/** * List current set of users * * @version 1.0 * @since 1.0.0 * @author Dan Aldridge * * @return void */ public function manage() { $objSQL = Core_Classes_coreObj::getDBO(); $objTPL = Core_Classes_coreObj::getTPL(); $objTime = Core_Classes_coreObj::getTime(); $objUser = Core_Classes_coreObj::getUser(); $objTPL->set_filenames(array('body' => cmsROOT . Core_Classes_Page::$THEME_ROOT . 'block.tpl', 'panel' => cmsROOT . 'modules/core/views/admin/users/list.tpl')); $query = $objSQL->queryBuilder()->select('*')->from('#__users')->orderby('id')->build(); $users = $objSQL->fetchAll($query, 'id'); if (!$users) { msgDie('INFO', 'Cant query users :/'); return false; } foreach ($users as $id => $user) { switch ($user['userlevel']) { case ADMIN: $role = 'Administrator'; break; case MOD: $role = 'Moderator'; break; case USER: $role = 'User'; break; } $objTPL->assign_block_vars('user', array('ID' => $id, 'NAME' => $objUser->makeUsername($id), 'EMAIL' => $user['email'], 'DATE_REGISTERED' => $objTime->mk_time($user['register_date']), 'ROLE' => $role, 'STATUS' => $user['active'] == '1' ? 'Active' : 'Disabled', 'STATUS_LABEL' => $user['active'] == '1' ? 'success' : 'error')); } $objTPL->parse('panel', false); Core_Classes_coreObj::getAdminCP()->setupBlock('body', array('cols' => 3, 'vars' => array('TITLE' => 'User Management', 'CONTENT' => $objTPL->get_html('panel', false), 'ICON' => 'fa-icon-user'), 'custom_html' => array('HTML' => Core_Classes_coreObj::getForm()->inputBox('search_user', 'text', '', array('class' => 'input-mini', 'placeholder' => 'Search..'))))); }
/** * Generate a date string from a timestamp * * @version 1.0 * @since 1.0.0 * @author Dan Aldridge * * @param int $timestamp * @param string $format * @param bool $format * * @return string */ public function mk_time($timestamp, $format = 'db', $return = 0) { // Get the instances we need $objUser = Core_Classes_coreObj::getUser(); $translate = array(); $format = $format == 'db' ? $this->config('site', 'time', 'jS F h:ia') : $format; $timestamp = isset($timestamp) ? $timestamp : time(); $timestamp = date('I') == 0 ? $this->mod_time($timestamp, 0, 0, 1) : $timestamp; // If User is logged in, Use his/her timezone if (Core_Classes_User::$IS_ONLINE && $objUser->grab('timezone')) { $this->mod_time($timestamp, 0, 0, $objUser->grab('timezone')); } // Translate the date if it's possible if (empty($translate) && $this->currentLanguage != 'en') { $lang_date = langVar('DATETIME'); reset($lang_date); while (list($match, $replace) = each($lang_date)) { $translate[$match] = $replace; } } // If we're not meant to return anything, if ($return === 0) { $return = gmdate($format, $timestamp); // Execute translation if there is a translation if (!empty($translate)) { $return = strtr($return, $translate); } } else { $return = $timestamp; } // Tidy up unset($objUser, $translate, $format, $timestamp, $lang_date, $match, $replace, $format); return $return; }
public function login_process() { $objUser = Core_Classes_coreObj::getUser(); $objLogin = Core_Classes_coreObj::getLogin(); $objPage = Core_Classes_coreObj::getPage(); if ($objLogin->process() !== true) { $this->login_form(); return; } $objPage->redirect(doArgs('referer', '/' . root(), $_SESSION['login']), 0); }
/** * Set the view for the method. * * @version 1.0 * @since 1.0.0 * @author Dan Aldridge * * @param string $view * * @return mixed */ public function setView($view = 'default') { $objTPL = Core_Classes_coreObj::getTPL(); $objUser = Core_Classes_coreObj::getUser(); $classPrefixes = array('Modules_', 'Admin_'); $module = $this->getVar('_module'); $method = $this->getVar('_method'); $view = str_replace('.tpl', '', $view); $moduleInfo = explode('_', $module); if (is_empty($view)) { trigger_error('You did not set a view for this method.'); return false; } // Allow Developers to test custom views /*if( !empty( $_GET['view'] ) ) { // @TODO Add && IS_ADMIN $tempPath = sprintf('modules/%s/views/%s.tpl', $module, $_GET['view']); if( is_readable( $tempPath ) ) { $view = $_GET['view']; } else { trigger_error('The view overide you attempted to use dow work'); return false; } }*/ // define a path for the views, & check for an override within there too $path = sprintf('modules/%s/views/%s.tpl', str_replace($classPrefixes, '', $module), $view); if (in_array('Override', $moduleInfo)) { $module = str_replace($classPrefixes, '', get_parent_class($this)); $file = sprintf('themes/%1$s/override/modules/%2$s/%3$s.tpl', $objUser->grab('theme'), $module, $view); if (is_file($file)) { $path = $file; } } if (!is_file($path)) { trigger_error($path . ' is not a valid path'); return false; } $objTPL->set_filenames(array('body' => $path)); $this->setVar('viewSet', true); return $objTPL; }
/** * Gathers Output info for the Config Array * * @version 1.0 * @since 1.0.0 * @author Dan Aldridge * * @return array */ public function getConfig() { $count = 0; $content = ''; $perms = array('IS_ONLINE' => Core_Classes_User::$IS_ONLINE, 'IS_USER' => Core_Classes_User::$IS_USER, 'IS_MOD' => Core_Classes_User::$IS_MOD, 'IS_ADMIN' => Core_Classes_User::$IS_ADMIN); $objUser = Core_Classes_coreObj::getUser(); $content .= dump($perms, 'Global User Perms for ' . $objUser->grab('username')); $config = $this->config(); // wipe it out on the dev page, dont mind the debug showing but no need to output our db stuff :P if ($_SERVER['HTTP_HOST'] == 'dev.cybershade.org') { unset($config['db']); } $content .= dump($config, 'config'); return array('count' => $count, 'content' => $content); }
/** * Displays a confirmation messagebox. * * @version 1.0 * @since 1.0.0 * @author Dan Aldridge * * @param string $type * @param string $msg * @param string $title * @param string $tplVar * * @return bool */ function confirmMsg($type, $msg, $title = NULL, $tplVar = NULL) { $objPage = Core_Classes_coreObj::getPage(); $objForm = Core_Classes_coreObj::getForm(); $objUser = Core_Classes_coreObj::getUser(); //check if we have confirmed either way yet if (!HTTP_POST) { //setup redirects and session ids $_SESSION['site']['confirm']['return'] = isset($_SERVER['HTTP_REFERER']) && !is_empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/' . root() . ''; $_SESSION['site']['confirm']['sessid'] = $sessid = $objUser->mkPassword($objUser->grab('username') . time()); //and the form, atm its gotta be crude, it'll be sexied up for the rebuild $newMsg = $objForm->start('msg', array('method' => 'POST')); $newMsg .= $msg . '<br />'; $newMsg .= $objForm->inputbox('sessid', 'hidden', $sessid) . '<br />'; $newMsg .= '<div align="center">' . $objForm->button('submit', 'Continue') . ' ' . $objForm->button('submit', 'Go Back', array('class' => 'black')) . '</div>'; $newMsg .= $objForm->finish(); //use msg() to output and return false so the code wont exec below echo msg($type, $newMsg, $tplVar, $title); return false; } else { //now we have confirmed, lets do a little sanity checking $redir = $_SESSION['site']['confirm']['return']; //we have the sessid if (!isset($_POST['sessid'])) { hmsgDie('FAIL', 'Error: Please confirm your intentions via the form.'); } if ($_POST['sessid'] != $_SESSION['site']['confirm']['sessid']) { hmsgDie('FAIL', 'Error: Could not verify your intentions.'); } //dont need this anymore unset($_SESSION['site']['confirm']); //make sure we actually have the submit if (!isset($_POST['submit'])) { hmsgDie('FAIL', 'Error: Could not verify your intentions.'); } //now check for what we expect and act accordingly if ($_POST['submit'] == 'Continue') { return true; } if ($_POST['submit'] == 'Go Back') { $objPage->redirect($redir, 3, 0); hmsgDie('INFO', 'Redirecting you back.'); } //if we get here, they tried to play us, so lets just return false anyway return false; } }
<?php /*======================================================================*\ || Cybershade CMS - Your CMS, Your Way || \*======================================================================*/ define('INDEX_CHECK', true); define('cmsDEBUG', true); $GET = $_GET; require_once 'core/core.php'; $objRoute = Core_Classes_coreObj::getRoute(); $objPage = Core_Classes_coreObj::getPage(); $objTPL = Core_Classes_coreObj::getTPL(); $objAdmin = Core_Classes_coreObj::getAdminCP('', $GET); $objUser = Core_Classes_coreObj::getUser(); $objRoute->modifyGET($GET); if (!Core_Classes_User::$IS_ONLINE || !Core_Classes_User::$IS_ADMIN) { // Need to sort out login // $objRoute->throwHTTP(404); $objPage->redirect('/' . root() . 'login'); exit; } $objPage->setTheme('perfectum-mootools'); $objPage->addBreadcrumbs(array(array('url' => '/' . root() . $objAdmin->mode . '/', 'name' => ucwords($objAdmin->mode) . ' Control Panel'))); $objPage->setTitle('Cybershade CMS Administration Panel'); // grab the nav and throw the baSic tpl setups together $objAdmin->getNav(); $objPage->tplGlobals(); // sort the route out, see what we need to do $objAdmin->invokeRoute(); // and then output..something $objPage->showHeader();
/** * Returns the html for the pagination * * @version 1.0 * @since 1.0.0 * @author Dan Aldridge * * @param array $options * * @return int */ public function getPagination($options = array()) { $options = array('url' => doArgs('url', '', $options), 'controls' => doArgs('controls', false, $options), 'type' => doArgs('type', 'pagination-mini', $options), 'showOne' => doArgs('showOne', false, $options)); $objTPL = Core_Classes_coreObj::getTPL(); $objUser = Core_Classes_coreObj::getUser(); // if we have 1 or less pages, then unless we specifically want to see it, hide the pagination if ($this->getTotalPages() <= 1) { if ($options['showOne'] === false) { return ''; } } // generate the pagination handle - each one has to be diff, to support > 1 on a page $handle = 'pagination_' . randCode(6); $objTPL->set_filenames(array($handle => cmsROOT . 'modules/core/views/markup.tpl')); // figure out which one we want to use $switch = IS_ONLINE ? $objUser->get('paginationStyle') : '1'; if (!method_exists($this, 'paginationStyle' . $switch)) { $switch = '1'; } $pages = $this->{'paginationStyle' . $switch}($options['controls']); $pages = isset($pages) ? $pages : array(); // setup the output $objTPL->assign_block_vars('pagination', array('TYPE' => $options['type'])); foreach ($pages as $page) { $objTPL->assign_block_vars('pagination.page', array('NUM' => doArgs('label', doArgs('count', '0', $page), $page), 'STATE' => doArgs('state', '', $page))); if (doArgs('url', true, $page)) { $objTPL->assign_block_vars('pagination.page.url', array('URL' => doArgs('url', true, $page) ? $this->url . $this->instance . '=' . doArgs('count', '0', $page) : '')); } else { $objTPL->assign_block_vars('pagination.page.span', array()); } } // and output $objTPL->parse($handle, false); return $objTPL->get_html($handle); }
public function tplGlobals() { $objUser = Core_Classes_coreObj::getUser(); $tplGlobals = array('ROOT' => root(), 'THEME_ROOT' => root() . self::$THEME_ROOT, 'SITE_TITLE' => $this->config('site', 'title'), 'USERNAME' => $objUser->grab('username'), 'U_UCP' => '/' . root() . 'user/', 'L_UCP' => langVar('L_UCP')); if (!Core_Classes_User::$IS_ONLINE) { $tplGlobals += array('U_LOGIN' => '/' . root() . 'login', 'L_LOGIN' => 'Login'); } else { $tplGlobals += array('U_LOGIN' => '/' . root() . 'logout?check=' . $objUser->grab('usercode'), 'L_LOGIN' => 'Logout'); } $moreTPL = Core_Classes_coreObj::getPlugins()->hook('CMS_PAGE_TPL_GLOBALS'); if (is_array($moreTPL) && count($moreTPL) > 1) { foreach ($moreTPL as $vars) { $tplGlobals = array_merge($tplGlobals, $vars); } } Core_Classes_coreObj::getTPL()->assign_vars($tplGlobals); }
/** * Checks whether the user has exceeded the login quota * * @version 1.0 * @since 1.0.0 * @author Daniel Noel-Davies * * @param bool $dontUpdate * * @return bool */ public function attemptsCheck($dontUpdate = false) { if ($this->onlineData['login_time'] >= time()) { return false; } elseif ($this->onlineData['login_attempts'] > $this->config('login', 'max_login_tries')) { if ($this->onlineData['login_time'] == '0') { $objSQL = Core_Classes_coreObj::getDBO(); $objTime = Core_Classes_coreObj::getTime(); $objUser = Core_Classes_coreObj::getUser(); $query = $objSQL->queryBuilder()->update('#__sessions')->set(array('login_time' => $objTime->mod_time(time(), 0, 15), 'login_attempts' => '0'))->where('sid', '=', $objUser->grab('userkey'))->build(); $objSQL->query($query); } return false; } if ($dontUpdate === true) { return true; } if ($this->userData['login_attempts'] >= $this->config('login', 'max_login_tries')) { if ($this->userData['login_attempts'] === $this->config('login', 'max_login_tries')) { //deactivate the users account Core_Classes_coreObj::getUser()->toggle($this->userData['id'], 'active', false); } return false; } return true; }
/** * Invokes the action of a route * * @version 1.0 * @since 1.0.0 * @author Daniel Noel-Davies & Dan Aldridge * * @return bool */ public function invokeRoute() { $route = $this->getVar('route'); if (is_empty($route)) { $this->throwHTTP(404); return; } cmsDEBUG ? memoryUsage('Route: Executing Route ' . dump($route)) : ''; $objUser = Core_Classes_coreObj::getUser(); // Check if the route is a redirection if (!is_empty($route['redirect'])) { // TODO: Add Internal Redirections (Internal, meaning no 301, just different internal processing) $this->throwHTTP(301, $route['redirect']); return true; } // We assume the invoke is a module call, Let's go! $module = $route['arguments']['module']; $method = $route['arguments']['method']; // Check the class and subsequent method are callable, else trigger an error if (class_exists($module) === false || is_callable(array($module, $method)) === false) { trigger_error('The module or method you are trying to call, dosen\'t exist.'); $a = array('module' => $module, 'method' => $method); echo dump($a, 'You are trying to call..'); return false; } // test for override within the directory $_module = str_replace('Modules_', '', $module); $path = cmsROOT . 'themes/%1$s/override/modules/%2$s/%3$s/class.%3$s.php'; if (is_readable(sprintf($path, $objUser->grab('theme'), $_module, $method)) === true) { $overrideClass = 'Override_Modules_' . $_module . '_' . $method; $getMethod = new ReflectionMethod($overrideClass, $method); // test to see if its callable, & declared in the right bloody class >.< if (is_callable(array($overrideClass, $method)) && $getMethod->getDeclaringClass()->name === $overrideClass) { $module = $overrideClass; } } // Retrieve the info we need about the class and method $refMethod = new ReflectionMethod($module, $method); $params = $refMethod->getParameters(); $args = array(); // Loop through the parameters the method asks for, and match them up with our arguments foreach ($params as $k => $name) { $var = $name->getName(); // check if the var they asked for is in the params if (!isset($route['arguments'][$var])) { $args[$var] = null; continue; } // and then check if we have to throw the var at them as a reference if ($name->isPassedByReference()) { $args[$var] =& $route['arguments'][$var]; } else { $args[$var] = $route['arguments'][$var]; } } // GO! $Module!, $Module used $Method($args)... It was super effective! ob_start(); $objModule = new $module(); $objModule->setVars(array('_method' => $method, '_module' => $module, '_params' => $route['arguments'])); $refMethod->invokeArgs($objModule, $args); $objPage = Core_Classes_coreObj::getPage(); $objPage->addMeta(array('name' => 'module', 'content' => $module)); $objPage->addMeta(array('name' => 'method', 'content' => $method)); $objPage->setVar('contents', ob_get_clean()); return $objModule; }
/** * Authorizes a peice of uploaded content * * @version 1.0 * @since 1.0.0 * @author Richard Clifford * * @param int $fid The file ID * @param bool $confirm Confirm with the user that the upload has been authorized * * @return bool */ public function authorize($fid, $confirm = false) { if (is_empty($fid)) { return false; } $objPlugins = Core_Classes_coreObj::getPlugins(); $objSQL = Core_Classes_coreObj::getDBO(); $objUser = Core_Classes_coreObj::getUser(); // Check if the file is already authorized $checkAuth = $objSQL->queryBuilder()->select('authorized', 'uid')->from('#__uploads')->where('id', '=', $fid)->build(); $fileAuth = $objSQL->fetchLine($checkAuth); $objPlugins->hook('CMS_AUTHORIZE_UPLOAD'); // return true if the file is already authorized if (isset($fileAuth['authorized']) && $fileAuth['authorized'] == '1') { return true; } // Update the uploads content to be authorized $query = $objSQL->queryBuilder()->update('#__uploads')->set(array('authorized' => 1))->where('id', '=', $fid)->build(); $result = $objSQL->query($query); if ($result) { $uid = !is_empty($fileAuth['uid']) ? $fileAuth['uid'] : false; if ($confirm && $uid) { $to = $objUser->get('email', $fileAuth['uid']); $from = sprintf('no-reply@', ltrim($_SERVER['SERVER_NAME'], 'www.')); $subject = sprintf('Your upload has been authorized - %s', $_SERVER['SERVER_NAME']); $message = sprintf('Your upload has now been authorized at %s', $_SERVER['SERVER_NAME']); _mailer($to, $from, $subject, $message); } return true; } return false; }
/** * Assign a user Moderator status over a group * * @version 1.0 * @since 1.0.0 * @author Dan Aldridge * * @param int $uid User's ID * @param int $gid Group ID * * @return bool */ function makeModerator($uid, $gid) { if (!is_number($uid)) { trigger_error('$uid is not valid'); return false; } if (!is_number($gid)) { trigger_error('$gid is not valid'); return false; } $group = $this->getGroup($gid); // test to make sure group isnt a single user group if ($group['single_user_group']) { trigger_error('Group is user specific, Cannot reassign Moderator'); return false; } $objSQL = Core_Classes_coreObj::getDBO(); $objUser = Core_Classes_coreObj::getUser(); // make sure old moderator is a subscriber $oldModQuery = $objSQL->queryBuilder()->select('*')->from('#__group_subs')->where(sprintf('gid = "%s" AND uid = "%s"', $gid, $group['moderator']))->limit(1)->build(); $oldModerator = $objSQL->fetchLine($oldModQuery); if (is_empty($oldModerator)) { $this->joinGroup($group['moderator'], $gid, 0); } // make $uid new moderator if ($group['moderator'] != $uid) { unset($update); $update['moderator'] = $uid; $update = $objSQL->queryBuilder()->update('#__group_subs')->set($update)->where(sprintf('id = "%s"', $gid))->build(); $log = 'User Groups: ' . $objUser->profile($uid, RAW) . ' has been made group Moderator of ' . $group['name']; Core_Classes_coreObj::getPlugins()->hook('CMSGroups_changeModerator', array($uid, $gid)); } // make the moderator a subscriber too $this->joinGroup($uid, $gid, 0); return true; }
/** * Gets the form token for the session * * @version 1.0 * @since 1.0.0 * @author Dan Aldridge * * @param bool $forceNew * * @return string $token */ public function getFormToken($forceNew = false) { $objUser = Core_Classes_coreObj::getUser(); return self::getToken($forceNew); }