public function check($content, $type, $additionalArgs = array()) { if ($this->controller) { $args['ip_address'] = Loader::helper('validation/ip')->getRequestIP(); $args['user_agent'] = $_SERVER['HTTP_USER_AGENT']; $args['content'] = $content; foreach ($additionalArgs as $key => $value) { $args[$key] = $value; } if (isset($args['user']) && is_object($args['user'])) { $u = $args['user']; } else { $u = new User(); } if (!isset($args['email']) && $u->isRegistered()) { $ui = UserInfo::getByID($u->getUserID()); $args['email'] = $ui->getUserEmail(); } $r = $this->controller->check($args); if ($r) { return true; } else { $c = Page::getCurrentPage(); if (is_object($c)) { $logText .= t('URL: %s', Loader::helper('navigation')->getLinkToCollection($c, true)); $logText .= "\n"; } if ($u->isRegistered()) { $logText .= t('User: %s (ID %s)', $u->getUserName(), $u->getUserID()); $logText .= "\n"; } $logText .= t('Type: %s', Loader::helper('text')->unhandle($type)); $logText .= "\n"; foreach ($args as $key => $value) { $logText .= Loader::helper('text')->unhandle($key) . ': ' . $value . "\n"; } if (Config::get('ANTISPAM_LOG_SPAM')) { Log::addEntry($logText, t('spam')); } if (Config::get('ANTISPAM_NOTIFY_EMAIL') != '') { $mh = Loader::helper('mail'); $mh->to(Config::get('ANTISPAM_NOTIFY_EMAIL')); $mh->addParameter('content', $logText); $mh->load('spam_detected'); $mh->sendMail(); } return false; } } else { return true; // return true if it passes the test } }
public function view($userID = 0) { if (!ENABLE_USER_PROFILES) { $this->render("/page_not_found"); } $html = Loader::helper('html'); $canEdit = false; $u = new User(); if ($userID > 0) { $profile = UserInfo::getByID($userID); if (!is_object($profile)) { throw new Exception('Invalid User ID.'); } } else { if ($u->isRegistered()) { $profile = UserInfo::getByID($u->getUserID()); $canEdit = true; } else { $this->set('intro_msg', t('You must sign in order to access this page!')); $this->render('/login'); } } $this->set('profile', $profile); $this->set('av', Loader::helper('concrete/avatar')); $this->set('t', Loader::helper('text')); $this->set('canEdit', $canEdit); }
/** * Converts a user entered datetime to the system datetime * @param string $userDateTime * @param string $systemDateTime * @return string $datetime */ public function getSystemDateTime($userDateTime = 'now', $mask = NULL) { if(!isset($mask) || !strlen($mask)) { $mask = 'Y-m-d H:i:s'; } if(!isset($userDateTime) || !strlen($userDateTime)) { return NULL; // if passed a null value, pass it back } elseif(strlen($userDateTime)) { $datetime = new DateTime($userDateTime); if (defined('APP_TIMEZONE')) { $tz = new DateTimeZone(APP_TIMEZONE_SERVER); $datetime = new DateTime($userDateTime,$tz); // create the in the user's timezone $stz = new DateTimeZone(date_default_timezone_get()); // grab the default timezone $datetime->setTimeZone($stz); // convert the datetime object to the current timezone } if(defined('ENABLE_USER_TIMEZONES') && ENABLE_USER_TIMEZONES) { $u = new User(); if($u && $u->isRegistered()) { $utz = $u->getUserTimezone(); if($utz) { $tz = new DateTimeZone($utz); $datetime = new DateTime($userDateTime,$tz); // create the in the user's timezone $stz = new DateTimeZone(date_default_timezone_get()); // grab the default timezone $datetime->setTimeZone($stz); // convert the datetime object to the current timezone } } } } else { $datetime = new DateTime(); } return $datetime->format($mask); }
public function displayItem() { $u = new User(); if ($u->isRegistered()) { if ($u->config('UI_SITEMAP')) { $sh = Loader::helper('concrete/dashboard/sitemap'); return $sh->canRead(); } } return false; }
public function displayItem() { $u = new User(); if ($u->isRegistered()) { $fp = FilePermissions::getGlobal(); if ($fp->canSearchFiles() && $u->config('UI_FILEMANAGER')) { return true; } } return false; }
public function on_start() { $u = new \User(); if (!$u->isRegistered()) { $this->render('/login'); } $this->error = Loader::helper('validation/error'); $this->set('valt', Loader::helper('validation/token')); $this->set('av', Loader::helper('concrete/avatar')); $this->set('profile', \UserInfo::getByID($u->getUserID())); }
public function __construct() { $html = Loader::helper('html'); parent::__construct(); $u = new User(); if (!$u->isRegistered()) { $this->set('intro_msg', t('You must sign in order to access this page!')); Loader::controller('/login'); $this->render('/login'); } $this->set('ui', UserInfo::getByID($u->getUserID())); $this->set('av', Loader::helper('concrete/avatar')); }
/** * Returns the preferred section based on session, cookie, * user object, default browser (if allowed), and finally * site preferences. * Since the user's language is not a locale but a language, * attempts to determine best section for the given language. * * @return Section */ public static function getPreferredSection() { $site = \Site::getSite(); $locale = false; $app = Facade::getFacadeApplication(); // they have a language in a certain session going already $session = $app->make('session'); if ($session->has('multilingual_default_locale')) { $locale = $session->get('multilingual_default_locale'); } else { $cookie = $app->make('cookie'); if ($cookie->has('multilingual_default_locale')) { $locale = $cookie->get('multilingual_default_locale'); } } if ($locale) { $home = Section::getByLocale($locale); if ($home) { return $home; } } $u = new \User(); if ($u->isRegistered()) { $userDefaultLanguage = $u->getUserDefaultLanguage(); if ($userDefaultLanguage) { $home = Section::getByLocaleOrLanguage($userDefaultLanguage); if ($home) { return $home; } } } $config = $site->getConfigRepository(); if ($config->get('multilingual.use_browser_detected_locale')) { $home = false; $locales = \Punic\Misc::getBrowserLocales(); foreach (array_keys($locales) as $locale) { $home = Section::getByLocaleOrLanguage($locale); if ($home) { break; } } if ($home) { return $home; } } $site = \Site::getSite(); return Section::getByLocale($site->getDefaultLocale()); }
public function shouldAddToCache(View $v) { $c = $v->getCollectionObject(); if (!is_object($c)) { return false; } $cp = new Permissions($c); if (!$cp->canViewPage()) { return false; } $u = new User(); $allowedControllerActions = array('view'); if (is_object($v->controller)) { if (!in_array($v->controller->getTask(), $allowedControllerActions)) { return false; } } if (!$c->getCollectionFullPageCaching()) { return false; } if ($u->isRegistered() || $_SERVER['REQUEST_METHOD'] == 'POST') { return false; } if ($c->isGeneratedCollection()) { if (is_object($v->controller) && !$v->controller->supportsPageCache() || !is_object($v->controller)) { return false; } } if ($c->getCollectionFullPageCaching() == 1 || FULL_PAGE_CACHE_GLOBAL === 'all') { // this cache page at the page level // this overrides any global settings return true; } if (FULL_PAGE_CACHE_GLOBAL !== 'blocks') { // we are NOT specifically caching this page, and we don't return false; } $blocks = $c->getBlocks(); array_merge($c->getGlobalBlocks(), $blocks); foreach ($blocks as $b) { $controller = $b->getInstance(); if (!$controller->cacheBlockOutput()) { return false; } } return true; }
/** * Get a list of available battlefield for a user * * @param object $user Instance of a User object * * @return array List of battlefields available */ public function getListForUser(User $user) { $userId = $user->ID; try { if ($user->isRegistered()) { $list = $this->_db->fetchAllRequest('getBattlefieldListForUser', array(':userId' => $userId)); } else { $list = $this->_db->fetchAllRequest('getBattlefieldListForAnonUser', array(':userId' => $userId)); } foreach ($list as $i => $battlefield) { $list[$i]['hiveList'] = $this->_db->fetchAllRequest('getBattlefieldHiveList', array(':battlefieldId' => $battlefield['ID'])); } } catch (Exception $e) { throw $e; } return $list; }
public function archive() { $id = intval($this->request->request->get('naID')); if ($this->token->validate() && $id > 0) { $u = new \User(); if ($u->isRegistered()) { $r = $this->entityManager->getRepository('Concrete\\Core\\Entity\\Notification\\NotificationAlert'); $alert = $r->findOneById($id); if (is_object($alert) && is_object($alert->getUser()) && $alert->getUser()->getUserID() == $u->getUserID()) { $alert->setNotificationIsArchived(true); $this->entityManager->persist($alert); $this->entityManager->flush(); } } } $this->app->shutdown(); }
/** * Converts a user entered datetime to the system datetime * @param string $userDateTime * @param string $systemDateTime * @return string $datetime */ public function getSystemDateTime($userDateTime = 'now', $mask = NULL) { if (!isset($mask) || !strlen($mask)) { $mask = 'Y-m-d H:i:s'; } $req = Request::get(); if ($req->hasCustomRequestUser()) { return date($mask, strtotime($req->getCustomRequestDateTime())); } if (!isset($userDateTime) || !strlen($userDateTime)) { return null; // if passed a null value, pass it back } $datetime = new DateTime($userDateTime); if (defined('APP_TIMEZONE')) { $tz = new DateTimeZone(APP_TIMEZONE_SERVER); $datetime = new DateTime($userDateTime, $tz); // create the in the user's timezone $stz = new DateTimeZone(date_default_timezone_get()); // grab the default timezone $datetime->setTimeZone($stz); // convert the datetime object to the current timezone } if (defined('ENABLE_USER_TIMEZONES') && ENABLE_USER_TIMEZONES) { $u = new User(); if ($u && $u->isRegistered()) { $utz = $u->getUserTimezone(); if ($utz) { $tz = new DateTimeZone($utz); $datetime = new DateTime($userDateTime, $tz); // create the in the user's timezone $stz = new DateTimeZone(date_default_timezone_get()); // grab the default timezone $datetime->setTimeZone($stz); // convert the datetime object to the current timezone } } } if (Localization::activeLocale() != 'en_US' && $mask != 'Y-m-d H:i:s') { return $this->dateTimeFormatLocal($datetime, $mask); } else { return $datetime->format($mask); } }
/** * * Returns the preferred section based on session, cookie, * user object, default browser (if allowed), and finally * site preferences. * Since the user's language is not a locale but a language, * attempts to determine best section for the given language. * @return Section */ public static function getPreferredSection() { $locale = false; // they have a language in a certain session going already if (Session::has('multilingual_default_locale')) { $locale = Session::get('multilingual_default_locale'); } else { if (Cookie::has('multilingual_default_locale')) { $locale = Cookie::get('multilingual_default_locale'); } } if ($locale) { $home = Section::getByLocale($locale); if ($home) { return $home; } } $u = new \User(); if ($u->isRegistered()) { $userDefaultLanguage = $u->getUserDefaultLanguage(); if ($userDefaultLanguage) { $home = Section::getByLocaleOrLanguage($userDefaultLanguage); if ($home) { return $home; } } } if (Config::get('concrete.multilingual.use_browser_detected_locale')) { $home = false; $locales = \Punic\Misc::getBrowserLocales(); foreach (array_keys($locales) as $locale) { $home = Section::getByLocaleOrLanguage($locale); if ($home) { break; } } if ($home) { return $home; } } return Section::getByLocale(Config::get('concrete.multilingual.default_locale')); }
public function on_start() { $u = new \User(); if (!$u->isRegistered()) { return $this->replace('/login'); } $dh = \Core::make('helper/concrete/dashboard'); $desktop = DesktopList::getMyDesktop(); if ($dh->inDashboard($desktop) && $this->getPageObject()->getCollectionPath() != '/account/welcome') { $this->theme = 'dashboard'; $this->set('pageTitle', t('My Account')); } $this->setThemeViewTemplate('account.php'); $this->error = Loader::helper('validation/error'); $this->token = Loader::helper('validation/token'); $this->set('valt', $this->token); $this->set('av', Loader::helper('concrete/avatar')); $this->set('profile', \UserInfo::getByID($u->getUserID())); $nav = new AccountMenu($this->getPageObject()); $this->set('nav', $nav); }
/** * Sets up a list to only return items the proper user can access */ public function setupPermissions() { $u = new User(); if ($u->isSuperUser() || $this->ignorePermissions) { return; // super user always sees everything. no need to limit } $groups = $u->getUserGroups(); $groupIDs = array(); foreach ($groups as $key => $value) { $groupIDs[] = $key; } $uID = -1; if ($u->isRegistered()) { $uID = $u->getUserID(); } $date = Loader::helper('date')->getLocalDateTime(); if ($this->includeAliases) { $cInheritPermissionsFromCID = 'if(p2.cID is null, p1.cInheritPermissionsFromCID, p2.cInheritPermissionsFromCID)'; } else { $cInheritPermissionsFromCID = 'p1.cInheritPermissionsFromCID'; } if (PERMISSIONS_MODEL != 'simple') { // support timed release $this->filter(false, "((select count(cID) from PagePermissions pp1 where pp1.cID = {$cInheritPermissionsFromCID} and\n\t\t\t\t((pp1.cgPermissions like 'r%' and cv.cvIsApproved = 1) or (pp1.cgPermissions like '%rv%')) and (\n\t\t\t\t\t(pp1.gID in (" . implode(',', $groupIDs) . ") or pp1.uID = {$uID})\n\t\t\t\t\tand \n\t\t\t\t\t\t(pp1.cgStartDate is null or pp1.cgStartDate <= '{$date}')\n\t\t\t\t\tand \n\t\t\t\t\t\t(pp1.cgEndDate is null or pp1.cgEndDate >= '{$date}')\n\t\t\t\t)) > 0 or (p1.cPointerExternalLink !='' AND p1.cPointerExternalLink IS NOT NULL ))"); } else { $this->filter(false, "(((select count(cID) from PagePermissions pp1 where pp1.cID = {$cInheritPermissionsFromCID} and pp1.cgPermissions like 'r%' and (pp1.gID in (" . implode(',', $groupIDs) . ") or pp1.uID = {$uID}))) > 0 or (p1.cPointerExternalLink !='' AND p1.cPointerExternalLink IS NOT NULL))"); } }
<?php if (is_object($scc)) { ?> <style type="text/css"> <?php print $scc->getValue(); ?> </style> <?php } ?> <?php $v = View::getInstance(); if (Config::get('concrete.user.profiles_enabled') && $u->isRegistered()) { $v->requireAsset('core/account'); $v->addFooterItem('<script type="text/javascript">$(function() { ccm_enableUserProfileMenu(); });</script>'); } $favIconFID = intval(Config::get('concrete.misc.favicon_fid')); $appleIconFID = intval(Config::get('concrete.misc.iphone_home_screen_thumbnail_fid')); $modernIconFID = intval(Config::get('concrete.misc.modern_tile_thumbnail_fid')); $modernIconBGColor = strval(Config::get('concrete.misc.modern_tile_thumbnail_bgcolor')); if ($favIconFID) { $f = File::getByID($favIconFID); ?> <link rel="shortcut icon" href="<?php echo $f->getRelativePath(); ?> " type="image/x-icon" /> <link rel="icon" href="<?php
public function canViewToolbar() { $u = new User(); if (!$u->isRegistered()) { return false; } if ($u->isSuperUser()) { return true; } $dh = Loader::helper('concrete/dashboard'); if ($dh->canRead() || $this->canViewPageVersions() || $this->canPreviewPageAsUser() || $this->canEditPageSpeedSettings() || $this->canEditPageProperties() || $this->canEditPageContents() || $this->canAddSubpage() || $this->canDeletePage() || $this->canApprovePageVersions() || $this->canEditPagePermissions() || $this->canMoveOrCopyPage()) { return true; } else { return false; } }
protected function finishLogin($loginData = array()) { $u = new User(); if ($this->post('uMaintainLogin')) { $u->setUserForeverCookie(); } if (count($this->locales) > 0) { if (Config::get('LANGUAGE_CHOOSE_ON_LOGIN') && $this->post('USER_LOCALE') != '') { $u->setUserDefaultLanguage($this->post('USER_LOCALE')); } } // Verify that the user has filled out all // required items that are required on register // That means users logging in after new user attributes // have been created and required will be prompted here to // finish their profile $this->set('invalidRegistrationFields', false); Loader::model('attribute/categories/user'); $ui = UserInfo::getByID($u->getUserID()); $aks = UserAttributeKey::getRegistrationList(); $unfilledAttributes = array(); foreach ($aks as $uak) { if ($uak->isAttributeKeyRequiredOnRegister()) { $av = $ui->getAttributeValueObject($uak); if (!is_object($av)) { $unfilledAttributes[] = $uak; } } } if ($this->post('completePartialProfile')) { foreach ($unfilledAttributes as $uak) { $e1 = $uak->validateAttributeForm(); if ($e1 == false) { $this->error->add(t('The field "%s" is required', $uak->getAttributeKeyName())); } else { if ($e1 instanceof ValidationErrorHelper) { $this->error->add($e1); } } } if (!$this->error->has()) { // the user has needed to complete a partial profile, and they have done so, // and they have no errors. So we save our profile data against the account. foreach ($unfilledAttributes as $uak) { $uak->saveAttributeForm($ui); $unfilledAttributes = array(); } } } if (count($unfilledAttributes) > 0) { $u->logout(); $this->set('invalidRegistrationFields', true); $this->set('unfilledAttributes', $unfilledAttributes); } $txt = Loader::helper('text'); $rcID = $this->post('rcID'); $nh = Loader::helper('validation/numbers'); //set redirect url if ($nh->integer($rcID)) { $nh = Loader::helper('navigation'); $rc = Page::getByID($rcID); $url = $nh->getLinkToCollection($rc, true); $loginData['redirectURL'] = $url; } elseif (strlen($rcID)) { $rcID = trim($rcID, '/'); $nc2 = Page::getByPath('/' . $rcID); if (is_object($nc2) && !$nc2->isError()) { $loginData['redirectURL'] = BASE_URL . DIR_REL . '/' . DISPATCHER_FILENAME . '/' . $rcID; } } /* //full page login redirect (non-ajax login) if( strlen($loginData['redirectURL']) && $_REQUEST['format']!='JSON' ){ header('Location: ' . $loginData['redirectURL']); exit; } */ $dash = Page::getByPath("/dashboard", "RECENT"); $dbp = new Permissions($dash); Events::fire('on_user_login', $this); //End JSON Login if ($_REQUEST['format'] == 'JSON') { return $loginData; } //should administrator be redirected to dashboard? defaults to yes if not set. $adminToDash = intval(Config::get('LOGIN_ADMIN_TO_DASHBOARD')); //Full page login, standard redirection $u = new User(); // added for the required registration attribute change above. We recalc the user and make sure they're still logged in if ($u->isRegistered()) { if ($u->config('NEWSFLOW_LAST_VIEWED') == 'FIRSTRUN') { $u->saveConfig('NEWSFLOW_LAST_VIEWED', 0); } if ($loginData['redirectURL']) { //make double secretly sure there's no caching going on header("Cache-Control: no-store, no-cache, must-revalidate"); header("Pragma: no-cache"); header('Expires: Fri, 30 Oct 1998 14:19:41 GMT'); //in the past $this->externalRedirect($loginData['redirectURL']); } else { if ($dbp->canRead() && $adminToDash) { $this->redirect('/dashboard'); } else { //options set in dashboard/users/registration $login_redirect_cid = intval(Config::get('LOGIN_REDIRECT_CID')); $login_redirect_mode = Config::get('LOGIN_REDIRECT'); //redirect to user profile if ($login_redirect_mode == 'PROFILE' && ENABLE_USER_PROFILES) { $this->redirect('/profile/', $u->uID); //redirect to custom page } elseif ($login_redirect_mode == 'CUSTOM' && $login_redirect_cid > 0) { $redirectTarget = Page::getByID($login_redirect_cid); if (intval($redirectTarget->cID) > 0) { $this->redirect($redirectTarget->getCollectionPath()); } else { $this->redirect('/'); } //redirect home } else { $this->redirect('/'); } } } } }
<?php defined('C5_EXECUTE') or die("Access Denied."); $u = new User(); if ($u->isRegistered()) { $ui = $u->getUserInfoObject(); ?> <div class="ccm-conversation-avatar"><?php echo $ui->getUserAvatar()->output(); ?> </div> <?php } else { // non-logged-in posting. ?> <div class="form-group"> <label class="control-label" for="cnvMessageAuthorName"><?php echo t('Full Name'); ?> </label> <input type="text" class="form-control" name="cnvMessageAuthorName" /> </div> <div class="form-group"> <label class="control-label" for="cnvMessageAuthorEmail"><?php echo t('Email Address'); ?> </label> <input type="text" class="form-control" name="cnvMessageAuthorEmail" /> </div> <div class="form-group"> <label class="control-label" for="cnvMessageAuthorWebsite"><?php
function action_form_save_vote() { $u = new User(); $db = Loader::db(); $bo = $this->getBlockObject(); $c = $this->getCollectionObject(); if ($this->requiresRegistration()) { if (!$u->isRegistered()) { $this->redirect('/login'); } } if (!$this->hasVoted()) { $duID = 0; if ($u->getUserID() > 0) { $duID = $u->getUserID(); } $v = array($_REQUEST['optionID'], $this->bID, $duID, $_SERVER['REMOTE_ADDR'], $this->cID); $q = "insert into btSurveyResults (optionID, bID, uID, ipAddress, cID) values (?, ?, ?, ?, ?)"; $db->query($q, $v); setcookie("ccmPoll" . $this->bID . '-' . $this->cID, "voted", time() + 1296000, DIR_REL . '/'); $this->redirect($c->getCollectionPath() . '?survey_voted=1'); } }
<?php defined('C5_EXECUTE') or die("Access Denied."); ?> <?php $this->inc('elements/head.php'); $this->inc('elements/header.php'); $u = new User(); if (Config::get('c5hub.fundamental.general.sticky_footer') == true && !$u->isRegistered()) { $stickyFooter = ' c5h-sticky-footer-content'; } ?> <main class="clearfix<?php echo $stickyFooter; ?> "> <div class=""> <?php $a = new Area('Main'); $a->setAreaGridMaximumColumns(12); $a->display($c); ?> </div> <?php $areaCount = $c->getAttribute('area_count'); $areas = 1; while ($areas <= $areaCount) { echo '<div class="c5h-custom-area-' . $areas . '">'; $a = new Area('Main ' . $areas);
function action_submit_form() { $ip = Loader::helper('validation/ip'); Loader::library("file/importer"); if (!$ip->check()) { $this->set('invalidIP', $ip->getErrorMessage()); return; } $txt = Loader::helper('text'); $db = Loader::db(); //question set id $qsID = intval($_POST['qsID']); if ($qsID == 0) { throw new Exception(t("Oops, something is wrong with the form you posted (it doesn't have a question set id).")); } //get all questions for this question set $rows = $db->GetArray("SELECT * FROM {$this->btQuestionsTablename} WHERE questionSetId=? AND bID=? order by position asc, msqID", array($qsID, intval($this->bID))); // check captcha if activated if ($this->displayCaptcha) { $captcha = Loader::helper('validation/captcha'); if (!$captcha->check()) { $errors['captcha'] = t("Incorrect captcha code"); $_REQUEST['ccmCaptchaCode'] = ''; } } //checked required fields foreach ($rows as $row) { if ($row['inputType'] == 'datetime') { if (!isset($datetime)) { $datetime = Loader::helper("form/date_time"); } $translated = $datetime->translate('Question' . $row['msqID']); if ($translated) { $_POST['Question' . $row['msqID']] = $translated; } } if (intval($row['required']) == 1) { $notCompleted = 0; if ($row['inputType'] == 'email') { if (!Loader::helper('validation/strings')->email($_POST['Question' . $row['msqID']])) { $errors['emails'] = t('You must enter a valid email address.'); } } if ($row['inputType'] == 'checkboxlist') { $answerFound = 0; foreach ($_POST as $key => $val) { if (strstr($key, 'Question' . $row['msqID'] . '_') && strlen($val)) { $answerFound = 1; } } if (!$answerFound) { $notCompleted = 1; } } elseif ($row['inputType'] == 'fileupload') { if (!isset($_FILES['Question' . $row['msqID']]) || !is_uploaded_file($_FILES['Question' . $row['msqID']]['tmp_name'])) { $notCompleted = 1; } } elseif (!strlen(trim($_POST['Question' . $row['msqID']]))) { $notCompleted = 1; } if ($notCompleted) { $errors['CompleteRequired'] = t("Complete required fields *"); } } } //try importing the file if everything else went ok $tmpFileIds = array(); if (!count($errors)) { foreach ($rows as $row) { if ($row['inputType'] != 'fileupload') { continue; } $questionName = 'Question' . $row['msqID']; if (!intval($row['required']) && (!isset($_FILES[$questionName]['tmp_name']) || !is_uploaded_file($_FILES[$questionName]['tmp_name']))) { continue; } $fi = new FileImporter(); $resp = $fi->import($_FILES[$questionName]['tmp_name'], $_FILES[$questionName]['name']); if (!$resp instanceof FileVersion) { switch ($resp) { case FileImporter::E_FILE_INVALID_EXTENSION: $errors['fileupload'] = t('Invalid file extension.'); break; case FileImporter::E_FILE_INVALID: $errors['fileupload'] = t('Invalid file.'); break; } } else { $tmpFileIds[intval($row['msqID'])] = $resp->getFileID(); if (intval($this->addFilesToSet)) { Loader::model('file_set'); $fs = new FileSet(); $fs = $fs->getByID($this->addFilesToSet); if ($fs->getFileSetID()) { $fs->addFileToSet($resp); } } } } } if (count($errors)) { $this->set('formResponse', t('Please correct the following errors:')); $this->set('errors', $errors); } else { //no form errors //save main survey record $u = new User(); $uID = 0; if ($u->isRegistered()) { $uID = $u->getUserID(); } $q = "insert into {$this->btAnswerSetTablename} (questionSetId, uID) values (?,?)"; $db->query($q, array($qsID, $uID)); $answerSetID = $db->Insert_ID(); $this->lastAnswerSetId = $answerSetID; $questionAnswerPairs = array(); if (strlen(FORM_BLOCK_SENDER_EMAIL) > 1 && strstr(FORM_BLOCK_SENDER_EMAIL, '@')) { $formFormEmailAddress = FORM_BLOCK_SENDER_EMAIL; } else { $adminUserInfo = UserInfo::getByID(USER_SUPER_ID); $formFormEmailAddress = $adminUserInfo->getUserEmail(); } $replyToEmailAddress = $formFormEmailAddress; //loop through each question and get the answers foreach ($rows as $row) { //save each answer $answerDisplay = ''; if ($row['inputType'] == 'checkboxlist') { $answer = array(); $answerLong = ""; $keys = array_keys($_POST); foreach ($keys as $key) { if (strpos($key, 'Question' . $row['msqID'] . '_') === 0) { $answer[] = $txt->sanitize($_POST[$key]); } } } elseif ($row['inputType'] == 'text') { $answerLong = $txt->sanitize($_POST['Question' . $row['msqID']]); $answer = ''; } elseif ($row['inputType'] == 'fileupload') { $answerLong = ""; $answer = intval($tmpFileIds[intval($row['msqID'])]); if ($answer > 0) { $answerDisplay = File::getByID($answer)->getVersion()->getDownloadURL(); } else { $answerDisplay = t('No file specified'); } } elseif ($row['inputType'] == 'url') { $answerLong = ""; $answer = $txt->sanitize($_POST['Question' . $row['msqID']]); } elseif ($row['inputType'] == 'email') { $answerLong = ""; $answer = $txt->sanitize($_POST['Question' . $row['msqID']]); if (!empty($row['options'])) { $settings = unserialize($row['options']); if (is_array($settings) && array_key_exists('send_notification_from', $settings) && $settings['send_notification_from'] == 1) { $email = $txt->email($answer); if (!empty($email)) { $replyToEmailAddress = $email; } } } } elseif ($row['inputType'] == 'telephone') { $answerLong = ""; $answer = $txt->sanitize($_POST['Question' . $row['msqID']]); } else { $answerLong = ""; $answer = $txt->sanitize($_POST['Question' . $row['msqID']]); } if (is_array($answer)) { $answer = join(',', $answer); } $questionAnswerPairs[$row['msqID']]['question'] = $row['question']; $questionAnswerPairs[$row['msqID']]['answer'] = $txt->sanitize($answer . $answerLong); $questionAnswerPairs[$row['msqID']]['answerDisplay'] = strlen($answerDisplay) ? $answerDisplay : $questionAnswerPairs[$row['msqID']]['answer']; $v = array($row['msqID'], $answerSetID, $answer, $answerLong); $q = "insert into {$this->btAnswersTablename} (msqID,asID,answer,answerLong) values (?,?,?,?)"; $db->query($q, $v); } $foundSpam = false; $submittedData = ''; foreach ($questionAnswerPairs as $questionAnswerPair) { $submittedData .= $questionAnswerPair['question'] . "\r\n" . $questionAnswerPair['answer'] . "\r\n" . "\r\n"; } $antispam = Loader::helper('validation/antispam'); if (!$antispam->check($submittedData, 'form_block')) { // found to be spam. We remove it $foundSpam = true; $q = "delete from {$this->btAnswerSetTablename} where asID = ?"; $v = array($this->lastAnswerSetId); $db->Execute($q, $v); $db->Execute("delete from {$this->btAnswersTablename} where asID = ?", array($this->lastAnswerSetId)); } if (intval($this->notifyMeOnSubmission) > 0 && !$foundSpam) { if (strlen(FORM_BLOCK_SENDER_EMAIL) > 1 && strstr(FORM_BLOCK_SENDER_EMAIL, '@')) { $formFormEmailAddress = FORM_BLOCK_SENDER_EMAIL; } else { $adminUserInfo = UserInfo::getByID(USER_SUPER_ID); $formFormEmailAddress = $adminUserInfo->getUserEmail(); } $mh = Loader::helper('mail'); $mh->to($this->recipientEmail); $mh->from($formFormEmailAddress); $mh->replyto($replyToEmailAddress); $mh->addParameter('formName', $this->surveyName); $mh->addParameter('questionSetId', $this->questionSetId); $mh->addParameter('questionAnswerPairs', $questionAnswerPairs); $mh->load('block_form_submission'); $mh->setSubject(t('%s Form Submission', $this->surveyName)); //echo $mh->body.'<br>'; @$mh->sendMail(); } if (!$this->noSubmitFormRedirect) { if ($this->redirectCID > 0) { $pg = Page::getByID($this->redirectCID); if (is_object($pg) && $pg->cID) { $this->redirect($pg->getCollectionPath()); } } $c = Page::getCurrentPage(); header("Location: " . Loader::helper('navigation')->getLinkToCollection($c, true) . "?surveySuccess=1&qsid=" . $this->questionSetId . "#" . $this->questionSetId); exit; } } }
/** * Returns the User class of the $input parameter. * * The $input parameter can be an user ID, username or e-mail. * Returns FALSE if $input is NULL. */ public function getUser($input, $fetchOptions = array()) { if (!empty($fetchOptions['custom_field'])) { $results = $this->getDatabase()->fetchRow("SELECT `user_id` FROM `xf_user_field_value` WHERE `field_id` = '" . $fetchOptions['custom_field'] . "' AND `field_value` = '{$input}'"); if (!empty($results['user_id'])) { $input = $results['user_id']; } } if ($input == FALSE || $input == NULL) { return FALSE; } else { if (is_numeric($input)) { // $input is a number, grab the user by an ID. $user = new User($this->models, $this->models->getUserModel()->getUserById($input, $fetchOptions)); if (!$user->isRegistered()) { // The user ID was not found, grabbing the user by the username instead. $user = new User($this->models, $this->models->getUserModel()->getUserByName($input, $fetchOptions)); } } else { if ($this->models->getUserModel()->couldBeEmail($input)) { // $input is an e-mail, return the user of the e-mail. $user = new User($this->models, $this->models->getUserModel()->getUserByEmail($input, $fetchOptions)); } else { // $input is an username, return the user of the username. $user = new User($this->models, $this->models->getUserModel()->getUserByName($input, $fetchOptions)); } } } if ($user->isRegistered()) { $this->getModels()->checkModel('user_field', XenForo_Model::create('XenForo_Model_UserField')); $user->data['custom_fields'] = $this->getModels()->getModel('user_field')->getUserFieldValues($user->getID()); } return $user; }
public function supportsPageCache($blocks, $controller = false) { $u = new User(); $allowedControllerActions = array('view'); if (is_object($controller)) { if (!in_array($controller->getTask(), $allowedControllerActions)) { return false; } } if ($this->cCacheFullPageContent == 0) { return false; } if ($u->isRegistered() || $_SERVER['REQUEST_METHOD'] == 'POST') { return false; } // test get variables $allowedGetVars = array('cid'); if (is_array($_GET)) { foreach ($_GET as $key => $value) { if (!in_array(strtolower($key), $allowedGetVars)) { return false; } } } if ($this->cCacheFullPageContent == 1 || FULL_PAGE_CACHE_GLOBAL === 'all') { // this cache page at the page level // this overrides any global settings return true; } if (FULL_PAGE_CACHE_GLOBAL !== 'blocks') { // we are NOT specifically caching this page, and we don't return false; } if ($this->isGeneratedCollection()) { return false; } if (is_array($blocks)) { foreach ($blocks as $b) { $controller = $b->getInstance(); if (!$controller->cacheBlockOutput()) { return false; } } } return true; }
public function edit() { $process = Param::get('process', 'edit'); $user = new User(); switch ($process) { case self::EDIT_ACCOUNT: $user->id = get_authenticated_user_id($_SESSION['userid']); $user->fname = Param::get('firstname'); $user->lname = Param::get('lastname'); $user->new_username = Param::get('username'); $user->new_email = Param::get('email'); try { $user->updateAccount(); $_SESSION['username'] = $user->new_username; $user->editSuccess = true; } catch (ValidationException $e) { } break; case self::EDIT_PROFILE: $user->id = get_authenticated_user_id($_SESSION['userid']); $user->company = Param::get('company'); $user->division = Param::get('division'); $user->specialization = Param::get('specialization'); try { $user->updateProfile(); $user->editSuccess = true; } catch (ValidationException $e) { } break; case self::EDIT_PASSWORD: $user->id = get_authenticated_user_id($_SESSION['userid']); //set username and old password to password //property to authenticate user $user->username = $_SESSION['username']; $user->password = htmlentities(Param::get('oldPassword')); if (!$user->isRegistered()) { $user->validation_errors['notAuthorized']['authenticate'] = true; break; } //Unset username so it won't be included in validation unset($user->username); $user->password = htmlentities(Param::get('password')); $user->confirmpassword = htmlentities(Param::get('confirmPassword')); try { $user->updatePassword(); $user->editSuccess = true; } catch (ValidationException $e) { } break; case self::EDIT_PICTURE: $user = new User(); $target_directory = "bootstrap/img/users/" . $_SESSION['username']; try { if (file_exists($file_tmp = $_FILES['picture']['tmp_name'])) { $finfo = new finfo(FILEINFO_MIME_TYPE); if (false === ($file_extension = array_search($finfo->file($_FILES['picture']['tmp_name']), $this->mime_types, true))) { throw new PictureFormatException("Invalid file format."); } $user_profile = glob("bootstrap/img/users/" . $_SESSION['username'] . ".*"); if ($user_profile) { foreach ($user_profile as $picture) { exec("rm {$picture}"); } } if (!move_uploaded_file($_FILES['picture']['tmp_name'], $target_directory . "." . $file_extension)) { throw new FileNotFound("File not found."); } } else { throw new FileNotFound('File not found.'); } $user->editSuccess = true; } catch (FileNotFound $e) { $_SESSION['upload_error'] = true; } catch (PictureFormatException $e) { $_SESSION['upload_error'] = true; } break; case self::EDIT_PAGE: $user->id = $_SESSION['userid']; break; } $user->getProfile(); $this->set(get_defined_vars()); }
/** * Adds a generic attribute record (with this type) to the AttributeValues table */ public function addAttributeValue() { $db = Loader::db(); $u = new User(); $dh = Loader::helper('date'); $uID = $u->isRegistered() ? $u->getUserID() : 0; $avDate = $dh->getLocalDateTime(); $v = array($this->atID, $this->akID, $uID, $avDate); $db->Execute('insert into AttributeValues (atID, akID, uID, avDateAdded) values (?, ?, ?, ?)', $v); $avID = $db->Insert_ID(); return AttributeValue::getByID($avID); }
protected function setupFilePermissions() { $u = new User(); if ($this->permissionLevel == false || $u->isSuperUser()) { return false; } $vs = FileSetPermissions::getOverriddenSets($this->permissionLevel, FilePermissions::PTYPE_ALL); $nvs = FileSetPermissions::getOverriddenSets($this->permissionLevel, FilePermissions::PTYPE_NONE); $vsm = FileSetPermissions::getOverriddenSets($this->permissionLevel, FilePermissions::PTYPE_MINE); // we remove all the items from nonviewableSets that appear in viewableSets because viewing trumps non-viewing for ($i = 0; $i < count($nvs); $i++) { if (in_array($nvs[$i], $vs)) { unset($nvs[$i]); } } // we have $nvs, which is an array of sets of files that we CANNOT see // first, we add -1 so that we are always dealing with an array that at least has one value, just for // query writing sanity sake $nvs[] = -1; $vs[] = -1; $vsm[] = -1; //$this->debug(); // this excludes all file that are found in sets that I can't find $this->filter(false, '((select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $nvs) . ')) = 0)'); $uID = $u->isRegistered() ? $u->getUserID() : 0; // This excludes all files found in sets where I may only read mine, and I did not upload the file $this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $vsm) . ')) = 0)'); $fp = FilePermissions::getGlobal(); if ($fp->getFileSearchLevel() == FilePermissions::PTYPE_MINE) { // this means that we're only allowed to read files we've uploaded (unless, of course, those files are in previously covered sets) $this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $vs) . ')) > 0)'); } // now we filter out files we directly don't have access to $groups = $u->getUserGroups(); $groupIDs = array(); foreach ($groups as $key => $value) { $groupIDs[] = $key; } $uID = -1; if ($u->isRegistered()) { $uID = $u->getUserID(); } if (PERMISSIONS_MODEL != 'simple') { // There is a really stupid MySQL bug that, if the subquery returns null, the entire query is nullified // So I have to do this query OUTSIDE of MySQL and give it to mysql $db = Loader::db(); $fIDs = $db->GetCol("select Files.fID from Files inner join FilePermissions on FilePermissions.fID = Files.fID where fOverrideSetPermissions = 1 and (FilePermissions.gID in (" . implode(',', $groupIDs) . ") or FilePermissions.uID = {$uID}) having max(" . $this->permissionLevel . ") = 0"); if (count($fIDs) > 0) { $this->filter(false, "(f.fID not in (" . implode(',', $fIDs) . "))"); } } }
<?php defined('C5_EXECUTE') or die("Access Denied."); $u = new User(); $scrapbookHelper = Loader::helper('concrete/scrapbook'); if (!$u->isRegistered()) { die(t("Access Denied.")); } Loader::model('pile'); $p = false; $scrapbookName = $_REQUEST['scrapbookName']; if ($scrapbookName) { $scrapbookHelper->setDefault($scrapbookName); } $c = Page::getByID($_REQUEST['cID']); // add a block to a pile $cp = new Permissions($c); if (!$cp->canViewPage()) { exit; } if (($_REQUEST['btask'] == 'add' || $_REQUEST['ctask'] == 'add') && $scrapbookName) { if ($_REQUEST['btask'] == 'add') { $a = Area::get($c, $_REQUEST['arHandle']); if ($a->isGlobalArea()) { $ax = STACKS_AREA_NAME; $cx = Stack::getByName($_REQUEST['arHandle']); } $b = Block::getByID($_REQUEST['bID'], $cx, $ax); if ($b->getBlockTypeHandle() == BLOCK_HANDLE_SCRAPBOOK_PROXY) { $bi = $b->getInstance(); $b = Block::getByID($bi->getOriginalBlockID());
public function canAccess() { $u = new \User(); return $u->isRegistered(); }
function action_form_save_vote() { $u = new User(); $db = Loader::db(); $bo = $this->getBlockObject(); if ($this->post('rcID')) { // we pass the rcID through the form so we can deal with stacks $c = Page::getByID($this->post('rcID')); } else { $c = $this->getCollectionObject(); } if ($this->requiresRegistration()) { if (!$u->isRegistered()) { $this->redirect('/login'); } } if (!$this->hasVoted()) { $antispam = Loader::helper('validation/antispam'); if ($antispam->check('', 'survey_block')) { // we do a blank check which will still check IP and UserAgent's $duID = 0; if ($u->getUserID() > 0) { $duID = $u->getUserID(); } $v = array($_REQUEST['optionID'], $this->bID, $duID, $_SERVER['REMOTE_ADDR'], $this->cID); $q = "insert into btSurveyResults (optionID, bID, uID, ipAddress, cID) values (?, ?, ?, ?, ?)"; $db->query($q, $v); setcookie("ccmPoll" . $this->bID . '-' . $this->cID, "voted", time() + 1296000, DIR_REL . '/'); $this->redirect($c->getCollectionPath() . '?survey_voted=1'); } } }