public function index($param)
{
// get installed CSS themes
$files = Fari_File::listing('/public');
$themes = array();
foreach ($files as $file) {
$css = end(explode('/', $file['path']));
// its cheap
if ($file['type'] == 'file' && substr($css, -4) == '.css') {
$themes[] = substr($css, 0, -4);
}
}
natsort(&$themes);
$this->view->themes = $themes;
// are we saving changes?
if ($_POST) {
$css = Fari_Escape::text($_POST['css']);
$title = Fari_Escape::text($_POST['title']);
Fari_Db::update('settings', array('value' => $css), array('name' => 'theme'));
Fari_Db::update('settings', array('value' => $title), array('name' => 'title'));
Fari_Message::success('Settings change successful.');
}
$this->view->messages = Fari_Message::get();
$this->view->settings = Fari_Db::toKeyValues(Fari_Db::select('settings', 'name, value'), 'name');
$this->view->display('settings');
}
/**
* Check for uniqueness of the username
*
* @param string $username URL encoded username
*/
public function actionCheckUsername($username)
{
// is this Ajax?
if ($this->request->isAjax()) {
// URL decode & filter out username
$username = Fari_Escape::text(Fari_Decode::url($username));
if (empty($username)) {
$this->renderJson("The username can't be empty.");
} else {
// alphanumeric only?
if (!Fari_Filter::isAlpha($username)) {
$this->renderJson("Only alphanumeric characters are allowed.");
} else {
// do we have a match?
if (!$this->accounts->isUsernameUnique($username)) {
$this->renderJson("The username \"{$username}\" is unavailable, sorry.");
} else {
$this->renderJson('');
}
}
}
} else {
$this->renderTemplate('error404/javascript');
}
}
/**
* Check that a captcha answer is valid.
*
* @param string $unsafeAnswer Unsafe answer from the user to check
* @param string $name Name of the captcha answer in the session
* @return boolean TRUE if answer is correct, FALSE otherwise
*/
public static function isValid($unsafeAnswer, $name = 'Default')
{
// escape unsafe token input
$unsafeAnswer = Fari_Escape::text($unsafeAnswer);
// check if token is valid
return sha1($unsafeAnswer) == $_SESSION[self::SESSION_STORAGE . $name] ? TRUE : FALSE;
}
public function tag($tag)
{
$tag = Fari_Escape::text($tag);
$paginator = new Fari_Paginator(100, 3);
switch ($tag) {
case 'star':
$this->view->paginator = $paginator->select(1, 'kb', '*', array('starred' => 'full'), 'date DESC');
$this->view->title = array('value' => 'Starred');
break;
default:
$this->redirect('/error404');
}
$this->view->browse = 'both';
$this->view->display('browse');
}
/**
* Send a message from a room
*
* @uses Ajax
*/
public function actionSpeak($roomId)
{
$text = Fari_Escape::text(Fari_Decode::javascript($this->request->getRawPost('text')));
if (!empty($text)) {
$time = mktime();
// a text message
$message = new MessageSpeak($roomId, $time);
$message->text($roomId, $time, $this->user->getShortName(), $this->user->getId(), $text);
// the message might be saved under wrong room id, but activity updater will kick us...
try {
$this->room->updateUserActivity($roomId, $time, $this->user->getId());
} catch (UserNotFoundException $e) {
$this->renderJson('bye');
}
}
}
public static function getArchive($month, $isAuthenticated)
{
// escape
$month = Fari_Escape::text($month);
// parse month and year passed
list($month, $year) = explode('-', $month);
$months = array('january', 'february', 'march', 'april', 'may', 'june', 'july', 'august', 'september', 'october', 'november', 'december');
$monthPosition = array_search($month, $months) + 1;
if (!empty($monthPosition)) {
// we have ourselves the month number
$low = mktime(1, 1, 1, $monthPosition, 1, $year);
$high = mktime(23, 59, 59, $monthPosition, date('t', $low), $year);
return !$isAuthenticated ? Fari_Db::select('articles', '*', "published >= '{$low}' AND published <= '{$high}' AND status = 1", 'published DESC') : Fari_Db::select('articles', '*', "published >= '{$low}' AND published <= '{$high}' AND status != 2", 'published DESC');
}
return;
}
/**
* Display the room from a guest's perspective
*/
public function actionIndex($guestCode)
{
try {
// get the room
$room = $this->room->getGuestRoom($guestCode = Fari_Escape::text($guestCode));
// is user authenticated?
$this->guestUser = new User();
// is user authorized?
$this->guestUser->canEnter($room['id']);
// the room does not exist
} catch (RoomNotFoundException $e) {
$this->renderTemplate('room/invalid');
// we haven't signed in
} catch (UserNotAuthenticatedException $e) {
$this->bag->code = $guestCode;
// show a form to enter a name for the new guest
$this->renderTemplate('account/guest');
// we cannot enter this room
} catch (UserNotAuthorizedException $e) {
$this->renderTemplate('room/permissions');
}
// we are already in
$time = mktime();
// is the user already in the room?
if (!$this->guestUser->inRoom($room['id'])) {
// not in the room... is it locked?
if ($room['locked']) {
$system = new System();
$this->renderTemplate('room/locked');
} else {
// enter them into the room
$this->guestUser->enterRoom($room['id'], $time);
// say that the user has entered
$message = new MessageSpeak();
$message->enter($room['id'], $time, $this->guestUser->getShortName());
}
}
// all other fails captured...
// show a 'guest' view
$this->renderTemplate('room/guest', $room['id']);
}
<h3><a href="<?php
$this->url('/blog/article/' . $article['slug']);
?>
"
title="Permanent Link to <?php
echo $article['name'];
?>
">
<?php
echo $article['name'];
?>
</a></h3>
<!-- text -->
<p><?php
$article['text'] = Fari_Escape::text(Fari_Textile::toHTML($article['text']));
echo strlen($article['text']) <= BLOG_PREVIEW ? $article['text'] : substr($article['text'], 0, BLOG_PREVIEW) . ' [...]';
?>
</p>
<!-- details -->
<div class="details">
Posted at <?php
echo date("F j, Y, G:i", $article['published']);
?>
|
<span class="read-on">
<a href="<?php
$this->url('/blog/article/' . $article['slug']);
?>
">read more</a>
public function index($param)
{
// are we saving?
if ($_POST) {
$success = TRUE;
// save categories, sources & types
$category = Fari_Escape::text($_POST['category']);
$categorySlug = Fari_Escape::slug($category);
$source = Fari_Escape::text($_POST['source']);
$sourceSlug = Fari_Escape::slug($source);
$type = Fari_Escape::text($_POST['type']);
$typeSlug = Fari_Escape::slug($type);
if (empty($category)) {
Fari_Message::fail('The category can\'t be empty.');
$success = FALSE;
} else {
$result = Fari_Db::selectRow('hierarchy', 'key', array('value' => $category, 'type' => 'category'));
if (empty($result)) {
Fari_Db::insert('hierarchy', array('value' => $category, 'slug' => $categorySlug, 'type' => 'category'));
}
}
if (empty($source)) {
Fari_Message::fail('The source can\'t be empty.');
$success = FALSE;
} else {
$result = Fari_Db::selectRow('hierarchy', 'key', array('value' => $source, 'type' => 'source'));
if (empty($result)) {
Fari_Db::insert('hierarchy', array('value' => $source, 'slug' => $sourceSlug, 'type' => 'source'));
}
}
if (empty($type)) {
Fari_Message::fail('The category can\'t be empty.');
$success = FALSE;
} else {
$result = Fari_Db::selectRow('hierarchy', 'key', array('value' => $type, 'type' => 'type'));
if (empty($result)) {
Fari_Db::insert('hierarchy', array('value' => $type, 'type' => 'type'));
}
}
if ($success) {
$title = Fari_Escape::text($_POST['title']);
if (empty($title)) {
Fari_Message::fail('The title can\'t be empty.');
} else {
$slug = Fari_Escape::slug($_POST['title']);
// unique slug/title
$result = Fari_Db::selectRow('kb', 'id', array('slug' => $slug));
if (!empty($result)) {
Fari_Message::fail('The title is not unique.');
} else {
$text = Fari_Escape::quotes($_POST['textarea']);
// convert title & main text to its stems and add lowercase originals better matches)
$titleStems = Knowledge::stems($title) . ' ' . strtolower($title);
$stems = Knowledge::stems($text) . ' ' . strtolower($text);
$tags = Fari_Escape::text($_POST['tags']);
$category = Fari_Escape::text($_POST['category']);
$source = Fari_Escape::text($_POST['source']);
$type = Fari_Escape::text($_POST['type']);
$comments = Fari_Escape::text($_POST['comments']);
$date = Fari_Escape::text($_POST['date']);
// date
if (!Fari_Filter::isDate($date)) {
Fari_Message::fail('The date is not in the correct format.');
} else {
// INSERT
Fari_Db::insert('kb', array('title' => $title, 'slug' => $slug, 'text' => $text, 'tags' => $tags, 'category' => $category, 'categorySlug' => $categorySlug, 'source' => $source, 'sourceSlug' => $sourceSlug, 'type' => $type, 'stems' => $stems, 'comments' => $comments, 'date' => $date, 'titleStems' => $titleStems, 'starred' => 'empty'));
Fari_Message::success('Saved successfully.');
$this->redirect('/text/edit/' . $slug);
die;
}
}
}
}
}
// fetch categories, sources & types
$this->view->categories = $categories = Fari_Db::select('hierarchy', 'key, value', array('type' => 'category'), 'slug ASC');
$this->view->sources = $sources = Fari_Db::select('hierarchy', 'key, value', array('type' => 'source'), 'slug ASC');
$this->view->types = $types = Fari_Db::select('hierarchy', 'key, value', array('type' => 'type'), 'value ASC');
// form if save failed...
$this->view->saved = $_POST;
// get all messages
$this->view->messages = Fari_Message::get();
$this->view->display('new');
}
/**
* Check if user is in a specified role.
* Method is_authenticated() should have been called at this point.
* @uses 'role' in 'users' table
*
* @param string $userRole (e.g., admin)
* @param string $credentials Optionally specify which column to use for credentials
* @return boolean TRUE if user is in a role
*/
public static function isInRole($userRole, $credentialsColumn = 'username')
{
@($unsafe = self::getCredentials());
// get credentials string
if (isset($unsafe)) {
//escape input
$credentials = Fari_Escape::text($unsafe);
// select a matching row from a table
$whereClause = array($credentialsColumn => $credentials);
$user = Fari_Db::selectRow('users', 'role', $whereClause);
// check that user satisfies a role
if ($user['role'] === $userRole) {
unset($user);
return TRUE;
}
}
return FALSE;
}
"
href="<?php
$this->url('/text/star/' . $row['slug']);
?>
"> </a>
<a href="<?php
$this->url('/text/view/' . $row['slug']);
?>
">
<?php
echo $row['title'];
?>
</a></h3>
<p class="preview">
<?php
echo substr(Fari_Escape::text(Fari_Textile::toHTML($row['text'])), 0, 300);
?>
…</p>
<div class="description">
<?php
if ($browse == 'category') {
?>
<a href="<?php
$this->url('/browse/source/' . $row['sourceSlug']);
?>
">
<?php
echo $row['source'];
?>
<?php
} elseif ($browse == 'source') {
public function create()
{
if (!Fari_User::isAuthenticated('realname')) {
Fari_Message::fail('You need to authenticate first');
$this->redirect('/blog/login/');
} else {
// are we saving updates?
if (!empty($_POST['name'])) {
$name = Fari_Escape::text($_POST['name']);
$text = Fari_Escape::quotes($_POST['text']);
$slug = Fari_Escape::slug($_POST['name']);
// check article title uniqueness
$result = Fari_Db::selectRow('articles', 'id', array('slug' => $slug));
if (empty($result)) {
Fari_Db::insert('articles', array('text' => $text, 'slug' => $slug, 'name' => $name, 'status' => $_POST['status'], 'published' => time()));
Fari_Message::success('Article \'' . $name . '\' saved.');
$this->redirect('/blog/edit/' . $slug);
} else {
Fari_Message::fail('Article name \'' . $name . '\' is not unique');
}
}
// pickup messages for us
$this->view->messages = Fari_Message::get();
// fill back on fail
$this->view->article = array('name' => $_POST['name'], 'text' => $_POST['text']);
$this->view->display('/themes/' . BLOG_THEME . '/new');
}
}
<?php
if (!defined('FARI')) {
die;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title><?php
echo Fari_Escape::text($text['title']);
?>
</title>
<link rel="shortcut icon" type="image/x-icon" href="<?php
$this->url('/public/favicon.ico');
?>
">
<link rel="stylesheet" href="<?php
$this->url('/public/grid/screen.css');
?>
" type="text/css" media="screen, projection"/>
<link rel="stylesheet" href="<?php
$this->url('/public/grid/print.css');
?>
" type="text/css" media="print"/>
<!--[if lt IE 8]>
<link rel="stylesheet" href="<?php
$this->url('/public/grid/ie.css');
?>
public function renderFile($fileCode, $type)
{
$system = new System();
switch ($type) {
case 'file':
$file = $system->getFile(Fari_Escape::text($fileCode));
break;
case 'thumb':
$file = $system->getThumbnail(Fari_Escape::text($fileCode));
break;
}
if (!empty($file)) {
// respond with a file download
$this->sendFile($file);
} else {
$this->renderTemplate('Error404/error404');
}
}
/**
* Escape SESSION data.
* @param string
*/
public function prepareSession($sessionString)
{
return Fari_Escape::text($sessionString);
}
public function edit($slug)
{
$slug = Fari_Escape::text($slug);
// are we saving?
if ($_POST) {
$success = TRUE;
// save categories, sources & types
$category = Fari_Escape::text($_POST['category']);
$categorySlug = Fari_Escape::slug($category);
$source = Fari_Escape::text($_POST['source']);
$sourceSlug = Fari_Escape::slug($source);
$type = Fari_Escape::text($_POST['type']);
$typeSlug = Fari_Escape::slug($type);
if (empty($category)) {
Fari_Message::fail('The category can\'t be empty.');
$success = FALSE;
} else {
$result = Fari_Db::selectRow('hierarchy', 'key', array('value' => $category, 'type' => 'category'));
if (empty($result)) {
Fari_Db::insert('hierarchy', array('value' => $category, 'slug' => $categorySlug, 'type' => 'category'));
}
}
if (empty($source)) {
Fari_Message::fail('The source can\'t be empty.');
$success = FALSE;
} else {
$result = Fari_Db::selectRow('hierarchy', 'key', array('value' => $source, 'type' => 'source'));
if (empty($result)) {
Fari_Db::insert('hierarchy', array('value' => $source, 'slug' => $sourceSlug, 'type' => 'source'));
}
}
if (empty($type)) {
Fari_Message::fail('The category can\'t be empty.');
$success = FALSE;
} else {
$result = Fari_Db::selectRow('hierarchy', 'key', array('value' => $type, 'type' => 'type'));
if (empty($result)) {
Fari_Db::insert('hierarchy', array('value' => $type, 'type' => 'type'));
}
}
if ($success) {
$text = Fari_Escape::quotes($_POST['textarea']);
// convert main text to stems & add the lowercase original to it (better matches)
$stems = Knowledge::stems($text) . ' ' . strtolower($text);
$tags = Fari_Escape::text($_POST['tags']);
$category = Fari_Escape::text($_POST['category']);
$source = Fari_Escape::text($_POST['source']);
$type = Fari_Escape::text($_POST['type']);
$comments = Fari_Escape::text($_POST['comments']);
$date = Fari_Escape::text($_POST['date']);
// date
if (!Fari_Filter::isDate($date)) {
Fari_Message::fail('The date is not in the correct format.');
} else {
// INSERT
Fari_Db::update('kb', array('text' => $text, 'comments' => $comments, 'date' => $date, 'tags' => $tags, 'category' => $category, 'categorySlug' => $categorySlug, 'source' => $source, 'sourceSlug' => $sourceSlug, 'type' => $type, 'stems' => $stems), array('slug' => $slug));
Fari_Message::success('Saved successfully.');
}
}
}
// fetch categories, sources & types
$this->view->categories = $categories = Fari_Db::select('hierarchy', 'key, value', array('type' => 'category'), 'slug ASC');
$this->view->sources = $sources = Fari_Db::select('hierarchy', 'key, value', array('type' => 'source'), 'slug ASC');
$this->view->types = $types = Fari_Db::select('hierarchy', 'key, value', array('type' => 'type'), 'value ASC');
// form
$saved = Fari_Db::selectRow('kb', '*', array('slug' => $slug));
$saved['textarea'] = $saved['text'];
// for reuse...
$this->view->saved = $saved;
// get all messages
$this->view->messages = Fari_Message::get();
$this->view->display('edit');
}
/**
* Set body of the messsage
* @param string $subject Text
* @param boolean $text escape text if set to true
* @return Fari_Mail subclass
*/
public function setBody($body, $text = FALSE)
{
$this->body = $text ? Fari_Escape::text($body) : $body;
return $this;
}
