid)); $user['avatar'] = Pi::user()->avatar()->get($uid, 'large', false); return array('user' => $user, 'groups' => array_values($profile)); }
/** * show list */ public function index($page = '1') { $page_size = 5; // page size $offset = ($page - 1) * $page_size; $input_keyword = _get('input_keyword'); $where = array(); if (!is_blank($input_keyword)) { $where[] = "(blog.subject like '%" . Context::get('db')->escape_string($input_keyword) . "%'" . " OR blog.content like '%" . Context::get('db')->escape_string($input_keyword) . "%'" . " OR user.nickname like '%" . Context::get('db')->escape_string($input_keyword) . "%')"; } $where = implode(' AND ', $where); // get id(s) in the page $blogs = Blog::neo()->join('user')->select('blog.id')->where($where)->limit($offset, $page_size)->find('all'); $ids = extract_property($blogs); // get blogs in the page $this->blogs = Blog::neo()->join('user')->join('blog_comment')->order('blog.id DESC')->where($ids)->find('all'); $this->paging = new Paging(Blog::neo()->count(), $page_size, "/blog/index/<page>?input_keyword={$input_keyword}", $page); }
/** * User log list */ public function logListAction() { /** * Sort type: * 1. time_register default * 2. last_login * 3. time_activated */ $sort = _get('sort') ?: 'time_created'; $page = (int) $this->params('p', 1); $limit = Pi::config('list_limit', 'user'); $offset = (int) ($page - 1) * $limit; $uids = $this->getUids($sort, $limit, $offset); $count = $this->getCount($sort); $logs = $this->getUserLogs($uids); $paginator = array('count' => $count, 'limit' => $limit, 'page' => $page); $data = array('users' => $logs, 'paginator' => $paginator); return $data; }
function delurl() { $urlhash = _get('get.token', null, '/^[a-z0-9]{30}$/'); if ($urlhash) { //获取项目token $obj = new Model('url'); $tokenarr = $obj->field('project_hash')->where("url_hash = '" . $urlhash . "'")->find(); $token = $tokenarr['project_hash']; //项目token查用户hash权限判断 $buffusers = new Model('project'); $userhash = $buffusers->field('user_hash')->where("project_hash = '" . $token . "'")->find(); if ($userhash['user_hash'] != $_SESSION['user_hash']) { exit; } if ($obj->where("url_hash = '" . $urlhash . "'")->del()) { $this->_ajaxReturn('删除成功', 'success', 'index.php?m=project&a=listurl&token=' . $token); } } }
/** * Intercept all function calls so there are no stopping errors. * in DEV mode (_set('env', 'dev')) a trace will be emitted. */ public function __call($name, $args) { //only show proto messages in dev mode if (_get('env') != 'dev') { return $this; } $bt = debug_backtrace(); if (!isset($bt[0]) || !array_key_exists('line', $bt[0])) { return $this; } $line = $bt[0]['line']; $file = $bt[0]['file']; $bt = null; $parts = explode(DIRECTORY_SEPARATOR, $file); $fname = array_pop($parts); $file = array_pop($parts) . DIRECTORY_SEPARATOR . $fname; echo "Called [" . $name . "] against proto object of type: " . $this->thing . " from: " . $file . " (" . $line . ").\n"; return $this; }
public function register() { $data['usrname'] = _get('post.username', null, '/[a-zA-Z0-9]{4,12}/'); $data['usrpass'] = _get('post.password'); //codier@qq.com $data['email'] = _get('post.email', null, '/^[-\\w]+@[-\\w]+(\\.[-\\w]+){0,2}(\\.\\w{0,3})$/'); $data['time'] = time(); //加密用户数据 $data['user_hash'] = _md5($data['usrpass'], $data['time'], -25); $data['usrpass'] = _md5($data['usrpass'], 'codier', -20); $users = new Model('users'); //检测用户名是否已经存在 if ($users->where("usrname = '" . $data['usrname'] . "'")->count()) { $this->_ajaxReturn('用户名已存在', 'prompt'); } else { if ($users->insert($data)) { $this->_ajaxReturn('注册成功', 'success', 'index.php?m=index&a=index'); } else { } } }