public function show()
{
if (!isset($this->params['type'])) {
$this->error(ECode::$MAIL_NOBOX);
}
if (!isset($this->params['num'])) {
$this->error(ECode::$MAIL_NOMAIL);
}
$type = $this->params['type'];
$num = $this->params['num'];
try {
$box = new MailBox(User::getInstance(), $type);
$mail = Mail::getInstance($num, $box);
} catch (Exception $e) {
$this->error(ECode::$MAIL_NOMAIL);
}
$this->notice = $box->desc . "-阅读邮件";
$mail->setRead();
$content = $mail->getHtml();
preg_match("|来 源:[\\s]*([0-9a-zA-Z.:*]+)|", $content, $f);
$f = empty($f) ? "" : "<br />FROM {$f[1]}";
$s = ($pos = strpos($content, "<br/><br/>")) === false ? 0 : $pos + 10;
$e = ($pos = strpos($content, "<br/>--<br/>")) === false ? strlen($content) : $pos + 7;
$content = substr($content, $s, $e - $s) . $f;
if (Configure::read("ubb.parse")) {
$content = XUBB::parse($content);
}
App::import("Sanitize");
$this->set("type", $type);
$this->set("num", $mail->num);
$this->set("title", Sanitize::html($mail->TITLE));
$this->set("sender", $mail->OWNER);
$this->set("time", date("Y-m-d H:i:s", $mail->POSTTIME));
$this->set("content", $content);
}
function view($id = null)
{
if (!$id) {
$this->redirect(array('action' => 'index'));
}
// Make sure the user is allowed to see the account.
$id = Sanitize::escape($id);
if (!$this->isAuthorized($id)) {
$this->Session->setFlash(__('Invalid account', true));
$this->redirect(array('action' => 'index'));
}
$this->Account->id = $id;
$account = Sanitize::html($this->Account->field('name'));
$this->set('page_header', __('%s - Overview', $account));
// Set the idata needed for nav menu.
$type = $this->NavMenu->checkType($this->Account->getType($id));
$this->set('navMenu', $this->NavMenu->menu($type));
$this->set('selectedTab', 'overview');
$this->set('accountId', $id);
$this->set('overview', '');
// If the request is ajax, use ajax component.
if ($this->request->isAjax()) {
$this->render('/Elements/ajax', 'ajax');
}
}
public function verifyUserByToken($username, $token)
{
$username = Sanitize::html($username);
$token = Sanitize::html($token);
$username = trim($username);
$token = trim($token);
if (empty($username) || empty($token)) {
Log::set(__METHOD__ . LOG_SEP . 'Username or Token-email empty. Username: '******' - Token-email: ' . $token);
return false;
}
$user = $this->dbUsers->getDb($username);
if ($user == false) {
Log::set(__METHOD__ . LOG_SEP . 'Username does not exist: ' . $username);
return false;
}
$currentTime = Date::current(DB_DATE_FORMAT);
if ($user['tokenEmailTTL'] < $currentTime) {
Log::set(__METHOD__ . LOG_SEP . 'Token-email expired: ' . $username);
return false;
}
if ($token === $user['tokenEmail']) {
// Set the user loggued.
$this->setLogin($username, $user['role']);
// Invalidate the current token.
$this->dbUsers->generateTokenEmail($username);
Log::set(__METHOD__ . LOG_SEP . 'User logged succeeded by Token-email - Username: '******'Token-email incorrect.');
}
return false;
}
public function index()
{
$this->js[] = "forum.refer.js";
$this->css[] = "mail.css";
$type = Refer::$AT;
$pageBar = "";
if (isset($this->params['type'])) {
$type = $this->params['type'];
}
try {
$refer = new Refer(User::getInstance(), $type);
} catch (ReferNullException $e) {
$this->error(ECode::$REFER_NONE);
}
$p = isset($this->params['url']['p']) ? $this->params['url']['p'] : 1;
App::import('vendor', "inc/pagination");
try {
$pagination = new Pagination($refer, Configure::read("pagination.mail"));
$articles = $pagination->getPage($p);
} catch (Exception $e) {
$this->error(ECode::$REFER_NONE);
}
if ($refer->getTotalNum() > 0) {
$info = array();
App::import('Sanitize');
foreach ($articles as $v) {
$info[] = array("index" => $v['INDEX'], "id" => $v['ID'], "board" => $v['BOARD'], "user" => $v['USER'], "title" => Sanitize::html($v['TITLE']), "time" => date("Y-m-d H:i:s", $v['TIME']), "read" => $v['FLAG'] === Refer::$FLAG_READ);
}
$this->set("info", $info);
}
$link = "{$this->base}/refer/{$type}?p=%page%";
$this->set("pageBar", $pagination->getPageBar($p, $link));
$this->set("pagination", $pagination);
$this->set("type", $type);
}
public function add($args)
{
$dataForDb = array();
// This data will be saved in the database
$dataForFile = array();
// This data will be saved in the file
// Generate the database key.
$key = $this->generateKey($args['slug']);
// The user is always the one loggued.
$args['username'] = Session::get('username');
if (Text::isEmpty($args['username'])) {
return false;
}
// The current unix time stamp.
if (empty($args['unixTimeCreated'])) {
$args['unixTimeCreated'] = Date::unixTime();
}
// Verify arguments with the database fields.
foreach ($this->dbFields as $field => $options) {
if (isset($args[$field])) {
// Sanitize if will be saved on database.
if (!$options['inFile']) {
$tmpValue = Sanitize::html($args[$field]);
} else {
$tmpValue = $args[$field];
}
} else {
$tmpValue = $options['value'];
}
// Check where the field will be written, if in the file or in the database.
if ($options['inFile']) {
$dataForFile[$field] = Text::firstCharUp($field) . ': ' . $tmpValue;
} else {
// Set type
settype($tmpValue, gettype($options['value']));
// Save on database
$dataForDb[$field] = $tmpValue;
}
}
// Make the directory.
if (Filesystem::mkdir(PATH_POSTS . $key) === false) {
Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to create the directory ' . PATH_POSTS . $key);
return false;
}
// Make the index.txt and save the file.
$data = implode("\n", $dataForFile);
if (file_put_contents(PATH_POSTS . $key . DS . 'index.txt', $data) === false) {
Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to put the content in the file index.txt');
return false;
}
// Save the database
$this->db[$key] = $dataForDb;
if ($this->save() === false) {
Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to save the database file.');
return false;
}
return true;
}
public function contentRaw($raw = true)
{
// This content is not sanitized.
$content = $this->getField('contentRaw');
if ($raw) {
return $content;
}
return Sanitize::html($content);
}
public function beforeFilter()
{
$this->_mbase = Configure::read("plugins.mobile.base");
$this->css['plugin']['mobile'][] = "m.css";
$this->notice = Configure::read("site.name");
parent::beforeFilter();
if (isset($this->params['url']['m'])) {
App::import('Sanitize');
$this->_msg = Sanitize::html(trim($this->params['url']['m']));
}
}
public function getParameterByPostEscape($name, $defultValue = "")
{
$parameter = $defultValue;
if ($this->request->is('post')) {
if (array_key_exists($name, $_POST)) {
$parameter = $this->request->data[$name];
$parameter = Sanitize::escape($parameter);
}
}
return Sanitize::html($parameter);
}
/**
* clean keywords string
*/
private function _cleanKeywords($data)
{
$keywords = $data['keywords'];
if (!empty($keywords)) {
$san = new Sanitize();
$keywords = $san->html($keywords);
} else {
$keywords = '';
}
return $keywords;
}
public function index()
{
$this->js[] = "forum.board.js";
$this->css[] = "board.css";
App::import('Sanitize');
if (!isset($this->params['num'])) {
$this->error(ECode::$SEC_NOSECTION);
}
try {
$num = $this->params['num'];
$this->_sec = Section::getInstance($num, Section::$NORMAL);
} catch (SectionNullException $e) {
$this->error(ECode::$SEC_NOSECTION);
} catch (BoardNullException $e) {
$this->error(ECode::$BOARD_NOBOARD);
}
$secs = $this->_sec->getAll();
$ret = false;
if (!$this->_sec->isNull()) {
$u = User::getInstance();
foreach ($secs as $brd) {
$last = array();
$last["id"] = "";
$last["title"] = $last["owner"] = $last["date"] = "无";
if ($brd->hasReadPerm($u)) {
$threads = $brd->getTypeArticles(0, 1, Board::$ORIGIN);
if (!empty($threads)) {
$threads = $threads[0];
$last = array("id" => $threads->ID, "title" => Sanitize::html($threads->TITLE), "owner" => $threads->isSubject() ? $threads->OWNER : "原帖已删除", "date" => date("Y-m-d H:i:s", $threads->POSTTIME));
}
}
$bms = split(" ", $brd->BM);
foreach ($bms as &$bm) {
if (preg_match("/[^0-9a-zA-Z]/", $bm)) {
$bm = array($bm, false);
} else {
$bm = array($bm, true);
}
}
$ret[] = array("name" => $brd->NAME, "desc" => $brd->DESC, "type" => $brd->isDir() ? "section" : "board", "bms" => $bms, "curNum" => $brd->CURRENTUSERS, "todayNum" => $brd->getTodayNum(), "threadsNum" => $brd->getThreadsNum(), "articleNum" => $brd->ARTCNT, "last" => $last);
}
}
$this->set("sec", $ret);
$this->set("noBrd", ECode::msg(ECode::$SEC_NOBOARD));
$this->set("secName", $this->_sec->getDesc());
if (!$this->_sec->isRoot()) {
$parent = $this->_sec->getParent();
$this->notice[] = array("url" => "/section/{$parent->getName()}", "text" => $parent->getDesc());
}
$this->title = Configure::read('site.name') . '-' . $this->_sec->getDesc();
$this->notice[] = array("url" => "/section/{$this->_sec->getName()}", "text" => $this->_sec->getDesc());
$this->notice[] = array("url" => "", "text" => $this->_sec->isRoot() ? "分区列表" : "目录列表");
}
public function setDb($array)
{
$tmp = array();
// All fields will be sanitize before save.
foreach ($array as $key => $value) {
$tmp[$key] = Sanitize::html($value);
}
$this->db = $tmp;
// Save db on file
$Tmp = new dbJSON($this->filenameDb);
$Tmp->db = $tmp;
$Tmp->save();
}
public function set($args)
{
foreach ($args as $field => $value) {
if (isset($this->dbFields[$field])) {
$this->db[$field] = Sanitize::html($value);
}
}
if ($this->save() === false) {
Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to save the database file.');
return false;
}
return true;
}
function beforeSave(&$model)
{
App::import('Sanitize');
foreach ($this->settings[$model->alias]['fields'] as $fieldName) {
if ($fieldName === 'nome' || $fieldName === 'obs') {
Sanitize::html(&$model->data[$model->alias][$fieldName], array('remove' => true));
}
if (isset($model->data[$model->alias]['data']) && $fieldName === 'data') {
$model->data[$model->alias]['data'] = $this->converteParaMySQL($model, $model->data[$model->alias]['data']);
}
}
return true;
}
function addComment(&$Model, $params, $user_id, $tpl_params = array(), $comment_type_name = null, $model_alias = null)
{
$mrClean = new Sanitize();
$notification_data = a();
$foreign_id = $params['form']['foreign_id'];
$text = $mrClean->html($params['form']['comment']);
$comment = array('Comment' => array('body' => $text, 'name' => $user_id, 'email' => '*****@*****.**'));
$out = $Model->createComment($foreign_id, $comment);
$comment_id = $Model->Comment->id;
if (!$model_alias) {
$model_alias = $Model->alias;
}
// Retrieve ids belonging to users that have be notified (eg each users that commented this object before)
$comments = Set::extract($this->getComments($Model, $foreign_id, TRUE), '{n}.Comment.name');
// Remove duplicated values
$tbn = array_unique($comments);
// Retrieve owner of the commented object
$owner = $Model->read('user_id', $foreign_id);
$owner_id = $owner[$model_alias]['user_id'];
// owner should be notified as well
if (!in_array($owner_id, $tbn)) {
array_push($tbn, $owner_id);
}
$users = array_diff($tbn, array($user_id));
if (!empty($users)) {
$this->setupUserModel();
$commenter = $this->user->read(array('name', 'surname'), $user_id);
$owner = $this->user->read(array('name', 'surname'), $owner_id);
$subject = $this->Conf->get('Site.name') . " comment notification";
$domain = $this->Conf->get('Organization.domain');
foreach ($users as $c_id) {
// check whether the user is can be notified or not
$active = $this->Acl->check(array('model' => 'User', 'foreign_key' => $c_id), 'site');
$nfb = $this->user->read('notification', $c_id);
if ($active && $nfb['User']['notification']) {
if ($c_id == $owner_id) {
$is_owner = true;
} else {
$is_owner = false;
}
array_push($notification_data, array('from' => 'noreply@' . $domain, 'to' => $this->user->getemail($c_id, $this->Conf->get('Organization.domain')), 'subject' => $subject, 'own' => $is_owner, 'owner' => $owner['User'], 'commenter' => $commenter['User']));
}
}
}
$Model->addtotimeline($tpl_params, null, 'comment', $user_id, $model_alias, $foreign_id, $comment_id, $comment_type_name);
# clear cache
clearCache($this->cacheName, '', '');
return $notification_data;
}
/**
* Sanitizes given array or value for safe input. Use the options to specify
* the connection to use, and what filters should be applied (with a boolean
* value). Valid filters: odd_spaces, encode, dollar, carriage, unicode,
* escape, backslash.
*
* @param mixed $data Data to sanitize
* @return mixed Sanitized data
* @access public
* @static
*/
public static function clean($data)
{
if (empty($data)) {
return $data;
}
if (is_array($data)) {
foreach ($data as $key => $val) {
$data[$key] = Sanitize::clean($val);
}
return $data;
} else {
$data = trim($data);
$data = Sanitize::html($data);
return $data;
}
}
public function view()
{
require_once APP . 'Vendor' . DS . 'markdown' . DS . 'markdown.php';
$id = $this->request->data['messageId'];
$this->autoRender = false;
if ($this->request->is('ajax')) {
$this->Message->id = $id;
if ($this->Message->exists() && $this->Message->isOwnedBy($id)) {
$this->Message->saveField('viewed', 0);
$messageData = $this->Message->read();
$body = Markdown($messageData['Message']['body']);
return json_encode(array('status' => true, 'username' => $messageData['From']['username'], 'title' => Sanitize::html($messageData['Message']['title']), 'body' => $body));
}
}
return json_encode(array('status' => false, 'title' => 'Nope', 'message' => 'Nope'));
}
public function query()
{
$this->notice = "用户查询";
App::import('Sanitize');
@($id = trim($this->params['pass'][0]));
try {
$u = User::getInstance($id);
} catch (UserNullException $e) {
$this->set("noid", true);
return;
}
App::import("vendor", "inc/astro");
$astro = Astro::getAstro($u->birthmonth, $u->birthday);
$info = array("uid" => $u->userid, "name" => Sanitize::html($u->username), "gender" => $u->gender == 77 ? "男" : "女", "astro" => $astro['name'], "qq" => $u->OICQ == "" ? "未知" : $u->OICQ, "msn" => $u->MSN == "" ? "未知" : $u->MSN, "homepage" => $u->homepage == "" ? "未知" : $u->homepage, "level" => $u->getLevel(), "postNum" => $u->numposts, "loginNum" => $u->numlogins, "lastTime" => date("Y-m-d H:i:s", $u->lastlogin), "lastIP" => $u->lasthost, "life" => $u->getLife(), "first" => date("Y-m-d", $u->firstlogin), "status" => $u->getStatus());
$this->set($info);
$this->set("hide", $u->getCustom("userdefine0", 29) == 0);
$this->set("me", $u->userid == User::getInstance()->userid);
}
public function index()
{
$this->pageTitle = __('ALUMNI_INDEX_TITLE', true);
$conditions = array();
//
// vyhladavanie
if (isset($_POST['name'])) {
//
// osetrenie
uses('sanitize');
$sanit = new Sanitize();
//
// podmienka pre vystup
$conditions = array('or' => array('User.username ILIKE' => '%' . $sanit->escape($_POST['name']) . '%', 'User.first_name ILIKE' => '%' . $sanit->escape($_POST['name']) . '%', 'User.middle_name ILIKE' => '%' . $sanit->escape($_POST['name']) . '%', 'User.last_name ILIKE' => '%' . $sanit->escape($_POST['name']) . '%'));
//
// ak bol zadany aj odbor, tak ho zakomponuj do podmienky
if (@$_POST['specialization_id'] != '') {
$conditions = array('and' => array('Graduate.specialization_id' => $_POST['specialization_id'], $conditions));
}
$_SESSION['search_cond'] = $conditions;
$_SESSION['search_name'] = $sanit->html($_POST['name']);
$_SESSION['search_specialization_id'] = $_POST['specialization_id'];
} else {
if (isset($_SESSION['search_cond'])) {
//
// ak listujem medzi strankami
$conditions = $_SESSION['search_cond'];
}
}
$this->Graduate->recursion = 2;
$graduates = $this->paginate('Graduate', $conditions);
//print_r($graduates);
$this->set('graduates', $graduates);
// kym nefunguje rekurzivne tahanie typu studia
$study_type_names = array();
$study_type_names['sk'] = $this->StudyType->find("list", array('fields' => array('StudyType.id', 'StudyType.name_sk')));
$study_type_names['en'] = $this->StudyType->find("list", array('fields' => array('StudyType.id', 'StudyType.name_en')));
//
// najdi vsetky typy podla priority
$this->set('study_types', $this->StudyType->findAll(null, null, array('StudyType.priority')));
$this->set('study_type_names', $study_type_names);
$this->set('lang', $this->Session->read('Config.language'));
$this->set('total_graduate_count', $this->Graduate->findCount());
}
function textUpload()
{
$contents = false;
$ttText = null;
$finPhrase = '';
$strLen = null;
//ajax preparation
Configure::write('debug', 0);
$this->autoLayout = false;
$this->autoRender = false;
if ($this->RequestHandler->isAjax()) {
if (strpos(env('HTTP_REFERER'), trim(env('HTTP_HOST'), '/')) === false) {
$this->Security->blackHoleCallback = 'gotov';
}
//main staff
$ttText = trim($this->data['Text']['text']);
App::import('Sanitize');
$ttText = Sanitize::html($ttText);
$text1 = "It goes <div style='color:red;'>was</div> a time when Zack Morris phone jokes weren't invented yet, but leaving a prototype phone in a bar would have still kicked your professional ass. You see, when Cooper was trucking around a cellphone in 1973, it weighed nearly two kilos and cost approximately \$1 million for Motorola to produce. Battery life was a brisk 20 minutes. Order a pizza or do more QA testing?�choices! Fast forward to today, and Cooper is put off by the size of a smartphone's instruction manual (often larger and heavier than the phone itself, he says), which he argues can require an engineer's expertise to figure out. No bother though, as Cooper predicts that in the not-so-distant future tiny cellphone implants ill deliver calls from mom via the bony spots behind our ears.";
$keywords = preg_split("/(\\.|\\!|\\?)[\\s]+/", $ttText);
$l = 0;
$k = 1;
foreach ($keywords as $keyW) {
if ($strLen >= 2400 * $k) {
$l++;
$k++;
}
if (substr($keyW, -1) === '.') {
$finPhrase[$l][] = substr($keyW, 0, -1);
} else {
$finPhrase[$l][] = $keyW;
}
$strLen += strlen($keyW);
}
//Configure::write('debug', 2);
//debug($finPhrase);
$contents = json_encode(array("stat" => 1, 'strlen' => $strLen, 'resText' => $finPhrase));
$this->header('Content-Type: application/json');
return $contents;
} else {
$this->Security->blackHoleCallback = 'gotov';
}
}
public function setDb($args)
{
$tmp = $this->db;
foreach ($this->dbFields as $key => $value) {
if (isset($args[$key])) {
// Sanitize value
$tmpValue = Sanitize::html($args[$key]);
// Set type
settype($tmpValue, gettype($value));
// Set value
$tmp[$key] = $tmpValue;
}
}
$this->db = $tmp;
// Save db on file
$Tmp = new dbJSON($this->filenameDb);
$Tmp->db = $tmp;
$Tmp->save();
}
public function index()
{
$u = User::getInstance();
try {
App::import('Sanitize');
$p = isset($this->params['url']['p']) ? $this->params['url']['p'] : 1;
$this->notice = "°æÃæ-{$this->_board->DESC}({$this->_board->NAME})";
$page = new Pagination($this->_board, Configure::read("pagination.threads"));
$threads = $page->getPage($p);
$info = false;
$curTime = strtotime(date("Y-m-d", time()));
$pageArticle = Configure::read("pagination.article");
if ($this->_board->getMode() === Board::$THREAD) {
foreach ($threads as $v) {
$pages = ceil($v->articleNum / $pageArticle);
$last = $v->LAST;
$postTime = $curTime > $v->POSTTIME ? date("Y-m-d", $v->POSTTIME) : date("H:i:s", $v->POSTTIME);
$replyTime = $curTime > $last->POSTTIME ? date("Y-m-d", $last->POSTTIME) : date("H:i:s", $last->POSTTIME);
$info[] = array("tag" => $v->isTop() ? "top" : ($v->isM() || $v->isG() ? "m" : false), "title" => Sanitize::html($v->TITLE), "poster" => $v->isSubject() ? $v->OWNER : "ÔÌûÒÑɾ³ý", "postTime" => $postTime, "gid" => $v->ID, "last" => $last->OWNER, "replyTime" => $replyTime, "num" => $v->articleNum - 1, "page" => $pages);
}
$threads = true;
} else {
foreach ($threads as $v) {
$postTime = $curTime > $v->POSTTIME ? date("Y-m-d", $v->POSTTIME) : date("H:i:s", $v->POSTTIME);
$info[] = array("tag" => $v->isTop() ? "top" : ($v->isM() || $v->isG() ? "m" : false), "title" => Sanitize::html($v->TITLE), "poster" => $v->OWNER, "postTime" => $postTime, "gid" => $v->ID, "subject" => $v->isSubject(), "top" => $v->isTop(), "m" => $v->isM(), "pos" => $v->getPos());
}
$threads = false;
}
$this->set("threads", $threads);
$this->set("info", $info);
$this->set("totalPage", $page->getTotalPage());
$this->set("curPage", $page->getCurPage());
$this->set("bName", $this->_board->NAME);
$this->set("canPost", $this->_board->hasPostPerm($u) ? 1 : 0);
$this->set("mode", $this->_board->getMode());
$this->set("sort", $this->_board->isSortMode());
$this->set("isBM", $u->isBM($this->_board));
$this->set("isAdmin", $u->isAdmin());
} catch (BoardNullException $e) {
$this->error(Board::$BOARD_NONE);
}
}
/**
* コメントを追加する
* @param array $data
* @param string $contentId
* @param string $postId
* @param string $commentApprove
* @return boolean
*/
function add($data, $contentId, $postId, $commentApprove)
{
if (isset($data['BlogComment'])) {
$data = $data['BlogComment'];
}
// サニタイズ
$data = Sanitize::html($data);
$data['url'] = str_replace('-', '-', $data['url']);
$data['email'] = str_replace('-', '-', $data['email']);
$data['blog_post_id'] = $postId;
$data['blog_content_id'] = $contentId;
if ($commentApprove) {
$data['status'] = false;
} else {
$data['status'] = true;
}
$data['no'] = $this->getMax('no', array('blog_content_id' => $contentId)) + 1;
$this->create($data);
return $this->save();
}
static function generate(&$sidebar, $request, $plugin)
{
// set current user
App::uses('LilCurrentUser', 'Lil.Lib');
$currentUser = LilCurrentUser::getInstance();
if (empty($sidebar['accounting'])) {
// there is no "ACCOUNTING SIDEBAR"
$welcome = $sidebar['welcome'];
unset($sidebar['welcome']);
$sidebar = array('welcome' => $welcome) + array('accounting' => array('title' => __d('lil_expenses', 'Accounting'), 'visible' => true, 'active' => $request->params['plugin'] == 'lil_expenses', 'url' => array('admin' => true, 'plugin' => 'lil_expenses', 'controller' => 'expenses', 'action' => 'index'), 'items' => array())) + $sidebar;
} else {
$sidebar['accounting']['active'] = $sidebar['accounting']['active'] || in_array($request->params['controller'], array('expenses', 'payments', 'payments_accounts'));
}
if (empty($sidebar['accounting']['items']['reports'])) {
$sidebar['accounting']['items']['reports'] = array('visible' => true, 'title' => __d('lil_expenses', 'Reports'), 'url' => false, 'expandable' => true, 'params' => array(), 'active' => false, 'expand' => false, 'submenu' => array());
}
$plugin->insertIntoArray($sidebar['accounting']['items'], array('expenses' => array('visible' => true, 'title' => __d('lil_expenses', 'Income and Expenses'), 'url' => array('admin' => true, 'plugin' => 'lil_expenses', 'controller' => 'expenses', 'action' => 'index'), 'params' => array(), 'active' => in_array($request->params['controller'], array('expenses')) && (empty($request->query['filter']['type']) || !in_array($request->query['filter']['type'], array('income', 'expense'))) && $request->params['action'] != 'admin_report_unpaid_invoices', 'expand' => in_array($request->params['controller'], array('expenses')) && $request->params['action'] != 'admin_report_unpaid_invoices', 'submenu' => array('income' => array('visible' => true, 'title' => __d('lil_expenses', 'Income'), 'url' => array('admin' => true, 'plugin' => 'lil_expenses', 'controller' => 'expenses', 'action' => 'index', '?' => array('filter' => array('type' => 'income'))), 'active' => !empty($request->query['filter']['type']) && $request->query['filter']['type'] == 'income'), 'expenses' => array('visible' => true, 'title' => __d('lil_expenses', 'Expenses'), 'url' => array('admin' => true, 'plugin' => 'lil_expenses', 'controller' => 'expenses', 'action' => 'index', '?' => array('filter' => array('type' => 'expense'))), 'active' => !empty($request->query['filter']['type']) && $request->query['filter']['type'] == 'expense'))), 'payments' => array('visible' => true, 'title' => __d('lil_expenses', 'Payments'), 'url' => array('admin' => true, 'plugin' => 'lil_expenses', 'controller' => 'payments', 'action' => 'index'), 'params' => array(), 'active' => in_array($request->params['controller'], array('payments')) && empty($request->query['filter']['account']), 'expand' => in_array($request->params['controller'], array('payments')), 'submenu' => array())), array('before' => 'reports'));
// LOOKUPS SIDEBAR SUBMENU
if (empty($sidebar['accounting']['items']['lookups'])) {
$sidebar['accounting']['items']['lookups'] = array('visible' => true, 'title' => __d('lil_expenses', 'Lookups'), 'url' => false, 'expandable' => true, 'params' => array(), 'active' => false, 'expand' => false, 'submenu' => array());
}
$sidebar['accounting']['items']['lookups']['expand'] = $sidebar['accounting']['items']['lookups']['expand'] || in_array($request->params['controller'], array('payments_accounts'));
$sidebar['accounting']['items']['lookups']['submenu'] = array('payments_accounts' => array('visible' => true, 'title' => __d('lil_expenses', 'Accounts'), 'url' => array('admin' => true, 'plugin' => 'lil_expenses', 'controller' => 'payments_accounts', 'action' => 'index'), 'params' => array(), 'active' => in_array($request->params['controller'], array('payments_accounts')))) + $sidebar['accounting']['items']['lookups']['submenu'];
if ($sidebar['accounting']['items']['payments']['expand']) {
App::uses('Sanitize', 'Utility');
$PaymentsAccount = ClassRegistry::init('LilExpenses.PaymentsAccount');
$accounts = $PaymentsAccount->findActive();
foreach ($accounts as $acc_id => $acc_title) {
$sidebar['accounting']['items']['payments']['submenu'][$acc_id] = array('visible' => true, 'title' => Sanitize::html($acc_title), 'url' => array('action' => 'index', '?' => array('filter' => array('account' => $acc_id))), 'active' => !empty($request->query['filter']['account']) && $request->query['filter']['account'] == $acc_id);
}
}
// modify invoices sidebar
if (!empty($sidebar['accounting']['items']['reports'])) {
$sidebar['accounting']['items']['reports']['submenu']['payment_status'] = array('visible' => true, 'title' => __d('lil_expenses', 'Unpaid Invoices'), 'url' => array('admin' => true, 'plugin' => 'lil_expenses', 'controller' => 'expenses', 'action' => 'report_unpaid_invoices'), 'active' => $request->controller == 'expenses');
if ($request->plugin == 'lil_expenses' && $request->action == 'admin_report_unpaid_invoices') {
$sidebar['accounting']['active'] = true;
$sidebar['accounting']['items']['reports']['expand'] = true;
}
}
return true;
}
function add($pid, $uid)
{
if (!$this->Session->check('User') || $uid != $_SESSION['User']['id']) {
$this->redirect('/');
}
if (!empty($this->data) && $this->Comment->canComment($pid, $uid)) {
// Explictly destroy the last model to avoid an edit instead of an insert
$this->Comment->create();
$clean = new Sanitize();
$text = $clean->html($this->data['Comment']['text']);
$this->data['Comment']['text'] = nl2br($text);
$this->data['Comment']['owner'] = $uid;
$this->data['Comment']['assoc'] = $pid;
$this->data['Comment']['time'] = mktime();
if ($this->Comment->save($this->data)) {
$this->redirect('/parties/view/' . $pid . '#c' . $this->Comment->getLastInsertID());
}
} else {
$this->redirect('/parties/view/' . $pid);
}
}
public function show()
{
if ($this->request->is('post')) {
$email = new CakeEmail();
try {
$email->config('contactform');
} catch (Exception $e) {
echo 'Config in email.php not found';
exit;
}
$this->Contactform->set($this->request->data['Contactform']);
if ($this->Contactform->validates()) {
$data = $this->request->data['Contactform'];
$email->to(Sanitize::clean($data['Mail']))->subject(__d('contactform', 'contact form request'))->send(__d('contactform', 'name') . ': ' . Sanitize::clean($data['Name']) . "\n" . __d('contactform', 'email') . ': ' . Sanitize::clean($data['Mail']) . "\n\n" . __d('contactform', 'message') . ":\n" . Sanitize::html($data['Message']) . "\n\n" . "----------------------------\n" . __d('contactform', 'sent from') . ' ' . Router::url('/', true));
$this->Session->setFlash(__d('contactform', 'contact form was submitted successfully'), '', array('status' => 'success'));
$this->redirect('/');
} else {
// throw errors from model
}
}
$this->set('title_for_layout', __d('contactform', 'contact form'));
}
public function board()
{
try {
$brd = Board::getInstance($this->params['name']);
if (!$brd->isNormal() || $brd->isDir()) {
$this->_stop();
}
$mTime = @filemtime('boards/' . $brd->NAME . '/.ORIGIN');
$this->cache(true, $mTime);
$this->header("Content-Type: text/xml; charset=" . $this->encoding);
$this->header("Content-Disposition: inline;filename=board-{$brd->NAME}.xml");
$this->_cache_read('board-' . $brd->NAME, $mTime);
$channel = $items = array();
$channel['title'] = $brd->DESC;
$channel['description'] = $this->_siteName . " " . $brd->DESC . " 版面主题索引";
$channel['link'] = $this->_domain . $this->base . '/board/' . $brd->NAME;
$channel['language'] = "zh-cn";
$channel['generator'] = "nForum RSS Generator By xw";
if ($mTime > 0) {
$channel['lastBuildDate'] = $mTime;
}
$rssNum = Configure::read("rss.num");
$items = array();
$articles = array_reverse($brd->getTypeArticles(0, $rssNum, Board::$ORIGIN));
App::import('Sanitize');
foreach ($articles as $v) {
$link = $this->_domain . $this->base . '/article/' . $brd->NAME . '/' . $v->GROUPID;
$item = array("title" => Sanitize::html($v->TITLE), "link" => $link, "author" => $v->OWNER, "pubDate" => $v->POSTTIME, "guid" => $link, "comments" => $link, "description" => "<![CDATA[" . XUBB::parse($v->getHtml()) . "]]>");
$items[] = $item;
}
$rss = new Rss($channel, $items);
$out = $rss->getRss();
$this->_cache_write('board-' . $brd->NAME, $mTime, $out);
echo $out;
$this->_stop();
} catch (Exception $e) {
$this->_stop();
}
}
public function add($args)
{
$dataForDb = array();
// Verify arguments with the database fields.
foreach ($this->dbFields as $field => $options) {
// If the user send the field.
if (isset($args[$field])) {
// Sanitize if will be saved on database.
if (!$options['inFile']) {
$tmpValue = Sanitize::html($args[$field]);
} else {
$tmpValue = $args[$field];
}
} else {
$tmpValue = $options['value'];
}
// Set type
settype($tmpValue, gettype($options['value']));
// Save on database
$dataForDb[$field] = $tmpValue;
}
// Check if the user alredy exists.
if ($this->userExists($dataForDb['username'])) {
return false;
}
// Current date.
$dataForDb['registered'] = Date::current(DB_DATE_FORMAT);
// Password
$dataForDb['salt'] = Text::randomText(SALT_LENGTH);
$dataForDb['password'] = sha1($dataForDb['password'] . $dataForDb['salt']);
// Save the database
$this->db[$dataForDb['username']] = $dataForDb;
if ($this->save() === false) {
Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to save the database file.');
return false;
}
return true;
}
/**
* コメントを追加する
* @param array $data
* @param string $contentId
* @param string $postId
* @param string $commentApprove
* @return boolean
*/
public function add($data, $contentId, $postId, $commentApprove)
{
if (isset($data['BlogComment'])) {
$data = $data['BlogComment'];
}
// サニタイズ
foreach ($data as $key => $value) {
$data[$key] = Sanitize::html($value);
}
// Modelのバリデートに引っかからない為の対処
$data['url'] = str_replace('-', '-', $data['url']);
$data['email'] = str_replace('-', '-', $data['email']);
$data['blog_post_id'] = $postId;
$data['blog_content_id'] = $contentId;
if ($commentApprove) {
$data['status'] = false;
} else {
$data['status'] = true;
}
$data['no'] = $this->getMax('no', ['blog_content_id' => $contentId]) + 1;
$this->create($data);
return $this->save();
}
private function build($path)
{
if (!Sanitize::pathFile($path, 'index.txt')) {
return false;
}
$tmp = 0;
$lines = file($path . 'index.txt');
foreach ($lines as $lineNumber => $line) {
$parts = array_map('trim', explode(':', $line, 2));
// Lowercase variable
$parts[0] = Text::lowercase($parts[0]);
// If variables is content then break the foreach and process the content after.
if ($parts[0] === 'content') {
$tmp = $lineNumber;
break;
}
if (!empty($parts[0]) && !empty($parts[1])) {
// Sanitize all fields, except Content.
$this->vars[$parts[0]] = Sanitize::html($parts[1]);
}
}
// Process the content.
if ($tmp !== 0) {
// Next line after "Content:" variable
$tmp++;
// Remove lines after Content
$output = array_slice($lines, $tmp);
if (!empty($parts[1])) {
array_unshift($output, "\n");
array_unshift($output, $parts[1]);
}
$implode = implode($output);
$this->vars['content'] = $implode;
// Sanitize content.
//$this->vars['content'] = Sanitize::html($implode);
}
}
public function verifyUser($username, $password)
{
$username = Sanitize::html($username);
$password = Sanitize::html($password);
$username = trim($username);
$password = trim($password);
if (empty($username) || empty($password)) {
Log::set(__METHOD__ . LOG_SEP . 'Username or Password empty. Username: '******' - Password: '******'Username does not exist: ' . $username);
return false;
}
$passwordHash = sha1($password . $user['salt']);
if ($passwordHash === $user['password']) {
$this->setLogin($username, $user['role']);
return true;
} else {
Log::set(__METHOD__ . LOG_SEP . 'Password incorrect.');
}
return false;
}
