/**
* Does not require encryption, uses token.
*/
public function post()
{
$user = ClientUser::getInstance()->id;
// TODO: These can be spoofed.
// A verification method is needed.
$tracker = Request::post('tracker');
$sub = Request::post('id', 'int');
// Track.
Tracker::trackEvent($tracker, $sub, $user);
Output::json(Output::SUCCESS);
}
/**
* This function must check the user session to be sure that he/she is
* authorized to upload and access files in the File Browser.
*
* @return boolean
*/
function CheckAuthentication()
{
// WARNING : DO NOT simply return "true". By doing so, you are allowing
// "anyone" to upload and list the files in your server. You must implement
// some kind of session validation here. Even something very simple as...
// return isset($_SESSION['IsAuthorized']) && $_SESSION['IsAuthorized'];
// ... where $_SESSION['IsAuthorized'] is set to "true" as soon as the
// user logs in your system. To be able to use session variables don't
// forget to add session_start() at the top of this file.
return \Lightning\Tools\ClientUser::getInstance()->isAdmin();
}
public function postSave()
{
$user = ClientUser::getInstance();
// Update the user name.
$user->update(array('first' => Request::get('first'), 'last' => Request::get('last')));
// Update the password.
$password = Request::post('password');
$new_password = Request::post('new_password');
$new_password_confirm = Request::post('new_password_confirm');
if (!empty($password) && $user->checkPass($password)) {
if (false) {
Messenger::error('Your password did not meet the required criteria.');
} elseif ($new_password != $new_password_confirm) {
Messenger::error('You did not enter the same password twice.');
} else {
$user->setPass($new_password);
}
} elseif (!empty($new_password) || !empty($new_password)) {
Messenger::error('You did not enter your correct current password.');
}
// Update mailing list preferences.
$new_lists = Request::get('subscribed', 'array', 'int', array());
$new_lists = array_combine($new_lists, $new_lists);
$all_lists = Subscription::getLists();
$user_id = ClientUser::getInstance()->id;
$user_lists = Subscription::getUserLists($user_id);
$remove_lists = array();
foreach ($user_lists as $list) {
if (empty($new_lists[$list['message_list_id']]) && !empty($list['visible'])) {
$remove_lists[$list['message_list_id']] = $list['message_list_id'];
}
}
$add_lists = $new_lists;
unset($add_lists[0]);
if (!isset($new_lists[0])) {
foreach ($all_lists as $list) {
if (empty($list['visible'])) {
$remove_lists[$list['message_list_id']] = $list['message_list_id'];
}
}
}
$db = Database::getInstance();
if (!empty($remove_lists)) {
$db->delete('message_list_user', array('message_list_id' => array('IN', $remove_lists), 'user_id' => $user_id));
}
if (!empty($add_lists)) {
$db->insertMultiple('message_list_user', array('message_list_id' => $add_lists, 'user_id' => $user_id), true);
}
if (count(Messenger::getErrors()) == 0) {
Navigation::redirect(null, array('msg' => 'saved'));
}
}
protected function initSettings()
{
if (Request::get('return') == 'view') {
$this->post_actions['after_post'] = function ($row) {
Navigation::redirect('/' . $row['url'] . '.htm');
};
}
$this->preset['user_id']['default'] = ClientUser::getInstance()->id;
$this->preset['url']['submit_function'] = function (&$output) {
$output['url'] = Request::post('url', 'url') ?: Request::post('title', 'url');
};
$this->preset['header_image'] = array('type' => 'image', 'location' => BlogModel::IMAGE_PATH, 'weblocation' => '/' . BlogModel::IMAGE_PATH);
$this->action_fields = array('view' => array('display_name' => 'View', 'type' => 'html', 'html' => function ($row) {
return '<a href="/' . $row['url'] . '.htm"><img src="/images/lightning/resume.png" /></a>';
}));
}
public function postUpdateDate()
{
if (ClientUser::getInstance()->isAdmin()) {
$id = Request::post('id');
$key = Request::post('key');
$column = Request::post('column');
$table = Request::post('table');
$m = Request::post("date_m");
$d = Request::post("date_d");
$y = Request::post("date_y");
if ($m > 0 && $d > 0) {
if ($y == 0) {
$y = date("Y");
}
$value = gregoriantojd($m, $d, $y);
} else {
$value = 0;
}
Database::getInstance()->update($table, array($column => $value), array($key => $id));
Output::json(Output::SUCCESS);
} else {
Output::json(Output::ACCESS_DENIED);
}
}
/**
* Registers user
*
* @param string $email email
* @param string $pass password
* @return Array
* When successful:
* [Status, new user id]
* When not:
* [Status, error short code]
*
* @todo This should return the user object, with other data contained inside.
*/
public static function register($email, $pass)
{
// Save current user for further anonymous check
$user = ClientUser::getInstance();
$previous_user = $user->id;
// Try to create a user or abort with error message
$res = self::create($email, $pass);
if ($res['success']) {
self::login($email, $pass);
$user = ClientUser::getInstance();
$user->subscribe(Configuration::get('mailer.default_list'));
// Merge with a previous anon user if necessary.
if ($previous_user != 0) {
// TODO: This should only happen if the user is a placeholder.
$user->merge_users($previous_user);
}
// Success
return ['success' => true, 'data' => ['user_id' => ClientUser::getInstance()->id]];
} else {
// Error
return ['success' => false, 'error' => $res['error']];
}
}
First Name:
</td>
<td>
<input type="text" name="first" value="<?php
echo ClientUser::getInstance()->first;
?>
">
</td>
</tr>
<tr>
<td>
Last Name:
</td>
<td>
<input type="text" name="last" value="<?php
echo ClientUser::getInstance()->last;
?>
">
</td>
</tr>
</table>
</fieldset>
<fieldset>
<legend>Password:</legend>
<table class="small-12">
<tr>
<td>
Current Password:
</td>
<td>
<input type="password" name="password" value="">
public function getStopImpersonating()
{
$session = Session::getInstance();
if (ClientUser::getInstance()->isImpersonating()) {
$session->unsetSetting('impersonate');
$session->saveData();
Navigation::redirect('/');
}
}
public function postSave()
{
$user = ClientUser::getInstance();
if (!$user->isAdmin()) {
return $this->get();
}
$page_id = Request::post('page_id', 'int');
$title = Request::post('title');
$url = Request::post('url', 'url');
// Create an array of the new values.
$new_values = array('title' => $title, 'url' => !empty($url) ? $url : Scrub::url($title), 'keywords' => Request::post('keywords'), 'description' => Request::post('description'), 'site_map' => Request::post('sitemap', 'int'), 'body' => Request::post('page_body', 'html', '', '', true), 'last_update' => time(), 'layout' => Request::post('layout', 'int'));
// Save the page.
if ($page_id != 0) {
Database::getInstance()->update('page', $new_values, array('page_id' => $page_id));
} else {
$page_id = Database::getInstance()->insert('page', $new_values);
}
$output = array();
$output['url'] = $new_values['url'];
$output['page_id'] = $page_id;
$output['title'] = $title;
Output::json($output);
}
public function postLogout()
{
$user = ClientUser::getInstance();
$user->logOut();
}
<?
use Lightning\Tools\ClientUser;
use Lightning\Tools\Scrub;
use Lightning\Tools\Configuration;
$user = ClientUser::getInstance();
if (count($blog->posts) > 0): ?>
<?php
echo $blog->pagination();
?>
<? foreach ($blog->posts as $post): ?>
<div class="IndiArticle">
<? if (!$blog->isList()): ?>
<div class="blog-header-image" style="background-image:url(<?php
echo $post['header_image'] ?: Configuration::get('blog.default_image');
?>
);"></div>
<h1><?php
echo $post['title'];
?>
</h1>
<? else: ?>
<a href='/<?php
echo $post['url'];
?>
.htm'><div class="blog-header-image" style="background-image:url(<?php
echo $post['header_image'] ?: Configuration::get('blog.default_image');
?>
);"></div></a>
public function post()
{
$blog_id = Request::get('id', 'int') | Request::get('blog_id', 'int');
$action = Request::get('action');
// AUTHORIZE A BLOG COMMENT.
switch ($action) {
case 'post_comment_check':
echo md5($_POST['email'] . $_POST['name'] . $_POST['comment']);
exit;
case 'post_comment':
// FIRST CHECK FOR SPAM
if ($_POST['check_val'] == md5($_POST['email'] . $_POST['name'] . $_POST['comment'])) {
$values = array('blog_id' => $blog_id, 'ip_address' => Request::server('ip_int'), 'email_address' => Request::post('email', 'email'), 'name' => Request::post('name'), 'comment' => Request::post('comment'), 'time' => time());
Database::getInstance()->insert('blog_comment', $values);
echo "success";
} else {
echo "spam error";
}
exit;
case 'remove_blog_comment':
$user = ClientUser::getInstance();
if ($user->isAdmin() && $_POST['blog_comment_id'] > 0) {
Database::getInstance()->delete('blog_comment', array('blog_comment_id' => Request::post('blog_comment_id', 'int')));
echo "ok";
} else {
echo "access denied";
}
exit;
case 'approve_blog_comment':
$user = ClientUser::getInstance();
if ($user->isAdmin() && $_POST['blog_comment_id'] > 0) {
Database::getInstance()->update('blog_comment', array('approved' => 1), array('blog_comment_id' => Request::post('blog_comment_id', 'int')));
echo "ok";
exit;
}
}
}
<ul><? foreach ($messages as $message): ?><li><?php
echo $message;
?>
</li><? endforeach; ?></ul>
</div>
<?
endif;
if (!empty($content)) :
$this->build($content);
endif; ?>
</div>
<? endif; ?>
</div>
<pre>
<?
if (ClientUser::getInstance()->isAdmin()) {
$database = Database::getInstance();
print_r($database->getQueries());
print_r($database->timeReport());
}
?>
</pre>
</section>
</div>
</div>
<?php
echo JS::render();
echo CSS::render();
echo $this->renderFooter();
?>
</body>