/** * Returns whether or not the specified page is visible to the user * * @param array $page Page data * @return boolean Access */ public static function is_page_visible($page) { $show_page = true; // Get visibility scheme and bail if there isn't one. if (!($scheme = array_get($page, '_admin'))) { return true; } // Clean up the scheme foreach ($scheme as $key => $val) { if (!in_array($key, array('hide', 'show'))) { unset($scheme[$key]); } } // Get/set member's roles if (!self::$member_roles) { self::$member_roles = Auth::getCurrentMember()->get('roles'); } $roles = self::$member_roles; // Hiding is checked first because we'd rather show a page than hide it if there's crossover. if (array_get($scheme, 'hide')) { if (!is_array($scheme['hide'])) { // Flag as hidden if `hide: true|yes|1` is specified $show_page = false; } else { // Flat as hidden if the member's role is in scheme's "hide" list $show_page = array_intersect($scheme['hide'], $roles) ? false : true; } } if (array_get($scheme, 'show')) { // Flat as showable if the member's role is in scheme's "show" list $show_page = (bool) array_intersect(array_get($scheme, 'show', array()), $roles); } return $show_page; }
/** * Logs the current user out * * @return void */ public static function logout() { // trigger a hook Hook::run('auth', 'logout', 'call', null, Auth::getCurrentMember()); $app = \Slim\Slim::getInstance(); $app->deleteCookie('stat_auth_cookie'); }
/** * Store a revision for a given $file * * @param string $file The file to save a revision for * @param string $content The content to store as data for this revision * @param string $message The commit message * @param null $timestamp An optional timestamp for when this revision occurred * @param bool $is_new Whether the file is new or not */ public function saveRevision($file, $content, $message, $timestamp = null, $is_new = false) { // store in folder of hashed file name $hash = Helper::makeHash($file); // determine revision number $nth_revision = count($this->storage->listAll($hash)) + 1; $revision_data = array('file' => $file, 'revision' => $nth_revision, 'message' => $message, 'timestamp' => $timestamp ? Date::resolve($timestamp) : time(), 'author_uid' => Auth::getCurrentMember()->getUID(), 'data' => $content); $location = $hash . '/' . str_pad($nth_revision, 4, '0', STR_PAD_LEFT); $this->storage->putYAML($location, $revision_data); }
function authCheck($role = 'admin') { $app = \Slim\Slim::getInstance(); $user = Auth::getCurrentMember(); if ($user) { if ($user->hasRole($role)) { return true; } } exit("Invalid Request"); }
/** * The Routes **/ function authenticateForRole($role = 'member') { $admin_app = \Slim\Slim::getInstance(); $user = Auth::getCurrentMember(); if ($user) { if ($user->hasRole($role) === false) { $admin_app->redirect($admin_app->urlFor('denied')); } } else { $admin_app->redirect($admin_app->urlFor('login')); } return true; }
public function markitup__upload() { if (!Auth::getCurrentMember()) { exit("Invalid Request"); } $path = Request::get('path'); $is_image = Request::get('is_image'); if (isset($path)) { // build directory $dir = Path::tidy(ltrim($path, '/') . '/'); $file_type = strtolower($_FILES['file']['type']); $file_info = pathinfo($_FILES['file']['name']); // pull out the filename bits $filename = $file_info['filename']; $ext = $file_info['extension']; // build filename $file = $dir . $filename . '.' . $ext; // check for dupes if (File::exists($file)) { $file = BASE_PATH . '/' . $dir . $filename . '-' . date('YmdHis') . '.' . $ext; } if (!Folder::isWritable($dir)) { $this->log->error('Upload failed. Directory "' . $dir . '" is not writable.'); die('Upload directory not writable'); } if ($is_image && ($_FILES['file']['type'] == 'image/png' || $_FILES['file']['type'] == 'image/jpg' || $_FILES['file']['type'] == 'image/gif' || $_FILES['file']['type'] == 'image/jpeg')) { if (Request::get('resize', false)) { $image = Image::make($_FILES['file']['tmp_name']); $width = Request::get('width', null); $height = Request::get('height', null); $ratio = Request::get('ratio', true); $upsize = Request::get('upsize', false); $quality = Request::get('quality', '75'); $image->resize($width, $height, $ratio, $upsize)->save($file, $quality); } else { move_uploaded_file($_FILES['file']['tmp_name'], $file); } } else { move_uploaded_file($_FILES['file']['tmp_name'], $file); } $return = array('filelink' => Path::toAsset($file)); die(stripslashes(json_encode($return))); } else { die('Upload directory not set.'); } }
public function render() { $html = "<div class='input-select-wrap'><select name='{$this->fieldname}' tabindex='{$this->tabindex}'>"; $html .= "<option value=''>- None Selected-</option>"; $current_user = Auth::getCurrentMember(); $current_username = $current_user->get_name(); if ($this->field_data == '') { $this->field_data = $current_username; } foreach (Member::getList() as $key => $data) { if (!is_object($data)) { continue; } $selected = $this->field_data == $key ? " selected='selected'" : ''; $html .= "<option {$selected} value='{$key}'>{$data->get('first_name')} {$data->get('last_name')}</option>"; } $html .= "</select></div>"; return $html; }
public function redactor__fetch_files() { if (!Auth::getCurrentMember()) { exit("Invalid Request"); } $dir = Path::tidy(ltrim(Request::get('path'), '/').'/'); $file_list = glob($dir."*.*", GLOB_BRACE); $files = array(); if (count($file_list) > 0) { foreach ($file_list as $file) { $pi = pathinfo($file); $files[] = array( 'link' => Path::toAsset($file), 'title' => $pi['filename'], 'name' => $pi['basename'], 'size' => File::getHumanSize(File::getSize(Path::assemble(BASE_PATH, $file))) ); } } echo json_encode($files); }
/** * Evaluates a rule * * @param string $rule Type of rule * @param mixed $value Value to evaluate for the rule * @return bool */ public function evaluateRule($rule, $value) { $member = Auth::isLoggedIn() ? Auth::getCurrentMember() : new Member(array()); if ($rule === '_any') { // this is an "any" grouping foreach ($value as $sub_rule) { reset($sub_rule); $key = key($sub_rule); if ($this->evaluateRule(key($sub_rule), $sub_rule[$key])) { return true; } } return false; } elseif ($rule === '_none') { // this is a "none" grouping foreach ($value as $sub_rule) { reset($sub_rule); $key = key($sub_rule); if ($this->evaluateRule(key($sub_rule), $sub_rule[$key])) { return false; } } return true; } elseif ($rule === '_all') { // this is an "all" grouping foreach ($value as $sub_rule) { reset($sub_rule); $key = key($sub_rule); if (!$this->evaluateRule(key($sub_rule), $sub_rule[$key])) { return false; } } return true; } elseif ($rule === '_addon') { // this is an add-on API call // grab add-on definition $method = array_get($value, 'method', null); $comparison = array_get($value, 'comparison', '=='); $parameters = array_get($value, 'parameters', array()); $error = array_get($value, 'error', null); $value = array_get($value, 'value', null); // split method $method_parts = explode(':', $method, 2); // were definitions valid? if (!$method || count($method_parts) !== 2 || !is_array($parameters)) { return false; } // load API try { $api = Resource::loadAPI($method_parts[0]); // can this method be called? if (!is_callable(array($api, $method_parts[1]), false)) { return false; } // get the result of calling the method $result_value = call_user_func_array(array($api, $method_parts[1]), $parameters); // now compare the expected value with the actual value $result = $this->compareValues($value, $result_value, $comparison); // set optional user error if (!$result && $error) { $this->flash->set('error', $error); } return $result; } catch (Exception $e) { // something went wrong, this fails rd($e->getMessage()); return false; } } elseif ($rule === '_field') { // this is a complex field match // grab field definitions $field = array_get($value, 'field', null); $comparison = array_get($value, 'comparison', '=='); $value = array_get($value, 'value', null); // were definitions valid? if (!$field) { return false; } return $this->compareValues($value, $member->get($field, null), $comparison); } elseif ($rule === '_logged_in') { // this is checking if member is logged in return Auth::isLoggedIn() === $value; } elseif ($rule === '_ip_address') { // this is one or more IP address return $this->compareValues(Helper::ensureArray($value), Request::getIP(), '=='); } else { // this is a simple field match return $this->compareValues($value, $member->get($rule, null), '=='); } }
/** * Target for the member:profile_form form * * @return void */ public function member__update_profile() { $site_root = Config::getSiteRoot(); $referrer = $_SERVER['HTTP_REFERER']; $return = filter_input(INPUT_POST, 'return', FILTER_SANITIZE_URL); // is user logged in? if (!Auth::isLoggedIn()) { URL::redirect($this->fetchConfig('login_url', $site_root, null, false, false)); } // get current user $member = Auth::getCurrentMember(); // get configurations $allowed_fields = array_get($this->loadConfigFile('fields'), 'fields', array()); $role_definitions = $this->fetchConfig('role_definitions'); // who are we editing? $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING); $username = !$username ? $member->get('username') : $username; // if the user isn't the current user, ensure that's allowed if ($username !== $member->get('username')) { // username is different from current user if (!array_get($role_definitions, 'edit_other_users', null) || !$member->hasRole($role_definitions['edit_other_users'])) { // this user does not have permission to do this $this->flash->set('update_profile_error', 'You are not allowed to edit another member’s profile.'); URL::redirect($referrer); } else { // all set, update member $member = Member::load($username); } } // get old values $old_values = $member->export(); // set up iterators and flags $submission = array(); // loop through allowed fields, validating and updating foreach ($allowed_fields as $field => $options) { if (!isset($_POST[$field])) { // was this username? that can be included separately if ($field === 'username') { $value = $username; } else { // field wasn't set, skip it continue; } } else { // set value $value = filter_input(INPUT_POST, $field, FILTER_SANITIZE_STRING); } // set value $old_values[$field] = $value; // don't store this value if `save_value` is set to `false` if (array_get($options, 'save_value', true)) { $member->set($field, $value); } // add to submissions, including non-save_value fields because this // is the list that will be validated $submission[$field] = $value; } // validate $errors = $this->tasks->validate($submission); if (count($errors)) { // errors were found, set a flash message and redirect $this->flash->set('update_profile_error', 'Member profile not updated.'); $this->flash->set('update_profile_field_errors', $errors); $this->flash->set('update_profile_old_values', $old_values); URL::redirect($referrer); } else { // save member $member->save(); // trigger a hook $this->runHook('profile_update', 'call', null, $member); // user saved $this->flash->set('update_profile_success', 'Member profile updated.'); if ($return) { URL::redirect($return); } else { URL::redirect($referrer); } } }
<?php $current_user = Auth::getCurrentMember(); $name = $current_user->get('name'); ?> <!doctype html> <html lang="<?php echo Config::getCurrentLanguage(); ?> "> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, minimum-scale=1.0, maximum-scale=1.0"> <title>GKP Control Panel</title> <link rel="stylesheet" href="<?php echo Path::tidy(Config::getSiteRoot() . '/' . $app->config['theme_path']); ?> css/ascent.css"> <link rel="shortcut icon" href="<?php print Path::tidy(Config::getSiteRoot() . '/' . $app->config['theme_path']); ?> img/favicon.ico" /> <script> var transliterate = <?php echo json_encode(Config::get('custom_transliteration', array())); ?> ; </script> <script> var content_type = "<?php echo Config::getContentType();
public function profile() { // parse parameters $username = $this->fetchParam(array('username', 'name', 'member'), null, false, false, false); $uid = $this->fetchParam('uid', null, false, false, false); if ($username) { // username return Member::getProfile($username); } elseif ($uid) { // uid return Member::getProfileByUID($uid); } // neither of those? try the current user $user = Auth::getCurrentMember(); if ($user) { $username = $user->get('name'); return Member::getProfile($username); } else { return array('no_results' => true); } }
public function redactor__fetch_images() { if (!Auth::getCurrentMember()) { exit("Invalid Request"); } $dir = Path::tidy(ltrim(Request::get('path'), '/') . '/'); $image_list = glob($dir . "*.{jpg,jpeg,gif,png}", GLOB_BRACE); $images = array(); if (count($image_list) > 0) { foreach ($image_list as $image) { $images[] = array('thumb' => Config::getSiteRoot() . $image, 'image' => Config::getSiteRoot() . $image); } } echo json_encode($images); }
/** * Set up any and all global vars, tags, and other defaults * * @return void */ public static function setDefaultTags() { $app = \Slim\Slim::getInstance(); /* |-------------------------------------------------------------------------- | User & Session Authentication |-------------------------------------------------------------------------- | | This may be overwritten later, but let's go ahead and set the default | layout file to start assembling our front-end view. | */ $current_member = Auth::getCurrentMember(); $app->config['logged_in'] = !is_null($current_member); $app->config['username'] = $current_member ? $current_member->get('username') : false; $app->config['is_admin'] = $current_member ? $current_member->hasRole('admin') : false; // current member data if ($current_member) { $app->config['current_member'] = array('logged_in' => !is_null($current_member), 'username' => $current_member->get('username')) + $current_member->export(); // load up roles foreach ($current_member->get('roles') as $role) { $app->config['current_member']['is_' . $role] = 'true'; } } /* |-------------------------------------------------------------------------- | GET and POST global vars |-------------------------------------------------------------------------- | | Use these at your own risk, of course. Don't be stupid. | */ $app->config['get'] = URL::sanitize($_GET); $app->config['post'] = URL::sanitize($_POST); $app->config['get_post'] = $app->config['get'] + $app->config['post']; $app->config['homepage'] = Config::getSiteRoot(); $app->config['now'] = time(); }