public function index($param) { // get installed CSS themes $files = Fari_File::listing('/public'); $themes = array(); foreach ($files as $file) { $css = end(explode('/', $file['path'])); // its cheap if ($file['type'] == 'file' && substr($css, -4) == '.css') { $themes[] = substr($css, 0, -4); } } natsort(&$themes); $this->view->themes = $themes; // are we saving changes? if ($_POST) { $css = Fari_Escape::text($_POST['css']); $title = Fari_Escape::text($_POST['title']); Fari_Db::update('settings', array('value' => $css), array('name' => 'theme')); Fari_Db::update('settings', array('value' => $title), array('name' => 'title')); Fari_Message::success('Settings change successful.'); } $this->view->messages = Fari_Message::get(); $this->view->settings = Fari_Db::toKeyValues(Fari_Db::select('settings', 'name, value'), 'name'); $this->view->display('settings'); }
/** * Check for uniqueness of the username * * @param string $username URL encoded username */ public function actionCheckUsername($username) { // is this Ajax? if ($this->request->isAjax()) { // URL decode & filter out username $username = Fari_Escape::text(Fari_Decode::url($username)); if (empty($username)) { $this->renderJson("The username can't be empty."); } else { // alphanumeric only? if (!Fari_Filter::isAlpha($username)) { $this->renderJson("Only alphanumeric characters are allowed."); } else { // do we have a match? if (!$this->accounts->isUsernameUnique($username)) { $this->renderJson("The username \"{$username}\" is unavailable, sorry."); } else { $this->renderJson(''); } } } } else { $this->renderTemplate('error404/javascript'); } }
/** * Check that a captcha answer is valid. * * @param string $unsafeAnswer Unsafe answer from the user to check * @param string $name Name of the captcha answer in the session * @return boolean TRUE if answer is correct, FALSE otherwise */ public static function isValid($unsafeAnswer, $name = 'Default') { // escape unsafe token input $unsafeAnswer = Fari_Escape::text($unsafeAnswer); // check if token is valid return sha1($unsafeAnswer) == $_SESSION[self::SESSION_STORAGE . $name] ? TRUE : FALSE; }
public function tag($tag) { $tag = Fari_Escape::text($tag); $paginator = new Fari_Paginator(100, 3); switch ($tag) { case 'star': $this->view->paginator = $paginator->select(1, 'kb', '*', array('starred' => 'full'), 'date DESC'); $this->view->title = array('value' => 'Starred'); break; default: $this->redirect('/error404'); } $this->view->browse = 'both'; $this->view->display('browse'); }
/** * Send a message from a room * * @uses Ajax */ public function actionSpeak($roomId) { $text = Fari_Escape::text(Fari_Decode::javascript($this->request->getRawPost('text'))); if (!empty($text)) { $time = mktime(); // a text message $message = new MessageSpeak($roomId, $time); $message->text($roomId, $time, $this->user->getShortName(), $this->user->getId(), $text); // the message might be saved under wrong room id, but activity updater will kick us... try { $this->room->updateUserActivity($roomId, $time, $this->user->getId()); } catch (UserNotFoundException $e) { $this->renderJson('bye'); } } }
public static function getArchive($month, $isAuthenticated) { // escape $month = Fari_Escape::text($month); // parse month and year passed list($month, $year) = explode('-', $month); $months = array('january', 'february', 'march', 'april', 'may', 'june', 'july', 'august', 'september', 'october', 'november', 'december'); $monthPosition = array_search($month, $months) + 1; if (!empty($monthPosition)) { // we have ourselves the month number $low = mktime(1, 1, 1, $monthPosition, 1, $year); $high = mktime(23, 59, 59, $monthPosition, date('t', $low), $year); return !$isAuthenticated ? Fari_Db::select('articles', '*', "published >= '{$low}' AND published <= '{$high}' AND status = 1", 'published DESC') : Fari_Db::select('articles', '*', "published >= '{$low}' AND published <= '{$high}' AND status != 2", 'published DESC'); } return; }
/** * Display the room from a guest's perspective */ public function actionIndex($guestCode) { try { // get the room $room = $this->room->getGuestRoom($guestCode = Fari_Escape::text($guestCode)); // is user authenticated? $this->guestUser = new User(); // is user authorized? $this->guestUser->canEnter($room['id']); // the room does not exist } catch (RoomNotFoundException $e) { $this->renderTemplate('room/invalid'); // we haven't signed in } catch (UserNotAuthenticatedException $e) { $this->bag->code = $guestCode; // show a form to enter a name for the new guest $this->renderTemplate('account/guest'); // we cannot enter this room } catch (UserNotAuthorizedException $e) { $this->renderTemplate('room/permissions'); } // we are already in $time = mktime(); // is the user already in the room? if (!$this->guestUser->inRoom($room['id'])) { // not in the room... is it locked? if ($room['locked']) { $system = new System(); $this->renderTemplate('room/locked'); } else { // enter them into the room $this->guestUser->enterRoom($room['id'], $time); // say that the user has entered $message = new MessageSpeak(); $message->enter($room['id'], $time, $this->guestUser->getShortName()); } } // all other fails captured... // show a 'guest' view $this->renderTemplate('room/guest', $room['id']); }
<h3><a href="<?php $this->url('/blog/article/' . $article['slug']); ?> " title="Permanent Link to <?php echo $article['name']; ?> "> <?php echo $article['name']; ?> </a></h3> <!-- text --> <p><?php $article['text'] = Fari_Escape::text(Fari_Textile::toHTML($article['text'])); echo strlen($article['text']) <= BLOG_PREVIEW ? $article['text'] : substr($article['text'], 0, BLOG_PREVIEW) . ' [...]'; ?> </p> <!-- details --> <div class="details"> Posted at <?php echo date("F j, Y, G:i", $article['published']); ?> | <span class="read-on"> <a href="<?php $this->url('/blog/article/' . $article['slug']); ?> ">read more</a>
public function index($param) { // are we saving? if ($_POST) { $success = TRUE; // save categories, sources & types $category = Fari_Escape::text($_POST['category']); $categorySlug = Fari_Escape::slug($category); $source = Fari_Escape::text($_POST['source']); $sourceSlug = Fari_Escape::slug($source); $type = Fari_Escape::text($_POST['type']); $typeSlug = Fari_Escape::slug($type); if (empty($category)) { Fari_Message::fail('The category can\'t be empty.'); $success = FALSE; } else { $result = Fari_Db::selectRow('hierarchy', 'key', array('value' => $category, 'type' => 'category')); if (empty($result)) { Fari_Db::insert('hierarchy', array('value' => $category, 'slug' => $categorySlug, 'type' => 'category')); } } if (empty($source)) { Fari_Message::fail('The source can\'t be empty.'); $success = FALSE; } else { $result = Fari_Db::selectRow('hierarchy', 'key', array('value' => $source, 'type' => 'source')); if (empty($result)) { Fari_Db::insert('hierarchy', array('value' => $source, 'slug' => $sourceSlug, 'type' => 'source')); } } if (empty($type)) { Fari_Message::fail('The category can\'t be empty.'); $success = FALSE; } else { $result = Fari_Db::selectRow('hierarchy', 'key', array('value' => $type, 'type' => 'type')); if (empty($result)) { Fari_Db::insert('hierarchy', array('value' => $type, 'type' => 'type')); } } if ($success) { $title = Fari_Escape::text($_POST['title']); if (empty($title)) { Fari_Message::fail('The title can\'t be empty.'); } else { $slug = Fari_Escape::slug($_POST['title']); // unique slug/title $result = Fari_Db::selectRow('kb', 'id', array('slug' => $slug)); if (!empty($result)) { Fari_Message::fail('The title is not unique.'); } else { $text = Fari_Escape::quotes($_POST['textarea']); // convert title & main text to its stems and add lowercase originals better matches) $titleStems = Knowledge::stems($title) . ' ' . strtolower($title); $stems = Knowledge::stems($text) . ' ' . strtolower($text); $tags = Fari_Escape::text($_POST['tags']); $category = Fari_Escape::text($_POST['category']); $source = Fari_Escape::text($_POST['source']); $type = Fari_Escape::text($_POST['type']); $comments = Fari_Escape::text($_POST['comments']); $date = Fari_Escape::text($_POST['date']); // date if (!Fari_Filter::isDate($date)) { Fari_Message::fail('The date is not in the correct format.'); } else { // INSERT Fari_Db::insert('kb', array('title' => $title, 'slug' => $slug, 'text' => $text, 'tags' => $tags, 'category' => $category, 'categorySlug' => $categorySlug, 'source' => $source, 'sourceSlug' => $sourceSlug, 'type' => $type, 'stems' => $stems, 'comments' => $comments, 'date' => $date, 'titleStems' => $titleStems, 'starred' => 'empty')); Fari_Message::success('Saved successfully.'); $this->redirect('/text/edit/' . $slug); die; } } } } } // fetch categories, sources & types $this->view->categories = $categories = Fari_Db::select('hierarchy', 'key, value', array('type' => 'category'), 'slug ASC'); $this->view->sources = $sources = Fari_Db::select('hierarchy', 'key, value', array('type' => 'source'), 'slug ASC'); $this->view->types = $types = Fari_Db::select('hierarchy', 'key, value', array('type' => 'type'), 'value ASC'); // form if save failed... $this->view->saved = $_POST; // get all messages $this->view->messages = Fari_Message::get(); $this->view->display('new'); }
/** * Check if user is in a specified role. * Method is_authenticated() should have been called at this point. * @uses 'role' in 'users' table * * @param string $userRole (e.g., admin) * @param string $credentials Optionally specify which column to use for credentials * @return boolean TRUE if user is in a role */ public static function isInRole($userRole, $credentialsColumn = 'username') { @($unsafe = self::getCredentials()); // get credentials string if (isset($unsafe)) { //escape input $credentials = Fari_Escape::text($unsafe); // select a matching row from a table $whereClause = array($credentialsColumn => $credentials); $user = Fari_Db::selectRow('users', 'role', $whereClause); // check that user satisfies a role if ($user['role'] === $userRole) { unset($user); return TRUE; } } return FALSE; }
" href="<?php $this->url('/text/star/' . $row['slug']); ?> "> </a> <a href="<?php $this->url('/text/view/' . $row['slug']); ?> "> <?php echo $row['title']; ?> </a></h3> <p class="preview"> <?php echo substr(Fari_Escape::text(Fari_Textile::toHTML($row['text'])), 0, 300); ?> …</p> <div class="description"> <?php if ($browse == 'category') { ?> <a href="<?php $this->url('/browse/source/' . $row['sourceSlug']); ?> "> <?php echo $row['source']; ?> <?php } elseif ($browse == 'source') {
public function create() { if (!Fari_User::isAuthenticated('realname')) { Fari_Message::fail('You need to authenticate first'); $this->redirect('/blog/login/'); } else { // are we saving updates? if (!empty($_POST['name'])) { $name = Fari_Escape::text($_POST['name']); $text = Fari_Escape::quotes($_POST['text']); $slug = Fari_Escape::slug($_POST['name']); // check article title uniqueness $result = Fari_Db::selectRow('articles', 'id', array('slug' => $slug)); if (empty($result)) { Fari_Db::insert('articles', array('text' => $text, 'slug' => $slug, 'name' => $name, 'status' => $_POST['status'], 'published' => time())); Fari_Message::success('Article \'' . $name . '\' saved.'); $this->redirect('/blog/edit/' . $slug); } else { Fari_Message::fail('Article name \'' . $name . '\' is not unique'); } } // pickup messages for us $this->view->messages = Fari_Message::get(); // fill back on fail $this->view->article = array('name' => $_POST['name'], 'text' => $_POST['text']); $this->view->display('/themes/' . BLOG_THEME . '/new'); } }
<?php if (!defined('FARI')) { die; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title><?php echo Fari_Escape::text($text['title']); ?> </title> <link rel="shortcut icon" type="image/x-icon" href="<?php $this->url('/public/favicon.ico'); ?> "> <link rel="stylesheet" href="<?php $this->url('/public/grid/screen.css'); ?> " type="text/css" media="screen, projection"/> <link rel="stylesheet" href="<?php $this->url('/public/grid/print.css'); ?> " type="text/css" media="print"/> <!--[if lt IE 8]> <link rel="stylesheet" href="<?php $this->url('/public/grid/ie.css'); ?>
public function renderFile($fileCode, $type) { $system = new System(); switch ($type) { case 'file': $file = $system->getFile(Fari_Escape::text($fileCode)); break; case 'thumb': $file = $system->getThumbnail(Fari_Escape::text($fileCode)); break; } if (!empty($file)) { // respond with a file download $this->sendFile($file); } else { $this->renderTemplate('Error404/error404'); } }
/** * Escape SESSION data. * @param string */ public function prepareSession($sessionString) { return Fari_Escape::text($sessionString); }
public function edit($slug) { $slug = Fari_Escape::text($slug); // are we saving? if ($_POST) { $success = TRUE; // save categories, sources & types $category = Fari_Escape::text($_POST['category']); $categorySlug = Fari_Escape::slug($category); $source = Fari_Escape::text($_POST['source']); $sourceSlug = Fari_Escape::slug($source); $type = Fari_Escape::text($_POST['type']); $typeSlug = Fari_Escape::slug($type); if (empty($category)) { Fari_Message::fail('The category can\'t be empty.'); $success = FALSE; } else { $result = Fari_Db::selectRow('hierarchy', 'key', array('value' => $category, 'type' => 'category')); if (empty($result)) { Fari_Db::insert('hierarchy', array('value' => $category, 'slug' => $categorySlug, 'type' => 'category')); } } if (empty($source)) { Fari_Message::fail('The source can\'t be empty.'); $success = FALSE; } else { $result = Fari_Db::selectRow('hierarchy', 'key', array('value' => $source, 'type' => 'source')); if (empty($result)) { Fari_Db::insert('hierarchy', array('value' => $source, 'slug' => $sourceSlug, 'type' => 'source')); } } if (empty($type)) { Fari_Message::fail('The category can\'t be empty.'); $success = FALSE; } else { $result = Fari_Db::selectRow('hierarchy', 'key', array('value' => $type, 'type' => 'type')); if (empty($result)) { Fari_Db::insert('hierarchy', array('value' => $type, 'type' => 'type')); } } if ($success) { $text = Fari_Escape::quotes($_POST['textarea']); // convert main text to stems & add the lowercase original to it (better matches) $stems = Knowledge::stems($text) . ' ' . strtolower($text); $tags = Fari_Escape::text($_POST['tags']); $category = Fari_Escape::text($_POST['category']); $source = Fari_Escape::text($_POST['source']); $type = Fari_Escape::text($_POST['type']); $comments = Fari_Escape::text($_POST['comments']); $date = Fari_Escape::text($_POST['date']); // date if (!Fari_Filter::isDate($date)) { Fari_Message::fail('The date is not in the correct format.'); } else { // INSERT Fari_Db::update('kb', array('text' => $text, 'comments' => $comments, 'date' => $date, 'tags' => $tags, 'category' => $category, 'categorySlug' => $categorySlug, 'source' => $source, 'sourceSlug' => $sourceSlug, 'type' => $type, 'stems' => $stems), array('slug' => $slug)); Fari_Message::success('Saved successfully.'); } } } // fetch categories, sources & types $this->view->categories = $categories = Fari_Db::select('hierarchy', 'key, value', array('type' => 'category'), 'slug ASC'); $this->view->sources = $sources = Fari_Db::select('hierarchy', 'key, value', array('type' => 'source'), 'slug ASC'); $this->view->types = $types = Fari_Db::select('hierarchy', 'key, value', array('type' => 'type'), 'value ASC'); // form $saved = Fari_Db::selectRow('kb', '*', array('slug' => $slug)); $saved['textarea'] = $saved['text']; // for reuse... $this->view->saved = $saved; // get all messages $this->view->messages = Fari_Message::get(); $this->view->display('edit'); }
/** * Set body of the messsage * @param string $subject Text * @param boolean $text escape text if set to true * @return Fari_Mail subclass */ public function setBody($body, $text = FALSE) { $this->body = $text ? Fari_Escape::text($body) : $body; return $this; }