public function actionTest() { echo 'Login controller<br /><br />'; if (isset($_GET['lgt'])) { e107::getUser()->logout(); } echo 'Logged in: ' . (e107::getUser()->isUser() ? 'true' : 'false'); $provider = e107::getUser()->getProvider(); if ($provider) { print_a($provider->getUserProfile()); } echo '<br /><br /><a href="' . e107::getUrl()->create('system/xup/test?lgt') . '">Test logout</a>'; echo '<br /><a href="' . e107::getUrl()->create('system/xup/login?provider=Facebook') . '">Test login with Facebook</a>'; echo '<br /><a href="' . e107::getUrl()->create('system/xup/signup?provider=Facebook') . '">Test signup with Facebook</a>'; }
public function actionTest() { echo '<h3>Social Login Tester</h3>'; if (getperms('0')) { echo e107::getMessage()->addError("Please logout of e107 before testing the new-user login/signup procedure.")->render(); return; } if (isset($_GET['lgt'])) { e107::getUser()->logout(); } $profileData = null; $provider = e107::getUser()->getProvider(); if ($provider) { $profileData = $provider->getUserProfile(); if (!empty($profileData)) { print_a($profileData); } } echo 'Logged in: ' . (e107::getUser()->isUser() && !empty($profileData) ? '<span class="label label-success">true</span>' : '<span class="label label-danger">false</span>'); $testUrl = SITEURL . "?route=system/xup/test"; $providers = e107::getPref('social_login', array()); foreach ($providers as $key => $var) { if ($var['enabled'] == 1) { echo '<h3>' . $key . '</h3><ul>'; echo '<li><a class="btn btn-default" href="' . e107::getUrl()->create('system/xup/login?provider=' . $key . '&back=' . base64_encode($testUrl)) . '">Test login only with ' . $key . '</a></li>'; echo '<li><a class="btn btn-default" href="' . e107::getUrl()->create('system/xup/signup?provider=' . $key . '&back=' . base64_encode($testUrl)) . '">Test signup/login with ' . $key . '</a></li>'; echo "</ul>"; } // print_a($var); } echo '<br /><br /><a class="btn btn-default" href="' . e107::getUrl()->create('system/xup/test?lgt') . '">Test logout</a>'; /* echo '<h3>Facebook</h3>'; echo '<br /><a href="'.e107::getUrl()->create('system/xup/login?provider=Facebook').'">Test login with Facebook</a>'; echo '<br /><a href="'.e107::getUrl()->create('system/xup/signup?provider=Facebook').'">Test signup with Facebook</a>'; echo '<h3>Twitter</h3>'; echo '<br /><a href="'.e107::getUrl()->create('system/xup/login?provider=Twitter').'">Test login with Twitter</a>'; echo '<br /><a href="'.e107::getUrl()->create('system/xup/signup?provider=Twitter').'">Test signup with Twitter</a>'; */ }
function processUpload() { $ns = e107::getRender(); $sql = e107::getDb(); $mes = e107::getMessage(); $tp = e107::getParser(); $error = false; $postemail = ''; if (($_POST['file_email'] || USER == TRUE) && $_POST['file_name'] && $_POST['file_description'] && $_POST['download_category']) { // $uploaded = file_upload(e_FILE."public/", "unique"); $fl = e107::getFile(); $uploaded = $fl->getUploaded(e_UPLOAD, "unique", array('max_file_count' => 2, 'extra_file_types' => TRUE)); // $uploaded = process_uploaded_files(e_UPLOAD, "unique", array('max_file_count' => 2, 'extra_file_types' => TRUE)); // First, see what errors the upload handler picked up if ($uploaded === FALSE) { $error = true; $mes->addError(LAN_UL_021); } // Now see if we have a code file if (count($uploaded) > 0) { if ($uploaded[0]['error'] == 0) { $file = $uploaded[0]['name']; $filesize = $uploaded[0]['size']; } else { $error = true; $mes->addError($uploaded[0]['message']); } } // Now see if we have an image file if (count($uploaded) > 1) { if ($uploaded[1]['error'] == 0) { $image = $uploaded[1]['name']; } else { $error = true; $mes->addError($uploaded[1]['message']); } } // The upload handler checks max file size $downloadCategory = intval($_POST['download_category']); if (!$downloadCategory) { $error = true; $mes->addError(LAN_UL_037); } // an error - delete the files to keep things tidy if ($error) { @unlink($file); @unlink($image); } else { if (USER) { $poster = USERID; $row = e107::getUser()->toArray(); if ($row['user_hideemail']) { $postemail = '-witheld-'; } else { $postemail = USEREMAIL; } } else { $poster = "0"; //.$tp -> toDB($_POST['file_poster']); $postemail = $tp->toDB($_POST['file_email']); } if ($postemail != '-witheld-' && !check_email($postemail)) { $error = true; $mes->addError(LAN_UL_001); } else { if ($postemail == '-witheld-') { $postemail = ''; } $_POST['file_description'] = $tp->toDB($_POST['file_description']); $file_time = time(); $sql->insert("upload", "0, '" . $poster . "', '" . $postemail . "', '" . $tp->toDB($_POST['file_website']) . "', '" . $file_time . "', '" . $tp->toDB($_POST['file_name']) . "', '" . $tp->toDB($_POST['file_version']) . "', '" . $file . "', '" . $image . "', '" . $tp->toDB($_POST['file_description']) . "', '" . $tp->toDB($_POST['file_demo']) . "', '" . $filesize . "', 0, '" . $downloadCategory . "'"); $edata_fu = array("upload_user" => $poster, "upload_email" => $postemail, "upload_name" => $tp->toDB($_POST['file_name']), "upload_file" => $file, "upload_version" => $_POST['file_version'], "upload_description" => $tp->toDB($_POST['file_description']), "upload_size" => $filesize, "upload_category" => $downloadCategory, "upload_website" => $tp->toDB($_POST['file_website']), "upload_image" => $image, "upload_demo" => $tp->toDB($_POST['file_demo']), "upload_time" => $file_time); e107::getEvent()->trigger("fileupload", $edata_fu); // BC e107::getEvent()->trigger("user_file_upload", $edata_fu); $mes->addSuccess(LAN_404); } } } else { // Error - missing data $mes->addError(LAN_ERROR_29); } echo e107::getMessage()->render(); }
if (!defined('e107_INIT')) { exit; } /* done in class2 @include_once(e_LANGUAGEDIR.e_LANGUAGE."/admin/lan_admin.php"); @include_once(e_LANGUAGEDIR."English/admin/lan_admin.php"); */ if (ADMIN) { define('ADMIN_PAGE', true); //don't include it if it'a an AJAX call or not wanted if (!e_AJAX_REQUEST && !defset('e_NOHEADER')) { // XXX LOGIN AS Temporary solution, we need something smarter, e.g. reserved message stack 'admin' which will be always printed // inside admin area if (e107::getUser()->getSessionDataAs()) { // TODO - lan $asuser = e107::getSystemUser(e107::getUser()->getSessionDataAs(), false); e107::getMessage()->addInfo('Successfully logged in as ' . ($asuser && $asuser->getValue('name') ? $asuser->getValue('name') : 'unknown') . ' <a href="' . e_ADMIN_ABS . 'users.php?logoutas">[logout]</a>'); } // NEW, legacy 3rd party code fix, header called inside the footer o.O if (deftrue('e_ADMIN_UI')) { // boot.php already loaded require_once e_ADMIN . "header.php"; } else { // boot.php is included in admin dispatcher constructor, so do it only for legacy code require_once e_ADMIN . 'boot.php'; } } /* * FIXME - missing $style for tablerender * The Solution: parse_admin() without sending it to the browser if it's an ajax call * The Problem: doubled render time for the ajax called page!!!
/** * Constructor * * @param array $user_data trusted data, loaded from DB * @return void */ public function __construct($user_data = array()) { parent::__construct($user_data); $this->setEditor(e107::getUser()); }
function sc_comment_share($parm = '') { if (!($xup = e107::getUser()->getProviderName())) { return; } list($prov, $id) = explode("_", $xup); $prov = strtolower($prov); if ($prov == 'facebook' || $prov == 'twitter') { //TODO Move styling to e107.css $text = "<img src='" . e_IMAGE . "xup/" . $prov . ".png' style='display:inline-block;width:26px;height:26px;vertical-align:middle' alt='Share' />"; $text .= e107::getForm()->checkbox('comment_share', $prov, true); $text .= "Share"; return $text; } }
/** * Check persmission for current action * @return boolean */ protected function checkActionPermissions() { // per action restrictions $action = $this->getRequest()->getAction(); if (isset($this->access[$action]) && !e107::getUser()->checkClass($this->access[$action], false)) { $this->forward403(); return false; } return true; }
/* update time delay every couple of minutes. * Benefit: account for user time corrections and changes in internet delays * Drawback: each update may cause all server times to display a bit different */ echo "<script type='text/javascript'>\n"; echo "\tSyncWithServerTime('', '{$_serverPath}', '{$_serverDomain}');\n"; //tdOffset disabled as it can't live together with HTTP_IF_NONE_MATCH (page load speed) //echo " SyncWithServerTime('{$_serverTime}', '{$_serverPath}', '{$_serverDomain}');\n"; echo "</script>\n"; } // // H Final HTML // // browser cache control - FIXME - use this value as AJAX requests cache control! // TODO - create the $bcache string via e107 class method, use it in the canCache() method $uclist = e107::getUser()->getClassList(); sort($uclist, SORT_NUMERIC); $bcache = (deftrue('e_NOCACHE') ? time() : e107::getPref('e_jslib_browser_cache')) . '.' . implode(',', $uclist); echo "\n<!-- " . md5($bcache) . " -->\n"; unset($uclist, $bcache); $show = deftrue('e_POWEREDBY_DISABLE') ? "none" : "block"; // Let search engines find us to increase e107.org ranking - even if hidden. //XXX Must not contain IDs or Classes // echo "<div style='text-align:center; display:".$show."; position: absolute; width:99%; height:20px; margin-top:-30px; z-index:30000; opacity:1.0; color: silver'>Proudly powered by <a style='color:silver' href='http://e107.org/' title='e107 Content Management System'>e107</a></div>"; unset($show); echo "\n</body>\n</html>"; // Shutdown $e107->destruct(); // // I Send the buffered page data, along with appropriate headers //
function options($val, $mode) { $controller = $this->getController(); if ($controller->getMode() != 'main' || $controller->getAction() != 'list') { return; } $row = $controller->getListModel()->getData(); if (!getperms('4')) { // return; } extract($row); $text = ""; $head = "<div>\r\n\r\n\t\t\t\t<input type='hidden' name='userid[{$user_id}]' value='{$user_id}' />\r\n\t\t\t\t<input type='hidden' name='userip[{$user_id}]' value='{$user_ip}' />\r\n\t\t\t\t<select name='useraction[{$user_id}]' onchange='this.form.submit()' class='e-select tbox' data-placement='left' title='Modify' style='text-align:left;width:75%'>\r\n\t\t\t\t<option selected='selected' value=''> </option>"; if ($user_perms != "0") { // disabled user info <option value='userinfo'>".USRLAN_80."</option> $text .= "\r\n\t\t\t\t\t<option value='usersettings'>" . LAN_EDIT . "</option>\r\n\t\t\t\t\t"; // login/logout As if (getperms('0') && !($row['user_admin'] && getperms('0', $row['user_perms']))) { if (e107::getUser()->getSessionDataAs() == $row['user_id']) { $text .= "<option value='logoutas'>" . sprintf(USRLAN_AS_2, $row['user_name']) . "</option>"; } else { $text .= "<option value='loginas'>" . sprintf(USRLAN_AS_1, $row['user_name']) . "</option>"; } } switch ($user_ban) { case 0: $text .= "<option value='ban'>" . USRLAN_30 . "</option>\n"; break; case 1: // Banned user $text .= "<option value='unban'>" . USRLAN_33 . "</option>\n"; break; case 2: // Unverified $text .= "<option value='ban'>" . USRLAN_30 . "</option>\r\n\t\t\t\t\t\t<option value='verify'>" . USRLAN_32 . "</option>\r\n\t\t\t\t\t\t<option value='resend'>" . USRLAN_112 . "</option>\r\n\t\t\t\t\t\t<option value='test'>" . USRLAN_118 . "</option>"; break; case 3: // Bounced // FIXME wrong lan for 'reqverify' - USRLAN_181, wrong lan for 'verify' (USRLAN_182), changed to USRLAN_32 $text .= "<option value='ban'>" . USRLAN_30 . "</option>\r\n\t\t\t\t\t\t<option value='reqverify'>Make not verified</option>\r\n\t\t\t\t\t\t<option value='verify'>" . USRLAN_32 . "</option>\r\n\t\t\t\t\t\t<option value='test'>" . USRLAN_118 . "</option>"; break; default: } if (!$user_admin && !$user_ban && $user_ban != 2 && getperms('3')) { $text .= "<option value='admin'>" . USRLAN_35 . "</option>\n"; } else { if ($user_admin && $user_perms != "0" && getperms('3')) { $text .= "<option value='adminperms'>" . USRLAN_221 . "</option>\n"; $text .= "<option value='unadmin'>" . USRLAN_34 . "</option>\n"; } } } if ($user_perms == "0" && !getperms("0")) { $text .= ""; } elseif ($user_id != USERID || getperms("0")) { // $text .= "<option value='userclass'>".USRLAN_36."</option>\n"; // DEPRECATED. inline & batch should be enough. } if ($user_perms != "0") { $text .= "<option value='deluser'>" . LAN_DELETE . "</option>\n"; } $foot = "</select></div>"; return $text ? $head . $text . $foot : ""; }
/** * Set column preference array * @return boolean success */ public function setUserPref($new) { //global $user_pref; //e107::getUser()->getConfig()->setData($new); //$user_pref['admin_cols_'.$this->getTableName()] = $new; //$this->fieldpref = $new; //return save_prefs('user'); $this->fieldpref = $new; return e107::getUser()->getConfig()->set('admin_cols_' . $this->getTableName(), $new)->save(); }
/** * The whole could happen inside e_user class * @return void */ function init_session() { /* # Validate user # # - parameters none # - return boolean # - scope public */ // ---------------------------------------- global $user_pref, $currentUser; $e107 = e107::getInstance(); // New user model $user = e107::getUser(); define('USERIP', e107::getIPHandler()->getIP(FALSE)); define('POST_REFERER', md5($user->getToken())); // Check for intruders - outside the model for now // TODO replace __referer with e-token, remove the above if (isset($_POST['__referer']) && !$user->checkToken($_POST['__referer']) || isset($_GET['__referer']) && !$user->checkToken($_GET['__referer'])) { // Die, die, die! DIE!!! die('Unauthorized access!'); } if (e107::isCli()) { define('USER', true); define('USERID', 1); define('USERNAME', 'e107-cli'); define('USERTHEME', false); define('ADMIN', true); define('GUEST', false); define('USERCLASS', ''); define('USEREMAIL', ''); define('USERCLASS_LIST', ''); define('USERCLASS', ''); define('USERJOINED', ''); return; } if ($user->hasBan()) { $msg = e107::findPref('ban_messages/6'); if ($msg) { echo e107::getParser()->toHTML($msg); } exit; } if (!$user->isUser()) { define('USER', false); define('USERID', 0); define('USERTHEME', false); define('ADMIN', false); define('GUEST', true); define('USERCLASS', ''); define('USEREMAIL', ''); define('USERSIGNATURE', ''); if ($user->hasSessionError()) { define('LOGINMESSAGE', CORE_LAN10); define('CORRUPT_COOKIE', true); } } else { // we shouldn't use getValue() here, it's there for e.g. shortcodes, profile page render etc. define('USERID', $user->getId()); define('USERNAME', $user->get('user_name')); define('USERURL', $user->get('user_homepage', false)); //required for BC define('USEREMAIL', $user->get('user_email')); define('USER', true); define('USERCLASS', $user->get('user_class')); define('USERIMAGE', $user->get('user_image')); define('USERPHOTO', $user->get('user_sess')); define('USERJOINED', $user->get('user_join')); define('USERVISITS', $user->get('user_visits')); define('USERSIGNATURE', $user->get('user_signature')); define('ADMIN', $user->isAdmin()); define('ADMINID', $user->getAdminId()); define('ADMINNAME', $user->getAdminName()); define('ADMINPERMS', $user->getAdminPerms()); define('ADMINEMAIL', $user->getAdminEmail()); define('ADMINPWCHANGE', $user->getAdminPwchange()); if (ADMIN) { e107::getRedirect()->setPreviousUrl(); } define('USERLV', $user->get('user_lastvisit')); // BC - FIXME - get rid of them! $currentUser = $user->getData(); $currentUser['user_realname'] = $user->get('user_login'); // Used by force_userupdate $e107->currentUser =& $currentUser; // if(defined('SETTHEME')) //override - within e_module for example. // { // $_POST['sitetheme'] = SETTHEME; // $_POST['settheme'] = 1; // } // XXX could go to e_user class as well if ($user->checkClass(e107::getPref('allow_theme_select', false), false)) { // User can set own theme if (isset($_POST['settheme'])) { $uconfig = $user->getConfig(); if (e107::getPref('sitetheme') != $_POST['sitetheme']) { require_once e_HANDLER . "theme_handler.php"; $utheme = new themeHandler(); $ut = $utheme->themeArray[$_POST['sitetheme']]; $uconfig->setPosted('sitetheme', $_POST['sitetheme'])->setPosted('sitetheme_custompages', $ut['custompages'])->setPosted('sitetheme_deflayout', $utheme->findDefault($_POST['sitetheme'])); } else { $uconfig->remove('sitetheme')->remove('sitetheme_custompages')->remove('sitetheme_deflayout'); } $uconfig->save(true); unset($ut); } } elseif ($user->getPref('sitetheme')) { $user->getConfig()->remove('sitetheme')->remove('sitetheme_custompages')->remove('sitetheme_deflayout')->save(false); } // XXX could go to e_user class as well END if (!defined("USERTHEME")) { define('USERTHEME', $user->getPref('sitetheme') && file_exists(e_THEME . $user->getPref('sitetheme') . "/theme.php") ? $user->getPref('sitetheme') : false); } $user_pref = $user->getPref(); } define('USERCLASS_LIST', $user->getClassList(true)); define('e_CLASS_REGEXP', $user->getClassRegex()); define('e_NOBODY_REGEXP', '(^|,)' . e_UC_NOBODY . '(,|$)'); }
public function cacheString($category, $type = 'sys') { if (!isset($this->_md5cache[$category])) { $uclist = e107::getUser()->getClassList(); sort($uclist, SORT_NUMERIC); $this->_md5cache[$category] = md5($category . $uclist); } switch ($type) { case 'sys': return $this->cacheBase() . $this->_md5cache[$category]; break; case 'md5': return $this->_md5cache[$category]; break; } }
function options() { // return 'hello'; $row = $this->getController()->getListModel()->getData(); // $this->getController()->getListModel()-> // return print_a($row,true); if (!getperms('4')) { // return; } extract($row); $text .= "<div>\r\n\r\n\t\t\t\t<input type='hidden' name='userid[{$user_id}]' value='{$user_id}' />\r\n\t\t\t\t<input type='hidden' name='userip[{$user_id}]' value='{$user_ip}' />\r\n\t\t\t\t<select name='useraction[{$user_id}]' onchange='this.form.submit()' class='tbox' style='width:75%'>\r\n\t\t\t\t<option selected='selected' value=''> </option>"; if ($user_perms != "0") { // disabled user info <option value='userinfo'>".USRLAN_80."</option> $text .= "\r\n\t\t\t\t\t<option value='usersettings'>" . LAN_EDIT . "</option>\r\n\t\t\t\t\t"; // login/logout As if (getperms('0') && !($row['user_admin'] && getperms('0', $row['user_perms']))) { if (e107::getUser()->getSessionDataAs() == $row['user_id']) { $text .= "<option value='logoutas'>" . sprintf(USRLAN_AS_2, $row['user_name']) . "</option>"; } else { $text .= "<option value='loginas'>" . sprintf(USRLAN_AS_1, $row['user_name']) . "</option>"; } } switch ($user_ban) { case 0: $text .= "<option value='ban'>" . USRLAN_30 . "</option>\n"; break; case 1: // Banned user $text .= "<option value='unban'>" . USRLAN_33 . "</option>\n"; break; case 2: // Unverified $text .= "<option value='ban'>" . USRLAN_30 . "</option>\r\n\t\t\t\t\t\t<option value='verify'>" . USRLAN_32 . "</option>\r\n\t\t\t\t\t\t<option value='resend'>" . USRLAN_112 . "</option>\r\n\t\t\t\t\t\t<option value='test'>" . USRLAN_118 . "</option>"; break; case 3: // Bounced $text .= "<option value='ban'>" . USRLAN_30 . "</option>\r\n\t\t\t\t\t\t<option value='reqverify'>" . USRLAN_181 . "</option>\r\n\t\t\t\t\t\t<option value='verify'>" . USRLAN_182 . "</option>\r\n\t\t\t\t\t\t<option value='test'>" . USRLAN_118 . "</option>"; break; default: } if (!$user_admin && !$user_ban && $user_ban != 2 && getperms('3')) { $text .= "<option value='admin'>" . USRLAN_35 . "</option>\n"; } else { if ($user_admin && $user_perms != "0" && getperms('3')) { $text .= "<option value='adminperms'>" . USRLAN_221 . "</option>\n"; $text .= "<option value='unadmin'>" . USRLAN_34 . "</option>\n"; } } } if ($user_perms == "0" && !getperms("0")) { $text .= ""; } elseif ($user_id != USERID || getperms("0")) { $text .= "<option value='userclass'>" . USRLAN_36 . "</option>\n"; } if ($user_perms != "0") { $text .= "<option value='deluser'>" . LAN_DELETE . "</option>\n"; } $text .= "</select></div>"; return $text; }
/** * Handle posted batch options routine * @param string $batch_trigger * @return e_admin_controller_ui */ protected function _handleListBatch($batch_trigger) { $tp = e107::getParser(); //$multi_name = vartrue($this->fields['checkboxes']['toggle'], 'multiselect'); $multi_name = $this->getFieldAttr('checkboxes', 'toggle', 'multiselect'); $selected = array_values($this->getPosted($multi_name, array())); $trigger = $tp->toDB(explode('__', $batch_trigger)); if (empty($selected) && !$this->getPosted('etrigger_delete_confirm')) { $params = $this->getFieldAttr($trigger[1], 'writeParms', array()); if (!is_array($params)) { parse_str($params, $params); } if (!vartrue($params['batchNoCheck'])) { return $this; } } if ($selected) { foreach ($selected as $i => $_sel) { $selected[$i] = preg_replace('/[^\\w-:.]/', '', $_sel); } } $this->setTriggersEnabled(false); //disable further triggering switch ($trigger[0]) { case 'delete': //FIXME - confirmation screen //method handleListDeleteBatch(); for custom handling of 'delete' batch // if(empty($selected)) return $this; // don't check selected data - subclass need to check additional post variables(confirm screen) $method = 'handle' . $this->getRequest()->getActionName() . 'DeleteBatch'; if (method_exists($this, $method)) { $this->{$method}($selected); } break; case 'bool': if (empty($selected)) { return $this; } $field = $trigger[1]; $value = $trigger[2] ? 1 : 0; //something like handleListBoolBatch(); for custom handling of 'bool' batch $method = 'handle' . $this->getRequest()->getActionName() . 'BoolBatch'; if (method_exists($this, $method)) { $this->{$method}($selected, $field, $value); } break; case 'boolreverse': if (empty($selected)) { return $this; } $field = $trigger[1]; //something like handleListBoolreverseBatch(); for custom handling of 'boolreverse' batch $method = 'handle' . $this->getRequest()->getActionName() . 'BoolreverseBatch'; if (method_exists($this, $method)) { $this->{$method}($selected, $field); } break; // see commma, userclasses batch options // see commma, userclasses batch options case 'attach': case 'deattach': case 'addAll': case 'clearAll': $field = $trigger[1]; $value = $trigger[2]; if ($trigger[0] == 'addAll') { $parms = $this->getFieldAttr($field, 'writeParms', array()); if (!is_array($parms)) { parse_str($parms, $parms); } unset($parms['__options']); $value = $parms; if (empty($value)) { return $this; } if (!is_array($value)) { $value = array_map('trim', explode(',', $value)); } } if (method_exists($this, 'handleCommaBatch')) { $this->handleCommaBatch($selected, $field, $value, $trigger[0]); } break; // append to userclass list // append to userclass list case 'ucadd': case 'ucremove': //if(empty($selected)) return $this; $field = $trigger[1]; $class = $trigger[2]; $user = e107::getUser(); $e_userclass = e107::getUserClass(); // check userclass manager class if (!isset($e_userclass->class_tree[$class]) || !$user->checkClass($e_userclass->class_tree[$class])) { return $this; } if (method_exists($this, 'handleCommaBatch')) { $trigger[0] = $trigger[0] == 'ucadd' ? 'attach' : 'deattach'; $this->handleCommaBatch($selected, $field, $class, $trigger[0]); } break; // add all to userclass list // clear userclass list // add all to userclass list // clear userclass list case 'ucaddall': case 'ucdelall': $field = $trigger[1]; $user = e107::getUser(); $e_userclass = e107::getUserClass(); $parms = $this->getFieldAttr($field, 'writeParms', array()); if (!is_array($parms)) { parse_str($parms, $parms); } if (!vartrue($parms['classlist'])) { return $this; } $classes = $e_userclass->uc_required_class_list($parms['classlist']); foreach ($classes as $id => $label) { // check userclass manager class if (!isset($e_userclass->class_tree[$id]) || !$user->checkClass($e_userclass->class_tree[$id])) { // TODO lan $msg = $tp->lanVars("You don't have management permissions on [x]", $label); $this->getTreeModel()->addMessageWarning($msg); unset($classes[$id], $msg); } } $this->handleCommaBatch($selected, $field, array_keys($classes), $trigger[0] === 'ucdelall' ? 'clearAll' : 'addAll'); break; default: $field = $trigger[0]; $value = $trigger[1]; //something like handleListUrlTypeBatch(); for custom handling of 'url_type' field name $method = 'handle' . $this->getRequest()->getActionName() . $this->getRequest()->camelize($field) . 'Batch'; if (method_exists($this, $method)) { $this->{$method}($selected, $value); break; } //handleListBatch(); for custom handling of all field names if (empty($selected)) { return $this; } $method = 'handle' . $this->getRequest()->getActionName() . 'Batch'; if (method_exists($this, $method)) { $this->{$method}($selected, $field, $value); } break; } return $this; }
function options($val, $mode) { $controller = $this->getController(); if ($controller->getMode() != 'main' || $controller->getAction() != 'list') { return; } $row = $controller->getListModel()->getData(); if (!getperms('4')) { // return; } extract($row); $user_id = $row['user_id']; $user_ip = $row['user_ip']; $user_admin = $row['user_admin']; $text = ""; $head = "<div>\r\n\r\n\t\t\t\t<input type='hidden' name='userid[{$user_id}]' value='{$user_id}' />\r\n\t\t\t\t<input type='hidden' name='userip[{$user_id}]' value='{$user_ip}' />\r\n\t\t\t\t<input type='hidden' class='user-action-hidden' id='user-action-" . $user_id . "' name='useraction[{$user_id}]' value='' />\r\n\t\t\t\t"; // <select name='useraction[{$user_id}]' onchange='this.form.submit()' class='e-select tbox' data-placement='left' title='Modify' style='text-align:left;width:75%'> // <option selected='selected' value=''> </option>"; $opts = array(); if ($row['user_perms'] != "0") { // disabled user info <option value='userinfo'>".USRLAN_80."</option> // $text .= "<option value='usersettings'>".LAN_EDIT."</option>"; $opts['usersettings'] = LAN_EDIT; // login/logout As if (getperms('0') && !($row['user_admin'] && getperms('0', $row['user_perms']))) { if (e107::getUser()->getSessionDataAs() == $row['user_id']) { // $text .= "<option value='logoutas'>".sprintf(USRLAN_AS_2, $row['user_name'])."</option>"; $opts['logoutas'] = e107::getParser()->lanVars(USRLAN_AS_2, $row['user_name']); } else { // $text .= "<option value='loginas'>".sprintf(USRLAN_AS_1, $row['user_name'])."</option>"; $opts['loginas'] = e107::getParser()->lanVars(USRLAN_AS_1, $row['user_name']); } } switch ($row['user_ban']) { case 0: // $text .= "<option value='ban'>".USRLAN_30."</option>\n"; $opts['ban'] = USRLAN_30; break; case 1: // Banned user // $text .= "<option value='unban'>".USRLAN_33."</option>\n"; $opts['unban'] = USRLAN_33; break; case 2: // Unverified /* $text .= "<option value='ban'>".USRLAN_30."</option> <option value='verify'>".USRLAN_32."</option> <option value='resend'>".USRLAN_112."</option> <option value='test'>".USRLAN_118."</option>";*/ $opts['ban'] = USRLAN_30; $opts['verify'] = USRLAN_32; $opts['resend'] = USRLAN_112; $opts['test'] = USRLAN_118; break; case 3: // Bounced // FIXME wrong lan for 'reqverify' - USRLAN_181, wrong lan for 'verify' (USRLAN_182), changed to USRLAN_32 /* $text .= "<option value='ban'>".USRLAN_30."</option> <option value='reqverify'>Make not verified</option> <option value='verify'>".USRLAN_32."</option> <option value='test'>".USRLAN_118."</option>"; */ $opts['ban'] = USRLAN_30; $opts['reqverify'] = "Make not verified"; $opts['verify'] = USRLAN_32; $opts['test'] = USRLAN_118; break; default: } if (!$user_admin && !$row['user_ban'] && $row['user_ban'] != 2 && getperms('3')) { // $text .= "<option value='admin'>".USRLAN_35."</option>\n"; $opts['admin'] = USRLAN_35; } else { if ($user_admin && $row['user_perms'] != "0" && getperms('3')) { // $text .= "<option value='adminperms'>".USRLAN_221."</option>\n"; // $text .= "<option value='unadmin'>".USRLAN_34."</option>\n"; $opts['adminperms'] = USRLAN_221; $opts['uadmin'] = USRLAN_34; } } } if ($row['user_perms'] == "0" && !getperms("0")) { // $text .= ""; } elseif ($user_id != USERID || getperms("0")) { // $text .= "<option value='userclass'>".USRLAN_36."</option>\n"; // DEPRECATED. inline & batch should be enough. } if ($row['user_perms'] != "0") { // $text .= "<option value='deluser'>".LAN_DELETE."</option>\n"; $opts['deldiv'] = 'divider'; $opts['deluser'] = LAN_DELETE; } // $foot = "</select>"; // $foot = "</div>"; $btn = '<div class="btn-group pull-right"> <button aria-expanded="false" class="btn btn-default btn-user-action dropdown-toggle" data-toggle="dropdown"> <span class="user-action-indicators" id="user-action-indicator-' . $user_id . '">' . e107::getParser()->toGlyph('cog') . '</span> <span class="caret"></span> </button> <ul class="dropdown-menu"> <!-- dropdown menu links --> '; //<li class="dropdown-header text-right"><strong>'.$row['user_name'].'</strong></li> foreach ($opts as $k => $v) { if ($v == 'divider') { $btn .= '<li class="divider" ></li>'; } else { $btn .= '<li class="danger user-action-' . $k . '"><a class="user-action text-right" data-action-user="******" data-action-type="' . $k . '" >' . $v . '</a></li>'; } } $btn .= ' </ul></div>'; if (!empty($opts)) { return $head . $btn; } else { return ''; } // return ($text) ? $head.$text.$foot . $btn : ""; }
public function login($redirectUrl = true) { if (!e107::getPref('social_login_active', false)) { throw new Exception("Signup failed! This feature is disabled.", 100); // TODO lan } if (!$this->getProvider()) { throw new Exception("Login failed! Wrong provider.", 22); // TODO lan } if ($redirectUrl) { if (true === $redirectUrl) { $redirectUrl = SITEURL; } elseif (strpos($redirectUrl, 'http://') !== 0 && strpos($redirectUrl, 'https://') !== 0) { $redirectUrl = e107::getUrl()->create($redirectUrl); } } if (e107::getUser()->isUser()) { if ($redirectUrl) { e107::getRedirect()->redirect($redirectUrl); } return true; } $this->adapter = $this->hybridauth->authenticate($this->getProvider()); $check = e107::getUser()->setProvider($this)->loginProvider($this->userId(), false); if ($redirectUrl) { e107::getRedirect()->redirect($redirectUrl); } return $check; }
} $ns->tablerender($ccaption, $ctext); } elseif ($action == 'forums') { require_once e_PLUGIN . 'forum/forum_class.php'; $forum = new e107forum(); $forumList = implode(',', $forum->getForumPermList('view')); /*if(is_numeric($id)) { $uinfo = e107::user($id); $fcaption = UP_LAN_0.' '.$uinfo['user_name']; } else { $user_name = 0; }*/ if ($id == e107::getUser()->getId()) { $user_name = USERNAME; } else { $user_name = e107::getSystemUser($id, false)->getName(LAN_ANONYMOUS); } if (!$user_name) { header("Location:" . SITEURL); exit; } $fcaption = UP_LAN_0 . ' ' . $user_name; /* if (!$USERPOSTS_FORUM_TABLE) { if (file_exists(THEME.'userposts_template.php')) { require_once(THEME.'userposts_template.php');
/** * Go online * @param boolean $online_tracking * @param boolean $flood_control * @return void */ public function goOnline($online_tracking = false, $flood_control = false) { // global $pref, $e_event; // Not needed as globals //global $online_timeout, $online_warncount, $online_bancount; // Not needed as globals //global $members_online, $total_online; // Not needed as globals global $listuserson; // FIXME - remove it, make it property, call e_online signleton - e107::getOnline() $e107 = e107::getInstance(); $sql = e107::getDb(); $user = e107::getUser(); if ($online_tracking || $flood_control) { $online_timeout = 300; list($ban_access_guest, $ban_access_member) = explode(',', e107::getPref('ban_max_online_access', '100,200')); $online_bancount = max($ban_access_guest, 50); // Safety net for incorrect values if ($user->isUser()) { $online_bancount = max($online_bancount, $ban_access_member); } $online_warncount = $online_bancount * 0.9; // Set warning threshold at 90% of ban threshold //TODO Add support for all queries. // $page = (strpos(e_SELF, 'forum_') !== FALSE) ? e_SELF.'.'.e_QUERY : e_SELF; // $page = (strpos(e_SELF, 'comment') !== FALSE) ? e_SELF.'.'.e_QUERY : $page; // $page = (strpos(e_SELF, 'content') !== FALSE) ? e_SELF.'.'.e_QUERY : $page; $page = e_REQUEST_URI; // mod rewrite & single entry support // FIXME parse url, trigger registered e_online callbacks $page = e107::getParser()->toDB($page, true); /// @todo - try not to use toDB() - triggers prefilter $ip = e107::getIPHandler()->getIP(FALSE); $udata = $user->isUser() && USER ? $user->getId() . '.' . $user->getName() : '0'; // USER check required to make sure they logged in without an error. $agent = $_SERVER['HTTP_USER_AGENT']; // XXX - more exceptions, e.g. hide online location for admins/users (pref), e_jlsib.php, etc // XXX - more advanced flod timing when e_AJAX_REQUEST, e.g. $ban_access_ajax = 300 $update_page = deftrue('e_AJAX_REQUEST') ? '' : ", online_location='{$page}'"; $insert_query = array('online_timestamp' => time(), 'online_flag' => 0, 'online_user_id' => $udata, 'online_ip' => $ip, 'online_location' => $page, 'online_pagecount' => 1, 'online_active' => 0, 'online_agent' => $agent, 'online_language' => e_LAN); // !deftrue('e_AJAX_REQUEST') // TODO add option to hide users from online list? boolean online_hide field? // don't do anything if main admin logged in as another user if ($user->isUser() && !$user->getParentId()) { // Find record that matches IP or visitor, or matches user info if ($sql->select('online', '*', "(`online_ip` = '{$ip}' AND `online_user_id` = '0') OR `online_user_id` = '{$udata}'")) { $row = $sql->fetch(); if ($row['online_user_id'] == $udata) { //Matching user record if ($row['online_timestamp'] < time() - $online_timeout) { //It has been at least 'online_timeout' seconds since this user's info last logged //Update user record with timestamp, current IP, current page and set pagecount to 1 $query = "online_timestamp='" . time() . "', online_ip='{$ip}'{$update_page}, online_pagecount=1, `online_active` = 1 WHERE online_user_id='{$row['online_user_id']}'"; } else { if (!$user->isAdmin()) { $row['online_pagecount']++; } // Update user record with current IP, current page and increment pagecount $query = "online_ip='{$ip}'{$update_page}, `online_pagecount` = '" . intval($row['online_pagecount']) . "', `online_active` = 1 WHERE `online_user_id` = '{$row['online_user_id']}'"; } } else { //Found matching visitor record (ip only) for this user if ($row['online_timestamp'] < time() - $online_timeout) { // It has been at least 'timeout' seconds since this user has connected // Update record with timestamp, current IP, current page and set pagecount to 1 $query = "`online_timestamp` = '" . time() . "', `online_user_id` = '{$udata}'{$update_page}, `online_pagecount` = 1, `online_active` = 1 WHERE `online_ip` = '{$ip}' AND `online_user_id` = '0'"; } else { // Another visit within the timeout period if (!$user->isAdmin()) { $row['online_pagecount']++; } //Update record with current IP, current page and increment pagecount $query = "`online_user_id` = '{$udata}'{$update_page}, `online_pagecount` = " . intval($row['online_pagecount']) . ", `online_active` =1 WHERE `online_ip` = '{$ip}' AND `online_user_id` = '0'"; } } $sql->update('online', $query); } else { $sql->insert('online', $insert_query); } } elseif (!$user->getParentId()) { //Current page request is from a guest if ($sql->select('online', '*', "`online_ip` = '{$ip}' AND `online_user_id` = '0'")) { // Recent visitor $row = $sql->fetch(); if ($row['online_timestamp'] < time() - $online_timeout) { //Update record with timestamp, current page, and set pagecount to 1 $query = "`online_timestamp` = '" . time() . "'{$update_page}, `online_pagecount` = 1 WHERE `online_ip` = '{$ip}' AND `online_user_id` = '0'"; } else { //Update record with current page and increment pagecount $row['online_pagecount']++; // echo "here {$online_pagecount}"; $query = "`online_pagecount` = {$row['online_pagecount']}{$update_page} WHERE `online_ip` = '{$ip}' AND `online_user_id` = '0'"; } $sql->update('online', $query); } else { // New visitor $sql->insert('online', $insert_query); } } if ($user->isAdmin() || e107::getPref('autoban') != 1 && e107::getPref('autoban') != 2 || !isset($row['online_pagecount'])) { $row['online_pagecount'] = 1; } // Always allow localhost - any problems are usually semi-intentional! if (varset($row['online_ip']) != '127.0.0.1' && varset($row['online_ip']) != e107::LOCALHOST_IP && varset($row['online_ip']) != e107::LOCALHOST_IP2) { // Check for excessive access if ($row['online_pagecount'] > $online_bancount) { e107::lan('core', 'banlist', true); //e_LANGUAGEDIR.e_LANGUAGE.'/admin/lan_banlist.php' $reason = e107::getParser()->lanVars(BANLAN_78, $row['online_pagecount']); // str_replace('--HITS--',$row['online_pagecount'], BANLAN_78) if (true === e107::getIPHandler()->add_ban(2, $reason, $ip, 0)) { e107::getEvent()->trigger('flood', $ip); //BC e107::getEvent()->trigger('user_ban_flood', $ip); exit; } } elseif ($row['online_pagecount'] >= $online_warncount) { echo "<div style='text-align:center; font: 11px verdana, tahoma, arial, helvetica, sans-serif;'><b>" . LAN_WARNING . "</b><br /><br />" . CORE_LAN6 . "<br /></div>"; exit; } } // Delete records for users (and guests) not seen for a while // FIXME - DB optimization - mark records as deleted (online_deleted=1), delete once per hour (could be pref) via e_cron // FIXME - Additional prefs for this (it does 2-3 more queries no matter someone need them), could be also separate method // Speed up ajax requests if (!deftrue('e_AJAX_REQUEST')) { $sql->delete('online', '`online_timestamp` < ' . (time() - $online_timeout)); // FIXME - don't use constants below, save data in class vars, call e_online signleton - e107::getOnline() // $total_online = $sql->db_Count('online'); // 1 less query! :-) if ($total_online = $sql->gen('SELECT o.*,u.user_image FROM #online AS o LEFT JOIN #user AS u ON o.online_user_id = u.user_id WHERE o.online_pagecount > 0 ORDER BY o.online_timestamp DESC')) { $member_list = ''; $members_online = 0; $listuserson = array(); while ($row = $sql->fetch()) { $row['online_bot'] = $this->isBot($row['online_agent']); // Sort into usable format and add bot field. $user = array('user_location' => $row['online_location'], 'user_bot' => $this->isBot($row['online_agent']), 'user_agent' => $row['online_agent'], 'user_ip' => $row['online_ip'], 'user_currentvisit' => $row['online_timestamp'], 'user_online' => $row['online_flag'], 'user_pagecount' => $row['online_pagecount'], 'user_active' => $row['online_active'], 'user_image' => vartrue($row['user_image'], false), 'online_user_id' => $row['online_user_id'], 'user_language' => $row['online_language']); if ($row['online_user_id'] != 0) { $vals = explode('.', $row['online_user_id'], 2); $user['user_id'] = $vals[0]; $user['user_name'] = $vals[1]; $member_list .= "<a href='" . SITEURL . "user.php?id.{$vals[0]}'>{$vals[1]}</a> "; $listuserson[$row['online_user_id']] = $row['online_location']; $this->users[] = $user; $members_online++; } else { $user['user_id'] = 0; $user['user_name'] = 'guest'; // Maybe should just be an empty string? $this->guests[] = $user; } } } define('TOTAL_ONLINE', $total_online); define('MEMBERS_ONLINE', $members_online); define('GUESTS_ONLINE', $total_online - $members_online); define('ON_PAGE', $sql->db_Count('online', '(*)', "WHERE `online_location` = '{$page}' ")); define('MEMBER_LIST', $member_list); //update most ever online $olCountPrefs = e107::getConfig('history'); // Get historic counts of members on line $olCountPrefs->setParam('nologs', true); if ($total_online > $olCountPrefs->get('most_members_online') + $olCountPrefs->get('most_guests_online')) { $olCountPrefs->set('most_members_online', MEMBERS_ONLINE); $olCountPrefs->set('most_guests_online', GUESTS_ONLINE); $olCountPrefs->set('most_online_datestamp', time()); $olCountPrefs->save(false, true, false); } } } else { define('e_TRACKING_DISABLED', true); // Used in forum, online menu define('TOTAL_ONLINE', ''); define('MEMBERS_ONLINE', ''); define('GUESTS_ONLINE', ''); define('ON_PAGE', ''); define('MEMBER_LIST', ''); } }
/** * Build admin menus - addmin menus are now supporting unlimitted number of submenus * TODO - add this to a handler for use on front-end as well (tree, sitelinks.sc replacement) * * $e107_vars structure: * $e107_vars['action']['text'] -> link title * $e107_vars['action']['link'] -> if empty '#action' will be added as href attribute * $e107_vars['action']['image'] -> (new) image tag * $e107_vars['action']['perm'] -> permissions via getperms() * $e107_vars['action']['userclass'] -> user class permissions via check_class() * $e107_vars['action']['include'] -> additional <a> tag attributes * $e107_vars['action']['sub'] -> (new) array, exactly the same as $e107_vars' first level e.g. $e107_vars['action']['sub']['action2']['link']... * $e107_vars['action']['sort'] -> (new) used only if found in 'sub' array - passed as last parameter (recursive call) * $e107_vars['action']['link_class'] -> (new) additional link class * $e107_vars['action']['sub_class'] -> (new) additional class used only when sublinks are being parsed * * @param string $title * @param string $active_page * @param array $e107_vars * @param array $tmpl * @param array $sub_link * @param bool $sortlist * @return string parsed admin menu (or empty string if title is empty) */ function e_admin_menu($title, $active_page, $e107_vars, $tmpl = array(), $sub_link = false, $sortlist = false) { global $E_ADMIN_MENU; if (!$tmpl) { $tmpl = $E_ADMIN_MENU; } /* * Search for id */ $temp = explode('--id--', $title, 2); $title = $temp[0]; $id = str_replace(array(' ', '_'), '-', varset($temp[1])); unset($temp); /* * SORT */ if ($sortlist == TRUE) { $temp = $e107_vars; unset($e107_vars); $func_list = array(); foreach (array_keys($temp) as $key) { $func_list[] = $temp[$key]['text']; } usort($func_list, 'strcoll'); foreach ($func_list as $func_text) { foreach (array_keys($temp) as $key) { if ($temp[$key]['text'] == $func_text) { $e107_vars[] = $temp[$key]; } } } unset($temp); } $kpost = ''; $text = ''; if ($sub_link) { $kpost = '_sub'; } else { $text = $tmpl['start']; } //FIXME - e_parse::array2sc() $search = array(); $search[0] = '/\\{LINK_TEXT\\}(.*?)/si'; $search[1] = '/\\{LINK_URL\\}(.*?)/si'; $search[2] = '/\\{ONCLICK\\}(.*?)/si'; $search[3] = '/\\{SUB_HEAD\\}(.*?)/si'; $search[4] = '/\\{SUB_MENU\\}(.*?)/si'; $search[5] = '/\\{ID\\}(.*?)/si'; $search[6] = '/\\{SUB_ID\\}(.*?)/si'; $search[7] = '/\\{LINK_CLASS\\}(.*?)/si'; $search[8] = '/\\{SUB_CLASS\\}(.*?)/si'; $search[9] = '/\\{LINK_IMAGE\\}(.*?)/si'; foreach (array_keys($e107_vars) as $act) { if (isset($e107_vars[$act]['perm']) && !getperms($e107_vars[$act]['perm'])) { continue; } // check class so that e.g. e_UC_NOBODY will result no permissions granted (even for main admin) if (isset($e107_vars[$act]['userclass']) && !e107::getUser()->checkClass($e107_vars[$act]['userclass'], false)) { continue; } // print_a($e107_vars[$act]); $replace = array(); $rid = str_replace(array(' ', '_'), '-', $act) . ($id ? "-{$id}" : ''); if ($active_page == $act && !is_numeric($act) || str_replace("?", "", e_PAGE . e_QUERY) == str_replace("?", "", $act)) { $temp = $tmpl['button_active' . $kpost]; } else { $temp = $tmpl['button' . $kpost]; } // $temp = $tmpl['button'.$kpost]; // echo "ap = ".$active_page; // echo " act = ".$act."<br /><br />"; if ($rid == 'adminhome') { $temp = $tmpl['button_other' . $kpost]; } if ($rid == 'home') { $temp = $tmpl['button_home' . $kpost]; } if ($rid == 'language') { $temp = $tmpl['button_language' . $kpost]; } if ($rid == 'logout') { $temp = $tmpl['button_logout' . $kpost]; } $replace[0] = str_replace(" ", " ", $e107_vars[$act]['text']); // valid URLs $replace[1] = str_replace(array('&', '&'), array('&', '&'), varsettrue($e107_vars[$act]['link'], "#{$act}")); $replace[2] = ''; if (varsettrue($e107_vars[$act]['include'])) { $replace[2] = $e107_vars[$act]['include']; //$replace[2] = $js ? " onclick=\"showhideit('".$act."');\"" : " onclick=\"document.location='".$e107_vars[$act]['link']."'; disabled=true;\""; } $replace[3] = $title; $replace[4] = ''; $replace[5] = $id ? " id='eplug-nav-{$rid}'" : ''; $replace[6] = $rid; $replace[7] = varset($e107_vars[$act]['link_class']); $replace[8] = ''; $replace[9] = varset($e107_vars[$act]['image']); if ($rid == 'logout' || $rid == 'home' || $rid == 'language') { $START_SUB = $tmpl['start_other_sub']; } else { $START_SUB = $tmpl['start_sub']; } if (varsettrue($e107_vars[$act]['sub'])) { $replace[6] = $id ? " id='eplug-nav-{$rid}-sub'" : ''; $replace[7] = ' ' . varset($e107_vars[$act]['link_class'], 'e-expandit'); $replace[8] = ' ' . varset($e107_vars[$act]['sub_class'], 'e-hideme e-expandme'); $replace[4] = preg_replace($search, $replace, $START_SUB); $replace[4] .= e_admin_menu(false, $active_page, $e107_vars[$act]['sub'], $tmpl, true, isset($e107_vars[$act]['sort']) ? $e107_vars[$act]['sort'] : $sortlist); $replace[4] .= $tmpl['end_sub']; } $text .= preg_replace($search, $replace, $temp); // echo "<br />".$title." act=".$act; //print_a($e107_vars[$act]); } $text .= !$sub_link ? $tmpl['end'] : ''; if ($sub_link || empty($title)) { return $text; } $ns = e107::getRender(); $ns->tablerender($title, $text, array('id' => $id, 'style' => 'button_menu')); return ''; }