/** * Check comment add conditions. On bad conditions will be throw'd exception. * @throws JsonException * @return boolean */ public function check() { // check if user is auth'd or guest name is defined if (!App::$User->isAuth() && ((int) $this->_configs['guestAdd'] !== 1 || Str::length($this->guestName) < 2)) { throw new JsonException(__('Guest name is not defined')); } // check if pathway is empty if (Str::likeEmpty($this->pathway)) { throw new JsonException(__('Wrong target pathway')); } // check if message length is correct if (Str::length($this->message) < (int) $this->_configs['minLength'] || Str::length($this->message) > (int) $this->_configs['maxLength']) { throw new JsonException(__('Message length is incorrect. Current: %cur%, min - %min%, max - %max%', ['cur' => Str::length($this->message), 'min' => $this->_configs['minLength'], 'max' => $this->_configs['maxLength']])); } // guest moderation if (!App::$User->isAuth() && (bool) $this->_configs['guestModerate']) { $captcha = App::$Request->request->get('captcha'); if (!App::$Captcha->validate($captcha)) { throw new JsonException(__('Captcha is incorrect! Click on image to refresh and try again')); } } // check delay between 2 comments from 1 user or 1 ip $query = CommentPost::where('user_id', '=', $this->_userId)->orWhere('ip', '=', $this->ip)->orderBy('created_at', 'DESC')->first(); // check if latest post time for this user is founded if ($query !== null) { $postTime = Date::convertToTimestamp($query->created_at); $delay = $postTime + $this->_configs['delay'] - time(); if ($delay > 0) { throw new JsonException(__('Spam protection: please, wait %sec% seconds', ['sec' => $delay])); } } return true; }
/** * Make post to user wall from $viewer to $target instance of iUser interface objects * @param iUser $target * @param iUser $viewer * @param int $delay * @return bool */ public function makePost(iUser $target, iUser $viewer, $delay = 60) { if ($target === null || $viewer === null) { return false; } $find = WallRecords::where('sender_id', '=', $viewer->id)->orderBy('updated_at', 'desc')->first(); if ($find !== null) { $lastPostTime = Date::convertToTimestamp($find->updated_at); if (time() - $lastPostTime < static::POST_GLOBAL_DELAY) { // past time was less then default delay return false; } } // save new post to db $record = new WallRecords(); $record->target_id = $target->id; $record->sender_id = $viewer->id; $record->message = $this->message; $record->save(); // add user notification if ($target->id !== $viewer->id) { $notify = new EntityAddNotification($target->id); $notify->add('profile/show/' . $target->id . '#wall-post-' . $record->id, EntityAddNotification::MSG_ADD_WALLPOST, ['snippet' => Text::snippet($this->message, 50)]); } // cleanup message $this->message = null; return true; }
/** * After validation generate new pwd, recovery token and send email * @throws SyntaxException * @throws \Ffcms\Core\Exception\NativeException */ public function make() { $user = App::$User->getIdentityViaEmail($this->email); if ($user === null) { throw new SyntaxException('Email not found'); } if ($user->approve_token !== '0' && Str::length($user->approve_token) > 0) { throw new SyntaxException('You must approve your account'); } $rows = UserRecovery::where('user_id', '=', $user->getId())->orderBy('id', 'DESC')->first(); if ($rows !== null && $rows !== false) { // prevent spam of recovery messages if (Date::convertToTimestamp($rows->created_at) > time() - self::DELAY) { return; } } // generate pwd, token and pwdCrypt $newPwd = Str::randomLatinNumeric(mt_rand(8, 16)); $pwdCrypt = App::$Security->password_hash($newPwd); $token = Str::randomLatinNumeric(mt_rand(64, 128)); // write new data to recovery table $rObject = new UserRecovery(); $rObject->user_id = $user->id; $rObject->password = $pwdCrypt; $rObject->token = $token; $rObject->save(); // write logs data $log = new UserLog(); $log->user_id = $user->id; $log->type = 'RECOVERY'; $log->message = __('Password recovery is initialized from: %ip%', ['ip' => App::$Request->getClientIp()]); $log->save(); // generate mail template $mailTemplate = App::$View->render('user/mail/recovery', ['login' => $user->login, 'email' => $this->email, 'password' => $newPwd, 'token' => $token, 'id' => $rObject->id]); $sender = App::$Properties->get('adminEmail'); // format SWIFTMailer format $mailMessage = \Swift_Message::newInstance(App::$Translate->get('Profile', 'Account recovery on %site%', ['site' => App::$Request->getHost()]))->setFrom([$sender])->setTo([$this->email])->setBody($mailTemplate, 'text/html'); // send message App::$Mailer->send($mailMessage); }
/** * Check if comment answer conditions is ok. Will throw exception if not. * @return bool * @throws JsonException */ public function check() { // check if user is auth'd or guest name is defined if (!App::$User->isAuth() && ((int) $this->_configs['guestAdd'] !== 1 || Str::length($this->guestName) < 2)) { throw new JsonException(__('Guest name is not defined')); } // guest moderation if (!App::$User->isAuth() && (bool) $this->_configs['guestModerate']) { $captcha = App::$Request->request->get('captcha'); if (!App::$Captcha->validate($captcha)) { throw new JsonException(__('Captcha is incorrect! Click on image to refresh and try again')); } } // check if replayTo is defined if ($this->replayTo < 1) { throw new JsonException(__('Comment post thread is not founded')); } // check if message length is correct if (Str::length($this->message) < (int) $this->_configs['minLength'] || Str::length($this->message) > (int) $this->_configs['maxLength']) { throw new JsonException(__('Message length is incorrect. Current: %cur%, min - %min%, max - %max%', ['cur' => Str::length($this->message), 'min' => $this->_configs['minLength'], 'max' => $this->_configs['maxLength']])); } $count = CommentPost::where('id', '=', $this->replayTo)->count(); if ($count !== 1) { throw new JsonException(__('Comment post thread is not founded')); } // check to prevent spam $query = CommentAnswer::where('user_id', '=', $this->_userId)->orWhere('ip', '=', $this->ip)->orderBy('created_at', 'DESC')->first(); // something is founded :D if ($query !== null) { $answerTime = Date::convertToTimestamp($query->created_at); $delay = $answerTime + $this->_configs['delay'] - time(); if ($delay > 0) { // sounds like config time is not passed now throw new JsonException(__('Spam protection: please, wait %sec% seconds', ['sec' => $delay])); } } return true; }
if ($catConfigs['showCategory'] === true) { ?> <span class="spaced"><i class="fa fa-list"></i> <?php echo Url::link(['content/list', $item['category']->path], \App::$Translate->getLocaleText($item['category']->title), ['itemprop' => 'genre']); ?> </span> <?php } ?> <?php if ($catConfigs['showDate'] === true) { ?> <span class="spaced"><i class="fa fa-calendar"></i> <time datetime="<?php echo date('c', Date::convertToTimestamp($item['date'])); ?> " itemprop="datePublished"> <?php echo $item['date']; ?> </time> </span> <?php } ?> <?php if ($catConfigs['showAuthor'] === true) { ?> <span class="spaced"><i class="fa fa-user"></i> <?php
/** * Change user rating action * @throws ForbiddenException * @throws NativeException * @throws NotFoundException * @return string */ public function actionChangerating() { if (!App::$User->isAuth()) { throw new ForbiddenException('Auth required'); } $this->setJsonHeader(); // get operation type and target user id $target_id = (int) $this->request->get('target'); $type = $this->request->get('type'); // check type of query if ($type !== '+' && $type !== '-') { throw new NativeException('Wrong data'); } // check if passed user id is exist if (!Obj::isLikeInt($target_id) || $target_id < 1 || !App::$User->isExist($target_id)) { throw new NotFoundException('Wrong user info'); } $cfg = \Apps\ActiveRecord\App::getConfigs('app', 'Profile'); // check if rating is enabled for website if ((int) $cfg['rating'] !== 1) { throw new NativeException('Rating is disabled'); } // get target and sender objects $target = App::$User->identity($target_id); $sender = App::$User->identity(); // disable self-based changes ;) if ($target->getId() === $sender->getId()) { throw new ForbiddenException('Self change prevented'); } // check delay $diff = Date::convertToTimestamp(time() - $cfg['ratingDelay'], Date::FORMAT_SQL_TIMESTAMP); $query = ProfileRating::where('target_id', '=', $target->getId())->where('sender_id', '=', $sender->getId())->where('created_at', '>=', $diff)->orderBy('id', 'DESC'); if ($query !== null && $query->count() > 0) { throw new ForbiddenException('Delay required'); } // delay is ok, lets insert a row $record = new ProfileRating(); $record->target_id = $target->getId(); $record->sender_id = $sender->getId(); $record->type = $type; $record->save(); // update target profile $profile = $target->getProfile(); if ($type === '+') { $profile->rating += 1; } else { $profile->rating -= 1; } $profile->save(); return json_encode(['status' => 1, 'data' => 'ok']); }