public function loginAction() { $form = new Z_Admin_Form(); $form->setElementDecorators(array('ViewHelper')); $form->addElement('text', 'login', array('required' => true, 'class' => 'ui-state-active ui-corner-bottom z-login-input')); $form->addElement('Password', 'password', array('required' => true, 'class' => 'ui-state-active ui-corner-bottom z-login-input')); $form->addElement('Checkbox', 'remember', array()); $form->addElement('Submit', 'submit', array('label' => 'Войти', 'class' => 'ui-state-default ui-corner-bl submit', 'onMouseOver' => '$(this).addClass("ui-state-hover ui-state-active")', 'onMouseOut' => '$(this).removeClass("ui-state-hover ui-state-active")')); if ($_POST && !isset($_POST['logout'])) { if ($form->isValid($_POST)) { $data = $form->getValues(); if (Z_Auth::getInstance()->login($data['login'], $data['password'], $data['remember'] ? true : false)) { jQuery::evalScript('z_menu_show();'); $this->ajaxGo('/' . $this->getRequest()->getModuleName() . '/'); } else { Z_FlashMessenger::addMessage('Логин или пароль не верны'); } } else { Z_FlashMessenger::addMessage('Введите логин и пароль'); } } if (Z_Auth::getInstance()->getUser()->getLogin() != 'guest') { $this->_forward('logout'); return; } $this->view->form = $form; }
public function init() { if (Z_Auth::getInstance()->getUser()->getLogin() == 'guest') { $this->_redirect('/admin'); return; } $role = Z_Auth::getInstance()->getUser()->getRole(); $acl = Z_Acl::getInstance(); $allowed = true; try { $allowed = $acl->isAllowed($role, 'z_backups', 'list'); } catch (Exception $e) { $allowed = false; } if (!$allowed) { $this->_redirect('/admin'); return; } if ($this->_getParam('action') != 'download' && !$this->getRequest()->isXmlHttpRequest()) { $this->_redirect('/admin'); return; } $this->_helper->viewRenderer->setNoRender(true); Zend_Layout::getMvcInstance()->disableLayout(); @ini_set("memory_limit", "-1"); $this->session = new Zend_Session_Namespace("z_backup"); }
public function indexAction() { $this->_helper->viewRenderer->setNoRender(true); Zend_Layout::getMvcInstance()->disableLayout(); $data = array('error' => '1', 'errorcode' => '1', 'preview' => '', 'path' => '', 'filename' => '', 'type' => ''); if (Z_Auth::getInstance()->getUser()->getLogin() == 'guest') { $this->_forward('index', 'index'); return; } if (empty($_FILES['Filedata']['name']) || $_FILES['Filedata']['size'] <= 0) { $data['errorcode'] = '2'; echo Zend_Json::encode($data); return; } $options = array('jpg', 'jpeg', 'png', 'gif'); $validator = new Z_Validate_File_Extension($options); if (!$validator->isValid($_FILES['Filedata']['name'])) { $data['errorcode'] = '3'; echo Zend_Json::encode($data); return; } $save_path = SITE_PATH . DIRECTORY_SEPARATOR . 'upload' . DIRECTORY_SEPARATOR . 'tmpajdoqODU1'; Z_Fs::create_folder($save_path); $filename = Z_Transliterator::translateCyr($_FILES['Filedata']['name']); $aim = $save_path . DIRECTORY_SEPARATOR . $filename; if (!@move_uploaded_file($_FILES['Filedata']['tmp_name'], $aim)) { $data['errorcode'] = '4'; echo Zend_Json::encode($data); return; } // $storage = new Z_File_Storage(); //$debuginfo = $_FILES['Filedata']['tmp_name'] . '---' . $_FILES['Filedata']['name']; //$debuginfo = $_FILES['Filedata']['tmp_name'] . '---' . $_FILES['Filedata']['name']; // $pf = $storage->create($_FILES['Filedata']['tmp_name'], array( // 'realname' => $_FILES['Filedata']['name'])); $prevurl = $this->view->z_Preview($aim, array('w' => 200, 'h' => 170)); $fileurl = '/upload/tmpajdoqODU1/' . $filename; $data = array('error' => '0', 'errorcode' => '0', 'preview' => $prevurl, 'path' => $fileurl, 'filename' => $filename, 'type' => 'pic'); echo Zend_Json::encode($data); // foreach($_FILES as $key=>$file) // { // $new_name = $file['tmp_name'].'_new'; // move_uploaded_file($file['tmp_name'],$new_name); // $_FILES[$key]['tmp_name'] = $new_name; // } // $nameSpace = new Zend_Session_Namespace('Z-File-Uploader'); // $nameSpace->files = $_FILES; }
/** * @return Z_User */ public function getUser() { if (NULL === self::$_userData) { $auth = Zend_Auth::getInstance(); if (!$auth->hasIdentity()) { $this->login(); } try { $user = new Z_User($auth->getIdentity()); } catch (Exception $e) { $this->login(); $user = new Z_User($auth->getIdentity()); } self::$_userData = $user; } return self::$_userData; }
public function preDispatch() { if (isset($_POST['z-ajax-form'])) { $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'; } //сменя лэйаута при аякс вызове if ($this->getRequest()->isXmlHttpRequest()) { $this->_helper->layout()->setLayout('ajax'); } else { $action = $this->_request->getActionName(); $controller = $this->_request->getControllerName(); if ($action != 'index' || $controller != 'index') { $this->_forward('index', 'index'); } $this->disableRenderView(); } $action = $this->_request->getActionName(); $controller = $this->_request->getControllerName(); $module = $this->_request->getModuleName(); if ($action != 'index' && $controller != 'index' && $controller != 'z_user' && $controller != 'z_menu' && $controller != 'error') { $role = Z_Auth::getInstance()->getUser()->getRole(); $acl = Z_Acl::getInstance(); $allowed = true; try { $allowed = $acl->isAllowed($role, $controller, $action); } catch (Exception $e) { if (Z_Auth::getInstance()->getUser()->getRole() == 'root') { Z_FlashMessenger::addMessage('Роль, ресурс или привилегия не существует.'); } $allowed = false; } // if ($role=='root') $allowed=true; if (!$allowed) { $this->_forward('deny', 'error'); } } //конфиг $this->_config = new Zend_Config($this->getInvokeArg('bootstrap')->getOptions()); $this->view->config = $this->_config; //Аплоад файлов $nameSpace = new Zend_Session_Namespace('Z-File-Uploader'); if ($nameSpace->files) { $_FILES = $nameSpace->files; $nameSpace->files = NULL; } }
/** * Gets content panel for the Debugbar * * @return string */ public function getPanel() { if (!Z_Acl::getInstance()->isAllowed(Z_Auth::getInstance()->getUser()->getRole(), $this->_z_resourceId)) { return; } $view = new Zend_View(); $modelSeo = new Z_Model_Titles(); $currentItem = $modelSeo->fetchRow(array('uri=?' => $_SERVER['REQUEST_URI'])); if ($currentItem) { $adminUrl = '/admin/z_seo/edit/id/' . $currentItem->id; $adminLinkText = 'Изменить'; } else { $adminUrl = '/admin/z_seo/add/uri/' . base64_encode($_SERVER['REQUEST_URI']); $adminLinkText = 'Добавить'; } return '<h4>Текущие значения:</h4>' . '<strong>URI:</strong> ' . $_SERVER['REQUEST_URI'] . '<br />' . '<strong>Заголовок:</strong> ' . strip_tags($view->headTitle()) . '<br />' . '<strong>Мета:</strong> <br />' . nl2br($view->escape($view->headMeta())) . '<br />' . '<br /><a href="' . $adminUrl . '" target="_blank">' . $adminLinkText . '</a>'; }
/** * Замена сохраненного в базе файла на загружаемый * @param <type> $id * @param <type> $data * @return <type> */ public function replace($id, $localName, $realname) { $file = $this->getFile($id); if ($file == null) { return false; } if (is_file($file->getFullName())) { $this->_rmdir($file->get('fullpath'), false); //unlink($file->getFullName()); } $auth = Z_Auth::getInstance(); $name = Z_Transliterator::translateCyr($realname); $data = array('user_id' => $auth->getUser()->getId(), 'name' => $name, 'realname' => $realname); $file->set($data); $copy = $this->copyFileNewDir($localName, $file->get('path'), $name); $save = $this->save($file); return $copy && $save; //$this->copyFileNewDir($localName, $file->getPath(), $name) && $this->save($file); }
public function denyAction() { $resources = new Z_Model_Resources(); $privileges = new Z_Model_Privileges(); $resource = $resources->fetchRow(array('resourceId=?' => 'admin_' . $this->_getParam('controller'))); $privilege = $privileges->fetchRow(array('name=?' => $this->_getParam('action'))); Z_FlashMessenger::addMessage('Доступ к действию данного модуля запрещен.'); if (Z_Auth::getInstance()->getUser()->getRole() == 'guest') { $this->ajaxGo($this->view->url(array('controller' => 'z_user', 'action' => 'login'))); $this->ajaxGo($this->view->url(array('controller' => 'z_menu', 'action' => 'index'))); $this->ajaxGo($this->view->url(array('controller' => 'index', 'action' => 'index'))); } else { if ($privilege) { Z_FlashMessenger::addMessage('Действие: ' . ($privilege ? $privilege->title : 'Неизвестно')); } if ($resource) { Z_FlashMessenger::addMessage('Модуль: ' . ($resource ? $resource->title : 'Неизвестно')); } } $this->disableRenderView(); }
/** * Генерирует класс модели * @param string $className * Название класса (без префикса) * @param string $tableName * Название таблицы в БД * @param array $params * Параметры для переопределения настроек по умолчанию * @return string */ public static function generate($className, $tableName = NULL, $params = array()) { if (strpos($className, 'z_') === 0 && Z_Auth::getInstance()->getUser()->getRole() == 'root') { $path_prefix = APPLICATION_PATH . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'library' . DIRECTORY_SEPARATOR . 'Z' . DIRECTORY_SEPARATOR . 'Model'; self::$_classPrefix = isset($params['prefixz']) ? $params['prefixz'] : self::$_classPrefixZ; } else { $path_prefix = APPLICATION_PATH . DIRECTORY_SEPARATOR . 'models'; self::$_classPrefix = isset($params['prefix']) ? $params['prefix'] : self::$_classPrefix; } if ($tableName == NULL) { $tableName = strtolower($className); } $className = explode('_', $className); $className = array_map('ucfirst', $className); $path = $className; unset($path[count($path) - 1]); $path = implode(DIRECTORY_SEPARATOR, $path); $filename = $className[count($className) - 1] . '.php'; $className = implode('_', $className); $filepath = $path_prefix . DIRECTORY_SEPARATOR . $path; $generator = new Zend_CodeGenerator_Php_Class(); $generator->setName(self::$_classPrefix . $className)->setExtendedClass(self::$_extendedClass)->setProperty(array('name' => '_name', 'visibility' => 'protected', 'defaultValue' => $tableName)); Z_Fs::create_file($filepath . DIRECTORY_SEPARATOR . $filename, "<?\n" . $generator->generate()); }
<?php include '../../../../defines.php'; // Create application, bootstrap, and run $application = new Zend_Application(APPLICATION_ENV, APPLICATION_PATH . '/configs/application.ini'); $application->bootstrap(); $role = Z_Auth::getInstance()->getUser()->getRole(); $acl = Z_Acl::getInstance(); try { $allow = $acl->isAllowed($role, 'filesystem'); } catch (Exception $e) { $allow = false; } if (!$allow) { exit; } error_reporting(0); // Set E_ALL for debuging if (function_exists('date_default_timezone_set')) { date_default_timezone_set('Europe/Moscow'); } include_once dirname(__FILE__) . DIRECTORY_SEPARATOR . 'elFinder.class.php'; /** * Simple example how to use logger with elFinder **/ class elFinderLogger implements elFinderILogger { public function log($cmd, $ok, $context, $err = '', $errorData = array()) { if (false != ($fp = fopen('./log.txt', 'a'))) { if ($ok) {
public function init() { if (Z_Auth::getInstance()->getUser()->getRole() != 'root') { $this->_redirect('/admin'); } }
/** * Устанавливает все настройки контроллера на основании информации о ресурсе */ protected function exportResourceInfo(Zend_Db_Table_Row $info) { $fieldsToMove = array('resourceId', 'title', 'datatype', 'default_field', 'paginate', 'group', 'can_delete', 'can_edit', 'can_add', 'delete_confirm', 'delete_on_have_child', 'sortable', 'sortable_position', 'indexate'); //установка моделей if (!$info->model) { throw new Exception('Не указана модель'); } $modelName = $info->model; $this->z_model = new $modelName(); //колонки $modelResourcecolumns = new Z_Model_Resourcecolumns(); $columns = $modelResourcecolumns->fetchAll(array('resourceid=?' => $info->id), 'orderid'); foreach ($columns as $column) { //добавление фильтров в условие (если фильтры имеются) $filterValue = $this->_getParam('filter_' . $info->resourceId . '_' . $column->field, NULL); //var_dump(urldecode(base64_decode($filterValue))); if (is_array($filterValue)) { $filterValue = implode('{{}}', $filterValue); } $filterValue = $filterValue ? urldecode(base64_decode($filterValue)) : $filterValue; if ($column->filter_query && $filterValue !== NULL) { if (strpos($filterValue, '{{}}')) { $this->z_conditions[] = array('condition' => $column->filter_query, 'value' => new Zend_Db_Expr(str_replace('{{}}', ',', $filterValue))); } else { $this->z_conditions[] = array('condition' => $column->filter_query, 'value' => strpos($column->filter_query, 'LIKE') > 0 ? '%' . $filterValue . '%' : $filterValue); } $info->sortable = false; } //добавление сортировки по параметрам $orderdir = ''; $ordered = false; if ($column->orderlink && $this->_getParam($info->resourceId . '_orderfield') == $column->field) { $orderdir = $this->_getParam($info->resourceId . '_orderdir') == 'desc' ? 'DESC' : ''; $this->z_order[] = $column->field . ($orderdir ? ' ' . $orderdir : ' ASC'); $ordered = true; $info->sortable = false; } $this->z_columns[$column->field] = array('title' => $column->title, 'width' => $column->width, 'orderlink' => $column->orderlink ? true : false, 'orderdir' => $orderdir, 'ordered' => $ordered, 'template' => $column->template ? $column->template : false, 'eval' => $column->eval ? $column->eval : false, 'escape' => $column->escape ? true : false, 'filter' => $column->filter_query ? $column->filter_query : false, 'filter_value' => $filterValue, 'filter_items' => $column->filter_items ? eval($column->filter_items) : false, 'on_have_subcat' => $column->on_have_subcat, 'visible' => $column->visible); } //добавление ссылок на дочерние таблицы $childResources = $this->getResourceModel()->fetchAll(array('parentid=?' => $info->id, 'parent_field!=?' => '', 'model!=?' => ''), 'orderid'); foreach ($childResources as $childResource) { //проверка на правдо доступа. //Если нет доступа на этот ресурс, пропускаем добавление ссылки на него if (!Z_Acl::getInstance()->isAllowed(Z_Auth::getInstance()->getUser()->getRole(), $childResource->resourceId, 'list')) { continue; } $this->z_child_resources[] = $childResource->toArray(); $this->z_columns[$childResource->resourceId . '_resource'] = array('title' => $childResource->title, 'eval' => 'return "<a class=\\"z-ajax\\" href=\\"".$this->url(array("controller"=>"' . $childResource->resourceId . '","action"=>"' . $childResource->actionId . '","' . $childResource->resourceId . '_parentid"=>{{id}},"z_catalog_sysparentid"=>NULL))."\\">' . $childResource->title . '</a>";', 'on_have_subcat' => $childResource->on_have_subcat); } $this->view->columns = $this->z_columns; //89649415502 //Джойны $modelResourcejoins = new Z_Model_Resourcejoins(); $joins = $modelResourcejoins->fetchAll(array('resourceid=?' => $info->id), 'orderid'); foreach ($joins as $join) { $modelName = $join->model; if (class_exists($modelName)) { $model = new $modelName(); $joinTableName = $model->info('name'); } else { $joinTableName = $modelName; } $fields = array(); $fieldsArray = explode(';', $join->fields); foreach ($fieldsArray as $fiendPair) { $fieldPairArray = explode('|', $fiendPair); $realfield = $fieldPairArray[0]; $logicfield = isset($fieldPairArray[1]) ? $fieldPairArray[1] : $realfield; $fields[$logicfield] = $realfield; } $template = new Z_View_Template($join->condition, array('table' => $this->z_model->info('name'), 'jointable' => $joinTableName)); $this->z_joins[] = array('table' => $joinTableName, 'condition' => $template->render(), 'fields' => $fields); } //условия $modelResourceconditions = new Z_Model_Resourceconditions(); $condidtions = $modelResourceconditions->fetchAll(array('resourceid=?' => $info->id)); foreach ($condidtions as $condidtion) { $this->z_conditions[] = array('condition' => $condidtion->condition, 'value' => $condidtion->value); } //условия при наличии родительского ресурса if ($info->parent_field && ($parentid = $this->_getParam($info->resourceId . '_parentid'))) { $this->z_conditions[] = array('condition' => $this->z_model->info('name') . '.' . $info->parent_field . '=?', 'value' => $parentid); $this->z_addfields[$info->parent_field] = $parentid; } $modelRasourceRefers = new Z_Model_Resourcerefers(); foreach ($modelRasourceRefers->fetchAll(array('resourceid=?' => $info->id)) as $refer) { $this->z_refers[$refer->field] = $refer->toArray(); } //копирование параметров во вью и в атрибуты класса if ($info->sortable_position != 'top' && $info->sortable_position != 'bottom') { $info->sortable_position = 'bottom'; } foreach ($fieldsToMove as $field) { $zField = 'z_' . $field; if ($this->{$zField} !== NULL) { $info->{$field} = $this->{$zField}; } $this->{$zField} = $info->{$field}; $this->view->{$field} = $info->{$field}; } // //сортировка if ($this->z_sortable) { $this->z_order[] = 'orderid asc'; } else { $orderArray = explode(';', $info->order); foreach ($orderArray as $order) { if ($order = trim($order)) { $this->z_order[] = $order; } } } //доп кнопки вверху $modelButtons = new Z_Model_Resourcebuttons(); $buttons = $modelButtons->fetchAll(array('resourceid=?' => $info->id), 'orderid'); foreach ($buttons->toArray() as $button) { $button['url'] = eval($button['url']); $this->z_additional_buttons[] = $button; } // $this->z_additional_buttons = array_merge($buttons->toArray(),$this->z_additional_buttons); $this->view->additional_buttons = $this->z_additional_buttons; $modelForms = new Z_Model_Resourceforms(); $elements = $modelForms->fetchAll(array('resourceid=?' => $this->z_resourceInfo->id, 'type=?' => 'MultiImage')); //ech(count($elements)); if (count($elements)) { $this->view->multibutton = true; } else { $this->view->multibutton = false; } }
public function FormMce($name, $value = null, $attribs = null) { $info = $this->_getInfo($name, $value, $attribs); extract($info); // name, value, attribs, options, listsep, disable $role = Z_Auth::getInstance()->getUser()->getRole(); $acl = Z_Acl::getInstance(); $filemanager = isset($attribs['filemanager']) ? $attribs['filemanager'] : true; try { $allowFileManager = $acl->isAllowed($role, 'filemanager'); } catch (Exception $e) { $allowFileManager = false; } $filemanager = $filemanager && $allowFileManager; $filemanagerScript = ' mode : "textareas", file_browser_callback: function(field_name, url, type, win) { aFieldName = field_name, aWin = win; if($("#elfinder").length == 0) { $("body").append($("<div/>").attr("id", "elfinder")); $("#elfinder").elfinder({ url : "/sys/elfinder/connectors/php/connector.php", lang: "ru", dialog : { width: 800, modal: true, title: "Файловый менеджер", zIndex: 400001 }, // open in dialog window editorCallback: function(url) { aWin.document.forms[0].elements[aFieldName].value = url; }, closeOnEditorCallback: true }); } else { $("#elfinder").elfinder("open"); } }, '; $toolbar = isset($attribs['toolbar']) ? $attribs['toolbar'] : $this->_mce_default_toolbar; $toolbar = isset($this->_mce_toolbar[$toolbar]) ? $toolbar : $this->_mce_default_toolbar; $script = '$("#' . $id . '").tinymce({ theme : "advanced", language : "ru", ' . $this->_mce_toolbar[$toolbar] . ' ' . ($filemanager ? $filemanagerScript : '') . ' ' . (isset($attribs['content_css']) ? 'content_css : "' . $attribs['content_css'] . '",' : '') . ' theme_advanced_toolbar_location : "top", theme_advanced_toolbar_align : "left", theme_advanced_statusbar_location : "bottom", theme_advanced_resizing : true, theme_advanced_resize_horizontal : false, extended_valid_elements : "iframe[name|src|framespacing|border|frameborder|scrolling|title|height|width|style],object[declare|classid|codebase|data|type|codetype|archive|standby|height|width|usemap|name|tabindex|align|border|hspace|vspace],div[id|style|class]", media_strict: false, // force_br_newlines : true, // force_p_newlines : false, // forced_root_block : "", width: "100%", height: "' . (isset($attribs['height']) ? $attribs['height'] : '300px') . '", onchange_callback: "z_mce_save", execcommand_callback: "z_mce_save_event", remove_script_host: true, relative_urls: false });'; jQuery::evalScript($script); unset($attribs['toolbar']); // build the element $xhtml = '<textarea name="' . $this->view->escape($name) . '"' . ' id="' . $this->view->escape($id) . '"' . $this->_htmlAttribs($attribs) . '>' . $value . '</textarea><a href="#" class="" onclick="tinymce.execCommand(\'mceToggleEditor\',false,\'' . $id . '\');">Вкл/Выкл редактор.</a>'; return $xhtml; }
/** * Defined by Zend_Controller_Plugin_Abstract */ public function dispatchLoopShutdown() { $html = ''; if ($this->getRequest()->isXmlHttpRequest() || isset($_POST['z-ajax-form'])) { return; } if (Zend_Controller_Front::getInstance()->getRequest()->getModuleName() == 'admin') { return; } if (!Z_Acl::getInstance()->isAllowed(Z_Auth::getInstance()->getUser()->getRole(), 'z_adminpanel')) { return; } /** * Creating menu tab for all registered plugins */ foreach ($this->_plugins as $plugin) { $panel = $plugin->getPanel(); if ($panel == '') { continue; } /* @var $plugin ZAdminPanel_Controller_Plugin_Debug_Plugin_Interface */ $html .= '<div id="ZAdminPanel_' . $plugin->getIdentifier() . '" class="ZAdminPanel_panel">' . $panel . '</div>'; } $html .= '<div id="ZAdminPanel_info">'; /** * Creating panel content for all registered plugins */ foreach ($this->_plugins as $plugin) { $tab = $plugin->getTab(); if ($tab == '') { continue; } /* @var $plugin ZAdminPanel_Controller_Plugin_Debug_Plugin_Interface */ $html .= '<span class="ZAdminPanel_span clickable" onclick="ZAdminPanelPanel(\'ZAdminPanel_' . $plugin->getIdentifier() . '\');">'; $html .= '<img src="' . $this->_icon($plugin->getIdentifier()) . '" style="vertical-align:middle" alt="' . $plugin->getIdentifier() . '" title="' . $plugin->getIdentifier() . '" /> '; $html .= $tab . '</span>'; } $html .= '<span class="ZAdminPanel_span ZAdminPanel_last clickable" id="ZAdminPanel_toggler" onclick="ZAdminPanelSlideBar()">«</span>'; $html .= '</div>'; $this->_output($html); }
<? include '../defines.php'; // Create application, bootstrap, and run $application = new Zend_Application( APPLICATION_ENV, APPLICATION_PATH . '/configs/application.ini' ); $application->bootstrap(); if (Z_Auth::getInstance()->getUser()->getRole()!='root') die ('Доступ запрещен'); phpinfo(); ?>