function approve($id)
{
if ($_POST) {
$rs = new Tool($id);
$rs->from_array($_POST);
$rs->save();
}
}
public function __construct($request_path, $request_params, $request_method, $return_type)
{
$function = array('class_name' => __NAMESPACE__, 'method_name' => __METHOD__);
//validating the return type and set default if not found
if (array_contains($return_type, Constants::get('allowed_return_types') == false)) {
$return_type = Constants::get('default_return_type');
} else {
$this->return_type = set_default($return_type, Constants::get('allowed_return_types'));
}
//validate if request path is valid else throw error
if (is_ready($request_path) == false) {
$error = Tool::prepare('Request path is invalid, unable to process routing request.', 'Request path is null, verify that index router has parsed the information correctly.', __LINE__, $this->return_type, Constants::get('default_error_code'));
Tool::error($function, $error, false);
} else {
enforce_inputs(array($request_path, 'array', null, null, false), $this->return_type);
$this->original_path = $request_path;
$this->request_path = $request_path;
}
//validate if request method is valid, else set as default (post takes precendence if both are used)
$this->request_method = set_default($request_method, Constants::get('default_http_method'));
$allowed_http_methods = Constants::get('allowed_http_methods');
if (array_contains($request_method, $allowed_http_methods, false) == false) {
$request_method = Constants::get('default_http_method');
}
$this->request_method = strtolower($request_method);
//add post params to class if exist
$this->request_params = $request_params;
//normalise request_path
if (is_ready(end($this->request_path)) == false) {
array_pop($this->request_path);
}
}
public function upload()
{
if (isset($_FILES['userfile']['tmp_name'])) {
switch ($_POST['type']) {
case 'face':
$width = 99;
$height = 100;
$info = '头像上传成功';
break;
case 'ok':
$width = 300;
$height = 300;
$info = '图片上传成功';
break;
case 'rotator':
$width = 1200;
$height = 530;
$info = '轮播器图片上传成功';
break;
default:
exit('非法操作');
}
$upload = new UploadFile('userfile', $_POST['MAX_FILE_SIZE']);
$path = $upload->getPath();
$thumb = new Image($path);
$thumb->thumb($width, $height);
$thumb->outImage();
$upload->alertThumbClose($info, $path);
} else {
Tool::alertBack('警告:未知错误');
}
}
public function delete_tool()
{
if ($this->loaded) {
ORM::factory('calendar_item')->where(array('fk_site' => $this->fk_site, 'calendar_id' => $this->id))->delete_all();
return parent::delete($this->id);
}
}
/**
* 应用程序初始化
*/
public static function start()
{
// 加载默认配置
C(include CONF_PATH . '/convention.php');
date_default_timezone_set(C('DEFAULT_TIMEZONE'));
// 环境变量
putenv('LC_ALL=C');
putenv('LANG="zh_CN.UTF-8"');
spl_autoload_register(array('M3d', 'autoload'));
require_array(array(LIB_PATH . '/Core/Dispatcher.class.php', LIB_PATH . '/Core/Model.class.php', LIB_PATH . '/Core/Action.class.php', LIB_PATH . '/Core/View.class.php', LIB_PATH . '/Core/Tool.class.php', LIB_PATH . '/Core/Plugin.class.php'));
define('REQUEST_METHOD', strtolower($_SERVER['REQUEST_METHOD']));
define('IS_GET', REQUEST_METHOD === 'get');
define('IS_POST', REQUEST_METHOD === 'post');
define('IS_PUT', REQUEST_METHOD === 'put');
define('IS_DELETE', REQUEST_METHOD === 'delete');
define('IS_AJAX', isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest');
Tool::start();
Plugin::start();
// 加载全局配置
C(include C('M3D_CONF_PATH') . '/config.php');
// 加载project配置
C(include PROJECT_PATH . '/conf/config.php');
Dispatcher::dispatch();
self::exec();
}
public function configureData()
{
// Look if this login exists
$rs = DB::select('
SELECT `id`
FROM `user`
WHERE `login`="' . $_POST['login'] . '" AND `valided`=1
');
// If this user is not already registered
// TODO : check if the email is not allready taken
if ($rs['total'] == 0) {
// Encrypte password
$key = md5(rand(0, 1000) + microtime());
// Insert user's infos in the base
$id = DB::insert('INSERT INTO `user` (`login`, `zip`, `male`, `email`, `password`, `key`, `register_date`) VALUES
(
"' . $_POST['login'] . '",
"' . $_POST['zip'] . '",
"' . $_POST['gender'] . '",
"' . $_POST['email'] . '",
"' . md5($_POST['password']) . '",
"' . $key . '",
"' . time() . '"
)');
$subject = 'Bienvenue sur Opipop - confirmation de votre enregistrement';
$message = 'Clicked ici pour activer votre compte : ' . Conf::get('ROOT_PATH') . $_POST['login'] . '/confirm?u=' . $id . '&k=' . $key;
Tool::sendMail(Conf::get('SITE_NAME'), Conf::get('ADMIN_EMAIL'), $_POST['email'], $subject, $message);
}
}
public function Action()
{
switch ($_GET['action']) {
case 'login':
if (isset($_POST['send'])) {
if (!Validate::Check_Length($_POST['code'], 4, 'equals')) {
Tool::alertBack('验证码必须为四位');
}
if (!Validate::Check_Equals($_POST['code'], strtolower($_SESSION['code']))) {
Tool::alertBack('验证码不正确');
}
$object = $this->model->Manage_Login();
if (!Validate::Check_Null($object)) {
$_SESSION['admin']['username'] = $object->username;
//生成session
$_SESSION['admin']['level_position'] = $object->level_position;
$this->model->Login_Count();
Tool::alertLocation(null, 'admin.php');
} else {
Tool::alertBack('用户名或者密码错误,请重新输入');
}
}
break;
case 'logout':
if (session_start()) {
session_destroy();
}
Tool::alertLocation(null, 'admin_login.php');
break;
}
}
public function configure()
{
// Init category
$category = new Model_Category(Conf::get('MAIN_CATEGORY'));
if ($category->getQuestionsTotal(true, true) == 0) {
return;
}
// Get questions
$questions = $category->getQuestions('latest', $this->page, true, true);
if ($category->getQuestionsTotal(true, true) <= ($this->page + 1) * Conf::get('QUESTION_PER_PAGE')) {
header('X-JSON: (Question.setEndReached())');
}
$colors = Conf::get('GRAPH_COLORS');
// Loop through all questions
foreach ($questions as $key => $question) {
// Get question's answers
$answers = $question->getAnswers();
$data = array();
foreach (array_reverse($answers) as $key => $answer) {
$data[] = array('value' => $answer->getPercentResultsMatching() / 100, 'color' => $colors[$key]);
}
// Assign question infos
Globals::$tpl->assignLoopVar('question_archive', array('id' => $question->getId(), 'label' => $question->getLabel(), 'guid' => Tool::makeGuid($question->getLabel()), 'data' => json_encode($data), 'time' => Tool::timeWarp($question->getEndDate())));
// Assign answers infos
foreach ($answers as $key => $answer) {
Globals::$tpl->assignLoopVar('question_archive.answer', array('percentFormated' => round($answer->getPercentResultsMatching()), 'label' => $answer->getLabel(), 'key' => $key));
}
}
}
/**
* 编辑
*/
public function actionEdit($id)
{
$model = parent::_model(new Article(), $id);
$addonarticle = parent::_model(new Addonarticle(), $id);
if (isset($_POST['Article'])) {
$transaction = Yii::app()->db->beginTransaction();
try {
$model->attributes = $_POST['Article'];
if (!$model->save()) {
Tool::logger('article', var_export($model->getErrors(), true));
throw new CException('文章更新失败');
}
$addonarticle->attributes = $_POST['Addonarticle'];
if (!$addonarticle->save()) {
Tool::logger('article', var_export($addonarticle->getErrors(), true));
throw new CException('文章附表更新失败');
}
$this->redirect(array('list'));
} catch (Exception $e) {
Tool::logger('article', $e->getMessage());
$transaction->rollback();
}
}
$this->render('edit', array('model' => $model, 'addonarticle' => $addonarticle));
}
public static function getValueByKey($key, $valueType = _STRING)
{
$config = "";
try {
if (empty($key)) {
throw new Exception("参数异常!");
Tool::logger(__METHOD__, __LINE__, "参数异常!");
}
if (empty(self::$configs)) {
self::$configs = Tool::readConfig();
}
if (isset(self::$configs[$key])) {
$config = self::$configs[$key];
if ($valueType === _BOOL) {
//bool类型
$config = $config == TRUE;
} else {
if ($valueType === _INT) {
//int类型
if (is_numeric($config)) {
$config = intval($config);
} else {
$config = -1;
}
}
}
}
} catch (Exception $e) {
Tool::logger(__METHOD__, __LINE__, sprintf("读取配置文件失败: %s", $e->getMessage()));
}
return $config;
}
/**
* Allows a model to be loaded by username or email address.
*/
public function unique_key($id)
{
if (!empty($id) and is_string($id) and !ctype_digit($id)) {
return valid::email($id) ? 'email' : 'username';
}
return parent::unique_key($id);
}
public function index()
{
$_cookie = new Cookie('user');
$_user = $_cookie->getCookie();
$_cookie = new Cookie('face');
$_face = $_cookie->getCookie();
if ($_user && $_face) {
$_member .= '<h2>会员信息</h2>';
$_member .= '<div class="a">您好,<strong>' . Tool::subStr($_user, null, 8, 'utf-8') . '</strong> 欢迎光临</div>';
$_member .= '<div class="b">';
$_member .= '<img src="images/' . $_face . '" alt="' . $_user . '" />';
$_member .= '<a href="###">个人中心</a>';
$_member .= '<a href="###">我的评论</a>';
$_member .= '<a href="register.php?action=logout">退出登录</a>';
$_member .= '</div>';
} else {
$_member .= '<h2>会员登录</h2>';
$_member .= '<form method="post" name="login" action="register.php?action=login">';
$_member .= '<label>用户名:<input type="text" name="user" class="text" /></label>';
$_member .= '<label>密 码:<input type="password" name="pass" class="text" /></label>';
$_member .= '<label class="yzm">验证码:<input type="text" name="code" class="text code" /> <img src="config/code.php" onclick=javascript:this.src="config/code.php?tm="+Math.random(); class="code" /></label>';
$_member .= '<p><input type="submit" name="send" value="登录" onclick="return checkLogin();" class="submit" /> <a href="register.php?action=reg">注册会员</a> <a href="###">忘记密码?</a></p>';
$_member .= '</form>';
}
echo "function getIndexLogin() {\n\t\t\t\tdocument.write('{$_member}');\n\t\t\t }";
}
public function error($_info)
{
$this->_controll->assign('message', $_info);
$this->_controll->assign('prev', Tool::getPrevPage());
$this->_controll->display(SMARTY_ADMIN . 'public/error.html');
exit;
}
public function configure()
{
// Get answers
$answers = $this->question->getAnswers();
$colors = Conf::get('GRAPH_COLORS');
$dataWomen = array();
$dataMen = array();
// Percent MALE
foreach (array_reverse($answers) as $key => $answer) {
$dataMen[] = array('value' => Tool::percent($answer->getTotalMale(), $this->question->getTotalMale()) / 100 * 0.95 + 0.05, 'color' => $colors[$key]);
}
foreach ($answers as $key => $answer) {
Globals::$tpl->assignLoopVar('question_men', array('key' => $key, 'label' => $answer->getLabel(), 'percent' => number_format(Tool::percent($answer->getTotalMale(), $this->question->getTotalMale()), 1, ',', ' ')));
}
// Percent FEMALE
foreach (array_reverse($answers) as $key => $answer) {
$dataWomen[] = array('value' => Tool::percent($answer->getTotalFemale(), $this->question->getTotalFemale()) / 100 * 0.95 + 0.05, 'color' => $colors[$key]);
}
foreach ($answers as $key => $answer) {
Globals::$tpl->assignLoopVar('question_women', array('key' => $key, 'label' => $answer->getLabel(), 'percent' => number_format(Tool::percent($answer->getTotalFemale(), $this->question->getTotalFemale()), 1, ',', ' ')));
}
Globals::$tpl->assignVar('question_men_data', json_encode($dataMen));
Globals::$tpl->assignVar('question_women_data', json_encode($dataWomen));
Globals::$tpl->assignVar('question_label', $this->question->getLabel());
}
/**
* Verifier si l'utilisateur est connecté
* @param array liste des rôles
*/
public static function ifConnect($rolesAuth = array(), $url = null)
{
/* Vérifier si l'utilisateur est connecté */
if (!isset($_SESSION['utilisateur']['id']) || empty($_SESSION['utilisateur']['id'])) {
/* Afficher une erreur 403 navigateur */
if (is_null($url)) {
header('HTTP/1.0 403 Forbidden');
} else {
/* Rediréction + message d'erreur */
header('location:' . $url);
Tool::setFlash('Vous devez être connecté pour utiliser cette page', 'erreur');
}
/* Fin du script */
die;
} else {
/* si l'utilisateur est connecté, verifier le rôle */
if (!empty($roles)) {
if (!in_array($_SESSION['role']['id'], $rolesAuth)) {
/* Afficher une erreur 403 navigateur */
header('HTTP/1.0 403 Forbidden');
die;
}
}
}
}
public function index()
{
$_cookie = new Cookie('user');
$_user = $_cookie->getCookie();
$_cookie = new Cookie('face');
$_face = $_cookie->getCookie();
if ($_user && $_face) {
$_member .= '<h2>Member Info</h2>';
$_member .= '<div class="a">Hello, Welcome <strong>' . Tool::subStr($_user, null, 8, null) . '</strong></div>';
$_member .= '<div class="b">';
$_member .= '<img src="image/' . $_face . '" />';
$_member .= '<a href="###">Personal</a>';
$_member .= '<a href="###">My Comment</a>';
$_member .= '<a href="register.php?action=logout">Logout</a>';
$_member .= '</div>';
} else {
$_member .= '<h2>Member Login</h2>';
$_member .= '<form method="post" name="login" action="register.php?action=login">';
$_member .= '<label>Username: <input type="text" name="user" class="text" /></label>';
$_member .= '<label>Password: <input type="password" name="pass" class="text" /></label>';
$_member .= '<label class="yzm">Validation: <input type="text" name="code" class="text code" /><img src="config/code.php" onclick=javascript:this.src="config/code.php?tm="+Math.random(); class="code" /></label>';
$_member .= '<p><input type="submit" name="send" value="login" class="submit" /><a href="register.php?action=reg">Register</a><a href="###">Forgot Password?</a></p>';
$_member .= '</form>';
}
echo "function getIndexLogin() {document.write('{$_member}');}";
}
public function configureData()
{
if (!Tool::isOk($_POST['id']) || !($user = Model_User::getLoggedUser()) || $user->getId() != $_POST['id'] || !Tool::isOk($_POST['zip']) || !isset($_POST['gender']) || !Tool::isOk($_POST['login'])) {
header('Location: ' . Conf::get('ROOT_PATH'));
exit;
}
DB::update('UPDATE `user` SET
`zip`="' . $_POST['zip'] . '",
`male`="' . $_POST['gender'] . '"
WHERE `id`="' . $_POST['id'] . '"');
if (isset($_FILES) && isset($_FILES['avatar']) && $_FILES['avatar']['error'] != 4) {
$size = filesize($_FILES['avatar']['tmp_name']);
$stat = stat($_FILES['avatar']['tmp_name']);
if ($size[0] <= 1680 && $size[1] <= 1680 && $stat['size'] <= 450 * 1024) {
$extention = strtolower(preg_replace('#.+\\.([a-zA-Z]+)$#isU', '$1', $_FILES['avatar']['name']));
$original = Conf::get('MEDIA_DIR') . 'avatar/original/' . $_POST['id'] . '.' . $extention;
move_uploaded_file($_FILES['avatar']['tmp_name'], $original);
$sizeSmall = explode('x', Conf::get('AVATAR_SMALL_SIZE'));
$sizeMedium = explode('x', Conf::get('AVATAR_MEDIUM_SIZE'));
$sizeLarge = explode('x', Conf::get('AVATAR_LARGE_SIZE'));
Tool::redimage($original, Conf::get('MEDIA_DIR') . 'avatar/' . Conf::get('AVATAR_LARGE_SIZE') . '/' . $_POST['id'] . '.jpg', $sizeLarge[0], isset($sizeLarge[1]) ? $sizeLarge[1] : false, true);
Tool::redimage($original, Conf::get('MEDIA_DIR') . 'avatar/' . Conf::get('AVATAR_MEDIUM_SIZE') . '/' . $_POST['id'] . '.jpg', $sizeMedium[0], isset($sizeMedium[1]) ? $sizeMedium[1] : false, true);
Tool::redimage($original, Conf::get('MEDIA_DIR') . 'avatar/' . Conf::get('AVATAR_SMALL_SIZE') . '/' . $_POST['id'] . '.jpg', $sizeSmall[0], isset($sizeSmall[1]) ? $sizeSmall[1] : false, true);
}
}
$_SESSION['feedback'] = 'Your informations has been updated';
header('Location: ' . Conf::get('ROOT_PATH') . $_POST['login']);
}
/**
* Open a session
*
* @access public
* @param string $base_path Cookie path
* @param string $save_path Custom session save path
*/
public function open($base_path = '/', $save_path = '')
{
if ($save_path !== '') {
session_save_path($save_path);
}
// HttpOnly and secure flags for session cookie
session_set_cookie_params(self::SESSION_LIFETIME, $base_path ?: '/', null, Tool::isHTTPS(), true);
// Avoid session id in the URL
ini_set('session.use_only_cookies', '1');
// Ensure session ID integrity
ini_set('session.entropy_file', '/dev/urandom');
ini_set('session.entropy_length', '32');
ini_set('session.hash_bits_per_character', 6);
// If session was autostarted with session.auto_start = 1 in php.ini destroy it, otherwise we cannot login
if (isset($_SESSION)) {
session_destroy();
}
// Custom session name
session_name('__S');
session_start();
// Regenerate the session id to avoid session fixation issue
if (empty($_SESSION['__validated'])) {
session_regenerate_id(true);
$_SESSION['__validated'] = 1;
}
}
public static function _manage_platoon($div, $plt)
{
$division = Division::findByName(strtolower($div));
$platoonId = Platoon::getIdFromNumber($plt, $division->id);
if (!is_null($platoonId)) {
$user = User::find(intval($_SESSION['userid']));
$member = Member::find(intval($_SESSION['memberid']));
if ($member->platoon_id == $platoonId || $user->role > 2 || User::isDev()) {
$tools = Tool::find_all($user->role);
$divisions = Division::find_all();
$platoon = Platoon::findById($platoonId);
$unassignedMembers = Platoon::unassignedMembers($platoonId, true);
$squads = Squad::findByPlatoonId($platoonId);
$memberCount = count((array) Platoon::members($platoonId));
$js = 'manage';
Flight::render('manage/platoon', compact('division', 'platoon', 'squads', 'unassignedMembers', 'memberCount'), 'content');
Flight::render('layouts/application', compact('js', 'user', 'member', 'tools', 'divisions'));
} else {
// insufficient access
Flight::redirect('404/', 404);
}
} else {
// nonexistent platoon
Flight::redirect('404/', 404);
}
}
public function checkLogin()
{
if (!isset($_SESSION['ticeStuId'])) {
Tool::alertLocation(null, Controller::createUrl('user/login'));
return false;
}
return true;
}
static function Check_Login()
{
if (session_start()) {
if (!isset($_SESSION['admin'])) {
Tool::alertLocation(null, 'admin_login.php');
}
}
}
static function userFileLocation($file, $defaultLocation = '.')
{
if (substr($file, 0, 1) != '/') {
$file = $_ENV['projectFolder'] . $defaultLocation . '/' . $file;
}
//since file base ensured (not purely relative), can run through absolutePath function
return Tool::absolutePath($file);
}
public function countLogin()
{
$_where = array("user='******'user']}'");
$_updateData['login_count'] = array('login_count+1');
$_updateData['last_ip'] = Tool::getIP();
$_updateData['last_time'] = Tool::getDate();
parent::update($_where, $_updateData);
}
/**
* Send a CSV response
*
* @access public
* @param array $data Data to serialize in csv
* @param integer $status_code HTTP status code
*/
public function csv(array $data, $status_code = 200)
{
$this->status($status_code);
$this->nocache();
header('Content-Type: text/csv');
Tool::csv($data);
exit;
}
public function clear()
{
if ($this->_model->clear()) {
$this->_redirect->succ(Tool::getPrevPage(), '清理成功');
} else {
$this->_redirect->error('没有找到可清理的订单');
}
}
public static function checkAdmin()
{
if (!isset($_SESSION['ticeAdmin'])) {
Tool::alertLocation('请先登录', Controller::createUrl('default/login'));
return false;
}
return true;
}
public function setLoginDetails()
{
$where = array("user='******'user']}'");
$updateData['login_count'] = array('login_count+1');
$updateData['last_ip'] = Tool::getIP();
$updateData['last_time'] = Tool::getDate();
parent::update($where, $updateData);
}
public function order()
{
$orderData = $this->getRequest()->filter($this->fields);
$orderData['date'] = tool::getDate();
$orderData['goods'] = serialize($_COOKIE['cart']);
$orderData['ordernum'] = Tool::getOrderNum();
return parent::add($orderData);
}
public function add()
{
//$_where = array("name='{$this->_R['name']}'");
//if (!$this->_check->addCheck($this, $_where)) $this->_check->error();
$_addData = $this->getRequest()->filter($this->_fields);
$_addData['user'] = $_COOKIE['user'];
$_addData['date'] = Tool::getDate();
return parent::add($_addData);
}
public function delete_tool()
{
if ($this->loaded) {
ORM::factory('blog_post')->where(array('fk_site' => $this->fk_site, 'blog_id' => $this->id))->delete_all();
ORM::factory('blog_post_tag')->where(array('fk_site' => $this->fk_site, 'blog_id' => $this->id))->delete_all();
ORM::factory('blog_post_comment')->where(array('fk_site' => $this->fk_site, 'blog_id' => $this->id))->delete_all();
return parent::delete($this->id);
}
}
