PHP BackendUser类代码示例

 /**
  * {@inheritDoc}
  */
 protected function loadFiletree(DataContainerInterface $objDc)
 {
     $table = $objDc->getEnvironment()->getDataDefinition()->getName();
     $arrData['strTable'] = $table;
     $arrData['id'] = self::getAjaxName() ?: $objDc->getId();
     $arrData['name'] = self::getPost('name');
     /** @var \FileTree $objWidget */
     $objWidget = new $GLOBALS['BE_FFL']['fileTree']($arrData, $objDc);
     // Load a particular node.
     if (self::getPost('folder', true) != '') {
         echo $objWidget->generateAjax(self::getPost('folder', true), self::getPost('field'), intval(self::getPost('level')));
     } else {
         // Reload the whole tree.
         $user = \BackendUser::getInstance();
         $strTree = '';
         $path = $GLOBALS['TL_DCA'][$table]['fields'][self::getPost('field')]['eval']['path'];
         // Set a custom path.
         if (strlen($GLOBALS['TL_DCA'][$table]['fields'][self::getPost('field')]['eval']['path'])) {
             $strTree = $objWidget->generateAjax($GLOBALS['TL_DCA'][$table]['fields'][self::getPost('field')]['eval']['path'], self::getPost('field'), intval(self::getPost('level')));
         } elseif ($user->isAdmin) {
             $strTree = $objWidget->generateAjax($GLOBALS['TL_CONFIG']['uploadPath'], self::getPost('field'), intval(self::getPost('level')));
         } else {
             foreach ($this->eliminateNestedPaths($this->User->filemounts) as $node) {
                 $strTree .= $objWidget->generateAjax($node, self::getPost('field'), intval(self::getPost('level')), true);
             }
         }
         echo $strTree;
     }
     exit;
 }

 /**
  * Return the export config icon.
  *
  * @param string
  * @param string
  * @param string
  *
  * @return string
  */
 public function exportConfigIcon($href, $label, $title, $class, $attributes)
 {
     if (!\BackendUser::getInstance()->isAdmin) {
         return '';
     }
     return '<a href="contao/main.php?do=form&amp;table=tl_lead_export&amp;id=' . Input::get('master') . '" class="' . $class . '" title="' . specialchars($title) . '"' . $attributes . '>' . $label . '</a> ';
 }

 /**
  * Constructor
  */
 public function __construct()
 {
     // If we are in the Backend-Mode use the BackendUser.
     if (TL_MODE == 'FE') {
         $this->user = \FrontendUser::getInstance();
     } else {
         $this->user = \BackendUser::getInstance();
     }
     // Language
     \Controller::loadLanguageFile("default");
     \Controller::loadLanguageFile('tl_synccto_clients');
     // Instance a list for regex from the blacklist for folders.
     $this->arrPreparedBlacklistFolder = array();
     foreach ($this->getBlacklistFolder() as $key => $value) {
         $this->arrPreparedBlacklistFolder[$key] = str_replace($this->arrSearch, $this->arrReplace, $value);
     }
     // Instance a list for regex from the blacklist for files.
     $this->arrPreparedBlacklistFiles = array();
     foreach ($this->getBlacklistFile() as $key => $value) {
         $this->arrPreparedBlacklistFiles[$key] = str_replace($this->arrSearch, $this->arrReplace, $value);
     }
     // Instance a list for regex from the hidden table list.
     $this->arrPreparedHiddenTablePlaceholder = array();
     foreach ($this->getHiddenTablePlaceholder() as $key => $value) {
         $this->arrPreparedHiddenTablePlaceholder[$key] = str_replace($this->arrSearch, $this->arrReplace, $value);
     }
     // Replace some elements in TL_ROOT for regex.
     $this->strPreparedTlRoot = str_replace('\\', '\\\\', TL_ROOT);
 }

 /**
  * Get all articles and return them as array
  * @param \DataContainer
  * @return array
  */
 public function getAllArticles(\DataContainer $dc)
 {
     $user = \BackendUser::getInstance();
     $pids = array();
     $articles = array();
     // Limit pages to the user's pagemounts
     if ($user->isAdmin) {
         $objArticle = \Database::getInstance()->execute("SELECT a.id, a.pid, a.title, a.inColumn, p.title AS parent FROM tl_article a LEFT JOIN tl_page p ON p.id=a.pid ORDER BY parent, a.sorting");
     } else {
         foreach ($user->pagemounts as $id) {
             $pids[] = $id;
             $pids = array_merge($pids, \Database::getInstance()->getChildRecords($id, 'tl_page'));
         }
         if (empty($pids)) {
             return $articles;
         }
         $objArticle = \Database::getInstance()->execute("SELECT a.id, a.pid, a.title, a.inColumn, p.title AS parent FROM tl_article a LEFT JOIN tl_page p ON p.id=a.pid WHERE a.pid IN(" . implode(',', array_map('intval', array_unique($pids))) . ") ORDER BY parent, a.sorting");
     }
     // Edit the result
     if ($objArticle->numRows) {
         \Controller::loadLanguageFile('tl_article');
         while ($objArticle->next()) {
             $key = $objArticle->parent . ' (ID ' . $objArticle->pid . ')';
             $articles[$key][$objArticle->id] = $objArticle->title . ' (' . ($GLOBALS['TL_LANG']['tl_article'][$objArticle->inColumn] ?: $objArticle->inColumn) . ', ID ' . $objArticle->id . ')';
         }
     }
     return $articles;
 }

 /**
  * Add access permission for a record to the backend user
  *
  * @param int     $id
  * @param string $accessField
  * @param string $permissionField
  *
  * @return bool If current record in a new record
  */
 protected function addNewRecordPermissions($id, $accessField, $permissionField)
 {
     /** @type \BackendUser|object $user */
     $user = \BackendUser::getInstance();
     $session = \Session::getInstance();
     $db = \Database::getInstance();
     $groups = deserialize($user->groups);
     $newRecords = $session->get('new_records');
     if (is_array($newRecords['tl_iso_group']) && in_array($id, $newRecords['tl_iso_group'])) {
         if ($user->inherit == 'custom' || empty($groups)) {
             // Add permissions on user level
             $objUser = $db->prepare("SELECT id, {$accessField}, {$permissionField} FROM tl_user WHERE id=?")->execute($user->id);
             $this->addCreatePermission($id, $permissionField, $accessField, 'tl_user', $objUser);
         } elseif (!empty($groups) && is_array($groups)) {
             // Add permissions on group level
             $objGroups = $db->execute("\n                    SELECT id, {$accessField}, {$permissionField}\n                    FROM tl_user_group\n                    WHERE " . $db->findInSet('id', $groups));
             while ($objGroups->next()) {
                 if ($this->addCreatePermission($id, $permissionField, $accessField, 'tl_user_group', $objGroups)) {
                     break;
                 }
             }
         }
         return true;
     }
     return false;
 }

 public function addSystemMessages()
 {
     if ($GLOBALS['TL_CONFIG']['be_rss_src'] == '') {
         return '';
     }
     $feed = new \SimplePie();
     $feed->set_feed_url(html_entity_decode($GLOBALS['TL_CONFIG']['be_rss_src']));
     $feed->set_output_encoding(\Config::get('characterSet'));
     $feed->set_cache_location(TL_ROOT . '/system/tmp');
     $feed->enable_cache(true);
     if (!$feed->init()) {
         $this->log('Error importing RSS feed "' . $this->rss_feed . '"', __METHOD__, TL_ERROR);
         return '';
     }
     $items = $feed->get_items(0, $GLOBALS['TL_CONFIG']['be_rss_max'] ? $GLOBALS['TL_CONFIG']['be_rss_max'] : 3);
     $output = '';
     if ($items) {
         $user = \BackendUser::getInstance();
         foreach ($items as $item) {
             $template = new \BackendTemplate('be_rss_item');
             $template->title = $item->get_title();
             $template->link = $item->get_link();
             $template->content = $item->get_content();
             $template->date = $item->get_date($GLOBALS['TL_CONFIG']['datimFormat']);
             $template->class = $item->get_date('U') > $user->lastLogin ? 'new' : 'message';
             $output .= $template->parse();
         }
     }
     $template = new \BackendTemplate('be_rss');
     $template->headline = $GLOBALS['TL_CONFIG']['be_rss_headline'];
     $template->items = $output;
     return $template->parse();
 }

 public function addSystemMessages()
 {
     $objUser = \BackendUser::getInstance();
     if ($GLOBALS['TL_CONFIG']['be_changelog_src'] == '') {
         return '';
     }
     $strFile = file_get_contents($GLOBALS['TL_CONFIG']['be_changelog_src']);
     if ($strFile == '') {
         return '';
     }
     $objJson = json_decode($strFile);
     $objTemplate = new \BackendTemplate('be_changelog');
     $objTemplate->strTitle = 'Changelog';
     $arrEntries = array();
     foreach ($objJson as $objEntry) {
         $objTemplateEntry = new \BackendTemplate('be_changelog_entry');
         $objTemplateEntry->strCssClass = $objUser->lastLogin > $objEntry->timestamp ? '' : ' tl_info';
         $objTemplateEntry->strDate = \Date::parse(\Config::get('datimFormat'), $objEntry->timestamp);
         $objTemplateEntry->strVersion = $objEntry->version;
         $objTemplateEntry->strEntries = '<li style="padding-bottom: 5px;">' . implode('</li><li style="padding-bottom: 5px;">', $objEntry->entries) . '</li>';
         $arrEntries[$objEntry->timestamp] = $objTemplateEntry->parse();
     }
     krsort($arrEntries);
     $objTemplate->strEntries = implode('', $arrEntries);
     return $objTemplate->parse();
 }

 /**
  * Initialize the object
  * @param string
  */
 public function __construct($strTable)
 {
     $this->import('Session');
     $this->intGroupId = (int) \Session::getInstance()->get('iso_products_gid');
     // Check if the group exists
     if ($this->intGroupId > 0) {
         $objGroup = \Isotope\Model\Group::findByPk($this->intGroupId);
         if (null === $objGroup) {
             if (\BackendUser::getInstance()->isAdmin || !is_array(\BackendUser::getInstance()->iso_groups)) {
                 $this->intGroupId = 0;
             } elseif (!\BackendUser::getInstance()->isAdmin) {
                 $this->intGroupId = (int) \Database::getInstance()->prepare("SELECT id FROM " . \Isotope\Model\Group::getTable() . " WHERE id IN ('" . implode("','", \BackendUser::getInstance()->iso_groups) . "') ORDER BY " . \Database::getInstance()->findInSet('id', \BackendUser::getInstance()->iso_groups))->limit(1)->execute()->id;
             }
         }
     }
     // Redirect if the product was not found
     if (isset($_GET['id'])) {
         $objProduct = \Database::getInstance()->prepare("SELECT id FROM " . $strTable . " WHERE id=?")->limit(1)->execute(\Input::get('id', true));
         if (!$objProduct->numRows) {
             \Controller::redirect(preg_replace('/(&)?id=[^&]*/i', '', \Environment::get('request')));
         }
     }
     $arrClipboard = $this->Session->get('CLIPBOARD');
     // Cut all records
     if ($arrClipboard[$strTable]['mode'] == 'cutAll' && \Input::get('act') != 'cutAll') {
         \Controller::redirect(\Backend::addToUrl('&act=cutAll'));
     }
     parent::__construct($strTable);
 }

 /**
  * Returns the encrypted password for a user by giving a email/password
  * Returns false if no user was found for this user/pass combination
  *
  * @param string $email The email.
  * @param string $password The password.
  * @return string
  */
 public static function getEncryptedPassword($email, $password)
 {
     $email = (string) $email;
     $password = (string) $password;
     // fetch user ID by email
     $userId = BackendUsersModel::getIdByEmail($email);
     // check if a user ID was found, return false if no user exists
     if ($userId === false) {
         return false;
     }
     // fetch user record
     $user = new BackendUser($userId);
     $key = $user->getSetting('password_key');
     // return the encrypted string
     return (string) self::getEncryptedString($password, $key);
 }

 public static function hasAccessToField($strTable, $strField)
 {
     if (($objUser = \BackendUser::getInstance()) === null || !is_array(\BackendUser::getInstance()->alexf)) {
         return false;
     }
     return $objUser->isAdmin || in_array($strTable . '::' . $strField, \BackendUser::getInstance()->alexf);
 }

    /**
     * Generate product filter buttons and return them as HTML
     * @return string
     */
    public static function generateFilterButtons()
    {
        if (\Input::get('id') > 0) {
            return '';
        }
        $session = \Session::getInstance()->getData();
        $intPage = $session['filter']['tl_iso_product']['iso_page'];
        $blnGroups = true;
        // Check permission
        if (!\BackendUser::getInstance()->isAdmin) {
            $groups = deserialize(\BackendUser::getInstance()->iso_groups);
            if (!is_array($groups) || empty($groups)) {
                $blnGroups = false;
            }
            // Allow to manage groups
            if (is_array(\BackendUser::getInstance()->iso_groupp) && !empty(\BackendUser::getInstance()->iso_groupp)) {
                $blnGroups = true;
            }
        }
        return '
<div class="tl_filter iso_filter tl_subpanel">
' . ($blnGroups ? '<input type="button" id="groupFilter" class="tl_submit' . (\Session::getInstance()->get('iso_products_gid') ? ' active' : '') . '" onclick="Backend.getScrollOffset();Isotope.openModalGroupSelector({\'width\':765,\'title\':\'' . specialchars($GLOBALS['TL_LANG']['tl_iso_product']['product_groups'][0]) . '\',\'url\':\'system/modules/isotope/group.php?do=' . \Input::get('do') . '&amp;table=' . \Isotope\Model\Group::getTable() . '&amp;field=gid&amp;value=' . \Session::getInstance()->get('iso_products_gid') . '\',\'action\':\'filterGroups\'});return false" value="' . specialchars($GLOBALS['TL_LANG']['MSC']['filterByGroups']) . '">' : '') . '
<input type="button" id="pageFilter" class="tl_submit' . ($intPage > 0 ? ' active' : '') . '" onclick="Backend.getScrollOffset();Isotope.openModalPageSelector({\'width\':765,\'title\':\'' . specialchars($GLOBALS['TL_LANG']['MOD']['page'][0]) . '\',\'url\':\'contao/page.php?do=' . \Input::get('do') . '&amp;table=tl_iso_product_category&amp;field=page_id&amp;value=' . $intPage . '\',\'action\':\'filterPages\'});return false" value="' . specialchars($GLOBALS['TL_LANG']['MSC']['filterByPages']) . '">
</div>';
    }

 /**
  * Check permissions to edit table.
  */
 public function checkPermission()
 {
     if (!\BackendUser::getInstance()->isAdmin) {
         \System::log('Not enough permissions to access leads export ID "' . \Input::get('id') . '"', __METHOD__, TL_ERROR);
         \Controller::redirect('contao/main.php?act=error');
     }
 }

 public function compressSingleImage(\DataContainer $dc)
 {
     $objUser = \BackendUser::getInstance();
     if (!$objUser->hasAccess('f5', 'fop')) {
         $url = $this->Environment->base . '/contao/main.php?do=files';
         $this->redirect($url);
     }
     $strDecoded = rawurldecode($_GET['id']);
     if (is_dir(TL_ROOT . '/' . $strDecoded)) {
         $url = $this->Environment->base . '/contao/main.php?do=files';
         $this->redirect($url);
     }
     $objFile = new \File($strDecoded, true);
     $compressableFiles = array('jpg', 'jpeg', 'png');
     if (in_array($objFile->extension, $compressableFiles)) {
         if (isset($GLOBALS['TL_CONFIG']['krakenIo_enable']) && $GLOBALS['TL_CONFIG']['krakenIo_enable'] == true) {
             if (isset($GLOBALS['TL_CONFIG']['krakenIo_apiKey']) && isset($GLOBALS['TL_CONFIG']['krakenIo_apiSecret'])) {
                 $krakenIoApi = new KrakenIoApi($GLOBALS['TL_CONFIG']['krakenIo_apiKey'], $GLOBALS['TL_CONFIG']['krakenIo_apiSecret']);
                 $params = array('file' => TL_ROOT . '/' . $_GET['id'], 'wait' => true);
                 if (isset($GLOBALS['TL_CONFIG']['krakenIo_enable']) && $GLOBALS['TL_CONFIG']['krakenIo_enable'] == true) {
                     $params['lossy'] = true;
                 }
                 $krakenIoApiResponse = $krakenIoApi->upload($params);
                 $this->parseKrakenIoResponse($krakenIoApiResponse, $_GET['id']);
             } else {
                 \System::log($GLOBALS['TL_LANG']['ERR']['krakenIo_404'], 'krakenIoInterface parseKrakenIoResponse()', TL_ERROR);
             }
         }
     }
     $url = $this->Environment->base . '/contao/main.php?do=files';
     $this->redirect($url);
 }

 public function executePostActionsHook($strAction, \DataContainer $dc)
 {
     if ($strAction !== static::$uploadAction) {
         return false;
     }
     // Check whether the field is allowed for regular users
     if (!isset($GLOBALS['TL_DCA'][$dc->table]['fields'][\Input::post('field')]) || $GLOBALS['TL_DCA'][$dc->table]['fields'][\Input::post('field')]['exclude'] && !\BackendUser::getInstance()->hasAccess($dc->table . '::' . \Input::post('field'), 'alexf')) {
         \System::log('Field "' . \Input::post('field') . '" is not an allowed selector field (possible SQL injection attempt)', __METHOD__, TL_ERROR);
         $objResponse = new ResponseError();
         $objResponse->setMessage('Bad Request');
         $objResponse->output();
     }
     $this->name = \Input::post('field');
     $this->id = \Input::post('field');
     $this->field = \Input::post('field');
     if ($dc->activeRecord === null) {
         $dc->activeRecord = General::getModelInstance($dc->table, $dc->id);
     }
     // add dca attributes
     $this->addAttributes(\Widget::getAttributesFromDca($GLOBALS['TL_DCA'][$dc->table]['fields'][$this->name], $this->name));
     $objResponse = $this->upload();
     /** @var Response */
     if ($objResponse instanceof Response) {
         $objResponse->output();
     }
 }

 public function addBackendAdminMenu($strBuffer, $strTemplate)
 {
     if ($strTemplate != 'be_main' || !\BackendUser::getInstance()->isAdmin) {
         return $strBuffer;
     }
     // replace the scripts before processing -> https://code.google.com/archive/p/phpquery/issues/212
     $arrScripts = StringUtil::replaceScripts($strBuffer);
     $objDoc = \phpQuery::newDocumentHTML($arrScripts['content']);
     $objMenu = new BackendTemplate($this->strTemplate);
     $arrActions = array();
     $arrActiveActions = deserialize(\Config::get('backendAdminMenuActiveActions'), true);
     foreach (empty($arrActiveActions) ? array_keys(\Config::get('backendAdminMenuActions')) : $arrActiveActions as $strAction) {
         $arrActionData = $GLOBALS['TL_CONFIG']['backendAdminMenuActions'][$strAction];
         $objAction = new BackendTemplate($this->strEntryTemplate);
         $objAction->setData($arrActionData);
         // href = callback?
         if (is_array($arrActionData['href']) || is_callable($arrActionData['href'])) {
             $strClass = $arrActionData['href'][0];
             $strMethod = $arrActionData['href'][1];
             $objInstance = \Controller::importStatic($strClass);
             $objAction->href = $objInstance->{$strMethod}();
         }
         $objAction->class = $strAction;
         $arrActions[] = $objAction->parse();
     }
     $objMenu->actions = $arrActions;
     $objDoc['#tmenu']->prepend($objMenu->parse());
     $strBuffer = StringUtil::unreplaceScripts($objDoc->htmlOuter(), $arrScripts['scripts']);
     // avoid double escapings introduced by phpquery :-(
     $strBuffer = preg_replace('@&([^;]{2,4};)@i', '&$1', $strBuffer);
     return $strBuffer;
 }