public function run($group) { if (!cmsUser::isAllowed('groups', 'delete')) { cmsCore::error404(); } if (!cmsUser::isAllowed('groups', 'delete', 'all') && $group['owner_id'] != $this->cms_user->id) { cmsCore::error404(); } if ($this->request->has('submit')) { // подтвержение получено $csrf_token = $this->request->get('csrf_token', ''); $is_delete_content = $this->request->get('is_delete_content', 0); if (!cmsForm::validateCSRFToken($csrf_token)) { cmsCore::error404(); } list($group, $is_delete_content) = cmsEventsManager::hook('group_before_delete', array($group, $is_delete_content)); $this->model->removeContentFromGroup($group['id'], $is_delete_content); $this->model->deleteGroup($group); cmsUser::addSessionMessage(sprintf(LANG_GROUPS_DELETED, $group['title'])); $this->redirectToAction(''); } else { // спрашиваем подтверждение return $this->cms_template->render('group_delete', array('user' => $this->cms_user, 'group' => $group)); } }
public function run() { $template = cmsTemplate::getInstance(); $config = cmsConfig::getInstance(); $user = cmsUser::getInstance(); $contact_id = $this->request->get('contact_id') or cmsCore::error404(); $content = $this->request->get('content') or cmsCore::error404(); $csrf_token = $this->request->get('csrf_token'); // Проверяем валидность $is_valid = is_numeric($contact_id) && cmsForm::validateCSRFToken($csrf_token, false); if (!$is_valid) { $result = array('error' => true, 'message' => ''); $template->renderJSON($result); } $contact = $this->model->getContact($user->id, $contact_id); // Контакт существует? if (!$contact) { $result = array('error' => true, 'message' => ''); $template->renderJSON($result); } // Контакт не в игноре у отправителя? if ($contact['is_ignored']) { $result = array('error' => true, 'message' => LANG_PM_CONTACT_IS_IGNORED); $template->renderJSON($result); } // Отправитель не в игноре у контакта? if ($this->model->isContactIgnored($contact_id, $user->id)) { $result = array('error' => true, 'message' => LANG_PM_YOU_ARE_IGNORED); $template->renderJSON($result); } // Контакт принимает сообщения от этого пользователя? if (!$user->isPrivacyAllowed($contact, 'messages_pm')) { $result = array('error' => true, 'message' => LANG_PM_CONTACT_IS_PRIVATE); $template->renderJSON($result); } // // Отправляем сообщение // $content_html = cmsEventsManager::hook('html_filter', $content); if (!$content_html) { $template->renderJSON(array('error' => false, 'date' => false, 'message' => false)); } $this->setSender($user->id); $this->addRecipient($contact_id); $message_id = $this->sendMessage($content_html); // // Отправляем уведомление на почту // $user_to = cmsCore::getModel('users')->getUser($contact_id); if (!$user_to['is_online']) { $this->sendNoticeEmail('messages_new'); } // // Получаем и рендерим добавленное сообщение // $message = $this->model->getMessage($message_id); $message_html = $template->render('message', array('messages' => array($message), 'user' => $user), new cmsRequest(array(), cmsRequest::CTX_INTERNAL)); // Результат $template->renderJSON(array('error' => false, 'date' => date($config->date_format, time()), 'message' => $message_html)); }
public function run($friend_id) { if (!cmsUser::isLogged()) { cmsCore::error404(); } $user = cmsUser::getInstance(); if (!$friend_id) { cmsCore::error404(); } if ($user->isFriend($friend_id)) { return false; } $friend = $this->model->getUser($friend_id); if (!$friend) { cmsCore::error404(); } // // Запрос по ссылке из профиля // if ($this->request->isStandard()) { // // Если запрос от друга уже существует // if ($this->model->isFriendshipRequested($friend_id, $user->id)) { $this->model->addFriendship($user->id, $friend_id); cmsUser::addSessionMessage(sprintf(LANG_USERS_FRIENDS_DONE, $friend['nickname']), 'success'); $this->sendNoticeAccepted($friend); $this->redirectToAction($friend_id); } // // Если запроса от друга не было // if ($this->request->has('submit')) { // подтвержение получено $csrf_token = $this->request->get('csrf_token'); if (!cmsForm::validateCSRFToken($csrf_token)) { cmsCore::error404(); } $this->model->addFriendship($user->id, $friend_id); cmsUser::addSessionMessage(LANG_USERS_FRIENDS_SENT); $this->sendNoticeRequest($friend); $this->redirectToAction($friend_id); } else { // спрашиваем подтверждение return cmsTemplate::getInstance()->render('friend_add', array('user' => $user, 'friend' => $friend)); } } // // Запрос из уведомления (внутренний) // if ($this->request->isInternal()) { $this->model->addFriendship($user->id, $friend_id); $this->sendNoticeAccepted($friend); return true; } }
public function uploadImage() { $csrf_token = $this->request->get('csrf_token', ''); if (!cmsForm::validateCSRFToken($csrf_token)) { return $this->cms_template->renderPlain('upload', array('allowed_extensions' => $this->allowed_extensions, 'error' => LANG_FORM_ERRORS)); } $result = $this->images_controller->uploadWithPreset('image', 'wysiwyg_live'); if (!$result['success']) { return $this->cms_template->renderPlain('upload', array('allowed_extensions' => $this->images_controller->getAllowedExtensions(), 'error' => $result['error'])); } return $this->cms_template->renderPlain('image', array('url' => $result['image']['url'])); }
public function run($friend_id) { if (!cmsUser::isLogged()) { cmsCore::error404(); } $user = cmsUser::getInstance(); if (!$friend_id) { cmsCore::error404(); } if (!$this->model->isFriendshipExists($user->id, $friend_id)) { return false; } $friend = $this->model->getUser($friend_id); if (!$friend) { cmsCore::error404(); } // // Запрос по ссылке из профиля // if ($this->request->isStandard()) { if ($this->request->has('submit')) { // подтвержение получено $csrf_token = $this->request->get('csrf_token'); if (!cmsForm::validateCSRFToken($csrf_token)) { cmsCore::error404(); } $this->model->deleteFriendship($user->id, $friend_id); cmsUser::addSessionMessage(sprintf(LANG_USERS_FRIENDS_DELETED, $friend['nickname'])); $this->sendNoticeDeleted($friend); $this->redirectToAction($friend_id); } else { // спрашиваем подтверждение return cmsTemplate::getInstance()->render('friend_delete', array('user' => $user, 'friend' => $friend)); } } // // Запрос из уведомления (внутренний) // if ($this->request->isInternal()) { $this->model->deleteFriendship($user->id, $friend_id); $this->sendNoticeDeleted($friend, true); return true; } }
public function uploadImage() { $template = cmsTemplate::getInstance(); $csrf_token = $this->request->get('csrf_token'); if (!cmsForm::validateCSRFToken($csrf_token)) { $html = $template->render('upload', array('allowed_extensions' => $this->allowed_extensions, 'error' => LANG_FORM_ERRORS)); echo $html; $this->halt(); } $images_controller = cmsCore::getController('images'); $result = $images_controller->uploadWithPreset('image', 'wysiwyg_live'); if (!$result['success']) { $html = $template->render('upload', array('allowed_extensions' => $images_controller->getAllowedExtensions(), 'error' => $result['error'])); echo $html; $this->halt(); } $html = $template->render('image', array('url' => $result['image']['url'])); echo $html; $this->halt(); }
public function run($comment_id) { if (!$this->request->isAjax()) { cmsCore::error404(); } $is_submit = $this->request->get('save', 0); $comment = $this->model->getComment($comment_id); if (!$is_submit) { return $this->cms_template->render('backend/text_edit', array('comment' => $comment, 'action' => href_to($this->root_url, 'text_edit', array($comment['id'])))); } $csrf_token = $this->request->get('csrf_token', ''); if (!cmsForm::validateCSRFToken($csrf_token) || !$comment) { $this->cms_template->renderJSON(array('errors' => true)); } $content = $this->request->get('content', ''); // Типографируем текст $content_html = cmsEventsManager::hook('html_filter', $content); if (!$content_html) { $this->cms_template->renderJSON(array('errors' => array('content' => ERR_VALIDATE_REQUIRED))); } list($comment_id, $content, $content_html) = cmsEventsManager::hook('comment_before_update', array($comment_id, $content, $content_html)); $this->model->updateCommentContent($comment_id, $content, $content_html); return $this->cms_template->renderJSON(array('errors' => false, 'callback' => 'successSaveComment', 'comment_id' => $comment_id, 'text' => string_short($content_html, 350))); }
public function run() { if (!$this->request->isAjax()) { cmsCore::error404(); } $action = $this->request->get('action'); $user = cmsUser::getInstance(); $is_guests_allowed = !empty($this->options['is_guests']); $is_guest = $is_guests_allowed && !$user->is_logged; $is_user_allowed = $user->is_logged && cmsUser::isAllowed('comments', 'add') || $is_guests_allowed; $is_karma_allowed = $user->is_logged && !cmsUser::isPermittedLimitHigher('comments', 'karma', $user->karma) || $is_guests_allowed; $is_add_allowed = $is_user_allowed && $is_karma_allowed; if ($action == 'add' && !$is_add_allowed) { cmsCore::error404(); } if ($action == 'update' && !cmsUser::isAllowed('comments', 'edit')) { cmsCore::error404(); } $template = cmsTemplate::getInstance(); $csrf_token = $this->request->get('csrf_token'); $target_controller = $this->request->get('tc'); $target_subject = $this->request->get('ts'); $target_id = $this->request->get('ti'); $target_user_id = $this->request->get('tud'); $parent_id = $this->request->get('parent_id'); $comment_id = $this->request->get('id'); $content = $this->request->get('content'); if ($is_guest) { $author_name = $this->request->get('author_name'); $author_email = $this->request->get('author_email'); if (!$author_name) { $template->renderJSON(array('error' => true, 'message' => LANG_COMMENT_ERROR_NAME, 'html' => false)); } if ($author_email && !preg_match("/^([a-zA-Z0-9\\._-]+)@([a-zA-Z0-9\\._-]+)\\.([a-zA-Z]{2,4})\$/i", $author_email)) { $template->renderJSON(array('error' => true, 'message' => LANG_COMMENT_ERROR_EMAIL, 'html' => false)); } if (!empty($this->options['restricted_ips'])) { if (string_in_mask_list($user->ip, $this->options['restricted_ips'])) { $template->renderJSON(array('error' => true, 'message' => LANG_COMMENT_ERROR_IP, 'html' => false)); } } if (!empty($this->options['guest_ip_delay'])) { $last_comment_time = $this->model->getGuestLastCommentTime($user->ip); $now_time = time(); $minutes_passed = ($now_time - $last_comment_time) / 60; if ($minutes_passed < $this->options['guest_ip_delay']) { $spellcount = html_spellcount($this->options['guest_ip_delay'], LANG_MINUTE1, LANG_MINUTE2, LANG_MINUTE10); $template->renderJSON(array('error' => true, 'message' => sprintf(LANG_COMMENT_ERROR_TIME, $spellcount), 'html' => false)); } } } // Проверяем валидность $is_valid = $this->validate_sysname($target_controller) === true && $this->validate_sysname($target_subject) === true && is_numeric($target_id) && is_numeric($parent_id) && (!$comment_id || is_numeric($comment_id)) && cmsForm::validateCSRFToken($csrf_token, false) && in_array($action, array('add', 'preview', 'update')); if (!$is_valid) { $result = array('error' => true, 'message' => LANG_COMMENT_ERROR); $template->renderJSON($result); } // Типографируем текст $content_html = cmsEventsManager::hook('html_filter', $content); if (!$content_html) { $result = array('error' => false, 'message' => false, 'html' => false); $template->renderJSON($result); } // // Превью комментария // if ($action == 'preview') { $result = array('error' => false, 'html' => $content_html); $template->renderJSON($result); } // // Редактирование комментария // if ($action == 'update') { $comment = $this->model->getComment($comment_id); if (!cmsUser::isAllowed('comments', 'edit', 'all')) { if (cmsUser::isAllowed('comments', 'edit', 'own') && $comment['user']['id'] != $user->id) { $result = array('error' => true, 'message' => LANG_COMMENT_ERROR); $template->renderJSON($result); } } $this->model->updateCommentContent($comment_id, $content, $content_html); $comment_html = $content_html; } // // Добавление комментария // if ($action == 'add') { // Собираем данные комментария $comment = array('user_id' => $user->id, 'parent_id' => $parent_id, 'target_controller' => $target_controller, 'target_subject' => $target_subject, 'target_id' => $target_id, 'content' => $content, 'content_html' => $content_html, 'author_url' => $user->ip); if ($is_guest) { $comment['author_name'] = $author_name; $comment['author_email'] = $author_email; } // Получаем модель целевого контроллера $target_model = cmsCore::getModel($target_controller); // Получаем URL и заголовок комментируемой страницы $target_info = $target_model->getTargetItemInfo($target_subject, $target_id); if ($target_info) { $comment['target_url'] = $target_info['url']; $comment['target_title'] = $target_info['title']; $comment['is_private'] = empty($target_info['is_private']) ? false : $target_info['is_private']; // Сохраняем комментарий $comment_id = $this->model->addComment($comment); } if ($comment_id) { // Получаем и рендерим добавленный комментарий $comment = $this->model->getComment($comment_id); $comment_html = $template->render('comment', array('comments' => array($comment), 'target_user_id' => $target_user_id, 'user' => $user), new cmsRequest(array(), cmsRequest::CTX_INTERNAL)); // Уведомляем модель целевого контента об изменении количества комментариев $comments_count = $this->model->filterEqual('target_controller', $target_controller)->filterEqual('target_subject', $target_subject)->filterEqual('target_id', $target_id)->getCommentsCount(); $target_model->updateCommentsCount($target_subject, $target_id, $comments_count); $parent_comment = $parent_id ? $this->model->getComment($parent_id) : false; // Уведомляем подписчиков $this->notifySubscribers($comment, $parent_comment); // Уведомляем об ответе на комментарий if ($parent_comment) { $this->notifyParent($comment, $parent_comment); } } } // Формируем и возвращаем результат $result = array('error' => $comment_id ? false : true, 'message' => $comment_id ? LANG_COMMENT_SUCCESS : LANG_COMMENT_ERROR, 'id' => $comment_id, 'parent_id' => isset($comment['parent_id']) ? $comment['parent_id'] : 0, 'level' => isset($comment['level']) ? $comment['level'] : 0, 'html' => isset($comment_html) ? $comment_html : false); $template->renderJSON($result); }
public function run() { if (!$this->request->isAjax()) { cmsCore::error404(); } $action = $this->request->get('action'); $template = cmsTemplate::getInstance(); $user = cmsUser::getInstance(); $csrf_token = $this->request->get('csrf_token'); $controller_name = $this->request->get('pc'); $profile_type = $this->request->get('pt'); $profile_id = $this->request->get('pi'); $parent_id = $this->request->get('parent_id'); $entry_id = $this->request->get('id'); $content = $this->request->get('content'); // Проверяем валидность $is_valid = $this->validate_sysname($controller_name) === true && $this->validate_sysname($profile_type) === true && is_numeric($profile_id) && is_numeric($parent_id) && (!$entry_id || is_numeric($entry_id)) && cmsForm::validateCSRFToken($csrf_token, false) && in_array($action, array('add', 'preview', 'update')); if (!$is_valid) { $this->error(); } // // Получаем права доступа // $controller = cmsCore::getController($controller_name); if (!$controller) { $this->error(); } $permissions = $controller->runHook('wall_permissions', array('profile_type' => $profile_type, 'profile_id' => $profile_id)); if (!$permissions || !is_array($permissions)) { $this->error(); } // Типографируем текст $content_html = cmsEventsManager::hook('html_filter', $content); // // Превью записи // if ($action == 'preview') { $result = array('error' => false, 'html' => cmsEventsManager::hook('parse_text', $content_html)); $template->renderJSON($result); } // // Редактирование записи // if ($action == 'update') { $entry = $this->model->getEntry($entry_id); if ($entry['user']['id'] != $user->id && !$user->is_admin) { $this->error(); } list($entry_id, $content, $content_html) = cmsEventsManager::hook('wall_before_update', array($entry_id, $content, $content_html)); $this->model->updateEntryContent($entry_id, $content, $content_html); $entry_html = $content_html; } // // Добавление записи // if ($action == 'add') { // проверяем права на добавление if (!$permissions['add']) { $this->error(); } // Собираем данные записи $entry = array('user_id' => $user->id, 'parent_id' => $parent_id, 'profile_type' => $profile_type, 'profile_id' => $profile_id, 'content' => $content, 'content_html' => $content_html); // Сохраняем запись $entry_id = $this->model->addEntry(cmsEventsManager::hook('wall_before_add', $entry)); if ($entry_id) { // Получаем и рендерим добавленную запись $entry = $this->model->getEntry($entry_id); $entry_html = $template->renderInternal($this, 'entry', array('entries' => array($entry), 'user' => $user, 'permissions' => $permissions)); // Уведомляем владельца профиля if ($controller_name == 'users' && $profile_type == 'user') { $this->notifyProfileOwner($profile_id, $entry); } // Если родительская запись привязана к статусу, // то увеличиваем число ответов у статуса if ($entry['parent_id']) { $parent_entry = $this->model->getEntry($entry['parent_id']); if ($parent_entry['status_id']) { $users_model = cmsCore::getModel('users'); $users_model->increaseUserStatusRepliesCount($parent_entry['status_id']); } } } } // Формируем и возвращаем результат $result = array('error' => $entry_id ? false : true, 'message' => $entry_id ? LANG_WALL_ENTRY_SUCCESS : LANG_WALL_ENTRY_ERROR, 'id' => $entry_id, 'parent_id' => isset($entry['parent_id']) ? $entry['parent_id'] : 0, 'html' => isset($entry_html) ? cmsEventsManager::hook('parse_text', $entry_html) : false); $template->renderJSON($result); }
public function run() { if (!$this->request->isAjax()) { cmsCore::error404(); } $action = $this->request->get('action', ''); $csrf_token = $this->request->get('csrf_token', ''); $controller_name = $this->request->get('pc', ''); $profile_type = $this->request->get('pt', ''); $profile_id = $this->request->get('pi', ''); $parent_id = $this->request->get('parent_id', ''); $entry_id = $this->request->get('id', ''); $content = $this->request->get('content', ''); // Проверяем валидность $is_valid = $controller_name && $profile_type && $action && $this->validate_sysname($controller_name) === true && $this->validate_sysname($profile_type) === true && is_numeric($profile_id) && is_numeric($parent_id) && (!$entry_id || is_numeric($entry_id)) && cmsForm::validateCSRFToken($csrf_token, false) && in_array($action, array('add', 'preview', 'update')); if (!$is_valid) { return $this->error(); } if (!cmsCore::isControllerExists($controller_name)) { return $this->error(); } // какой контроллер обслуживаем $controller = cmsCore::getController($controller_name); // // Получаем права доступа // $permissions = $controller->runHook('wall_permissions', array('profile_type' => $profile_type, 'profile_id' => $profile_id)); if (!$permissions || !is_array($permissions)) { return $this->error(); } // Типографируем текст $content_html = cmsEventsManager::hook('html_filter', $content); if ($this->validate_required($content_html) !== true) { return $this->error(ERR_VALIDATE_REQUIRED); } // // Превью записи // if ($action == 'preview') { return $this->cms_template->renderJSON(array('error' => false, 'html' => cmsEventsManager::hook('parse_text', $content_html))); } // // Редактирование записи // if ($action == 'update') { $entry = $this->model->getEntry($entry_id); if ($entry['user']['id'] != $this->cms_user->id && !$this->cms_user->is_admin) { $this->error(); } list($entry_id, $content, $content_html) = cmsEventsManager::hook('wall_before_update', array($entry_id, $content, $content_html)); $this->model->updateEntryContent($entry_id, $content, $content_html); $entry_html = cmsEventsManager::hook('parse_text', $content_html); } // // Добавление записи // if ($action == 'add') { // проверяем права на добавление if (!$permissions['add']) { return $this->error(); } // Собираем данные записи $entry = array('user_id' => $this->cms_user->id, 'parent_id' => $parent_id, 'controller' => $controller_name, 'profile_type' => $profile_type, 'profile_id' => $profile_id, 'content' => $content, 'content_html' => $content_html); // Сохраняем запись $entry_id = $this->model->addEntry(cmsEventsManager::hook('wall_before_add', $entry)); if ($entry_id) { // Получаем и рендерим добавленную запись $entry = $this->model->getEntry($entry_id); $entry['content_html'] = cmsEventsManager::hook('parse_text', $entry['content_html']); $entry_html = $this->cms_template->renderInternal($this, 'entry', array('entries' => array($entry), 'user' => $this->cms_user, 'permissions' => $permissions)); // действия после добавления $controller->runHook('wall_after_add', array('profile_type' => $profile_type, 'profile_id' => $profile_id, 'entry' => $entry, 'wall_model' => $this->model)); } } // Формируем и возвращаем результат $result = array('error' => $entry_id ? false : true, 'message' => $entry_id ? LANG_WALL_ENTRY_SUCCESS : LANG_WALL_ENTRY_ERROR, 'id' => $entry_id, 'parent_id' => isset($entry['parent_id']) ? $entry['parent_id'] : 0, 'html' => isset($entry_html) ? $entry_html : false); return $this->cms_template->renderJSON($result); }