function show()
{
if (!main()->ADMIN_ID) {
return _403();
}
$body = '' . '<div class="col-md-4">' . '<h3>' . t('Настройки безопасности') . '</h3>' . $this->_security_settings() . '</div>';
return '<div class="container-block row" style="margin-top:20px;">' . $body . '</div>';
}
/**
*/
function preview($extra = [])
{
conf('ROBOTS_NO_INDEX', true);
no_graphics(true);
if (main()->USER_ID != 1) {
return print _403('You should be logged as user 1');
}
// Example of url: /dynamic/preview/static_pages/29/
$object = preg_replace('~[^a-z0-9_]+~ims', '', $_GET['id']);
$id = preg_replace('~[^a-z0-9_]+~ims', '', $_GET['page']);
if (!strlen($object)) {
return print _403('Object is required');
}
$ref = $_SERVER['HTTP_REFERER'];
$body = '';
if (is_post() && isset($_POST['text'])) {
$u_ref = parse_url($ref);
$u_self = parse_url(WEB_PATH);
$u_adm = parse_url(ADMIN_WEB_PATH);
if ($u_ref['host'] && $u_ref['host'] == $u_self['host'] && $u_ref['host'] == $u_adm['host'] && $u_ref['path'] == $u_adm['path']) {
$body = $_POST['text'];
} else {
return print _403('Preview security check not passed');
}
}
if (!$body) {
$q = from($object)->whereid($id);
if ($object == 'static_pages') {
$body = $q->one('text');
} elseif ($object == 'tips') {
$body = $q->one('text');
} elseif ($object == 'faq') {
$body = $q->one('text');
} elseif ($object == 'news') {
$body = $q->one('full_text');
}
}
$body = '<div class="container">' . $body . '</div>';
return print common()->show_empty_page($body);
}
/**
* Dispatch request
*/
public function index()
{
if (!access('admin')) {
return _403();
}
new Admin_Menu();
$args = $this->router->getArgs();
$rev_args = array_reverse($args);
$class = array();
while ($piece = array_pop($rev_args)) {
$class[] = $piece;
$gear = implode('_', $class);
if ($this->gears->{$gear}) {
$callback = array($this->gears->{$gear}, 'admin');
if (is_callable($callback)) {
event('admin.gear.request', $this->gears->{$gear});
Template::setGlobal('title', $gear);
$this->router->exec($callback, $rev_args);
break;
}
}
}
}
function page_access($rule) {
$cogear = getInstance();
if (access($rule)) {
return TRUE;
} else {
return _403();
}
}
/**
* Edit action
*
* @param string $login
*/
public function edit_action($id = NULL)
{
$id or $id = $this->user->id;
$user = new User_Object();
$this->db->where('id', $id);
if (!$user->find()) {
return _404();
}
if (!access('user edit_all') && $this->id != $user->id) {
return _403();
}
$this->renderUserInfo($user);
$user = new User_Object();
$user->where('id', $id);
$user->find();
$form = new Form('User.profile');
$user->password = '';
$form->object($user->object());
if ($form->elements->avatar->is_ajaxed && Ajax::get('action') == 'replace') {
$user->avatar = '';
$user->update();
}
if ($result = $form->result()) {
if ($user->login != $result['login']) {
$redirect = Url::gear('user') . $result['login'];
}
if ($result->delete && access('users delete_all')) {
$user->delete();
flash_success(t('User <b>%s</b> was deleted!'));
redirect(Url::link('/users'));
}
$user->merge($result);
if ($result->password) {
$user->hashPassword();
} else {
unset($user->password);
}
if ($user->update()) {
d('User edit');
flash_success(t('User data saved!'), t('Success'));
d();
if ($user->id == $this->id) {
$this->store($user->object()->toArray());
}
redirect(Url::gear('user') . $user->login);
}
}
append('content', $form->render());
}
<?php
$ts = microtime(true);
$config = (require __DIR__ . '/config.php');
require_once __DIR__ . '/lib.php';
$payload = get_payload();
$access_log = date('Y-m-d H:i:s') . PHP_EOL . 'GET: ' . print_r($_GET, 1) . PHP_EOL . 'POST: ' . print_r($_POST, 1) . PHP_EOL . 'SERVER: ' . print_r($_SERVER, 1) . PHP_EOL . 'PAYLOAD: ' . print_r($payload, 1) . PHP_EOL;
_log($access_log, __DIR__ . '/log/access.log');
!$payload && exit(_404());
$provider = get_git_provider();
!$provider && exit(_404());
$app_conf = get_app_conf($config);
!$app_conf && exit(_403());
$path = rtrim($app_conf['path'], '/') . '/';
if ($provider === 'github') {
// Github API v3
// https://developer.github.com/v3/activity/events/types/#pushevent
//
// you should put deploy keys inside /var/www/.ssh/id_rsa
// also verify if user www-data has access to private repo:
// sudo -u www-data ssh -T git@github.com
//
$event = strtolower($_SERVER['HTTP_X_GITHUB_EVENT']);
if (in_array($event, array('create', 'push'))) {
$clone_url = $payload['repository'][$app_conf['is_private'] ? 'ssh_url' : 'clone_url'];
$ref = $payload['ref'];
$git_hash = $payload['head_commit']['id'];
if ($clone_url && $ref) {
$ok = deploy_git($ref, $path, $clone_url, $app_conf);
}
!$ok && _503();
/**
* Show pages
*
* @param string $type
*/
public function index($action = '', $subaction = NULL)
{
new Menu_Tabs('pages', Url::gear('pages'));
switch ($action) {
case 'create':
if (!page_access('pages create')) {
return;
}
$form = new Form('Pages.createdit');
if ($result = $form->result()) {
$page = new Pages_Object();
$page->object($result);
$page->aid = cogear()->user->id;
$page->created_date = time();
$page->last_update = time();
$page->save();
flash_success(t('New page has been successfully added!', 'Pages'));
redirect($page->getUrl());
}
append('content', $form->render());
break;
case 'show':
$this->showPage($subaction);
break;
case 'edit':
$page = new Pages_Object();
$page->where('id', intval($subaction));
if ($page->find()) {
if (access('pages edit_all') or $cogear->user->id == $page->aid) {
$form = new Form('Pages.createdit');
$form->init();
if (access('pages delete')) {
$form->addElement('delete', array('label' => t('Delete'), 'type' => 'submit'));
}
$form->setValues($page->object());
if ($result = $form->result()) {
if ($result->delete) {
$page->delete();
redirect(Url::gear('pages'));
}
$page->object()->mix($result);
$page->last_update = time();
$page->update();
$link = $page->getUrl();
success(t('Page has been update. You can visit it by link <a href="%s">%s</a>', 'Pages', $link, $link));
//redirect($page->getUrl());
}
$form->elements->submit->setValue(t('Update'));
append('content', $form->render());
} else {
return _403();
}
} else {
return _404();
}
break;
default:
$this->showPages($action);
}
}
