function isConnected($URL = FALSE) { if (!SESSION("ZanUser")) { redirect($URL); } return TRUE; }
/** * Sessions Helper * * * * @package ZanPHP * @subpackage core * @category helpers * @author MilkZoft Developer Team * @link http://www.zanphp.com/documentation/en/helpers/security_helper */ function cacheSession($cacheID) { if (SESSION("ZanUser")) { return $cacheID . "." . SESSION("ZanUser"); } return $cacheID . ".guest"; }
public function index() { if ($this->_get('token') != session('token')) { $this->error('非法操作'); } $token_open = M('token_open')->field('queryname')->where(array('token' => session('token')))->find(); //dump($token_open); if (!strpos($token_open['queryname'], 'api')) { $this->error('您还开启该模块的使用权,请到功能模块中添加', U('Function/index', array('token' => session('token'), 'id' => session('wxid')))); } $data = D('Api'); $this->assign('api', $data->where(array('token' => session('token'), 'uid' => session('uid')))->find()); if (IS_POST) { $_POST['uid'] = SESSION('uid'); $_POST['token'] = SESSION('token'); //if(empty($_POST['home']))unset($_POST['home']); if ($data->create()) { if ($data->add()) { $this->success('操作成功'); } else { $this->error('服务器繁忙,请稍候再试'); } } else { $this->error($data->getError()); } } else { $this->display(); } }
public function _initialize() { if (!SESSION('?ADMIN_STATE')) { $this->redirect('Admin/Login/index'); } $this->webTitle = '后台管理'; }
private function editOrSave($action) { $validations = array("title" => "required", "URL" => "ping"); if (POST("code")) { unset($validations["URL"]); } $data = array("ID_User" => SESSION("ZanUserID"), "Start_Date" => now(4), "End_Date" => now(4) + 2419200); if ($action === "edit") { $this->Data->ignore("banner"); } $this->data = $this->Data->proccess($data, $validations); if (isset($this->data["error"])) { return $this->data["error"]; } if (FILES("image", "name")) { if (POST("banner")) { @unlink(POST("banner")); } $dir = "www/lib/files/images/ads/"; $this->Files = $this->core("Files"); $this->data["Banner"] = $this->Files->uploadImage($dir, "image", "normal"); if (!$this->data["Banner"]) { return getAlert("Upload error"); } } else { if (!isset($this->data["Code"])) { return getAlert("You need to upload an image or write the ad code"); } } }
private function editOrSave($action) { $validations = array("exists" => array("Slug" => slug(POST("title", "clean")), "Year" => date("Y"), "Month" => date("m"), "Day" => date("d"), "Language" => POST("language")), "title" => "required", "content" => "required"); $this->categories = POST("categories"); $this->tags = POST("tags"); $this->URL = PATH("blog/" . date("Y")) . "/" . date("m") . "/" . date("d") . "/" . slug(POST("title", "clean")); $this->muralExist = POST("mural_exist"); $this->Files = $this->core("Files"); $this->mural = FILES("mural"); if ($this->mural["name"] !== "") { $dir = "www/lib/files/images/mural/"; $this->mural = $this->Files->uploadImage($dir, "mural", "mural"); if (is_array($this->mural)) { return $this->mural["alert"]; } } $dir = "www/lib/files/images/blog/"; $this->image = $this->Files->uploadImage($dir, "image", "resize", TRUE, TRUE, FALSE); $data = array("ID_User" => SESSION("ZanUserID"), "ID_URL" => 1, "Slug" => slug(POST("title", "clean")), "Content" => POST("content", "clean"), "Author" => SESSION("ZanUser"), "Year" => date("Y"), "Month" => date("m"), "Day" => date("d"), "Image_Small" => isset($this->image["small"]) ? $this->image["small"] : NULL, "Image_Medium" => isset($this->image["medium"]) ? $this->image["medium"] : NULL, "Pwd" => POST("pwd") ? POST("pwd", "encrypt") : NULL, "Start_Date" => now(4), "Text_Date" => now(2)); $this->Data->ignore(array("categories", "tags", "mural_exists", "mural", "pwd", "category", "language_category", "application", "mural_exist")); $this->data = $this->Data->proccess($data, $validations); if (isset($this->data["error"])) { return $this->data["error"]; } }
function getOnlineUsers() { global $Load; $Db = $Load->core("Db"); $date = time(); $time = 10; $time = $date - $time * 60; $IP = getIP(); $user = SESSION("ZanUser"); $Db->deleteBySQL("Start_Date < {$time}", "users_online_anonymous"); $Db->deleteBySQL("Start_Date < {$time}", "users_online"); if ($user) { $users = $Db->findBy("User", $user, "users_online"); if (!$users) { $Db->insert("users_online", array("User" => $user, "Start_Date" => $date)); } else { $Db->updateBySQL("users_online", "Start_Date = '{$date}' WHERE User = '******'"); } } else { $users = $Db->findBy("IP", $IP, "users_online_anonymous"); if (!$users) { $Db->insert("users_online_anonymous", array("IP" => $IP, "Start_Date" => $date)); } else { $Db->updateBySQL("users_online", "Start_Date = '{$date}' WHERE IP = '{$IP}'"); } } }
public function insert() { $tj = M('Huadianposter')->where(array('token' => SESSION('token'), 'subestatename' => $_POST['subestatename']))->count(); if ($tj == 0) { $this->all_insert(); } else { $this->error('操作失败,已有记录!请删除原有分类海报!', U(MODULE_NAME . '/index')); } }
public function insert() { $tj = M('Cosmetology')->where(array('token' => SESSION('token')))->count(); if ($tj == 0) { $this->all_insert(); } else { $this->error('操作失败', U(MODULE_NAME . '/index')); } }
private function editOrSave() { $validations = array("title" => "required", "URL" => "ping"); $data = array("ID_User" => SESSION("ZanUserID")); $this->data = $this->Data->proccess($data, $validations); if (isset($this->data["error"])) { return $this->data["error"]; } }
function getTwitterUser($oauthToken, $Twitter) { $Twitter->setToken($oauthToken); $accessToken = $Twitter->getAccessToken(); $Twitter->setToken($accessToken->oauth_token, $accessToken->oauth_token_secret); SESSION("ZanUserServiceAccessToken", $accessToken->oauth_token); SESSION("ZanUserServiceAccessTokenSecret", $accessToken->oauth_token_secret); $data = $Twitter->get_accountVerify_credentials(); return array("service" => "twitter", "serviceID" => $data->id, "username" => $data->screen_name, "name" => $data->name, "email" => null, "birthday" => null, "avatar" => $data->profile_image_url_https); }
private function editOrSave() { $validations = array("exists" => array("Slug" => slug(POST("title", "clean")), "Language" => POST("language")), "title" => "required", "content" => "required"); $data = array("ID_User" => SESSION("ZanUserID"), "Slug" => slug(POST("title", "clean")), "Content" => POST("content", "clean"), "Start_Date" => now(4), "Text_Date" => now(2)); $this->data = $this->Data->proccess($data, $validations); if (isset($this->data["error"])) { return $this->data["error"]; } return FALSE; }
/** * [登录信息检测] * @param [array] $post [用户名,密码] * @return [boolen] [description] */ public function checkLoad($post) { $uid = $this->where('user="******" and pwd="' . md5($post['pwd']) . '"')->getField('uid'); if ($uid) { SESSION('uid', $uid); SESSION('user', $post[user]); $res = true; } else { $res = false; } return $res; }
function apply_settings($password, $password2, $realname) { global $LSP_URL; if ($password != $password2) { display_error('Password mismatch'); return false; } else { change_user(SESSION(), $realname, $password); display_success('Account settings have been updated', array('<a href="">User Settings</a>', 'Success'), $LSP_URL . "?account=settings"); return true; } }
function getFacebookUser($code) { $response = file_get_contents("https://graph.facebook.com/oauth/access_token?client_id=" . FB_APP_ID . "&redirect_uri=" . encode(FB_APP_URL, true) . "&client_secret=" . FB_APP_SECRET . "&code=" . $code); $params = null; parse_str($response, $params); if (isset($params["access_token"])) { SESSION("ZanUserServiceAccessToken", $params["access_token"]); $graphURL = "https://graph.facebook.com/me?fields=" . FB_APP_FIELDS . "&access_token=" . $params["access_token"]; $user = json_decode(file_get_contents($graphURL)); return array("serviceID" => $user->id, "username" => $user->username, "name" => $user->name, "email" => $user->email, "birthday" => $user->birthday, "avatar" => $user->picture->data->url); } return false; }
private function all($trash, $order, $limit) { if (!$trash) { if (SESSION("ZanUserPrivilege") === _super) { $data = $this->Db->findBySQL("Situation != 'Deleted'", $this->table, NULL, $order, $limit); } else { $data = $this->Db->findBySQL("ID_User = '******' AND Situation != 'Deleted'", NULL, $order, $limit); } } else { if (SESSION("ZanUserPrivilege") === _super) { $data = $this->Db->findBy("Situation", "Deleted", $this->table, NULL, $order, $limit); } else { $data = $this->Db->findBySQL("ID_User = '******' AND Situation = 'Deleted'", $this->table, NULL, $order, $limit); } } return $data; }
public function insert() { $token = $this->_get('token'); $id = $this->_get('id'); $tj = M('Cosmetology_setup_control')->where(array('token' => SESSION('token')))->count(); $this->assign('tj', $tj); if ($tj == 0) { $column = D('Cosmetology_setup_control'); if ($column->create()) { if ($column->add()) { $this->success('添加成功', U('Cosmetology_setup_control/index', array('token' => $token))); } else { $this->error('添加成功', U('Cosmetology_setup_control/index', array('token' => $token, 'token' => $id))); } } } else { $this->error('添加失败', U('Cosmetology_setup_control/index', array('token' => SESSION('token')))); } }
public function add() { $data = D('Api'); if (IS_POST) { $_POST['uid'] = SESSION('uid'); $_POST['token'] = SESSION('token'); if ($data->create()) { if ($data->add()) { $this->success('操作成功', U('Api/index', array('token' => $this->token))); } else { $this->error('操作无效'); } } else { $this->error($data->getError()); } } else { $this->display(); } }
public function add() { $data = D('Api'); if (IS_POST) { $_POST['uid'] = SESSION('uid'); $_POST['token'] = SESSION('token'); //if(empty($_POST['home']))unset($_POST['home']); if ($data->create()) { if ($data->add()) { $this->success('操作成功'); } else { $this->error('服务器繁忙,请稍候再试'); } } else { $this->error($data->getError()); } } else { $this->display(); } }
public function index() { $where['id'] = $this->_get('id'); $where['token'] = $this->token; $set = M('email_set')->where($where)->find(); $db = M('email_set'); if (IS_POST) { $_POST['uid'] = SESSION('uid'); $_POST['token'] = SESSION('token'); $_POST['storeid'] = $this->_POST('storeid'); if ($set == false) { if ($db->create() === false) { $this->error($db->getError()); } else { $id = $db->add(); if ($id == true) { $this->success('操作成功', U('Email/lists', array('token' => $this->token))); } else { $this->error('操作失败', U('Email/lists', array('token' => $this->token))); } } } else { $_POST['id'] = $set['id']; if ($db->create() === false) { $this->error($db->getError()); } else { $id = $db->save(); if ($id == true) { $this->success('操作成功', U('Email/lists', array('token' => $this->token))); } else { $this->error('操作失败', U('Email/lists', array('token' => $this->token))); } } } } else { $this->assign('set', $set); $this->display(); } }
private function editOrSave() { $j = 0; $k = 0; foreach (POST("answers") as $key => $answer) { if ($answer === "") { $j += 1; } else { $k += 1; } } if (count(POST("answers")) === $j) { return getAlert("You need to write a answers"); } elseif ($k < 2) { return getAlert("You need to write more than one answer"); } else { $this->answers = POST("answers"); } $validations = array("title" => "required"); $data = array("ID_User" => SESSION("ZanUserID"), "Start_Date" => now(4), "Text_Date" => now(2)); $this->Data->ignore("answers"); $this->data = $this->Data->proccess($data, $validations); }
public function index() { $set = $this->printer_set; $db = $this->printer_model; if (IS_POST) { $_POST['uid'] = SESSION('uid'); $_POST['token'] = SESSION('token'); if ($set == false) { if ($db->create() === false) { $this->error($db->getError()); } else { $id = $db->add(); if ($id == true) { $this->success('操作成功', U('Printer/lists', array('token' => $this->token))); } else { $this->error('操作失败', U('Printer/lists', array('token' => $this->token))); } } } else { $_POST['id'] = $set['id']; if ($db->create() === false) { $this->error($db->getError()); } else { $id = $db->save(); if ($id == true) { $this->success('操作成功', U('Printer/index', array('token' => $this->token, 'id' => $set['id']))); } else { $this->error('操作失败', U('Printer/index', array('token' => $this->token, 'id' => $set['id']))); } } } } else { $this->assign('set', $set); $this->display(); } }
private function save() { $this->Db->table("url", "URL"); $this->Db->values("'{$this->URL}'"); $insertID1 = $this->Db->save(); if (is_array($this->image)) { $small = $this->image["small"]; $medium = $this->image["medium"]; } else { $small = NULL; $medium = NULL; } $fields = "ID_User, ID_URL, Title, Nice, Content, Author, Start_Date, Text_Date, Year, Month, Day, Image_Small, Image_Medium, "; $fields .= "Enable_Comments, Language, Pwd, State"; $values = "'" . SESSION("ZanUserID") . "', '{$insertID1}', '{$this->title}', '{$this->nice}', '{$this->content}', '{$this->author}', '{$this->date1}', "; $values .= "'{$this->date2}', '{$this->year}', '{$this->month}', '{$this->day}', '{$small}', '{$medium}', '{$this->comments}', "; $values .= "'{$this->language}', '{$this->password}', '{$this->state}'"; $this->Db->table($this->table, $fields); $this->Db->values($values); $insertID2 = $this->Db->save(); if ($this->mural) { $fields = "ID_Post, Title, URL, Image"; $values = "'{$insertID2}', '{$this->title}', '{$this->URL}', '{$this->mural}'"; $this->Db->table("mural", $fields); $this->Db->values($values); $this->Db->save(); } if (is_array($this->categories)) { $this->Db->table("categories2applications"); foreach ($this->categories as $category) { $categories[] = $this->Db->findBy("ID_Category", $category); } $this->Db->table("categories2records", "ID_Category2Application, ID_Record"); foreach ($categories as $category) { $this->Db->values("'" . $category[0]["ID_Category2Application"] . "', '{$insertID2}'"); $insertID3 = $this->Db->save(); } } if (is_array($this->tags)) { foreach ($this->tags as $tag) { $this->Db->table("tags", "Title, Nice"); $this->Db->values("'" . decode($tag) . "', '" . nice($tag) . "'"); $insertID4 = $this->Db->save(); $this->Db->table("tags2applications", "ID_Application, ID_Tag"); $this->Db->values("'3', '{$insertID4}'"); $insertID5 = $this->Db->save(); $this->Db->table("tags2records", "ID_Tag2Application, ID_Record"); $this->Db->values("'{$insertID5}', '{$insertID2}'"); $insertID6 = $this->Db->save(); } } if ($insertID1 === "rollback" or $insertID2 === "rollback") { $this->Db->rollBack(); return getAlert("Insert error"); } else { $this->Db->commit(); return getAlert("The post has been saved correctly", "success", $this->URL); } }
public function isAllow($permission = "view", $application = NULL) { if (SESSION("ZanUserPrivilegeID") and !SESSION("ZanUserApplication")) { $this->Applications_Model = $this->model("Applications_Model"); if (is_null($application)) { $application = whichApplication(); } $privilegeID = SESSION("ZanUserPrivilegeID"); $applicationID = $this->Applications_Model->getID($application); if ($this->getPermissions($privilegeID, $applicationID, $permission)) { return TRUE; } else { return FALSE; } } else { return TRUE; } }
<?php require_once "init.php"; require_once "functions.php"; require_once "views.php"; //save title content first if (POST("submit") == 'create') { $title = POST("title"); $content = POST("content"); $_SESSION['title'] = $title; $_SESSION['content'] = $content; } ?> <?php if (SESSION('login') === true) { $title = POST("title"); $content = POST("content"); $statement = savePost2Database($title, $content); showModalNotification("Post saved!", "New post has saved with post id: {$statement}"); } elseif (POST('submit') == 'login') { $username = $_POST['username']; $password = $_POST['password']; $statement = getEncryptedPassword($username); $encryptedPassword = ""; $o = $statement->fetchObject(); if ($o) { $encryptedPassword = $o->password; } if (strtoupper(md5($password)) == $encryptedPassword) { $_SESSION['login'] = true;
public function trash($ID) { if ($this->application === "users" and SESSION("ZanUserID") === $ID) { return TRUE; } $data = array("Situation" => "Deleted"); if (!is_array($ID)) { $this->Db->update($this->application, $data, $ID); $count = $this->Db->countBySQL("Situation = 'Active'", $this->application); return $count > 0 ? TRUE : FALSE; } else { for ($i = 0; $i <= count($ID) - 1; $i++) { $this->Db->update($this->application, $data, $ID[$i]); } $count = $this->Db->countBySQL("Situation = 'Active'", $this->application); return $count > 0 ? TRUE : FALSE; } }
var URL = "<?php print get('webURL'); ?> "; </script> </head> <body> <?php if ($isAdmin) { ?> <div id="top-bar"> <?php $li[] = a("‹‹" . __(_("Go back")), path()); $li[] = " | " . span("bold", __(_("Welcome"))) . ": " . SESSION("ZanUser"); $li[] = " | " . span("bold", __(_("Online users"))) . ": {$online}"; $li[] = " | " . span("bold", __(_("Registered users"))) . ": {$registered}"; $li[] = " | " . span("bold", __(_("Last user"))) . ": " . a($lastUser["Username"], path("/users/editprofile/")); $li[] = " | " . a(__(_("Logout")) . "››", path("cpanel/logout/")) . ""; print ul($li); ?> </div> <?php } else { ?> <div id="top-bar-logout"> <a href="<?php print path(); ?> " title="<?php
function process_params() { $post_funcs = explode(',', POST_FUNCS); foreach ($post_funcs as $func) { if (!GET_EMPTY($func)) { // Process parametrized functions switch ($func) { case 'rate': update_rating(GET('file'), GET('rate'), SESSION()); break; // break for file/rate, return for all others // break for file/rate, return for all others case 'search': //move down //move down case 'q': get_results(GET('category'), GET('subcategory'), GET('sort'), GET('q', GET('search', '')), '', GET('order'), GET('commentsearch')); return; // default: // do nothing } // Process built-in functions switch ($func . ":" . GET($func)) { case 'comment:add': require "./comment_file.php"; return; case 'content:add': require "./add_file.php"; return; case 'content:update': require "./edit_file.php"; return; case 'content:delete': require "./delete_file.php"; return; case 'account:settings': require "./user_settings.php"; return; case 'action:show': show_file(GET("file"), SESSION()); return; case 'action:register': require "./register.php"; return; case 'action:browse': // Browsing by category seems is currently only supported "browse" option if (!GET_EMPTY('category')) { get_results(GET('category'), GET('subcategory'), GET('sort'), '', '', GET('order')); return; } else { if (!GET_EMPTY('user')) { get_results(GET('category'), GET('subcategory'), GET('sort'), '', GET('user'), GET('order')); return; } } // default: // do nothing } } } // All else fails, show the "Latest Uploads" page get_latest(); }
function formCaptcha($attributes = false, $alphanumeric = false) { $hash = md5(getURL()); $HTML = '<input type="hidden" name="captcha_token" value="' . $hash . '" />'; $HTML .= '<input type="hidden" name="captcha_type" value="' . ($alphanumeric ? 'alphanumeric' : 'aritmethic') . '" />'; if (!$alphanumeric) { $attributes["style"] = (isset($attributes["style"]) ? $attributes["style"] : '') . "max-width: 50px; text-align: center;"; $attributes["type"] = "number"; $num1 = rand(1, 9); $num2 = rand(1, 9); switch (rand(1, 3)) { case 1: $operation = '-'; $answer = $num1 - $num2; break; default: $operation = '+'; $answer = $num1 + $num2; } $HTML .= __("How much is ") . (rand(0, 1) === 0 ? $num1 : num2str($num1, true)) . ' ' . $operation . ' ' . (rand(0, 1) === 0 ? $num2 : num2str($num2, true)) . '? '; } else { $attributes["style"] = (isset($attributes["style"]) ? $attributes["style"] : '') . "max-width: 200px; text-align: center;"; $answer = ""; $characters = array("A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "1", "2", "3", "4", "5", "6", "7", "8", "9", "0"); for ($i = 0; $i < 5; $i++) { $answer .= $characters[rand(0, count($characters) - 1)]; } $HTML .= '<img src="' . path("captcha/{$hash}") . '" /><br />'; } SESSION("ZanCaptcha" . $hash, $answer); if (isset($attributes) and is_array($attributes)) { $attrs = null; foreach ($attributes as $attribute => $value) { if ($attribute === "required") { $attrs .= ' required '; } elseif ($attribute === "events") { $attrs .= ' ' . $value . ' '; } elseif ($attribute !== "p" and $attribute !== "field") { if (!preg_match('/"/', $value)) { $attrs .= ' ' . strtolower($attribute) . '="' . $value . '"'; } else { $attrs .= ' ' . strtolower($attribute) . "='" . $value . "'"; } } else { ${$attribute} = $value; } } $HTML .= '<input' . $attrs . ' type="text" /> '; if (isset($p) and $p and isset($field)) { $HTML = '<p><span class="field">» ' . $field . '</span><br />' . $HTML . '</p>'; } elseif (isset($p) and $p) { $HTML = '<p>' . $HTML . '</p>'; } elseif (isset($field)) { $HTML = '<span class="field">» ' . $field . '</span><br />' . $HTML . ''; } return $HTML; } elseif ($attributes) { return $HTML . '<input name="' . $attributes . '" type="text" />'; } else { return null; } }
function unsetSessions($URL = false) { $lastURL = SESSION("lastURL"); session_unset(); session_destroy(); redirect($URL ? $URL : $lastURL); }