public static function load()
{
if (Auth::getInstance()->isAuthorized()) {
return;
}
if (!isset($_COOKIE['resume']) or strlen($_COOKIE['resume']) != 48) {
return;
}
try {
// find session in db
$session = DB::getInstance()->fetchRow("SELECT `ip`, `user` FROM `user_session` WHERE `session`=?", [$_COOKIE['resume']]);
if (empty($session)) {
throw new Exception('Long session not found in database');
}
// check ip
if ($session['ip'] & ip2long(Users::IP_MASK) != ip2long($_SERVER['REMOTE_ADDR']) & ip2long(Users::IP_MASK)) {
throw new Exception('Long session IP does not match');
}
// find user
$user = User::getById($session['user']);
$user->login();
} catch (Exception $ex) {
self::remove();
}
}
/**
* Создаёт пост (или несколько) из результатов выборки из базы
* @static
* @param array $data
* @return array|null
*/
public static function makeList($data)
{
// нет данных
if (empty($data) or !is_array($data)) {
return null;
}
// в $data один пост
if (isset($data['id'])) {
$data = [$data];
}
$groups = [];
$Auth = Auth::getInstance();
if ($userId = $Auth->getEmail()) {
$groups = Group::getOwnedGroupsIds($userId);
}
$posts = [];
foreach ($data as $row) {
$post = new self();
foreach ($row as $k => $v) {
if (property_exists($post, $k)) {
$post->{$k} = $v;
}
}
if ($userId and $post->getUser() == $userId || $Auth->isModerator()) {
$post->canModify = true;
} elseif ($userId and $post->groupId and in_array($post->groupId, $groups)) {
$post->canModify = true;
} else {
$post->canModify = false;
}
$posts[] = $post;
}
return $posts;
}
public function addAjaxAction(\Difra\Param\AnyString $blogId)
{
if (!\Difra\Auth::getInstance()->getEmail()) {
$this->ajax->notify(Difra\Locales::getInstance()->getXPath('notify/need_reg'));
return;
}
$blog = \Difra\Plugins\Blogs::getInstance();
$blog->addFriend($blogId);
// TODO: вывод ошибок
$this->ajax->redirect($_SERVER['HTTP_REFERER']);
}
public function add($data)
{
// module moduleId replyId newComment
if (empty($data['module']) or !trim($data['module'])) {
throw new \Difra\Exception('Missing module name for comments');
}
if (empty($data['moduleId'])) {
throw new \Difra\Exception('Comments module id is missing or invalid');
}
if (empty($data['replyId'])) {
$data['replyId'] = 0;
}
if (empty($data['text']) or !trim($data['text'])) {
return false;
}
$auth = \Difra\Auth::getInstance();
$auth->required();
$data['user'] = $auth->getEmail();
return Comments\Comment::create($data);
}
/**
* Choose action
*/
private function chooseAction()
{
$method = null;
if (Request::isAjax() and Action::$methodAjaxAuth and Auth::getInstance()->isAuthorized()) {
$this->isAjaxAction = true;
$method = 'methodAjaxAuth';
} elseif (Request::isAjax() and Action::$methodAjax) {
$this->isAjaxAction = true;
$method = 'methodAjax';
} elseif (Action::$methodAuth and Auth::getInstance()->isAuthorized()) {
$method = 'methodAuth';
} elseif (Action::$method) {
$method = 'method';
} elseif (Request::isAjax() and Action::$methodAjaxAuth) {
self::$parameters = [];
throw new View\HttpError(401);
} elseif (Action::$methodAuth) {
self::$parameters = [];
throw new View\HttpError(401);
} else {
throw new View\HttpError(404);
}
$this->method = $method;
}
/**
* Делает +1 для статистики поста
* @param $postId
* @param null $groupId
* @param null $userId
* @return bool
*/
public function savePostStat($postId, $groupId = null, $userId = null)
{
$Cache = \Difra\Cache::getInstance();
$db = \Difra\MySQL::getInstance();
if (!$db->fetchRow("SHOW TABLES LIKE 'blogs_stat'")) {
return false;
}
$postsStat = $Cache->get('posts_stat');
$client = \Difra\Auth::getInstance()->getEmail();
if (is_null($client)) {
$client = $_SERVER['REMOTE_ADDR'];
}
$groupAdd = $userAdd = '';
if (!is_null($groupId)) {
$groupAdd = ", `group_id`='" . intval($groupId) . "' ";
}
if (!is_null($userId)) {
$userAdd = ", `user_id`='" . intval($userId) . "' ";
}
$query = "INSERT INTO `blogs_stat` SET `date`='" . date('Y-m-d', time()) . "', `post_id`='" . intval($postId) . "', `count`=1 " . $groupAdd . $userAdd . " ON DUPLICATE KEY UPDATE `count`=`count`+1";
if (isset($postsStat[$client])) {
if (!in_array($postId, $postsStat[$client])) {
if (count($postsStat[$client]) == 3) {
array_shift($postsStat[$client]);
}
$postsStat[$client][] = $postId;
$Cache->put('posts_stat', $postsStat);
$db->query($query);
return true;
} else {
return false;
}
}
$postsStat[$client][] = $postId;
$Cache->put('posts_stat', $postsStat);
$db->query($query);
return true;
}
/**
* Проверяет является ли пользователь владельцем анонса
* @param $eventId
* @param $userId
* @return bool
*/
public function checkOnwer($eventId, $userId)
{
if (Auth::getInstance()->isModerator()) {
return true;
}
$db = MySQL::getInstance();
$query = "SELECT `id` FROM `announcements` WHERE `id`='" . intval($eventId) . "' AND `user`='" . intval($userId) . "'";
$res = $db->fetchOne($query);
return !empty($res) ? true : false;
}
/**
* Fill output XML with some common data
* @param \DOMDocument|null $xml
* @param null $instance
*/
public static function fillXML(&$xml = null, $instance = null)
{
$controller = Controller::getInstance();
if (is_null($xml)) {
$xml = $controller->xml;
$node = $controller->realRoot;
} else {
$node = $xml->documentElement;
}
Debugger::addLine('Filling XML data for render: Started');
// TODO: sync this with Envi::getState()
$node->setAttribute('lang', Envi\Setup::getLocale());
$node->setAttribute('site', Envi::getSubsite());
$node->setAttribute('host', $host = Envi::getHost());
$node->setAttribute('mainhost', $mainhost = Envi::getHost(true));
$node->setAttribute('protocol', Envi::getProtocol());
$node->setAttribute('fullhost', Envi::getURLPrefix());
$node->setAttribute('instance', $instance ? $instance : View::$instance);
$node->setAttribute('uri', Envi::getUri());
$node->setAttribute('controllerUri', Action::getControllerUri());
if ($host != $mainhost) {
$node->setAttribute('urlprefix', Envi::getURLPrefix(true));
}
// get user agent
Envi\UserAgent::getUserAgentXML($node);
// ajax flag
$node->setAttribute('ajax', (Request::isAjax() or isset($_SERVER['HTTP_X_REQUESTED_WITH']) and $_SERVER['HTTP_X_REQUESTED_WITH'] == 'SwitchPage') ? '1' : '0');
$node->setAttribute('switcher', (!$controller->cache and isset($_SERVER['HTTP_X_REQUESTED_WITH']) and $_SERVER['HTTP_X_REQUESTED_WITH'] == 'SwitchPage') ? '1' : '0');
// build and version number
$node->setAttribute('build', Version::getBuild());
$node->setAttribute('framework', Version::getFrameworkVersion(false));
$node->setAttribute('frameworkLong', Version::getFrameworkVersion(true));
// date
/** @var $dateNode \DOMElement */
$dateNode = $node->appendChild($xml->createElement('date'));
$dateKeys = ['d', 'e', 'A', 'a', 'm', 'B', 'b', 'Y', 'y', 'c', 'x', 'H', 'M', 'S'];
$dateValues = explode('|', strftime('%' . implode('|%', $dateKeys)));
$dateCombined = array_combine($dateKeys, $dateValues);
$dateNode->setAttribute('ts', time());
foreach ($dateCombined as $k => $v) {
$dateNode->setAttribute($k, $v);
}
// debug flag
$node->setAttribute('debug', Debugger::isEnabled() ? '1' : '0');
// config values (for js variable)
$configNode = $node->appendChild($xml->createElement('config'));
Envi::getStateXML($configNode);
// menu
if ($menuResource = Resourcer::getInstance('menu')->compile(View::$instance)) {
$menuXML = new \DOMDocument();
$menuXML->loadXML($menuResource);
$node->appendChild($xml->importNode($menuXML->documentElement, true));
}
// auth
Auth::getInstance()->getAuthXML($node);
// locale
Locales::getInstance()->getLocaleXML($node);
// Add config js object
$config = Envi::getState();
$confJS = '';
foreach ($config as $k => $v) {
$confJS .= "config.{$k}='" . addslashes($v) . "';";
}
$node->setAttribute('jsConfig', $confJS);
Debugger::addLine('Filling XML data for render: Done');
Debugger::debugXML($node);
}
public function deleteAjaxActionAuth(Param\AjaxString $id = null)
{
$id = $id ? $id->val() : null;
if (!($post = Blogs\Post::getById($id))) {
$this->ajax->display(Difra\Locales::getInstance()->getXPath('blogs/notifies/post_not_found'));
die;
}
$Auth = \Difra\Auth::getInstance();
if ($post->getUser() != $Auth->getEmail() && !$Auth->isModerator()) {
$group = $post->getBlog()->getGroup();
if (!$group or $group->getOwner() != \Difra\Auth::getInstance()->getEmail()) {
$this->ajax->display(Difra\Locales::getInstance()->getXPath('blogs/notifies/edit_post_denied'));
die;
}
}
$post::delete($id);
$this->ajax->setResponse('success', true);
}
/**
* If page rendered too long, report to developers
* @throws Exception
*/
public static function checkSlow()
{
// TODO: merge this method with Exception::sendNotification()
$time = self::getTimer();
if (!$time <= 1) {
return;
}
// don't send notifications on development environment
if (!Envi::isProduction()) {
return;
}
$notificationMail = self::getNotificationMail();
// no notification mail is set
if (!$notificationMail) {
return;
}
$output = '<pre>';
foreach (self::$output as $line) {
if (!isset($line['type'])) {
$line['type'] = null;
}
$output .= "{$line['timer']}\t{$line['class']}\t{$line['type']}\t{$line['message']}\n";
}
$date = date('r');
$server = print_r($_SERVER, true);
$post = print_r($_POST, true);
$cookie = print_r($_COOKIE, true);
$host = Envi::getHost();
$uri = Envi::getUri();
$user = Auth::getInstance()->getEmail();
$output .= <<<MSG
Page:\t{$uri}
Time:\t{$date}
Host:\t{$host}
User:\t{$user}
\$_SERVER:
{$server}
\$_POST:
{$post}
\$_COOKIE:
{$cookie}
MSG;
$output .= '</pre>';
Mailer::getInstance()->sendMail(self::getNotificationMail(), 'Slow script', print_r($output, true));
}
/**
* Log object
* @param $message
* @return array
*/
protected function getLogObj($message)
{
$obj = ['timestamp' => time(), 'date' => date('r'), 'message' => $message, 'pid' => getmypid()];
if (!empty($_SERVER['REMOTE_ADDR'])) {
$obj['ip'] = $_SERVER['REMOTE_ADDR'];
}
if ($a = Auth::getInstance()->getLogin()) {
$obj['user'] = $a;
}
return $obj;
}
/**
* Log out current user
*/
public static function logout()
{
Session::remove();
Auth::getInstance()->logout();
}
public static function checkDeleteRights($id, $module)
{
$db = \Difra\MySQL::getInstance();
$parentOwner = false;
switch ($module) {
case 'blogs':
$query = "SELECT bl.`user`, bl.`group`\n\t\t\t\t\t\tFROM `blogs_posts` bp\n\t\t\t\t\t\tRIGHT JOIN `blogs` AS `bl` ON bl.`id`=bp.`blog`\n\t\t\t\t\t\tWHERE bp.`id`='" . intval($id) . "'";
break;
case 'albums':
$query = "SELECT al.`group_id` as `group`\n\t\t\t\t\t\tFROM `albums` al\n\t\t\t\t\t\tWHERE al.`id` = '" . intval($id) . "'";
break;
default:
$query = false;
}
if ($query) {
$parentOwner = $db->fetchRow($query);
}
$groups = [];
$Auth = \Difra\Auth::getInstance();
$userId = $Auth->getEmail();
if ($userId && \Difra\Plugger::getInstance()->isEnabled('blogs')) {
$groups = \Difra\Plugins\Blogs\Group::getOwnedGroupsIds($userId);
}
$commentData = $db->fetchRow("SELECT `user` FROM `{$module}_comments` WHERE `id`='" . intval($id) . "'");
if ($userId && ($userId == $commentData['user'] || $Auth->isModerator())) {
return true;
} elseif ($userId && $parentOwner && in_array($parentOwner['group'], $groups)) {
return true;
} elseif ($userId && $parentOwner && isset($parentOwner['user']) && $parentOwner['user'] == $userId) {
return true;
}
return false;
}
public function indexAction(Param\AnyString $nickname = null, Param\NamedInt $page = null)
{
$page = $page ? $page->val() : 1;
if ($nickname) {
// получаем $userId по никнейму
$nickname = rawurldecode($nickname);
if (!($userId = Difra\Additionals::getAdditionalId('users', 'nickname', $nickname))) {
$this->view->httpError(404);
return;
}
/** @var \DOMElement $userNode */
$userNode = $this->root->appendChild($this->xml->createElement('user'));
$userNode->setAttribute('id', $userId);
\Difra\Additionals::getAdditionalsXml('users', $userId, $userNode);
// /user/имя
if (empty($this->action->parameters)) {
$auth = \Difra\Auth::getInstance();
$canModify = ($auth->isAuthorized() and $userId == $auth->getEmail());
// виджет данных юзера
/** @var \DOMElement $blogsViewNode */
$blogsViewNode = $this->root->appendChild($this->xml->createElement('userInfoWidget'));
$blogsViewNode->setAttribute('left', 1);
$blogsViewNode = $this->root->appendChild($this->xml->createElement('blogsView'));
$blogsViewNode->setAttribute('left', 1);
$blogsViewNode->setAttribute('link', '/blogs/' . rawurlencode($nickname));
$blogsViewNode->setAttribute('canModify', $canModify ? '1' : '0');
$blogId = Blogs::getInstance()->getUserBlogXML($blogsViewNode, $userId, $page);
if ($auth->isAuthorized()) {
if ($canModify) {
/** @var \DOMElement $blogsControlNode */
$blogsControlNode = $this->root->appendChild($this->xml->createElement('blogsControl'));
$blogsControlNode->setAttribute('right', 1);
$blogsControlNode->setAttribute('addPrefix', 1);
}
}
// виджет "я в группах"
/** @var \DOMElement $myGroupsNode */
$myGroupsNode = $this->root->appendChild($this->xml->createElement('myGroupsWidget'));
$myGroupsNode->setAttribute('right', 1);
\Difra\Plugins\Blogs\Group::getUsersGroups($userId, $myGroupsNode);
// виджет избранных блогов
/** @var \DOMElement $friendsNode */
$friendsNode = $this->root->appendChild($this->xml->createElement('friendsWidget'));
$friendsNode->setAttribute('right', 1);
\Difra\Plugins\Blogs\Blog::getFriendsPreviewXML($auth->getEmail(), $friendsNode);
if ($userId != $auth->getEmail()) {
$friendsNode->setAttribute('user', $auth->getEmail());
$friendsNode->setAttribute('canAdd', $blogId);
}
// /user/имя/15/заголовок
} elseif (sizeof($this->action->parameters) == 2) {
$postId = $this->action->parameters[0];
if (!ctype_digit($postId)) {
$this->view->httpError(404);
return;
}
$postLink = rawurldecode($this->action->parameters[1]);
if (!($post = Blogs::getInstance()->getPost($userId, $postId))) {
$this->view->httpError(404);
return;
}
if ($postLink != $post->getLink()) {
$this->view->redirect("/blogs/{$nickname}/{$postId}/" . $post->getLink());
return;
}
$this->action->parameters = [];
// виджет "я в группах"
$myGroupsNode = $this->root->appendChild($this->xml->createElement('myGroupsWidget'));
$myGroupsNode->setAttribute('right', 1);
\Difra\Plugins\Blogs\Group::getUsersGroups($userId, $myGroupsNode);
// виджет данных юзера
$blogsViewNode = $this->root->appendChild($this->xml->createElement('userInfoWidget'));
$blogsViewNode->setAttribute('left', 1);
/** @var \DOMElement $blogsSingle */
$blogsSingle = $this->root->appendChild($this->xml->createElement('blogsSingle'));
$blogsSingle->setAttribute('left', 1);
$post->getXML($blogsSingle, true);
/** @var \DOMElement $comments */
$comments = $this->root->appendChild($this->xml->createElement('comments'));
$comments->setAttribute('left', 1);
\Difra\Plugins\Comments::getInstance()->getCommentsXML($comments, 'blogs', $postId, $page);
// виджет избранных блогов
$friendsNode = $this->root->appendChild($this->xml->createElement('friendsWidget'));
$friendsNode->setAttribute('right', 1);
$auth = \Difra\Auth::getInstance();
\Difra\Plugins\Blogs\Blog::getFriendsPreviewXML($auth->getEmail(), $friendsNode);
if ($userId != $auth->getEmail()) {
$friendsNode->setAttribute('user', $auth->getEmail());
$friendsNode->setAttribute('canAdd', $post->getBlogId());
}
// статистика для поста
Blogs::getInstance()->savePostStat($postId, null, $userId);
} else {
$this->view->httpError(404);
}
} else {
$blogsViewNode = $this->root->appendChild($this->xml->createElement('blogsAllView'));
$blogsViewNode->setAttribute('left', 1);
$blogsViewNode->setAttribute('link', '/blogs');
Difra\Plugins\Blogs::getInstance()->getAllPostsXML($blogsViewNode, $page);
if (Difra\Auth::getInstance()->isAuthorized()) {
/** @var \DOMElement $mypageWidget */
$mypageWidget = $this->root->appendChild($this->xml->createElement('myPageWidget'));
$mypageWidget->setAttribute('right', 1);
}
/** @var \DOMElement $controlNode */
$controlNode = $this->root->appendChild($this->xml->createElement('artistControl'));
$controlNode->setAttribute('right', 1);
// TODO: вынести работу с тэгами в отдельный диспатчер
$Tags = Difra\Plugins\Tags::getInstance();
if ($Tags->getCloudXml('posts', $this->root)) {
$controlNode = $this->root->appendChild($this->xml->createElement('postsTags'));
$controlNode->setAttribute('right', 1);
}
}
}
