/** * Attempts to log an Author in given a username and password. * If the password is not hashed, it will be hashed using the sha1 * algorithm. The username and password will be sanitized before * being used to query the Database. If an Author is found, they * will be logged in and the sanitized username and password (also hashed) * will be saved as values in the `$Cookie`. * * @see toolkit.Cryptography#hash() * @throws DatabaseException * @param string $username * The Author's username. This will be sanitized before use. * @param string $password * The Author's password. This will be sanitized and then hashed before use * @param boolean $isHash * If the password provided is already hashed, setting this parameter to * true will stop it becoming rehashed. By default it is false. * @return boolean * True if the Author was logged in, false otherwise */ public static function login($username, $password, $isHash = false) { $username = trim(self::Database()->cleanValue($username)); $password = trim(self::Database()->cleanValue($password)); if (strlen($username) > 0 && strlen($password) > 0) { $author = AuthorManager::fetch('id', 'ASC', 1, null, sprintf("`username` = '%s'", $username)); if (!empty($author) && Cryptography::compare($password, current($author)->get('password'), $isHash)) { self::$Author = current($author); // Only migrate hashes if there is no update available as the update might change the tbl_authors table. if (self::isUpgradeAvailable() === false && Cryptography::requiresMigration(self::$Author->get('password'))) { self::$Author->set('password', Cryptography::hash($password)); self::Database()->update(array('password' => self::$Author->get('password')), 'tbl_authors', sprintf(" `id` = %d", self::$Author->get('id'))); } self::$Cookie->set('username', $username); self::$Cookie->set('pass', self::$Author->get('password')); self::Database()->update(array('last_seen' => DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', sprintf(" `id` = %d", self::$Author->get('id'))); // Only set custom author language in the backend if (class_exists('Administration', false)) { Lang::set(self::$Author->get('language')); } return true; } } return false; }
/** * This function determines whether an there is a currently logged in * Author for Symphony by using the `$Cookie`'s username * and password. If an Author is found, they will be logged in, otherwise * the `$Cookie` will be destroyed. * * @see core.Cookie#expire() */ public function isLoggedIn() { // Ensures that we're in the real world.. Also reduces three queries from database // We must return true otherwise exceptions are not shown if (is_null(self::$_instance)) { return true; } if ($this->Author) { return true; } else { $username = self::Database()->cleanValue($this->Cookie->get('username')); $password = self::Database()->cleanValue($this->Cookie->get('pass')); if (strlen(trim($username)) > 0 && strlen(trim($password)) > 0) { $author = AuthorManager::fetch('id', 'ASC', 1, null, sprintf("\n\t\t\t\t\t\t\t`username` = '%s'\n\t\t\t\t\t\t", $username)); if (!empty($author) && Cryptography::compare($password, current($author)->get('password'), true)) { $this->Author = current($author); self::Database()->update(array('last_seen' => DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', sprintf(" `id` = %d", $this->Author->get('id'))); // Only set custom author language in the backend if (class_exists('Administration')) { Lang::set($this->Author->get('language')); } return true; } } $this->Cookie->expire(); return false; } }
/** * This function determines whether an there is a currently logged in * Author for Symphony by using the `$Cookie`'s username * and password. If an Author is found, they will be logged in, otherwise * the `$Cookie` will be destroyed. * * @see core.Cookie#expire() */ public function isLoggedIn() { // Ensures that we're in the real world.. Also reduces three queries from database // We must return true otherwise exceptions are not shown if (is_null(self::$_instance)) { return true; } if ($this->Author) { return true; } else { $username = self::$Database->cleanValue($this->Cookie->get('username')); $password = self::$Database->cleanValue($this->Cookie->get('pass')); if (strlen(trim($username)) > 0 && strlen(trim($password)) > 0) { $id = self::$Database->fetchVar('id', 0, "SELECT `id` FROM `tbl_authors` WHERE `username` = '{$username}' AND `password` = '{$password}' LIMIT 1"); if ($id) { self::$Database->update(array('last_seen' => DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', " `id` = '{$id}'"); $this->Author = AuthorManager::fetchByID($id); Lang::set($this->Author->get('language')); return true; } } $this->Cookie->expire(); return false; } }
public function show(SS_HTTPRequest $request) { $author = Author::get()->byID($request->param('ID')); if (!$author) { return $this->httpError(404, 'That author could not be found'); } return array('Author' => $author); }
if (!isset($authorId)) { $app->abort(404, 'Author has to be selected. Go back and select author'); } $title = $request->request->get('title'); $message = $request->request->get('message'); $postModel->set($title, $message, $authorId); return $app->redirect($app["url_generator"]->generate("post_index")); })->bind('post_add'); $app->get('/authors', function () use($app) { $authorModel = new Author($app['db']); $authorsToDisplay = $authorModel->getAll(); return $app['twig']->render('author_index.html.twig', array('authors' => $authorsToDisplay)); })->bind('author_index'); $app->get('/author/{author_id}', function ($author_id) use($app) { $authorModel = new Author($app['db']); $authorToDisplay = $authorModel->get($author_id); if (!$authorToDisplay) { $app->abort(404, 'The article could not be found'); } return $app['twig']->render('author_single.html.twig', array('author' => $authorToDisplay)); })->assert('author_id', '\\d+')->bind('author_single'); $app->get('/author/new', function () use($app) { return $app['twig']->render('author_new.html.twig'); })->bind('author_new'); $app->post('/author/add', function (Request $request) use($app) { $authorModel = new Author($app['db']); $name = $request->request->get('name'); $authorModel->setName($name); return $app->redirect($app["url_generator"]->generate("author_index")); })->bind('author_add'); // This should be the last line
public function __form() { require_once TOOLKIT . '/class.field.php'; // Handle unknown context if (!in_array($this->_context[0], array('new', 'edit'))) { Administration::instance()->errorPageNotFound(); } if ($this->_context[0] == 'new' && !Administration::instance()->Author->isDeveloper()) { Administration::instance()->customError(__('Access Denied'), __('You are not authorised to access this page.')); } if (isset($this->_context[2])) { switch ($this->_context[2]) { case 'saved': $this->pageAlert(__('Author updated at %s.', array(DateTimeObj::getTimeAgo())) . ' <a href="' . SYMPHONY_URL . '/system/authors/new/" accesskey="c">' . __('Create another?') . '</a> <a href="' . SYMPHONY_URL . '/system/authors/" accesskey="a">' . __('View all Authors') . '</a>', Alert::SUCCESS); break; case 'created': $this->pageAlert(__('Author created at %s.', array(DateTimeObj::getTimeAgo())) . ' <a href="' . SYMPHONY_URL . '/system/authors/new/" accesskey="c">' . __('Create another?') . '</a> <a href="' . SYMPHONY_URL . '/system/authors/" accesskey="a">' . __('View all Authors') . '</a>', Alert::SUCCESS); break; } } $this->setPageType('form'); $isOwner = false; if (isset($_POST['fields'])) { $author = $this->_Author; } else { if ($this->_context[0] == 'edit') { if (!($author_id = $this->_context[1])) { redirect(SYMPHONY_URL . '/system/authors/'); } if (!($author = AuthorManager::fetchByID($author_id))) { Administration::instance()->customError(__('Author not found'), __('The author profile you requested does not exist.')); } } else { $author = new Author(); } } if ($this->_context[0] == 'edit' && $author->get('id') == Administration::instance()->Author->get('id')) { $isOwner = true; } if ($this->_context[0] == 'edit' && !$isOwner && !Administration::instance()->Author->isDeveloper()) { Administration::instance()->customError(__('Access Denied'), __('You are not authorised to edit other authors.')); } $this->setTitle(__($this->_context[0] == 'new' ? '%2$s – %3$s' : '%1$s – %2$s – %3$s', array($author->getFullName(), __('Authors'), __('Symphony')))); $this->appendSubheading($this->_context[0] == 'new' ? __('Untitled') : $author->getFullName()); $this->insertBreadcrumbs(array(Widget::Anchor(__('Authors'), SYMPHONY_URL . '/system/authors/'))); // Essentials $group = new XMLElement('fieldset'); $group->setAttribute('class', 'settings'); $group->appendChild(new XMLElement('legend', __('Essentials'))); $div = new XMLElement('div'); $div->setAttribute('class', 'two columns'); $label = Widget::Label(__('First Name'), NULL, 'column'); $label->appendChild(Widget::Input('fields[first_name]', $author->get('first_name'))); $div->appendChild(isset($this->_errors['first_name']) ? Widget::Error($label, $this->_errors['first_name']) : $label); $label = Widget::Label(__('Last Name'), NULL, 'column'); $label->appendChild(Widget::Input('fields[last_name]', $author->get('last_name'))); $div->appendChild(isset($this->_errors['last_name']) ? Widget::Error($label, $this->_errors['last_name']) : $label); $group->appendChild($div); $label = Widget::Label(__('Email Address')); $label->appendChild(Widget::Input('fields[email]', $author->get('email'))); $group->appendChild(isset($this->_errors['email']) ? Widget::Error($label, $this->_errors['email']) : $label); $this->Form->appendChild($group); // Login Details $group = new XMLElement('fieldset'); $group->setAttribute('class', 'settings'); $group->appendChild(new XMLElement('legend', __('Login Details'))); $div = new XMLElement('div'); $label = Widget::Label(__('Username')); $label->appendChild(Widget::Input('fields[username]', $author->get('username'))); $div->appendChild(isset($this->_errors['username']) ? Widget::Error($label, $this->_errors['username']) : $label); // Only developers can change the user type. Primary account should NOT be able to change this if (Administration::instance()->Author->isDeveloper() && !$author->isPrimaryAccount()) { // Create columns $div->setAttribute('class', 'two columns'); $label->setAttribute('class', 'column'); // User type $label = Widget::Label(__('User Type'), NULL, 'column'); $options = array(array('author', false, __('Author')), array('developer', $author->isDeveloper(), __('Developer'))); $label->appendChild(Widget::Select('fields[user_type]', $options)); $div->appendChild($label); } $group->appendChild($div); // Password $fieldset = new XMLElement('fieldset', NULL, array('class' => 'two columns', 'id' => 'password')); $legend = new XMLElement('legend', __('Password')); $help = new XMLElement('i', __('Leave password fields blank to keep the current password')); $fieldset->appendChild($legend); $fieldset->appendChild($help); // Password reset if ($this->_context[0] == 'edit' && (!Administration::instance()->Author->isDeveloper() || $isOwner === true)) { $fieldset->setAttribute('class', 'three columns'); $label = Widget::Label(NULL, NULL, 'column'); $label->appendChild(Widget::Input('fields[old-password]', NULL, 'password', array('placeholder' => __('Old Password')))); $fieldset->appendChild(isset($this->_errors['old-password']) ? Widget::Error($label, $this->_errors['password']) : $label); } // New password $callback = Administration::instance()->getPageCallback(); $placeholder = $callback['context'][0] == 'edit' ? __('New Password') : __('Password'); $label = Widget::Label(NULL, NULL, 'column'); $label->appendChild(Widget::Input('fields[password]', NULL, 'password', array('placeholder' => $placeholder))); $fieldset->appendChild(isset($this->_errors['password']) ? Widget::Error($label, $this->_errors['password']) : $label); // Confirm password $label = Widget::Label(NULL, NULL, 'column'); $label->appendChild(Widget::Input('fields[password-confirmation]', NULL, 'password', array('placeholder' => __('Confirm Password')))); $fieldset->appendChild(isset($this->_errors['password-confirmation']) ? Widget::Error($label, $this->_errors['password']) : $label); $group->appendChild($fieldset); // Auth token if (Administration::instance()->Author->isDeveloper()) { $label = Widget::Label(); $input = Widget::Input('fields[auth_token_active]', 'yes', 'checkbox'); if ($author->isTokenActive()) { $input->setAttribute('checked', 'checked'); } $temp = SYMPHONY_URL . '/login/' . $author->createAuthToken() . '/'; $label->setValue(__('%s Allow remote login via', array($input->generate())) . ' <a href="' . $temp . '">' . $temp . '</a>'); $group->appendChild($label); } $label = Widget::Label(__('Default Area')); $sections = SectionManager::fetch(NULL, 'ASC', 'sortorder'); $options = array(); // If the Author is the Developer, allow them to set the Default Area to // be the Sections Index. if ($author->isDeveloper()) { $options[] = array('/blueprints/sections/', $author->get('default_area') == '/blueprints/sections/', __('Sections Index')); } if (is_array($sections) && !empty($sections)) { foreach ($sections as $s) { $options[] = array($s->get('id'), $author->get('default_area') == $s->get('id'), $s->get('name')); } } /** * Allows injection or manipulation of the Default Area dropdown for an Author. * Take care with adding in options that are only valid for Developers, as if a * normal Author is set to that option, they will be redirected to their own * Author record. * * * @delegate AddDefaultAuthorAreas * @since Symphony 2.2 * @param string $context * '/system/authors/' * @param array $options * An associative array of options, suitable for use for the Widget::Select * function. By default this will be an array of the Sections in the current * installation. New options should be the path to the page after the `SYMPHONY_URL` * constant. * @param string $default_area * The current `default_area` for this Author. */ Symphony::ExtensionManager()->notifyMembers('AddDefaultAuthorAreas', '/system/authors/', array('options' => &$options, 'default_area' => $author->get('default_area'))); $label->appendChild(Widget::Select('fields[default_area]', $options)); $group->appendChild($label); $this->Form->appendChild($group); // Custom Language Selection $languages = Lang::getAvailableLanguages(); if (count($languages) > 1) { // Get language names asort($languages); $group = new XMLElement('fieldset'); $group->setAttribute('class', 'settings'); $group->appendChild(new XMLElement('legend', __('Custom Preferences'))); $label = Widget::Label(__('Language')); $options = array(array(NULL, is_null($author->get('language')), __('System Default'))); foreach ($languages as $code => $name) { $options[] = array($code, $code == $author->get('language'), $name); } $select = Widget::Select('fields[language]', $options); $label->appendChild($select); $group->appendChild($label); $this->Form->appendChild($group); } $div = new XMLElement('div'); $div->setAttribute('class', 'actions'); $div->appendChild(Widget::Input('action[save]', $this->_context[0] == 'edit' ? __('Save Changes') : __('Create Author'), 'submit', array('accesskey' => 's'))); if ($this->_context[0] == 'edit' && !$isOwner && !$author->isPrimaryAccount()) { $button = new XMLElement('button', __('Delete')); $button->setAttributeArray(array('name' => 'action[delete]', 'class' => 'button confirm delete', 'title' => __('Delete this author'), 'type' => 'submit', 'accesskey' => 'd', 'data-message' => __('Are you sure you want to delete this author?'))); $div->appendChild($button); } $this->Form->appendChild($div); /** * Allows the injection of custom form fields given the current `$this->Form` * object. Please note that this custom data should be saved in own extension * tables and that modifying `tbl_authors` to house your data is highly discouraged. * * @delegate AddElementstoAuthorForm * @since Symphony 2.2 * @param string $context * '/system/authors/' * @param XMLElement $form * The contents of `$this->Form` after all the default form elements have been appended. * @param Author $author * The current Author object that is being edited */ Symphony::ExtensionManager()->notifyMembers('AddElementstoAuthorForm', '/system/authors/', array('form' => &$this->Form, 'author' => $author)); }
public function appendFormattedElement(&$wrapper, $data, $encode = false) { if (!is_array($data['author_id'])) { $data['author_id'] = array($data['author_id']); } $list = new XMLElement($this->get('element_name')); foreach ($data['author_id'] as $author_id) { $author = new Author($author_id); $list->appendChild(new XMLElement('item', $author->getFullName(), array('id' => (string) $author->get('id'), 'username' => General::sanitize($author->get('username'))))); } $wrapper->appendChild($list); }
function authors_get() { if (!$this->get('search')) { $this->response(NULL, 400); } $authors = new Author(); $authors->like('name', $this->get('search')); $authors->order_by('name', 'asc'); $authors->limit(5); $authors->get(); if ($authors->exists()) { foreach ($authors as $author) { $authors_array[] = $author->name; } $this->response($authors_array, 200); // 200 being the HTTP response code } else { $this->response(array('error' => 'Authors could not be found'), 404); } }
function __form() { require_once TOOLKIT . '/class.field.php'; ## Handle unknow context if (!in_array($this->_context[0], array('new', 'edit'))) { $this->_Parent->errorPageNotFound(); } if ($this->_context[0] == 'new' && !Administration::instance()->Author->isDeveloper()) { $this->_Parent->customError(E_USER_ERROR, 'Access Denied', 'You are not authorised to access this page.'); } if (isset($this->_context[2])) { switch ($this->_context[2]) { case 'saved': $this->pageAlert(__('Author updated at %1$s. <a href="%2$s">Create another?</a> <a href="%3$s">View all Authors</a>', array(DateTimeObj::getTimeAgo(__SYM_TIME_FORMAT__), URL . '/symphony/system/authors/new/', URL . '/symphony/system/authors/')), Alert::SUCCESS); break; case 'created': $this->pageAlert(__('Author created at %1$s. <a href="%2$s">Create another?</a> <a href="%3$s">View all Authors</a>', array(DateTimeObj::getTimeAgo(__SYM_TIME_FORMAT__), URL . '/symphony/system/authors/new/', URL . '/symphony/system/authors/')), Alert::SUCCESS); break; } } $this->setPageType('form'); $isOwner = false; if (isset($_POST['fields'])) { $author = $this->_Author; } elseif ($this->_context[0] == 'edit') { if (!($author_id = $this->_context[1])) { redirect(URL . '/symphony/system/authors/'); } if (!($author = AuthorManager::fetchByID($author_id))) { $this->_Parent->customError(E_USER_ERROR, 'Author not found', 'The author profile you requested does not exist.'); } } else { $author = new Author(); } if ($this->_context[0] == 'edit' && $author->get('id') == Administration::instance()->Author->get('id')) { $isOwner = true; } if ($this->_context[0] == 'edit' && !$isOwner && !Administration::instance()->Author->isDeveloper()) { $this->_Parent->customError(E_USER_ERROR, 'Access Denied', 'You are not authorised to edit other authors.'); } $this->setTitle(__($this->_context[0] == 'new' ? '%1$s – %2$s – %3$s' : '%1$s – %2$s', array(__('Symphony'), __('Authors'), $author->getFullName()))); $this->appendSubheading($this->_context[0] == 'new' ? __('Untitled') : $author->getFullName()); ### Essentials ### $group = new XMLElement('fieldset'); $group->setAttribute('class', 'settings'); $group->appendChild(new XMLElement('legend', __('Essentials'))); $div = new XMLElement('div'); $div->setAttribute('class', 'group'); $label = Widget::Label(__('First Name')); $label->appendChild(Widget::Input('fields[first_name]', $author->get('first_name'))); $div->appendChild(isset($this->_errors['first_name']) ? $this->wrapFormElementWithError($label, $this->_errors['first_name']) : $label); $label = Widget::Label(__('Last Name')); $label->appendChild(Widget::Input('fields[last_name]', $author->get('last_name'))); $div->appendChild(isset($this->_errors['last_name']) ? $this->wrapFormElementWithError($label, $this->_errors['last_name']) : $label); $group->appendChild($div); $label = Widget::Label(__('Email Address')); $label->appendChild(Widget::Input('fields[email]', $author->get('email'))); $group->appendChild(isset($this->_errors['email']) ? $this->wrapFormElementWithError($label, $this->_errors['email']) : $label); $this->Form->appendChild($group); ### ### Login Details ### $group = new XMLElement('fieldset'); $group->setAttribute('class', 'settings'); $group->appendChild(new XMLElement('legend', __('Login Details'))); $div = new XMLElement('div'); $div->setAttribute('class', 'group'); $label = Widget::Label(__('Username')); $label->appendChild(Widget::Input('fields[username]', $author->get('username'), NULL)); $div->appendChild(isset($this->_errors['username']) ? $this->wrapFormElementWithError($label, $this->_errors['username']) : $label); // Only developers can change the user type. Primary account should NOT be able to change this if (Administration::instance()->Author->isDeveloper() && !$author->isPrimaryAccount()) { $label = Widget::Label(__('User Type')); $options = array(array('author', false, __('Author')), array('developer', $author->isDeveloper(), __('Developer'))); $label->appendChild(Widget::Select('fields[user_type]', $options)); $div->appendChild($label); } $group->appendChild($div); $div = new XMLElement('div', NULL, array('class' => 'group')); if ($this->_context[0] == 'edit') { $div->setAttribute('id', 'change-password'); if (!Administration::instance()->Author->isDeveloper() || $isOwner === true) { $div->setAttribute('class', 'triple group'); $label = Widget::Label(__('Old Password')); if (isset($this->_errors['old-password'])) { $label->setAttributeArray(array('class' => 'contains-error', 'title' => $this->_errors['old-password'])); } $label->appendChild(Widget::Input('fields[old-password]', NULL, 'password')); $div->appendChild(isset($this->_errors['old-password']) ? $this->wrapFormElementWithError($label, $this->_errors['old-password']) : $label); } } $label = Widget::Label($this->_context[0] == 'edit' ? __('New Password') : __('Password')); $label->appendChild(Widget::Input('fields[password]', NULL, 'password')); $div->appendChild(isset($this->_errors['password']) ? $this->wrapFormElementWithError($label, $this->_errors['password']) : $label); $label = Widget::Label($this->_context[0] == 'edit' ? __('Confirm New Password') : __('Confirm Password')); if (isset($this->_errors['password-confirmation'])) { $label->setAttributeArray(array('class' => 'contains-error', 'title' => $this->_errors['password-confirmation'])); } $label->appendChild(Widget::Input('fields[password-confirmation]', NULL, 'password')); $div->appendChild($label); $group->appendChild($div); if ($this->_context[0] == 'edit') { $group->appendChild(new XMLElement('p', __('Leave password fields blank to keep the current password'), array('class' => 'help'))); } if (Administration::instance()->Author->isDeveloper()) { $label = Widget::Label(); $input = Widget::Input('fields[auth_token_active]', 'yes', 'checkbox'); if ($author->get('auth_token_active') == 'yes') { $input->setAttribute('checked', 'checked'); } $temp = URL . '/symphony/login/' . $author->createAuthToken() . '/'; $label->setValue(__('%1$s Allow remote login via <a href="%2$s">%2$s</a>', array($input->generate(), $temp))); $group->appendChild($label); } $label = Widget::Label(__('Default Section')); $sectionManager = new SectionManager($this->_Parent); $sections = $sectionManager->fetch(NULL, 'ASC', 'sortorder'); $options = array(); if (is_array($sections) && !empty($sections)) { foreach ($sections as $s) { $options[] = array($s->get('id'), $author->get('default_section') == $s->get('id'), $s->get('name')); } } $label->appendChild(Widget::Select('fields[default_section]', $options)); $group->appendChild($label); $this->Form->appendChild($group); ### ### Custom Language Selection ### $languages = Lang::getAvailableLanguages(Administration::instance()->ExtensionManager); if (count($languages) > 1) { // Get language names asort($languages); $group = new XMLElement('fieldset'); $group->setAttribute('class', 'settings'); $group->appendChild(new XMLElement('legend', __('Custom Preferences'))); $div = new XMLElement('div'); $div->setAttribute('class', 'group'); $label = Widget::Label(__('Language')); $options = array(array(NULL, is_null($author->get('language')), __('System Default'))); foreach ($languages as $code => $name) { $options[] = array($code, $code == $author->get('language'), $name); } $select = Widget::Select('fields[language]', $options); $label->appendChild($select); $group->appendChild($label); $this->Form->appendChild($group); } ### $div = new XMLElement('div'); $div->setAttribute('class', 'actions'); $div->appendChild(Widget::Input('action[save]', $this->_context[0] == 'edit' ? __('Save Changes') : __('Create Author'), 'submit', array('accesskey' => 's'))); if ($this->_context[0] == 'edit' && !$isOwner && !$author->isPrimaryAccount()) { $button = new XMLElement('button', __('Delete')); $button->setAttributeArray(array('name' => 'action[delete]', 'class' => 'confirm delete', 'title' => __('Delete this author'), 'type' => 'submit')); $div->appendChild($button); } $this->Form->appendChild($div); }
/** * Returns Author's that match the provided ID's with the option to sort or limit the * output. This function will search the `AuthorManager::$_pool` for Authors first before * querying `tbl_authors` * * @param integer|array $id * A single ID or an array of ID's * @param string $sortby * The field to sort the authors by, defaults to 'id' * @param string $sortdirection * Available values of ASC (Ascending) or DESC (Descending), which refer to the * sort order for the query. Defaults to ASC (Ascending) * @param integer $limit * The number of rows to return * @param integer $start * The offset start point for limiting, maps to the LIMIT {x}, {y} MySQL functionality * @return mixed * If `$id` was an integer, the result will be an Author object, otherwise an array of * Author objects will be returned. If no Authors are found, or no `$id` is given null is returned. */ public static function fetchByID($id, $sortby = 'id', $sortdirection = 'ASC', $limit = null, $start = null) { $return_single = false; if (!is_array($id)) { $return_single = true; $id = array($id); } if (empty($id)) { return null; } $authors = array(); $pooled_authors = array(); // Get all the Author ID's that are already in `self::$_pool` $pooled_authors = array_intersect($id, array_keys(self::$_pool)); foreach ($pooled_authors as $pool_author) { $authors[] = self::$_pool[$pool_author]; } // Get all the Author ID's that are not already stored in `self::$_pool` $id = array_diff($id, array_keys(self::$_pool)); if (empty($id)) { return $return_single ? $authors[0] : $authors; } $records = Symphony::Database()->fetch(sprintf("\n\t\t\t\t\tSELECT *\n\t\t\t\t\tFROM `tbl_authors`\n\t\t\t\t\tWHERE `id` IN (%d)\n\t\t\t\t\tORDER BY %s %s\n\t\t\t\t\t%s %s\n\t\t\t\t", implode(",", $id), $sortby, $sortdirection, $limit ? "LIMIT " . $limit : '', $start && $limit ? ', ' . $start : '')); if (!is_array($records) || empty($records)) { return $return_single ? $authors[0] : $authors; } foreach ($records as $row) { $author = new Author(); foreach ($row as $field => $val) { $author->set($field, $val); } self::$_pool[$author->get('id')] = $author; $authors[] = $author; } return $return_single ? $authors[0] : $authors; }
/** * Returns Author's that match the provided ID's with the option to * sort or limit the output. This function will search the * `AuthorManager::$_pool` for Authors first before querying `tbl_authors` * * @param integer|array $id * A single ID or an array of ID's * @throws DatabaseException * @return mixed * If `$id` is an integer, the result will be an Author object, * otherwise an array of Author objects will be returned. If no * Authors are found, or no `$id` is given, `null` is returned. */ public static function fetchByID($id) { $return_single = false; if (is_null($id)) { return null; } if (!is_array($id)) { $return_single = true; $id = array((int) $id); } if (empty($id)) { return null; } // Get all the Author ID's that are already in `self::$_pool` $authors = array(); $pooled_authors = array_intersect($id, array_keys(self::$_pool)); foreach ($pooled_authors as $pool_author) { $authors[] = self::$_pool[$pool_author]; } // Get all the Author ID's that are not already stored in `self::$_pool` $id = array_diff($id, array_keys(self::$_pool)); $id = array_filter($id); if (empty($id)) { return $return_single ? $authors[0] : $authors; } $records = Symphony::Database()->fetch(sprintf("SELECT *\n FROM `tbl_authors`\n WHERE `id` IN (%s)", implode(",", $id))); if (!is_array($records) || empty($records)) { return $return_single ? $authors[0] : $authors; } foreach ($records as $row) { $author = new Author(); foreach ($row as $field => $val) { $author->set($field, $val); } self::$_pool[$author->get('id')] = $author; $authors[] = $author; } return $return_single ? $authors[0] : $authors; }
function detalhe($id) { global $twig; $author = new Author(); echo $twig->render('author_detail.html', array('author' => $author->get("id = {$id}"))); }
public function userCanDoAction($user, $entry, $action) { //DEFAULT RETURN VALUE IS TRUE $ret = true; //GRANT ALL PERMISSIONS TO THE AUTHOR $author = new Author(); $author->clause('author_id', $entry->get('author_id')); $author->noForeign(); $author_user_id = $author->get('user_id'); if ($author_user_id != $user->id()) { //FIRST CHECK IF WE ARE EXCLUDED BASED ON ACCESS LEVEL $min_level = Application::user()->minAccessLevel(); $check_entry = $entry->restrict(); //IF THE ENTRY ACCESS ID IS GREATER THAN THE MIN LEVEL //OF THE CURRENT APP USER (0 IS ROOT LEVEL ACCESS) if ($access = $check_entry->fetchSingle('Access')) { $level = $access->get('access_level'); } else { $level = 0; } if ($level >= $min_level) { if ($user->id()) { $access = new EntryGroupAccess(); //NOW CHECK IF THERE IS GROUP ACCESS CONTROL FOR //ANY GROUPS THIS USER IS A MEMBER OF $user = $user->restrict(); $user->also('Group'); $access->clause('author_id', $entry->get('author_id')); $access->clause('entry_id', $entry->get('entry_id')); //IF THE USER IS IN ANY GROUPS if ($groups = $user->fetch('Group')) { $access->clause('group_id', $groups, Clause::IN); } else { $access->clause('group_id', 0); } //IF THERE WERE ACCESS ENTRIES FOR GROUPS THAT THIS USER IS IN if ($entries = $access->fetch()) { //LOOP THROUGH UNTIL WE FIND A GROUP THAT DIASALLOWS //THEN STOP foreach ($entries as $access_entry) { if ($ret) { $ret = $access_entry->get($action); } else { end($entries); } } } else { if ($action != LogbookAccess::VIEW) { $ret = false; } } } else { if ($action != LogbookAccess::VIEW) { $ret = false; } } } else { $ret = false; } } return $ret; }