function isConnected($URL = FALSE)
{
if (!SESSION("ZanUser")) {
redirect($URL);
}
return TRUE;
}
/**
* Sessions Helper
*
*
*
* @package ZanPHP
* @subpackage core
* @category helpers
* @author MilkZoft Developer Team
* @link http://www.zanphp.com/documentation/en/helpers/security_helper
*/
function cacheSession($cacheID)
{
if (SESSION("ZanUser")) {
return $cacheID . "." . SESSION("ZanUser");
}
return $cacheID . ".guest";
}
public function index()
{
if ($this->_get('token') != session('token')) {
$this->error('非法操作');
}
$token_open = M('token_open')->field('queryname')->where(array('token' => session('token')))->find();
//dump($token_open);
if (!strpos($token_open['queryname'], 'api')) {
$this->error('您还开启该模块的使用权,请到功能模块中添加', U('Function/index', array('token' => session('token'), 'id' => session('wxid'))));
}
$data = D('Api');
$this->assign('api', $data->where(array('token' => session('token'), 'uid' => session('uid')))->find());
if (IS_POST) {
$_POST['uid'] = SESSION('uid');
$_POST['token'] = SESSION('token');
//if(empty($_POST['home']))unset($_POST['home']);
if ($data->create()) {
if ($data->add()) {
$this->success('操作成功');
} else {
$this->error('服务器繁忙,请稍候再试');
}
} else {
$this->error($data->getError());
}
} else {
$this->display();
}
}
public function _initialize()
{
if (!SESSION('?ADMIN_STATE')) {
$this->redirect('Admin/Login/index');
}
$this->webTitle = '后台管理';
}
private function editOrSave($action)
{
$validations = array("title" => "required", "URL" => "ping");
if (POST("code")) {
unset($validations["URL"]);
}
$data = array("ID_User" => SESSION("ZanUserID"), "Start_Date" => now(4), "End_Date" => now(4) + 2419200);
if ($action === "edit") {
$this->Data->ignore("banner");
}
$this->data = $this->Data->proccess($data, $validations);
if (isset($this->data["error"])) {
return $this->data["error"];
}
if (FILES("image", "name")) {
if (POST("banner")) {
@unlink(POST("banner"));
}
$dir = "www/lib/files/images/ads/";
$this->Files = $this->core("Files");
$this->data["Banner"] = $this->Files->uploadImage($dir, "image", "normal");
if (!$this->data["Banner"]) {
return getAlert("Upload error");
}
} else {
if (!isset($this->data["Code"])) {
return getAlert("You need to upload an image or write the ad code");
}
}
}
private function editOrSave($action)
{
$validations = array("exists" => array("Slug" => slug(POST("title", "clean")), "Year" => date("Y"), "Month" => date("m"), "Day" => date("d"), "Language" => POST("language")), "title" => "required", "content" => "required");
$this->categories = POST("categories");
$this->tags = POST("tags");
$this->URL = PATH("blog/" . date("Y")) . "/" . date("m") . "/" . date("d") . "/" . slug(POST("title", "clean"));
$this->muralExist = POST("mural_exist");
$this->Files = $this->core("Files");
$this->mural = FILES("mural");
if ($this->mural["name"] !== "") {
$dir = "www/lib/files/images/mural/";
$this->mural = $this->Files->uploadImage($dir, "mural", "mural");
if (is_array($this->mural)) {
return $this->mural["alert"];
}
}
$dir = "www/lib/files/images/blog/";
$this->image = $this->Files->uploadImage($dir, "image", "resize", TRUE, TRUE, FALSE);
$data = array("ID_User" => SESSION("ZanUserID"), "ID_URL" => 1, "Slug" => slug(POST("title", "clean")), "Content" => POST("content", "clean"), "Author" => SESSION("ZanUser"), "Year" => date("Y"), "Month" => date("m"), "Day" => date("d"), "Image_Small" => isset($this->image["small"]) ? $this->image["small"] : NULL, "Image_Medium" => isset($this->image["medium"]) ? $this->image["medium"] : NULL, "Pwd" => POST("pwd") ? POST("pwd", "encrypt") : NULL, "Start_Date" => now(4), "Text_Date" => now(2));
$this->Data->ignore(array("categories", "tags", "mural_exists", "mural", "pwd", "category", "language_category", "application", "mural_exist"));
$this->data = $this->Data->proccess($data, $validations);
if (isset($this->data["error"])) {
return $this->data["error"];
}
}
function getOnlineUsers()
{
global $Load;
$Db = $Load->core("Db");
$date = time();
$time = 10;
$time = $date - $time * 60;
$IP = getIP();
$user = SESSION("ZanUser");
$Db->deleteBySQL("Start_Date < {$time}", "users_online_anonymous");
$Db->deleteBySQL("Start_Date < {$time}", "users_online");
if ($user) {
$users = $Db->findBy("User", $user, "users_online");
if (!$users) {
$Db->insert("users_online", array("User" => $user, "Start_Date" => $date));
} else {
$Db->updateBySQL("users_online", "Start_Date = '{$date}' WHERE User = '******'");
}
} else {
$users = $Db->findBy("IP", $IP, "users_online_anonymous");
if (!$users) {
$Db->insert("users_online_anonymous", array("IP" => $IP, "Start_Date" => $date));
} else {
$Db->updateBySQL("users_online", "Start_Date = '{$date}' WHERE IP = '{$IP}'");
}
}
}
public function insert()
{
$tj = M('Huadianposter')->where(array('token' => SESSION('token'), 'subestatename' => $_POST['subestatename']))->count();
if ($tj == 0) {
$this->all_insert();
} else {
$this->error('操作失败,已有记录!请删除原有分类海报!', U(MODULE_NAME . '/index'));
}
}
public function insert()
{
$tj = M('Cosmetology')->where(array('token' => SESSION('token')))->count();
if ($tj == 0) {
$this->all_insert();
} else {
$this->error('操作失败', U(MODULE_NAME . '/index'));
}
}
private function editOrSave()
{
$validations = array("title" => "required", "URL" => "ping");
$data = array("ID_User" => SESSION("ZanUserID"));
$this->data = $this->Data->proccess($data, $validations);
if (isset($this->data["error"])) {
return $this->data["error"];
}
}
function getTwitterUser($oauthToken, $Twitter)
{
$Twitter->setToken($oauthToken);
$accessToken = $Twitter->getAccessToken();
$Twitter->setToken($accessToken->oauth_token, $accessToken->oauth_token_secret);
SESSION("ZanUserServiceAccessToken", $accessToken->oauth_token);
SESSION("ZanUserServiceAccessTokenSecret", $accessToken->oauth_token_secret);
$data = $Twitter->get_accountVerify_credentials();
return array("service" => "twitter", "serviceID" => $data->id, "username" => $data->screen_name, "name" => $data->name, "email" => null, "birthday" => null, "avatar" => $data->profile_image_url_https);
}
private function editOrSave()
{
$validations = array("exists" => array("Slug" => slug(POST("title", "clean")), "Language" => POST("language")), "title" => "required", "content" => "required");
$data = array("ID_User" => SESSION("ZanUserID"), "Slug" => slug(POST("title", "clean")), "Content" => POST("content", "clean"), "Start_Date" => now(4), "Text_Date" => now(2));
$this->data = $this->Data->proccess($data, $validations);
if (isset($this->data["error"])) {
return $this->data["error"];
}
return FALSE;
}
/**
* [登录信息检测]
* @param [array] $post [用户名,密码]
* @return [boolen] [description]
*/
public function checkLoad($post)
{
$uid = $this->where('user="******" and pwd="' . md5($post['pwd']) . '"')->getField('uid');
if ($uid) {
SESSION('uid', $uid);
SESSION('user', $post[user]);
$res = true;
} else {
$res = false;
}
return $res;
}
function apply_settings($password, $password2, $realname)
{
global $LSP_URL;
if ($password != $password2) {
display_error('Password mismatch');
return false;
} else {
change_user(SESSION(), $realname, $password);
display_success('Account settings have been updated', array('<a href="">User Settings</a>', 'Success'), $LSP_URL . "?account=settings");
return true;
}
}
function getFacebookUser($code)
{
$response = file_get_contents("https://graph.facebook.com/oauth/access_token?client_id=" . FB_APP_ID . "&redirect_uri=" . encode(FB_APP_URL, true) . "&client_secret=" . FB_APP_SECRET . "&code=" . $code);
$params = null;
parse_str($response, $params);
if (isset($params["access_token"])) {
SESSION("ZanUserServiceAccessToken", $params["access_token"]);
$graphURL = "https://graph.facebook.com/me?fields=" . FB_APP_FIELDS . "&access_token=" . $params["access_token"];
$user = json_decode(file_get_contents($graphURL));
return array("serviceID" => $user->id, "username" => $user->username, "name" => $user->name, "email" => $user->email, "birthday" => $user->birthday, "avatar" => $user->picture->data->url);
}
return false;
}
private function all($trash, $order, $limit)
{
if (!$trash) {
if (SESSION("ZanUserPrivilege") === _super) {
$data = $this->Db->findBySQL("Situation != 'Deleted'", $this->table, NULL, $order, $limit);
} else {
$data = $this->Db->findBySQL("ID_User = '******' AND Situation != 'Deleted'", NULL, $order, $limit);
}
} else {
if (SESSION("ZanUserPrivilege") === _super) {
$data = $this->Db->findBy("Situation", "Deleted", $this->table, NULL, $order, $limit);
} else {
$data = $this->Db->findBySQL("ID_User = '******' AND Situation = 'Deleted'", $this->table, NULL, $order, $limit);
}
}
return $data;
}
public function insert()
{
$token = $this->_get('token');
$id = $this->_get('id');
$tj = M('Cosmetology_setup_control')->where(array('token' => SESSION('token')))->count();
$this->assign('tj', $tj);
if ($tj == 0) {
$column = D('Cosmetology_setup_control');
if ($column->create()) {
if ($column->add()) {
$this->success('添加成功', U('Cosmetology_setup_control/index', array('token' => $token)));
} else {
$this->error('添加成功', U('Cosmetology_setup_control/index', array('token' => $token, 'token' => $id)));
}
}
} else {
$this->error('添加失败', U('Cosmetology_setup_control/index', array('token' => SESSION('token'))));
}
}
public function add()
{
$data = D('Api');
if (IS_POST) {
$_POST['uid'] = SESSION('uid');
$_POST['token'] = SESSION('token');
if ($data->create()) {
if ($data->add()) {
$this->success('操作成功', U('Api/index', array('token' => $this->token)));
} else {
$this->error('操作无效');
}
} else {
$this->error($data->getError());
}
} else {
$this->display();
}
}
public function add()
{
$data = D('Api');
if (IS_POST) {
$_POST['uid'] = SESSION('uid');
$_POST['token'] = SESSION('token');
//if(empty($_POST['home']))unset($_POST['home']);
if ($data->create()) {
if ($data->add()) {
$this->success('操作成功');
} else {
$this->error('服务器繁忙,请稍候再试');
}
} else {
$this->error($data->getError());
}
} else {
$this->display();
}
}
public function index()
{
$where['id'] = $this->_get('id');
$where['token'] = $this->token;
$set = M('email_set')->where($where)->find();
$db = M('email_set');
if (IS_POST) {
$_POST['uid'] = SESSION('uid');
$_POST['token'] = SESSION('token');
$_POST['storeid'] = $this->_POST('storeid');
if ($set == false) {
if ($db->create() === false) {
$this->error($db->getError());
} else {
$id = $db->add();
if ($id == true) {
$this->success('操作成功', U('Email/lists', array('token' => $this->token)));
} else {
$this->error('操作失败', U('Email/lists', array('token' => $this->token)));
}
}
} else {
$_POST['id'] = $set['id'];
if ($db->create() === false) {
$this->error($db->getError());
} else {
$id = $db->save();
if ($id == true) {
$this->success('操作成功', U('Email/lists', array('token' => $this->token)));
} else {
$this->error('操作失败', U('Email/lists', array('token' => $this->token)));
}
}
}
} else {
$this->assign('set', $set);
$this->display();
}
}
private function editOrSave()
{
$j = 0;
$k = 0;
foreach (POST("answers") as $key => $answer) {
if ($answer === "") {
$j += 1;
} else {
$k += 1;
}
}
if (count(POST("answers")) === $j) {
return getAlert("You need to write a answers");
} elseif ($k < 2) {
return getAlert("You need to write more than one answer");
} else {
$this->answers = POST("answers");
}
$validations = array("title" => "required");
$data = array("ID_User" => SESSION("ZanUserID"), "Start_Date" => now(4), "Text_Date" => now(2));
$this->Data->ignore("answers");
$this->data = $this->Data->proccess($data, $validations);
}
public function index()
{
$set = $this->printer_set;
$db = $this->printer_model;
if (IS_POST) {
$_POST['uid'] = SESSION('uid');
$_POST['token'] = SESSION('token');
if ($set == false) {
if ($db->create() === false) {
$this->error($db->getError());
} else {
$id = $db->add();
if ($id == true) {
$this->success('操作成功', U('Printer/lists', array('token' => $this->token)));
} else {
$this->error('操作失败', U('Printer/lists', array('token' => $this->token)));
}
}
} else {
$_POST['id'] = $set['id'];
if ($db->create() === false) {
$this->error($db->getError());
} else {
$id = $db->save();
if ($id == true) {
$this->success('操作成功', U('Printer/index', array('token' => $this->token, 'id' => $set['id'])));
} else {
$this->error('操作失败', U('Printer/index', array('token' => $this->token, 'id' => $set['id'])));
}
}
}
} else {
$this->assign('set', $set);
$this->display();
}
}
private function save()
{
$this->Db->table("url", "URL");
$this->Db->values("'{$this->URL}'");
$insertID1 = $this->Db->save();
if (is_array($this->image)) {
$small = $this->image["small"];
$medium = $this->image["medium"];
} else {
$small = NULL;
$medium = NULL;
}
$fields = "ID_User, ID_URL, Title, Nice, Content, Author, Start_Date, Text_Date, Year, Month, Day, Image_Small, Image_Medium, ";
$fields .= "Enable_Comments, Language, Pwd, State";
$values = "'" . SESSION("ZanUserID") . "', '{$insertID1}', '{$this->title}', '{$this->nice}', '{$this->content}', '{$this->author}', '{$this->date1}', ";
$values .= "'{$this->date2}', '{$this->year}', '{$this->month}', '{$this->day}', '{$small}', '{$medium}', '{$this->comments}', ";
$values .= "'{$this->language}', '{$this->password}', '{$this->state}'";
$this->Db->table($this->table, $fields);
$this->Db->values($values);
$insertID2 = $this->Db->save();
if ($this->mural) {
$fields = "ID_Post, Title, URL, Image";
$values = "'{$insertID2}', '{$this->title}', '{$this->URL}', '{$this->mural}'";
$this->Db->table("mural", $fields);
$this->Db->values($values);
$this->Db->save();
}
if (is_array($this->categories)) {
$this->Db->table("categories2applications");
foreach ($this->categories as $category) {
$categories[] = $this->Db->findBy("ID_Category", $category);
}
$this->Db->table("categories2records", "ID_Category2Application, ID_Record");
foreach ($categories as $category) {
$this->Db->values("'" . $category[0]["ID_Category2Application"] . "', '{$insertID2}'");
$insertID3 = $this->Db->save();
}
}
if (is_array($this->tags)) {
foreach ($this->tags as $tag) {
$this->Db->table("tags", "Title, Nice");
$this->Db->values("'" . decode($tag) . "', '" . nice($tag) . "'");
$insertID4 = $this->Db->save();
$this->Db->table("tags2applications", "ID_Application, ID_Tag");
$this->Db->values("'3', '{$insertID4}'");
$insertID5 = $this->Db->save();
$this->Db->table("tags2records", "ID_Tag2Application, ID_Record");
$this->Db->values("'{$insertID5}', '{$insertID2}'");
$insertID6 = $this->Db->save();
}
}
if ($insertID1 === "rollback" or $insertID2 === "rollback") {
$this->Db->rollBack();
return getAlert("Insert error");
} else {
$this->Db->commit();
return getAlert("The post has been saved correctly", "success", $this->URL);
}
}
public function isAllow($permission = "view", $application = NULL)
{
if (SESSION("ZanUserPrivilegeID") and !SESSION("ZanUserApplication")) {
$this->Applications_Model = $this->model("Applications_Model");
if (is_null($application)) {
$application = whichApplication();
}
$privilegeID = SESSION("ZanUserPrivilegeID");
$applicationID = $this->Applications_Model->getID($application);
if ($this->getPermissions($privilegeID, $applicationID, $permission)) {
return TRUE;
} else {
return FALSE;
}
} else {
return TRUE;
}
}
<?php
require_once "init.php";
require_once "functions.php";
require_once "views.php";
//save title content first
if (POST("submit") == 'create') {
$title = POST("title");
$content = POST("content");
$_SESSION['title'] = $title;
$_SESSION['content'] = $content;
}
?>
<?php
if (SESSION('login') === true) {
$title = POST("title");
$content = POST("content");
$statement = savePost2Database($title, $content);
showModalNotification("Post saved!", "New post has saved with post id: {$statement}");
} elseif (POST('submit') == 'login') {
$username = $_POST['username'];
$password = $_POST['password'];
$statement = getEncryptedPassword($username);
$encryptedPassword = "";
$o = $statement->fetchObject();
if ($o) {
$encryptedPassword = $o->password;
}
if (strtoupper(md5($password)) == $encryptedPassword) {
$_SESSION['login'] = true;
public function trash($ID)
{
if ($this->application === "users" and SESSION("ZanUserID") === $ID) {
return TRUE;
}
$data = array("Situation" => "Deleted");
if (!is_array($ID)) {
$this->Db->update($this->application, $data, $ID);
$count = $this->Db->countBySQL("Situation = 'Active'", $this->application);
return $count > 0 ? TRUE : FALSE;
} else {
for ($i = 0; $i <= count($ID) - 1; $i++) {
$this->Db->update($this->application, $data, $ID[$i]);
}
$count = $this->Db->countBySQL("Situation = 'Active'", $this->application);
return $count > 0 ? TRUE : FALSE;
}
}
var URL = "<?php
print get('webURL');
?>
";
</script>
</head>
<body>
<?php
if ($isAdmin) {
?>
<div id="top-bar">
<?php
$li[] = a("‹‹" . __(_("Go back")), path());
$li[] = " | " . span("bold", __(_("Welcome"))) . ": " . SESSION("ZanUser");
$li[] = " | " . span("bold", __(_("Online users"))) . ": {$online}";
$li[] = " | " . span("bold", __(_("Registered users"))) . ": {$registered}";
$li[] = " | " . span("bold", __(_("Last user"))) . ": " . a($lastUser["Username"], path("/users/editprofile/"));
$li[] = " | " . a(__(_("Logout")) . "››", path("cpanel/logout/")) . "";
print ul($li);
?>
</div>
<?php
} else {
?>
<div id="top-bar-logout">
<a href="<?php
print path();
?>
" title="<?php
function process_params()
{
$post_funcs = explode(',', POST_FUNCS);
foreach ($post_funcs as $func) {
if (!GET_EMPTY($func)) {
// Process parametrized functions
switch ($func) {
case 'rate':
update_rating(GET('file'), GET('rate'), SESSION());
break;
// break for file/rate, return for all others
// break for file/rate, return for all others
case 'search':
//move down
//move down
case 'q':
get_results(GET('category'), GET('subcategory'), GET('sort'), GET('q', GET('search', '')), '', GET('order'), GET('commentsearch'));
return;
// default: // do nothing
}
// Process built-in functions
switch ($func . ":" . GET($func)) {
case 'comment:add':
require "./comment_file.php";
return;
case 'content:add':
require "./add_file.php";
return;
case 'content:update':
require "./edit_file.php";
return;
case 'content:delete':
require "./delete_file.php";
return;
case 'account:settings':
require "./user_settings.php";
return;
case 'action:show':
show_file(GET("file"), SESSION());
return;
case 'action:register':
require "./register.php";
return;
case 'action:browse':
// Browsing by category seems is currently only supported "browse" option
if (!GET_EMPTY('category')) {
get_results(GET('category'), GET('subcategory'), GET('sort'), '', '', GET('order'));
return;
} else {
if (!GET_EMPTY('user')) {
get_results(GET('category'), GET('subcategory'), GET('sort'), '', GET('user'), GET('order'));
return;
}
}
// default: // do nothing
}
}
}
// All else fails, show the "Latest Uploads" page
get_latest();
}
function formCaptcha($attributes = false, $alphanumeric = false)
{
$hash = md5(getURL());
$HTML = '<input type="hidden" name="captcha_token" value="' . $hash . '" />';
$HTML .= '<input type="hidden" name="captcha_type" value="' . ($alphanumeric ? 'alphanumeric' : 'aritmethic') . '" />';
if (!$alphanumeric) {
$attributes["style"] = (isset($attributes["style"]) ? $attributes["style"] : '') . "max-width: 50px; text-align: center;";
$attributes["type"] = "number";
$num1 = rand(1, 9);
$num2 = rand(1, 9);
switch (rand(1, 3)) {
case 1:
$operation = '-';
$answer = $num1 - $num2;
break;
default:
$operation = '+';
$answer = $num1 + $num2;
}
$HTML .= __("How much is ") . (rand(0, 1) === 0 ? $num1 : num2str($num1, true)) . ' ' . $operation . ' ' . (rand(0, 1) === 0 ? $num2 : num2str($num2, true)) . '? ';
} else {
$attributes["style"] = (isset($attributes["style"]) ? $attributes["style"] : '') . "max-width: 200px; text-align: center;";
$answer = "";
$characters = array("A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "1", "2", "3", "4", "5", "6", "7", "8", "9", "0");
for ($i = 0; $i < 5; $i++) {
$answer .= $characters[rand(0, count($characters) - 1)];
}
$HTML .= '<img src="' . path("captcha/{$hash}") . '" /><br />';
}
SESSION("ZanCaptcha" . $hash, $answer);
if (isset($attributes) and is_array($attributes)) {
$attrs = null;
foreach ($attributes as $attribute => $value) {
if ($attribute === "required") {
$attrs .= ' required ';
} elseif ($attribute === "events") {
$attrs .= ' ' . $value . ' ';
} elseif ($attribute !== "p" and $attribute !== "field") {
if (!preg_match('/"/', $value)) {
$attrs .= ' ' . strtolower($attribute) . '="' . $value . '"';
} else {
$attrs .= ' ' . strtolower($attribute) . "='" . $value . "'";
}
} else {
${$attribute} = $value;
}
}
$HTML .= '<input' . $attrs . ' type="text" /> ';
if (isset($p) and $p and isset($field)) {
$HTML = '<p><span class="field">» ' . $field . '</span><br />' . $HTML . '</p>';
} elseif (isset($p) and $p) {
$HTML = '<p>' . $HTML . '</p>';
} elseif (isset($field)) {
$HTML = '<span class="field">» ' . $field . '</span><br />' . $HTML . '';
}
return $HTML;
} elseif ($attributes) {
return $HTML . '<input name="' . $attributes . '" type="text" />';
} else {
return null;
}
}
function unsetSessions($URL = false)
{
$lastURL = SESSION("lastURL");
session_unset();
session_destroy();
redirect($URL ? $URL : $lastURL);
}
