/** * This function determines whether an there is a currently logged in * Author for Symphony by using the `$Cookie`'s username * and password. If an Author is found, they will be logged in, otherwise * the `$Cookie` will be destroyed. * * @see core.Cookie#expire() */ public function isLoggedIn() { // Ensures that we're in the real world.. Also reduces three queries from database // We must return true otherwise exceptions are not shown if (is_null(self::$_instance)) { return true; } if ($this->Author) { return true; } else { $username = self::$Database->cleanValue($this->Cookie->get('username')); $password = self::$Database->cleanValue($this->Cookie->get('pass')); if (strlen(trim($username)) > 0 && strlen(trim($password)) > 0) { $id = self::$Database->fetchVar('id', 0, "SELECT `id` FROM `tbl_authors` WHERE `username` = '{$username}' AND `password` = '{$password}' LIMIT 1"); if ($id) { self::$Database->update(array('last_seen' => DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', " `id` = '{$id}'"); $this->Author = AuthorManager::fetchByID($id); Lang::set($this->Author->get('language')); return true; } } $this->Cookie->expire(); return false; } }
public function view() { $database = Symphony::Configuration()->get('db', 'database'); $field_ids = array_map(array('General', 'intval'), explode(',', General::sanitize($_GET['field_id']))); $search = MySQL::cleanValue(General::sanitize($_GET['query'])); $types = array_map(array('MySQL', 'cleanValue'), explode(',', General::sanitize($_GET['types']))); $limit = General::intval(General::sanitize($_GET['limit'])); // Set limit if ($limit === 0) { $max = ''; } elseif ($limit < 0) { $max = ' LIMIT 100'; } else { $max = sprintf(' LIMIT %d', $limit); } // Entries if (in_array('entry', $types)) { foreach ($field_ids as $field_id) { $this->get($database, intval($field_id), $search, $max); } } // Associations if (in_array('association', $types)) { foreach ($field_ids as $field_id) { $association_id = $this->getAssociationId($field_id); if ($association_id) { $this->get($database, $association_id, $search, $max); } } } // Static values if (in_array('static', $types)) { foreach ($field_ids as $field_id) { $this->getStatic($field_id, $search); } } // Return results return $this->_Result; }
/** * Given a resource type, a handle and a page, this function detaches * the given handle (which represents either a datasource or event) to that page. * * @param integer $type * The resource type, either `RESOURCE_TYPE_EVENT` or `RESOURCE_TYPE_DS` * @param string $r_handle * The handle of the resource. * @param integer $page_id * The ID of the page. */ public static function detach($type, $r_handle, $page_id) { $col = self::getColumnFromType($type); $pages = PageManager::fetch(false, array($col), array(sprintf('`id` = %d', $page_id))); if (is_array($pages) && count($pages) == 1) { $result = $pages[0][$col]; $values = explode(',', $result); $idx = array_search($r_handle, $values, false); if ($idx !== false) { array_splice($values, $idx, 1); $result = implode(',', $values); return PageManager::edit($page_id, array($col => MySQL::cleanValue($result))); } } return false; }
private function __unregisterToList($tbl, $ip = '') { $filter = MySQL::cleanValue($this->getIP($ip)); return Symphony::Database()->delete($tbl, "IP = '{$filter}'"); }
private function __sendEmail() { $emailUnban = ABF::instance()->getConfigVal(ABF::SETTING_AUTO_UNBAN); if ($emailUnban != 'on') { // do nothing $this->_email_sent = null; return; } $author = Symphony::Database()->fetchRow(0, "SELECT `id`, `email`, `first_name` FROM `tbl_authors` WHERE `email` = '" . MySQL::cleanValue($_POST['email']) . "'"); $failure = ABF::instance()->getFailureByIp(); $emailSettings = ABF::instance()->getEmailSettings(); if (is_array($author) && isset($author['email']) && is_array($failure) && isset($failure[0]) && isset($failure[0]->Hash)) { // safe run try { // use default values $email = Email::create(); // if no default values are set if (!is_array($emailSettings) || empty($emailSettings['from_address'])) { $email->setFrom($author['email'], Symphony::Configuration()->get('sitename', 'general')); } else { $email->setFrom($emailSettings['from_address'], $emailSettings['from_name']); } $email->recipients = $author['email']; $email->subject = __('Unban IP link'); $email->text_plain = __('Please follow this link to unban your IP: ') . SYMPHONY_URL . ABF::UNBAND_LINK . $failure[0]->Hash . '/' . PHP_EOL . __('If you do not remember your password, follow the "forgot password" link on the login page.') . PHP_EOL . __('The Symphony Team'); // set error flag $this->_email_sent = $email->validate() && $email->send(); } catch (Exception $e) { //var_dump($e); // do nothing $this->_email_sent = false; } } }
/** * Process the URL and translate the localised page handles to Symphony handles. * * @param array $context - see delegate description */ public function dFrontendPrePageResolve($context) { if ($this->first_pass === true && $this->_validateDependencies()) { $this->first_pass = false; $url = MySQL::cleanValue($context['page']); $context['page'] = PLHManagerURL::lang2sym($url, Flang::getLangCode()); } }
/** * * Builds the content view */ public function view() { // _context[0] => entry values // _context[1] => fieldId if (!is_array($this->_context) || empty($this->_context)) { $this->_Result->appendChild(new XMLElement('error', __('Parameters not found'))); return; } else { if (count($this->_context) < self::NUMBER_OF_URL_PARAMETERS) { $this->_Result->appendChild(new XMLElement('error', __('Not enough parameters'))); return; } else { if (count($this->_context) > self::NUMBER_OF_URL_PARAMETERS) { $this->_Result->appendChild(new XMLElement('error', __('Too many parameters'))); return; } } } $entriesId = explode(',', MySQL::cleanValue($this->_context[0])); $entriesId = array_map(array('General', 'intval'), $entriesId); if (!is_array($entriesId) || empty($entriesId)) { $this->_Result->appendChild(new XMLElement('error', __('No entry no found'))); return; } $parentFieldId = General::intval($this->_context[1]); if ($parentFieldId < 1) { $this->_Result->appendChild(new XMLElement('error', __('Parent field id not valid'))); return; } $parentField = $this->fieldManager->fetch($parentFieldId); if (!$parentField || empty($parentField)) { $this->_Result->appendChild(new XMLElement('error', __('Parent field not found'))); return; } if ($parentField->get('type') != 'entry_relationship') { $this->_Result->appendChild(new XMLElement('error', __('Parent field is `%s`, not `entry_relationship`', array($parentField->get('type'))))); return; } $includedElements = $this->parseIncludedElements($parentField); $xmlParams = self::getXmlParams(); // Get entries one by one since they may belong to // different sections, which prevents us from // passing an array of entryId. foreach ($entriesId as $key => $entryId) { $entry = $this->entryManager->fetch($entryId); if (empty($entry)) { $li = new XMLElement('li', null, array('data-entry-id' => $entryId)); $header = new XMLElement('header', null, array('class' => 'frame-header')); $title = new XMLElement('h4'); $title->appendChild(new XMLElement('strong', __('Entry %s not found', array($entryId)))); $header->appendChild($title); $options = new XMLElement('div', null, array('class' => 'destructor')); if ($parentField->is('allow_link')) { $options->appendChild(new XMLElement('a', __('Un-link'), array('class' => 'unlink', 'data-unlink' => $entryId))); } $header->appendChild($options); $li->appendChild($header); $this->_Result->appendChild($li); } else { $entry = $entry[0]; $entryData = $entry->getData(); $entrySection = $this->sectionManager->fetch($entry->get('section_id')); $entryVisibleFields = $entrySection->fetchVisibleColumns(); $entryFields = $entrySection->fetchFields(); $entrySectionHandle = $this->getSectionName($entry, 'handle'); $li = new XMLElement('li', null, array('data-entry-id' => $entryId, 'data-section' => $entrySectionHandle, 'data-section-id' => $entrySection->get('id'))); $header = new XMLElement('header', null, array('class' => 'frame-header')); $title = new XMLElement('h4'); $title->appendChild(new XMLElement('strong', $this->getEntryTitle($entry, $entryVisibleFields, $entryFields))); $title->appendChild(new XMLElement('span', $this->getSectionName($entry))); $header->appendChild($title); $options = new XMLElement('div', null, array('class' => 'destructor')); if ($parentField->is('allow_edit')) { $title->setAttribute('data-edit', $entryId); $options->appendChild(new XMLElement('a', __('Edit'), array('class' => 'edit', 'data-edit' => $entryId))); } if ($parentField->is('allow_delete')) { $options->appendChild(new XMLElement('a', __('Delete'), array('class' => 'delete', 'data-delete' => $entryId))); } if ($parentField->is('allow_link')) { $options->appendChild(new XMLElement('a', __('Replace'), array('class' => 'unlink', 'data-replace' => $entryId))); } if ($parentField->is('allow_delete') || $parentField->is('allow_link')) { $options->appendChild(new XMLElement('a', __('Un-link'), array('class' => 'unlink', 'data-unlink' => $entryId))); } $header->appendChild($options); $li->appendChild($header); $xslFilePath = WORKSPACE . '/er-templates/' . $entrySectionHandle . '.xsl'; if (!empty($entryData) && !!@file_exists($xslFilePath)) { $xmlData = new XMLElement('data'); $xmlData->setIncludeHeader(true); $xml = new XMLElement('entry'); $xml->setAttribute('id', $entryId); $xmlData->appendChild($xmlParams); $xmlData->appendChild($xml); foreach ($entryData as $fieldId => $data) { $filteredData = array_filter($data, function ($value) { return $value != null; }); if (empty($filteredData)) { continue; } $field = $entryFields[$fieldId]; $fieldName = $field->get('element_name'); $fieldIncludedElement = $includedElements[$entrySectionHandle]; if (FieldEntry_relationship::isFieldIncluded($fieldName, $fieldIncludedElement)) { $fieldIncludableElements = $field->fetchIncludableElements(); if ($field instanceof FieldEntry_relationship) { $fieldIncludableElements = null; } if (!empty($fieldIncludableElements) && count($fieldIncludableElements) > 1) { foreach ($fieldIncludableElements as $fieldIncludableElement) { $submode = preg_replace('/^' . $fieldName . '\\s*\\:\\s*/i', '', $fieldIncludableElement, 1); $field->appendFormattedElement($xml, $data, false, $submode, $entryId); } } else { $field->appendFormattedElement($xml, $data, false, null, $entryId); } } } $indent = false; $mode = $parentField->get('mode'); if (isset($_REQUEST['debug'])) { $mode = 'debug'; } if ($mode == 'debug') { $indent = true; } $xmlMode = empty($mode) ? '' : 'mode="' . $mode . '"'; $xmlString = $xmlData->generate($indent, 0); $xsl = '<?xml version="1.0" encoding="UTF-8"?> <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:import href="' . str_replace('\\', '/', $xslFilePath) . '"/> <xsl:output method="xml" omit-xml-declaration="yes" encoding="UTF-8" indent="no" /> <xsl:template match="/"> <xsl:apply-templates select="/data" ' . $xmlMode . ' /> </xsl:template> <xsl:template match="/data" ' . $xmlMode . '> <xsl:apply-templates select="entry" ' . $xmlMode . ' /> </xsl:template> <xsl:template match="/data" mode="debug"> <xsl:copy-of select="/" /> </xsl:template> </xsl:stylesheet>'; $xslt = new XsltProcess(); $result = $xslt->process($xmlString, $xsl, $this->params); if ($mode == 'debug') { $result = '<pre><code>' . str_replace('<', '<', str_replace('>', '>', $xmlString)) . '</code></pre>'; } if ($xslt->isErrors()) { $error = $xslt->getError(); $result = $error[1]['message']; } if (!!$xslt && strlen($result) > 0) { $content = new XMLElement('div', $result, array('class' => 'content')); $li->appendChild($content); } } $this->_Result->appendChild($li); } } }
/** * * Builds the content view */ public function view() { if ($_SERVER['REQUEST_METHOD'] != 'POST') { $this->_Result['status'] = Page::HTTP_STATUS_BAD_REQUEST; $this->_Result['error'] = __('This page accepts posts only'); $this->setHttpStatus($this->_Result['status']); return; } // _context[0] => entry id to delete // _context[1] => fieldId // _context[2] => current entry id (parent of entry id to delete) if (!is_array($this->_context) || empty($this->_context)) { $this->_Result['error'] = __('Parameters not found'); return; } else { if (count($this->_context) < self::NUMBER_OF_URL_PARAMETERS) { $this->_Result['error'] = __('Not enough parameters'); return; } else { if (count($this->_context) > self::NUMBER_OF_URL_PARAMETERS) { $this->_Result['error'] = __('Too many parameters'); return; } } } // Validate to delete entry ID $rawToDeleteEntryId = MySQL::cleanValue($this->_context[0]); $toDeleteEntryId = General::intval($rawToDeleteEntryId); if ($toDeleteEntryId < 1) { $this->_Result['error'] = __('No entry no found'); return; } // Validate parent field exists $parentFieldId = General::intval(MySQL::cleanValue($this->_context[1])); if ($parentFieldId < 1) { $this->_Result['error'] = __('Parent id not valid'); return; } $parentField = FieldManager::fetch($parentFieldId); if (!$parentField || empty($parentField)) { $this->_Result['error'] = __('Parent field not found'); return; } // Validate parent entry ID $rawEntryId = MySQL::cleanValue($this->_context[2]); $entryId = General::intval($rawEntryId); if ($entryId < 1) { $this->_Result['error'] = sprintf(__('Parent entry id `%s` not valid'), $rawEntryId); return; } // Validate parent entry exists $entry = EntryManager::fetch($entryId); if ($entry == null || count($entry) != 1) { $this->_Result['error'] = __('Parent entry not found'); return; } if (is_array($entry)) { $entry = $entry[0]; } if ($entry->get('section_id') != $parentField->get('parent_section')) { $this->_Result['error'] = __('Field and entry do not belong together'); return; } // Validate to delete entry exists $toDeleteEntry = EntryManager::fetch($toDeleteEntryId); if ($toDeleteEntry == null || count($toDeleteEntry) != 1) { $this->_Result['error'] = __('Entry not found'); return; } if (is_array($toDeleteEntry)) { $toDeleteEntry = $toDeleteEntry[0]; } // Validate entry is not linked anywhere else if (!isset($_REQUEST['no-assoc'])) { //$toDeleteSection = SectionManager::fetch($toDeleteEntry->get('section_id')); //$toDeleteAssoc = $toDeleteSection->fetchChildAssociations(false); $toDeleteAssoc = SectionManager::fetchChildAssociations($toDeleteEntry->get('section_id'), false); //var_dump($toDeleteAssoc);die; // TODO: find if the toDeleteEntry is linked or not. if (count($toDeleteAssoc) > 1) { $this->_Result['assoc'] = true; $this->_Result['error'] = __('Entry might be link elsewhere. Do you want to continue?'); return; } } // Delete the entry if (!EntryManager::delete($toDeleteEntryId)) { $this->_Result['error'] = __('Could not delete the entry'); return; } $this->_Result['entry-id'] = $entryId; $this->_Result['ok'] = true; }
public static function updateFieldData_Driver() { $tbl = self::FIELD_TBL_NAME; // allow all drivers for fields that already exists $drivers = MySQL::cleanValue(implode(',', ServiceDispatcher::getAllDriversNames())); return Symphony::Database()->query("\n\t\t\t\tUPDATE `{$tbl}`\n\t\t\t\t\tSET `driver` = '{$drivers}'\n\t\t\t"); }
/** * * Builds the content view */ public function view() { if ($_SERVER['REQUEST_METHOD'] != 'POST') { $this->_Result['status'] = Page::HTTP_STATUS_BAD_REQUEST; $this->_Result['error'] = __('This page accepts posts only'); $this->setHttpStatus($this->_Result['status']); return; } // _context[0] => entry values // _context[1] => fieldId // _context[2] => current entry id if (!is_array($this->_context) || empty($this->_context)) { $this->_Result['error'] = __('Parameters not found'); return; } else { if (count($this->_context) < self::NUMBER_OF_URL_PARAMETERS) { $this->_Result['error'] = __('Not enough parameters'); return; } else { if (count($this->_context) > self::NUMBER_OF_URL_PARAMETERS) { $this->_Result['error'] = __('Too many parameters'); return; } } } // Validate ALL entries ID $rawEntriesId = explode(',', MySQL::cleanValue($this->_context[0])); $entriesId = array_map(array('General', 'intval'), $rawEntriesId); if (!is_array($entriesId) || empty($entriesId)) { $this->_Result['error'] = __('No entry no found'); return; } if (in_array('null', $rawEntriesId)) { $entriesId = array(); } foreach ($entriesId as $entryPos => $entryId) { if ($entryId < 1) { $this->_Result['error'] = sprintf(__('Entry id `%s` not valid'), $rawEntriesId[$entryPos]); return; } } // Validate parent field exists $parentFieldId = General::intval(MySQL::cleanValue($this->_context[1])); if ($parentFieldId < 1) { $this->_Result['error'] = __('Parent id not valid'); return; } $parentField = FieldManager::fetch($parentFieldId); if (!$parentField || empty($parentField)) { $this->_Result['error'] = __('Parent field not found'); return; } // Validate parent entry ID $rawEntryId = MySQL::cleanValue($this->_context[2]); $entryId = General::intval($rawEntryId); if ($entryId < 1) { $this->_Result['error'] = sprintf(__('Parent entry id `%s` not valid'), $rawEntryId); return; } // Validate parent entry exists $entry = EntryManager::fetch($entryId); if ($entry == null || count($entry) != 1) { $this->_Result['error'] = __('Parent entry not found'); return; } if (is_array($entry)) { $entry = $entry[0]; } if ($entry->get('section_id') != $parentField->get('parent_section')) { $this->_Result['error'] = __('Field and entry do not belong together'); return; } $entryData = $entry->getData(); // set new data $entryData[$parentFieldId]['entries'] = implode(',', $entriesId); // check if data are valid $resMessage = null; $res = $parentField->checkPostFieldData($entryData[$parentFieldId], $resMessage, $entryId); if ($res != Field::__OK__) { $this->_Result['error'] = $resMessage; return; } // save the new data $entry->setData($parentFieldId, $entryData[$parentFieldId]); if (!$entry->commit()) { $this->_Result['error'] = __('Could not save entry'); return; } $this->_Result['entry-id'] = $entryId; $this->_Result['ok'] = true; $this->_Result['entries'] = $entryData[$parentFieldId]['entries']; }