function show() { if (!main()->ADMIN_ID) { return _403(); } $body = '' . '<div class="col-md-4">' . '<h3>' . t('Настройки безопасности') . '</h3>' . $this->_security_settings() . '</div>'; return '<div class="container-block row" style="margin-top:20px;">' . $body . '</div>'; }
/** */ function preview($extra = []) { conf('ROBOTS_NO_INDEX', true); no_graphics(true); if (main()->USER_ID != 1) { return print _403('You should be logged as user 1'); } // Example of url: /dynamic/preview/static_pages/29/ $object = preg_replace('~[^a-z0-9_]+~ims', '', $_GET['id']); $id = preg_replace('~[^a-z0-9_]+~ims', '', $_GET['page']); if (!strlen($object)) { return print _403('Object is required'); } $ref = $_SERVER['HTTP_REFERER']; $body = ''; if (is_post() && isset($_POST['text'])) { $u_ref = parse_url($ref); $u_self = parse_url(WEB_PATH); $u_adm = parse_url(ADMIN_WEB_PATH); if ($u_ref['host'] && $u_ref['host'] == $u_self['host'] && $u_ref['host'] == $u_adm['host'] && $u_ref['path'] == $u_adm['path']) { $body = $_POST['text']; } else { return print _403('Preview security check not passed'); } } if (!$body) { $q = from($object)->whereid($id); if ($object == 'static_pages') { $body = $q->one('text'); } elseif ($object == 'tips') { $body = $q->one('text'); } elseif ($object == 'faq') { $body = $q->one('text'); } elseif ($object == 'news') { $body = $q->one('full_text'); } } $body = '<div class="container">' . $body . '</div>'; return print common()->show_empty_page($body); }
/** * Dispatch request */ public function index() { if (!access('admin')) { return _403(); } new Admin_Menu(); $args = $this->router->getArgs(); $rev_args = array_reverse($args); $class = array(); while ($piece = array_pop($rev_args)) { $class[] = $piece; $gear = implode('_', $class); if ($this->gears->{$gear}) { $callback = array($this->gears->{$gear}, 'admin'); if (is_callable($callback)) { event('admin.gear.request', $this->gears->{$gear}); Template::setGlobal('title', $gear); $this->router->exec($callback, $rev_args); break; } } } }
function page_access($rule) { $cogear = getInstance(); if (access($rule)) { return TRUE; } else { return _403(); } }
/** * Edit action * * @param string $login */ public function edit_action($id = NULL) { $id or $id = $this->user->id; $user = new User_Object(); $this->db->where('id', $id); if (!$user->find()) { return _404(); } if (!access('user edit_all') && $this->id != $user->id) { return _403(); } $this->renderUserInfo($user); $user = new User_Object(); $user->where('id', $id); $user->find(); $form = new Form('User.profile'); $user->password = ''; $form->object($user->object()); if ($form->elements->avatar->is_ajaxed && Ajax::get('action') == 'replace') { $user->avatar = ''; $user->update(); } if ($result = $form->result()) { if ($user->login != $result['login']) { $redirect = Url::gear('user') . $result['login']; } if ($result->delete && access('users delete_all')) { $user->delete(); flash_success(t('User <b>%s</b> was deleted!')); redirect(Url::link('/users')); } $user->merge($result); if ($result->password) { $user->hashPassword(); } else { unset($user->password); } if ($user->update()) { d('User edit'); flash_success(t('User data saved!'), t('Success')); d(); if ($user->id == $this->id) { $this->store($user->object()->toArray()); } redirect(Url::gear('user') . $user->login); } } append('content', $form->render()); }
<?php $ts = microtime(true); $config = (require __DIR__ . '/config.php'); require_once __DIR__ . '/lib.php'; $payload = get_payload(); $access_log = date('Y-m-d H:i:s') . PHP_EOL . 'GET: ' . print_r($_GET, 1) . PHP_EOL . 'POST: ' . print_r($_POST, 1) . PHP_EOL . 'SERVER: ' . print_r($_SERVER, 1) . PHP_EOL . 'PAYLOAD: ' . print_r($payload, 1) . PHP_EOL; _log($access_log, __DIR__ . '/log/access.log'); !$payload && exit(_404()); $provider = get_git_provider(); !$provider && exit(_404()); $app_conf = get_app_conf($config); !$app_conf && exit(_403()); $path = rtrim($app_conf['path'], '/') . '/'; if ($provider === 'github') { // Github API v3 // https://developer.github.com/v3/activity/events/types/#pushevent // // you should put deploy keys inside /var/www/.ssh/id_rsa // also verify if user www-data has access to private repo: // sudo -u www-data ssh -T git@github.com // $event = strtolower($_SERVER['HTTP_X_GITHUB_EVENT']); if (in_array($event, array('create', 'push'))) { $clone_url = $payload['repository'][$app_conf['is_private'] ? 'ssh_url' : 'clone_url']; $ref = $payload['ref']; $git_hash = $payload['head_commit']['id']; if ($clone_url && $ref) { $ok = deploy_git($ref, $path, $clone_url, $app_conf); } !$ok && _503();
/** * Show pages * * @param string $type */ public function index($action = '', $subaction = NULL) { new Menu_Tabs('pages', Url::gear('pages')); switch ($action) { case 'create': if (!page_access('pages create')) { return; } $form = new Form('Pages.createdit'); if ($result = $form->result()) { $page = new Pages_Object(); $page->object($result); $page->aid = cogear()->user->id; $page->created_date = time(); $page->last_update = time(); $page->save(); flash_success(t('New page has been successfully added!', 'Pages')); redirect($page->getUrl()); } append('content', $form->render()); break; case 'show': $this->showPage($subaction); break; case 'edit': $page = new Pages_Object(); $page->where('id', intval($subaction)); if ($page->find()) { if (access('pages edit_all') or $cogear->user->id == $page->aid) { $form = new Form('Pages.createdit'); $form->init(); if (access('pages delete')) { $form->addElement('delete', array('label' => t('Delete'), 'type' => 'submit')); } $form->setValues($page->object()); if ($result = $form->result()) { if ($result->delete) { $page->delete(); redirect(Url::gear('pages')); } $page->object()->mix($result); $page->last_update = time(); $page->update(); $link = $page->getUrl(); success(t('Page has been update. You can visit it by link <a href="%s">%s</a>', 'Pages', $link, $link)); //redirect($page->getUrl()); } $form->elements->submit->setValue(t('Update')); append('content', $form->render()); } else { return _403(); } } else { return _404(); } break; default: $this->showPages($action); } }