/** * @return bool|void */ public function autoLogin() { $Register = Register::getInstance(); $FpsDB = $Register['DB']; // Если не установлены cookie, содержащие логин и пароль if (!isset($_COOKIE['userid']) or !isset($_COOKIE['password'])) { $path = '/'; if (isset($_COOKIE['userid'])) { setcookie('userid', '', time() - 1, $path); } if (isset($_COOKIE['password'])) { setcookie('password', '', time() - 1, $path); } if (isset($_COOKIE['autologin'])) { setcookie('autologin', '', time() - 1, $path); } return false; } // Проверяем переменные cookie на недопустимые символы $user_id = intval($_COOKIE['userid']); if ($user_id < 1) { return false; } // Т.к. пароль зашифрован с помощью md5, то он представляет собой // 32-значное шестнадцатеричное число $password = substr($_COOKIE['password'], 0, 32); $password = preg_replace("#[^0-9a-f]#i", '', $password); $res = $FpsDB->select('users', DB_FIRST, array('cond' => array('id' => $user_id, 'passw' => $password), 'fields' => array('*', 'UNIX_TIMESTAMP(last_visit) as unix_last_visit'))); // Если пользователь с таким логином и паролем не найден - // значит данные неверные и надо их удалить if (count($res) < 1) { //$tmppos = strrpos( $_SERVER['PHP_SELF'], '/' ) + 1; //$path = substr( $_SERVER['PHP_SELF'], 0, $tmppos ); $path = '/'; setcookie('autologin', '', time() - 1, $path); setcookie('userid', '', time() - 1, $path); setcookie('password', '', time() - 1, $path); return false; } $user = $res[0]; if (!empty($user['activation'])) { //$tmppos = strrpos( $_SERVER['PHP_SELF'], '/' ) + 1; //$path = substr( $_SERVER['PHP_SELF'], 0, $tmppos ); $path = '/'; setcookie('autologin', '', time() - 1, $path); setcookie('userid', '', time() - 1, $path); setcookie('password', '', time() - 1, $path); return showInfoMessage(__('Your account not activated'), '/'); } // Если пользователь заблокирован if ($user['locked']) { //$tmppos = strrpos( $_SERVER['PHP_SELF'], '/' ) + 1; //$path = substr( $_SERVER['PHP_SELF'], 0, $tmppos ); $path = '/'; setcookie('autologin', '', time() - 1, $path); setcookie('userid', '', time() - 1, $path); setcookie('password', '', time() - 1, $path); redirect('/users/baned/'); } $_SESSION['user'] = $user; // Функция getNewThemes() помещает в массив $_SESSION['newThemes'] ID тем, // в которых были новые сообщения со времени последнего посещения пользователя $this->getNewThemes(); return true; }
/** * Check user access and if all right * delete record with geting ID. * * @param int $id */ public function delete($id = null) { $this->cached = false; $id = (int) $id; if ($id < 1) { redirect('/'); } $target = $this->Model->getById($id); if (!$target) { redirect('/'); } //turn access if (!$this->ACL->turn(array($this->module, 'delete_materials'), false) && (!empty($_SESSION['user']['id']) && $target->getAuthor_id() == $_SESSION['user']['id'] && $this->ACL->turn(array($this->module, 'delete_mine_materials'), false)) === false) { return showInfoMessage(__('Permission denied'), '/' . $this->module . '/'); } //remove cache $this->Cache->clean(CACHE_MATCHING_TAG, array('module_' . $this->module, 'record_id_' . $id)); $this->DB->cleanSqlCache(); $target->delete(); $user_id = !empty($_SESSION['user']['id']) ? intval($_SESSION['user']['id']) : 0; if ($this->Log) { $this->Log->write('delete ' . $this->module, $this->module . ' id(' . $id . ') user id(' . $user_id . ')'); } return $this->showInfoMessage(__('Operation is successful'), '/' . $this->module . '/'); }
/** * * Validate data and update record into * Data Base. If an errors, redirect user to add form * and show error message where speaks as not to admit * errors in the future * */ public function update($id = null) { $id = (int) $id; if (empty($id)) { redirect('/'); } $entity = $this->Model->getById($id); if (!$entity) { return $this->_view(__('Some error occurred')); } if (!$this->ACL->turn(array('foto', 'edit_materials'), false) && (empty($_SESSION['user']['id']) || $entity->getAuthor_id() !== $_SESSION['user']['id'] || !$this->ACL->turn(array('foto', 'edit_mine_materials'), false))) { return showInfoMessage(__('Permission denied'), '/foto/'); } $errors = $this->Register['Validate']->check($this->Register['action']); // Обрезаем переменные до длины, указанной в параметре maxlength тега input $title = trim(mb_substr($_POST['title'], 0, 128)); $description = trim($_POST['main_text']); $in_cat = intval($_POST['cats_selector']); if (empty($in_cat)) { $in_cat = $entity->getCategory_id(); } $className = $this->Register['ModManager']->getModelNameFromModule($this->module . 'Categories'); $catModel = new $className(); $cats = $catModel->getById($in_cat); if (!$cats) { $errors[] = __('Can not find category'); } // errors if (!empty($errors)) { $data = array('title' => $title, 'description' => $description, 'in_cat' => $in_cat); $data['errors'] = $errors; $_SESSION['FpsForm'] = $data; redirect('/foto/edit_form/' . $id); } $description = mb_substr($description, 0, Config::read('description_lenght', 'foto')); $entity->setTitle($title); $entity->setDescription($description); $entity->setCategory_id($in_cat); $entity->save(); if (!empty($_FILES['foto']['name'])) { try { $filename = $this->__saveFile($_FILES['foto'], $id); if (!$filename) { throw new Exception('ERROR: FILE_UPL'); } $entity->setFilename($filename)->save(); } catch (Exception $e) { $data = array('title' => null, 'description' => null, 'in_cat' => $in_cat); $data = array_merge($data, $_POST); $data['errors'] = array(__('Some error occurred')); $_SESSION['FpsForm'] = $data; redirect('/foto/edit_form/'); } } //clean cache $this->Cache->clean(CACHE_MATCHING_TAG, array('module_foto', 'record_id_' . $id)); $this->DB->cleanSqlCache(); if ($this->Log) { $this->Log->write('editing foto', 'foto id(' . $id . ')'); } return $this->showInfoMessage(__('Operation is successful'), '/foto/'); }
/** * action view category of loads */ public function category($id = null) { //turn access $this->ACL->turn(array($this->module, 'view_list')); $id = intval($id); if (empty($id) || $id < 1) { redirect('/'); } $SectionsModel = $this->Register['ModManager']->getModelInstance($this->module . 'Categories'); $category = $SectionsModel->getById($id); if (!$category) { return showInfoMessage(__('Can not find category'), '/' . $this->module . '/'); } if (!$this->ACL->checkCategoryAccess($category->getNo_access())) { return showInfoMessage(__('Permission denied'), '/' . $this->module . '/'); } //формируем блок со списком разделов $this->_getCatsTree($id); if ($this->cached && $this->Cache->check($this->cacheKey)) { $source = $this->Cache->read($this->cacheKey); return $this->_view($source); } $where = array(); $where[] = $this->_getDeniSectionsCond($id); if (!$this->ACL->turn(array('other', 'can_see_hidden'), false)) { $where['available'] = '1'; } if (!$this->ACL->turn(array('other', 'can_premoder'), false)) { $where['premoder'] = 'confirmed'; } $total = $this->Model->getTotal(array('cond' => $where)); list($pages, $page) = pagination($total, $this->Register['Config']->read('per_page', $this->module), '/' . $this->module . '/category/' . $id); $this->Register['pages'] = $pages; $this->Register['page'] = $page; $this->addToPageMetaContext('page', $page); $this->addToPageMetaContext('category_title', h($category->getTitle())); $navi = array(); $navi['add_link'] = $this->ACL->turn(array($this->module, 'add_materials'), false) ? get_link(__('Add material'), '/' . $this->module . '/add_form/') : ''; $navi['navigation'] = $this->_buildBreadCrumbs($id); $navi['pagination'] = $pages; $navi['meta'] = __('Count material in cat') . $total; $navi['category_name'] = h($category->getTitle()); $this->_globalize($navi); if ($total <= 0) { $html = __('Materials not found'); return $this->_view($html); } $this->Model->bindModel('attaches'); $this->Model->bindModel('author'); $this->Model->bindModel('category'); $params = array('page' => $page, 'limit' => Config::read('per_page', $this->module), 'order' => $this->Model->getOrderParam()); $records = $this->Model->getCollection($where, $params); if (is_object($this->AddFields) && count($records) > 0) { $records = $this->AddFields->mergeRecords($records); } // create markers foreach ($records as $result) { $this->Register['current_vars'] = $result; $markers = array(); $markers['moder_panel'] = $this->_getAdminBar($result); $entry_url = entryUrl($result, $this->module); $markers['entry_url'] = $entry_url; $markers['announce'] = $this->Textarier->getAnnounce($result->getMain(), $result, $this->Register['Config']->read('announce_lenght', $this->module)); $markers['category_url'] = get_url('/' . $this->module . '/category/' . $result->getCategory_id()); $markers['profile_url'] = getProfileUrl($result->getAuthor()->getId()); //set users_id that are on this page $this->setCacheTag(array('user_id_' . $result->getAuthor()->getId(), 'record_id_' . $result->getId())); $result->setAdd_markers($markers); } $source = $this->render('list.html', array('entities' => $records)); //write int cache if ($this->cached) { $this->Cache->write($source, $this->cacheKey, $this->cacheTags); } return $this->_view($source); }