private static function _checkPermission()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
}
public static function _checkLog()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
}
public function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
}
public function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
$this->assignToLayout('sidebar', new View('translate/sidebar'));
}
function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
$this->setLayout('backend');
}
public function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
echo 'Please Login';
header('location:index.php?job=login');
}
}
public function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
$this->setLayout('backend');
$this->assignToLayout('sidebar', new View('about/sidebar'), array('abouts' => Record::findAllFrom('About', '1=1 ORDER BY sequence')));
}
public function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
$this->setLayout('backend');
$this->assignToLayout('sidebar', new View('../../plugins/frog_tags/views/sidebar'));
}
function __construct()
{
if (defined('CMS_BACKEND')) {
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
}
}
public function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
$this->setLayout('backend');
$this->assignToLayout('sidebar', new View('testimonial/sidebar'));
}
/**
* Sets up the LoginController.
*/
function __construct()
{
// Redirect to HTTPS for login purposes if requested
if (defined('USE_HTTPS') && USE_HTTPS && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on")) {
$url = "https://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
header("Location: {$url}");
exit;
}
AuthUser::load();
}
public function __construct()
{
// Check to make sure user is logged in.
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
$this->setLayout('backend');
$this->assignToLayout('sidebar', new View('../../plugins/tinymce/views/sidebar'));
}
function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
$_SESSION['assets_folder'] = isset($_SESSION['assets_folder']) ? $_SESSION['assets_folder'] : assets_default_folder();
$this->setLayout('backend');
$this->assignToLayout('sidebar', new View('../../plugins/assets/views/sidebar'));
}
public function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
echo 'Please Login';
header('location:index.php?job=login');
}
//首页最近文章
//$this->recent_post = Article::getPost(5, true);
//侧栏分类
$this->categories = Category::findAll();
if (is_array($this->categories) && count($this->categories) > 0) {
$temp = array();
foreach ($this->categories as $k => $v) {
$temp[$v->id] = get_object_vars($v);
}
$this->cahce_categories = $temp;
$temp = array();
}
//Tags 后期改进为热词形式
$hot_tags = Tag::findAll(20);
//mprint_r($hot_tags, '$hot_tags');
if (count($hot_tags) > 0) {
$first = current($hot_tags);
$last = end($hot_tags);
foreach ($hot_tags as $k => $v) {
$tags_list[$k]['word'] = $v->name;
$tags_list[$k]['size'] = tagClouds($v->count, $first->count, $last->count);
}
}
$this->tags_list = $tags_list;
$tags = Tag::findAll();
//var_dump($tags);
$content_tag = Record::findAllFrom('ContentTag');
//var_dump($content_tag);
//关系表中存在的文章ID以及tag集合到一个数组中tag_cache 避免在遍历生成文章静态页时重复读取数据库
//遍历所有tag 组合出方便调用的形式
if (is_array($tags) && count($tags) > 0) {
$temp_tags = array();
foreach ($tags as $k => $v) {
$temp_tags[$v->id] = $v->name;
}
}
//遍历关系表
if (is_array($content_tag) && count($content_tag) > 0) {
$this->cahce_tags = array();
foreach ($content_tag as $k => $v) {
if (isset($temp_tags[$v->tag_id])) {
$this->cahce_tags[$v->content_id][] = $temp_tags[$v->tag_id];
}
}
}
//清空临时数据
$tags = $content_tag = $temp_tags = array();
}
/**
* Check if user is authorized
*
* @return boolean true is access granted, false if no access
*/
function auth()
{
// You can insert your own code over here to check if the user is authorized.
// This calls credentials from Wolf CMS login
AuthUser::load();
if (AuthUser::isLoggedIn()) {
return true;
} else {
return false;
}
}
private static function _checkPermission()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
} else {
if (!AuthUser::hasPermission('administrator')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}
}
}
function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
if (!AuthUser::hasPermission('admin_view')) {
redirect(URL_PUBLIC);
}
$this->setLayout('backend');
$this->assignToLayout('sidebar', new View('../../plugins/funky_cache/views/sidebar'));
}
function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
} else {
if (!AuthUser::hasPermission('administrator')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}
}
$this->setLayout('backend');
}
/**
* Used to check generic permissions for entire the controller.
*/
private static final function _checkPermission()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
} else {
if (!AuthUser::hasPermission('admin_edit')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
if (Setting::get('default_tab') === 'setting') {
redirect(get_url('page'));
} else {
redirect(get_url());
}
}
}
}
function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
} else {
if (!AuthUser::hasPermission('layout_view')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
if (Setting::get('default_tab') === 'layout') {
redirect(get_url('page'));
} else {
redirect(get_url());
}
}
}
$this->setLayout('backend');
$this->assignToLayout('sidebar', new View('layout/sidebar'));
}
function CKEditorGetConfigs($key = null)
{
$tablename = TABLE_PREFIX . 'plugin_settings';
try {
$PDO = new PDO(DB_DSN, DB_USER, DB_PASS);
if ($PDO->getAttribute(PDO::ATTR_DRIVER_NAME) == 'mysql') {
$PDO->setAttribute(PDO::MYSQL_ATTR_USE_BUFFERED_QUERY, true);
}
} catch (PDOException $error) {
try {
require_once substrtruncate($_SERVER['SCRIPT_FILENAME'], '/plugins') . '/libraries/DoLite.php';
$PDO = new DoLite(DB_DSN, DB_USER, DB_PASS);
} catch (PDOException $error) {
die('DB Connection failed: ' . $error->getMessage());
}
}
Record::connection($PDO);
$PDO = Record::getConnection();
$PDO->exec("set names 'utf8'");
$sql = "SELECT name,value FROM {$tablename} WHERE plugin_id='ckeditor'";
$settings = array();
$stmt = $PDO->prepare($sql);
$stmt->execute();
while ($obj = $stmt->fetchObject()) {
$settings[$obj->name] = $obj->value;
}
// language setting
/**/
AuthUser::load();
$settings['editorLanguage'] = AuthUser::getRecord()->language;
/**/
if ($settings) {
if ($key && in_array($key, $settings)) {
return $settings[$key];
} else {
// return all
return $settings;
}
}
return false;
}
public function __construct()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url("login"));
die;
}
// GET SETTINGS
$settings = array_merge(array("grid-size" => 3, "widget-position" => serialize(array("events" => array("part" => 1, "order" => 1), "rss_reader" => array("part" => 2, "order" => 1)))), Plugin::getAllSettings("dashboard"));
// UNSERIALIZE SETTINGS
foreach ($settings as $key => $value) {
if (is_string($value)) {
if (@unserialize($value) !== false) {
$settings[$key] = unserialize($value);
}
}
}
$this->settings = $settings;
// OBSERVER
DashboardWidgets::init($settings["widget-position"]);
Observer::observe("view_backend_layout_head", "DashboardController::loadFiles");
}
/**
* Execute this function on page_not_found.
* If the request is for an image file,
* resize the image.
*/
function image_resize_try_resizing()
{
// Require that visitor be logged in and has
// permission to create files
if (!AuthUser::isLoggedIn()) {
AuthUser::load();
}
if (!AuthUser::hasPermission('administrator,developer,editor')) {
return false;
}
// Check that gd library is available
if (!ImageResize::gd_available()) {
return false;
}
if (preg_match('#\\.(jpe?g|gif|png|wbmp)$#i', CURRENT_URI)) {
// If requested file appears to be an accepted format, create the new image
if (image_resize_scale(CURRENT_URI) && !DEBUG) {
// If Frog isn't debugging, it writes to a file; redirect to it
header('Location: ' . URL_PUBLIC . "/" . CURRENT_URI);
// Exit here to prevent a page not found message
exit;
}
}
}
public function settings_save()
{
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
redirect(get_url('login'));
} else {
if (!AuthUser::hasPermission('admin_edit')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}
}
if (!isset($_POST['settings'])) {
Flash::set('error', 'File Manager - ' . __('form was not posted.'));
redirect(get_url('plugin/file_manager/settings'));
} else {
$settings = $_POST['settings'];
if ($settings['umask'] == 0) {
$settings['umask'] = 0;
} elseif (!preg_match('/^0?[0-7]{3}$/', $settings['umask'])) {
$settings['umask'] = 0;
}
if (strlen($settings['umask']) === 3) {
$settings['umask'] = '0' . $settings['umask'];
} elseif (strlen($settings['umask']) !== 4 && $settings['umask'] != 0) {
$settings['umask'] = 0;
}
if (!preg_match('/^0?[0-7]{3}$/', $settings['dirmode'])) {
$settings['dirmode'] = '0755';
}
if (strlen($settings['dirmode']) === 3) {
$settings['dirmode'] = '0' . $settings['dirmode'];
}
if (!preg_match('/^0?[0-7]{3}$/', $settings['filemode'])) {
$settings['filemode'] = '0755';
}
if (strlen($settings['filemode']) === 3) {
$settings['filemode'] = '0' . $settings['filemode'];
}
}
if (Plugin::setAllSettings($settings, 'file_manager')) {
Flash::setNow('success', 'File Manager - ' . __('plugin settings saved.'));
} else {
Flash::setNow('error', 'File Manager - ' . __('plugin settings not saved!'));
}
$this->display('file_manager/views/settings', array('settings' => $settings));
}
// Adding date_format function to SQLite 3 'mysql date_format function'
if (!function_exists('mysql_date_format_function')) {
function mysql_function_date_format($date, $format)
{
return strftime($format, strtotime($date));
}
}
$__CMS_CONN__->sqliteCreateFunction('date_format', 'mysql_function_date_format', 2);
}
// DEFINED ONLY FOR BACKWARDS SUPPORT - to be taken out before 0.9.0
$__FROG_CONN__ = $__CMS_CONN__;
Record::connection($__CMS_CONN__);
Record::getConnection()->exec("set names 'utf8'");
Setting::init();
use_helper('I18n');
AuthUser::load();
if (AuthUser::isLoggedIn()) {
I18n::setLocale(AuthUser::getRecord()->language);
} else {
I18n::setLocale(Setting::get('language'));
}
// Only add the cron web bug when necessary
if (defined('USE_POORMANSCRON') && USE_POORMANSCRON && defined('POORMANSCRON_INTERVAL')) {
Observer::observe('page_before_execute_layout', 'run_cron');
function run_cron()
{
$cron = Cron::findByIdFrom('Cron', '1');
$now = time();
$last = $cron->getLastRunTime();
if ($now - $last > POORMANSCRON_INTERVAL) {
echo $cron->generateWebBug();
function registered_users_page_found($page)
{
// If login is required for the page
if ($page->getLoginNeeded() == Page::LOGIN_REQUIRED) {
AuthUser::load();
// Not Logged In
if (!AuthUser::isLoggedIn()) {
global $__FROG_CONN__;
// Get the current page id
$requested_page_id = $page->id();
// Let's get the page that is set as the login page to prevent any loopbacks
$getloginpage = 'SELECT * FROM ' . TABLE_PREFIX . "page WHERE behavior_id='login_page'";
$getloginpage = $__FROG_CONN__->prepare($getloginpage);
$getloginpage->execute();
while ($loginpage = $getloginpage->fetchObject()) {
$loginpage_id = $loginpage->id;
}
if ($requested_page_id != $loginpage_id) {
header('Location: ' . URL_PUBLIC . 'login');
}
} else {
// We need to check if the user has permission to access the page
global $__FROG_CONN__;
// Get requested page id
$requested_page_id = $page->id();
// Get permissions that are required for this page
$permissions_check = "SELECT * FROM " . TABLE_PREFIX . "permission_page WHERE page_id='{$requested_page_id}'";
$permissions_check = $__FROG_CONN__->prepare($permissions_check);
$permissions_check->execute();
$permission_array = array();
while ($permission = $permissions_check->fetchObject()) {
$page_permission = $permission->permission_id;
array_push($permission_array, $page_permission);
}
$permissions_count = count($permission_array);
AuthUser::load();
$userid = AuthUser::getRecord()->id;
// Get permissions that this user has
$user_permissions_check = "SELECT * FROM " . TABLE_PREFIX . "user_permission WHERE user_id='{$userid}'";
$user_permissions_check = $__FROG_CONN__->prepare($user_permissions_check);
$user_permissions_check->execute();
$user_permissions_array = array();
while ($user_permissions = $user_permissions_check->fetchObject()) {
$user_permission = $user_permissions->permission_id;
array_push($user_permissions_array, $user_permission);
}
$permission_result = array_intersect($permission_array, $user_permissions_array);
$permission_result_count = count($permission_result);
if ($permission_result_count >= 1) {
// display page as normal
} else {
// Let's get the authorisation required page
global $__FROG_CONN__;
$registration_settings = "SELECT * FROM " . TABLE_PREFIX . "registered_users_settings WHERE id='1'";
foreach ($__FROG_CONN__->query($registration_settings) as $row) {
$auth_required_page = $row['auth_required_page'];
}
header('Location: ' . URL_PUBLIC . '' . $auth_required_page . '');
}
}
}
}
function __construct()
{
AuthUser::load();
}
/**
* Validates whether a given secure token is still valid.
*
* The validateToken() method validates the token is valid by checking:
* - that the token is not expired (through the time),
* - the token is valid for this user,
* - the token is valid for this url
*
* It does so by reconstructing the token. If at any time during the valid
* period of the token, the username, user password or the url changed, the
* token is considered invalid.
*
* The token is also considered invalid if more than SecureToken::EXPIRES seconds
* have passed.
*
* @param string $token The token.
* @param string $url The url for which the token was generated.
* @return boolean True if the token is valid, otherwise false.
*/
public static final function validateToken($token, $url)
{
use_helper('Hash');
$hash = new Crypt_Hash('sha256');
AuthUser::load();
if (AuthUser::isLoggedIn()) {
$user = AuthUser::getRecord();
$target_url = str_replace('&', '&', $url);
$pwd = substr(bin2hex($hash->hash($user->password)), 5, 20);
$time = SecureToken::getTokenTime($user->username, $target_url);
if (microtime(true) - $time > self::EXPIRES) {
return false;
}
return bin2hex($hash->hash($user->username . $time . $target_url . $pwd . $user->salt)) === $token;
}
return false;
}
function main()
{
// get the uri string from the query
$path = $_SERVER['QUERY_STRING'];
// Make sure special characters are decoded (support non-western glyphs like japanese)
$path = urldecode($path);
// START processing $_GET variables
// If we're NOT using mod_rewrite, we check for GET variables we need to integrate
if (!USE_MOD_REWRITE && strpos($path, '?') !== false) {
$_GET = array();
// empty $_GET array since we're going to rebuild it
list($path, $get_var) = explode('?', $path);
$exploded_get = explode('&', $get_var);
if (count($exploded_get)) {
foreach ($exploded_get as $get) {
list($key, $value) = explode('=', $get);
$_GET[$key] = $value;
}
}
} else {
if (!USE_MOD_REWRITE && (strpos($path, '&') !== false || strpos($path, '=') !== false)) {
$path = '/';
}
}
// If we're using mod_rewrite, we should have a WOLFPAGE entry.
if (USE_MOD_REWRITE && array_key_exists('WOLFPAGE', $_GET)) {
$path = $_GET['WOLFPAGE'];
unset($_GET['WOLFPAGE']);
} else {
if (USE_MOD_REWRITE) {
// We're using mod_rewrite but don't have a WOLFPAGE entry, assume site root.
$path = '/';
}
}
// Needed to allow for ajax calls to backend
if (array_key_exists('WOLFAJAX', $_GET)) {
$path = '/' . ADMIN_DIR . $_GET['WOLFAJAX'];
unset($_GET['WOLFAJAX']);
}
// END processing $_GET variables
// remove suffix page if founded
if (URL_SUFFIX !== '' and URL_SUFFIX !== '/') {
$path = preg_replace('#^(.*)(' . URL_SUFFIX . ')$#i', "\$1", $path);
}
define('CURRENT_PATH', trim($path, '/'));
// Alias for backward compatibility, this constant should no longer be used.
define('CURRENT_URI', CURRENT_PATH);
if ($path != null && $path[0] != '/') {
$path = '/' . $path;
}
// Check if there's a custom route defined for this URI,
// otherwise continue and assume page was requested.
if (Dispatcher::hasRoute($path)) {
Observer::notify('dispatch_route_found', $path);
Dispatcher::dispatch($path);
exit;
}
foreach (Observer::getObserverList('page_requested') as $callback) {
$path = call_user_func_array($callback, array(&$path));
}
// this is where 80% of the things is done
$page = Page::findByPath($path, true);
// if we found it, display it!
if (is_object($page)) {
// If a page is in preview status, only display to logged in users
if (Page::STATUS_PREVIEW == $page->status_id) {
AuthUser::load();
if (!AuthUser::isLoggedIn() || !AuthUser::hasPermission('page_view')) {
pageNotFound($path);
}
}
// If page needs login, redirect to login
if ($page->getLoginNeeded() == Page::LOGIN_REQUIRED) {
AuthUser::load();
if (!AuthUser::isLoggedIn()) {
Flash::set('redirect', $page->url());
redirect(URL_PUBLIC . (USE_MOD_REWRITE ? '' : '?/') . ADMIN_DIR . '/login');
}
}
Observer::notify('page_found', $page);
$page->_executeLayout();
} else {
pageNotFound($path);
}
}
private static function __checkPermission($permission='facts_view') {
AuthUser::load();
if ( ! AuthUser::isLoggedIn()) {
redirect(get_url('login'));
}
if ( ! AuthUser::hasPermission($permission) ) {
Flash::set('error', __('You do not have permission to access the requested page!'));
if (! AuthUser::hasPermission('facts_view') ) redirect(get_url());
else redirect(get_url('plugin/facts'));
}
}//*/
