static function checkPerm($perm) { global $db; if (Permissions::isAnon()) { return false; } if (Permissions::isAdmin()) { return true; } $session = Session::singletone(); $q = $db->prepare("SELECT permission FROM phph_permissions WHERE permission = ? AND user_id = ?"); if (PEAR::isError($q)) { die($q->getMessage()); } $r = $db->execute($q, array($perm, $session->_uid)); if (PEAR::isError($r)) { die($r->getMessage()); } if ($r->numRows() > 0) { return true; } $q = $db->prepare("SELECT permission FROM phph_permissions WHERE permission = ? AND group_id IN (SELECT group_id FROM phph_group_users WHERE user_id = ?)"); if (PEAR::isError($q)) { die($q->getMessage()); } $r = $db->execute($q, array($perm, $session->_uid)); if (PEAR::isError($r)) { die($r->getMessage()); } if ($r->numRows() > 0) { return true; } return false; }
static function url($action, $attrs = array(), $script = "index.php") { $s = Config::get("site_url") . "/{$script}?action={$action}"; $s = Session::singletone()->addSID($s); //$ref = self::pg("ref"); //if (!empty($ref)) // $s .= "&ref=" . htmlspecialchars(urlencode($ref)); foreach ($attrs as $id => $val) { $s .= htmlspecialchars("&{$id}=" . urlencode($val)); } return $s; }
<?php // $Id$ set_include_path(get_include_path() . ":../"); require_once "includes/session.php"; require_once "includes/utils.php"; require_once "includes/permissions.php"; require_once "includes/photo.php"; $session = Session::singletone(); if ($session->requireLogin()) { exit; } if (!Permissions::checkPerm('admin_panel')) { die("Permission denied."); } if (!Permissions::checkPerm('delete_photos')) { die("Permission denied."); } $ref = urldecode(Utils::pg("ref")); $pid = urldecode(Utils::pg("pid")); if (empty($pid)) { die; } $photo = new Photo($pid); $photo->remove(); header("Location: {$ref}"); ini_restore('include_path');
function update($title, $text) { $session = Session::singletone(); if ($this->_dbo->comment_title == $title && $this->_dbo->comment_text == $text) { return; } $o_title = $this->_dbo->comment_title; $o_text = $this->_dbo->comment_text; $this->_dbo->comment_title = $title; $this->_dbo->comment_text = $text; $this->_dbo->update(); $photo = new Photo($this->_dbo->photo_id); if ($photo->_dbo->user_id != $session->_uid) { $user = new User($session->_uid); $to_name = $photo->_user->user_login; $photo_title = $photo->_dbo->photo_title; $author = $user->_dbo->user_login; $body = <<<EOT Witaj {$to_name}, Uytkownik {$author} wyedytowa komentarz do Twojego zdj�ia "{$photo_title}". Obecna tre�komentarza: {$title} {$text} ---- Poprzednia tre�komentarza: {$o_title} {$o_text} -- Ten email zosta wysany automatycznie. Prosimy nie odpowiada� EOT; Utils::mail("Komentarz do Twojego zdj�ia \"{$photo_title}\" zosta zmieniony.", $body, $photo->_user->user_email, $photo->_user->user_name); } if ($this->_dbo->user_id != $session->_uid) { $user = new User($session->_uid); $to_name = $this->_user->user_login; $photo_title = $photo->_dbo->photo_title; $author = $user->_dbo->user_login; $body = <<<EOT Witaj {$to_name}, Uytkownik {$author} wyedytowa Tw� komentarz do zdj�ia "{$photo_title}". Obecna tre�komentarza: {$title} {$text} ---- Poprzednia tre�komentarza: {$o_title} {$o_text} -- Ten email zosta wysany automatycznie. Prosimy nie odpowiada� EOT; Utils::mail("Tw� komentarz do zdj�ia \"{$photo_title}\" zosta zmieniony.", $body, $this->_user->user_email, $this->_user->user_name); } }
function login($login, $pass) { $session = Session::singletone(); $db = Database::singletone()->db(); $sth = $db->prepare("SELECT * FROM phph_users WHERE user_login = :login AND user_pass = :pass"); $sth->bindParam(":login", $login); $sth->bindValue(":pass", md5($pass)); $sth->execute(); if (!($this->_dbdata = $sth->fetch())) { throw new Exception("Nieudane logowanie."); } $sth = null; $this->_orig_dbdata = $this->_dbdata; $this->updateLastLogin(); $this->_uid = $this->_dbdata['user_id']; $session->_uid = $this->_dbdata['user_id']; $session->newSession(); }
function getLogins() { $session = Session::singletone(); $db = Database::singletone()->db(); $sth = $db->prepare("SELECT user_login FROM phph_users ORDER BY user_login"); $sth->execute(); while ($row = $sth->fetch()) { $this->_response->appendChild($this->_dom->createElement('login', $row['user_login'])); } $this->success(); }
function addMember($user) { $db = Database::singletone()->db(); if ($this->isMember($user->uid())) { throw new Exception(_T("Użytkownik jest już członkiem tej grupy.")); } $sth = $db->prepare('INSERT INTO phph_group_members (user_id, group_id, added_by, add_time) VALUES (:user_id, :group_id, :added_by, :add_time)'); $sth->bindValue(':user_id', $user->uid()); $sth->bindValue(':group_id', $this->gid()); $sth->bindValue(':added_by', Session::singletone()->uid()); $sth->bindValue(':add_time', time()); $sth->execute(); $sth = null; $user->addToGroup($this, false); $this->updateDBData(); }
function save() { $db = Database::singletone()->db(); $parent = $this->dbdata('category_parent', 0); $o_parent = $this->origDBData('category_parent', 0); if ($this->dbdata('category_name') != $this->origDBData('category_name') || $parent != $o_parent) { if ($parent > 0) { $sth = $db->prepare('SELECT COUNT(*) FROM phph_categories WHERE category_name = :category_name AND category_parent = :parent'); $sth->bindParam(':parent', $parent); } else { $sth = $db->prepare('SELECT COUNT(*) FROM phph_categories WHERE category_name = :category_name AND category_parent IS NULL'); } $sth->bindValue(':category_name', $this->dbdata('category_name')); $sth->execute(); $r = $sth->fetchColumn(0); $sth = null; if ($r > 0) { throw new Exception(_T('Kategoria o tej nazwie już istnieje.')); } } if ($this->cid() == 0 || $parent != $o_parent) { if ($parent > 0) { $sth = $db->prepare("SELECT IFNULL(MAX(category_order), 0) AS ord FROM phph_categories WHERE category_parent = :parent"); $sth->bindParam(':parent', $parent); } else { $sth = $db->prepare("SELECT IFNULL(MAX(category_order), 0) AS ord FROM phph_categories WHERE category_parent IS NULL"); } $sth->execute(); $this->setDBData('category_order', $sth->fetchColumn(0) + 1); $sth = null; } if ($this->cid() == 0) { $sth = $db->prepare('INSERT INTO phph_categories ' . '(category_name, category_description, category_created, category_creator, category_parent, category_order) ' . 'VALUES ' . '(:category_name, :category_description, :category_created, :category_creator, :category_parent, :category_order)'); $sth->bindValue(':category_created', time()); $sth->bindValue(':category_creator', Session::singletone()->uid()); } else { $sth = $db->prepare('UPDATE phph_categories SET ' . 'category_name = :category_name, ' . 'category_description = :category_description, ' . 'category_order = :category_order, ' . 'category_parent = :category_parent ' . 'WHERE category_id = :category_id'); $sth->bindValue(':category_id', $this->cid()); } $sth->bindValue(":category_name", $this->dbdata('category_name')); $sth->bindValue(":category_description", $this->dbdata('category_description')); $sth->bindValue(":category_order", $this->dbdata('category_order')); if (empty($parent)) { $parent = null; } $sth->bindParam(":category_parent", $parent); $sth->execute(); if ($this->cid() == 0) { $this->_cid = $db->lastInsertId(); } $sth = null; $this->updateDBData(); }
function addComment($title, $text) { $session = Session::singletone(); $dbo = DB_DataObject::Factory("phph_comments"); if (PEAR::isError($dbo)) { throw new Exception2(_INTERNAL_ERROR, $dbo->getMessage()); } $dbo->comment_title = $title; $dbo->comment_text = $text; $dbo->photo_id = $this->_pid; $dbo->comment_date = time(); $dbo->user_id = $session->_uid; $dbo->insert(); if ($this->_dbo->user_id != $session->_uid) { $user = new User($session->_uid); $to_name = $this->_user->user_login; $photo_title = $this->_dbo->photo_title; $author = $user->_dbo->user_login; $body = <<<EOT Witaj {$to_name}, U¿ytkownik {$author} doda³ do Twojego zdjêcia "{$photo_title}" komentarz. Poni¿ej znajduje siê tre¶æ komentarza: {$title} {$text} -- Ten email zosta³ wys³any automatycznie. Prosimy nie odpowiadaæ. EOT; Utils::mail("Nowy komentarz do Twojego zdjêcia \"{$photo_title}\".", $body, $this->_user->user_email, $this->_user->user_name); } }
function moderationXML($xml, $name = 'moderation') { $db = Database::singletone()->db(); $session = Session::singletone(); $this->moderation(); $status = 'waiting'; if ($this->dbdata('moderation_id', 0) > 0) { $moder = new PhotoModeration($this->dbdata('moderation_id')); $status = $moder->dbdata('moderation_mode'); } $el = $xml->createElement($name); $el->setAttribute('status', $status); foreach ($this->_moderation as $moder) { $el->appendChild($moder->xml($xml)); } return $el; }
function action_postcomment() { global $ref; $session = Session::singletone(); if ($session->requireLogin(false)) { header("Location: {$ref}"); exit; } $pid = Utils::p('pid'); $photo = new Photo($pid); $photo->addComment($_POST['comment_title'], $_POST['comment_text']); header("Location: {$ref}"); exit; }
function __construct($action) { if (!$this->supported($action)) { $this->_valid = false; $this->_status_code = 404; return; } $this->_template_vars = array(); $this->_url = Config::get("site_url"); //$this->_ref = Utils::secureHeaderData($_SERVER['HTTP_REFERER']); $this->_ref = Utils::secureHeaderData(Utils::pg("ref")); $this->_action = $action; $this->_main_template = "index.tpl"; $this->_session = Session::singletone(); $this->_smarty = new PhphSmarty($this->_action); $this->setTemplateVar('ref', $this->_ref); $this->setTemplateVar('base_url', $this->_url); $this->setTemplateVar('ajax_http_method', Config::get('ajax-http-method', 'POST')); $this->setTemplateVar('self', Utils::selfURL()); $this->setTemplateVar('action', $this->_action); $this->setTemplateVar('is_superuser', $this->session()->isAdmin()); $this->_templates = array(); // action => template, default: action => action.tpl $this->_actions = array(); // action => function, default: action => $this->_action() $this->_default_page = 0; $this->_default_count = 20; $args = array(); foreach ($_GET as $id => $val) { $args[$id] = $val; } foreach ($_POST as $id => $val) { $args[$id] = $val; } $this->setTemplateVar('_ARGS', $args); $this->setTemplateVar('_POST', $_POST); $this->setTemplateVar('_GET', $_GET); $this->_db = Database::singletone()->db(); if (!empty($this->_templates[$this->_action])) { $this->_template = $this->_templates[$this->_action]; } else { $this->_template = $this->_action . ".tpl"; } if (!empty($this->_actions[$this->_action])) { $this->_action_fn = $this->_actions[$this->_action]; } else { $this->_action_fn = '$this->_' . $this->_action; } $this->_action_fn = str_replace("-", "_", $this->_action_fn); $this->_action_fn = str_replace("_>", "->", $this->_action_fn); $this->_smarty->register_function('url', 'smarty_url'); $this->_smarty->register_function('full_url', 'smarty_full_url'); $this->_smarty->register_function('decode_ip', 'smarty_decode_ip'); $this->_valid = true; /* $this->_templates = array( 'index' => 'index.tpl', 'view' => 'view.tpl', 'categories' => 'categories.tpl', 'category' => 'category.tpl', 'user' => 'user.tpl', 'register' => 'register-form.tpl', 'registered' => 'registered.tpl', 'reg-disabled' => 'reg-disabled.tpl', 'activate' => 'activation.tpl', 'login' => 'login.tpl' ); */ }
function renderContent() { $comments = $this->_photo->getComments(); $session = Session::singletone(); if (!empty($comments)) { foreach ($comments as $cmnt) { ?> <div class="a_comment"> <div class="a_comment_hdr"><?=htmlspecialchars($cmnt->_dbo->comment_title)?></div> <div class="a_comment_text"> <div class="a_table_list_details"><?=htmlspecialchars($cmnt->_user->user_login)?>, <?=Utils::formatTime($cmnt->_dbo->comment_date)?></div> <?=nl2br(htmlspecialchars($cmnt->_dbo->comment_text))?> </div> <div class="a_comment_actions"> <?php if ($cmnt->_dbo->user_id == $session->_uid || Permissions::checkPermAndLevel('edit_comments', $cmnt->_dbo->user_id)) { ?> <a href="<?php echo HTML::addRef($session->addSID("edit_comment.php?cmid=" . $cmnt->_cmid));?>" title="Edytuj komentarz"><?php HTML::img("edit.gif", "Edytuj komentarz"); ?></a> <? } ?> <?php if ($cmnt->_dbo->user_id == $session->_uid || Permissions::checkPermAndLevel('delete_comments', $cmnt->_dbo->user_id)) { ?> <a href="<?php echo HTML::addRef($session->addSID("remove_comment.php?cmid=" . $cmnt->_cmid));?>" onclick='return confirm("Czy na pewno usun±æ komentarz?");' title="Usuñ komentarz"><?php HTML::img("trash.gif", "Usuñ komentarz"); ?></a> <?php } ?> </div> </div> <?php } } else { ?> <div class="a_comment">Brak komentarzy.</div> <?php } }
function login($login, $pass) { $session = Session::singletone(); $this->_dbo = DB_DataObject::Factory('phph_users'); if (PEAR::isError($this->_dbo)) { throw new Exception2(_INTERNAL_ERROR, $this->_dbo->getMessage()); } $this->_dbo->user_login = $login; $this->_dbo->user_pass = md5($pass); $r = $this->_dbo->find(); if (PEAR::isError($r)) { throw new Exception2(_INTERNAL_ERROR, $r->getMessage()); } if ($r == 0) { throw new Exception2(_LOGIN_FAILED, ""); } $r = $this->_dbo->fetch(); if (PEAR::isError($r)) { throw new Exception2(_INTERNAL_ERROR, $r->getMessage()); } $this->_dbo->user_lastlogin = time(); $this->_dbo->update(); $this->_uid = $this->_dbo->user_id; $session->_uid = $this->_dbo->user_id; $session->newSession(); }