public function create($planId) { $entry = array('plan_id' => (int) $planId, 'member_id' => iaUsers::hasIdentity() ? iaUsers::getIdentity()->id : 0, 'status' => self::PENDING); if ($id = $this->iaDb->insert($entry, array('date_created' => iaDb::FUNCTION_NOW), self::getTable())) { $entry['id'] = $id; return $entry; } return false; }
public function validate() { if (iaUsers::hasIdentity()) { return true; } $sc1 = isset($_POST['security_code']) ? $_POST['security_code'] : (isset($_GET['security_code']) ? $_GET['security_code'] : ''); $sc2 = $_SESSION['pass']; $functionName = $this->iaCore->get('captcha_case_sensitive') ? 'strcmp' : 'strcasecmp'; if (empty($_SESSION['pass']) || $functionName($sc1, $sc2) !== 0) { return false; } $_SESSION['pass'] = ''; return true; }
protected function _debugInfo() { $iaCore = iaCore::instance(); $iaCore->factory('users'); self::dump(iaCore::ACCESS_FRONT == $iaCore->getAccessType() ? iaCore::FRONT : iaCore::ADMIN, 'Access Type'); self::dump($iaCore->iaView->getParams(), 'Page', 'info'); self::dump($iaCore->iaView->get('action'), 'Action', 'info'); self::dump($iaCore->iaView->get('filename'), 'Module'); self::dump($iaCore->iaView->language, 'Language'); self::dump(iaUsers::hasIdentity() ? iaUsers::getIdentity(true) : null, 'Identity'); self::dump(); // process blocks $blocks = array(); if ($blocksData = $iaCore->iaView->blocks) { foreach ($blocksData as $position => $blocksList) { $blocks[$position] = array(); foreach ($blocksList as $block) { $blocks[$position][] = $block['name']; } } } // process constants $constantsList = get_defined_constants(true); foreach ($constantsList['user'] as $key => $value) { if (strpos($key, 'IA_') === 0 && 'IA_SALT' != $key) { $constants[$key] = $value; } } self::dump($iaCore->requestPath, 'URL Params'); self::dump($blocks, 'Blocks List'); self::dump($iaCore->packagesData, 'Installed Packages'); self::dump($iaCore->getConfig(), 'Configuration Params'); self::dump($constants, 'Constants List'); if (!empty(self::$_data['info'])) { foreach (self::$_data['info'] as $key => $val) { self::dump($val, !is_int($key) ? $key : ''); } } self::dump(); self::dump($_POST, '$_POST'); self::dump($_FILES, '$_FILES'); self::dump($_GET, '$_GET'); self::dump(); self::dump(PHP_VERSION, 'PHP version'); self::dump($_SERVER, '$_SERVER'); self::dump($_SESSION, '$_SESSION'); self::dump($_COOKIE, '$_COOKIE'); return '[' . $iaCore->iaView->name() . ']'; }
public function write($actionCode, $params = null, $pluginName = null) { if (!in_array($actionCode, $this->_validActions)) { return false; } if (iaUsers::hasIdentity()) { $params['user'] = iaUsers::getIdentity()->fullname; } empty($params['title']) || ($params['title'] = iaSanitize::html($params['title'])); $row = array('date' => date(iaDb::DATETIME_FORMAT), 'action' => $actionCode, 'user_id' => iaUsers::hasIdentity() ? iaUsers::getIdentity()->id : null, 'params' => serialize($params)); if ($pluginName) { $row['extras'] = $pluginName; } else { $iaView =& iaCore::instance()->iaView; if ($value = $iaView->get('extras')) { $row['extras'] = $value; } } return (bool) $this->iaDb->insert($row, null, self::getTable()); }
/** * Get the list of user/group specific configuration values * * @param null $user user id * @param null $group group id * * @return array */ public function getCustomConfig($user = null, $group = null) { $local = false; if (is_null($user) && is_null($group)) { $this->factory('users'); $local = true; if (iaUsers::hasIdentity()) { $user = iaUsers::getIdentity()->id; $group = iaUsers::getIdentity()->usergroup_id; } else { $user = 0; $group = iaUsers::MEMBERSHIP_GUEST; } } if ($local && !is_null($this->_customConfig)) { return $this->_customConfig; } $result = array(); $stmt = array(); if ($user) { $stmt[] = "(`type` = 'user' AND `type_id` = {$user}) "; } if ($group) { $stmt[] = "(`type` = 'group' AND `type_id` = {$group}) "; } $rows = $this->iaDb->all(array('type', 'name', 'value'), implode(' OR ', $stmt), null, null, self::getCustomConfigTable()); if (empty($rows)) { return $result; } $result = array('group' => array(), 'user' => array(), 'plan' => array()); foreach ($rows as $row) { $result[$row['type']][$row['name']] = $row['value']; } $result = array_merge($result['group'], $result['user'], $result['plan']); if ($local) { $this->_customConfig = $result; } return $result; }
if (empty($member)) { $member = $iaUsers->getInfo((int) $iaCore->requestPath[0]); } if (empty($member)) { return iaView::errorPage(iaView::ERROR_NOT_FOUND); } $iaCore->factory('util'); $iaPage = $iaCore->factory('page', iaCore::FRONT); $member['item'] = $iaUsers->getItemName(); $iaCore->startHook('phpViewListingBeforeStart', array('listing' => $member['id'], 'item' => $member['item'], 'title' => $member['fullname'], 'url' => $iaView->iaSmarty->ia_url(array('data' => $member, 'item' => $member['item'], 'type' => 'url')), 'desc' => $member['fullname'])); $iaItem = $iaCore->factory('item'); $iaCore->set('num_items_perpage', 20); $page = !empty($_GET['page']) ? (int) $_GET['page'] : 1; $page = $page < 1 ? 1 : $page; $start = ($page - 1) * $iaCore->get('num_items_perpage'); if (iaUsers::hasIdentity() && iaUsers::getIdentity()->id == $member['id']) { $iaItem->setItemTools(array('title' => iaLanguage::get('edit'), 'url' => $iaPage->getUrlByName('profile'))); } $member = array_shift($iaItem->updateItemsFavorites(array($member), $member['item'])); $member['items'] = array(); // get fieldgroups $iaField = $iaCore->factory('field'); list($sections, ) = $iaField->generateTabs($iaField->filterByGroup($member, $member['item'])); // get all items added by this account $itemsList = $iaItem->getPackageItems(); $itemsFlat = array(); if ($array = $iaItem->getItemsInfo(true)) { foreach ($array as $itemData) { if ($itemData['item'] != $member['item'] && $iaItem->isExtrasExist($itemsList[$itemData['item']])) { $itemsFlat[] = $itemData['item']; }
} if (isset($search['terms']['items'][$v['name']])) { foreach ($search['terms']['items'][$v['name']] as $key => $val) { $v['items'][$key] = $val; } } if (count($v['items']) > 0) { $rows = $iaDb->all(iaDb::ALL_COLUMNS_SELECTION, '(' . searchMatch($v['items']) . ') ' . $v['where'], 0, 10, $v['db']); if ($v['name'] != 'pages') { $fieldsList = iaField::getAcoFieldsList($v['fields'], $v['type'], null, true); } if ($rows) { $iaView->iaSmarty->assign('all_items', $rows); $iaView->iaSmarty->assign('all_item_fields', $fieldsList); $iaView->iaSmarty->assign('all_item_type', $v['type']); $iaView->iaSmarty->assign('member', iaUsers::hasIdentity() ? iaUsers::getIdentity(true) : array()); $results['num'] += 1; $results['html'][$v['name']] = $iaView->iaSmarty->fetch('all-items-page.tpl'); } } } } /* Package and plugin: read search.inc.php */ if (!empty($search['terms']['items'])) { foreach ($search['terms']['items'] as $i => $flds) { // in case there is no such item, skip to next iteration if (!array_key_exists($i, $items)) { continue; } if (iaCore::CORE != $items[$i]['type']) { $search_file = ('package' == $items[$i]['type'] ? 'packages/' : 'plugins/') . $items[$i]['extras'] . '/includes/search.inc.php';
public function get() { if (iaUsers::hasIdentity()) { $stmt = '`member_id` = :member ORDER BY `date` DESC'; $this->iaDb->bind($stmt, array('member' => (int) iaUsers::getIdentity()->id)); return $this->iaDb->all(iaDb::ALL_COLUMNS_SELECTION, $stmt, null, null, self::getTable()); } return false; }
$entry['member_id'] = iaUsers::hasIdentity() ? iaUsers::getIdentity()->id : 0; $entry['sess_id'] = session_id(); $entry['ip'] = $iaCore->util()->getIp(); $entry['status'] = $iaCore->get('gb_auto_approval') ? iaCore::STATUS_ACTIVE : iaCore::STATUS_INACTIVE; $id = $iaDb->insert($entry, array('date' => iaDb::FUNCTION_NOW)); unset($entry); if ($id) { $iaCore->factory('log')->write(iaLog::ACTION_CREATE, array('item' => '', 'name' => iaLanguage::get('guestbook_message'), 'id' => $id, 'path' => 'guestbook')); } $messages[] = iaLanguage::get('message_added') . (!$iaCore->get('gb_auto_approval') ? ' ' . iaLanguage::get('message_approval') : ''); } } $iaView->setMessages($messages, $error ? iaView::ERROR : iaView::SUCCESS); } $total = $iaDb->one(iaDb::STMT_COUNT_ROWS, "`status`='active'"); $page = isset($_GET['page']) ? $_GET['page'] : 1; $limit = $iaCore->get('gb_messages_per_page'); if ($page > $total / $limit && $page < 0 || !is_numeric($page)) { $page = 1; } $start = ($page - 1) * $limit; $sql = "SELECT g.*, IF (g.`member_id` > 0, if (a.`fullname` != '', a.`fullname`, a.`username`), g.`author_name`) author, a.`username` username, a.`avatar` m_avatar, a.`email`\n\t\t\tFROM `" . $iaCore->iaDb->prefix . "guestbook` g\n\t\t\tLEFT JOIN `" . $iaCore->iaDb->prefix . "members` a ON (g.`member_id` = a.`id`)\n\t\tWHERE g.`status` = 'active' " . (iaUsers::hasIdentity() ? "OR g.`status` = '" . iaCore::STATUS_INACTIVE . "' AND g.`member_id` = '" . iaUsers::getIdentity()->id . "'" : '') . "OR g.`status` = '" . iaCore::STATUS_INACTIVE . "' AND g.`sess_id` = '" . session_id() . "'\n\t\tORDER BY g.`date` DESC" . ($limit ? " LIMIT {$start}, {$limit}" : ''); $messages = $iaDb->getAll($sql); $iaView->assign('aTemplate', IA_URL . 'guestbook/?page={page}'); $iaView->assign('body', isset($entry['body']) ? $entry['body'] : ''); $iaView->assign('guestbook', $messages); $iaView->assign('sess_id', session_id()); $iaView->assign('total_messages', $total); $iaView->display('index'); $iaDb->resetTable(); }
$output = array(); $iaCore->startHook('phpActionsJsonHandle', array('action' => $_POST['action'], 'output' => &$output)); } $iaView->assign($output); } if (isset($_GET) && isset($_GET['action'])) { switch ($_GET['action']) { case 'ckeditor_upload': $iaView->disableLayout(); $iaView->set('nodebug', 1); $err = 0; if (isset($_GET['Type']) && 'Image' == $_GET['Type'] && isset($_FILES['upload'])) { $oFile = $_FILES['upload']; $sErrorNumber = '0'; $imgTypes = array('image/gif' => 'gif', 'image/jpeg' => 'jpg', 'image/pjpeg' => 'jpg', 'image/png' => 'png'); $_user = iaUsers::hasIdentity() ? iaUsers::getIdentity()->username : false; $sFileUrl = 'uploads/' . iaUtil::getAccountDir($_user); $ext = array_key_exists($oFile['type'], $imgTypes) ? $imgTypes[$oFile['type']] : false; if (!$ext) { $err = '202 error'; } $tok = iaUtil::generateToken(); $fname = $tok . '.' . $ext; if (!$err) { move_uploaded_file($oFile['tmp_name'], IA_HOME . $sFileUrl . $fname); chmod(IA_HOME . $sFileUrl . $fname, 0777); } // fix windows URLs $fileUrl = $sFileUrl . $fname; $fileUrl = str_replace('\\', '/', $fileUrl); $callback = (int) $_GET['CKEditorFuncNum'];
public static function getAccountDir($userName = '') { if (empty($userName)) { $userName = iaUsers::hasIdentity() ? iaUsers::getIdentity()->username : false; } $serverDirectory = ''; umask(0); if (empty($userName)) { $serverDirectory .= '_notregistered' . IA_DS; if (!is_dir(IA_UPLOADS . $serverDirectory)) { mkdir(IA_UPLOADS . $serverDirectory); } } else { $subFolders = array(); $subFolders[] = strtolower(substr($userName, 0, 1)) . IA_DS; $subFolders[] = $userName . IA_DS; foreach ($subFolders as $folderName) { $serverDirectory .= $folderName; is_dir(IA_UPLOADS . $serverDirectory) || mkdir(IA_UPLOADS . $serverDirectory); } } return $serverDirectory; }
public function getCustomConfig($user = false, $group = false) { $where = array(); $config = array(); $local = false; if ($user === false && $group === false) { $this->factory('users'); $local = true; if (iaUsers::hasIdentity()) { $user = iaUsers::getIdentity()->id; $group = iaUsers::getIdentity()->usergroup_id; } else { $user = 0; $group = iaUsers::MEMBERSHIP_GUEST; } } if ($user !== false) { $where[] = "(`type` = 'user' AND `type_id` = {$user}) "; } if ($group !== false) { $where[] = "(`type` = 'group' AND `type_id` = {$group}) "; } $rows = $this->iaDb->all(iaDb::ALL_COLUMNS_SELECTION, implode(' OR ', $where), null, null, 'config_custom'); if (empty($rows)) { return $config; } $config['plan'] = array(); $config['user'] = array(); $config['group'] = array(); foreach ($rows as $row) { $config[$row['type']][$row['name']] = $row['value']; } $config = array_merge($config['group'], $config['user'], $config['plan']); if ($local) { $this->_customConfig = $config; } return $config; }
/** * Write funds off from member balance. * * @param array $transactionData data about transaction * * @return bool true on success */ public function extractFunds(array $transactionData) { if (!iaUsers::hasIdentity()) { return false; } $iaUsers = $this->iaCore->factory('users'); $iaTransaction = $this->iaCore->factory('transaction'); $userInfo = $iaUsers->getInfo(iaUsers::getIdentity()->id); $remainingBalance = $userInfo['funds'] - $transactionData['amount']; if ($remainingBalance >= 0) { $result = (bool) $iaUsers->update(array('funds' => $remainingBalance), iaDb::convertIds(iaUsers::getIdentity()->id)); if ($result) { iaUsers::reloadIdentity(); $updatedValues = array('status' => iaTransaction::PASSED, 'gateway' => iaTransaction::TRANSACTION_MEMBER_BALANCE, 'reference_id' => date('YmdHis'), 'member_id' => iaUsers::getIdentity()->id); $iaTransaction->update($updatedValues, $transactionData['id']); } return $result; } return false; }
* Subrion is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Subrion. If not, see <http://www.gnu.org/licenses/>. * * * @link http://www.subrion.org/ * ******************************************************************************/ define('IA_VER', '330'); $iaOutput->layout()->title = 'Installation Wizard'; $iaOutput->steps = array('check' => 'Pre-Installation Check', 'license' => 'Subrion License', 'configuration' => 'Configuration', 'finish' => 'Script Installation', 'plugins' => 'Plugins Installation'); if (iaHelper::isScriptInstalled() && (!iaUsers::hasIdentity() || iaUsers::MEMBERSHIP_ADMINISTRATOR != iaUsers::getIdentity()->usergroup_id)) { $iaOutput->errorCode = 'authorization'; return false; } $error = false; $message = ''; $builtinPlugins = array('kcaptcha', 'fancybox', 'personal_blog'); switch ($step) { case 'check': $checks = array('server' => array()); $sections = array('server' => array('title' => 'Server Configuration', 'desc' => 'If any of these items are highlighted in red then please take actions to correct them. Failure to do so could lead to your installation not functioning correctly.'), 'recommended' => array('title' => 'Recommended Settings', 'desc' => 'These settings are recommended for PHP in order to ensure full compatibility with Subrion CMS. However, Subrion CMS will still operate if your settings do not quite match the recommended.'), 'directory' => array('title' => 'Directory & File Permissions', 'desc' => 'In order for Subrion CMS to function correctly it needs to be able to access or write to certain files or directories. If you see "Unwritable" you need to change the permissions on the file or directory to allow Subrion CMS to write to it.')); $checks['server']['mysql_version'] = array('required' => function_exists('mysql_connect'), 'class' => true, 'name' => 'Mysql version', 'value' => function_exists('mysql_connect') ? '<td class="success">' . substr(mysql_get_client_info(), 0, false === ($pos = strpos(mysql_get_client_info(), '-')) ? 10 : $pos) . '</td>' : '<td class="danger">MySQL 5.x or upper required</td>'); $checks['server']['php_version'] = array('required' => version_compare('5.0', PHP_VERSION, '<'), 'class' => true, 'name' => 'PHP version', 'value' => version_compare('5.0', PHP_VERSION, '<') ? '<td class="success">' . PHP_VERSION . '</td>' : '<td class="danger">PHP version is not compatible. PHP 5.x needed. (Current version ' . PHP_VERSION . ')</td>'); $checks['server']['remote'] = array('name' => 'Remote files access support', 'value' => iaHelper::hasAccessToRemote() ? '<td class="success">Available</td>' : '<td class="danger">Unavailable (highly recommended to enable "CURL" extension or "allow_url_fopen")</td>'); $checks['server']['xml'] = array('name' => 'XML support', 'value' => extension_loaded('xml') ? '<td class="success">Available</td>' : '<td class="danger">Unavailable (recommended)</td>'); $checks['server']['mysql_support'] = array('name' => 'MySQL support', 'value' => function_exists('mysql_connect') ? '<td class="success">Available</td>' : '<td class="danger">Unavailable (required)</td>');
******************************************************************************/ if (!empty($item) && !empty($listing)) { $disabledItems = array('members'); if (in_array($item, $disabledItems)) { return; } $iaItem = $iaCore->factory('item'); // check for ownership key if (isset($_GET['ownership-key'])) { $iaDb->setTable('claim_pending_email_keys'); $key = $iaDb->row_bind(iaDb::ALL_COLUMNS_SELECTION, '`item` = :item AND `item_id` = :id AND `key` = :key', array('item' => $item, 'id' => $listing, 'key' => $_GET['ownership-key'])); if ($key) { $tableName = $iaItem->getItemTable($item); $iaDb->update(array('member_id' => $key['member_id']), iaDb::convertIds($listing), null, $tableName); $iaDb->delete(iaDb::convertIds($key['key'], 'key')); $iaView->setMessages(iaLanguage::get('ownership_changed'), iaView::SUCCESS); iaUtil::reload(); } $iaDb->resetTable(); } $itemTable = $iaItem->getItemTable($item); $itemData = $iaDb->row(iaDb::ALL_COLUMNS_SELECTION, iaDb::convertIds($listing), $itemTable); // check the current owner of the listing, if possible if (iaUsers::hasIdentity() && isset($itemData['member_id']) && iaUsers::getIdentity()->id == $itemData['member_id']) { return; } $actionsForGuest = array('id' => 'claim-listing', 'title' => iaLanguage::get('claim_listing'), 'attributes' => array('class' => 'btn btn-sm btn-default', 'href' => IA_URL . 'claim/' . $item . '/' . $listing . '.json', 'id' => 'js-cmd-claim', 'data-toggle' => 'modal', 'data-target' => '#js-claim-modal')); $actionsForMember = array('id' => 'claim-listing', 'title' => iaLanguage::get('claim_listing'), 'attributes' => array('class' => 'btn btn-sm btn-default', 'href' => '#', 'onclick' => 'intelli.notifFloatBox({msg:\'' . iaSanitize::html(iaLanguage::get('sign_in_to_use_this_feature')) . '\',autohide:true}); return false;')); $actionClaimListing = iaUsers::hasIdentity() ? $actionsForGuest : $actionsForMember; $iaView->assign('actionClaimListing', $actionClaimListing); }
/** * Return list of items with favorites field * * @param array $listings listings to be processed * @param $itemName item name * * @return mixed */ public function updateItemsFavorites($listings, $itemName) { if (empty($itemName)) { return $listings; } if (!iaUsers::hasIdentity()) { if (isset($_SESSION[iaUsers::SESSION_FAVORITES_KEY][$itemName]['items'])) { $itemsFavorites = array_keys($_SESSION[iaUsers::SESSION_FAVORITES_KEY][$itemName]['items']); } } else { $itemsList = array(); foreach ($listings as $entry) { if ('members' == $itemName && $entry['id'] != iaUsers::getIdentity()->id || isset($entry['member_id']) && $entry['member_id'] != iaUsers::getIdentity()->id) { $itemsList[] = $entry['id']; } } if (empty($itemsList)) { return $listings; } // get favorites $itemsFavorites = $this->iaDb->onefield('`id`', "`id` IN ('" . implode("','", $itemsList) . "') && `item` = '{$itemName}' && `member_id` = " . iaUsers::getIdentity()->id, 0, null, $this->getFavoritesTable()); } if (empty($itemsFavorites)) { return $listings; } // process listing and set flag is in favorites array foreach ($listings as &$listing) { $listing['favorite'] = (int) in_array($listing['id'], $itemsFavorites); } return $listings; }
public static function errorPage($errorCode, $message = null) { if (!in_array($errorCode, array(self::ERROR_UNAUTHORIZED, self::ERROR_FORBIDDEN, self::ERROR_NOT_FOUND, self::ERROR_INTERNAL)) && is_null($message)) { $message = $errorCode; $errorCode = self::ERROR_FORBIDDEN; } elseif (is_null($message)) { $message = iaLanguage::get((string) $errorCode, $errorCode); } $iaCore = iaCore::instance(); $iaView =& $iaCore->iaView; $iaView->name(self::PAGE_ERROR); $iaView->_setParams(array('caption' => iaLanguage::get('error', 'Error page') . ' ' . $errorCode, 'filename' => null, 'name' => self::PAGE_ERROR, 'parent' => '', 'title' => $errorCode)); switch ($iaView->getRequestType()) { case self::REQUEST_JSON: $iaView->assign(array('error' => true, 'message' => $message, 'code' => $errorCode)); break; case self::REQUEST_HTML: // http://dev.subrion.com/issues/842 // some Apache servers stop with Authorization Required error // because of enabled DEFLATE directives in the .htaccess file // below is the workaround if (self::ERROR_UNAUTHORIZED != $errorCode && iaCore::ACCESS_ADMIN != $iaCore->getAccessType()) { header('HTTP/1.0 ' . $errorCode); } $iaView->setMessages($message); $iaView->assign('code', $errorCode); $body = self::PAGE_ERROR; $positions =& $iaView->blocks; unset($positions['left'], $positions['right'], $positions['top'], $positions['bottom'], $positions['user1'], $positions['user2']); $iaAcl = $iaCore->factory('acl'); if (iaCore::ACCESS_ADMIN == $iaCore->getAccessType() && ($errorCode == self::ERROR_FORBIDDEN && !$iaAcl->isAdmin() || !iaUsers::hasIdentity())) { $iaView->disableLayout(); if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'install') === false && !isset($_SESSION['IA_EXIT'])) { $iaView->title(iaLanguage::get('access_denied')); } else { $iaView->title(iaLanguage::get('login')); if (isset($_SESSION['IA_EXIT'])) { unset($_SESSION['IA_EXIT']); } } $body = 'login'; } elseif (iaCore::ACCESS_FRONT == $iaView->iaCore->getAccessType() && $errorCode == self::ERROR_UNAUTHORIZED && !iaUsers::hasIdentity()) { $body = 'login'; } $iaView->display($body); } return true; }
/** * Checks access for user and groups * @param string $params * @param int $userId * @param int $groupId * @param bool $objectId * @param bool $custom * @return bool */ public function checkAccess($params = '', $objectId = null, $userId = 0, $groupId = 0, $custom = false) { $array = explode(self::SEPARATOR, $params); $object = $array[0]; $action = iaCore::ACTION_READ; if (isset($array[1])) { $action = $array[1]; } if (false === $custom) { $this->iaCore->factory('users'); $user = iaUsers::hasIdentity() ? iaUsers::getIdentity()->id : 0; $group = iaUsers::hasIdentity() ? iaUsers::getIdentity()->usergroup_id : 0; $perms = $this->_permissions; } else { $user = isset($custom['user']) ? $custom['user'] : 0; $group = isset($custom['group']) ? $custom['group'] : 0; if (isset($custom['perms'])) { $perms = $custom['perms']; } elseif ($custom) { $perms = array(); } else { $perms = $this->getPermissions($user, $group); } } // 1. Administrators if (iaUsers::MEMBERSHIP_ADMINISTRATOR == $group) { $this->_lastStep = 1; return true; } // 2. Owner (user) if ($userId != 0 && $userId == $user) { $this->_lastStep = 2; return true; } // 3. Owner (user) if ($groupId != 0 && $groupId == $group) { $this->_lastStep = 3; return true; } if ($objectId) { $name = $this->encodeAction($object, $action, $objectId); if (isset($perms[$name])) { $perms = $perms[$name]; ksort($perms); // 4. Object privileges check (user = 0) // 5. Object privileges check (group = 1) // 6. Object privileges check (plan = 2) foreach ($perms as $type => $values) { $this->_lastStep = 4 + $type; /* if ($type == 2) { if ($values['type_id'] == $this->_planId) { return (bool)$values['access']; } } else {*/ return (bool) $values['access']; // } } } } // 7. All privileges check (user = 0) // 8. All privileges check (group = 1) // 9. All privileges check (plan = 2) $name = $object . self::DELIMITER . $action . self::DELIMITER . '0'; if (isset($perms[$name])) { $perms = $perms[$name]; ksort($perms); foreach ($perms as $type => $values) { $this->_lastStep = 7 + $type; /* if ($type == 2) { if ($values['type_id'] == $this->_planId) { return (bool)$values['access']; } } else {*/ return (bool) $values['access']; // } } } // 10. Default object value $key = $object . ($objectId ? '-' . $objectId : '') . self::DELIMITER . $action; if (isset($this->_objects[$key])) { $this->_lastStep = 10; return (bool) $this->_objects[$key]; } $this->_lastStep = 11; // 11. Default value from core return $action == iaCore::ACTION_READ; }
return iaView::errorPage(iaView::ERROR_NOT_FOUND); } $entry = $iaBlog->getById($id); if (empty($entry)) { return iaView::errorPage(iaView::ERROR_NOT_FOUND); } $title = iaSanitize::tags($entry['title']); iaBreadcrumb::toEnd($title); $iaView->title($title); // add open graph data $openGraph = array('title' => $title, 'url' => IA_SELF, 'description' => $entry['body']); empty($entry['image']) || ($openGraph['image'] = IA_CLEAR_URL . 'uploads/' . $entry['image']); $iaView->set('og', $openGraph); $iaView->assign('tags', $iaBlog->getTags($id)); $iaView->assign('blog_entry', $entry); if ($iaAcl->isAccessible(iaBlog::PAGE_NAME, iaCore::ACTION_EDIT) && iaUsers::hasIdentity() && iaUsers::getIdentity()->id == $entry['member_id']) { $pageActions[] = array('icon' => 'pencil', 'title' => iaLanguage::get('edit_blog_entry'), 'url' => $baseUrl . 'edit/' . $id . '/', 'classes' => 'btn-info'); $pageActions[] = array('icon' => 'remove', 'title' => iaLanguage::get('delete'), 'url' => $baseUrl . 'delete/' . $id . '/', 'classes' => 'btn-danger'); } } else { $page = empty($_GET['page']) ? 0 : (int) $_GET['page']; $page = $page < 1 ? 1 : $page; $pagination = array('start' => ($page - 1) * $iaCore->get('blog_number'), 'limit' => (int) $iaCore->get('blog_number'), 'template' => $baseUrl . '?page={page}'); $entries = $iaBlog->get($pagination['start'], $pagination['limit']); $pagination['total'] = $iaDb->foundRows(); $iaView->assign('tags', $iaBlog->getAllTags()); $iaView->assign('blog_entries', $entries); $iaView->assign('pagination', $pagination); } if ($iaAcl->isAccessible('blog', iaCore::ACTION_ADD)) { $pageActions[] = array('icon' => 'plus', 'title' => iaLanguage::get('add_blog_entry'), 'url' => $baseUrl . 'add/', 'classes' => 'btn-success');
public static function ia_print_js($params, Smarty_Internal_Template &$smarty) { $smarty->add_js($params); if (!isset($params['display'])) { return ''; } $iaCore = iaCore::instance(); $resources = self::_arrayCopyKeysSorted($iaCore->iaView->resources->js->toArray()); $output = ''; foreach ($resources as $resource) { switch (true) { case strpos($resource, 'code:') === 0: if ($code = trim(substr($resource, 5))) { $output .= PHP_EOL . "\t" . '<script type="text/javascript"><!-- ' . PHP_EOL . $code . PHP_EOL . ' --></script>'; } continue; case strpos($resource, 'text:') === 0: if (iaUsers::hasIdentity() && iaCore::ACCESS_ADMIN == iaCore::instance()->getAccessType()) { $text = trim(substr($resource, 5)); $output .= "<script type=\"text/javascript\">if(document.getElementById('js-ajax-loader-status'))document.getElementById('js-ajax-loader-status').innerHTML = '" . $text . "';</script>" . PHP_EOL; } continue; default: $output .= PHP_EOL . "\t" . sprintf(self::LINK_SCRIPT_PATTERN, $resource); } } return $output; }
/** * Return list of items with favorites field * @param $listings * @param $aItem * @return array */ public function updateItemsFavorites($listings, $itemName) { if (!iaUsers::hasIdentity() || empty($itemName)) { return $listings; } $itemsList = array(); foreach ($listings as $entry) { if ('members' == $itemName && $entry['id'] != iaUsers::getIdentity()->id || isset($entry['member_id']) && $entry['member_id'] != iaUsers::getIdentity()->id) { $itemsList[] = $entry['id']; } } if (empty($itemsList)) { return $listings; } $itemsFavorites = $this->iaDb->onefield('`id`', "`id` IN ('" . implode("','", $itemsList) . "') AND `item` = '{$itemName}' AND `member_id` = " . iaUsers::getIdentity()->id, 0, null, $this->getFavoritesTable()); if (empty($itemsFavorites)) { return $listings; } foreach ($listings as $key => $value) { if ('members' == $itemName && $value['id'] != iaUsers::getIdentity()->id && in_array($value['id'], $itemsFavorites) || isset($value['member_id']) && $value['member_id'] != iaUsers::getIdentity()->id && in_array($value['id'], $itemsFavorites)) { $listings[$key]['favorite'] = 1; } } return $listings; }
private function _setActions() { $result = array(); if (self::REQUEST_HTML != $this->getRequestType()) { return $result; } $iaCore =& $this->iaCore; if (false !== strpos($iaCore->iaView->name(), 'view')) { $iaItem = $iaCore->factory('item'); $iaCore->startHook('smartyItemTools'); $iaItem->setItemTools(array('id' => 'action-print', 'title' => iaLanguage::get('print_preview'), 'attributes' => array('href' => '#', 'class' => 'js-print-page'))); $itemData = $iaCore->iaView->iaSmarty->getTemplateVars('item'); if (iaUsers::hasIdentity() && $itemData) { if (iaUsers::getItemName() != $itemData['item'] && isset($itemData['member_id']) && iaUsers::getIdentity()->id != $itemData['member_id'] || $itemData['item'] == iaUsers::getItemName() && iaUsers::getIdentity()->id != $itemData['id']) { $isAlreadyFavorited = isset($itemData['favorite']) && $itemData['favorite'] == 1; $iaItem->setItemTools(array('id' => 'action-favorites', 'title' => iaLanguage::get($isAlreadyFavorited ? 'favorites_action_delete' : 'favorites_action_add'), 'attributes' => array('href' => '#', 'class' => 'js-favorites', 'data-id' => $itemData['id'], 'data-item' => $itemData['item'], 'data-action' => $isAlreadyFavorited ? iaCore::ACTION_DELETE : iaCore::ACTION_ADD))); } } $result = $iaItem->setItemTools(); } return $result; }
} break; case iaTransaction::REFUNDED: case iaTransaction::FAILED: $iaView->setMessages($messages); iaUtil::go_to($iaPage->getUrlByName('member_funds')); break; default: $error = true; $messages[] = 'Unknown status'; } $iaView->setMessages($messages, $error ? iaView::ERROR : iaView::SUCCESS); $memberBalance = iaUsers::hasIdentity() ? iaUsers::getIdentity()->funds : 0; iaLanguage::set('funds_in_your_account', iaLanguage::getf('funds_in_your_account', array('sum' => $memberBalance, 'currency' => $iaCore->get('currency')))); $isBalancePayment = iaUsers::hasIdentity() && iaTransaction::TRANSACTION_MEMBER_BALANCE == $transaction['item'] && iaUsers::getIdentity()->id == $transaction['item_id']; $isFundsEnough = (bool) (!$isBalancePayment && iaUsers::hasIdentity() && iaUsers::getIdentity()->funds >= $transaction['amount']); // FIXME: solution to prevent csrf catching. // Should be replaced once it is possible to disable csrf checking for a single page. if (isset($_POST)) { $paymentPost = $_POST; if (isset($_SERVER['HTTP_ORIGIN'])) { $wwwChunk = 'www.'; $referrerDomain = explode(IA_URL_DELIMITER, $_SERVER['HTTP_ORIGIN']); $referrerDomain = strtolower($referrerDomain[2]); $referrerDomain = str_replace($wwwChunk, '', $referrerDomain); $domain = explode(IA_URL_DELIMITER, $iaCore->get('baseurl')); $domain = strtolower($domain[2]); $domain = str_replace($wwwChunk, '', $domain); if ($referrerDomain !== $domain) { $_POST = array(); }
require_once 'ia.output.php'; $modulesPath = IA_INSTALL . 'modules' . IA_DS; if (is_dir($modulesPath)) { if ($directory = opendir($modulesPath)) { while ($file = readdir($directory)) { $pos = strpos($file, 'module.'); if ($pos !== false && $pos == 0) { list(, $mod, ) = explode('.', $file); switch ($mod) { case 'install': $modules[] = $mod; break; case 'upgrade': if (iaHelper::isScriptInstalled()) { $iaUsers = iaHelper::loadCoreClass('users', 'core'); if ($mod == $module || iaUsers::hasIdentity() && iaUsers::MEMBERSHIP_ADMINISTRATOR == iaUsers::getIdentity()->usergroup_id) { $modules[] = $mod; } } break; default: $modules[] = $mod; } } } closedir($directory); } } if (empty($modules)) { header('HTTP/1.0 403'); exit('Forbidden.');
<?php //##copyright## $iaOutput->layout()->title = 'Upgrade Wizard'; $iaOutput->steps = array('check' => 'Pre-Upgrade Check', 'download' => 'Download Patch', 'backup' => 'Backup', 'finish' => 'Upgrade'); if (!isset($iaOutput->steps[$iaOutput->step]) && $iaOutput->step != 'rollback') { iaHelper::redirect('upgrade/'); } if (!iaUsers::hasIdentity() || iaUsers::MEMBERSHIP_ADMINISTRATOR != iaUsers::getIdentity()->usergroup_id) { $iaOutput->steps = array('check' => $iaOutput->layout()->title); $iaOutput->errorCode = 'authorization'; $step = 'check'; return false; } switch ($step) { case 'check': $patchVersion = trim($_SERVER['REQUEST_URI'], '/'); $patchVersion = explode('/', $patchVersion); $patchVersion = end($patchVersion); if (!preg_match('#\\d{1}\\.\\d{1}\\.\\d{1}#', $patchVersion)) { if (!isset($_SESSION['upgrade_to']) && empty($_SESSION['upgrade_to'])) { $iaOutput->errorCode = 'version'; } } else { $_SESSION['upgrade_to'] = $patchVersion; } if (!iaHelper::hasAccessToRemote()) { $iaOutput->errorCode = 'remote'; } if (isset($_SESSION['upgrade_to'])) { $iaOutput->version = $_SESSION['upgrade_to'];
$message = iaLanguage::get('new_password_sent'); } } elseif ($_POST && empty($_POST['email'])) { $error = true; $message = iaLanguage::get('error_email_incorrect'); } $iaView->assign('message', $message); $iaView->assign('result', !$error); } } if (iaView::REQUEST_HTML == $iaView->getRequestType()) { if (!$iaCore->get('members_enabled')) { return iaView::errorPage(iaView::ERROR_NOT_FOUND); } $iaCore->factory('util'); if (iaUsers::hasIdentity()) { iaUtil::go_to(IA_URL . 'profile/'); } $memberId = null; $error = false; $messages = array(); $itemData = array(); if ('member_password_forgot' == $iaView->name()) { $code = isset($_GET['code']) ? trim($_GET['code']) : false; $email = isset($_POST['email']) ? $_POST['email'] : (isset($_GET['email']) ? $_GET['email'] : ''); $form = false === $code ? 'request' : 'confirm'; if ($email) { if ($form != 'confirm' && !iaValidate::isCaptchaValid()) { $error = true; $messages[] = iaLanguage::get('confirmation_code_incorrect'); }
function smarty_function_ia_menu($params, Smarty_Internal_Template &$smarty) { if (!isset($params['menus']) || empty($params['menus'])) { return ''; } $iaCore = iaCore::instance(); if (isset($params['loginout']) && $params['loginout'] && $iaCore->get('members_enabled')) { $iaCore->factory('users'); $menuDefaults = array('parent_id' => 0, 'el_id' => '0_000', 'menu' => 1, 'level' => 0, 'nofollow' => true); $currentPage = $iaCore->iaView->name(); if (iaUsers::hasIdentity()) { $params['menus'][0][] = array_merge($menuDefaults, array('id' => -1, 'page_name' => 'logout', 'new_window' => 0, 'text' => iaLanguage::get('logout'), 'url' => 'logout/', 'active' => 'logout' == $currentPage)); } else { $params['menus'][0][] = array_merge($menuDefaults, array('id' => -1, 'page_name' => 'login', 'new_window' => 0, 'text' => iaLanguage::get('page_title_login'), 'url' => 'login/', 'active' => 'login' == $currentPage)); $params['menus'][0][] = array_merge($menuDefaults, array('id' => 0, 'page_name' => 'member_registration', 'new_window' => 0, 'text' => iaLanguage::get('page_title_member_registration'), 'url' => 'registration/', 'active' => 'member_registration' == $currentPage)); } } $level = isset($params['level']) ? (int) $params['level'] : false; $tpl = isset($params['tpl']) ? $params['tpl'] : 'ul'; $classname = isset($params['class']) ? $params['class'] : 'level'; $textAfter = isset($params['after']) ? $params['after'] : ''; $textBefore = isset($params['before']) ? $params['before'] : ''; // TODO: add menus only of particular level if ($level !== false) { $alreadyShown = false; $list = array(); $menus = $params['menus']; foreach ($menus as $pid => $children) { $check = false; foreach ($children as $child) { if ($child['level'] == $level) { $check = true; break; } } if ($check) { $hide = $iaCore->iaView->get('id') == $pid ? true : false; $list[$pid] = array('children' => $children, 'hide' => $hide); if ($hide === false) { $alreadyShown = true; } } } unset($menus); echo $textBefore; foreach ($list as $pid => $item) { if ($alreadyShown === false) { $item['hide'] = false; $alreadyShown = true; } $smarty->assign('text_before', ''); $smarty->assign('text_after', ''); $smarty->assign('menu_children', true); $smarty->assign('menus', array($pid => $item['children'])); $smarty->assign('menu_class', $classname); $smarty->display('menu-' . $tpl . '.tpl', $tpl . mt_rand(1000, 9999)); } echo $textAfter; } else { $smarty->assign('text_before', $textBefore); $smarty->assign('text_after', $textAfter); $smarty->assign('menus', $params['menus']); $smarty->assign('menu_class', $classname); $smarty->display('menu-' . $tpl . '.tpl', $tpl . mt_rand(1000, 9999)); } }