示例#1
0
文件: track.php 项目: Val-Git/icms2
 public function run()
 {
     if (!$this->request->isAjax()) {
         cmsCore::error404();
     }
     if (!$this->cms_user->is_logged) {
         return $this->cms_template->renderJSON(array('error' => true));
     }
     if (cmsUser::isPermittedLimitHigher('comments', 'karma', $this->cms_user->karma)) {
         return $this->cms_template->renderJSON(array('error' => true));
     }
     $target_controller = $this->request->get('tc', '');
     $target_subject = $this->request->get('ts', '');
     $target_id = $this->request->get('ti', 0);
     $is_track = $this->request->get('is_track', 0);
     if (!$target_controller || !$target_subject || !$target_id) {
         return $this->cms_template->renderJSON(array('error' => true));
     }
     $is_valid = $this->validate_sysname($target_controller) === true && $this->validate_sysname($target_subject) === true && is_numeric($target_id) && is_numeric($is_track);
     if (!$is_valid) {
         return $this->cms_template->renderJSON(array('error' => true));
     }
     $success = $this->model->filterEqual('target_controller', $target_controller)->filterEqual('target_subject', $target_subject)->filterEqual('target_id', $target_id)->toggleTracking($is_track, $this->cms_user->id, $target_controller, $target_subject, $target_id);
     return $this->cms_template->renderJSON(array('error' => !$success));
 }
示例#2
0
文件: submit.php 项目: asphix/icms2
 public function run()
 {
     if (!$this->request->isAjax()) {
         cmsCore::error404();
     }
     $action = $this->request->get('action');
     $user = cmsUser::getInstance();
     $is_guests_allowed = !empty($this->options['is_guests']);
     $is_guest = $is_guests_allowed && !$user->is_logged;
     $is_user_allowed = $user->is_logged && cmsUser::isAllowed('comments', 'add') || $is_guests_allowed;
     $is_karma_allowed = $user->is_logged && !cmsUser::isPermittedLimitHigher('comments', 'karma', $user->karma) || $is_guests_allowed;
     $is_add_allowed = $is_user_allowed && $is_karma_allowed;
     if ($action == 'add' && !$is_add_allowed) {
         cmsCore::error404();
     }
     if ($action == 'update' && !cmsUser::isAllowed('comments', 'edit')) {
         cmsCore::error404();
     }
     $template = cmsTemplate::getInstance();
     $csrf_token = $this->request->get('csrf_token');
     $target_controller = $this->request->get('tc');
     $target_subject = $this->request->get('ts');
     $target_id = $this->request->get('ti');
     $target_user_id = $this->request->get('tud');
     $parent_id = $this->request->get('parent_id');
     $comment_id = $this->request->get('id');
     $content = $this->request->get('content');
     if ($is_guest) {
         $author_name = $this->request->get('author_name');
         $author_email = $this->request->get('author_email');
         if (!$author_name) {
             $template->renderJSON(array('error' => true, 'message' => LANG_COMMENT_ERROR_NAME, 'html' => false));
         }
         if ($author_email && !preg_match("/^([a-zA-Z0-9\\._-]+)@([a-zA-Z0-9\\._-]+)\\.([a-zA-Z]{2,4})\$/i", $author_email)) {
             $template->renderJSON(array('error' => true, 'message' => LANG_COMMENT_ERROR_EMAIL, 'html' => false));
         }
         if (!empty($this->options['restricted_ips'])) {
             if (string_in_mask_list($user->ip, $this->options['restricted_ips'])) {
                 $template->renderJSON(array('error' => true, 'message' => LANG_COMMENT_ERROR_IP, 'html' => false));
             }
         }
         if (!empty($this->options['guest_ip_delay'])) {
             $last_comment_time = $this->model->getGuestLastCommentTime($user->ip);
             $now_time = time();
             $minutes_passed = ($now_time - $last_comment_time) / 60;
             if ($minutes_passed < $this->options['guest_ip_delay']) {
                 $spellcount = html_spellcount($this->options['guest_ip_delay'], LANG_MINUTE1, LANG_MINUTE2, LANG_MINUTE10);
                 $template->renderJSON(array('error' => true, 'message' => sprintf(LANG_COMMENT_ERROR_TIME, $spellcount), 'html' => false));
             }
         }
     }
     // Проверяем валидность
     $is_valid = $this->validate_sysname($target_controller) === true && $this->validate_sysname($target_subject) === true && is_numeric($target_id) && is_numeric($parent_id) && (!$comment_id || is_numeric($comment_id)) && cmsForm::validateCSRFToken($csrf_token, false) && in_array($action, array('add', 'preview', 'update'));
     if (!$is_valid) {
         $result = array('error' => true, 'message' => LANG_COMMENT_ERROR);
         $template->renderJSON($result);
     }
     // Типографируем текст
     $content_html = cmsEventsManager::hook('html_filter', $content);
     if (!$content_html) {
         $result = array('error' => false, 'message' => false, 'html' => false);
         $template->renderJSON($result);
     }
     //
     // Превью комментария
     //
     if ($action == 'preview') {
         $result = array('error' => false, 'html' => $content_html);
         $template->renderJSON($result);
     }
     //
     // Редактирование комментария
     //
     if ($action == 'update') {
         $comment = $this->model->getComment($comment_id);
         if (!cmsUser::isAllowed('comments', 'edit', 'all')) {
             if (cmsUser::isAllowed('comments', 'edit', 'own') && $comment['user']['id'] != $user->id) {
                 $result = array('error' => true, 'message' => LANG_COMMENT_ERROR);
                 $template->renderJSON($result);
             }
         }
         $this->model->updateCommentContent($comment_id, $content, $content_html);
         $comment_html = $content_html;
     }
     //
     // Добавление комментария
     //
     if ($action == 'add') {
         // Собираем данные комментария
         $comment = array('user_id' => $user->id, 'parent_id' => $parent_id, 'target_controller' => $target_controller, 'target_subject' => $target_subject, 'target_id' => $target_id, 'content' => $content, 'content_html' => $content_html, 'author_url' => $user->ip);
         if ($is_guest) {
             $comment['author_name'] = $author_name;
             $comment['author_email'] = $author_email;
         }
         // Получаем модель целевого контроллера
         $target_model = cmsCore::getModel($target_controller);
         // Получаем URL и заголовок комментируемой страницы
         $target_info = $target_model->getTargetItemInfo($target_subject, $target_id);
         if ($target_info) {
             $comment['target_url'] = $target_info['url'];
             $comment['target_title'] = $target_info['title'];
             $comment['is_private'] = empty($target_info['is_private']) ? false : $target_info['is_private'];
             // Сохраняем комментарий
             $comment_id = $this->model->addComment($comment);
         }
         if ($comment_id) {
             // Получаем и рендерим добавленный комментарий
             $comment = $this->model->getComment($comment_id);
             $comment_html = $template->render('comment', array('comments' => array($comment), 'target_user_id' => $target_user_id, 'user' => $user), new cmsRequest(array(), cmsRequest::CTX_INTERNAL));
             // Уведомляем модель целевого контента об изменении количества комментариев
             $comments_count = $this->model->filterEqual('target_controller', $target_controller)->filterEqual('target_subject', $target_subject)->filterEqual('target_id', $target_id)->getCommentsCount();
             $target_model->updateCommentsCount($target_subject, $target_id, $comments_count);
             $parent_comment = $parent_id ? $this->model->getComment($parent_id) : false;
             // Уведомляем подписчиков
             $this->notifySubscribers($comment, $parent_comment);
             // Уведомляем об ответе на комментарий
             if ($parent_comment) {
                 $this->notifyParent($comment, $parent_comment);
             }
         }
     }
     // Формируем и возвращаем результат
     $result = array('error' => $comment_id ? false : true, 'message' => $comment_id ? LANG_COMMENT_SUCCESS : LANG_COMMENT_ERROR, 'id' => $comment_id, 'parent_id' => isset($comment['parent_id']) ? $comment['parent_id'] : 0, 'level' => isset($comment['level']) ? $comment['level'] : 0, 'html' => isset($comment_html) ? $comment_html : false);
     $template->renderJSON($result);
 }
示例#3
0
"
    ></div>

    <?php 
if ($user->is_logged && cmsUser::isAllowed('comments', 'add') || !$user->is_logged && $is_guests_allowed) {
    ?>
        <div id="comments_add_link">
            <a href="#reply" class="ajaxlink" onclick="return icms.comments.add()"><?php 
    echo LANG_COMMENT_ADD;
    ?>
</a>
        </div>

        <div id="comments_add_form">
			<?php 
    $is_karma_allowed = $user->is_logged && !cmsUser::isPermittedLimitHigher('comments', 'karma', $user->karma);
    ?>
            <?php 
    if ($is_karma_allowed || $is_guests_allowed) {
        ?>
                <div class="preview_box"></div>
                <form action="<?php 
        echo $this->href_to('submit');
        ?>
" method="post">
                    <?php 
        echo html_csrf_token($csrf_token_seed);
        ?>
                    <?php 
        echo html_input('hidden', 'action', 'add');
        ?>
示例#4
0
 public function run()
 {
     $user = cmsUser::getInstance();
     // Получаем название типа контента
     $ctype_name = $this->request->get('ctype_name');
     // проверяем наличие доступа
     if (!cmsUser::isAllowed($ctype_name, 'add')) {
         cmsCore::error404();
     }
     // Получаем тип контента
     $ctype = $this->model->getContentTypeByName($ctype_name);
     if (!$ctype) {
         cmsCore::error404();
     }
     // проверяем что не превышен лимит на число записей
     $user_items_count = $this->model->getUserContentItemsCount($ctype_name, $user->id, false);
     if (cmsUser::isPermittedLimitReached($ctype_name, 'limit', $user_items_count)) {
         cmsUser::addSessionMessage(sprintf(LANG_CONTENT_COUNT_LIMIT, $ctype['labels']['many']), 'error');
         $this->redirectBack();
     }
     // Проверяем ограничение по карме
     if (cmsUser::isPermittedLimitHigher($ctype_name, 'karma', $user->karma)) {
         cmsUser::addSessionMessage(sprintf(LANG_CONTENT_KARMA_LIMIT, cmsUser::getPermissionValue($ctype_name, 'karma')), 'error');
         $this->redirectBack();
     }
     $item = array();
     if ($ctype['is_cats']) {
         $category_id = $this->request->get('to_id');
     }
     // Определяем наличие полей-свойств
     $props = $this->model->getContentProps($ctype['name']);
     $ctype['props'] = $props;
     // Если этот контент можно создавать в группах (сообществах) то получаем список групп
     $groups_list = array();
     if ($ctype['is_in_groups'] || $ctype['is_in_groups_only']) {
         $groups_model = cmsCore::getModel('groups');
         $groups = $groups_model->getUserGroups($user->id);
         if (!$groups && $ctype['is_in_groups_only']) {
             cmsUser::addSessionMessage(sprintf(LANG_CONTENT_IS_IN_GROUPS_ONLY, $ctype['labels']['many']), 'error');
             $this->redirectBack();
         }
         $groups_list = $ctype['is_in_groups_only'] ? array() : array('0' => '');
         $groups_list = $groups_list + array_collection_to_list($groups, 'id', 'title');
     }
     // Если включены личные папки - получаем их список
     $folders_list = array();
     if ($ctype['is_folders']) {
         $folders_list = $this->model->getContentFolders($ctype['id'], $user->id);
         $folders_list = array_collection_to_list($folders_list, 'id', 'title');
     }
     // Получаем поля для данного типа контента
     $this->model->orderBy('ordering');
     $fields = $this->model->getContentFields($ctype['name']);
     $form = $this->getItemForm($ctype, $fields, 'add', array('groups_list' => $groups_list, 'folders_list' => $folders_list));
     // Заполняем поля значениями по-умолчанию, взятыми из профиля пользователя
     // (для тех полей, в которых это включено)
     foreach ($fields as $field) {
         if (!empty($field['options']['profile_value'])) {
             $item[$field['name']] = $user->{$field['options']['profile_value']};
         }
     }
     $is_moderator = $user->is_admin || $this->model->userIsContentTypeModerator($ctype_name, $user->id);
     $is_premoderation = $ctype['is_premod_add'];
     cmsEventsManager::hook("content_add", $ctype);
     list($form, $item) = cmsEventsManager::hook("content_{$ctype['name']}_form", array($form, $item));
     // Форма отправлена?
     $is_submitted = $this->request->has('submit');
     if (!$is_submitted && !empty($category_id)) {
         $item['category_id'] = $category_id;
     }
     if ($this->request->has('group_id') && $groups_list && !$is_submitted) {
         $item['parent_id'] = $this->request->get('group_id');
     }
     $item['ctype_name'] = $ctype['name'];
     $item['ctype_id'] = $ctype['id'];
     if ($is_submitted) {
         if ($ctype['props']) {
             $props_cat_id = $this->request->get('category_id');
             if ($props_cat_id) {
                 $item_props = $this->model->getContentProps($ctype['name'], $props_cat_id);
                 $item_props_fields = $this->getPropsFields($item_props);
                 foreach ($item_props_fields as $field) {
                     $form->addField('props', $field);
                 }
             }
         }
         // Парсим форму и получаем поля записи
         $item = array_merge($item, $form->parse($this->request, $is_submitted));
         // Проверям правильность заполнения
         $errors = $form->validate($this, $item);
         if (!$errors) {
             list($item, $errors) = cmsEventsManager::hook('content_validate', array($item, $errors));
         }
         if (!$errors) {
             unset($item['ctype_name']);
             unset($item['ctype_id']);
             $item['is_approved'] = !$ctype['is_premod_add'] || $is_moderator;
             $item['parent_type'] = null;
             $item['parent_title'] = null;
             $item['parent_url'] = null;
             $item['is_parent_hidden'] = null;
             if (isset($item['parent_id'])) {
                 if (array_key_exists($item['parent_id'], $groups_list) && $item['parent_id'] > 0) {
                     $group = $groups_model->getGroup($item['parent_id']);
                     $item['parent_type'] = 'group';
                     $item['parent_title'] = $groups_list[$item['parent_id']];
                     $item['parent_url'] = href_to_rel('groups', $item['parent_id'], array('content', $ctype_name));
                     $item['is_parent_hidden'] = $group['is_closed'] ? true : null;
                 } else {
                     $item['parent_id'] = null;
                 }
             }
             if ($ctype['is_auto_keys']) {
                 $item['seo_keys'] = string_get_meta_keywords($item['content']);
             }
             if ($ctype['is_auto_desc']) {
                 $item['seo_desc'] = string_get_meta_description($item['content']);
             }
             $is_pub_control = cmsUser::isAllowed($ctype['name'], 'pub_on');
             $is_date_pub_allowed = $ctype['is_date_range'] && cmsUser::isAllowed($ctype['name'], 'pub_late');
             $is_date_pub_end_allowed = $ctype['is_date_range'] && cmsUser::isAllowed($ctype['name'], 'pub_long', 'any');
             $is_date_pub_days_allowed = $ctype['is_date_range'] && cmsUser::isAllowed($ctype['name'], 'pub_long', 'days');
             $pub_max_days = intval(cmsUser::getPermissionValue($ctype['name'], 'pub_max_days'));
             $date_pub_time = isset($item['date_pub']) ? strtotime($item['date_pub']) : time();
             $now_time = strtotime(date('Y-m-d', time()));
             $is_pub = true;
             if ($is_date_pub_allowed) {
                 $days_to_pub = ceil(($date_pub_time - $now_time) / 60 / 60 / 24);
                 $is_pub = $is_pub && $days_to_pub < 1;
             }
             if ($is_date_pub_end_allowed && !empty($item['date_pub_end'])) {
                 $date_pub_end_time = strtotime($item['date_pub_end']);
                 $days_from_pub = floor(($now_time - $date_pub_end_time) / 60 / 60 / 24);
                 $is_pub = $is_pub && $days_from_pub < 1;
             } else {
                 if ($is_date_pub_days_allowed && !$user->is_admin) {
                     $days = $item['pub_days'];
                     $date_pub_end_time = $date_pub_time + 60 * 60 * 24 * $days;
                     $days_from_pub = floor(($now_time - $date_pub_end_time) / 60 / 60 / 24);
                     $is_pub = $is_pub && $days_from_pub < 1;
                     $item['date_pub_end'] = date('Y-m-d', $date_pub_end_time);
                 } else {
                     $item['date_pub_end'] = false;
                 }
             }
             unset($item['pub_days']);
             if (!$is_pub_control) {
                 unset($item['is_pub']);
             }
             if (!isset($item['is_pub'])) {
                 $item['is_pub'] = $is_pub;
             }
             if (!empty($item['is_pub'])) {
                 $item['is_pub'] = $is_pub;
             }
             if (!empty($ctype['options']['is_cats_multi'])) {
                 $add_cats = $this->request->get('add_cats');
                 if (is_array($add_cats)) {
                     foreach ($add_cats as $index => $cat_id) {
                         if (!is_numeric($cat_id) || !$cat_id) {
                             unset($add_cats[$index]);
                         }
                     }
                     if ($add_cats) {
                         $item['add_cats'] = $add_cats;
                     }
                 }
             }
             $item = cmsEventsManager::hook("content_before_add", $item);
             $item = cmsEventsManager::hook("content_{$ctype['name']}_before_add", $item);
             $item = $this->model->addContentItem($ctype, $item, $fields);
             if ($ctype['is_tags']) {
                 $tags_model = cmsCore::getModel('tags');
                 $tags_model->addTags($item['tags'], $this->name, $ctype['name'], $item['id']);
                 $item['tags'] = $tags_model->getTagsStringForTarget($this->name, $ctype['name'], $item['id']);
                 $this->model->updateContentItemTags($ctype['name'], $item['id'], $item['tags']);
             }
             cmsEventsManager::hook("content_after_add", $item);
             cmsEventsManager::hook("content_{$ctype['name']}_after_add", $item);
             if ($item['is_approved']) {
                 cmsEventsManager::hook("content_after_add_approve", array('ctype_name' => $ctype_name, 'item' => $item));
                 cmsEventsManager::hook("content_{$ctype['name']}_after_add_approve", $item);
             } else {
                 $this->requestModeration($ctype_name, $item);
             }
             $back_url = $this->request->get('back');
             if ($back_url) {
                 $this->redirect($back_url);
             } else {
                 if ($ctype['options']['item_on']) {
                     $this->redirectTo($ctype_name, $item['slug'] . '.html');
                 } else {
                     $this->redirectTo($ctype_name);
                 }
             }
         }
         if ($errors) {
             cmsUser::addSessionMessage(LANG_FORM_ERRORS, 'error');
         }
     }
     return cmsTemplate::getInstance()->render('item_form', array('do' => 'add', 'parent' => isset($parent) ? $parent : false, 'ctype' => $ctype, 'item' => $item, 'form' => $form, 'props' => $props, 'is_moderator' => $is_moderator, 'is_premoderation' => $is_premoderation, 'is_load_props' => !isset($errors), 'errors' => isset($errors) ? $errors : false));
 }