/**
  * This static method returns a valid CurrentUser object if there is one
  * in the cookie that is not timed out. The session-ID is updated then.
  * The CurrentUser will be removed from the session, if it is
  * timed out. If there is no valid CurrentUser in the cookie or the
  * cookie is timed out, null will be returned. If the cookie is correct,
  * but there is no user found in the user table, false will be returned.
  * On success, a valid CurrentUser object is returned
  *
  * @static
  *
  * @param PMF_Configuration $config
  *
  * @return null|PMF_User_CurrentUser
  */
 public static function getFromCookie(PMF_Configuration $config)
 {
     if (!isset($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME])) {
         return null;
     }
     // create a new CurrentUser object
     $user = new PMF_User_CurrentUser($config);
     $user->getUserByCookie($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME]);
     if (-1 === $user->getUserId()) {
         return null;
     }
     // sessionId needs to be updated
     $user->updateSessionId(true);
     // user is now logged in
     $user->_loggedIn = true;
     // save current user to session and return the instance
     $user->saveToSession();
     // add CSRF token to session
     $user->saveCrsfTokenToSession();
     return $user;
 }
예제 #2
0
    }
}
// delete group confirmation
if ($groupAction == 'delete_confirm' && $user->perm->checkRight($user->getUserId(), 'delgroup')) {
    $message = '';
    $user = new PMF_User_CurrentUser($faqConfig);
    $perm = $user->perm;
    $groupId = PMF_Filter::filterInput(INPUT_POST, 'group_list_select', FILTER_VALIDATE_INT, 0);
    if ($groupId <= 0) {
        $message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_noId']);
        $groupAction = $defaultGroupAction;
    } else {
        $twig->loadTemplate('group/delete_confirm.twig')->display(array('PMF_LANG' => $PMF_LANG, 'csrfToken' => $user->getCsrfTokenFromSession(), 'groupData' => $perm->getGroupData($groupId), 'groupId' => $groupId));
    }
}
if ($groupAction == 'delete' && $user->perm->checkRight($user->getUserId(), 'delgroup')) {
    $message = '';
    $user = new PMF_User($faqConfig);
    $groupId = PMF_Filter::filterInput(INPUT_POST, 'group_id', FILTER_VALIDATE_INT, 0);
    $csrfOkay = true;
    $csrfToken = PMF_Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_STRING);
    if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) {
        $csrfOkay = false;
    }
    $groupAction = $defaultGroupAction;
    if ($groupId <= 0) {
        $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_user_error_noId']);
    } else {
        if (!$user->perm->deleteGroup($groupId) && !$csrfOkay) {
            $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_group_error_delete']);
        } else {
예제 #3
0
 /**
  * This static method returns a valid CurrentUser object if there is one
  * in the cookie that is not timed out. The session-ID is updated if
  * necessary. The CurrentUser will be removed from the session, if it is
  * timed out. If there is no valid CurrentUser in the cookie or the
  * cookie is timed out, null will be returned. If the cookie is correct,
  * but there is no user found in the user table, false will be returned.
  * On success, a valid CurrentUser object is returned
  *
  * @static
  * @param PMF_Configuration $config
  *
  * @return null|PMF_User_CurrentUser
  */
 public static function getFromCookie(PMF_Configuration $config)
 {
     if (!isset($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME])) {
         return null;
     }
     // create a new CurrentUser object
     $user = new PMF_User_CurrentUser($config);
     $user->getUserByCookie($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME]);
     if (-1 === $user->getUserId()) {
         return null;
     }
     // sessionId and cookie information needs to be updated
     if ($user->sessionIdIsTimedOut()) {
         $user->updateSessionId();
         $user->setRememberMe(sha1(session_id()));
     }
     // user is now logged in
     $user->_loggedIn = true;
     // save current user to session and return the instance
     $user->saveToSession();
     return $user;
 }
예제 #4
0
    die;
}
$attachmentErrors = array();
// authenticate with session information
$user = PMF_User_CurrentUser::getFromSession($faqconfig->get('security.ipCheck'));
if (!$user instanceof PMF_User_CurrentUser) {
    $user = new PMF_User_CurrentUser();
    // user not logged in -> empty user object
}
$id = PMF_Filter::filterInput(INPUT_GET, 'id', FILTER_VALIDATE_INT);
$attachment = PMF_Attachment_Factory::create($id);
$userPermission = $faq->getPermission('user', $attachment->getRecordId());
$groupPermission = $faq->getPermission('group', $attachment->getRecordId());
// Check on group permissions
if ($user->perm instanceof PMF_Perm_PermMedium) {
    if (count($groupPermission) && in_array($groupPermission[0], $user->perm->getUserGroups($user->getUserId()))) {
        $groupPermission = true;
    } else {
        $groupPermission = false;
    }
} else {
    $groupPermission = true;
}
// Check in user's permissions
if (in_array($user->getUserId(), $userPermission)) {
    $userPermission = true;
} else {
    $userPermission = false;
}
if ($attachment && ($groupPermission || $groupPermission && $userPermission)) {
    try {
예제 #5
0
     if ($userId == 0) {
         $message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_noId']);
         $userAction = $defaultUserAction;
     } else {
         $user->getUserById($userId);
         // account is protected
         if ($user->getStatus() == 'protected' || $userId == 1) {
             $message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_protectedAccount']);
             $userAction = $defaultUserAction;
         } else {
             $twig->loadTemplate('user/delete_confirm.twig')->display(array('PMF_LANG' => $PMF_LANG, 'csrfToken' => $user->getCsrfTokenFromSession(), 'userId' => $userId, 'userLogin' => $user->getLogin()));
         }
     }
 }
 // delete user
 if ($userAction == 'delete' && $user->perm->checkRight($user->getUserId(), 'deluser')) {
     $message = '';
     $user = new PMF_User($faqConfig);
     $userId = PMF_Filter::filterInput(INPUT_POST, 'user_id', FILTER_VALIDATE_INT, 0);
     $csrfOkay = true;
     $csrfToken = PMF_Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_STRING);
     if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) {
         $csrfOkay = false;
     }
     $userAction = $defaultUserAction;
     if ($userId == 0 && !$csrfOkay) {
         $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_user_error_noId']);
     } else {
         if (!$user->getUserById($userId)) {
             $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_user_error_noId']);
         }
예제 #6
0
파일: artikel.php 프로젝트: ae120/phpMyFAQ
if (count($multiCategories) > 1) {
    foreach ($multiCategories as $multiCat) {
        $path = $category->getPath($multiCat['id'], ' &raquo; ', true, 'breadcrumb-related-categories');
        if ('' === trim($path)) {
            continue;
        }
        $htmlAllCategories .= $path;
    }
}
// Related FAQs
$faqSearchResult->reviewResultset($faqRelation->getAllRelatedById($recordId, $faq->faqRecord['title'], $faq->faqRecord['keywords']));
$searchHelper = new PMF_Helper_Search($faqConfig);
$relatedFaqs = $searchHelper->renderRelatedFaqs($faqSearchResult, $recordId);
// Show link to edit the faq?
$editThisEntry = '';
if ($user->perm->checkRight($user->getUserId(), 'editbt')) {
    $editThisEntry = sprintf('<a href="%sadmin/index.php?action=editentry&amp;id=%d&amp;lang=%s">%s</a>', PMF_Link::getSystemRelativeUri('index.php'), $recordId, $lang, $PMF_LANG['ad_entry_edit_1'] . ' ' . $PMF_LANG['ad_entry_edit_2']);
}
// Is the faq expired?
$expired = date('YmdHis') > $faq->faqRecord['dateEnd'];
// Does the user have the right to add a comment?
if (-1 === $user->getUserId() && !$faqConfig->get('records.allowCommentsForGuests') || $faq->faqRecord['active'] === 'no' || 'n' == $faq->faqRecord['comment'] || $expired) {
    $commentMessage = $PMF_LANG['msgWriteNoComment'];
} else {
    $commentMessage = sprintf("%s<a href=\"javascript:void(0);\" onclick=\"javascript:\$('#commentForm').show();\">%s</a>", $PMF_LANG['msgYouCan'], $PMF_LANG['msgWriteComment']);
}
$translationUrl = sprintf(str_replace('%', '%%', PMF_Link::getSystemRelativeUri('index.php')) . 'index.php?%saction=translate&amp;cat=%s&amp;id=%d&amp;srclang=%s', $sids, $currentCategory, $recordId, $lang);
if (!empty($switchLanguage)) {
    $tpl->parseBlock('writeContent', 'switchLanguage', array('msgChangeLanguage' => $PMF_LANG['msgLangaugeSubmit']));
}
if ($user->perm->checkRight($user->getUserId(), 'addtranslation')) {