public function make()
{
csrf::getInstance()->buildToken();
$params = array();
if (system::getInstance()->post('submit') && csrf::getInstance()->check()) {
if (admin::getInstance()->saveExtensionConfigs()) {
$params['notify']['save_success'] = true;
}
}
$params['extension']['title'] = admin::getInstance()->viewCurrentExtensionTitle();
$params['config']['captcha_type'] = extension::getInstance()->getConfig('captcha_type', 'captcha', extension::TYPE_HOOK, 'str');
$params['config']['captcha_publickey'] = extension::getInstance()->getConfig('captcha_publickey', 'captcha', extension::TYPE_HOOK, 'str');
$params['config']['captcha_privatekey'] = extension::getInstance()->getConfig('captcha_privatekey', 'captcha', extension::TYPE_HOOK, 'str');
return template::getInstance()->twigRender('hooks/captcha/settings.tpl', $params);
}
private function viewMenuAdd()
{
csrf::getInstance()->buildToken();
$params = array();
$params['extension']['title'] = admin::getInstance()->viewCurrentExtensionTitle();
$params['modmenu'] = array('menu_array' => $this->listAvailableTemplates());
if (system::getInstance()->post('submit') && csrf::getInstance()->check()) {
$menu_tag = system::getInstance()->nohtml(system::getInstance()->post('menu_tag'));
$menu_tpl = system::getInstance()->post('menu_tpl');
$menu_name = system::getInstance()->nohtml(system::getInstance()->post('menu_name'));
$menu_display = system::getInstance()->post('menu_display') == "on" ? 1 : 0;
if (system::getInstance()->length($menu_tag) < 1 || !system::getInstance()->isLatinOrNumeric($menu_tag) || $this->tagIsUsed($menu_tag)) {
$params['notify']['tag_wrong'] = true;
}
if (system::getInstance()->length($menu_tpl) < 1 || preg_match('/[^A-Za-z0-9_.]/s', $menu_tpl) || !in_array($menu_tpl, $this->listAvailableTemplates())) {
$params['notify']['tpl_wrong'] = true;
}
if (system::getInstance()->length($menu_name[language::getInstance()->getUseLanguage()]) < 1) {
$params['notify']['name_wrong'] = true;
}
if (sizeof($params['notify']) < 1) {
$menu_serial_name = serialize($menu_name);
$stmt = database::getInstance()->con()->prepare("INSERT INTO " . property::getInstance()->get('db_prefix') . "_mod_menu_header (`menu_name`, `menu_tag`, `menu_tpl`, `menu_display`) VALUES(?, ?, ?, ?)");
$stmt->bindParam(1, $menu_serial_name, \PDO::PARAM_STR);
$stmt->bindParam(2, $menu_tag, \PDO::PARAM_STR);
$stmt->bindParam(3, $menu_tpl, \PDO::PARAM_STR);
$stmt->bindParam(4, $menu_display, \PDO::PARAM_INT);
$stmt->execute();
$stmt = null;
system::getInstance()->redirect("?object=modules&action=menu");
}
}
return template::getInstance()->twigRender('modules/menu/add.tpl', $params);
}
private function viewCommentList()
{
csrf::getInstance()->buildToken();
$params = array();
if (system::getInstance()->post('deleteSelected') && csrf::getInstance()->check()) {
$toDelete = system::getInstance()->post('check_array');
if (is_array($toDelete) && sizeof($toDelete) > 0) {
$listDelete = system::getInstance()->altimplode(',', $toDelete);
if (system::getInstance()->isIntList($listDelete)) {
database::getInstance()->con()->query("DELETE FROM " . property::getInstance()->get('db_prefix') . "_mod_comments WHERE id IN (" . $listDelete . ")");
}
}
}
$params['extension']['title'] = admin::getInstance()->viewCurrentExtensionTitle();
$filter = (int) system::getInstance()->get('filter');
$index = (int) system::getInstance()->get('index');
$db_index = $index * self::ITEM_PER_PAGE;
$stmt = null;
if ($filter == self::FILTER_MODERATE) {
$stmt = database::getInstance()->con()->prepare("SELECT * FROM " . property::getInstance()->get('db_prefix') . "_mod_comments WHERE moderate = 1 ORDER BY id DESC LIMIT ?," . self::ITEM_PER_PAGE);
$stmt->bindParam(1, $db_index, PDO::PARAM_INT);
$stmt->execute();
} else {
$stmt = database::getInstance()->con()->prepare("SELECT * FROM " . property::getInstance()->get('db_prefix') . "_mod_comments ORDER BY id DESC LIMIT ?," . self::ITEM_PER_PAGE);
$stmt->bindParam(1, $db_index, PDO::PARAM_INT);
$stmt->execute();
}
$resultFetch = $stmt->fetchAll(PDO::FETCH_ASSOC);
$authors_ids = system::getInstance()->extractFromMultyArray('author', $resultFetch);
if (sizeof($authors_ids) > 1) {
// 2 or more
user::getInstance()->listload(system::getInstance()->extractFromMultyArray('author', $resultFetch));
}
foreach ($resultFetch as $row) {
$params['comments']['list'][] = array('id' => $row['id'], 'user_id' => $row['author'], 'user_name' => user::getInstance()->get('nick', $row['author']), 'comment' => extension::getInstance()->call(extension::TYPE_HOOK, 'bbtohtml')->nobbcode($row['comment']), 'guest_name' => system::getInstance()->nohtml($row['guest_name']), 'moderate' => $row['moderate'], 'date' => system::getInstance()->toDate($row['time'], 'h'), 'uri' => $row['pathway']);
}
$params['pagination'] = template::getInstance()->showFastPagination($index, self::ITEM_PER_PAGE, $this->getTotalCommentCount($filter), '?object=modules&action=comments&filter=' . $filter . '&index=');
return template::getInstance()->twigRender('modules/comments/list.tpl', $params);
}
private function viewVideoList()
{
csrf::getInstance()->buildToken();
$params = array();
if (system::getInstance()->post('deleteSelected') && csrf::getInstance()->check()) {
if (permission::getInstance()->have('global/owner') || permission::getInstance()->have('admin/components/video/delete')) {
$toDelete = system::getInstance()->post('check_array');
if (is_array($toDelete) && sizeof($toDelete) > 0) {
foreach ($toDelete as $video_single_id) {
// remove posible poster files and gallery images
if (file_exists(root . '/upload/video/poster_' . $video_single_id . '.jpg')) {
@unlink(root . '/upload/video/poster_' . $video_single_id . '.jpg');
}
if (file_exists(root . '/upload/video/gallery/' . $video_single_id . '/')) {
system::getInstance()->removeDirectory(root . '/upload/video/gallery/' . $video_single_id . '/');
}
}
$listDelete = system::getInstance()->altimplode(',', $toDelete);
if (system::getInstance()->isIntList($listDelete)) {
database::getInstance()->con()->query("DELETE FROM " . property::getInstance()->get('db_prefix') . "_com_video_entery WHERE id IN (" . $listDelete . ")");
// drop tags
database::getInstance()->con()->prepare("DELETE FROM " . property::getInstance()->get('db_prefix') . "_mod_tags WHERE object_type = 'video' AND object_id IN (" . $listDelete . ")");
}
}
}
}
$params['extension']['title'] = admin::getInstance()->viewCurrentExtensionTitle();
$params['search']['value'] = system::getInstance()->nohtml(system::getInstance()->get('search'));
$index_start = (int) system::getInstance()->get('index');
$db_index = $index_start * self::ITEM_PER_PAGE;
$stmt = null;
$filter = (int) system::getInstance()->get('filter');
if ($filter === self::FILTER_MODERATE) {
// 1
$stmt = database::getInstance()->con()->prepare("SELECT a.id,a.title,a.category,a.link,a.date,b.category_id,a.important,a.display,b.path FROM " . property::getInstance()->get('db_prefix') . "_com_video_entery a, " . property::getInstance()->get('db_prefix') . "_com_video_category b WHERE a.category = b.category_id AND a.display = 0 ORDER BY a.id DESC LIMIT ?," . self::ITEM_PER_PAGE);
$stmt->bindParam(1, $db_index, PDO::PARAM_INT);
$stmt->execute();
} elseif ($filter === self::FILTER_IMPORTANT) {
// 2
$stmt = database::getInstance()->con()->prepare("SELECT a.id,a.title,a.category,a.link,a.date,a.important,a.display,b.category_id,b.path FROM " . property::getInstance()->get('db_prefix') . "_com_video_entery a, " . property::getInstance()->get('db_prefix') . "_com_video_category b WHERE a.category = b.category_id AND a.important = 1 ORDER BY a.id DESC LIMIT ?," . self::ITEM_PER_PAGE);
$stmt->bindParam(1, $db_index, PDO::PARAM_INT);
$stmt->execute();
} elseif ($filter === self::FILTER_SEARCH) {
// 3
$search_string = "%" . $params['search']['value'] . "%";
$stmt = database::getInstance()->con()->prepare("SELECT a.id,a.title,a.category,a.link,a.date,a.important,a.display,b.category_id,b.path FROM " . property::getInstance()->get('db_prefix') . "_com_video_entery a, " . property::getInstance()->get('db_prefix') . "_com_video_category b WHERE a.category = b.category_id AND (a.title like ? OR a.text like ?) ORDER BY a.id DESC LIMIT 0," . self::SEARCH_PER_PAGE);
$stmt->bindParam(1, $search_string, PDO::PARAM_STR);
$stmt->bindParam(2, $search_string, PDO::PARAM_STR);
$stmt->execute();
} else {
// 0 || > 3
$stmt = database::getInstance()->con()->prepare("SELECT a.id,a.title,a.category,a.link,a.date,b.category_id,a.important,a.display,b.path FROM " . property::getInstance()->get('db_prefix') . "_com_video_entery a, " . property::getInstance()->get('db_prefix') . "_com_video_category b WHERE a.category = b.category_id ORDER BY a.important DESC, a.id DESC LIMIT ?," . self::ITEM_PER_PAGE);
$stmt->bindParam(1, $db_index, PDO::PARAM_INT);
$stmt->execute();
$filter = 0;
}
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt = null;
foreach ($result as $data) {
$title = unserialize($data['title']);
$link = $data['path'];
if ($link != null) {
$link .= "/";
}
$link .= $data['link'];
$params['video'][] = array('id' => $data['id'], 'title' => $title[language::getInstance()->getUseLanguage()], 'link' => $link, 'date' => system::getInstance()->toDate($data['date'], 'h'), 'important' => (int) $data['important'], 'moderate' => !(bool) $data['display']);
}
$params['pagination'] = template::getInstance()->showFastPagination($index_start, self::ITEM_PER_PAGE, $this->getTotalVideoCount($filter), '?object=components&action=video&filter=' . $filter . '&index=');
return template::getInstance()->twigRender('components/video/list.tpl', $params);
}
private function viewStaticList()
{
csrf::getInstance()->buildToken();
$params = array();
if (system::getInstance()->post('deleteSelected') && csrf::getInstance()->check()) {
if (permission::getInstance()->have('global/owner') || permission::getInstance()->have('admin/components/static/delete')) {
$toDelete = system::getInstance()->post('check_array');
if (is_array($toDelete) && sizeof($toDelete) > 0) {
$listDelete = system::getInstance()->altimplode(',', $toDelete);
if (system::getInstance()->isIntList($listDelete)) {
database::getInstance()->con()->query("DELETE FROM " . property::getInstance()->get('db_prefix') . "_com_static WHERE id IN (" . $listDelete . ")");
}
}
}
}
$params['extension']['title'] = admin::getInstance()->viewCurrentExtensionTitle();
$index_start = (int) system::getInstance()->get('index');
$db_index = $index_start * self::ITEM_PER_PAGE;
if (system::getInstance()->post('dosearch') && strlen(system::getInstance()->post('search')) > 0) {
$params['search']['value'] = system::getInstance()->nohtml(system::getInstance()->post('search'));
$search_string = "%" . system::getInstance()->nohtml(system::getInstance()->post('search')) . "%";
$stmt = database::getInstance()->con()->prepare("SELECT * FROM " . property::getInstance()->get('db_prefix') . "_com_static WHERE title like ? OR text like ? ORDER BY id DESC LIMIT 0," . self::SEARCH_PER_PAGE);
$stmt->bindParam(1, $search_string, PDO::PARAM_STR);
$stmt->bindParam(2, $search_string, PDO::PARAM_STR);
$stmt->execute();
} else {
$stmt = database::getInstance()->con()->prepare("SELECT * FROM " . property::getInstance()->get('db_prefix') . "_com_static ORDER BY id DESC LIMIT ?," . self::ITEM_PER_PAGE);
$stmt->bindParam(1, $db_index, PDO::PARAM_INT);
$stmt->execute();
}
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($result as $data) {
$title_locale = unserialize($data['title']);
$params['static'][] = array('id' => $data['id'], 'title' => $title_locale[language::getInstance()->getUseLanguage()], 'path' => $data['pathway'], 'date' => system::getInstance()->toDate($data['date'], 'h'));
}
$params['pagination'] = template::getInstance()->showFastPagination($index_start, self::ITEM_PER_PAGE, $this->getTotalStaticCount(), '?object=components&action=static&index=');
return template::getInstance()->twigRender('components/static/list.tpl', $params);
}
private function viewStreamSettings()
{
csrf::getInstance()->buildToken();
$params = array();
$params['extension']['title'] = admin::getInstance()->viewCurrentExtensionTitle();
if (system::getInstance()->post('submit')) {
if (admin::getInstance()->saveExtensionConfigs() && csrf::getInstance()->check()) {
$params['notify']['save_success'] = true;
}
}
$params['config']['count_stream_page'] = extension::getInstance()->getConfig('count_stream_page', 'stream', extension::TYPE_COMPONENT, 'int');
return template::getInstance()->twigRender('components/stream/settings.tpl', $params);
}
private function viewUserDelete()
{
csrf::getInstance()->buildToken();
$params = array();
$params['extension']['title'] = admin::getInstance()->viewCurrentExtensionTitle();
$userid = system::getInstance()->get('id');
if (!user::getInstance()->exists($userid) || permission::getInstance()->have('global/owner', $userid)) {
system::getInstance()->redirect("?object=components&action=user");
}
if (system::getInstance()->post('deleteuser') && csrf::getInstance()->check()) {
$stmt = database::getInstance()->con()->prepare("DELETE generaldata,customdata FROM " . property::getInstance()->get('db_prefix') . "_user as generaldata\n LEFT OUTER JOIN " . property::getInstance()->get('db_prefix') . "_user_custom as customdata\n ON generaldata.id = customdata.id WHERE generaldata.id = ?");
$stmt->bindParam(1, $userid, PDO::PARAM_INT);
$stmt->execute();
// TODO: friendlist cleanup -> field friend_list, friend_request in user table
system::getInstance()->redirect("?object=components&action=user");
}
$params['udata'] = array('login' => user::getInstance()->get('login', $userid), 'email' => user::getInstance()->get('email', $userid), 'id' => $userid);
return template::getInstance()->twigRender('components/user/delete.tpl', $params);
}
private function viewUserSettings($target, $viewer)
{
csrf::getInstance()->buildToken();
if ($target != $viewer) {
return null;
}
$params = array();
$params['ufields']['data'] = $this->getUfieldData($target);
if (system::getInstance()->post('saveprofile') && csrf::getInstance()->check()) {
$params['form']['submit'] = true;
$birthday_array = system::getInstance()->post('bitrhday');
// Y-m-d
$birthday_string = "0000-00-00";
$nick = system::getInstance()->nohtml(system::getInstance()->post('nickname'));
$phone = system::getInstance()->post('phone');
$sex = system::getInstance()->post('sex');
$webpage = system::getInstance()->nohtml(system::getInstance()->post('website'));
// [old, new, repeat_new]
$password_array = array(system::getInstance()->post('oldpwd'), system::getInstance()->post('newpwd'), system::getInstance()->post('renewpwd'));
$password = user::getInstance()->get('pass');
// analyse input data
if ($birthday_array['year'] >= date('Y') - 125 && $birthday_array['year'] <= date('Y') && checkdate($birthday_array['month'], $birthday_array['day'], $birthday_array['year'])) {
$birthday_string = $birthday_array['year'] . "-" . $birthday_array['month'] . "-" . $birthday_array['day'];
}
if (strlen($nick) < 1) {
$nick = user::getInstance()->get('nick');
}
if (!system::getInstance()->validPhone($phone) && system::getInstance()->length($phone) > 0) {
$phone = user::getInstance()->get('phone');
}
if (!system::getInstance()->isInt($sex) || $sex < 0 || $sex > 2) {
$sex = user::getInstance()->get('sex');
}
if (!filter_var($webpage, FILTER_VALIDATE_URL) && system::getInstance()->length($webpage) > 0) {
$webpage = user::getInstance()->get('webpage');
}
// if new password is setted - validate
if (system::getInstance()->validPasswordLength($password_array) && system::getInstance()->doublemd5($password_array[0]) === $password && $password_array[1] === $password_array[2] && $password_array[0] != $password_array[1]) {
$password = system::getInstance()->doublemd5($password_array[1]);
$params['form']['pass_changed'] = true;
// save logs
$log_params = array('ip' => system::getInstance()->getRealIp());
user::getInstance()->putLog($target, 'profile.changepass', $log_params, 'Change profile password');
}
// prepare custom ufields data
$ufield_save = unserialize(user::getInstance()->get('ufields', $target));
// default data
foreach ($params['ufields']['data'] as $allow_ufield) {
if ($allow_ufield['type'] == 'text') {
$post_ufield = system::getInstance()->nohtml(system::getInstance()->post('ufield_' . $allow_ufield['id']));
if (system::getInstance()->length($post_ufield) > 0) {
// check preg_match rules
$checked = null;
if ($allow_ufield['reg_cond'] == '1') {
// direct: if(preg_match(cond)). can be ternar shortly, but hardest for understand
$checked = preg_match($allow_ufield['reg_exp'], $post_ufield);
} else {
// exclude: if(!preg_match(cond))
$checked = !preg_match($allow_ufield['reg_exp'], $post_ufield);
}
if ($checked) {
$ufield_save[$allow_ufield['id']] = array('type' => 'text', 'data' => $post_ufield);
}
} else {
// user remove data
$ufield_save[$allow_ufield['id']] = null;
// override data
}
} elseif ($allow_ufield['type'] == 'img') {
$post_ufield = $_FILES['ufield_' . $allow_ufield['id']];
if ($post_ufield != null && $post_ufield['size'] > 0 && $post_ufield['error'] == 0) {
// sounds like isset file
$object = extension::getInstance()->call(extension::TYPE_HOOK, 'file');
if (is_object($object)) {
$upload_dir = '/user/ufield/' . $allow_ufield['id'] . '/';
$upload_name = $object->uploadResizedImage($upload_dir, $post_ufield, $allow_ufield['img_dx'], $allow_ufield['img_dy']);
if ($upload_name != null) {
$ufield_save[$allow_ufield['id']] = array('type' => 'img', 'data' => $upload_dir . $upload_name);
}
}
}
} elseif ($allow_ufield['type'] == 'link') {
$post_ufield = system::getInstance()->nohtml(system::getInstance()->post('ufield_' . $allow_ufield['id']));
if (system::getInstance()->length($post_ufield) > 0) {
// validate url via domain
$parse_url = parse_url($post_ufield);
if ($parse_url['host'] != null && $parse_url['host'] == $allow_ufield['domain']) {
$ufield_save[$allow_ufield['id']] = array('type' => 'link', 'data' => $post_ufield);
}
} else {
// user remove data
$ufield_save[$allow_ufield['id']] = null;
// override data
}
}
}
$ufield_save = serialize($ufield_save);
$stmt = database::getInstance()->con()->prepare("UPDATE " . property::getInstance()->get('db_prefix') . "_user a\n INNER JOIN " . property::getInstance()->get('db_prefix') . "_user_custom b USING(id)\n SET a.nick = ?, a.pass = ?, b.birthday = ?, b.sex = ?, b.phone = ?, b.webpage = ?, b.ufields = ? WHERE a.id = ?");
$stmt->bindParam(1, $nick, \PDO::PARAM_STR);
$stmt->bindParam(2, $password, \PDO::PARAM_STR, 32);
$stmt->bindParam(3, $birthday_string, \PDO::PARAM_STR);
$stmt->bindParam(4, $sex, \PDO::PARAM_INT);
$stmt->bindParam(5, $phone, \PDO::PARAM_STR);
$stmt->bindParam(6, $webpage, PDO::PARAM_STR);
$stmt->bindParam(7, $ufield_save, \PDO::PARAM_STR);
$stmt->bindParam(8, $target, \PDO::PARAM_INT);
$stmt->execute();
user::getInstance()->overload($target);
$params['ufields']['data'] = $this->getUfieldData($target);
// refresh data
}
list($birth_year, $birth_month, $birth_day) = explode("-", user::getInstance()->get('birthday'));
$params['settings'] = array('current_year' => date('Y'), 'user_birth_year' => $birth_year, 'user_birth_month' => $birth_month, 'user_birth_day' => $birth_day, 'user_name' => user::getInstance()->get('nick', $target), 'user_sex' => user::getInstance()->get('sex', $target), 'user_phone' => user::getInstance()->get('phone', $target), 'user_website' => user::getInstance()->get('webpage', $target));
return $this->viewUserProfileHeader($target, $viewer, $params);
}
