Пример #1
0
 /**
  * Error pages processing
  *
  * @param null|string|string[]	$custom_text	Custom error text instead of text like "404 Not Found",
  * 												or array with two elements: [error, error_description]
  * @param bool					$json			Force JSON return format
  */
 function error($custom_text = null, $json = false)
 {
     static $error_showed = false;
     if ($error_showed) {
         return;
     }
     $error_showed = true;
     if (!defined('ERROR_CODE')) {
         error_code(500);
     }
     if (defined('API') && !API && ERROR_CODE == 403 && _getcookie('sign_out')) {
         header('Location: ' . Config::instance()->base_url(), true, 302);
         $this->Content = '';
         exit;
     }
     interface_off();
     $error = code_header(ERROR_CODE);
     if (is_array($custom_text)) {
         $error = $custom_text[0];
         $error_description = $custom_text[1];
     } else {
         $error_description = $custom_text ?: $error;
     }
     if (defined('API') && API || $json) {
         if ($json) {
             header('Content-Type: application/json; charset=utf-8', true);
             interface_off();
         }
         $this->json(['error' => $error, 'error_description' => $error_description]);
     } else {
         ob_start();
         if (!_include_once(THEMES . "/{$this->theme}/error.html", false) && !_include_once(THEMES . "/{$this->theme}/error.php", false)) {
             echo "<!doctype html>\n" . h::title(code_header($error)) . ($error_description ?: $error);
         }
         $this->Content = ob_get_clean();
     }
     $this->__finish();
     exit;
 }
Пример #2
0
         unset($count, $content_);
         $users_list = $User->db()->qfa(["SELECT\n\t\t\t\t\t`id`,\n\t\t\t\t\t`value`\n\t\t\t\tFROM `[prefix]users_permissions`\n\t\t\t\tWHERE `permission` = '%s'", $permission]);
         $users_content = [];
         foreach ($users_list as &$user) {
             $value = $user['value'];
             $user = $user['id'];
             $users_content[] = h::th($User->username($user)) . h::{'td input[type=radio]'}(['name' => 'users[' . $user . ']', 'checked' => $value, 'value' => [-1, 0, 1], 'in' => [$L->inherited, $L->deny, $L->allow]]);
         }
         unset($user, $value);
         $Page->title($L->permissions_for_block(get_block_title($rc[3])));
         $a->content(h::{'p.lead.cs-center'}($L->permissions_for_block(get_block_title($rc[3]))) . h::{'ul.cs-tabs li'}($L->groups, $L->users) . h::div(h::{'table.cs-table-borderless.cs-center-all tr'}(h::{'td.cs-left-all[colspan=4]'}(h::{'button.cs-permissions-invert'}($L->invert) . h::{'button.cs-permissions-allow-all'}($L->allow_all) . h::{'button.cs-permissions-deny-all'}($L->deny_all)), $groups_content) . h::{'table.cs-table-borderless.cs-center-all tr'}([h::{'td.cs-left-all'}(h::{'button.cs-permissions-invert'}($L->invert) . h::{'button.cs-permissions-allow-all'}($L->allow_all) . h::{'button.cs-permissions-deny-all'}($L->deny_all)), h::{'td table#cs-block-users-changed-permissions.cs-table-borderless.cs-center-all tr'}($users_content), h::{'td input#block_users_search[type=search]'}(['autocomplete' => 'off', 'permission' => $permission, 'placeholder' => $L->type_username_or_email_press_enter, 'style' => 'width: 100%']), h::{'td#block_users_search_results'}()])) . h::{'input#cs-block-users-search-found[type=hidden]'}(['value' => implode(',', $users_list)]) . h::br() . h::{'input[type=hidden]'}([[['name' => 'block[id]', 'value' => $rc[3]]], [['name' => 'mode', 'value' => $rc[2]]]]));
         break;
     case 'search_users':
         $form = false;
         $a->generate_auto = false;
         interface_off();
         $users_list = $User->search_users($_POST['search_phrase']);
         $found_users = explode(',', $_POST['found_users']);
         $permission = (int) $_POST['permission'];
         $content = [];
         foreach ($users_list as $user) {
             if (in_array($user, $found_users)) {
                 continue;
             }
             $found_users[] = $user;
             $value = $User->db()->qfs(["SELECT `value`\n\t\t\t\t\tFROM `[prefix]users_permissions`\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`id`\t\t\t= '%s' AND\n\t\t\t\t\t\t`permission`\t= '%s'", $user, $permission]);
             $content[] = h::th($User->username($user)) . h::{'td input[type=radio]'}(['name' => 'users[' . $user . ']', 'checked' => $value !== false ? $value : -1, 'value' => [-1, 0, 1], 'in' => [$L->inherited . ' (' . ($value !== false && !$value ? '-' : '+') . ')', $L->deny, $L->allow]]);
         }
         $Page->content(h::{'table.cs-table-borderless.cs-center-all tr'}($content));
         break;
 }
Пример #3
0
 /**
  * Defining user id, type, session, personal settings
  */
 function construct()
 {
     $Cache = $this->cache = new Prefix('users');
     $Config = Config::instance();
     Trigger::instance()->run('System/User/construct/before');
     $this->users_columns = $Cache->get('columns', function () {
         return $this->db()->columns('[prefix]users');
     });
     /**
      * Detecting of current user
      * Last part in page path - key
      */
     $rc = $Config->route;
     if ($this->user_agent == 'CleverStyle CMS' && ($this->get_sign_in_attempts_count(hash('sha224', 0)) < $Config->core['sign_in_attempts_block_count'] || $Config->core['sign_in_attempts_block_count'] == 0) && count($rc) > 1 && ($key_data = Key::instance()->get($Config->module('System')->db('keys'), $key = array_slice($rc, -1)[0], true)) && is_array($key_data)) {
         if ($this->current['is']['system'] = $key_data['url'] == $Config->server['host'] . '/' . $Config->server['raw_relative_address']) {
             $this->current['is']['admin'] = true;
             interface_off();
             $_POST['data'] = _json_decode($_POST['data']);
             Trigger::instance()->run('System/User/construct/after');
             return;
         } else {
             $this->current['is']['guest'] = true;
             /**
              * Simulate a bad sign in to block access
              */
             $this->sign_in_result(false, hash('sha224', 'system'));
             unset($_POST['data']);
             sleep(1);
         }
     }
     unset($key_data, $key, $rc);
     /**
      * If session exists
      */
     if (_getcookie('session')) {
         $this->id = $this->get_session_user();
         /**
          * Try to detect bot, not necessary for API request
          */
     } elseif (!API) {
         /**
          * Loading bots list
          */
         $bots = $Cache->get('bots', function () {
             return $this->db()->qfa(["SELECT\n\t\t\t\t\t\t`u`.`id`,\n\t\t\t\t\t\t`u`.`login`,\n\t\t\t\t\t\t`u`.`email`\n\t\t\t\t\tFROM `[prefix]users` AS `u`\n\t\t\t\t\t\tINNER JOIN `[prefix]users_groups` AS `g`\n\t\t\t\t\tON `u`.`id` = `g`.`id`\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`g`.`group`\t\t= '%s' AND\n\t\t\t\t\t\t`u`.`status`\t= '%s'", self::BOT_GROUP_ID, self::STATUS_ACTIVE]) ?: [];
         });
         /**
          * For bots: login is user agent, email is IP
          */
         $bot_hash = hash('sha224', $this->user_agent . $this->ip);
         /**
          * If list is not empty - try to find bot
          */
         if (is_array($bots) && !empty($bots)) {
             /**
              * Load data
              */
             if (($this->id = $Cache->{$bot_hash}) === false) {
                 /**
                  * If no data - try to find bot in list of known bots
                  */
                 foreach ($bots as $bot) {
                     if ($bot['login'] && (strpos($this->user_agent, $bot['login']) !== false || _preg_match($bot['login'], $this->user_agent))) {
                         $this->id = $bot['id'];
                         break;
                     }
                     if ($bot['email'] && ($this->ip == $bot['email'] || _preg_match($bot['email'], $this->ip))) {
                         $this->id = $bot['id'];
                         break;
                     }
                 }
                 unset($bots, $bot, $login, $email);
                 /**
                  * If found id - this is bot
                  */
                 if ($this->id) {
                     $Cache->{$bot_hash} = $this->id;
                     /**
                      * Searching for last bot session, if exists - load it, otherwise create new one
                      */
                     $last_session = $this->get_data('last_session');
                     $id = $this->id;
                     if ($last_session) {
                         $this->get_session_user($last_session);
                     }
                     if (!$last_session || $this->id == self::GUEST_ID) {
                         $this->add_session($id);
                         $this->set_data('last_session', $this->get_session());
                     }
                     unset($id, $last_session);
                 }
             }
         }
         unset($bots, $bot_hash);
     }
     if (!$this->id) {
         $this->id = self::GUEST_ID;
         /**
          * Do not create session for API request
          */
         if (!API) {
             $this->add_session();
         }
     }
     $this->update_user_is();
     /**
      * If not guest - apply some individual settings
      */
     if ($this->id != self::GUEST_ID) {
         if ($this->timezone && date_default_timezone_get() != $this->timezone) {
             date_default_timezone_set($this->timezone);
         }
         if ($Config->core['multilingual']) {
             Language::instance()->change($this->language);
         }
     } elseif ($Config->core['multilingual']) {
         /**
          * Automatic detection of current language for guest
          */
         Language::instance()->change('');
     }
     /**
      * Security check
      */
     if (!isset($_REQUEST['session']) || $_REQUEST['session'] != $this->get_session()) {
         $_REQUEST = array_diff_key($_REQUEST, $_POST);
         $_POST = [];
     }
     $this->init = true;
     Trigger::instance()->run('System/User/construct/after');
 }