public function onDefault() { if (form::isPostBack()) { $post = array(); $post['username'] = request::post('username'); $post['password'] = request::post('password'); $post['logintime'] = time(); $user = zotop::model('zotop.user'); $data = $user->read($post['username'], 'username'); //zotop::dump($data); if ($data == false) { msg::error('登陆失败', zotop::t('账户名称`{$username}`不存在,请检查!', array('username' => $post['username']))); } zotop::user($data); msg::success('登陆成功', '登陆成功,系统正在加载中', 'reload', 2); } if (zotop::user() != null) { zotop::redirect('zotop/index'); } $header['title'] = '用户登录'; $header['js'] = url::module() . '/admin/js/login.js'; $header['body']['class'] = "login"; page::header($header); block::header(array('id' => 'LoginWindow', 'title' => '用户登录')); form::header(array('title' => '', 'description' => '请输入用户名和密码', 'class' => 'small')); form::field(array('type' => 'text', 'label' => zotop::t('帐 户(U)'), 'name' => 'username', 'value' => zotop::user('username'), 'valid' => 'required:true')); form::field(array('type' => 'password', 'label' => zotop::t('密 码(P)'), 'name' => 'password', 'value' => '')); form::buttons(array('type' => 'submit', 'value' => '登 陆'), array('type' => 'button', 'name' => 'options', 'value' => '选 项')); form::footer(); block::footer(); page::footer(); }
public function actionPassword() { $user = zotop::model('system.user'); $user->id = (int) zotop::user('id'); $user->username = (string) zotop::user('username'); if (form::isPostBack()) { $user->read(); $password = zotop::post('password'); $newpassword = zotop::post('newpassword'); if ($user->password($password) != $user->password) { msg::error(zotop::t('您输入的原密码:<b>{$password}</b>错误,请确认', array('password' => $password))); } if ($newpassword != request::post('newpassword2')) { msg::error(zotop::t('两次输入的新密码不一致,请确认')); } if ($newpassword != $password) { $update = $user->update(array('id' => $user->id, 'password' => $user->password($newpassword))); } msg::success(zotop::t('密码修改成功,请记住您的新密码'), url::current()); } $page = new page(); $page->title = zotop::t('个人中心'); $page->set('user', $user); $page->set('navbar', $this->navbar()); $page->display(); }
public function editAction($tablename) { if (form::isPostBack()) { $tablename = request::post('tablename'); $name = request::post('name'); $comment = request::post('comment'); $primary = request::post('primary'); if (strtolower($tablename) !== strtolower($name)) { $rename = zotop::db()->table($tablename)->rename($name); } if ($comment !== NULL) { $comment = zotop::db()->table($name)->comment($comment); } if ($primary) { $primary = zotop::db()->table($name)->primary($primary); } $this->success('数据表设置成功,正在刷新页面,请稍后……', zotop::url('database/table')); } $db = zotop::db(); $database = $db->config(); $tables = $db->tables(true); $table = $tables[$tablename]; if (!isset($table)) { $this->error(zotop::t('数据表{$tablename}不存在', array('tablename' => $tablename))); } $page = new dialog(); $page->title = '数据库管理:' . $database['database'] . ' @ ' . $database['hostname'] . '<i>></i> 编辑:' . $tablename; $page->set('database', $database); $page->set('table', $table); $page->display(); }
public function onChangePassword() { $user = zotop::model('zotop.user'); $user->id = (int) zotop::user('id'); $user->username = (string) zotop::user('username'); if (form::isPostBack()) { $user->read(); $password = request::post('password'); $newpassword = request::post('newpassword'); if ($user->password($password) != $user->password) { msg::error('输入错误', zotop::t('您输入的原密码:<b>{$password}</b>错误,请确认', array('password' => $password))); } if ($newpassword != request::post('newpassword2')) { msg::error('输入错误', zotop::t('两次输入的新密码不一致,请确认')); } if ($newpassword != $password) { $update = $user->update(array('id' => $user->id, 'password' => $user->password($newpassword))); } msg::success('修改成功', zotop::t('密码修改成功,请记住您的新密码'), 'reload'); } $page['title'] = '修改我的密码'; page::header($page); page::top(); page::navbar($this->navbar()); form::header(array('title' => '修改密码', 'description' => '为确保账户安全,请不要使用过于简单的密码,并及时的更换密码', 'icon' => '')); form::field(array('type' => 'label', 'label' => zotop::t('账户名称'), 'name' => 'username', 'value' => $user->username, 'valid' => '', 'description' => zotop::t(''))); form::field(array('type' => 'password', 'label' => zotop::t('原密码'), 'name' => 'password', 'value' => '', 'valid' => 'required:true', 'description' => zotop::t('为确保安全,请输入你的密码'))); form::field(array('type' => 'password', 'label' => zotop::t('新密码'), 'id' => 'newpassword', 'name' => 'newpassword', 'value' => '', 'valid' => 'required:true,minlength:6,maxlength:32', 'description' => zotop::t('请输入您的新密码,6~32位之间'))); form::field(array('type' => 'password', 'label' => zotop::t('确认新密码'), 'name' => 'newpassword2', 'value' => '', 'valid' => 'required:true,equalTo:"#newpassword"', 'description' => zotop::t('为确保安全,请再次输入您的新密码'))); form::buttons(array('type' => 'submit'), array('type' => 'back')); form::footer(); page::bottom(); page::footer(); }
public function indexAction() { $user = zotop::model('zotop.user'); if (form::isPostBack()) { $post = array(); $post['username'] = request::post('username'); $post['password'] = request::post('password'); $post['logintime'] = time(); zotop::cookie('admin.username', $post['username'], 3600); if (empty($post['username'])) { msg::error(zotop::t('登陆失败,请输入登陆账户名称')); } if (empty($post['password'])) { msg::error(zotop::t('登陆失败,请输入登陆账户密码')); } if (!$user->isValidUserName($post['username'])) { msg::error(zotop::t('登陆失败,请输入有效的账户名称')); } if (!$user->isValidPassword($post['password'])) { msg::error(zotop::t('登陆失败,请输入有效的账户密码')); } //读取用户 $data = $user->read(array('username', '=', $post['username'])); //验证 if ($data == false) { msg::error(zotop::t('账户名称`{$username}`不存在,请检查是否输入有误!', array('username' => $post['username']))); } if ($user->password($post['password']) != $data['password']) { msg::error(zotop::t('账户密码`{$password}`错误,请检查是否输入有误!', array('password' => $post['password']))); } //用户登入 $user->login(); //跳转 msg::success('登陆成功,系统正在加载中', url::current(), 2); } if (!empty($this->user)) { $this->redirect('zotop/index'); } $data = $user->read(array('username', '=', 'admin')); $page = new page(); $page->title = '系统登陆'; $page->body = array('class' => 'login'); $page->addScript('$this/js/login.js'); $page->display(); }
function confirm() { $code = request::post('pppcode')->toString(); $user = session::get('username'); if ($code) { if (User::authenticate(new PppAuthentication($user, (string) $code))) { printf('<h1>Success.</h1>'); return; } else { printf('Failure'); } } $code = PppAuthentication::getNextIdentifier($user); printf('<form action="/ppp/confirm" method="post">'); printf('<p>Enter code <b>%s</b>: <input type="text" name="pppcode"></p>', PppAuthentication::cardIndexToString($code)); printf('<p><input type="submit"></p>'); printf('</form>'); }
function upload() { if (request::isPost()) { $file = request::post('userfile'); printf('<p>%s</p>', $file); $dest = APP_PATH . 'cache/image.jpg'; printf('<p>%s</p>', $dest); if ($file->save($dest)) { print '<p><img src="/cache/image.jpg"></p>'; } else { print '<p><b>Failed to save the image</b></p>'; } } print '<form enctype="multipart/form-data" action="/default/upload" method="POST">'; print 'Send this file: <input name="userfile" type="file">'; print '<input type="submit" value="Send File">'; print '</form>'; }
public function onEdit($file) { if (form::isPostBack()) { $content = request::post('source'); msg::success('保存测试', '测试,继续编辑或者返回' . zotop::dump($content, true), 'reload'); } $source = file::read(ROOT . $file); $page['title'] = '文件编辑器'; page::header($page); page::top(); page::navbar($this->navbar()); form::header(array('class' => 'sourceEditor')); form::field(array('type' => 'label', 'label' => zotop::t('文件名称'), 'name' => 'filename', 'value' => $file, 'valid' => '', 'description' => zotop::t(''))); form::field(array('type' => 'source', 'label' => zotop::t('文件内容'), 'name' => 'source', 'value' => $source, 'valid' => 'required:true', 'description' => zotop::t(''))); form::buttons(array('type' => 'submit', 'value' => '保存文件'), array('type' => 'back')); form::footer(); page::bottom(); page::footer(); }
public function actionUpload($globalid, $field, $image = '') { $file = zotop::model('zotop.image'); if (form::isPostBack()) { $file->globalid = $globalid; $file->field = $field; $file->description = request::post('description'); $files = $file->upload(); if (!$file->error() && isset($files[0]['path'])) { msg::success('图片上传成功', zotop::url('zotop/image/preview', array('globalid' => $globalid, 'field' => $field, 'image' => url::encode($files[0]['path'])))); } msg::error($file->msg()); } $page = new dialog(); $page->set('title', '本地上传'); $page->set('navbar', $this->navbar($globalid, $field, $image)); $page->set('alowexts', $file->upload->alowexts); $page->set('maxsize', $file->upload->maxsize); $page->display(); }
public function actionImageFromLocal($globalid, $field, $image) { $upload = zotop::model('zotop.upload'); $upload->alowexts = array('jpg', 'jpeg', 'gif', 'png', 'bmp'); if (form::isPostBack()) { $upload->bind('globalid', request::post('globalid')); $upload->bind('field', request::post('field')); $upload->bind('description', request::post('description')); $files = $upload->save(); $image = $files[0]; if ($upload->error() == 0 && $image) { msg::success($upload->msg(), zotop::url('zotop/upload/imagePreview', array('globalid' => $globalid, 'field' => $field, 'image' => url::encode($image['path'])))); } msg::error($upload->msg()); } $page = new dialog(); $page->set('title', '本地上传'); $page->set('navbar', $this->navbar($globalid, $field, $image)); $page->set('alowexts', $upload->alowexts); $page->set('maxsize', $upload->maxsize); $page->display(); }
public function actionEdit($file = '') { $file = empty($file) ? zotop::get('file') : $file; $file = trim(url::decode($file), '/'); $filepath = ZOTOP_PATH_ROOT . DS . str_replace('/', DS, $file); if (form::isPostBack()) { $content = request::post('source'); $content = trim($content); if (empty($content)) { msg::error('内容为空,无法保存!'); } file::write($filepath, trim($content)); msg::success('内容保存成功!'); } $filecontent = file::read($filepath); $page = new dialog(); $page->title = '文件编辑器'; $page->set('file', $file); $page->set('filepath', $filepath); $page->set('filecontent', $filecontent); $page->display(); }
public function actionEdit($file) { $filepath = realpath(ZOTOP_PATH_ROOT . DS . trim($file, '/')); if (empty($file)) { return false; } if (form::isPostBack()) { $content = request::post('source'); $content = trim($content); if (empty($content)) { msg::error('内容为空,无法保存!'); } file::write($filepath, trim($content)); msg::success('内容保存成功!'); } $content = file::read($filepath); $page = new dialog(); $page->title = '文件编辑器'; $page->set('file', $file); $page->set('filepath', $filepath); $page->set('content', $content); $page->display(); }
public static function referer($url = '') { static $referer; if (empty($url)) { $url = request::post('_REFERER'); return $url; } $referer = $url; return $referer; }
/** * Sanitizes global GET, POST and COOKIE data. Also takes care of * magic_quotes and register_globals, if they have been enabled. * * @return void */ public function __construct() { // Use XSS clean? $this->use_xss_clean = (bool) Eight::config('core.global_xss_filtering'); if (self::$instance === nil) { // Convert all global variables to UTF-8. $_GET = Input::clean($_GET); $_POST = Input::clean($_POST); $_COOKIE = Input::clean($_COOKIE); $_SERVER = Input::clean($_SERVER); if (PHP_SAPI == 'cli') { // Convert command line arguments $_SERVER['argv'] = Input::clean($_SERVER['argv']); } // magic_quotes_runtime is enabled if (get_magic_quotes_runtime()) { exit('Disable magic_quotes_runtime! It is evil and deprecated: http://php.net/magic_quotes'); } // magic_quotes_gpc is enabled if (get_magic_quotes_gpc()) { exit('Disable magic_quotes_gpc! It is evil and deprecated: http://php.net/magic_quotes'); } // register_globals is enabled if (ini_get('register_globals')) { exit('Disable register_globals! It is evil and deprecated: http://php.net/register_globals'); } if (is_array($_GET)) { foreach ($_GET as $key => $val) { // Sanitize $_GET $_GET[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_GET = array(); } if (is_array($_POST)) { foreach ($_POST as $key => $val) { // Sanitize $_POST $_POST[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_POST = array(); } if (is_array($_COOKIE)) { foreach ($_COOKIE as $key => $val) { // Sanitize $_COOKIE $_COOKIE[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_COOKIE = array(); } // Create a singleton self::$instance = $this; Eight::log('debug', 'Global GET, POST and COOKIE data sanitized'); } // Assign global vars to request helper vars request::$get = $_GET; request::$post = $_POST; request::$input = array_merge(URI::instance()->segments(2, YES), $_REQUEST); }
public function onEdit($tablename, $fieldname) { if (form::isPostBack()) { $field = array(); $field['name'] = request::post('name'); $field['length'] = request::post('len'); $field['type'] = request::post('type'); $field['collation'] = request::post('collation'); $field['null'] = request::post('null'); $field['default'] = request::post('default'); $field['attribute'] = request::post('attribute'); $field['extra'] = request::post('extra'); $field['comment'] = request::post('comment'); $field['position'] = request::post('position'); $fieldname = request::post('fieldname'); $result = zotop::db()->table($tablename)->field($fieldname)->rename($field['name']); $result = zotop::db()->table($tablename)->modify($field); if ($result) { msg::success('修改成功', '<h2>字段修改成功</h2>', form::referer()); } } $tables = zotop::db()->tables(true); $table = $tables[$tablename]; $fields = array(); if (isset($table)) { $fields = zotop::db()->table($tablename)->fields(true); } $field = $fields[$fieldname]; if (!isset($field)) { zotop::error(-10, '字段不存在,请勿修改浏览器参数'); } $positions = array(); $positions[-1] = '位于表头'; if ($fields) { foreach ($fields as $key => $val) { $positions[$key] = '位于 ' . $key . ' 之后'; } } $positions[0] = ' '; $header['title'] = '<a href="' . zotop::url('zotop/database') . '">数据库管理</a> <i>></i> <a href="' . zotop::url('system/database/fields/', array('table' => $tablename)) . '">数据表 [ ' . $tablename . ' ] </a> <i>></i> 字段修改'; page::header($header); page::top(); page::navbar($this->navbar($tablename), 'edit'); form::header(); form::field(array('type' => 'hidden', 'name' => 'fieldname', 'label' => '字段名称', 'value' => $field['name'], 'valid' => '{required:true}')); form::field(array('type' => 'text', 'name' => 'name', 'label' => '字段名称', 'value' => $field['name'], 'valid' => '{required:true}', 'description' => '请输入字段的名称,3到32位,请勿使用特殊字符')); form::field(array('type' => 'text', 'name' => 'type', 'label' => '字段类型', 'value' => $field['type'], 'valid' => '{required:true}')); form::field(array('type' => 'text', 'name' => 'len', 'label' => '长度/值', 'value' => $field['length'], 'valid' => '{number:true,min:1}', 'description' => '请输入字段的长度,如果字段无须定义长度,请保持空值')); form::field(array('type' => 'hidden', 'name' => 'collation', 'label' => '整理', 'value' => $field['collation'], 'valid' => '', 'description' => '默认使用 <b>utf8_general_ci</b>: Unicode (多语言), 不区分大小写')); form::field(array('type' => 'select', 'options' => array('' => ' ', 'UNSIGNED' => 'UNSIGNED', 'UNSIGNED ZEROFILL' => 'UNSIGNED ZEROFILL', 'ON UPDATE CURRENT_TIMESTAMP' => 'ON UPDATE CURRENT_TIMESTAMP'), 'name' => 'attribute', 'label' => '属性', 'value' => $field['attribute'], 'valid' => '')); form::field(array('type' => 'select', 'options' => array('' => 'NULL', 'NOT NULL' => 'NOT NULL'), 'name' => 'null', 'label' => 'null', 'value' => $field['null'], 'valid' => '')); form::field(array('type' => 'text', 'name' => 'default', 'label' => '默认值', 'value' => $field['default'], 'valid' => '', 'description' => '如果需要可以为字段设置一个默认值')); form::field(array('type' => 'select', 'options' => array('' => '', 'AUTO_INCREMENT' => 'AUTO_INCREMENT'), 'name' => 'extra', 'label' => '额外', 'value' => $field['extra'], 'valid' => '', 'description' => '设置为自动增加:<b>AUTO_INCREMENT</b>时,该字段必须为数字类型')); form::field(array('type' => 'text', 'name' => 'comment', 'label' => '注释', 'value' => $field['comment'], 'valid' => '')); form::field(array('type' => 'select', 'name' => 'position', 'options' => $positions, 'label' => zotop::t('字段位置'), 'value' => $position, 'description' => '')); form::buttons(array('type' => 'submit'), array('type' => 'reset')); form::footer(); page::bottom(); page::footer(); }
public function actionEdit($tablename, $fieldname) { if (form::isPostBack()) { $field = array(); $field['name'] = request::post('name'); $field['length'] = request::post('len'); $field['type'] = request::post('type'); $field['collation'] = request::post('collation'); $field['null'] = request::post('null'); $field['default'] = request::post('default'); $field['attribute'] = request::post('attribute'); $field['extra'] = request::post('extra'); $field['comment'] = request::post('comment'); $field['position'] = request::post('position'); $fieldname = request::post('fieldname'); if ($fieldname != $field['name']) { $result = zotop::db()->table($tablename)->field($fieldname)->rename($field['name']); } $result = zotop::db()->table($tablename)->modify($field); if ($result) { msg::success('字段修改成功', zotop::url('database/field/index', array('tablename' => $tablename))); } } $tables = zotop::db()->tables(true); $table = $tables[$tablename]; $fields = array(); if (isset($table)) { $fields = zotop::db()->table($tablename)->fields(true); } $field = $fields[$fieldname]; if (!isset($field)) { msg::error('字段不存在,请勿修改浏览器参数'); } $positions = array(); $positions[-1] = '位于表头'; if ($fields) { foreach ($fields as $key => $val) { $positions[$key] = '位于 ' . $key . ' 之后'; } } $positions[0] = ' '; $page = new dialog(); $page->title = '编辑字段'; $page->set('database', $database); $page->set('tables', $tables); $page->set('field', $field); $page->set('positions', $positions); $page->display(); }
public function onEdit($tablename) { if (form::isPostBack()) { $tablename = request::post('tablename'); $name = request::post('name'); $comment = request::post('comment'); $primary = request::post('primary'); if (strtolower($tablename) !== strtolower($name)) { $rename = zotop::db()->table($tablename)->rename($name); } if ($comment !== NULL) { $comment = zotop::db()->table($name)->comment($comment); } if ($primary) { $primary = zotop::db()->table($name)->primary($primary); } msg::success('操作成功', '<h2>数据表设置成功</h2>正在刷新页面,请稍后……', form::referer()); } $tables = zotop::db()->tables(true); $table = $tables[$tablename]; if (!isset($table)) { msg::error('参数错误', zotop::t('数据表{$tablename}不存在', array('tablename' => $tablename))); } $header['title'] = '数据库管理 <i>></i> 数据表设置:' . $tablename . ' '; page::header($header); page::top(); page::navbar($this->navbar(), 'edit'); form::header(); form::field(array('type' => 'hidden', 'name' => 'tablename', 'label' => '数据表名称', 'value' => $table['name'], 'valid' => '{required:true}')); form::field(array('type' => 'text', 'name' => 'name', 'label' => '数据表名称', 'value' => $table['name'], 'valid' => '{required:true}')); form::field(array('type' => 'text', 'name' => 'comment', 'label' => '数据表注释', 'value' => $table['comment'], 'valid' => '')); form::buttons(array('type' => 'submit'), array('type' => 'button', 'value' => '返回前页', 'class' => 'back', 'onclick' => 'history.go(-1);')); form::footer(); page::bottom(); page::footer(); }
/** * Sanitizes global GET, POST and COOKIE data. Also takes care of * magic_quotes and register_globals, if they have been enabled. * * @return void */ public function __construct() { // Use XSS clean? $this->use_xss_clean = (bool) Eight::config('core.global_xss_filtering'); if (self::$instance === nil) { // Convert all global variables to UTF-8. $_GET = Input::clean($_GET); $_POST = Input::clean($_POST); $_COOKIE = Input::clean($_COOKIE); $_SERVER = Input::clean($_SERVER); if (PHP_SAPI == 'cli') { // Convert command line arguments $_SERVER['argv'] = Input::clean($_SERVER['argv']); } // magic_quotes_runtime is enabled if (get_magic_quotes_runtime()) { set_magic_quotes_runtime(0); Eight::log('debug', 'Disable magic_quotes_runtime! It is evil and deprecated: http://php.net/magic_quotes'); } // magic_quotes_gpc is enabled if (get_magic_quotes_gpc()) { $this->magic_quotes_gpc = YES; Eight::log('debug', 'Disable magic_quotes_gpc! It is evil and deprecated: http://php.net/magic_quotes'); } // register_globals is enabled if (ini_get('register_globals')) { if (isset($_REQUEST['GLOBALS'])) { // Prevent GLOBALS override attacks exit('Global variable overload attack.'); } // Destroy the REQUEST global $_REQUEST = array(); // These globals are standard and should not be removed $preserve = array('GLOBALS', '_REQUEST', '_GET', '_POST', '_FILES', '_COOKIE', '_SERVER', '_ENV', '_SESSION'); // This loop has the same effect as disabling register_globals foreach ($GLOBALS as $key => $val) { if (!in_array($key, $preserve)) { global ${$key}; ${$key} = nil; // Unset the global variable unset($GLOBALS[$key], ${$key}); } } // Warn the developer about register globals Eight::log('debug', 'Disable register_globals! It is evil and deprecated: http://php.net/register_globals'); } if (is_array($_GET)) { foreach ($_GET as $key => $val) { // Sanitize $_GET $_GET[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_GET = array(); } if (is_array($_POST)) { foreach ($_POST as $key => $val) { // Sanitize $_POST $_POST[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_POST = array(); } if (is_array($_COOKIE)) { foreach ($_COOKIE as $key => $val) { // Sanitize $_COOKIE $_COOKIE[$this->clean_input_keys($key)] = $this->clean_input_data($val); } } else { $_COOKIE = array(); } // Create a singleton self::$instance = $this; Eight::log('debug', 'Global GET, POST and COOKIE data sanitized'); } // Assign global vars to request helper vars request::$get = $_GET; request::$post = $_POST; request::$input = array_merge(URI::instance()->segments(2, YES), $_REQUEST); }