private static function _checkPermission()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
}
public function browse()
{
$this->_checkPermission();
$params = func_get_args();
$this->path = join('/', $params);
// make sure there's a / at the end
if (substr($this->path, -1, 1) != '/') {
$this->path .= '/';
}
//security
// we dont allow back link
if (strpos($this->path, '..') !== false) {
if (Plugin::isEnabled('statistics_api')) {
$user = null;
if (AuthUser::isLoggedIn()) {
$user = AuthUser::getUserName();
}
$ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
$event = array('event_type' => 'hack_attempt', 'description' => __('A possible hack attempt was detected.'), 'ipaddress' => $ip, 'username' => $user);
Observer::notify('stats_file_manager_hack_attempt', $event);
}
}
$this->fullpath = FILES_DIR . '/sidebarlink/images/';
// clean up nicely
$this->fullpath = preg_replace('/\\/\\//', '/', $this->fullpath);
$this->display('sidebarlink/index', array('dir' => $this->path, 'files' => $this->_getListFiles(), 'sidebarlinks' => Record::findAllFrom('SidebarLink', '1=1 ORDER BY id desc'), 'pages' => Record::findAllFrom('Page', 'parent_id=1 OR parent_id=0 order by parent_id,position')));
}
public function submit_address($fields = array())
{
$checkout = $this->config['checkoutPath'];
$out = null;
// wolf authentication
if (!AuthUser::isLoggedIn() && (!isset($_SESSION['shipping_address']) || empty($_SESSION['shipping_address'])) || 1 == 1) {
$out .= "<div class=\"shipping_address_form\">";
$out .= "<div id=\"form_response\"><h2 class=\"checkout-error error-message\">Please provide the following information!</h2></div>";
//$out .= "<div id=\"form_response\"><h2 class=\"checkout-error error-message\">Please provide the following information!</h2><div>";
//$this->disablePaypalCheckout = " disabled='disabled'";
$out .= " <form id=\"shipping_address\" name=\"shipping_address\" action=\"" . $_SERVER['REQUEST_URI'] . "\" method=\"post\">";
$out .= " <p><label>Delivery Address</label></p><br/><br/>";
if (!empty($fields)) {
foreach ($fields['label'] as $k => $label) {
$out .= $this->draw_field($k, $fields);
}
}
//$out .= " <input onclick=\"submit_any_form('#submit_address');\" name=\"submit_address\" id=\"submit_address\" type=\"submit\" value=\"Save Addres\" />";
$out .= " <input class=\"ajaxsubmit\" name=\"submit_address\" id=\"submit_address\" type=\"submit\" value=\"Save Addres\" />";
$out .= " </form>";
$out .= "</div>";
} else {
$out = '';
}
// display shipping address form
if ($checkout != $this->config['checkoutPath'] || 1 == 1) {
return $out;
} else {
return null;
}
}
public static function _checkLog()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
}
/**
* Allows a user to login.
*/
function login()
{
// already log in ?
if (AuthUser::isLoggedIn()) {
if (Flash::get('redirect') != null) {
redirect(Flash::get('redirect'));
} else {
redirect(get_url());
}
}
if (get_request_method() == 'POST') {
$data = isset($_POST['login']) ? $_POST['login'] : array('username' => '', 'password' => '');
Flash::set('username', $data['username']);
if (AuthUser::login($data['username'], $data['password'], isset($data['remember']))) {
Observer::notify('admin_login_success', $data['username']);
$this->_checkVersion();
// redirect to defaut controller and action
if ($data['redirect'] != null && $data['redirect'] != 'null') {
redirect($data['redirect']);
} else {
redirect(get_url());
}
} else {
Flash::set('error', __('Login failed. Please check your login data and try again.'));
Observer::notify('admin_login_failed', $data['username']);
}
}
// not find or password is wrong
if ($data['redirect'] != null && $data['redirect'] != 'null') {
redirect($data['redirect']);
} else {
redirect(get_url('login'));
}
}
public function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
}
public function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
$this->assignToLayout('sidebar', new View('translate/sidebar'));
}
function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
$this->setLayout('backend');
}
public function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
echo 'Please Login';
header('location:index.php?job=login');
}
}
public function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
$this->setLayout('backend');
$this->assignToLayout('sidebar', new View('../../plugins/frog_tags/views/sidebar'));
}
function __construct()
{
if (defined('CMS_BACKEND')) {
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
}
}
public function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
$this->setLayout('backend');
$this->assignToLayout('sidebar', new View('fnbgallery/sidebar'));
}
function indexAction()
{
global $tpl;
if (AuthUser::isLoggedIn()) {
//echo 'You have logged in!';
header('location:index.php?job=admin_article');
} else {
$tpl->display('admin/login.html');
}
}
public function __construct()
{
// Check to make sure user is logged in.
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
$this->setLayout('backend');
$this->assignToLayout('sidebar', new View('../../plugins/tinymce/views/sidebar'));
}
public function beforeSave()
{
$this->created_on = date("Y-m-d H:i:s");
if (!AuthUser::isLoggedIn()) {
$this->username = "******";
} else {
$this->username = AuthUser::getRecord()->name;
}
return true;
}
function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
$_SESSION['assets_folder'] = isset($_SESSION['assets_folder']) ? $_SESSION['assets_folder'] : assets_default_folder();
$this->setLayout('backend');
$this->assignToLayout('sidebar', new View('../../plugins/assets/views/sidebar'));
}
public function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
echo 'Please Login';
header('location:index.php?job=login');
}
//首页最近文章
//$this->recent_post = Article::getPost(5, true);
//侧栏分类
$this->categories = Category::findAll();
if (is_array($this->categories) && count($this->categories) > 0) {
$temp = array();
foreach ($this->categories as $k => $v) {
$temp[$v->id] = get_object_vars($v);
}
$this->cahce_categories = $temp;
$temp = array();
}
//Tags 后期改进为热词形式
$hot_tags = Tag::findAll(20);
//mprint_r($hot_tags, '$hot_tags');
if (count($hot_tags) > 0) {
$first = current($hot_tags);
$last = end($hot_tags);
foreach ($hot_tags as $k => $v) {
$tags_list[$k]['word'] = $v->name;
$tags_list[$k]['size'] = tagClouds($v->count, $first->count, $last->count);
}
}
$this->tags_list = $tags_list;
$tags = Tag::findAll();
//var_dump($tags);
$content_tag = Record::findAllFrom('ContentTag');
//var_dump($content_tag);
//关系表中存在的文章ID以及tag集合到一个数组中tag_cache 避免在遍历生成文章静态页时重复读取数据库
//遍历所有tag 组合出方便调用的形式
if (is_array($tags) && count($tags) > 0) {
$temp_tags = array();
foreach ($tags as $k => $v) {
$temp_tags[$v->id] = $v->name;
}
}
//遍历关系表
if (is_array($content_tag) && count($content_tag) > 0) {
$this->cahce_tags = array();
foreach ($content_tag as $k => $v) {
if (isset($temp_tags[$v->tag_id])) {
$this->cahce_tags[$v->content_id][] = $temp_tags[$v->tag_id];
}
}
}
//清空临时数据
$tags = $content_tag = $temp_tags = array();
}
/**
* Check if user is authorized
*
* @return boolean true is access granted, false if no access
*/
function auth()
{
// You can insert your own code over here to check if the user is authorized.
// This calls credentials from Wolf CMS login
AuthUser::load();
if (AuthUser::isLoggedIn()) {
return true;
} else {
return false;
}
}
function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
if (!AuthUser::hasPermission('admin_view')) {
redirect(URL_PUBLIC);
}
$this->setLayout('backend');
$this->assignToLayout('sidebar', new View('../../plugins/funky_cache/views/sidebar'));
}
private static function _checkPermission()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
} else {
if (!AuthUser::hasPermission('administrator')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}
}
}
function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
} else {
if (!AuthUser::hasPermission('administrator')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}
}
$this->setLayout('backend');
}
/**
* Used to check generic permissions for entire the controller.
*/
private static final function _checkPermission()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
} else {
if (!AuthUser::hasPermission('admin_edit')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
if (Setting::get('default_tab') === 'setting') {
redirect(get_url('page'));
} else {
redirect(get_url());
}
}
}
}
function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
} else {
if (!AuthUser::hasPermission('layout_view')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
if (Setting::get('default_tab') === 'layout') {
redirect(get_url('page'));
} else {
redirect(get_url());
}
}
}
$this->setLayout('backend');
$this->assignToLayout('sidebar', new View('layout/sidebar'));
}
function login()
{
// already log in ?
if (AuthUser::isLoggedIn()) {
redirect(get_url());
}
$data = isset($_POST['login']) ? $_POST['login'] : array('username' => '', 'password' => '');
Flash::set('username', $data['username']);
if (AuthUser::login($data['username'], $data['password'], isset($data['remember']))) {
$this->_checkVersion();
// redirect to defaut controller and action
redirect(get_url());
} else {
Flash::set('error', __('Login failed. Please check your login data and try again.'));
}
// not find or password is wrong
redirect(get_url('login'));
}
/**
* Allows a user to login.
*/
function login()
{
$redirect = '';
if (Flash::get('redirect') != null) {
$redirect = Flash::get('redirect');
} elseif (Flash::get('HTTP_REFERER') != null) {
$redirect = trim(Flash::get('HTTP_REFERER'));
}
// Allow plugins to handle login
Observer::notify('login_requested', $redirect);
// already log in ?
if (AuthUser::isLoggedIn()) {
if ($redirect != '') {
redirect(self::sanitizeRedirect($redirect));
} else {
redirect(get_url());
}
}
if (get_request_method() == 'POST') {
$data = isset($_POST['login']) ? $_POST['login'] : array('username' => '', 'password' => '');
Flash::set('username', $data['username']);
if (AuthUser::login($data['username'], $data['password'], isset($data['remember']))) {
Observer::notify('admin_login_success', $data['username']);
$this->_checkVersion();
// redirect to defaut controller and action
if ($data['redirect'] != null && $data['redirect'] != 'null') {
redirect(self::sanitizeRedirect($data['redirect']));
} else {
redirect(get_url());
}
} else {
Flash::set('error', __('Login failed. Check your username and password.<br/>If you tried to login more than :attempts times, you will have to wait at least :delay seconds before trying again.', array(':attempts' => DELAY_FIRST_AFTER, ':delay' => DELAY_ONCE_EVERY)));
Observer::notify('admin_login_failed', $data['username']);
}
}
// not find or password is wrong
if ($data['redirect'] != null && $data['redirect'] != 'null') {
redirect(self::sanitizeRedirect($data['redirect']));
} else {
redirect(get_url('login'));
}
}
public function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url("login"));
die;
}
// GET SETTINGS
$settings = array_merge(array("grid-size" => 3, "widget-position" => serialize(array("events" => array("part" => 1, "order" => 1), "rss_reader" => array("part" => 2, "order" => 1)))), Plugin::getAllSettings("dashboard"));
// UNSERIALIZE SETTINGS
foreach ($settings as $key => $value) {
if (is_string($value)) {
if (@unserialize($value) !== false) {
$settings[$key] = unserialize($value);
}
}
}
$this->settings = $settings;
// OBSERVER
DashboardWidgets::init($settings["widget-position"]);
Observer::observe("view_backend_layout_head", "DashboardController::loadFiles");
}
/**
* Execute this function on page_not_found.
* If the request is for an image file,
* resize the image.
*/
function image_resize_try_resizing()
{
// Require that visitor be logged in and has
// permission to create files
if (!AuthUser::isLoggedIn()) {
AuthUser::load();
}
if (!AuthUser::hasPermission('administrator,developer,editor')) {
return false;
}
// Check that gd library is available
if (!ImageResize::gd_available()) {
return false;
}
if (preg_match('#\\.(jpe?g|gif|png|wbmp)$#i', CURRENT_URI)) {
// If requested file appears to be an accepted format, create the new image
if (image_resize_scale(CURRENT_URI) && !DEBUG) {
// If Frog isn't debugging, it writes to a file; redirect to it
header('Location: ' . URL_PUBLIC . "/" . CURRENT_URI);
// Exit here to prevent a page not found message
exit;
}
}
}
if (!function_exists('mysql_date_format_function')) {
function mysql_function_date_format($date, $format)
{
return strftime($format, strtotime($date));
}
}
$__CMS_CONN__->sqliteCreateFunction('date_format', 'mysql_function_date_format', 2);
}
// DEFINED ONLY FOR BACKWARDS SUPPORT - to be taken out before 0.9.0
$__FROG_CONN__ = $__CMS_CONN__;
Record::connection($__CMS_CONN__);
Record::getConnection()->exec("set names 'utf8'");
Setting::init();
use_helper('I18n');
AuthUser::load();
if (AuthUser::isLoggedIn()) {
I18n::setLocale(AuthUser::getRecord()->language);
} else {
I18n::setLocale(Setting::get('language'));
}
// Only add the cron web bug when necessary
if (defined('USE_POORMANSCRON') && USE_POORMANSCRON && defined('POORMANSCRON_INTERVAL')) {
Observer::observe('page_before_execute_layout', 'run_cron');
function run_cron()
{
$cron = Cron::findByIdFrom('Cron', '1');
$now = time();
$last = $cron->getLastRunTime();
if ($now - $last > POORMANSCRON_INTERVAL) {
echo $cron->generateWebBug();
}
/**
* Validates whether a given secure token is still valid.
*
* The validateToken() method validates the token is valid by checking:
* - that the token is not expired (through the time),
* - the token is valid for this user,
* - the token is valid for this url
*
* It does so by reconstructing the token. If at any time during the valid
* period of the token, the username, user password or the url changed, the
* token is considered invalid.
*
* The token is also considered invalid if more than SecureToken::EXPIRES seconds
* have passed.
*
* @param string $token The token.
* @param string $url The url for which the token was generated.
* @return boolean True if the token is valid, otherwise false.
*/
public static final function validateToken($token, $url)
{
use_helper('Hash');
$hash = new Crypt_Hash('sha256');
AuthUser::load();
if (AuthUser::isLoggedIn()) {
$user = AuthUser::getRecord();
$target_url = str_replace('&', '&', $url);
$pwd = substr(bin2hex($hash->hash($user->password)), 5, 20);
$time = SecureToken::getTokenTime($user->username, $target_url);
if (microtime(true) - $time > self::EXPIRES) {
return false;
}
return bin2hex($hash->hash($user->username . $time . $target_url . $pwd . $user->salt)) === $token;
}
return false;
}
public function browse()
{
$this->_checkPermission();
$params = func_get_args();
$this->path = join('/', $params);
// make sure there's a / at the end
if (substr($this->path, -1, 1) != '/') {
$this->path .= '/';
}
//security
// we dont allow back link
if (strpos($this->path, '..') !== false) {
if (Plugin::isEnabled('statistics_api')) {
$user = null;
if (AuthUser::isLoggedIn()) {
$user = AuthUser::getUserName();
}
$ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
$event = array('event_type' => 'hack_attempt', 'description' => __('A possible hack attempt was detected.'), 'ipaddress' => $ip, 'username' => $user);
Observer::notify('stats_file_manager_hack_attempt', $event);
}
}
$this->display('testimonial/index', array('testimonials' => Record::query('select * from ' . TABLE_PREFIX . 'testimonial ORDER BY ' . TABLE_PREFIX . 'testimonial.sequence, ' . TABLE_PREFIX . 'testimonial.id desc'), 'pages' => Record::findAllFrom('Page', 'parent_id=1 order by parent_id,position')));
}
