Пример #1
0
 public function save(Validation $validation = NULL)
 {
     $this->user_id = User::active_user()->id;
     $this->client_id = sha1($this->user_id . uniqid() . microtime());
     $this->client_secret = sha1($this->user_id . uniqid() . microtime());
     return parent::save($validation);
 }
Пример #2
0
 public static function get_active_user()
 {
     if (empty(self::$active_user)) {
         if (isset($_SESSION['user_uid'])) {
             self::$active_user = User::get_user_and_update($_SESSION['user_uid']);
         }
         if (empty(self::$active_user)) {
             return false;
         }
     }
     return self::$active_user;
 }
Пример #3
0
 /**
  * Sending mails
  *
  * @since 1.0.0  First time this method was introduced
  * @since 1.1.0  Added jQuery Textarea Characters Counter Plugin
  *
  * @link  http://roy-jin.appspot.com/jsp/textareaCounter.jsp
  *
  * @uses  Request::query
  * @uses  Route::get
  * @uses  Route::uri
  * @uses  URL::query
  * @uses  URL::site
  * @uses  Validation::rule
  * @uses  Config::get
  * @uses  Config::load
  * @uses  Assets::js
  */
 public function action_mail()
 {
     $this->title = __('Contact us');
     $config = Config::load('contact');
     Assets::js('textareaCounter', 'media/js/jquery.textareaCounter.plugin.js', array('jquery'), FALSE, array('weight' => 10));
     Assets::js('greet/form', 'media/js/greet.form.js', array('textareaCounter'), FALSE, array('weight' => 15));
     //Add schema.org support
     $this->schemaType = 'ContactPage';
     // Set form destination
     $destination = !is_null($this->request->query('destination')) ? array('destination' => $this->request->query('destination')) : array();
     // Set form action
     $action = Route::get('contact')->uri(array('action' => $this->request->action())) . URL::query($destination);
     // Get user
     $user = User::active_user();
     // Set mail types
     $types = $config->get('types', array());
     $view = View::factory('contact/form')->set('destination', $destination)->set('action', $action)->set('config', $config)->set('types', $types)->set('user', $user)->bind('post', $post)->bind('errors', $this->_errors);
     // Initiate Captcha
     if ($config->get('use_captcha', FALSE) and !$this->_auth->logged_in()) {
         $captcha = Captcha::instance();
         $view->set('captcha', $captcha);
     }
     if ($this->valid_post('contact')) {
         $post = Validation_Contact::factory($this->request->post());
         if ($post->check()) {
             // Create the email subject
             $subject = __('[:category] :subject', array(':category' => $types[$post['category']], ':subject' => Text::plain($post['subject'])));
             // Create the email body
             $body = View::factory('email/contact')->set('name', $post['name'])->set('body', $post['body'])->set('config', Config::load('site'))->render();
             // Create an email message
             $email = Email::factory()->to(Text::plain($this->_config->get('site_email', '*****@*****.**')), __('Webmaster :site', array(':site' => Template::getSiteName())))->subject($subject)->from($post['email'], Text::plain($post['name']))->message($body, 'text/html');
             // @todo message type should be configurable
             // Send the message
             $email->send();
             Log::info(':name sent an e-mail regarding :cat', array(':name' => Text::plain($post['name']), ':cat' => $types[$post['category']]));
             Message::success(__('Your message has been sent.'));
             // Always redirect after a successful POST to prevent refresh warnings
             $this->request->redirect(Route::get('contact')->uri(), 200);
         } else {
             $this->_errors = $post->errors('contact', TRUE);
         }
     }
     $this->response->body($view);
 }
Пример #4
0
 /**
  * Make sure the user has permission to do the action on this object
  *
  * Similar to [Comment::access] but this return TRUE/FALSE instead of exception
  *
  * @param   string     $action   The action `view|edit|delete` default `view`
  * @param   ORM        $comment  The comment object
  * @param   Model_User $user     The user object to check permission, defaults to loaded in user
  * @param   string     $misc     The misc element usually `id|slug` for logging purpose
  *
  * @return  boolean
  *
  * @throws  HTTP_Exception_404
  *
  * @uses    User::active_user
  * @uses    Module::event
  */
 public static function comment($action = 'view', ORM $comment, Model_User $user = NULL, $misc = NULL)
 {
     if (!in_array($action, array('view', 'edit', 'delete', 'add', 'list'), TRUE)) {
         // If the $action was not one of the supported ones, we return access denied.
         Log::notice('Unauthorized attempt to access non-existent action :act.', array(':act' => $action));
         return FALSE;
     }
     if (!$comment->loaded()) {
         // If the $action was not one of the supported ones, we return access denied.
         throw HTTP_Exception::factory(404, 'Attempt to access non-existent comment.');
     }
     // If no user object is supplied, the access check is for the current user.
     if (is_null($user)) {
         $user = User::active_user();
     }
     if (self::check('bypass comment access', $user)) {
         return TRUE;
     }
     // Allow other modules to interact with access
     Module::event('comment_access', $action, $comment);
     if ($action === 'view') {
         if ($comment->status === 'publish' and self::check('access comment', $user)) {
             return TRUE;
         } elseif ($comment->status != 'publish' and $comment->author == (int) $user->id and $user->id != 1) {
             return TRUE;
         } elseif (self::check('administer comment', $user)) {
             return TRUE;
         } else {
             return FALSE;
         }
     }
     if ($action === 'edit') {
         if (self::check('edit own comment') and $comment->author == (int) $user->id and $user->id != 1) {
             return TRUE;
         } elseif (self::check('administer comment', $user)) {
             return TRUE;
         } else {
             return FALSE;
         }
     }
     if ($action === 'delete') {
         if ((self::check('delete own comment') or self::check('delete any comment')) and $comment->author == (int) $user->id and $user->id != 1) {
             return TRUE;
         } elseif (self::check('administer comment', $user)) {
             return TRUE;
         } else {
             return FALSE;
         }
     }
     return TRUE;
 }
Пример #5
0
 /**
  * Updates or Creates the record depending on loaded()
  *
  * @param   Validation $validation Validation object [Optional]
  * @return  Post
  *
  * @uses    URL::site
  * @uses    User::active_user
  * @uses    Config::get
  * @uses    Cache::delete
  */
 public function save(Validation $validation = NULL)
 {
     // Set some defaults
     $this->status = empty($this->status) ? 'draft' : $this->status;
     $this->promote = empty($this->promote) ? 0 : $this->promote;
     $this->sticky = empty($this->sticky) ? 0 : $this->sticky;
     $this->comment = empty($this->comment) ? 0 : $this->comment;
     $this->created = empty($this->created) ? time() : $this->created;
     $this->pubdate = empty($this->pubdate) ? time() : $this->pubdate;
     $this->updated = empty($this->updated) ? time() : $this->updated;
     //Ugly existing image check, not sure why empty behaves strange on $this->rawimage
     $image = isset($this->_original_values['image']) ? $this->_original_values['image'] : FALSE;
     $this->image = empty($image) ? NULL : $image;
     $this->type = empty($this->type) ? $this->_post_type : $this->type;
     $this->author = empty($this->author) ? User::active_user()->id : $this->author;
     $this->format = empty($this->format) ? Config::get('inputfilter.default_format', 1) : $this->format;
     // Always save only raw text, unformated text
     $this->teaser = empty($this->rawteaser) ? $this->_teaser() : $this->rawteaser;
     $this->body = $this->rawbody;
     parent::save($validation);
     if ($this->loaded()) {
         // Add or remove terms
         $this->_terms();
         // Add or remove tags
         $this->_tags();
         // Add or remove path aliases
         $this->aliases();
     }
     Cache::instance($this->type)->delete($this->type . '-' . $this->id);
     return $this;
 }
Пример #6
0
 /**
  * Detect language based on the user language settings.
  *
  *     // Get the language
  *     $lang = I18n::userLocale();
  *
  * @return  string
  */
 public static function userLocale()
 {
     // Can't set guest users locale, default's to site locale
     if (User::is_guest()) {
         // Respect cookie if its set already or use default
         $locale = strtolower(Cookie::get(self::$_cookie, I18n::$default));
     } else {
         $locale = User::active_user()->language;
     }
     if (self::isAvailable($locale)) {
         return $locale;
     }
     return FALSE;
 }
Пример #7
0
 /**
  * Make sure the user has permission to do the action on this object
  *
  * Similar to Comment::access but this return True/False instead of exception
  *
  * @param   bool|string $action  The action view|edit|delete default view
  * @param   Model_User  $user    The user object to check permission, defaults to logged in user
  * @param   string      $misc    The misc element usually id|slug for logging purpose
  *
  * @throws  HTTP_Exception_404
  *
  * @return  boolean|Model_Comment
  *
  * @uses    Log::add
  * @uses    User::active_user
  * @uses    ACL::check
  * @uses    Module::event
  */
 public function user_can($action = FALSE, Model_User $user = NULL, $misc = NULL)
 {
     if (!$action) {
         $action = 'view';
     }
     if (!in_array($action, array('view', 'edit', 'delete', 'add', 'list'), TRUE)) {
         // If the $action was not one of the supported ones, we return access denied.
         Log::notice('Unauthorised attempt to access non-existent action :act.', array(':act' => $action));
         return FALSE;
     }
     if (!$this->loaded()) {
         // If the $action was not one of the supported ones, we return access denied.
         throw HTTP_Exception::factory(404, 'Attempt to access non-existent comment.');
     }
     // If no user object is supplied, the access check is for the current user.
     if (empty($user)) {
         $user = User::active_user();
     }
     if (ACL::check('bypass comment access', $user)) {
         return TRUE;
     }
     //allow other modules to interact with access
     Module::event('comment_access', $action, $this);
     // can view?
     if ($action === 'view') {
         if ($this->status === 'publish' and ACL::check('access comment', $user)) {
             return $this;
         } elseif ($this->status != 'publish' and $this->author == (int) $user->id and $user->id != 1) {
             return $this;
         } elseif (ACL::check('administer comment', $user)) {
             return $this;
         } else {
             Log::notice('Unauthorised attempt to view comment :post.', array(':post' => $this->id));
             return FALSE;
         }
     }
     // can edit?
     if ($action === 'edit') {
         if (ACL::check('edit own comment') and $this->author == (int) $user->id and $user->id != 1) {
             return $this;
         } elseif (ACL::check('administer comment', $user)) {
             return $this;
         } else {
             Log::notice('Unauthorised attempt to edit comment :post.', array(':post' => $this->id));
             return FALSE;
         }
     }
     // can delete?
     if ($action === 'delete') {
         if ((ACL::check('delete own comment') or ACL::check('delete any comment')) and $this->author == (int) $user->id and $user->id != 1) {
             return $this;
         } elseif (ACL::check('administer comment', $user)) {
             return $this;
         } else {
             Log::notice('Unauthorised attempt to delete comment :post.', array(':post' => $this->id));
             return FALSE;
         }
     }
     return TRUE;
 }
Пример #8
0
 /**
  * Load messages list
  *
  * Example:
  * ~~~
  * // Get all messages from inbox. Sorting mode is ascending
  * ORM::factory('message')->load(PM::INBOX, 'asc');
  *
  * // Get all messages from outbox. Sorting mode is descending
  * ORM::factory('message')->load(PM::OUTBOX);
  *
  * // Get all draft messages. Sorting mode is descending
  * ORM::factory('message')->load(PM::DRAFTS);
  *
  * // Get all messages from inbox, outbox and drafts
  * // Sorting mode is descending
  * ORM::factory('message')->load();
  * ~~~
  *
  * [!!] Note: The $direction may be 'asc' for ascending sort mode,
  *            or 'desc' for descending sort mode.
  *
  * For message type constants see [PM] class
  *
  * @param    integer $type       Message type, eg. PM::INBOX, PM::OUTBOX, PM::DRAFTS [Optional]
  * @param    string  $direction  Sort mode of messages [Optional]
  *
  * @return  Model_Message
  *
  * @todo    Cache
  */
 public function load($type = 0, $direction = self::DESC)
 {
     if (!$this->loaded()) {
         $this->order_by('created', $direction);
         $user = User::active_user();
         switch ($type) {
             case PM::INBOX:
                 $this->where_open()->where('recipient', '=', $user->id)->and_where('status', '!=', PM::STATUS_DRAFT)->where_close();
                 break;
             case PM::OUTBOX:
                 $this->where_open()->where('sender', '=', $user->id)->and_where('status', '!=', PM::STATUS_DRAFT)->where_close();
                 break;
             case PM::DRAFTS:
                 $this->where_open()->where('sender', '=', $user->id)->and_where('status', '=', PM::STATUS_DRAFT)->where_close();
                 break;
             default:
                 $this->where_open()->where('sender', '=', $user->id)->or_where('recipient', '=', $user->id)->where_close();
         }
     }
     return $this;
 }