Example #1
0
 /**
  * Allows to add something to inner of form, for example, hidden session input to prevent CSRF
  *
  * @static
  *
  * @return string
  */
 protected static function form_csrf()
 {
     if (class_exists('\\cs\\User', false) && ($User = User::instance(true))) {
         return static::input(['value' => $User->get_session(), 'type' => 'hidden', 'name' => 'session']);
     }
     return '';
 }
Example #2
0
 /**
  * Get stream
  *
  * @param int|int[]	$id
  *
  * @return array|array[]|bool
  */
 function get($id)
 {
     if (is_array($id)) {
         foreach ($id as &$i) {
             $i = $this->get($i);
         }
         return $id;
     }
     $id = (int) $id;
     if (User::instance()->admin()) {
         $streams = $this->db()->qf(["SELECT *\n\t\t\t\tFROM `{$this->table}`\n\t\t\t\tWHERE `id` = '%s'\n\t\t\t\tLIMIT 1", $id]);
         foreach ($streams as &$stream) {
             $stream['tags'] = $this->db()->qfas(["SELECT `tag`\n\t\t\t\t\tFROM `[prefix]streams_streams_tags`\n\t\t\t\t\tWHERE `id` = '%s'", $stream['id']]);
         }
     }
     return $this->cache->get($id, function () use($id) {
         $data = $this->db()->qf(["SELECT\n\t\t\t\t\t`id`,\n\t\t\t\t\t`stream_url`,\n\t\t\t\t\t`lat`,\n\t\t\t\t\t`lng`\n\t\t\t\tFROM `{$this->table}`\n\t\t\t\tWHERE\n\t\t\t\t\t`id`\t\t= '%s' AND\n\t\t\t\t\t`approved`\t= 1 AND\n\t\t\t\t\t`abuse`\t\t< 5\n\t\t\t\tLIMIT 1", $id]) ?: false;
         $data['tags'] = $this->db()->qfas(["SELECT `tag`\n\t\t\t\tFROM `[prefix]streams_streams_tags`\n\t\t\t\tWHERE `id` = '%s'", $id]);
         return $data;
     });
 }
Example #3
0
/**
 * @package		Home
 * @category	modules
 * @author		Nazar Mokrynskyi <*****@*****.**>
 * @copyright	Copyright (c) 2014, Nazar Mokrynskyi
 * @license		MIT License, see license.txt
 */
namespace cs\modules\Home;

use cs\User;
if (!isset($_POST['stream_code'], $_POST['lat'], $_POST['lng'])) {
    error_code(400);
    return;
}
$User = User::instance();
if (!in_array(STREAMER_GROUP, $User->get_groups())) {
    error_code(403);
    return;
}
$stream_code = trim($_POST['stream_code']);
if (preg_match('/ustream.tv\\/(channel|embed)\\/([0-9]+)/', $stream_code, $m)) {
    $stream_code = "https://www.ustream.tv/embed/{$m['2']}";
} elseif (preg_match('/(youtube.com\\/embed\\/|youtube.com\\/watch\\?v=)([0-9a-z\\-]+)/i', $stream_code, $m)) {
    $stream_code = "https://www.youtube.com/embed/{$m['2']}";
} elseif ($stream_code != '') {
    error_code(400);
    return;
}
$User->set_data('stream_url', $stream_code);
$Events = Events::instance();
Example #4
0
 /**
  * Get new access_token with refresh_token
  *
  * @param string		$refresh_token
  * @param string		$client			Client id
  * @param string		$secret			Client secret
  *
  * @return array|bool					<i>false</i> on failure,
  * 										otherwise array ['access_token' => md5, 'refresh_token' => md5, 'expires_in' => seconds, 'token_type' => 'bearer']
  */
 function refresh_token($refresh_token, $client, $secret)
 {
     $client = $this->get_client($client);
     if (!is_md5($refresh_token) || !$client || $client['secret'] != $secret) {
         return false;
     }
     $data = $this->db_prime()->qf(["SELECT\n\t\t\t\t`user`,\n\t\t\t\t`access_token`,\n\t\t\t\t`session`\n\t\t\tFROM `[prefix]oauth2_clients_sessions`\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t= '%s' AND\n\t\t\t\t`refresh_token`\t= '%s'\n\t\t\tLIMIT 1", $client['id'], $refresh_token]);
     $this->db_prime()->q("DELETE FROM `[prefix]oauth2_clients_sessions`\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t= '%s' AND\n\t\t\t\t`refresh_token`\t= '%s'\n\t\t\tLIMIT 1", $client['id'], $refresh_token);
     if (!$data) {
         return false;
     }
     unset($this->cache->{"tokens/{$data['access_token']}"});
     $User = User::instance();
     $id = $User->get_session_user($data['session']);
     if ($id != $data['user']) {
         return false;
     }
     $User->add_session($id);
     $result = $this->get_code($this->add_code($client['id'], 'code'), $client['id'], $client['secret']);
     $User->del_session();
     return $result;
 }
Example #5
0
 }
 if (in_array($plugin, $Config->components['plugins'])) {
     $current_version = file_get_json(PLUGINS . "/{$plugin}/meta.json")['version'];
     $new_version = file_get_json("{$tmp_dir}/meta.json")['version'];
     if (!version_compare($current_version, $new_version, '<')) {
         $Page->warning($L->update_plugin_impossible_older_version($plugin));
         unlink($tmp_file);
         break;
     }
     $check_dependencies = check_dependencies($plugin, 'plugin', $tmp_dir);
     if (!$check_dependencies && $Config->core['simple_admin_mode']) {
         break;
     }
     $rc[2] = 'update';
     $Page->title($L->updating_of_plugin($plugin));
     rename($tmp_file, $tmp_file = TEMP . '/' . User::instance()->get_session() . '_plugin_update.phar.php');
     $a->content(h::{'p.lead.cs-center'}($L->update_plugin($plugin, $current_version, $new_version)) . h::{'input[type=hidden]'}(['name' => 'mode', 'value' => $rc[2]]) . h::{'input[type=hidden]'}(['name' => 'plugin', 'value' => $rc[3]]));
     $a->cancel_button_back = true;
     $a->content(h::{'button[type=submit]'}($L->{$check_dependencies ? $L->yes : 'force_update_not_recommended'}));
     return;
 }
 if (!file_exists(PLUGINS . "/{$plugin}") && !mkdir(PLUGINS . "/{$plugin}", 0700)) {
     $Page->warning($L->cant_unpack_plugin_no_write_permissions);
     unlink($tmp_file);
     break;
 }
 $fs = file_get_json("{$tmp_dir}/fs.json");
 $extract = array_product(array_map(function ($index, $file) use($tmp_dir, $plugin) {
     if (!file_exists(dirname(PLUGINS . "/{$plugin}/{$file}")) && !mkdir(dirname(PLUGINS . "/{$plugin}/{$file}"), 0700, true)) {
         return 0;
     }
Example #6
0
<?php

/**
 * @package		Static Pages
 * @category	modules
 * @author		Nazar Mokrynskyi <*****@*****.**>
 * @copyright	Copyright (c) 2011-2014, Nazar Mokrynskyi
 * @license		MIT License, see license.txt
 */
namespace cs\modules\Static_pages;

use cs\Cache, cs\User, cs\Trigger;
Trigger::instance()->register('admin/System/components/modules/uninstall/process', function ($data) {
    if ($data['name'] != 'Static_pages' || !User::instance()->admin()) {
        return true;
    }
    time_limit_pause();
    $Static_pages = Static_pages::instance();
    $structure = $Static_pages->get_structure();
    while (!empty($structure['categories'])) {
        foreach ($structure['categories'] as $category) {
            $Static_pages->del_category($category['id']);
        }
        $structure = $Static_pages->get_structure();
    }
    unset($category);
    if (!empty($structure['pages'])) {
        foreach ($structure['pages'] as $page) {
            $Static_pages->del($page);
        }
        unset($page);
Example #7
0
 /**
  * Deletion of additional data item(s) of specified user
  *
  * @param string|string[]		$item
  *
  * @return bool|string|string[]
  */
 function del_data($item)
 {
     return User::instance()->del_data($item, $this->id);
 }
Example #8
0
 /**
  * Set driver
  *
  * @param $lat
  * @param $lng
  * @param $busy
  * @param $user
  *
  * @return bool|int
  */
 function set($lat, $lng, $busy, $user = false)
 {
     $User = User::instance();
     $user = $user ?: $User->id;
     return $this->db_prime()->q("INSERT INTO `{$this->table}`\n\t\t\t\t(`id`, `timeout`, `lat`, `lng`, `busy`)\n\t\t\tVALUES\n\t\t\t\t('%s', '%s', '%s', '%s', '%s')\n\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\t`timeout`\t= VALUES(`timeout`),\n\t\t\t\t`lat`\t\t= VALUES(`lat`),\n\t\t\t\t`lng`\t\t= VALUES(`lng`),\n\t\t\t\t`busy`\t\t= VALUES(`busy`)", $user, TIME + 30, $lat, $lng, (int) (bool) $busy);
 }
Example #9
0
 /**
  * Page generation
  */
 function __finish()
 {
     static $executed = false;
     if ($executed) {
         return;
     }
     $executed = true;
     /**
      * Cleaning of output
      */
     if (OUT_CLEAN) {
         ob_end_clean();
     }
     /**
      * Detection of compression
      */
     $ob = false;
     $Config = Config::instance(true);
     if (API || $Config && !zlib_compression() && $Config->core['gzip_compression']) {
         ob_start('ob_gzhandler');
         $ob = true;
     }
     /**
      * For AJAX and API requests only content without page template
      */
     if (!$this->interface) {
         /**
          * Processing of replacing in content
          */
         echo $this->process_replacing($this->Content ?: (API ? 'null' : ''));
     } else {
         Trigger::instance()->run('System/Page/pre_display');
         class_exists('\\cs\\Error', false) && Error::instance(true)->display();
         /**
          * Processing of template, substituting of content, preparing for the output
          */
         $this->prepare();
         /**
          * Processing of replacing in content
          */
         $this->Html = $this->process_replacing($this->Html);
         /**
          * Getting of debug information
          */
         if (DEBUG && (User::instance(true)->admin() || $Config->can_be_admin && $Config->core['ip_admin_list_only'])) {
             $this->get_debug_info();
         }
         Trigger::instance()->run('System/Page/display');
         echo str_replace(['<!--debug_info-->', '<!--generate time-->', '<!--peak memory usage-->'], [$this->debug_info ? h::level(h::{'div#cs-debug.uk-modal div.uk-modal-dialog-large'}(h::level($this->debug_info), ['title' => Language::instance()->debug, 'style' => 'margin-left: -45%; width: 90%;']), $this->level['debug_info']) : '', format_time(round(microtime(true) - MICROTIME, 5)), format_filesize(memory_get_usage(), 5) . h::{'sup[level=0]'}(format_filesize(memory_get_peak_usage(), 5))], rtrim($this->Html));
     }
     if ($ob) {
         ob_end_flush();
     }
 }
Example #10
0
/**
 * Get HybridAuth instance with current configuration. Strongly recommended for usage
 *
 * @param null|string	$provider
 * @param null|string	$base_url
 *
 * @return Hybrid_Auth
 */
function get_hybridauth_instance($provider = null, $base_url = null)
{
    require_once __DIR__ . '/../Hybrid/Auth.php';
    $Config = Config::instance();
    $User = User::instance();
    $HybridAuth = new Hybrid_Auth(['base_url' => $base_url ?: $Config->base_url() . "/HybridAuth/{$provider}/endpoint/" . $User->get_session(), 'providers' => $Config->module('HybridAuth')->providers]);
    if ($User->user() && MODULE != 'HybridAuth') {
        $HybridAuth->restoreSessionData(serialize($User->get_data('HybridAuth_session')));
    }
    return $HybridAuth;
}
Example #11
0
            $Page->error(['access_denied', 'client_secret do not corresponds client_id']);
        }
        $token_data = $OAuth2->get_token($access_token, $client_id, $client['secret']);
    } else {
        $token_data = $OAuth2->get_token($access_token, $client_id, $client['secret']);
        if ($token_data['type'] == 'code') {
            error_code(403);
            $Page->error(['invalid_request', "This access_token can't be used without client_secret"]);
        }
    }
    if (!$token_data) {
        error_code(403);
        $Page->error(['access_denied', 'access_token expired']);
    }
    $_POST['session'] = $_REQUEST['session'] = $token_data['session'];
    _setcookie('session', $token_data['session']);
    if (!Config::instance()->module('OAuth2')->guest_tokens) {
        Trigger::instance()->register('System/User/construct/after', function () {
            if (!User::instance()->user()) {
                error_code(403);
                Page::instance()->error(['access_denied', 'Guest tokens disabled']);
            }
        });
    }
})->register('System/Index/mainmenu', function ($data) {
    if ($data['path'] == 'OAuth2') {
        $data['hide'] = true;
        return false;
    }
    return true;
});
Example #12
0
 /**
  * Executes plugins processing, blocks and module page generation
  */
 function __finish()
 {
     static $finished = false;
     if ($finished) {
         return;
     }
     $finished = true;
     $Config = Config::instance();
     $Page = Page::instance();
     /**
      * If site is closed, user is not admin, and it is not request for sign in
      */
     if (!$Config->core['site_mode'] && !(User::instance()->admin() || API && $Config->route === ['user', 'sign_in'])) {
         code_header(503);
         return;
     }
     if (defined('ERROR_CODE')) {
         $Page->error();
     }
     Trigger::instance()->run('System/Index/preload');
     if (!IN_ADMIN && !$this->api && file_exists(MODULES . '/' . MODULE . '/index.html')) {
         ob_start();
         _include(MODULES . '/' . MODULE . '/index.html', false, false);
         $Page->content(ob_get_clean());
         if ($this->title_auto) {
             $Page->title(Language::instance()->{HOME ? 'home' : MODULE});
         }
     } elseif (!defined('ERROR_CODE') && !$this->stop) {
         $this->init_auto && $this->init();
     }
     if ($this->generate_auto) {
         $this->generate();
     }
     if ($this->stop) {
         if (_getcookie('sign_out') && !(API && MODULE == 'System' && $Config->route == ['user', 'sign_out'])) {
             _setcookie('sign_out', '');
         }
         return;
     }
     if (defined('ERROR_CODE')) {
         $Page->error();
     } elseif (_getcookie('sign_out') && !(API && MODULE == 'System' && $Config->route == ['user', 'sign_out'])) {
         _setcookie('sign_out', '');
     }
     Trigger::instance()->run('System/Index/postload');
 }
Example #13
0
        $cache[$class] = realpath($file);
        file_put_json(CACHE . '/classes_autoloading', $cache);
        return true;
    }
    return false;
}, true, true);
/**
 * Correct termination
 */
register_shutdown_function(function () {
    if (!class_exists('\\cs\\Core', false)) {
        return;
    }
    Index::instance(true)->__finish();
    Page::instance()->__finish();
    User::instance(true)->__finish();
});
/**
 * Enable of errors processing
 */
function errors_on()
{
    error_reporting(defined('DEBUG') && DEBUG ? E_ALL : E_ERROR | E_WARNING | E_PARSE);
    if (defined('CS_ERROR_HANDLER') && CS_ERROR_HANDLER && class_exists('\\cs\\Error', false)) {
        Error::instance()->error = true;
    }
}
/**
 * Disabling of errors processing
 */
function errors_off()
Example #14
0
<?php

/**
 * @package        Moderation
 * @category       modules
 * @author         Nazar Mokrynskyi <*****@*****.**>
 * @copyright      Copyright (c) 2014, Nazar Mokrynskyi
 * @license        MIT License, see license.txt
 */
namespace cs\modules\Precincts;

use cs\Index, cs\Page, cs\User;
$Index = Index::instance();
if (!isset($_POST['status'], $Index->route_ids[0])) {
    error_code(400);
    return;
}
$Violations = Violations::instance();
$action = $_POST['status'] ? 'approve' : 'decline';
$violation = $Violations->get($Index->route_ids[0]);
if (!$Violations->{$action}($violation['id'])) {
    error_code(500);
    return;
}
Page::instance()->json(['user' => (int) $violation['user'], 'rating' => (int) $Violations->user_rating($violation['user']), 'username' => User::instance()->username($violation['user'])]);
Example #15
0
 protected function get_all_internal()
 {
     $User = User::instance();
     $admin = $User->admin();
     $user_id = $User->id;
     if ($admin) {
         return $this->db()->qfas(["SELECT `id`\n\t\t\t\tFROM `{$this->table}`\n\t\t\t\tWHERE\n\t\t\t\t\t(\n\t\t\t\t\t\t`timeout`\t> '%s' OR\n\t\t\t\t\t\t`timeout`\t= 0\n\t\t\t\t\t) AND\n\t\t\t\t\t`lat`\t\t!= 0 AND\n\t\t\t\t\t`lng`\t\t!= 0\n\t\t\t\tORDER BY `added` DESC", TIME]);
     }
     $groups = $User->get_groups();
     if (in_array(AUTOMAIDAN_COORD_GROUP, $groups ?: [])) {
         return $this->db()->qfas(["SELECT `id`\n\t\t\t\tFROM `{$this->table}`\n\t\t\t\tWHERE\n\t\t\t\t\t(\n\t\t\t\t\t\t`timeout`\t> '%s' OR\n\t\t\t\t\t\t`timeout`\t= 0\n\t\t\t\t\t) AND\n\t\t\t\t\t(\n\t\t\t\t\t\t`confirmed`\t= 0 OR\n\t\t\t\t\t\t`category` IN (1, 3, 6, 7, 8, 17, 21, 22)\n\t\t\t\t\t) AND\n\t\t\t\t\t`lat`\t\t!= 0 AND\n\t\t\t\t\t`lng`\t\t!= 0\n\t\t\t\tORDER BY `added` DESC", TIME]);
     }
     $groups[] = 0;
     if ($User->user()) {
         $groups[] = 1;
     }
     $groups = implode(',', $groups);
     return $this->db()->qfas(["SELECT `id`\n\t\t\tFROM `{$this->table}`\n\t\t\tWHERE\n\t\t\t\t(\n\t\t\t\t\t(\n\t\t\t\t\t\t`visible` IN({$groups}) AND\n\t\t\t\t\t\t`confirmed`\t> 0\n\t\t\t\t\t) OR\n\t\t\t\t\t`user`\t= {$user_id}\n\t\t\t\t) AND\n\t\t\t\t(\n\t\t\t\t\t`timeout`\t> '%s' OR\n\t\t\t\t\t`timeout`\t= 0\n\t\t\t\t) AND\n\t\t\t\t`lat`\t!= 0 AND\n\t\t\t\t`lng`\t!= 0\n\t\t\tORDER BY `added` DESC", TIME]);
 }
Example #16
0
<?php

/**
 * @package		CleverStyle CMS
 * @subpackage	System module
 * @category	modules
 * @author		Nazar Mokrynskyi <*****@*****.**>
 * @copyright	Copyright (c) 2011-2014, Nazar Mokrynskyi
 * @license		MIT License, see license.txt
 */
namespace cs;

use h;
$Config = Config::instance();
$L = Language::instance();
Index::instance()->content(h::{'table.cs-table-borderless.cs-left-even.cs-right-odd tr'}([h::td([h::info('key_expire'), h::{'input[type=number]'}(['name' => 'core[key_expire]', 'value' => $Config->core['key_expire'], 'min' => 1]) . $L->seconds]), h::td([h::info('ip_black_list'), h::textarea($Config->core['ip_black_list'], ['name' => 'core[ip_black_list]'])]), h::td([h::info('ip_admin_list_only'), h::{'input[type=radio]'}(['name' => 'core[ip_admin_list_only]', 'checked' => $Config->core['ip_admin_list_only'], 'value' => [0, 1], 'in' => [$L->off, $L->on]])]), h::td([h::info('ip_admin_list'), h::textarea($Config->core['ip_admin_list'], ['name' => 'core[ip_admin_list]']) . h::br() . $L->current_ip . ': ' . h::b(User::instance()->ip)])]));