/** * set contact information. * * @access public * @return void */ public function setContact() { if (!empty($_POST)) { if (!empty($_POST['email'])) { if (!validater::checkEmail($this->post->email)) { $this->send(array('result' => 'fail', 'message' => $this->lang->company->error->email)); } } $contact = array('contact' => helper::jsonEncode($_POST)); $result = $this->loadModel('setting')->setItems('system.common.company', $contact); if ($result) { $this->send(array('result' => 'success', 'message' => $this->lang->setSuccess)); } $this->send(array('result' => 'fail', 'message' => $this->lang->fail)); } $this->view->title = $this->lang->company->setContact; $this->view->contact = json_decode($this->config->company->contact); $this->display(); }
/** * Detect email config auto. * * @access public * @return void */ public function detect() { if ($_POST) { $error = ''; if ($this->post->fromAddress == false) { $error = sprintf($this->lang->error->notempty, $this->lang->mail->fromAddress); } if (!validater::checkEmail($this->post->fromAddress)) { $error .= '\\n' . sprintf($this->lang->error->email, $this->lang->mail->fromAddress); } if ($error) { die(js::alert($error)); } $mailConfig = $this->mail->autoDetect($this->post->fromAddress); $mailConfig->fromAddress = $this->post->fromAddress; $this->session->set('mailConfig', $mailConfig); die(js::locate(inlink('edit'), 'parent')); } $this->view->title = $this->lang->mail->common . $this->lang->colon . $this->lang->mail->detect; $this->view->position[] = html::a(inlink('index'), $this->lang->mail->common); $this->view->position[] = $this->lang->mail->detect; $this->view->fromAddress = $this->session->mailConfig ? $this->session->mailConfig->fromAddress : ''; $this->display(); }
/** * Detect email config auto. * * @access public * @return void */ public function detect() { if ($_POST) { if ($this->post->fromAddress == false) { $error = sprintf($this->lang->error->notempty, $this->lang->mail->fromAddress); $message = array('fromAddress' => $error); $this->send(array('result' => 'fail', 'message' => $message)); } if (!validater::checkEmail($this->post->fromAddress)) { $error = sprintf($this->lang->error->email, $this->lang->mail->fromAddress); $message = array('fromAddress' => $error); $this->send(array('result' => 'fail', 'message' => $message)); } $mailConfig = $this->mail->autoDetect($this->post->fromAddress); $mailConfig->fromAddress = $this->post->fromAddress; $this->session->set('mailConfig', $mailConfig); $this->send(array('result' => 'success', 'message' => $this->lang->saveSuccess, 'locate' => inlink('edit'))); } $this->view->title = $this->lang->mail->common . $this->lang->colon . $this->lang->mail->detect; $this->view->position[] = html::a(inlink('index'), $this->lang->mail->common); $this->view->position[] = $this->lang->mail->detect; $this->view->fromAddress = $this->session->mailConfig ? $this->session->mailConfig->fromAddress : ''; $this->display(); }
/** * Save settings. * * @access public * @return void */ public function saveSetting() { $errors = ''; if (!$this->post->payment) { $errors['payment'] = array($this->lang->order->paymentRequired); } if (!$this->post->confirmLimit) { $errors['confirmLimit'] = array($this->lang->order->confirmLimitRequired); } if (in_array('alipay', $this->post->payment) and strlen($this->post->pid) != 16) { $errors['pid'] = array($this->lang->order->placeholder->pid); } if (in_array('alipay', $this->post->payment) and strlen($this->post->key) != 32) { $errors['key'] = array($this->lang->order->placeholder->key); } if (in_array('alipay', $this->post->payment) and !validater::checkEmail($this->post->email)) { $errors['email'] = array(sprintf($this->lang->error->email, $this->lang->order->alipayEmail)); } if (!empty($errors)) { return array('result' => 'fail', 'message' => $errors); } $shopSetting = array(); $shopSetting['payment'] = join(',', $this->post->payment); $shopSetting['confirmLimit'] = $this->post->confirmLimit; $this->loadModel('setting')->setItems('system.common.shop', $shopSetting); $alipaySetting = array(); $alipaySetting['pid'] = $this->post->pid; $alipaySetting['key'] = $this->post->key; $alipaySetting['email'] = $this->post->email; $result = $this->loadModel('setting')->setItems('system.common.alipay', $alipaySetting); return array('result' => 'success', 'message' => $this->lang->saveSuccess); }
/** * Reply a message. * * @param int $messageID * @access public * @return void */ public function reply($messageID) { $account = $this->app->user->account; $admin = $this->app->user->admin; $message = $this->getByID($messageID); $reply = fixer::input('post')->add('objectType', $message->type == 'reply' ? $message->objectType : $message->type)->add('objectID', $message->id)->add('to', $message->account)->add('type', 'reply')->add('date', helper::now())->add('status', '0')->add('public', 1)->setIF($account != 'guest', 'account', $account)->setIF($admin == 'super', 'status', '1')->add('ip', $this->server->REMOTE_ADDR)->get(); $this->dao->insert(TABLE_MESSAGE)->data($reply, $skip = 'captcha')->autoCheck()->check('captcha', 'captcha')->check('type', 'in', $this->config->message->types)->batchCheck($this->config->message->require->reply, 'notempty')->exec(); $replyID = $this->dao->lastInsertId(); if (!dao::isError()) { if ($admin == 'super') { $this->dao->update(TABLE_MESSAGE)->set('status')->eq(1)->where('status')->eq(0)->andWhere('id')->eq($messageID)->exec(); if (dao::isError()) { return false; } } /* if message type is comment , check is user want to receive email reminder */ if (validater::checkEmail($message->email) && ($message->type != 'comment' || $message->receiveEmail)) { $mail = new stdclass(); $mail->to = $message->email; $mail->subject = sprintf($this->lang->message->replySubject, $this->config->site->name); $mail->body = $reply->content; $this->loadModel('mail')->send($mail->to, $mail->subject, $mail->body); } return $replyID; } return false; }
/** * Batch edit user. * * @access public * @return void */ public function batchEdit() { if (empty($_POST['verifyPassword']) or md5($this->post->verifyPassword) != $this->app->user->password) { die(js::alert($this->lang->user->error->verifyPassword)); } $oldUsers = $this->dao->select('id, account')->from(TABLE_USER)->where('id')->in(array_keys($this->post->account))->fetchPairs('id', 'account'); $accountGroup = $this->dao->select('id, account')->from(TABLE_USER)->where('account')->in($this->post->account)->fetchGroup('account', 'id'); $accounts = array(); foreach ($this->post->account as $id => $account) { $users[$id]['account'] = $account; $users[$id]['realname'] = $this->post->realname[$id]; $users[$id]['commiter'] = $this->post->commiter[$id]; $users[$id]['email'] = $this->post->email[$id]; $users[$id]['join'] = $this->post->join[$id]; $users[$id]['dept'] = $this->post->dept[$id] == 'ditto' ? isset($prev['dept']) ? $prev['dept'] : 0 : $this->post->dept[$id]; $users[$id]['role'] = $this->post->role[$id] == 'ditto' ? isset($prev['role']) ? $prev['role'] : 0 : $this->post->role[$id]; if (isset($accountGroup[$account]) and count($accountGroup[$account]) > 1) { die(js::error(sprintf($this->lang->user->error->accountDupl, $id))); } if (in_array($account, $accounts)) { die(js::error(sprintf($this->lang->user->error->accountDupl, $id))); } if (!validater::checkAccount($users[$id]['account'])) { die(js::error(sprintf($this->lang->user->error->account, $id))); } if ($users[$id]['realname'] == '') { die(js::error(sprintf($this->lang->user->error->realname, $id))); } if ($users[$id]['email'] and !validater::checkEmail($users[$id]['email'])) { die(js::error(sprintf($this->lang->user->error->mail, $id))); } if (empty($users[$id]['role'])) { die(js::error(sprintf($this->lang->user->error->role, $id))); } $accounts[$id] = $account; $prev['dept'] = $users[$id]['dept']; $prev['role'] = $users[$id]['role']; } foreach ($users as $id => $user) { $this->dao->update(TABLE_USER)->data($user)->where('id')->eq((int) $id)->exec(); if ($user['account'] != $oldUsers[$id]) { $oldAccount = $oldUsers[$id]; $this->dao->update(TABLE_USERGROUP)->set('account')->eq($user['account'])->where('account')->eq($oldAccount)->exec(); if (strpos($this->app->company->admins, ',' . $oldAccount . ',') !== false) { $admins = str_replace(',' . $oldAccount . ',', ',' . $user['account'] . ',', $this->app->company->admins); $this->dao->update(TABLE_COMPANY)->set('admins')->eq($admins)->where('id')->eq($this->app->company->id)->exec(); } if (!dao::isError() and $this->app->user->account == $oldAccount) { $this->app->user->account = $users['account']; } } } }
/** * Identify a user. * * @param string $account the account * @param string $password the password the plain password or the md5 hash * @access public * @return object if is valid user, return the user object. */ public function identify($account, $password) { if (!$account or !$password) { return false; } /* First get the user from database by account or email. */ $user = $this->dao->setAutolang(false)->select('*')->from(TABLE_USER)->beginIF(validater::checkEmail($account))->where('email')->eq($account)->fi()->beginIF(!validater::checkEmail($account))->where('account')->eq($account)->fi()->fetch(); /* Then check the password hash. */ if (!$user) { return false; } /* Can not login before ten minutes when user is locked. */ if ($user->locked != '0000-00-00 00:00:00') { $dateDiff = (strtotime($user->locked) - time()) / 60; /* Check the type of lock and show it. */ if ($dateDiff > 0 && $dateDiff <= 3) { $this->lang->user->loginFailed = sprintf($this->lang->user->locked, '3' . $this->lang->date->minute); return false; } elseif ($dateDiff > 3) { $dateDiff = ceil($dateDiff / 60 / 24); $this->lang->user->loginFailed = $dateDiff <= 30 ? sprintf($this->lang->user->locked, $dateDiff . $this->lang->date->day) : $this->lang->user->lockedForEver; return false; } else { $user->fails = 0; $user->locked = '0000-00-00 00:00:00'; } } /* The password can be the plain or the password after md5. */ if (!$this->compareHashPassword($password, $user) and $user->password != $this->createPassword($password, $user->account)) { /* Save login log if user is admin. */ if ($user->admin == 'super' or $user->admin == 'common') { $this->saveLog($user->account, 'fail'); } $user->fails++; if ($user->fails > 2 * 4) { $user->locked = date('Y-m-d H:i:s', time() + 3 * 60); } $this->dao->setAutolang(false)->update(TABLE_USER)->data($user)->where('id')->eq($user->id)->exec(); return false; } /* Update user data. */ $user->ip = $this->server->remote_addr; $user->last = helper::now(); $user->fails = 0; $user->visits++; /* Save login log if user is admin. */ if ($user->admin == 'super' or $user->admin == 'common') { $this->saveLog($user->account, 'success'); } $this->dao->setAutolang(false)->update(TABLE_USER)->data($user)->where('account')->eq($account)->exec(); $user->realname = $this->computeRealname($user); $user->shortLast = substr($user->last, 5, -3); $user->shortJoin = substr($user->join, 5, -3); unset($_SESSION['random']); if (commonModel::isAvailable('score')) { $viewType = $this->app->getViewType(); if ($user) { $this->app->user->account = $account; if ($user->maxLogin > 0) { $this->app->loadConfig('score'); $login = $this->config->score->counts->login; $this->dao->update(TABLE_USER)->set('maxLogin = maxLogin - ' . $login)->where('account')->eq($account)->exec(); $this->loadModel('score')->earn('login', '', '', 'LOGIN'); } } } return $user; }
/** * Add a blacklist item. * * @access public * @return void */ public function addBlacklist() { $typeList = $this->lang->guarder->blacklistModes; if ($_POST) { $item = $this->post->identity; $type = 'keywords'; if (validater::checkIP($item)) { $type = 'ip'; } if (validater::checkEmail($item)) { $type = 'email'; } if (validater::checkAccount($item)) { $user = $this->loadModel('user')->getByAccount($item); if (!empty($user)) { $type = 'account'; } } $result = $this->guarder->punish($type, $item, $this->post->reason, $this->post->expired); if ($result) { $this->send(array('result' => 'success', 'message' => $this->lang->setSuccess, 'locate' => inlink('blacklist', "mode={$type}"))); } $this->send(array('result' => 'fail', 'message' => dao::geterror())); } $this->view->title = $this->lang->guarder->addBlacklist; $this->display(); }
/** * Identify a user. * * @param string $account the account * @param string $password the password the plain password or the md5 hash * @access public * @return object if is valid user, return the user object. */ public function identify($account, $password) { if (!$account or !$password) { return false; } /* First get the user from database by account or email. */ $user = $this->dao->select('*')->from(TABLE_USER)->where('deleted')->eq('0')->beginIF(validater::checkEmail($account))->andWhere('email')->eq($account)->fi()->beginIF(!validater::checkEmail($account))->andWhere('account')->eq($account)->fi()->fetch(); /* Then check the password hash. */ if (!$user) { return false; } /* Can not login before ten minutes when user is locked. */ if ($user->locked != '0000-00-00 00:00:00') { $dateDiff = (strtotime($user->locked) - time()) / 60; /* Check the type of lock and show it. */ if ($dateDiff > 0 && $dateDiff <= 10) { $this->lang->user->loginFailed = sprintf($this->lang->user->locked, '10' . $this->lang->date->minute); return false; } elseif ($dateDiff > 10) { $dateDiff = ceil($dateDiff / 60 / 24); $this->lang->user->loginFailed = $dateDiff <= 30 ? sprintf($this->lang->user->locked, $dateDiff . $this->lang->date->day) : $this->lang->user->lockedForEver; return false; } else { $user->fails = 0; $user->locked = '0000-00-00 00:00:00'; } } /* The password can be the plain or the password after md5. */ if (!$this->compareHashPassword($password, $user)) { $user->fails++; if ($user->fails > 2) { $user->locked = date('Y-m-d H:i:s', time() + 10 * 60); } $this->dao->update(TABLE_USER)->data($user)->where('id')->eq($user->id)->exec(); return false; } /* Update user data. */ $user->ip = $this->server->remote_addr; $user->last = helper::now(); $user->ping = helper::now(); $user->fails = 0; $user->visits++; /* Update password when create password by oldCreatePassword function. */ $this->dao->update(TABLE_USER)->data($user)->where('account')->eq($account)->exec(); $user->realname = empty($user->realname) ? $account : $user->realname; $user->shortLast = substr($user->last, 5, -3); $user->shortJoin = substr($user->join, 5, -3); unset($_SESSION['random']); /* Save sign in info. */ $this->loadModel('attend', 'oa')->signIn($user->account); /* Return him.*/ return $user; }
/** * Send mail code. * * @access public * @return void */ public function sendMailCode($account = '') { $account = ($account and $account != 'qq') ? $account : $this->app->user->account; $user = $this->loadModel('user')->getByAccount($account); $email = $this->post->email ? $this->post->email : $user->email; $lastSendVar = "lastSendTo{$account}"; $lastSendTime = $this->session->{$lastSendVar}; if (time() - $lastSendTime < 180) { $this->send(array('result' => 'fail', 'message' => $this->lang->mail->trySendlater)); } if (!$this->config->mail->turnon) { $this->send(array('result' => 'fail', 'message' => $this->lang->mail->noConfigure)); } if (empty($email)) { $this->send(array('result' => 'fail', 'message' => $this->lang->mail->noEmail)); } if (!validater::checkEmail($email)) { $this->send(array('result' => 'fail', 'message' => $this->lang->mail->error)); } if (!$lastSendTime or time() - $lastSendTime > 1800 or !$this->session->verifyCode) { $this->session->set('verifyCode', mt_rand()); } $content = sprintf($this->lang->mail->sendContent, $account, $this->config->site->name, $this->server->http_host, $this->session->verifyCode, $this->config->site->name); $this->loadModel('mail')->send($email, $this->lang->mail->captcha, $content, true); if (!$this->mail->isError()) { $this->session->set('lastSendTo' . $account, time()); $this->send(array('result' => 'success', 'message' => sprintf($this->lang->mail->sendSuccess, $email))); } $error = str_replace('\\n', "<br />", join('', $this->mail->getError())); $this->send(array('result' => 'fail', 'message' => $error)); }