/**
* Check if user is permament banned in database and display ban.tpl theme
*/
public function init()
{
$ip = system::getInstance()->getRealIp();
$time = time();
$userid = user::getInstance()->get('id');
if ($userid > 0) {
$stmt = database::getInstance()->con()->prepare("SELECT COUNT(*) FROM " . property::getInstance()->get('db_prefix') . "_user_block WHERE (user_id = ? or ip = ?) AND (express > ? OR express = 0)");
$stmt->bindParam(1, $userid, \PDO::PARAM_INT);
$stmt->bindParam(2, $ip, \PDO::PARAM_STR);
$stmt->bindParam(3, $time, \PDO::PARAM_INT);
$stmt->execute();
} else {
$stmt = database::getInstance()->con()->prepare("SELECT COUNT(*) FROM " . property::getInstance()->get('db_prefix') . "_user_block WHERE ip = ? AND (express > ? OR express = 0)");
$stmt->bindParam(1, $ip, \PDO::PARAM_STR);
$stmt->bindParam(2, $time, \PDO::PARAM_INT);
$stmt->execute();
}
$rowFetch = $stmt->fetch();
$count = $rowFetch[0];
if ($count > 0) {
// block founded in db
$content = template::getInstance()->twigRender('ban.tpl', array('local' => array('admin_email' => property::getInstance()->get('mail_from'))));
template::getInstance()->justPrint($content);
}
}
public function init()
{
if (database::getInstance()->isDown() || !property::getInstance()->get('collect_statistic')) {
return;
}
$realip = system::getInstance()->getRealIp();
$visittime = time();
$browser = self::user_browser($_SERVER['HTTP_USER_AGENT']);
$os = self::user_os($_SERVER['HTTP_USER_AGENT']);
$cookie = $_COOKIE['source'] ?: '';
$userid = user::getInstance()->get('id');
if ($userid == null) {
$userid = 0;
}
if ($cookie == null) {
$settime = $visittime + 365 * 24 * 60 * 60;
setcookie('source', system::getInstance()->md5random(), $settime, '/');
$cookie = '';
}
$referer = $_SERVER['HTTP_REFERER'] ?: '';
$path = $_SERVER['REQUEST_URI'] ?: '';
$query = "INSERT INTO " . property::getInstance()->get('db_prefix') . "_statistic (ip, cookie, browser, os, time, referer, path, reg_id) VALUES(?, ?, ?, ?, ?, ?, ?, ?)";
$stmt = database::getInstance()->con()->prepare($query);
$stmt->bindParam(1, $realip, \PDO::PARAM_STR);
$stmt->bindParam(2, $cookie, \PDO::PARAM_STR, 32);
$stmt->bindParam(3, $browser, \PDO::PARAM_STR);
$stmt->bindParam(4, $os, \PDO::PARAM_STR);
$stmt->bindParam(5, $visittime, \PDO::PARAM_INT);
$stmt->bindParam(6, $referer, \PDO::PARAM_STR);
$stmt->bindParam(7, $path, \PDO::PARAM_STR);
$stmt->bindParam(8, $userid, \PDO::PARAM_INT);
$stmt->execute();
}
/**
* Check current form usage is safe for CSRF attack. Form must have <input type="hidden" name="csrf_token" value="{{system.csrf_token}}" />
* @return bool
*/
public function check()
{
$p_token = null;
$c_token = $_SESSION['csrf_token']['data'];
$referer = $_SERVER['HTTP_REFERER'];
// raw prevent - analys referer header
if ($referer != null && system::getInstance()->length($referer) > 0) {
if (!system::getInstance()->prefixEquals($referer, property::getInstance()->get('script_url'))) {
return false;
}
}
if (system::getInstance()->length(system::getInstance()->post('csrf_token')) >= 32 && system::getInstance()->length(system::getInstance()->post('csrf_token')) <= 128) {
$p_token = system::getInstance()->post('csrf_token');
} elseif (system::getInstance()->length(system::getInstance()->get('csrf_token')) >= 32 && system::getInstance()->length(system::getInstance()->get('csrf_token')) <= 128) {
$p_token = system::getInstance()->get('csrf_token');
}
if ($p_token == null) {
return false;
}
if ($c_token == null) {
return false;
}
if ($c_token != $p_token) {
return false;
}
return true;
}
/**
* Set use langauge for this session. As default this function was called from router on build process.
* @param string $language
*/
public function setUseLanguage($language)
{
$file = root . '/language/' . $language . '.ini';
$addfile = root . '/language/' . $language . '.custom.ini';
$this->getLanguageFile($file);
$this->getLanguageFile($addfile);
// additional theme lang file
$theme_langfile = root . '/' . property::getInstance()->get('tpl_dir') . '/' . property::getInstance()->get('tpl_name') . '/' . $language . '.ini';
$this->getLanguageFile($theme_langfile);
$this->userLang = $language;
}
public function compile()
{
template::getInstance()->set(template::TYPE_META, 'description', system::getInstance()->altimplode('. ', $this->metadata['description']));
template::getInstance()->set(template::TYPE_META, 'keywords', system::getInstance()->altimplode('. ', $this->metadata['keywords']));
template::getInstance()->set(template::TYPE_META, 'global_title', $this->metadata['global_title']);
if (property::getInstance()->get('multi_title')) {
template::getInstance()->set(template::TYPE_META, 'title', system::getInstance()->altimplode(" - ", array_reverse($this->metadata['title'])));
} else {
template::getInstance()->set(template::TYPE_META, 'title', array_pop($this->metadata['title']));
}
template::getInstance()->set(template::TYPE_META, 'generator', 'FFCMS engine: ffcms.ru. Version: ' . version);
}
public function make()
{
if (!property::getInstance()->get('maintenance')) {
// is not a maintenance mod
return;
}
if (permission::getInstance()->have('admin/main')) {
// not show for admin
return;
}
$login_form = extension::getInstance()->call(extension::TYPE_COMPONENT, 'user')->viewLogin();
// call to login view & worker
$tpl = template::getInstance()->twigRender('maintenance.tpl', array('login_form' => $login_form));
// render with login form
template::getInstance()->justPrint($tpl, array());
}
public function init()
{
if (is_null($this->link)) {
if (file_exists(root . '/config.php')) {
try {
$this->link = @new \PDO("mysql:host=" . property::getInstance()->get('db_host') . ";dbname=" . property::getInstance()->get('db_name') . "", property::getInstance()->get('db_user'), property::getInstance()->get('db_pass'), array(\PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true, \PDO::ATTR_EMULATE_PREPARES => false, \PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8", \PDO::ATTR_ERRMODE => \PDO::ERRMODE_EXCEPTION, \PDO::ATTR_PERSISTENT => false));
} catch (\PDOException $e) {
if (loader != 'install') {
logger::getInstance()->log(logger::LEVEL_ERR, "Database is down! Check configuration and database server uplink! Log: " . $e->getMessage());
exit(language::getInstance()->get('database_down_desc') . " " . property::getInstance()->get('mail_from'));
}
}
} else {
logger::getInstance()->log(logger::LEVEL_ERR, "Configuration file /config.php is not available - database connect FAIL!");
}
}
}
private function loadAllData()
{
if (sizeof($this->full_access_data) < 1) {
$query = database::getInstance()->con()->query("SELECT * FROM " . property::getInstance()->get('db_prefix') . "_user_access_level");
$this->full_access_data = $query->fetchAll(\PDO::FETCH_ASSOC);
}
}
private function viewUpdate()
{
$params = array();
if (!file_exists(root . "/install/.update-" . version)) {
$params['notify']['unlock_update'] = true;
}
$install_log = @file_get_contents(root . "/install/.update-" . version);
if ($install_log == "locked") {
$params['notify']['locked_update'] = true;
}
if (!$this->isInstalled()) {
$params['notify']['not_installed'] = true;
} else {
$stmt = database::getInstance()->con()->query("SELECT `version` FROM `" . property::getInstance()->get('db_prefix') . "_version` LIMIT 1");
$res = $stmt->fetch(\PDO::FETCH_ASSOC);
$usedVersion = $res['version'];
if ($usedVersion == version) {
$params['notify']['actual_version'] = true;
}
$updateQuery = null;
if (sizeof($params['notify']) == 0) {
if (system::getInstance()->post('startupdate')) {
$update_sql_array_files = $this->foundVersionUpdates($usedVersion, version);
if (is_array($update_sql_array_files)) {
foreach ($update_sql_array_files as $update_file) {
$updateQuery .= @file_get_contents(root . '/install/sql/' . $update_file) . '\\n';
}
}
if ($updateQuery != null) {
$updateQuery = str_replace('{$db_prefix}', property::getInstance()->get('db_prefix'), $updateQuery);
database::getInstance()->con()->exec($updateQuery);
@file_put_contents(root . "/install/.update-" . version, 'locked');
// only 1 run
$params['notify']['success'] = true;
} else {
$params['notify']['nosql_data'] = true;
}
}
}
}
return template::getInstance()->twigRender('update.tpl', $params);
}
public function nolang_uri()
{
$uri = system::getInstance()->altexplode('/', router::getInstance()->getUriString());
if (!property::getInstance()->get('user_friendly_url')) {
// remove /index.php if non friendy urls
array_shift($uri);
}
if (property::getInstance()->get('use_multi_language')) {
// remove /ru /en from uri
array_shift($uri);
}
return system::getInstance()->altimplode('/', $uri);
}
private function mysqlDump($dumpname)
{
require_once root . "/resource/phpmysqldumper/MySQLDump.php";
$dumper = new \MySQLDump(new \mysqli(property::getInstance()->get('db_host'), property::getInstance()->get('db_user'), property::getInstance()->get('db_pass'), property::getInstance()->get('db_name')));
$dumper->save(root . $dumpname);
}
public function init()
{
// loadExtensionsData()
$query = "SELECT * FROM " . property::getInstance()->get('db_prefix') . "_extensions";
$stmt = database::getInstance()->con()->query($query);
$result = $stmt->fetchAll(\PDO::FETCH_ASSOC);
foreach ($result as $row) {
foreach ($row as $key => $value) {
$this->extconfigs[$row['type']][$row['dir']][$key] = $value;
}
}
}
/**
* Prepare language info from input data.
*/
private function prepareLanguages()
{
$lang = null;
if (loader === 'front' && router::getInstance()->getPathLanguage() != null && language::getInstance()->canUse($this->getPathLanguage())) {
// did we have language in path for front iface?
$lang = router::getInstance()->getPathLanguage();
} elseif ((loader === 'api' || loader === 'install') && language::getInstance()->canUse($_COOKIE['ffcms_lang'])) {
// did language defined for API scripts?
$lang = $_COOKIE['ffcms_lang'];
} elseif ($_SERVER['HTTP_ACCEPT_LANGUAGE'] != null && language::getInstance()->canUse(substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2)) && loader !== 'back') {
// did we have lang mark in browser?
$lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
} else {
// no ? then use default language
$lang = property::getInstance()->get('lang');
}
language::getInstance()->setUseLanguage($lang);
}
/**
* Check if $user_id can change karma rating for $target_id
* @param $target_id
* @param int $user_id
* @return bool
*/
public function canKarmaChange($target_id, $user_id = 0)
{
if ($user_id == 0) {
$user_id = $this->get('id');
}
if ($user_id == $target_id || $user_id == 0) {
return false;
}
if (!isset($this->karmadata[$user_id])) {
$check_date = strtotime('-1 day');
$stmt = database::getInstance()->con()->prepare("SELECT `to_id` FROM " . property::getInstance()->get('db_prefix') . "_user_karma WHERE `from_id` = ? AND `date` >= ?");
$stmt->bindParam(1, $user_id, \PDO::PARAM_STR);
$stmt->bindParam(2, $check_date, \PDO::PARAM_INT);
$stmt->execute();
$result = $stmt->fetchAll(\PDO::FETCH_ASSOC);
$stmt = null;
foreach ($result as $row) {
$this->karmadata[$user_id][] = $row['to_id'];
}
}
return !in_array($target_id, $this->karmadata[$user_id]);
}