check_formkey PHP代码示例

示例#1

0

显示文件

文件： class.users.php 项目： SjayLiFe/CTRev

 /**
  * Проверка сессии в АЦ
  * @param string $module имя модуля
  * @param bool $onlylink только получение ссылки?(тобишь без переадресаций)
  * @param bool $hardmode для АЦ, к примеру. Проверяет SID, даже если отсутствует
  * @return bool в АЦ?
  */
 public function check_inadmin($module, $onlylink = false, $hardmode = false)
 {
     $baseurl = globals::g('baseurl');
     if ($hardmode) {
         $onlylink = false;
     } elseif (!$this->perms['can_acp'] || !$_REQUEST['sid'] && !$onlylink) {
         return false;
     }
     $sid = get_formkey(null, "sid");
     if ($_SESSION['sid'] != $sid) {
         $_SESSION['sid'] = '';
     }
     if (!$_REQUEST['sid'] && $_SESSION['sid']) {
         // Дабы не входить снова, если SID отсутствует
         $sid = $_SESSION['sid'];
     }
     // Но переадресация нужна
     $afile = $baseurl . "admincp.php?sid=";
     $eadmin_file = $afile . $sid;
     globals::s('eadmin_file', $eadmin_file);
     if (!$onlylink) {
         try {
             check_formkey("sid");
         } catch (EngineException $e) {
             if ($hardmode && (!$_SESSION['sid'] || $_REQUEST['sid'])) {
                 $this->acp_login($afile);
             }
             furl::o()->location($eadmin_file);
         }
     }
     $this->acp_modules();
     if ($module && $this->perms['can_acp'] == 1) {
         if (!in_array($module, (array) $this->perms['acp_modules'])) {
             if (!$onlylink) {
                 furl::o()->location($eadmin_file);
             } else {
                 return false;
             }
         }
     }
     tpl::o()->assign("admin_sid", 'sid=' . $sid);
     tpl::o()->assign("eadmin_file", $eadmin_file);
     return true;
 }

示例#2

0

显示文件

文件： content.php 项目： SjayLiFe/CTRev

 /**
  * Удаление контента
  * @param int $id ID контента
  * @return null
  * @throws EngineException 
  */
 public function delete($id)
 {
     check_formkey();
     $id = (int) $id;
     $lj = $cols = "";
     if ($this->tstate) {
         $cols = ", t.screenshots";
         $lj = ' LEFT JOIN content_torrents AS t ON t.cid=c.id';
     }
     $row = db::o()->p($id)->query('SELECT c.poster_id, c.title, c.posted_time, 
         p.id AS poll_id ' . $cols . ' FROM content AS c ' . $lj . '
             LEFT JOIN polls AS p ON p.type="content" AND p.toid=c.id
             WHERE c.id=? LIMIT 1');
     list($poster_id, $title, $posted_time, $pid, $screenshots) = db::o()->fetch_row($row);
     if ($row) {
         if (users::o()->v('id') == $poster_id) {
             users::o()->check_perms('del_content');
         } else {
             users::o()->check_perms('del_content', '2');
         }
     } else {
         throw new EngineException('content_not_exists');
     }
     db::o()->p($id)->delete('content', 'WHERE id=? LIMIT 1');
     if ($this->tstate) {
         db::o()->p($id)->delete('content_torrents', 'WHERE cid=? LIMIT 1');
         db::o()->p($id)->delete('content_downloaded', 'WHERE tid=? LIMIT 1');
         db::o()->p($id)->delete('content_peers', 'WHERE tid=? LIMIT 1');
         cache::o()->remove("details/l-id" . $id);
         $this->delete_files($posted_time, $poster_id, $screenshots);
     }
     try {
         plugins::o()->pass_data(array('id' => $id), true)->run_hook('content_delete');
     } catch (PReturn $e) {
         return $e->r();
     }
     db::o()->p($id)->delete('content_readed', 'WHERE content_id=? LIMIT 1');
     /* @var $etc etc */
     $etc = n("etc");
     $etc->add_res('content', -1, '', $poster_id);
     log_add("deleted_content", "user", array($title));
     users::o()->admin_mode();
     n("comments")->change_type('content')->clear($id);
     n("rating")->change_type('content')->clear($id);
     n("mailer")->change_type('content')->remove($id);
     if ($pid) {
         n("polls")->delete($pid);
     }
     users::o()->admin_mode(false);
 }

示例#3

0

显示文件

文件： chat.php 项目： SjayLiFe/CTRev

 /**
  * Сохранение сообщения чата
  * @param string $text
  * @param int $id ID сообщения
  * @return null
  * @throws EngineException
  */
 public function save($text, $id = null)
 {
     check_formkey();
     $text = trim($text);
     if (!$text) {
         return;
     }
     $id = (int) $id;
     if (!$id) {
         users::o()->check_perms('chat', 2, 2);
     } else {
         users::o()->check_perms('edit_chat');
     }
     $update = array();
     $update["text"] = $text;
     $update["edited_time"] = time();
     try {
         plugins::o()->pass_data(array('update' => &$update, 'id' => $id), true)->run_hook('chat_save');
     } catch (PReturn $e) {
         return $e->r();
     }
     if (!$id) {
         $update["poster_id"] = users::o()->v('id') ? users::o()->v('id') : -1;
         $update["posted_time"] = time();
         db::o()->delete("chat_deleted", "WHERE id=0");
         db::o()->insert($update, 'chat');
     } else {
         db::o()->p($id, users::o()->v('id'))->update($update, 'chat', 'WHERE id=?' . (!users::o()->perm('edit_chat', 2) ? " AND poster_id=?" : "") . ' LIMIT 1');
     }
 }

示例#4

0

显示文件

文件： comments_manage.php 项目： SjayLiFe/CTRev

 /**
  * Метод удаления комментария
  * @param int $id ID комментария
  * @return null
  * @throws EngineException
  */
 protected function delete($id)
 {
     check_formkey();
     $id = (int) $id;
     lang::o()->get('comments');
     if (!$id) {
         throw new EngineException();
     }
     $this->comments->delete($id);
 }

示例#5

0

显示文件

文件： usercp.php 项目： SjayLiFe/CTRev

 /**
  * Функция очистки аватары
  * @param bool $not_update не обновлять
  * @return null
  * @throws EngineException
  */
 protected function clear_avatar($not_update = false)
 {
     $avatar = users::o()->v('avatar');
     /* @var $etc etc */
     $etc = n("etc");
     $id = users::o()->v('id');
     if (!$not_update) {
         $inadmin = users::o()->check_inadmin("users");
         if (!$inadmin) {
             check_formkey();
         } else {
             $id = (int) $_GET['id'];
             $a = $etc->select_user($id, '', 'avatar');
             if (!$a) {
                 throw new EngineException();
             }
             $avatar = $a['avatar'];
         }
         db::o()->p($id)->update(array("avatar" => ""), "users", 'WHERE id=? LIMIT 1');
     }
     $etc->remove_user_avatar($id, $avatar);
 }

示例#6

0

显示文件

文件： messages.php 项目： SjayLiFe/CTRev

 /**
  * Функция удаления ЛС
  * @param int|array $ids ID ЛС
  * @return null
  * @throws EngineException
  */
 public function delete($ids)
 {
     check_formkey();
     if (!$ids) {
         return;
     }
     if (!is_array($ids)) {
         $where = 'id=?';
     } else {
         $where = 'id IN(@' . count($ids) . '?)';
     }
     if (!users::o()->check_adminmode()) {
         $uid = users::o()->v('id');
         $uwhere = $where;
         $where .= ' AND ((sender=? AND deleted="2") OR (receiver=? AND deleted="1"))';
         $uwhere .= ' AND (sender=? OR receiver=?) AND deleted="0"';
         db::o()->p($ids, $uid, $uid)->update(array("_cb_deleted" => 'IF(sender=' . $uid . ',"1","2")'), "pmessages", 'WHERE ' . $uwhere);
     }
     db::o()->p($ids, $uid, $uid)->delete("pmessages", 'WHERE ' . $where);
 }

示例#7

0

显示文件

文件： news.php 项目： SjayLiFe/CTRev

 /**
  * Удаление новости
  * @param int $id ID новости
  * @return null
  * @throws EngineException 
  */
 public function delete($id)
 {
     $id = (int) $id;
     check_formkey();
     list($pid, $title) = db::o()->fetch_row(db::o()->p($id)->query('SELECT poster_id, title FROM news
             WHERE id=? LIMIT 1'));
     if ($pid) {
         if (users::o()->v('id') == $pid) {
             users::o()->check_perms('del_news');
         } else {
             users::o()->check_perms('del_news', '2');
         }
     } else {
         throw new EngineException('news_are_not_exists');
     }
     db::o()->p($id)->delete('news', 'WHERE id=? LIMIT 1');
     cache::o()->remove('news');
     log_add("deleted_news", "user", array($title));
 }

PHP check_formkey示例