protected function mergeMessage()
{
self::$message['toid'] = (int) _get('toid');
self::$message['fromid'] = (int) _get('fromid');
self::$message['title'] = (string) _get('title');
self::$message['content'] = (string) _get('content');
}
function insert()
{
global $db;
$table = _get('table');
$id = _get('id');
$pkey = get_pkey($table);
if ($id) {
$row = $db->queryRow("SELECT * FROM {$table} WHERE {$pkey} = {$id}");
}
$desc = get_desc($table, true);
foreach ($desc as $Field => $d) {
if (filter_input(INPUT_POST, $Field . '_is_null')) {
$values[$Field] = null;
} elseif (isset($_POST[$Field])) {
$values[$Field] = $_POST[$Field];
} elseif ($id) {
$values[$Field] = $row[$Field];
} else {
$values[$Field] = '';
}
}
$keys = implode(',', array_map(function ($key) {
return "`{$key}`";
}, array_keys($values)));
$val = implode(',', array_map(function ($value) use($db) {
return $value === null ? 'NULL' : $db->quote($value);
}, $values));
$confirm_sql = "INSERT INTO `{$table}` ({$keys}) VALUES ({$val})";
render(__DIR__ . '/view/insert.html', compact('values', 'table', 'pkey', 'confirm_sql'), LAYOUT);
}
function setCardToUser()
{
$ret = '';
if (count($_POST) > 0) {
$cardID = $_POST['cardID'] or trigger_error('Undefined userID', PM_FATAL);
print '<pre>';
$card = new Card($cardID);
print_r($_POST);
# $res
print '</pre>';
# new template('dump',$_POST);
$ret .= 'no yet';
} else {
$action = "/admin/?cmd=cards&act=setCardToUser&cardID=" . $item->getItemData('cardID');
$ret .= '
<style type="text/css">
.h16str {margin-top:10px;}
.h16str, .h16str * {line-height:16px;vertical-align:middle;}
</style>
<form action="' . $action . '" method="post">';
$pmUsers = new pmUsers(array('isUserGroup' => '0'));
$ret .= '<select name="userID">';
foreach ($pmUsers->items as $itemID => $item) {
$cardStr = $item->getItemData('cardID') == '0' ? '' : ' #cardID: ' . $item->getItemData('cardID');
$ret .= '<option value="' . $itemID . '">' . $item->getItemData('FirstName') . ' ' . $item->getItemData('LastName') . ' [' . $item->getItemData('Login') . ' - ' . $itemID . ']' . $cardStr . '</option>';
}
$ret .= '</select>';
$ret .= '<div class="h16str"><b>№ карты:</b> <input type="text" name="cardID" value="' . _get('cardID') . '"/></div>';
$ret .= '<div class="h16str">
<input type="submit" name="submit" value="Назначить"/>
</div>';
$ret .= '<form>';
}
return $ret;
}
function build_table_sql($table, $where = null)
{
global $db;
$order = _get('order');
$asc = _get('asc', 0);
$map = ['ASC', 'DESC'];
if ($order) {
$order = "ORDER BY `{$order}` {$map[$asc]}";
} else {
$order = '';
}
$where_str = '';
if ($where) {
$where = array_filter($where, function ($v) {
return $v !== '';
});
$where_str = array();
foreach ($where as $key => $value) {
$where_str[] = "`{$key}`=" . $db->quote($value);
}
$where_str = $where_str ? 'WHERE ' . implode(' AND ', $where_str) : '';
}
$sql = "SELECT * FROM `{$table}` {$where_str} {$order} LIMIT 111";
return $sql;
}
function isAllowedIP()
{
if (in_array(getIP(), _get("allowIP"))) {
return true;
}
return false;
}
function _getActionName() {
$action = _get(ACTION);
if (!$action){
$action = _get(OTHERACTION);
}
$action or $action = 'index';
return $action;
}
/**
* Demo for article with comments
*/
public function indexAction()
{
$id = _get('id', 'int') ?: rand(1, 5);
$page = _get('page', 'int') ?: 1;
$paginator = Paginator::factory(100, array('limit' => 10, 'page' => $page, 'url_options' => array('params' => array('id' => $id, 'enable' => 'yes'))));
$this->view()->assign(array('title' => sprintf(__('Demo article #%d'), $id), 'paginator' => $paginator));
$this->view()->setTemplate('demo');
}
/**
* Show all tag of website.
*/
public function listAction()
{
$tag = _get('tag');
$limit = (int) $this->config('item_per_page');
$page = _get('page') ? (int) _get('page') : 1;
$offset = (int) ($page - 1) * $limit;
$module = _get('m');
$type = null;
$moduleTitle = '';
$modules = Pi::registry('modulelist')->read();
if ($module && !isset($modules[$module])) {
$module = '';
}
if ($module) {
$moduleTitle = $modules[$module]['title'];
}
$paginator = null;
$list = array();
$count = Pi::service('tag')->getCount($tag, $module, $type);
if ($count) {
$items = Pi::service('tag')->getList($tag, $module, $type, $limit, $offset);
$content = array();
$batches = array();
foreach ($items as $item) {
//$key = $item['module'] . '-' . $item['type'];
$batches[$item['module']][$item['type']][] = $item['item'];
}
$vars = array('id', 'title', 'link', 'time');
foreach ($batches as $m => $mData) {
foreach ($mData as $t => $tData) {
$content[$m . '-' . $t] = Pi::service('module')->content($vars, array('module' => $m, 'type' => $t, 'id' => $tData));
}
}
$list = array();
array_walk($items, function ($item) use($modules, $content, &$list) {
$key = $item['module'] . '-' . $item['type'];
if (isset($content[$key]) && isset($modules[$item['module']])) {
$found = false;
foreach ($content[$key] as $data) {
if ($data['id'] == $item['item']) {
$item['url'] = $data['link'];
$item['title'] = $data['title'];
$item['time'] = $data['time'];
$found = true;
break;
}
}
if ($found) {
$item['module'] = $modules[$item['module']]['title'];
$list[] = $item;
}
}
});
$paginator = Paginator::factory($count, array('limit' => $limit, 'page' => $page, 'url_options' => array('route' => 'tag', 'params' => array('tag' => $tag, 'm' => $module))));
}
$this->view()->assign(array('paginator' => $paginator, 'list' => $list, 'tag' => $tag, 'count' => $count, 'm' => $module, 'moduleTitle' => $moduleTitle));
$this->view()->setTemplate('list');
}
/**
* Check view and edit permissions.
*
* @param $op
* The type of operation. Either 'view' or 'edit'.
*/
function have_access($op)
{
global $user;
$db = DBConnection::instance();
$field_id = (int) _post('fid');
if (!$field_id) {
$field_id = (int) _get('fid');
}
$field = (object) $db->dq("SELECT entity_id, entity_type, delta FROM {mytinytodo_fields} WHERE id = ?", $field_id)->fetch_assoc();
$field_info = field_info_field_by_id($field->delta);
if ($field->entity_type == 'node') {
if (!($node = node_load($field->entity_id))) {
return false;
}
$node_access = $op == 'edit' ? 'update' : $op;
if (node_access($node_access, $node, $user) && field_access($op, $field_info, $field->entity_type, $node, $user)) {
return true;
}
} else {
if ($field->entity_type == 'user') {
if (!($account = user_load($field->entity_id))) {
return false;
}
if (field_access($op, $field_info, $field->entity_type, $account, $user)) {
return true;
}
} else {
if ($field->entity_type == 'comment') {
if (!($comment = comment_load($field->entity_id))) {
return false;
}
if ($op == 'view' && !user_access('access comments')) {
return false;
} else {
if ($op == 'edit' && !comment_access($op, $comment)) {
return false;
}
}
if (field_access($op, $field_info, $field->entity_type, $comment, $user)) {
return true;
}
} else {
if (module_exists('entity')) {
if (!($entity = entity_load($field_id))) {
return false;
}
$entity_access = $op == 'edit' ? 'update' : $op;
if (entity_access($entity_access, $field->entity_type, $entity, $user) && field_access($op, $field_info, $field->entity_type, $entity, $user)) {
return true;
}
}
}
}
}
return false;
}
public function proStatus()
{
$project_hash = _get('get.token', null, '/^[a-z0-9]{30}$/');
if ($project_hash) {
$obj = new Model('project');
if ($obj->where("project_hash = '" . $project_hash . "'")->update(array('status' => '1'))) {
echo 'ok';
}
}
}
public function login()
{
$pass = _get('pass');
$name = I('get.name');
$arr = array("xx" => $pass, "name" => $name);
\GZ_Api::outPut($arr);
// $out= json_encode($arr);
// exit($out);
//$this->show('<style type="text/css">*{ padding: 0; margin: 0; } div{ padding: 4px 48px;} body{ background: #fff; font-family: "微软雅黑"; color: #333;font-size:24px} h1{ font-size: 100px; font-weight: normal; margin-bottom: 12px; } p{ line-height: 1.8em; font-size: 36px } a,a:hover,{color:blue;}</style><div style="padding: 24px 48px;"> <h1>:)</h1><p>欢迎使用 <b>ThinkPHP</b>!</p><br/>版本 V{$Think.version}</div><script type="text/javascript" src="http://ad.topthink.com/Public/static/client.js"></script><thinkad id="ad_55e75dfae343f5a1"></thinkad><script type="text/javascript" src="http://tajs.qq.com/stats?sId=9347272" charset="UTF-8"></script>','utf-8');
}
function _action_view()
{
$ruleId = _get('id');
$rule = $this->getRuleManager()->getRule($ruleId);
if (is_null($rule)) {
$this->redirect("index.php?action=browse!list");
} else {
$this->viewBean->rule = $rule;
$this->set_view("view.php");
}
}
function COOKIE($cookie, $value = false, $time = 300000, $redirect = false, $URL = false)
{
if ($value) {
setcookie($cookie, filter($value), time() + $time, "/");
if ($redirect) {
redirect(isset($URL) ? $URL : _get("webBase"));
}
} else {
return isset($_COOKIE[$cookie]) ? filter($_COOKIE[$cookie]) : false;
}
}
function login_POST()
{
$username = _post('username');
$password = _post('password');
if ($user = User::check($username, $password)) {
$user->login();
$back_url = _get('back_url') ?: DEFAULT_LOGIN_REDIRECT_URL;
redirect($back_url);
} else {
$GLOBALS['msg'] = $GLOBALS['config']['error']['info']['USERNAME_OR_PASSWORD_INCORRECT'];
}
}
/**
* For page render
*/
public function viewAction()
{
$id = _get('id');
$row = $this->getModel('page')->find($id);
$page = $row->toArray();
$page['module'] = $this->getModule();
$form = new BaseForm();
$form->add(array('name' => 'tag', 'type' => 'tag'));
$this->view()->assign('form', $form);
$this->view()->assign('page', $page);
$this->view()->setTemplate('page-content');
}
public function testGET()
{
$input = 'Hello World';
$this->assertEqual(_get($input), 'Hello World');
$input = array('str' => 'Hello World');
$this->assertEqual(_get($input), array('str' => 'Hello World'));
$input = 'Hello <a href="javascript:alert(\'xss\');">World</a>';
$this->assertEqual(_get($input), 'Hello World');
$input = array('str' => 'Hello World', 'xss' => 'Hello <a href="javascript:alert(\'xss\');">World</a>');
$this->assertEqual(_get($input), array('str' => 'Hello World', 'xss' => 'Hello <a href="javascript:alert(\'xss\');">World</a>'));
$input = '<IMG SRC=javascript:alert("XSS")>';
$this->assertEqual(_get($input), '');
}
function search_teacher($q)
{
$s = Teacher::search();
if ($q) {
$s = $s->filterBy('name', "%{$q}%", 'LIKE');
}
$school = _get('school');
if ($school !== '') {
$s = $s->filterBy('school', $school);
}
$teachers = $s->find();
render_view('master', compact('teachers', 'q'));
}
function getContent()
{
$param = _get("param");
if ($param) {
$banner = $this->getBannerByParam($param);
$this->incClick($banner['banID']);
//echo "location: ".$banner['link']. " from ".$_SERVER['HTTP_REFERER']."<br>";
header("location: " . $banner['link']);
} else {
$content = $this->getRandomBanner();
return $content;
}
}
/**
* xxx todo: error handling
*/
function route()
{
$actionParam = _get("action");
$paramParts = explode("!", $actionParam);
$controller = $paramParts[0];
$action = $paramParts[1];
$controllerDir = controller_dir($controller);
$controllerFile = $controllerDir . "/controller.php";
require_once $controllerFile;
$controllerClassName = "Controller_{$controller}";
$controllerInstance = new $controllerClassName();
$actionRouter = new ActionRouter($controllerInstance, $action, $controllerDir);
$actionRouter->route();
}
function getContent()
{
switch (_get('act')) {
case 'edit':
return $this->editUser();
break;
case 'del':
return $this->delUser();
break;
default:
return $this->getList();
}
return "xzzxz";
}
public function submitProduct()
{
$proName = _get('proName');
$description = _get('description');
$proPrice = _get('proPrice');
$proType = _get('proType');
$proStatus = _get('proStatus');
$imagePath = _get('imagePath');
$res = $this->productModel->submitProduct($proName, $description, $proPrice, $proType, $proStatus, $imagePath);
if ($res) {
parent::redirect("login/main");
} else {
$this->view = View::build('failure');
}
}
/**
* User list by role
*
* @return array|void
*/
public function roleAction()
{
$page = (int) $this->params('p', 1);
$limit = 10;
$offset = (int) ($page - 1) * $limit;
$order = 'id DESC';
$condition = array();
$condition['front_role'] = _get('front_role') ?: '';
$condition['admin_role'] = _get('admin_role') ?: '';
$fields = array('id', 'identity', 'name', 'email', 'time_created');
$roles = array('front' => $condition['front_role'], 'admin' => $condition['admin_role']);
$data = $this->queryByRole($roles, $limit, $offset, $order, $fields);
/*
// Get user count
$count = $this->getCountByRole($roles);
// Get users
if ($count) {
$users = $this->getUsersByRole(
$roles,
$limit,
$offset,
'',
$fields
);
$users = $this->renderRole($users);
} else {
$users = array();
$message = _a('No user available.');
}
*/
array_walk($data['users'], function (&$user) use($fields) {
foreach ($fields as $field) {
if (!isset($user[$field])) {
$user[$field] = null;
}
}
if ($user['time_created']) {
$user['time_created'] = _date($user['time_created']);
}
});
// Set paginator
$paginator = array('count' => $data['count'], 'limit' => $limit, 'page' => $page);
return array('users' => array_values($data['users']), 'paginator' => $paginator);
}
/**
* {@inheritDoc}
*/
public function init()
{
$config = $this->config;
// Get config data.
$this->add(array('name' => 'identity', 'type' => 'Pi\\Form\\Element\\LoginField', 'options' => array('fields' => $config['login_field'])));
$this->add(array('name' => 'credential', 'options' => array('label' => __('Password')), 'attributes' => array('type' => 'password')));
if (!empty($config['login_captcha'])) {
$this->add(array('name' => 'captcha', 'type' => 'captcha', 'options' => array('label' => __('Please type the word.'), 'separator' => '<br />')));
}
if (!empty($config['rememberme'])) {
$this->add(array('name' => 'rememberme', 'type' => 'checkbox', 'options' => array('label' => __('Remember me')), 'attributes' => array('value' => '1', 'description' => __('Remember me'))));
}
$this->add(array('name' => 'security', 'type' => 'csrf'));
$redirect = _get('redirect') ?: Pi::service('url')->getRequestUri();
$redirect = $redirect ? rawurlencode($redirect) : '';
$this->add(array('name' => 'redirect', 'type' => 'hidden', 'attributes' => array('value' => $redirect)));
$this->add(array('name' => 'submit', 'attributes' => array('type' => 'submit', 'value' => __('Login'), 'class' => 'btn btn-primary')));
}
/**
* Sanitize input values from GET
* @param mixed $get The value or The array of values being sanitized.
* @return mixed The cleaned value
*/
function _get($get)
{
if (is_array($get)) {
foreach ($get as $name => $value) {
if (is_array($value)) {
$get[$name] = _get($value);
} else {
$value = _sanitize($value);
$value = urldecode($value);
$get[$name] = $value;
}
}
return $get;
} else {
$value = strip_tags(trim($get));
return urldecode($value);
}
}
/**
* Search user info buy display name
*
* @return array
*/
public function profileAction()
{
$field = _get('field') ?: 'name';
$data = _get('data');
$user = Pi::service('user')->getUser($data, $field);
if (!$user) {
$this->response->setStatusCode(404);
return array('message' => 'User not found');
}
$uid = $user->get('id');
$profile = $this->getProfileGroup($uid);
$user = Pi::api('user', 'user')->get($uid, array('identity', 'name', 'email', 'time_activated', 'time_disabled'));
$user['time_activated'] = $user['time_activated'] ? _date($user['time_activated']) : 0;
$user['time_disabled'] = $user['time_disabled'] ? _date($user['time_disabled']) : 0;
$user['link'] = $this->url('user', array('controller' => 'home', 'action' => 'view', 'uid' => $uid));
$user['avatar'] = Pi::user()->avatar()->get($uid, 'large', false);
return array('user' => $user, 'groups' => array_values($profile));
}
/**
* show list
*/
public function index($page = '1')
{
$page_size = 5;
// page size
$offset = ($page - 1) * $page_size;
$input_keyword = _get('input_keyword');
$where = array();
if (!is_blank($input_keyword)) {
$where[] = "(blog.subject like '%" . Context::get('db')->escape_string($input_keyword) . "%'" . " OR blog.content like '%" . Context::get('db')->escape_string($input_keyword) . "%'" . " OR user.nickname like '%" . Context::get('db')->escape_string($input_keyword) . "%')";
}
$where = implode(' AND ', $where);
// get id(s) in the page
$blogs = Blog::neo()->join('user')->select('blog.id')->where($where)->limit($offset, $page_size)->find('all');
$ids = extract_property($blogs);
// get blogs in the page
$this->blogs = Blog::neo()->join('user')->join('blog_comment')->order('blog.id DESC')->where($ids)->find('all');
$this->paging = new Paging(Blog::neo()->count(), $page_size, "/blog/index/<page>?input_keyword={$input_keyword}", $page);
}
/**
* User log list
*/
public function logListAction()
{
/**
* Sort type:
* 1. time_register default
* 2. last_login
* 3. time_activated
*/
$sort = _get('sort') ?: 'time_created';
$page = (int) $this->params('p', 1);
$limit = Pi::config('list_limit', 'user');
$offset = (int) ($page - 1) * $limit;
$uids = $this->getUids($sort, $limit, $offset);
$count = $this->getCount($sort);
$logs = $this->getUserLogs($uids);
$paginator = array('count' => $count, 'limit' => $limit, 'page' => $page);
$data = array('users' => $logs, 'paginator' => $paginator);
return $data;
}
function delurl()
{
$urlhash = _get('get.token', null, '/^[a-z0-9]{30}$/');
if ($urlhash) {
//获取项目token
$obj = new Model('url');
$tokenarr = $obj->field('project_hash')->where("url_hash = '" . $urlhash . "'")->find();
$token = $tokenarr['project_hash'];
//项目token查用户hash权限判断
$buffusers = new Model('project');
$userhash = $buffusers->field('user_hash')->where("project_hash = '" . $token . "'")->find();
if ($userhash['user_hash'] != $_SESSION['user_hash']) {
exit;
}
if ($obj->where("url_hash = '" . $urlhash . "'")->del()) {
$this->_ajaxReturn('删除成功', 'success', 'index.php?m=project&a=listurl&token=' . $token);
}
}
}
/**
* Intercept all function calls so there are no stopping errors.
* in DEV mode (_set('env', 'dev')) a trace will be emitted.
*/
public function __call($name, $args)
{
//only show proto messages in dev mode
if (_get('env') != 'dev') {
return $this;
}
$bt = debug_backtrace();
if (!isset($bt[0]) || !array_key_exists('line', $bt[0])) {
return $this;
}
$line = $bt[0]['line'];
$file = $bt[0]['file'];
$bt = null;
$parts = explode(DIRECTORY_SEPARATOR, $file);
$fname = array_pop($parts);
$file = array_pop($parts) . DIRECTORY_SEPARATOR . $fname;
echo "Called [" . $name . "] against proto object of type: " . $this->thing . " from: " . $file . " (" . $line . ").\n";
return $this;
}
public function register()
{
$data['usrname'] = _get('post.username', null, '/[a-zA-Z0-9]{4,12}/');
$data['usrpass'] = _get('post.password');
//codier@qq.com
$data['email'] = _get('post.email', null, '/^[-\\w]+@[-\\w]+(\\.[-\\w]+){0,2}(\\.\\w{0,3})$/');
$data['time'] = time();
//加密用户数据
$data['user_hash'] = _md5($data['usrpass'], $data['time'], -25);
$data['usrpass'] = _md5($data['usrpass'], 'codier', -20);
$users = new Model('users');
//检测用户名是否已经存在
if ($users->where("usrname = '" . $data['usrname'] . "'")->count()) {
$this->_ajaxReturn('用户名已存在', 'prompt');
} else {
if ($users->insert($data)) {
$this->_ajaxReturn('注册成功', 'success', 'index.php?m=index&a=index');
} else {
}
}
}
