/**
* Error pages processing
*
* @param null|string|string[] $custom_text Custom error text instead of text like "404 Not Found",
* or array with two elements: [error, error_description]
* @param bool $json Force JSON return format
*/
function error($custom_text = null, $json = false)
{
static $error_showed = false;
if ($error_showed) {
return;
}
$error_showed = true;
if (!defined('ERROR_CODE')) {
error_code(500);
}
if (defined('API') && !API && ERROR_CODE == 403 && _getcookie('sign_out')) {
header('Location: ' . Config::instance()->base_url(), true, 302);
$this->Content = '';
exit;
}
interface_off();
$error = code_header(ERROR_CODE);
if (is_array($custom_text)) {
$error = $custom_text[0];
$error_description = $custom_text[1];
} else {
$error_description = $custom_text ?: $error;
}
if (defined('API') && API || $json) {
if ($json) {
header('Content-Type: application/json; charset=utf-8', true);
interface_off();
}
$this->json(['error' => $error, 'error_description' => $error_description]);
} else {
ob_start();
if (!_include_once(THEMES . "/{$this->theme}/error.html", false) && !_include_once(THEMES . "/{$this->theme}/error.php", false)) {
echo "<!doctype html>\n" . h::title(code_header($error)) . ($error_description ?: $error);
}
$this->Content = ob_get_clean();
}
$this->__finish();
exit;
}
unset($count, $content_);
$users_list = $User->db()->qfa(["SELECT\n\t\t\t\t\t`id`,\n\t\t\t\t\t`value`\n\t\t\t\tFROM `[prefix]users_permissions`\n\t\t\t\tWHERE `permission` = '%s'", $permission]);
$users_content = [];
foreach ($users_list as &$user) {
$value = $user['value'];
$user = $user['id'];
$users_content[] = h::th($User->username($user)) . h::{'td input[type=radio]'}(['name' => 'users[' . $user . ']', 'checked' => $value, 'value' => [-1, 0, 1], 'in' => [$L->inherited, $L->deny, $L->allow]]);
}
unset($user, $value);
$Page->title($L->permissions_for_block(get_block_title($rc[3])));
$a->content(h::{'p.lead.cs-center'}($L->permissions_for_block(get_block_title($rc[3]))) . h::{'ul.cs-tabs li'}($L->groups, $L->users) . h::div(h::{'table.cs-table-borderless.cs-center-all tr'}(h::{'td.cs-left-all[colspan=4]'}(h::{'button.cs-permissions-invert'}($L->invert) . h::{'button.cs-permissions-allow-all'}($L->allow_all) . h::{'button.cs-permissions-deny-all'}($L->deny_all)), $groups_content) . h::{'table.cs-table-borderless.cs-center-all tr'}([h::{'td.cs-left-all'}(h::{'button.cs-permissions-invert'}($L->invert) . h::{'button.cs-permissions-allow-all'}($L->allow_all) . h::{'button.cs-permissions-deny-all'}($L->deny_all)), h::{'td table#cs-block-users-changed-permissions.cs-table-borderless.cs-center-all tr'}($users_content), h::{'td input#block_users_search[type=search]'}(['autocomplete' => 'off', 'permission' => $permission, 'placeholder' => $L->type_username_or_email_press_enter, 'style' => 'width: 100%']), h::{'td#block_users_search_results'}()])) . h::{'input#cs-block-users-search-found[type=hidden]'}(['value' => implode(',', $users_list)]) . h::br() . h::{'input[type=hidden]'}([[['name' => 'block[id]', 'value' => $rc[3]]], [['name' => 'mode', 'value' => $rc[2]]]]));
break;
case 'search_users':
$form = false;
$a->generate_auto = false;
interface_off();
$users_list = $User->search_users($_POST['search_phrase']);
$found_users = explode(',', $_POST['found_users']);
$permission = (int) $_POST['permission'];
$content = [];
foreach ($users_list as $user) {
if (in_array($user, $found_users)) {
continue;
}
$found_users[] = $user;
$value = $User->db()->qfs(["SELECT `value`\n\t\t\t\t\tFROM `[prefix]users_permissions`\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`id`\t\t\t= '%s' AND\n\t\t\t\t\t\t`permission`\t= '%s'", $user, $permission]);
$content[] = h::th($User->username($user)) . h::{'td input[type=radio]'}(['name' => 'users[' . $user . ']', 'checked' => $value !== false ? $value : -1, 'value' => [-1, 0, 1], 'in' => [$L->inherited . ' (' . ($value !== false && !$value ? '-' : '+') . ')', $L->deny, $L->allow]]);
}
$Page->content(h::{'table.cs-table-borderless.cs-center-all tr'}($content));
break;
}
/**
* Defining user id, type, session, personal settings
*/
function construct()
{
$Cache = $this->cache = new Prefix('users');
$Config = Config::instance();
Trigger::instance()->run('System/User/construct/before');
$this->users_columns = $Cache->get('columns', function () {
return $this->db()->columns('[prefix]users');
});
/**
* Detecting of current user
* Last part in page path - key
*/
$rc = $Config->route;
if ($this->user_agent == 'CleverStyle CMS' && ($this->get_sign_in_attempts_count(hash('sha224', 0)) < $Config->core['sign_in_attempts_block_count'] || $Config->core['sign_in_attempts_block_count'] == 0) && count($rc) > 1 && ($key_data = Key::instance()->get($Config->module('System')->db('keys'), $key = array_slice($rc, -1)[0], true)) && is_array($key_data)) {
if ($this->current['is']['system'] = $key_data['url'] == $Config->server['host'] . '/' . $Config->server['raw_relative_address']) {
$this->current['is']['admin'] = true;
interface_off();
$_POST['data'] = _json_decode($_POST['data']);
Trigger::instance()->run('System/User/construct/after');
return;
} else {
$this->current['is']['guest'] = true;
/**
* Simulate a bad sign in to block access
*/
$this->sign_in_result(false, hash('sha224', 'system'));
unset($_POST['data']);
sleep(1);
}
}
unset($key_data, $key, $rc);
/**
* If session exists
*/
if (_getcookie('session')) {
$this->id = $this->get_session_user();
/**
* Try to detect bot, not necessary for API request
*/
} elseif (!API) {
/**
* Loading bots list
*/
$bots = $Cache->get('bots', function () {
return $this->db()->qfa(["SELECT\n\t\t\t\t\t\t`u`.`id`,\n\t\t\t\t\t\t`u`.`login`,\n\t\t\t\t\t\t`u`.`email`\n\t\t\t\t\tFROM `[prefix]users` AS `u`\n\t\t\t\t\t\tINNER JOIN `[prefix]users_groups` AS `g`\n\t\t\t\t\tON `u`.`id` = `g`.`id`\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`g`.`group`\t\t= '%s' AND\n\t\t\t\t\t\t`u`.`status`\t= '%s'", self::BOT_GROUP_ID, self::STATUS_ACTIVE]) ?: [];
});
/**
* For bots: login is user agent, email is IP
*/
$bot_hash = hash('sha224', $this->user_agent . $this->ip);
/**
* If list is not empty - try to find bot
*/
if (is_array($bots) && !empty($bots)) {
/**
* Load data
*/
if (($this->id = $Cache->{$bot_hash}) === false) {
/**
* If no data - try to find bot in list of known bots
*/
foreach ($bots as $bot) {
if ($bot['login'] && (strpos($this->user_agent, $bot['login']) !== false || _preg_match($bot['login'], $this->user_agent))) {
$this->id = $bot['id'];
break;
}
if ($bot['email'] && ($this->ip == $bot['email'] || _preg_match($bot['email'], $this->ip))) {
$this->id = $bot['id'];
break;
}
}
unset($bots, $bot, $login, $email);
/**
* If found id - this is bot
*/
if ($this->id) {
$Cache->{$bot_hash} = $this->id;
/**
* Searching for last bot session, if exists - load it, otherwise create new one
*/
$last_session = $this->get_data('last_session');
$id = $this->id;
if ($last_session) {
$this->get_session_user($last_session);
}
if (!$last_session || $this->id == self::GUEST_ID) {
$this->add_session($id);
$this->set_data('last_session', $this->get_session());
}
unset($id, $last_session);
}
}
}
unset($bots, $bot_hash);
}
if (!$this->id) {
$this->id = self::GUEST_ID;
/**
* Do not create session for API request
*/
if (!API) {
$this->add_session();
}
}
$this->update_user_is();
/**
* If not guest - apply some individual settings
*/
if ($this->id != self::GUEST_ID) {
if ($this->timezone && date_default_timezone_get() != $this->timezone) {
date_default_timezone_set($this->timezone);
}
if ($Config->core['multilingual']) {
Language::instance()->change($this->language);
}
} elseif ($Config->core['multilingual']) {
/**
* Automatic detection of current language for guest
*/
Language::instance()->change('');
}
/**
* Security check
*/
if (!isset($_REQUEST['session']) || $_REQUEST['session'] != $this->get_session()) {
$_REQUEST = array_diff_key($_REQUEST, $_POST);
$_POST = [];
}
$this->init = true;
Trigger::instance()->run('System/User/construct/after');
}