/**
* Delete the user
* @Developer brandon
* @Date May 19, 2010
*/
public function delete()
{
user::require_login();
user::current()->delete();
Auth::instance()->logout();
url::redirect('login');
}
/**
* Store a new comment in the database.
*
* @param string $hash Unique hash value of the parent page.
* @return Response
*/
public function create($hash)
{
// Retrieve the parent page
$page = $this->findPageByHash($hash);
// Create a comment from the post data
$comment = comment::fromInput();
$comment->set('page_uri', $page->uri());
// Collect user information
$comment->set('author_ip', visitor::ip());
$comment->set('author_agent', visitor::ua());
// Handle signed-in users
if ($user = user::current()) {
$fullname = trim($user->firstname() . ' ' . $user->lastname());
$fullname = empty($fullname) ? $user->username() : $fullname;
$comment->set('author', $fullname);
$comment->set('author_email', $user->email());
$comment->set('username', $user->username());
}
// Ensure the required comment fields are set
if (!$comment->validate()) {
$msg = l('comments.error.incomplete', 'Missing required fields');
return $this->error($msg, 400, array('input' => $comment->toArray(), 'errors' => $comment->errors()->toArray()));
}
// Check the honeypot fields. Pretend everything went fine.
if ($this->isBot()) {
return $this->success();
}
// Throttle comment posting
if ($this->isPartOfFlood($comment)) {
$msg = l('comments.error.throttle', 'Number of allowed comments per interval exceeded');
return $this->error($msg, 429, array('input' => $comment->toArray(), 'errors' => array('other' => $msg)));
}
// Check for duplicate contents
if ($this->isDuplicate($comment)) {
$msg = l('comments.error.duplicate', 'Duplicate content');
return $this->error($msg, 409, array('input' => $comment->toArray(), 'errors' => array('text' => $msg)));
}
// Classify comment as spam or ham using Akismet. In addition allow to
// blacklist authors.
$discard = false;
if ($this->isSpam($comment, $discard) || $this->isBlocked($comment)) {
$comment->set('status', Comment::STATUS_SPAM);
}
// Save the comment to the database. Pretend the comment was saved
// successfully for comments containing `blatant spam`.
if ($discard && $comment->isSpam() || $comment->save()) {
$msg = l('comments.success.saved', 'Comment saved');
return $this->success($msg, 201, array('id' => $comment->id()));
} else {
$msg = l('comments.error.save', 'Could not save comment');
return $this->error($msg, 400, array('input' => $comment->toArray(), 'errors' => $comment->errors()->toArray()));
}
}
/**
* Show the installation page.
*
* @param integer $step Progress of the installation.
* @return Response
*/
public function index($progress = 1)
{
// Cache frequently used variables
$user = user::current();
$access = $user && $user->isAdmin();
$root = $this->hub()->finder()->views() . DS . 'installation';
$wizard = new Wizard($root);
// Force login before continuing with installation wizard
if (!$access && $progress > 1) {
$this->redirect($wizard->url(1));
} else {
if ($access && $progress == 1) {
$this->redirect($wizard->url($progress + 1));
}
}
// Step 1: Login
$wizard->add(array('title' => 'Step 1', 'desc' => 'Authentication', 'required' => true, 'rules' => array('username' => 'required|user', 'password' => 'required')));
// Step 2 (Required)
$default = $this->hub()->config()->get('database.default');
$connections = $this->hub()->config()->get('database.connections');
$wizard->add(array('title' => 'Step 2', 'desc' => 'Database Connection', 'required' => true, 'connection' => $connections[$default]));
// Step 3 (Required)
$wizard->add(array('title' => 'Step 3', 'desc' => 'Database Tables', 'required' => true, 'tables' => array(c::get('db.prefix', '') . 'comments')));
// Step 4 (Optional)
$wizard->add(array('title' => 'Step 4', 'desc' => 'Import', 'required' => false, 'rules' => array('head' => 'required', 'delimiter' => 'required|max:1', 'enclosure' => 'required|max:1'), 'columns' => array('id', 'status', 'page_uri', 'created_at', 'updated_at', 'text', 'author', 'author_email', 'author_url', 'author_ip', 'author_agent', 'username', 'rating', 'parent_id')));
// Step 5 (Optional)
$wizard->add(array('title' => 'Step 5', 'desc' => 'Comments Field', 'required' => false));
// Include partials
$wizard->nest('header', $root . DS . 'header.php');
$wizard->nest('nav', $root . DS . 'nav.php')->with(array('step' => $progress, 'items' => $wizard->queue()));
// Register event handler
$wizard->nth(1)->on('submit', array($this, 'login'));
$wizard->nth(2)->on('submit', array($this, 'connect'));
$wizard->nth(3)->on('submit', array($this, 'tables'));
$wizard->nth(4)->on('submit', array($this, 'import'));
$wizard->nth(5)->on('submit', array($this, 'installField'));
// Execute the proper wizard step
return $wizard->launch($progress);
}
/**
* Check to see if the user is an admin
* @Developer brandon
* @Date May 27, 2010
*/
public static function is_admin()
{
return user::logged_in() && user::current()->has(ORM::factory('role', 'admin'));
}
/**
* Get a link to the panel that allows to edit the current comment. Only
* available to registered users.
*
* @return Brick|string
*/
public function editLink()
{
// Ensure the current user is allowed to edit the comment
if (!$this->exists || !$this->currentUserCan('update')) {
return '';
}
// Ensure the user has access to the panel
if (!($user = user::current()) || !$user->hasPanelAccess()) {
return '';
}
$link = new Brick('a');
$link->attr('href', $this->panelUrl('edit'));
$link->addClass('comment-update-link');
$link->text(l('comments.comment.edit', 'Edit'));
return $link;
}
"><span>Dashboard</span></a>
</li>
<li>
<a href="<?php
echo $parent->url();
?>
"><span>Kirby Comments</span></a>
</li>
</ul>
</nav>
</nav>
<?php
if ($user = user::current()) {
?>
<a class="nav-icon nav-icon-right" href="<?php
echo url('panel/logout');
?>
" title="Logout: <?php
echo $user->username();
?>
">
<i class="icon fa fa-user fa-lg"></i>
</a>
<?php
}
?>
</header>
/**
* Register default comment form fields.
*/
public function defaults()
{
if (!user::current()) {
$this->field('author', array('id' => 'author', 'type' => 'text', 'label' => l('comments.field.author', 'Name'), 'size' => 30, 'required' => true));
$this->field('author_email', array('id' => 'email', 'type' => 'email', 'label' => l('comments.field.author_email', 'E-Mail'), 'size' => 30, 'required' => true, 'rules' => 'email'));
$this->field('author_url', array('id' => 'url', 'type' => 'url', 'label' => l('comments.field.author_url', 'Website'), 'size' => 30, 'rules' => 'url'));
} else {
// Get currently logged in user and a link to the profile page
$user = user::current()->username();
$link = new Brick('a', $user, array('href' => url('panel/#/users/edit/' . $user)));
// Add a paragraph showing the currently logged in user
$this->append(new Brick('p', sprintf(l('comments.field.user', 'Logged in as %1$s'), $link)));
}
$this->field('text', array('id' => 'text', 'type' => 'textarea', 'label' => l('comments.field.text', 'Comment'), 'rows' => 8, 'cols' => 45, 'required' => true, 'rules' => 'min:5'));
}
function userlogin()
{
global $db;
unset($GLOBALS["CURUSER"]);
$ip = vars::$ip;
$nip = ip2long($ip);
$res = $db->query("SELECT * FROM bannedip WHERE '" . $nip . "' >= first AND '" . $nip . "' <= last") or sqlerr(__FILE__, __LINE__);
if ($res->num_rows > 0) {
header("HTTP/1.0 403 Forbidden");
print "<html><body><h1>403 Forbidden</h1>Unauthorized IP address.</body></html>\n";
die;
}
// guest
if (empty($_COOKIE["uid"]) || empty($_COOKIE["pass"])) {
$id = 1;
}
if (!isset($_COOKIE["uid"])) {
$_COOKIE["uid"] = 1;
}
$id = max(1, (int) $_COOKIE["uid"]);
// it's guest
if (!$id) {
$id = 1;
}
$res = $db->query("SELECT users.topicsperpage, users.postsperpage, users.torrentsperpage, users.flag, users.avatar, UNIX_TIMESTAMP(users.lastconnect) AS lastconnect, UNIX_TIMESTAMP(users.joined) AS joined, users.id AS uid, users.username, users.password, users.loginhash, users.random, users.email, users.language, users.style, users.time_offset, users_level.* \n\t FROM users INNER JOIN users_level ON users.id_level = users_level.id \n\t\tWHERE users.id = " . $id);
$row = $res->fetch_array(MYSQLI_BOTH);
user::prepare_user($row);
if (!$row) {
$id = 1;
$res = $db->query("SELECT users.topicsperpage, users.postsperpage, users.torrentsperpage, users.flag, users.avatar, UNIX_TIMESTAMP(users.lastconnect) AS lastconnect, UNIX_TIMESTAMP(users.joined) AS joined, users.id AS uid, users.username, users.password, users.loginhash, users.random, users.email, users.language, users.style, users.time_offset, users_level.* \n\t\t FROM users INNER JOIN users_level ON users.id_level = users_level.id WHERE users.id = 1");
$row = $res->fetch_array(MYSQLI_BOTH);
}
if (!isset($_COOKIE["pass"])) {
$_COOKIE["pass"] = "";
}
if ($_COOKIE["pass"] != md5($GLOBALS["salting"] . $row["random"] . $row["password"] . $row["random"]) && $id != 1) {
$id = 1;
$res = $db->query("SELECT users.topicsperpage, users.postsperpage, users.torrentsperpage, users.flag, users.avatar, UNIX_TIMESTAMP(users.lastconnect) AS lastconnect, UNIX_TIMESTAMP(users.joined) AS joined, users.id AS uid, users.username, users.password, users.loginhash, users.random, users.email, users.language, users.style, users.time_offset, users_level.* \n\t\t FROM users INNER JOIN users_level ON users.id_level = users_level.id \n\t\t\tWHERE users.id = 1");
$row = $res->fetch_array(MYSQLI_BOTH);
}
#Hide Staff IP's by Yupy... Because we <3 our Staff...
$hide_ips = array("Moderator" => 6, "Administrator" => 7, "Owner" => 8);
// Staff ID level's
$ip = $row["id_level"] != $hide_ips["Moderator"] ? $ip : "127.0.0.1";
$ip = $row["id_level"] != $hide_ips["Administrator"] ? $ip : "127.0.0.1";
$ip = $row["id_level"] != $hide_ips["Owner"] ? $ip : "127.0.0.1";
if ($id > 1) {
$db->query("UPDATE users SET lastconnect = NOW(), lip = " . $nip . ", cip = '" . AddSlashes($ip) . "' WHERE id = " . $id);
} else {
$db->query("UPDATE users SET lastconnect = NOW(), lip = 0, cip = NULL WHERE id = 1");
}
user::$current = $row;
$GLOBALS['CURUSER'] =& user::$current;
unset($row);
}
function userlogin()
{
global $db, $tpl;
unset($GLOBALS['CURUSER']);
require_once CLASS_PATH . 'class.Cached.php';
$ip = vars::$ip;
$nip = ip2long($ip);
$ipf = vars::$realip;
#Check if User is Banned...
#if (!($row['flags'] & BIT_26)) -- TO-DO
#$banned = false;
if (Cached::bans($ip, $reason)) {
$banned = true;
} else {
if ($ip != $ipf) {
if (Cached::bans($ipf, $reason)) {
$banned = true;
}
}
}
if ($banned) {
header('Content-Type: text/html; charset=utf-8');
$banned_message = security::html_safe($reason);
$tpl->assign('banned_message', $banned_message);
$banned_msg = $tpl->draw('style/base/tpl/banned_message', $return_string = true);
echo $banned_msg;
die;
}
#End Banned User...
// guest
if (empty($_COOKIE["uid"]) || empty($_COOKIE["pass"])) {
$id = 1;
}
if (!isset($_COOKIE["uid"]) && _string::is_hex($_COOKIE["uid"])) {
$_COOKIE["uid"] = 1;
}
$id = max(1, (int) $_COOKIE["uid"]);
// it's guest
if (!$id) {
$id = 1;
}
$res = $db->query("SELECT users.pid, users.topicsperpage, users.postsperpage, users.torrentsperpage, users.flag, users.avatar, UNIX_TIMESTAMP(users.lastconnect) AS lastconnect, UNIX_TIMESTAMP(users.joined) AS joined, users.id AS uid, users.username, users.password, users.loginhash, users.random, users.email, users.language, users.style, users.time_offset, users_level.* \n\t FROM users INNER JOIN users_level ON users.id_level = users_level.id \n\t\tWHERE users.id = " . $id);
$row = $res->fetch_array(MYSQLI_BOTH);
user::prepare_user($row);
if (!$row) {
$id = 1;
$res = $db->query("SELECT users.topicsperpage, users.postsperpage, users.torrentsperpage, users.flag, users.avatar, UNIX_TIMESTAMP(users.lastconnect) AS lastconnect, UNIX_TIMESTAMP(users.joined) AS joined, users.id AS uid, users.username, users.password, users.loginhash, users.random, users.email, users.language, users.style, users.time_offset, users_level.* \n\t\t FROM users INNER JOIN users_level ON users.id_level = users_level.id WHERE users.id = 1");
$row = $res->fetch_array(MYSQLI_BOTH);
}
if (!isset($_COOKIE["pass"])) {
$_COOKIE["pass"] = "";
}
if ($_COOKIE["pass"] != md5($GLOBALS["salting"] . $row["random"] . $row["password"] . $row["random"]) && $id != 1) {
$id = 1;
$res = $db->query("SELECT users.topicsperpage, users.postsperpage, users.torrentsperpage, users.flag, users.avatar, UNIX_TIMESTAMP(users.lastconnect) AS lastconnect, UNIX_TIMESTAMP(users.joined) AS joined, users.id AS uid, users.username, users.password, users.loginhash, users.random, users.email, users.language, users.style, users.time_offset, users_level.* \n\t\t FROM users INNER JOIN users_level ON users.id_level = users_level.id \n\t\t\tWHERE users.id = 1");
$row = $res->fetch_array(MYSQLI_BOTH);
}
#Hide Staff IP's by Yupy...
$hide_ips = array("Moderator" => 6, "Administrator" => 7, "Owner" => 8);
// Staff ID level's
$ip = $row["id_level"] != $hide_ips["Moderator"] ? $ip : "127.0.0.1";
$ip = $row["id_level"] != $hide_ips["Administrator"] ? $ip : "127.0.0.1";
$ip = $row["id_level"] != $hide_ips["Owner"] ? $ip : "127.0.0.1";
if ($id > 1) {
$db->query("UPDATE users SET lastconnect = NOW(), lip = " . $nip . ", cip = '" . AddSlashes($ip) . "' WHERE id = " . $id);
} else {
$db->query("UPDATE users SET lastconnect = NOW(), lip = 0, cip = NULL WHERE id = 1");
}
user::$current = $row;
$GLOBALS['CURUSER'] =& user::$current;
unset($row);
}
<?php
/**
* Plugin Filters
*
* Allows to register filters that can be used to run application logic just
* before a route action is executed.
*
* @see CommentPlugin::routes()
* @var array
*/
return array('auth' => function () {
if (!user::current() || !user::current()->isAdmin()) {
redirect::to('plugin/comments/wizard');
}
}, 'installed' => function () {
if ($this->isInstalled()) {
redirect::home();
}
}, 'userCanCreate' => function () {
$route = plugin('comments')->route();
$hash = a::first($route->arguments());
$page = site()->index()->findBy('hash', $hash);
return $page instanceof Page && $page->isVisible();
}, 'userCanRead' => function () {
$route = plugin('comments')->route();
$hash = a::first($route->arguments());
$page = site()->index()->findBy('hash', $hash);
return $page instanceof Page && $page->isVisible();
}, 'userCanUpdate' => function () {
$route = plugin('comments')->route();
public static function loggedUser()
{
//return Kirby current user
return user::current();
}
/**
* Delete a journal, but only if it belongs to the user
* @Developer brandon
* @Date May 17, 2010
*/
public function delete()
{
$journal = ORM::factory($this->model_name, $this->input->post('id'));
if ($journal->user->id != user::current()->id) {
url::redirect('');
}
parent::delete();
}
