public static function ipBlockContent($content, $data) { if ($data['blockName'] == "main") { $pagePassword = Service::pagePassword(); $pageId = Model::getPageId(); if ($pagePassword && !ipAdminId()) { if (isset($_SESSION['pagePassword']) && is_array($_SESSION['pagePassword']) && in_array($pageId, $_SESSION['pagePassword'])) { return $content; } $data['form'] = Helper::createForm(); $postPassword = ipRequest()->getPost('pagePassword'); if ($postPassword && $postPassword == $pagePassword) { if (isset($_SESSION['pagePassword']) && is_array($_SESSION['pagePassword'])) { $_SESSION['pagePassword'][] = $pageId; } else { $_SESSION['pagePassword'] = array(); $_SESSION['pagePassword'][] = $pageId; } return $content; } elseif ($postPassword) { $data['error'] = __('Incorrect password', 'PagePassword', false); } return ipView('view/password.php', $data)->render(); } } return $content; }
public static function ipJs($jsFiles) { if (ipGetOption('ConcatenateJsCss.disableInAdmin', 1) && ipAdminId() || ipStorage()->get('ConcatenateJsCss', 'concatenationInProgress') > time()) { return $jsFiles; } ipStorage()->set('ConcatenateJsCss', 'concatenationInProgress', time() + 60); //if some CSS / JS links to the website itself, we may have an infinite recursion. So we have to disable ourself during the concatenation $tinymceUrl = ipFileUrl('Ip/Internal/Core/assets/js/tiny_mce'); $answer = array('concatenateJsCss_tinymce_fix' => array('type' => 'content', 'value' => "var tinyMCEPreInit = {\n suffix: '.min',\n base: '" . $tinymceUrl . "',\n query: ''\n};", 'attributes' => array(), 'cacheFix' => false)); $chunk = array(); foreach ($jsFiles as &$file) { if ($file['type'] == 'content') { //we have faced a piece of inline JS. It can't be concatenated. We have to split concatenated JS in to two parts. if (!empty($chunk)) { $answer = array_merge($answer, self::concatenateChunk($chunk)); } $chunk = array(); //add current inline content JS $answer[] = $file; } else { $chunk[] = $file; } } if (!empty($chunk)) { $answer = array_merge($answer, self::concatenateChunk($chunk)); } ipStorage()->remove('ConcatenateJsCss', 'concatenationInProgress'); return $answer; }
public static function ipBeforeController() { if (ipAdminId()) { ipAddJs('assets/floatImage.js'); } ipAddCss('assets/floatImage.css'); }
public static function ipBeforeController() { $request = \Ip\ServiceLocator::request(); $sessionLifetime = ini_get('session.gc_maxlifetime'); if (!$sessionLifetime) { $sessionLifetime = 120; } if ($sessionLifetime > 30) { $sessionLifetime = $sessionLifetime - 20; } ipAddJsVariable('ipSessionRefresh', $sessionLifetime); if (ipConfig()->isDebugMode()) { ipAddJs('Ip/Internal/Core/assets/ipCore/jquery.js', null, 10); // default, global jQuery ipAddJs('Ip/Internal/Core/assets/ipCore/console.log.js', null, 10); ipAddJs('Ip/Internal/Core/assets/ipCore/functions.js'); ipAddJs('Ip/Internal/Core/assets/ipCore/jquery.tools.form.js'); ipAddJs('Ip/Internal/Core/assets/ipCore/form/color.js'); ipAddJs('Ip/Internal/Core/assets/ipCore/form/file.js'); ipAddJs('Ip/Internal/Core/assets/ipCore/form/richtext.js'); ipAddJs('Ip/Internal/Core/assets/ipCore/form/repositoryFile.js'); ipAddJs('Ip/Internal/Core/assets/ipCore/form/url.js'); ipAddJs('Ip/Internal/Core/assets/ipCore/form.js'); ipAddJs('Ip/Internal/Core/assets/ipCore/validator.js'); ipAddJs('Ip/Internal/Core/assets/ipCore/widgets.js'); ipAddJs('Ip/Internal/Core/assets/ipCore/ipCore.js'); } else { ipAddJs('Ip/Internal/Core/assets/ipCore.min.js', null, 10); } //Form init $validatorTranslations = array('Ip-admin' => static::validatorLocalizationData('Ip-admin'), ipContent()->getCurrentLanguage()->getCode() => static::validatorLocalizationData('Ip')); ipAddJsVariable('ipValidatorTranslations', $validatorTranslations); if (ipAdminId() || \Ip\Internal\Admin\Model::isLoginPage() || \Ip\Internal\Admin\Model::isPasswordResetPage()) { if (ipConfig()->isDebugMode()) { ipAddJs('Ip/Internal/Core/assets/admin/managementMode.js'); ipAddJs('Ip/Internal/Core/assets/admin/functions.js'); ipAddJs('Ip/Internal/Core/assets/admin/validator.js'); ipAddJs('Ip/Internal/Core/assets/admin/bootstrap/bootstrap.js'); ipAddJs('Ip/Internal/Core/assets/admin/bootstrap-switch/bootstrap-switch.js'); } else { ipAddJs('Ip/Internal/Core/assets/admin.min.js', null, 10); } ipAddJs('Ip/Internal/Core/assets/tinymce/pastePreprocess.js'); ipAddJs('Ip/Internal/Core/assets/tinymce/default.js'); } if (ipAdminId()) { ipAddJs('Ip/Internal/Core/assets/js/tiny_mce/jquery.tinymce.min.js'); ipAddJs('Ip/Internal/Core/assets/js/tiny_mce/tinymce.min.js'); ipAddJsVariable('ipBrowseLinkModalTemplate', ipView('view/browseLinkModal.php')->render()); ipAddJs('Ip/Internal/Core/assets/ipCore/plupload/plupload.full.js'); ipAddJs('Ip/Internal/Core/assets/ipCore/plupload/plupload.browserplus.js'); ipAddJs('Ip/Internal/Core/assets/ipCore/plupload/plupload.gears.js'); ipAddJs('Ip/Internal/Core/assets/ipCore/plupload/jquery.plupload.queue/jquery.plupload.queue.js'); if (is_file(ipThemeFile('setup/admin.js'))) { ipAddJs(ipThemeUrl('setup/admin.js')); } ipAddCss('Ip/Internal/Core/assets/admin/admin.css'); } }
/** * @param $info * @return \Ip\Response\Redirect */ public static function ipExecuteController($info) { $page = ipContent()->getCurrentPage(); if ($page && $page->getRedirectUrl() && !ipAdminId()) { return new \Ip\Response\Redirect($page->getRedirectUrl()); } return null; }
public static function ipBeforeController() { if (ipAdminId()) { ipAddJs('assets/FontAwesomeField.js'); ipAddCss('assets/FontAwesomeField.css'); } ipAddCss('Plugin/FontAwesomeIcons/assets/css/font-awesome.min.css'); }
public static function removePermission($permission, $administratorId = null) { if ($administratorId === null) { $administratorId = ipAdminId(); } $condition = array('permission' => $permission, 'administratorId' => $administratorId); ipDb()->delete('permission', $condition); }
/** * @param \Ip\Response $response * @return mixed */ public static function ipSendResponse($response) { if (ipGetOption('MaintenanceMode.enabled') == 1 && ipAdminId() === false) { if (substr(ipRequest()->getRelativePath(), 0, 5) != 'admin') { return new \Ip\Response(ipGetOption('MaintenanceMode.content')); } } return $response; }
public function delete() { ipRequest()->mustBePost(); $userId = ipRequest()->getPost('id'); if (!$userId) { throw new \Ip\Exception('Missing required parameters'); } if ($userId == ipAdminId()) { throw new \Ip\Exception("Can't delete yourself"); } Service::delete($userId); $data = array('status' => 'ok'); return new \Ip\Response\Json($data); }
public function hasPermission($permission, $administratorId = null) { if (in_array($permission, array('InlineManagement'))) { $permission = 'Content'; } if ($administratorId == null) { $administratorId = ipAdminId(); } if (!isset($this->permissions[$administratorId])) { $this->permissions[$administratorId] = AdminPermissionsModel::getUserPermissions($administratorId); } $answer = isset($this->permissions[$administratorId][$permission]) || isset($this->permissions[$administratorId]['Super admin']); $answer = ipFilter('ipAdminPermission', $answer, array('permission' => $permission, 'administratorId' => $administratorId)); return $answer; }
public static function ipBeforeController() { //show admin submenu if needed if (ipRoute()->isAdmin()) { ipAddJs('Ip/Internal/Core/assets/js/jquery-ui/jquery-ui.js'); ipAddCss('Ip/Internal/Core/assets/js/jquery-ui/jquery-ui.css'); $submenu = Submenu::getSubmenuItems(); $submenu = ipFilter('ipAdminSubmenu', $submenu); if ($submenu) { ipResponse()->setLayoutVariable('submenu', $submenu); } } // Show admin toolbar if admin is logged in: if (ipAdminId() && !ipRequest()->getRequest('pa') || ipRequest()->getRequest('aa') && ipAdminId()) { if (!ipRequest()->getQuery('ipDesignPreview') && !ipRequest()->getQuery('disableAdminNavbar')) { ipAddJs('Ip/Internal/Admin/assets/admin.js'); ipAddJsVariable('ipAdminNavbar', static::getAdminNavbarHtml()); } } // Show popup with autogenerated user information if needed $adminIsAutogenerated = ipStorage()->get('Ip', 'adminIsAutogenerated'); if ($adminIsAutogenerated) { $adminId = \Ip\Internal\Admin\Backend::userId(); $admin = \Ip\Internal\Administrators\Model::getById($adminId); ipAddJs('Ip/Internal/Admin/assets/adminIsAutogenerated.js'); $data = array('adminUsername' => $admin['username'], 'adminPassword' => ipStorage()->get('Ip', 'adminIsAutogenerated'), 'adminEmail' => $admin['email']); ipAddJsVariable('ipAdminIsAutogenerated', ipView('view/adminIsAutoGenerated.php', $data)->render()); } if (ipContent()->getCurrentPage()) { // initialize management if (ipIsManagementState()) { if (!ipRequest()->getQuery('ipDesignPreview') && !ipRequest()->getQuery('disableManagement')) { \Ip\Internal\Content\Helper::initManagement(); } } //show page content $response = ipResponse(); $response->setDescription(\Ip\ServiceLocator::content()->getDescription()); $response->setKeywords(ipContent()->getKeywords()); $response->setTitle(ipContent()->getTitle()); } }
/** * @param $info * @return array|null * @throws \Ip\Exception */ public static function ipRouteAction_70($info) { $result = \Ip\ServiceLocator::router()->match(rtrim($info['relativeUri'], '/'), ipRequest()); if (!$result) { return null; } if (is_callable($result['action'])) { unset($result['plugin'], $result['controller']); } if (empty($result['page'])) { if ($info['relativeUri'] == '') { $pageId = ipContent()->getDefaultPageId(); $page = \Ip\Internal\Pages\Service::getPage($pageId); } else { $languageCode = ipContent()->getCurrentLanguage()->getCode(); $page = \Ip\Internal\Pages\Service::getPageByUrl($languageCode, $info['relativeUri']); } if ($page && (!$page['isSecured'] || !ipAdminId())) { $result['page'] = new \Ip\Page($page); } } return $result; }
protected function init() { $this->firstTimeThisYear = true; $this->firstTimeThisMonth = true; $this->firstTimeThisWeek = true; $this->firstTimeThisDay = true; $this->firstTimeThisHour = true; $this->lastTime = null; $lastExecution = ipStorage()->get('Cron', 'lastExecutionEnd', null); $lastExecutionStart = ipStorage()->get('Cron', 'lastExecutionStart', null); if ($lastExecution < $lastExecutionStart) { // if last cron execution failed to finish $lastExecution = $lastExecutionStart; } if ($lastExecution && !(ipRequest()->getQuery('test', 0) && ipAdminId())) { $this->firstTimeThisYear = date('Y') != date('Y', $lastExecution); $this->firstTimeThisMonth = date('Y-m') != date('Y-m', $lastExecution); $this->firstTimeThisWeek = date('Y-w') != date('Y-w', $lastExecution); $this->firstTimeThisDay = date('Y-m-d') != date('Y-m-d', $lastExecution); $this->firstTimeThisHour = date('Y-m-d H') != date('Y-m-d H', $lastExecution); $this->lastTime = $lastExecution; } }
/** * Handle uploads made using PlUpload library * @param bool $secureFolder * @throws \Ip\Exception\Repository\Upload */ public function handlePlupload($secureFolder) { if (!$secureFolder && !ipAdminId()) { throw new \Ip\Exception\Repository\Upload("Trying to upload image to temporary directory without permission."); } if ($secureFolder) { $targetDir = ipFile('file/secure/tmp/'); } else { $targetDir = ipFile('file/tmp/'); } if ($secureFolder) { $sizeLimit = ipGetOption('Repository.publicUploadLimit', 4000); if ($this->folderSize($targetDir) > $sizeLimit * 1000000) { //4000 Mb by default ipLog()->error("Repository.publicUploadLimitReached: IP: `{ip}`. CurrentLimit `{limit}Mb`. Please update Repository.publicUploadLimit option to increase the limits.", array('ip' => $_SERVER['REMOTE_ADDR'], 'limit' => $sizeLimit)); throw new \Ip\Exception("Upload limit reached"); } } // Get parameters $chunk = isset($_REQUEST["chunk"]) ? $_REQUEST["chunk"] : 0; $chunks = isset($_REQUEST["chunks"]) ? $_REQUEST["chunks"] : 0; $fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : ''; // Clean the fileName for security reasons $fileName = \Ip\Internal\File\Functions::cleanupFileName($fileName); // Make sure the fileName is unique but only if chunking is disabled if ($chunks < 2 && file_exists($targetDir . $fileName)) { $fileName = \Ip\Internal\File\Functions::genUnoccupiedName($fileName, $targetDir); } //security check $fileExtension = strtolower(substr($fileName, strrpos($fileName, '.') + 1)); $whiteListExtensions = array('jpg', 'jpeg', 'jpe', 'gif', 'png', 'bmp', 'tif', 'tiff', 'ico', 'asf', 'asx', 'wmv', 'wmx', 'wm', 'avi', 'divx', 'flv', 'mov', 'qt', 'mpeg', 'mpg', 'mpe', 'mp4', 'm4v', 'ogv', 'webm', 'mkv', 'txt', 'asc', 'c', 'cc', 'h', 'csv', 'tsv', 'ics', 'rtx', 'css', 'htm', 'html', 'vtt', 'mp3', 'm4a', 'm4b', 'ra', 'ram', 'wav', 'ogg', 'oga', 'mid', 'midi', 'wma', 'wax', 'mka', 'rtf', 'js', 'pdf', 'class', 'tar', 'zip', 'gz', 'gzip', 'rar', '7z', 'doc', 'pot', 'pps', 'ppt', 'wri', 'xla', 'xls', 'xlt', 'xlw', 'mdb', 'mpp', 'docx', 'docm', 'dotx', 'dotm', 'eps', 'xlsx', 'xlsm', 'xlsb', 'xltx', 'xltm', 'xlam', 'pptx', 'pptm', 'ppsx', 'ppsm', 'potx', 'potm', 'ppam', 'sldx', 'sldm', 'onetoc', 'onetoc2', 'onetmp', 'onepkg', 'odt', 'odp', 'ods', 'odg', 'odc', 'odb', 'odf', 'wp', 'wpd', 'key', 'numbers', 'pages', 'xml', 'json', 'iso', 'aac', 'img', 'psd', 'ai', 'sql', 'swf', 'svg'); $whiteListExtensions = ipFilter('ipWhiteListExtensions', $whiteListExtensions); if (!empty($fileExtension) && !in_array($fileExtension, $whiteListExtensions)) { //security risk throw new \Ip\Exception\Repository\Upload\ForbiddenFileExtension("Files with extension (." . esc($fileExtension) . ") are not permitted for security reasons.", array('extension' => $fileExtension, 'filename' => $fileName)); } //end security check // Look for the content type header $contentType = null; if (isset($_SERVER["HTTP_CONTENT_TYPE"])) { $contentType = $_SERVER["HTTP_CONTENT_TYPE"]; } if (isset($_SERVER["CONTENT_TYPE"])) { $contentType = $_SERVER["CONTENT_TYPE"]; } // Handle non multipart uploads older WebKit versions didn't support multipart in HTML5 if (strpos($contentType, "multipart") !== false) { if (!isset($_FILES['file']['tmp_name']) || !is_uploaded_file($_FILES['file']['tmp_name'])) { throw new \Ip\Exception\Repository\Upload("Failed to move uploaded file."); } // Open temp file $out = fopen($targetDir . $fileName, $chunk == 0 ? "wb" : "ab"); if (!$out) { throw new \Ip\Exception\Repository\Upload("Failed to open output stream."); } //mark this file as uploaded by current user $this->setFileUploadedByThisUser($targetDir . $fileName); // Read binary input stream and append it to temp file $in = fopen($_FILES['file']['tmp_name'], "rb"); if (!$in) { throw new \Ip\Exception\Repository\Upload("Failed to open input stream."); } while ($buff = fread($in, 4096)) { fwrite($out, $buff); } fclose($in); fclose($out); @unlink($_FILES['file']['tmp_name']); } else { // Open temp file $out = fopen($targetDir . '/' . $fileName, $chunk == 0 ? "wb" : "ab"); if (!$out) { throw new \Ip\Exception\Repository\Upload("Failed to open output stream."); } // Read binary input stream and append it to temp file $in = fopen("php://input", "rb"); if (!$in) { throw new \Ip\Exception\Repository\Upload("Failed to open input stream."); } while ($buff = fread($in, 4096)) { if (function_exists('set_time_limit')) { set_time_limit(30); } fwrite($out, $buff); } fclose($in); fclose($out); } $this->uploadedFileName = $fileName; $this->uploadedFile = $targetDir . $fileName; $this->targetDir = $targetDir; }
/** * If in management state and the last revision was published, create a new revision. * @ignore */ public function getCurrentRevision() { if ($this->currentRevision !== null) { return $this->currentRevision; } if (!$this->currentPage) { return null; } $revision = null; $pageId = $this->currentPage->getId(); if (ipRequest()->getQuery('_revision') && ipAdminId()) { $revisionId = ipRequest()->getQuery('_revision'); $revision = \Ip\Internal\Revision::getRevision($revisionId); if ($revision['pageId'] != $pageId) { $revision = null; } } if (!$revision && ipIsManagementState()) { $revision = \Ip\Internal\Revision::getLastRevision($pageId); if ($revision['isPublished']) { $duplicatedId = \Ip\Internal\Revision::duplicateRevision($revision['revisionId']); $revision = \Ip\Internal\Revision::getRevision($duplicatedId); } } if (!$revision) { $revision = \Ip\Internal\Revision::getPublishedRevision($this->currentPage->getId()); } $this->currentRevision = $revision; return $this->currentRevision; }
public function sendUsageStatisticsAjax() { ipRequest()->mustBePost(); $usageStatistics = false; // Send stats just after admin login if (isset($_SESSION['module']['system']['adminJustLoggedIn'])) { $usageStatistics = array('action' => 'Admin.login', 'data' => array('admin' => ipAdminId())); // Removing session variable to send these stats only once unset($_SESSION['module']['system']['adminJustLoggedIn']); } // if we have some kind of definition then we send data if ($usageStatistics !== false) { \Ip\Internal\System\Model::sendUsageStatistics($usageStatistics); } return \Ip\Response\JsonRpc::result('ok'); }
public function generateJavascript() { $cacheVersion = $this->getCacheVersion(); $javascriptFiles = $this->getJavascript(); $javascriptFilesSorted = array(); foreach ($javascriptFiles as $level) { foreach ($level as &$file) { if ($file['type'] == 'file' && $file['cacheFix']) { $file['value'] .= (strpos($file['value'], '?') !== false ? '&' : '?') . $cacheVersion; } } $javascriptFilesSorted = array_merge($javascriptFilesSorted, $level); } $revision = $this->getCurrentRevision(); $page = ipContent()->getCurrentPage(); $javascriptFilesSorted = ipFilter('ipJs', $javascriptFilesSorted); $language = ipContent()->getCurrentLanguage(); $data = array('ip' => array('baseUrl' => ipConfig()->baseUrl(), 'safeMode' => \Ip\Internal\Admin\Service::isSafeMode(), 'languageId' => $language->getId(), 'languageUrl' => $language->getLink(), 'languageCode' => $language->getCode(), 'languageTextDirection' => $language->getTextDirection(), 'theme' => ipConfig()->theme(), 'pageId' => $page ? $page->getId() : null, 'revisionId' => $revision['revisionId'], 'securityToken' => \Ip\ServiceLocator::application()->getSecurityToken(), 'developmentEnvironment' => ipConfig()->isDevelopmentEnvironment(), 'debugMode' => ipconfig()->isDebugMode(), 'isManagementState' => ipIsManagementState(), 'isAdminState' => ipAdminId() ? 1 : 0, 'isAdminNavbarDisabled' => ipRequest()->getQuery('disableAdminNavbar') ? 1 : 0), 'javascriptVariables' => $this->getJavascriptVariables(), 'javascript' => $javascriptFilesSorted); $javascript = ipView('Ip/Internal/Config/view/javascript.php', $data)->render(); $javascript = ipFilter('ipJavaScript', $javascript); return $javascript; }
?> </div><!-- /col-lg-4 --> <div class="col-lg-4"> <p><?php echo ipBlock('block2')->asStatic()->render(); ?> </p> </div><!-- /col-lg-4 --> <div class="col-lg-4"> <?php echo ipSlot('text', array('id' => 'text5', 'tag' => 'h4', 'default' => __('StanleyIP', 'Stanley', false), 'class' => '')); ?> <p>This cute theme was created to showcase your work in a simple way. Use it wisely.</p> <p><?php echo sprintf(__('Drag & drop with %s', 'Air'), '<a href="http://www.impresspages.org">ImpressPages</a>'); ?> </p> </div><!-- /col-lg-4 --> </div> </div> </div> <?php if (!ipAdminId()) { echo ipAddJs('assets/js/bootstrap.min.js'); } echo ipJs(); ?> </body> </html>
public static function ipBeforeController() { if (ipAdminId()) { ipAddJs('assets/breadcrumb.js'); } }
protected function backendOnly() { if (!ipAdminId()) { throw new \Exception('This controller can be accessed only by administrator'); } }