public function remove()
{
$product = Helper::load('data/products/' . $_GET['id'] . '.inc');
$this->warenkorb->remove($product);
$_SESSION['warenkorb'] = serialize($this->warenkorb);
$this->get();
}
/**
* Constructor
*/
public function __construct()
{
parent::__construct();
Helper::load('table', 'date', 'eav', 'form');
// Load EAV model
$this->db_page = $this->model('Model_Eav', 'page');
}
/**
* Constructor
*/
public function __construct()
{
parent::__construct();
Helper::load('form', 'date', 'guid');
// Load model
$this->db_user = $this->model('Model_User');
}
/**
* Handles the DB fields and their values.
* @param string $method
* @param array $args
* @return bool|mixed
* @throws Exception_Exido
*/
public function __call($method, array $args)
{
if (preg_match('/^set(.*)/', $method, $m) and isset($m[1]) and $field = strtolower($m[1])) {
// Set a new property to the $_aData array
Helper::load('string');
$this->_aData->{$field} = stringNull(reset($args));
return true;
}
if (preg_match('/^get(.*)/', $method, $m) and isset($m[1]) and $field = strtolower($m[1])) {
// Get a property from the $_aData array
if (!isset($this->_aData->{$field})) {
throw new Exception_Exido('You suppose to use an undefined method or property %s::%s', array(get_called_class(), $method));
}
return $this->_aData->{$field};
}
if (preg_match('/^remove(.*)/', $method, $m) and isset($m[1]) and $field = strtolower($m[1])) {
// Remove a property from the $_aData array
if (!isset($this->_aData->{$field})) {
throw new Exception_Exido('You suppose to remove an undefined property %s::%s', array(get_called_class(), $method));
}
unset($this->_aData->{$field});
return true;
}
throw new Exception_Exido('You suppose to use an undefined method %s::%s(%s)', array(get_called_class(), $method, implode(', ', $args)));
}
/**
* Loads a class and instantiate an object.
* @param string $class class name
* @param null $params
* @param bool $instantiate
* @param bool $force_new_object
* @return object|bool
*/
public static function &factory($class, $params = null, $instantiate = true, $force_new_object = false)
{
$class = strtolower($class);
$path = str_replace('_', '/', $class);
// If we would like to instantiate a new object,
// we do not need to check the class existance.
if ($force_new_object) {
// Does the class exist? If so, we're done...
if (isset(self::$_objects[$class])) {
return self::$_objects[$class];
}
}
$p = explode('/', $path);
$filename = end($p);
$path = implode('/', array_slice($p, 0, -1)) . '/';
// Try to find a file
$file = Exido::findFile($path, $filename, true);
if (is_file($file)) {
include_once $file;
$name = $class;
if ($force_new_object) {
Helper::load('guid');
$name = $name . '_' . guidGet();
}
if ($instantiate == false) {
self::$_objects[$name] = true;
return self::$_objects[$name];
}
self::$_objects[$name] = new $class($params);
return self::$_objects[$name];
}
return false;
}
/**
* Gets the singleton instance
* @return Input
*/
public static function &instance()
{
if (self::$_instance === null) {
self::$_instance = new self();
}
// Load a required helper
Helper::load('array');
if (get_magic_quotes_gpc()) {
$_GET = arrayStripSlashes($_GET);
$_POST = arrayStripSlashes($_POST);
$_COOKIE = arrayStripSlashes($_COOKIE);
$_FILES = arrayStripSlashes($_FILES);
}
return self::$_instance;
}
/**
* Constructor
*/
public function __construct()
{
parent::__construct();
Helper::load('table', 'date');
// UI error notifications
if ($text = $this->session->get('action_success')) {
$this->view->notify_text = $text;
$this->view->notify_style = 'ui-popup-success';
$this->session->set('action_success', false);
}
if ($text = $this->session->get('action_error')) {
$this->view->notify_text = $text;
$this->view->notify_style = 'ui-popup-error';
$this->session->set('action_error', false);
}
}
/**
* 保存获取到的微信数据
*
* @param type $openID
* @param type $token
* @param type $wxName
*/
public function _wxSaveData($openID, $token, $wxName, $sex, $avatar = '')
{
$wxName = trim($wxName);
if (empty($wxName)) {
$wxName = 'TA';
}
$wxUser['openID'] = $openID;
$wxUser['token'] = $token;
$wxUser['wxName'] = $wxName;
$wxUser['sex'] = $sex;
$wxUser['avatar'] = $avatar;
$m_wxUser = Helper::load('Wx_user');
$where = array('openID' => $openID);
$total = $m_wxUser->Where($where)->Total();
if (!$total) {
$m_wxUser->Insert($wxUser);
}
return $wxUser;
}
public function load($model)
{
return Helper::load($model);
}
$registry->set('cart', new Cart($registry));
// ocStore features
$registry->set('ocstore', new ocStore($registry));
// Encryption
$registry->set('encryption', new Encryption($config->get('config_encryption')));
// Front Controller
$controller = new Front($registry);
// SEO URL's
if (!($seo_type = $config->get('config_seo_url_type'))) {
$seo_type = 'seo_url';
}
$controller->addPreAction(new Action('common/' . $seo_type));
// Maintenance Mode
$controller->addPreAction(new Action('common/maintenance'));
//helper
$helper = new Helper($registry);
if (isset($_helpers) && count($_helpers)) {
foreach ($_helpers as $_helper) {
$helper->load($_helper);
}
}
// Router
if (isset($request->get['route'])) {
$action = new Action($request->get['route']);
} else {
$action = new Action('common/home');
}
// Dispatch
$controller->dispatch($action, new Action('error/not_found'));
// Output
$response->output();
protected function load($file)
{
return Helper::load($file);
}
/**
* Generate a random entity key. Using when creating an entity.
* @param int $chars
* @param int $groups
* @param string $delimiter
* @param bool $lowcase
* @return string
*/
private function _genEntityKey($chars = 8, $groups = 1, $delimiter = '', $lowcase = true)
{
Helper::load('guid');
return guidGet($chars, $groups, $delimiter, $lowcase);
}
function __construct()
{
// 验证签名
$this->verifySign();
$this->m_article = Helper::load('Article');
}
static function create_new_user_token()
{
# run only in CLI mode
if (php_sapi_name() !== 'cli') {
throw new HelperException('allowed in CLI mode only.');
}
# check if client is loaded
$helper = new Helper();
if ($helper->load(true)) {
# configure client to get refresh token
$helper->client->setAccessType('offline');
# create auth url
$auth_url = $helper->client->createAuthUrl();
# request authorization
print "\nplease visit:\n{$auth_url}\n\n";
print "copy and paste the auth code here:\n";
$auth_code = trim(fgets(STDIN));
# exchange auth code for access token
$access_token = $helper->client->authenticate($auth_code);
# write access token to file
if (file_exists($helper->_path_keys . $helper->_file_user_token)) {
rename($helper->_path_keys . $helper->_file_user_token, $helper->_path_keys . time() . '_' . $helper->_file_user_token);
}
file_put_contents($helper->_path_keys . $helper->_file_user_token, $access_token);
print "\nuser token saved\n\n";
} else {
throw new HelperException('error loading helper.');
}
}
/**
* Constructor.
*/
public final function __construct()
{
Helper::load('html');
}
function eavCreateForm($form_id, array $attributes, $action = '')
{
// Print form javascript to View object
print eavCreateFormValidationJS($form_id, $attributes);
if (empty($action)) {
$action = uriFull();
}
// Print open tag
print formOpen($action, array('id' => $form_id, 'class' => '-i-form', 'method' => 'POST'));
// Print form fields
foreach ($attributes as $field) {
// Create form field
if ($field->backend_object != null) {
// Parse helper name and function name
$field_helper = explode('/', $field->backend_object, 2);
if (isset($field_helper[0]) and isset($field_helper[1])) {
// Load required helper
Helper::load($field_helper[0]);
if (function_exists($field_helper[1])) {
// And execute the function
print call_user_func($field_helper[1], $field);
}
}
}
}
// Print submit
print formSubmit(array('class' => '-b-button', 'name' => 'submit', 'value' => __('Save')));
// Close form
print formClose();
}
/**
* Returns an A tag.
* @param string $url
* @param string $title
* @param string $class
* @return string
*/
function htmlA($url, $title, $class = '')
{
Helper::load('uri');
return '<a' . (empty($class) ? '' : ' class="' . $class . '"') . ' href="' . uriSite($url) . '">' . $title . "</a>" . EXIDO_EOL;
}
public function testLoadAcceptance()
{
$this->assertEquals('<link rel="stylesheet" media="all" type="text/css" href="/css/test/file.css" />', (string) Helper::load('/css/test/file.css'));
}
/**
* Constructor. Load helpers
*/
public function __construct()
{
// Load helpers
Helper::load('file', 'date');
}
/**
* XSS Cleaner
*
* Sanitizes data so that Cross Site Scripting Hacks can be
* prevented. This function does a fair amount of work but
* it is extremely thorough, designed to prevent even the
* most obscure XSS attempts. Nothing is ever 100% foolproof,
* of course, but I haven't been able to get anything passed
* the filter.
*
* Note: This function should only be used to deal with data
* upon submission. It's not something that should
* be used for general runtime processing.
*
* This function was based in part on some code and ideas I
* got from Bitflux: http://channel.bitflux.ch/wiki/XSS_Prevention
*
* To help develop this script I used this great list of
* vulnerabilities along with a few other hacks I've
* harvested from examining vulnerabilities in other programs:
* http://ha.ckers.org/xss.html
*
* @param mixed $str
* @return string
*/
public function cleanXSS($str)
{
// Recursive cleaning
if (is_array($str)) {
while (list($key) = each($str)) {
$str[$key] = $this->cleanXSS($str[$key]);
}
return $str;
}
Helper::load('string');
// Remove invisible characters
$str = stringRemoveInvisibleChars($str);
// Validate Entities in URLs
$str = $this->_validateEntities($str);
// URL Decode
// Just in case stuff like this is submitted:
// <a href="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">Google</a>
// Note: Use rawurldecode() so it does not remove plus signs
$str = rawurldecode($str);
// Convert character entities to ASCII
// This permits our tests below to work reliably.
// We only convert entities that are within tags since
// these are the ones that will pose security problems.
$str = preg_replace_callback("/[a-z]+=([\\'\"]).*?\\1/si", array($this, '_convertAttribute'), $str);
$str = preg_replace_callback("/<\\w+.*?(?=>|<|\$)/si", array($this, '_decodeEntity'), $str);
// Remove Invisible Characters Again!
$str = stringRemoveInvisibleChars($str);
// Convert all tabs to spaces
// This prevents strings like this: ja vascript
// NOTE: we deal with spaces between characters later.
// NOTE: preg_replace was found to be amazingly slow here on
// large blocks of data, so we use str_replace.
if (strpos($str, "\t") !== false) {
$str = str_replace("\t", ' ', $str);
}
// Remove Strings that are never allowed
$str = $this->_doNeverAllowed($str);
// Makes PHP/XML tags safe
$str = str_replace(array('<?', '?' . '>'), array('<?', '?>'), $str);
// Compact any exploded words
// This corrects words like: j a v a s c r i p t
// These words are compacted back to their correct state.
$words = array('javascript', 'expression', 'vbscript', 'script', 'base64', 'applet', 'alert', 'document', 'write', 'cookie', 'window');
foreach ($words as $word) {
$temp = '';
for ($i = 0, $wordlen = strlen($word); $i < $wordlen; $i++) {
$temp .= substr($word, $i, 1) . "\\s*";
}
// We only want to do this when it is followed by a non-word character
// That way valid stuff like "dealer to" does not become "dealerto"
$str = preg_replace_callback('#(' . substr($temp, 0, -3) . ')(\\W)#is', array($this, '_compactExplodedWords'), $str);
}
// Remove disallowed Javascript in links or img tags
// We used to do some version comparisons and use of stripos for PHP5,
// but it is dog slow compared to these simplified non-capturing
// preg_match(), especially if the pattern exists in the string
do {
$original = $str;
if (preg_match("/<a/i", $str)) {
$str = preg_replace_callback("#<a\\s+([^>]*?)(>|\$)#si", array($this, '_jsLinkRemoval'), $str);
} elseif (preg_match("/<img/i", $str)) {
$str = preg_replace_callback("#<img\\s+([^>]*?)(\\s?/?>|\$)#si", array($this, '_jsImgRemoval'), $str);
} elseif (preg_match("/script/i", $str) or preg_match("/xss/i", $str)) {
$str = preg_replace("#<(/*)(script|xss)(.*?)\\>#si", '[removed]', $str);
} else {
}
} while ($original != $str);
unset($original);
// Remove evil attributes such as style, onclick and xmlns
$str = $this->_removeEvilAttributes($str);
/*
* Sanitize naughty HTML elements
*
* If a tag containing any of the words in the list
* below is found, the tag gets converted to entities.
*
* So this: <blink>
* Becomes: <blink>
*/
$naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
$str = preg_replace_callback('#<(/*\\s*)(' . $naughty . ')([^><]*)([><]*)#is', array($this, '_sanitizeNaughtyHtml'), $str);
/*
* Sanitize naughty scripting elements
*
* Similar to above, only instead of looking for
* tags it looks for PHP and JavaScript commands
* that are disallowed. Rather than removing the
* code, it simply converts the parenthesis to entities
* rendering the code un-executable.
*
* For example: eval('some code')
* Becomes: eval('some code')
*/
$str = preg_replace('#(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\\s*)\\((.*?)\\)#si', "\\1\\2(\\3)", $str);
// Final clean up
// This adds a bit of extra precaution in case
// something got through the above filters
return $this->_doNeverAllowed($str);
}
public function loadHelper($helper)
{
$helper_class = Inflector::camelize($helper) . 'Helper';
Helper::load($helper_class);
return $this->loadedHelpers[$helper] = new $helper_class($this);
}
/**
* Execute cron tasks
* @return bool
*/
public final function index()
{
Helper::load('date');
// Get config
$cron = Exido::config('cron');
if (!$cron->cron_enabled) {
print __('System cron disabled.');
return false;
}
if (!is_array($cron->cron_allowed_ip)) {
$cron->cron_allowed_ip = array($cron->cron_allowed_ip);
}
// Get the client IP
$ip_block = $this->input->ip(true);
Helper::load('ip');
foreach ($cron->cron_allowed_ip as $ip) {
if ($range = ipRangeParser($ip)) {
if (!ipCheckRange($ip_block, $range[0], $range[1])) {
if ($range[0] == $range[1]) {
print sprintf(__("Your IP %s doesn't match in allowed IP %s"), $this->input->ip(), $ip);
} else {
print sprintf(__("Your IP %s doesn't match in allowed range %s"), $this->input->ip(), $ip);
}
return false;
}
} else {
print sprintf(__("Incorrect IP range %s"), $ip);
return false;
}
}
$local = dateGetLocal('%M %H %e %m %u');
$srv_time = explode(' ', $local);
array_unshift($srv_time, $local);
if (is_array($cron->cron_job_list)) {
foreach ($cron->cron_job_list as $job_name => $job_data) {
if (isset(self::$_has_run[$job_name])) {
continue;
}
$this->_log[$job_name] = '';
// Check job time
if (!preg_match('/^([0-9\\*]{1,2})\\s([0-9\\*]{1,2})\\s([0-9\\*]{1,2})\\s([0-9\\*]{1})\\s([0-9\\*]{1})$/', $job_data['starting_at'], $job_time)) {
$this->_log[$job_name]['status'] = false;
$this->_log[$job_name]['result'] = sprintf(__('Incorrect starting time for job %s'), $job_name);
continue;
}
// Check day of week
if (is_numeric($job_time[5]) and $srv_time[5] != $job_time[5]) {
$this->_log[$job_name]['status'] = false;
$this->_log[$job_name]['result'] = __("Is omitted due the week day doesn't match the scheduled day");
continue;
}
// Check month
if (is_numeric($job_time[4]) and $srv_time[4] != $job_time[4]) {
$this->_log[$job_name]['status'] = false;
$this->_log[$job_name]['result'] = __("Is omitted due the month doesn't match the scheduled month");
continue;
}
// Check day of month
if (is_numeric($job_time[3]) and $srv_time[3] != $job_time[3]) {
$this->_log[$job_name]['status'] = false;
$this->_log[$job_name]['result'] = __("Is omitted due the day of month doesn't match the scheduled day");
continue;
}
// Check hour
if (is_numeric($job_time[2]) and $srv_time[2] != $job_time[2]) {
$this->_log[$job_name]['status'] = false;
$this->_log[$job_name]['result'] = __("Is omitted due the hour doesn't match the scheduled hour");
continue;
}
// Check minute
if (is_numeric($job_time[1]) and $srv_time[1] != $job_time[1]) {
$this->_log[$job_name]['status'] = false;
$this->_log[$job_name]['result'] = __("Is omitted due the minute doesn't match the scheduled minute");
continue;
}
// Here we go
// Mark job as running
self::$_has_run[$job_name] = $job_name;
// Check the callback functions
if (isset($job_data['callback']) and is_array($job_data['callback']) and !empty($job_data['callback'])) {
foreach ($job_data['callback'] as $callback) {
// Try to explode by ":"
// If it is, so we're using a method from an object
if ($func = explode(':', $callback) and count($func) > 1) {
// Call method
$this->_log[$job_name][$callback]['status'] = true;
$this->_log[$job_name][$callback]['result'] = $this->model($func[0])->{$func}[1]();
} else {
// Instead we're using a function
// Call function
if (function_exists($callback)) {
$this->_log[$job_name][$callback]['status'] = true;
$this->_log[$job_name][$callback]['result'] = $callback();
} else {
$this->_log[$job_name][$callback]['status'] = true;
$this->_log[$job_name][$callback]['result'] = sprintf(__('Call to undefined cron function %s()'), $callback);
}
}
}
} else {
$this->_log[$job_name]['status'] = false;
$this->_log[$job_name]['result'] = __('Nothing to do');
}
unset(self::$_has_run[$job_name]);
}
}
// TODO: Make the log showing
pre($this->_log);
}
function __construct()
{
$this->m_city = Helper::load('City');
$this->m_region = Helper::load('Region');
$this->m_province = Helper::load('Province');
}
function __construct()
{
$this->verifySign();
$this->m_user = Helper::load('User');
}
/**
* Initializes the core.
* @return bool
*/
public static function initialize()
{
if (self::$_init) {
// Do not allow to execution twice
return false;
}
self::$_init = true;
// Determine if we are running in a Windows environment
self::$is_win = DIRECTORY_SEPARATOR === '\\';
// Load the logger
self::$log = Log::instance();
// Load the default configuration files
self::$config = Config::instance()->attach(new Config_File());
// Load the i18n class
self::$i18n = I18n::instance();
// Enable debug log
if (self::$log_debug) {
self::$log->attach(new Log_File(APPPATH . 'data/log/debug'), array('EXIDO_DEBUG_LOG'));
self::$log->add('EXIDO_DEBUG_LOG', 'Initialize framework');
}
// Enable error log
if (self::$log_error) {
self::$log->attach(new Log_File(APPPATH . 'data/log/error'), array('EXIDO_ERROR_LOG'));
}
// Determine if we are running in a command line environment
self::$is_cli = PHP_SAPI === 'cli';
// Check if we have an Ajax request
self::$is_xml = Input::instance()->isXmlRequest();
// Load helpers
Helper::load('lang', 'uri');
// Check if we can use gZIP compression
self::$use_gzip = strstr(Input::instance()->server('HTTP_ACCEPT_ENCODING'), "gzip") !== false and extension_loaded("zlib");
// Start output buffering
ob_start(array(__CLASS__, 'outputBuffer'));
// Save buffering level
self::$_buffer_level = ob_get_level();
Event::add('system.routing', array('Router', 'getUri'));
Event::add('system.routing', array('Router', 'initialize'));
Event::add('system.execute', array(__CLASS__, 'instance'));
Event::add('system.shutdown', array(__CLASS__, 'shutdown'));
return true;
}
/**
* Attempts to determine the current URI using CLI, GET, PATH_INFO, ORIG_PATH_INFO, or PHP_SELF.
* @return bool
* @throws Exception_Exido
*/
public static function getUri()
{
// Debug log
if (Exido::$log_debug) {
Exido::$log->add('EXIDO_DEBUG_LOG', 'Determine current URI');
}
Helper::load('input');
// Trying to detect the URI
if (inputServer('PATH_INFO')) {
self::$current_uri = inputServer('PATH_INFO');
} elseif (inputServer('ORIG_PATH_INFO')) {
self::$current_uri = inputServer('ORIG_PATH_INFO');
} elseif (inputServer('REQUEST_URI')) {
self::$current_uri = inputServer('REQUEST_URI');
} else {
throw new Exception_Exido(__("Can't detect URI"));
}
// Remove slashes from the start and end of the URI
self::$current_uri = trim(self::$current_uri, '/');
if (self::$current_uri !== '') {
if ($suffix = Exido::config('global.core.url_suffix') and strpos(self::$current_uri, $suffix) !== false) {
// Remove the URL suffix
self::$current_uri = preg_replace('#' . preg_quote($suffix) . '$#u', '', self::$current_uri);
// Set the URL suffix
self::$url_suffix = $suffix;
}
// Find index file name
if ($indexfile = Exido::config('global.core.index_file') and $indexpos = strpos(self::$current_uri, $indexfile) and $indexpos !== false) {
// Remove the index file name
self::$current_uri = substr(self::$current_uri, 0, $indexpos);
}
// Reduce multiple slashes into single slashes
self::$current_uri = preg_replace('#//+#', '/', self::$current_uri);
}
return true;
}
