当前位置: 首页>>代码示例>>PHP>>正文


PHP cmsFramework::formIntegrityToken方法代码示例

本文整理汇总了PHP中cmsFramework::formIntegrityToken方法的典型用法代码示例。如果您正苦于以下问题:PHP cmsFramework::formIntegrityToken方法的具体用法?PHP cmsFramework::formIntegrityToken怎么用?PHP cmsFramework::formIntegrityToken使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在cmsFramework的用法示例。


在下文中一共展示了cmsFramework::formIntegrityToken方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: requestAction

 /**
  * Calls a controller's method from any location.
  *
  * @param string $url URL in the form of Cake URL ("/controller/method/parameter")
  * @param array $extra if array includes the key "return" it sets the AutoRender to true.
  * @return mixed Success (true/false) or contents if 'return' is set in $extra
  * @access public
  */
 function requestAction($url, $extra = array())
 {
     $app = Sanitize::getString($extra, 'app', 'jreviews');
     unset($extra['app']);
     if (empty($url)) {
         return false;
     }
     if (!class_exists('S2Dispatcher')) {
         require S2_FRAMEWORK . DS . 'dispatcher.php';
     }
     if (in_array('return', $extra, true)) {
         $extra = array_merge($extra, array('return' => 0, 'autoRender' => 1));
     }
     $params = array_merge(array('token' => cmsFramework::formIntegrityToken($extra, array('module', 'module_id', 'form', 'data'), false), 'autoRender' => 0, 'return' => 1, 'bare' => 1, 'requested' => 1), $extra);
     $disable404 = true;
     $dispatcher = new S2Dispatcher($app, null, $disable404);
     return $dispatcher->dispatch($url, $params);
 }
开发者ID:atikahmed,项目名称:joomla-probid,代码行数:26,代码来源:object.php

示例2: listings

 function listings()
 {
     // Initialize variables
     $id = Sanitize::getInt($this->params, 'id');
     $option = Sanitize::getString($this->params, 'option');
     $view = Sanitize::getString($this->params, 'view');
     $menu_id = Sanitize::getString($this->params, 'Itemid');
     // Read params
     $cat_id = '';
     $criteria_ids = '';
     $in_detail_view = false;
     $detail_view = 1;
     $dir_id = Sanitize::getString($this->params, 'dir');
     $section_id = Sanitize::getString($this->params, 'section');
     $cat_id = Sanitize::getString($this->params, 'cat');
     $extension = 'com_content';
     $custom_where = null;
     $custom_fields = array();
     $click2search_auto = false;
     $cache = 0;
     $radius = 0;
     $mode = 0;
     if (isset($this->params['module'])) {
         // Read module parameters
         $click2search_auto = Sanitize::getBool($this->params['module'], 'click2search_auto', false);
         $custom_where = Sanitize::getString($this->params['module'], 'custom_where');
         $filter = Sanitize::getString($this->params['module'], 'filter');
         $detail_view = Sanitize::getString($this->params['module'], 'detail_view', 1);
         $dir_id = Sanitize::getString($this->params['module'], 'dir');
         $section_id = Sanitize::getString($this->params['module'], 'section');
         $cat_id = Sanitize::getString($this->params['module'], 'category');
         $listing_id = Sanitize::getString($this->params['module'], 'listing');
         $criteria_ids = Sanitize::getString($this->params['module'], 'criteria');
         $limit_results = Sanitize::getInt($this->params['module'], 'limit_results');
         $mode = Sanitize::getInt($this->params['module'], 'mode', 0);
         $custom_fields = str_replace(" ", "", Sanitize::getString($this->Config, 'geomaps.infowindow_fields'));
         $custom_fields = $custom_fields != '' ? explode(",", $custom_fields) : array();
         /**
          * 0 - Normal
          * 1 - GeoTargeting
          * 2 - Custom center and zoom
          */
         $radius = Sanitize::getInt($this->params['module'], 'radius');
         $cache = $mode == 1 ? 0 : Sanitize::getInt($this->params['module'], 'cache_map');
         $custom_lat = Sanitize::getFloat($this->params['module'], 'custom_lat');
         $custom_lon = Sanitize::getFloat($this->params['module'], 'custom_lon');
         if ($mode == 2 && ($custom_lat == 0 || $custom_lon == 0)) {
             echo __t("You selected the Custom Center mode, but did not specify the coordinates.");
             return;
         }
     }
     # Prevent sql injection
     $token = Sanitize::getString($this->params, 'token');
     $tokenMatch = 0 === strcmp($token, cmsFramework::formIntegrityToken($this->params, array('module', 'module_id', 'form', 'data'), false));
     $filters = $listing_id != '' || $dir_id != '' || $section_id != '' || $cat_id != '';
     if (!$filters && $id > 0 && 'article' == $view && 'com_content' == $option) {
         $sql = "SELECT catid FROM #__content WHERE id = " . $id;
         $this->_db->setQuery($sql);
         $cat_id_host_page = $this->_db->loadResult();
         if (!empty($cat_id_host_page) && $this->Category->isJreviewsCategory($cat_id_host_page)) {
             $in_detail_view = true;
             $cat_id = $cat_id_host_page;
         }
     }
     $detail_view = $this->params['module']['detail_view'] = (int) ($detail_view && $in_detail_view);
     # Custom WHERE
     $tokenMatch and $custom_where and $conditions[] = $custom_where;
     if ($click2search_auto && isset($this->params['tag'])) {
         $field = 'jr_' . Sanitize::getString($this->params['tag'], 'field');
         $value = Sanitize::getString($this->params['tag'], 'value');
         $query = "SELECT Field.type FROM #__jreviews_fields AS Field WHERE Field.name = " . $this->quote($field);
         $this->_db->setQuery($query);
         $type = $this->_db->loadResult();
         if (in_array($type, array('select', 'selectmultiple', 'checkboxes', 'radiobuttons'))) {
             $conditions[] = "Field.{$field} LIKE " . $this->quoteLike('*' . $value . '*');
         } else {
             $conditions[] = "Field.{$field} = " . $this->quote($value);
         }
     }
     # Category auto detect
     if (isset($this->params['module']) && Sanitize::getInt($this->params['module'], 'cat_auto') && $extension == 'com_content') {
         $ids = CommonController::_discoverIDs($this);
         extract($ids);
     }
     $autodetect = compact('dir_id', 'section_id', 'cat_id');
     // Check for cached version if cache enabled
     if ($cache) {
         $params = array();
         foreach ($this->params as $key => $value) {
             if ((!is_array($value) || $key == 'module') && !in_array($key, array('page', 'limit', 'order', 'Itemid'))) {
                 $params[$key] = $value;
             }
         }
         $cache_key = array_merge($params, $autodetect, Sanitize::getVar($this->params, 'tag', array()));
         $json_filename = 'geomaps_' . md5(serialize($cache_key)) . '.json';
         $json_data = S2Cache::read($json_filename);
         if ($json_data && $json_data != '') {
             $this->set('json_data', $json_data);
             S2Cache::write($json_filename, $json_data);
             return $this->render('modules', 'geomaps');
//.........这里部分代码省略.........
开发者ID:atikahmed,项目名称:joomla-probid,代码行数:101,代码来源:module_geomaps_controller.php

示例3: _saveEdit

 function _saveEdit()
 {
     $this->autoRender = false;
     $this->autoLayout = false;
     $this->Discussion->isNew = false;
     $response = array();
     # Load the notifications observer model component and initialize it.
     # Done here so it only loads on save and not for all controlller actions.
     $this->components = array('security');
     $this->__initComponents();
     # Validate form token
     if ($this->invalidToken) {
         return $this->ajaxError(s2Messages::invalidToken());
     }
     $post_id = Sanitize::getInt($this->data['Discussion'], 'discussion_id');
     $isNew = (bool) (!$post_id);
     if ($isNew && !$this->Access->canAddPost()) {
         return $this->ajaxError(s2Messages::accessDenied());
     } elseif (!$isNew) {
         # Stop form data tampering
         $owner_id = $this->Discussion->getPostOwner($post_id);
         $formToken = cmsFramework::formIntegrityToken($this->data['Discussion'], $this->formTokenKeys, false);
         if (!$this->Access->canEditPost($owner_id) || !$this->__validateToken($formToken)) {
             return $this->ajaxError(s2Messages::accessDenied());
         }
     }
     $text = str_replace("\n", "<br />", htmlspecialchars($this->data['Discussion']['text'], ENT_QUOTES));
     $this->data['Discussion']['modified'] = date('Y-m-d H:i:s');
     $this->data['Discussion']['approved'] = 1;
     if ($this->Discussion->store($this->data)) {
         $update_text = __t("Your comment has been updated.", true);
         $response[] = "jQuery('#jr_post{$post_id}').hide('fast');";
         $response[] = "jQuery('#jr_post{$post_id} .jr_comments').html('{$text}');";
         $response[] = "jQuery('#jr_post{$post_id}').slideDown(1000);";
         return $this->ajaxUpdatePage('jr_post' . $post_id, $update_text, '', compact('response'));
     }
     return $this->ajaxError(__t("There was an error saving the comment.", true, true));
 }
开发者ID:atikahmed,项目名称:joomla-probid,代码行数:38,代码来源:discussions_controller.php

示例4: defined

<?php

/**
 * jReviews - Reviews Extension
 * Copyright (C) 2006 ClickFWD LLC
 * This is not free software, do not distribute it.
 * For licencing information visit http://www.reviewsforjoomla.com
 * or contact sales@reviewsforjoomla.com
**/
defined('_VALID_MOS') || defined('_JEXEC') or die('Direct Access to this location is not allowed.');
# MVC initalization script
require JPATH_SITE . DS . 'components' . DS . 'com_jreviews' . DS . 'jreviews' . DS . 'framework.php';
# Populate $params array with module settings
$module_params = isset($params->_raw) ? stringToArray($params->_raw) : $params->toArray();
$moduleParams['module'] = $module_params;
$moduleParams['module_id'] = $module->id;
$moduleParams['page'] = 1;
$moduleParams['data']['module'] = true;
$moduleParams['data']['controller'] = 'module_totals';
$moduleParams['data']['action'] = 'index';
$moduleParams['token'] = cmsFramework::formIntegrityToken($moduleParams, array('module', 'module_id', 'form', 'data'), false);
$Dispatcher = new S2Dispatcher('jreviews');
echo $Dispatcher->dispatch($moduleParams);
unset($Dispatcher);
开发者ID:atikahmed,项目名称:joomla-probid,代码行数:24,代码来源:totals.php

示例5: index

 function index()
 {
     /*        if($this->_user->id === 0) 
             {
                 $this->cacheAction = Configure::read('Cache.expires');        
             }*/
     // Required for ajax pagination to remember module settings
     $ids = $conditions = $joins = $order = $having = array();
     $module_id = Sanitize::getInt($this->params, 'module_id', Sanitize::getInt($this->data, 'module_id'));
     if (!isset($this->params['module'])) {
         $this->params['module'] = array();
     }
     // For direct calls to the controller
     # Find the correct set of params to use
     if ($this->ajaxRequest && Sanitize::getInt($this->params, 'listing_id')) {
         $this->params['module'] = array_merge($this->params['module'], $this->__processListingTypeWidgets($conditions));
     } elseif ($this->ajaxRequest && empty($this->params['module']) && $module_id) {
         $query = "SELECT params FROM #__modules WHERE id = " . $module_id;
         $this->_db->setQuery($query);
         $this->params['module'] = stringToArray($this->_db->loadResult());
     }
     if ($this->abort) {
         return $this->ajaxResponse('', false);
     }
     # Read module parameters
     $dir_id = Sanitize::getString($this->params['module'], 'dir');
     $section_id = Sanitize::getString($this->params['module'], 'section');
     $cat_id = Sanitize::getString($this->params['module'], 'category');
     $listing_id = Sanitize::getString($this->params['module'], 'listing');
     $created_by = Sanitize::getString($this->params['module'], 'owner');
     $criteria_id = Sanitize::getString($this->params['module'], 'criteria');
     $limit = Sanitize::getInt($this->params['module'], 'module_limit', 5);
     $total = min(50, Sanitize::getInt($this->params['module'], 'module_total', 10));
     $extension = Sanitize::getString($this->params['module'], 'extension');
     $extension = $extension != '' ? $extension : 'com_content';
     $sort = Sanitize::getString($this->params['module'], 'listing_order');
     if (in_array($sort, array('random', 'featuredrandom'))) {
         srand((double) microtime() * 1000000);
         $this->params['rand'] = rand();
     }
     # Prevent sql injection
     $token = Sanitize::getString($this->params, 'token');
     $tokenMatch = 0 === strcmp($token, cmsFramework::formIntegrityToken($this->params, array('module', 'module_id', 'form', 'data'), false));
     isset($this->params['module']) and $this->viewSuffix = Sanitize::getString($this->params['module'], 'tmpl_suffix');
     if (isset($this->Listing)) {
         $this->Listing->_user = $this->_user;
         // This parameter determines the module mode
         $custom_order = Sanitize::getString($this->params['module'], 'custom_order');
         $custom_where = Sanitize::getString($this->params['module'], 'custom_where');
         if ($extension != 'com_content' && in_array($sort, array('topratededitor', 'featuredrandom', 'rhits'))) {
             echo "You have selected the {$sort} mode which is not supported for components other than com_content. Please read the tooltips in the module parameters for more info on allowed settings.";
             return;
         }
         # Category auto detect
         if (Sanitize::getInt($this->params['module'], 'cat_auto') && $extension == 'com_content') {
             $ids = CommonController::_discoverIDs($this);
             extract($ids);
         }
         # Set conditionals based on configuration parameters
         if ($extension == 'com_content') {
             // Perform tag replacement for listing_id to allow for related listing queries
             if (Sanitize::getString($this->params, 'view') == 'article' && $custom_where != '') {
                 $curr_listing_id = Sanitize::getInt($this->params, 'id');
                 $custom_where = str_replace('{listing_id}', $curr_listing_id, $custom_where);
             }
             // Only works for core articles
             $conditions = array_merge($conditions, array('Listing.state = 1', '( Listing.publish_up = "' . NULL_DATE . '" OR DATE(Listing.publish_up) <= DATE("' . _CURRENT_SERVER_TIME . '") )', '( Listing.publish_down = "' . NULL_DATE . '" OR DATE(Listing.publish_down) >= DATE("' . _CURRENT_SERVER_TIME . '") )'));
             if ($this->cmsVersion == CMS_JOOMLA15) {
                 //                    $conditions[] = 'Section.access <= ' . $this->Access->getAccessId();
                 $conditions[] = 'Category.access <= ' . $this->Access->getAccessId();
                 $conditions[] = 'Listing.access <= ' . $this->Access->getAccessId();
             } else {
                 $conditions[] = 'Category.access IN (' . $this->Access->getAccessLevels() . ')';
                 $conditions[] = 'Listing.access IN (' . $this->Access->getAccessLevels() . ')';
             }
             // Remove unnecessary fields from model query
             $this->Listing->modelUnbind(array('Listing.fulltext AS `Listing.description`', 'Listing.metakey AS `Listing.metakey`', 'Listing.metadesc AS `Listing.metadesc`', 'User.email AS `User.email`'));
             if (!empty($cat_id)) {
                 $conditions[] = $this->cmsVersion == CMS_JOOMLA15 ? 'Listing.catid IN (' . cleanIntegerCommaList($cat_id) . ')' : 'ParentCategory.id IN (' . cleanIntegerCommaList($cat_id) . ')';
             } else {
                 unset($this->Listing->joins['ParentCategory']);
             }
             empty($cat_id) and !empty($section_id) and $conditions[] = 'Listing.sectionid IN (' . cleanIntegerCommaList($section_id) . ')';
             empty($cat_id) and !empty($dir_id) and $conditions[] = 'JreviewsCategory.dirid IN (' . cleanIntegerCommaList($dir_id) . ')';
             empty($cat_id) and !empty($criteria_id) and $conditions[] = 'JreviewsCategory.criteriaid IN (' . cleanIntegerCommaList($criteria_id) . ')';
         } else {
             if (Sanitize::getInt($this->params['module'], 'cat_auto') && method_exists($this->Listing, 'catUrlParam')) {
                 if ($cat_id = Sanitize::getInt($this->passedArgs, $this->Listing->catUrlParam())) {
                     $conditions[] = 'JreviewsCategory.id IN (' . cleanIntegerCommaList($cat_id) . ')';
                 }
             } elseif ($cat_id) {
                 $conditions[] = 'JreviewsCategory.id IN (' . cleanIntegerCommaList($cat_id) . ')';
             }
         }
         $listing_id and $conditions[] = "Listing.{$this->Listing->realKey} IN (" . cleanIntegerCommaList($listing_id) . ")";
         switch ($sort) {
             case 'random':
                 $order[] = 'RAND(' . $this->params['rand'] . ')';
                 break;
             case 'featured':
//.........这里部分代码省略.........
开发者ID:atikahmed,项目名称:joomla-probid,代码行数:101,代码来源:module_listings_controller.php

示例6: _save

 function _save()
 {
     $this->autoRender = false;
     $this->autoLayout = false;
     $response = array();
     # Done here so it only loads on save and not for all controlller actions.
     $this->components = array('security', 'notifications');
     $this->__initComponents();
     # Validate form token
     if ($this->invalidToken) {
         return $this->ajaxError(s2Messages::invalidToken());
     }
     $selected = '';
     $msg = '';
     $msgAlert = '';
     $msgTags = array();
     # Clean formValues
     $review_id = Sanitize::getInt($this->data['Review'], 'id', 0);
     $this->data['Review']['pid'] = $pid = Sanitize::getInt($this->data['Review'], 'pid', 0);
     if ($review_id == 0) {
         $isNew = $this->Review->isNew = true;
     } else {
         $isNew = $this->Review->isNew = false;
         $this->action = '_edit';
     }
     $this->data['Criteria']['id'] = Sanitize::getInt($this->data['Criteria'], 'id', 0);
     $this->data['Criteria']['state'] = Sanitize::getInt($this->data['Criteria'], 'state', 0);
     $this->data['Review']['pid'] = Sanitize::getInt($this->data['Review'], 'pid');
     $this->data['Review']['email'] = Sanitize::html($this->data['Review'], 'email', '', true);
     $this->data['Review']['title'] = Sanitize::html($this->data['Review'], 'title', '', true);
     $this->data['Review']['comments'] = Sanitize::html($this->data['Review'], 'comments', '', true);
     $this->data['Review']['mode'] = Sanitize::html($this->data['Review'], 'mode', 'com_content', true);
     # Override configuration
     $listing_type = $this->Criteria->findRow(array('conditions' => array('Criteria.id = ' . $this->data['Criteria']['id'])));
     isset($listing_type['ListingType']) and $this->Config->override($listing_type['ListingType']['config']);
     if ($isNew || !$isNew && !$this->Access->isManager()) {
         $this->data['Review']['name'] = $this->data['Review']['username'] = Sanitize::html($this->data['Review'], 'name', '', true);
     }
     // Check if user allowed to post new review
     if ($isNew) {
         if (method_exists($this->Listing, 'getListingOwner')) {
             $owner = $this->Listing->getListingOwner($this->data['Review']['pid']);
             if (!$this->Access->canAddReview($owner['user_id'])) {
                 return $this->ajaxUpdatePage('jr_review0Form', __t("You are not allowed to review your own listing.", true));
             }
         }
         // Get reviewer type, for now editor reviews don't work in Everywhere components
         $this->data['Review']['author'] = $this->data['Review']['mode'] != 'com_content' ? 0 : (int) $this->Access->isJreviewsEditor($this->_user->id);
     } else {
         $currentReview = $this->Review->findRow(array('conditions' => array('Review.id = ' . $review_id)), array());
         # Stop form data tampering
         $formData = $this->data['Review'] + array('criteria_id' => Sanitize::getInt($this->data['Criteria'], 'id'));
         $formToken = cmsFramework::formIntegrityToken($formData, array_keys($this->formTokenKeys), false);
         if (!$this->Access->canEditReview($currentReview['User']['user_id']) || !$this->__validateToken($formToken)) {
             return $this->ajaxError(s2Messages::accessDenied());
         }
         $this->data['Review']['author'] = $currentReview['Review']['editor'];
     }
     # If we are in multiple editor review mode, and this editor has already posted an editor review,
     # he is not allowed to post any kind of review.
     # if we are in single-editor-review mode, his review will become a user review.
     if ($isNew && $this->data['Review']['mode'] == 'com_content' && $this->data['Review']['author']) {
         if ($this->Review->findCount(array('conditions' => array('Review.pid = ' . $this->data['Review']['pid'], 'Review.author = 1', "Review.mode = '" . $this->data['Review']['mode'] . "'", $this->Config->author_review == 2 ? 'Review.userid = ' . $this->_user->id : '1 = 1')))) {
             if ($this->Config->author_review == 2) {
                 return $this->ajaxUpdatePage('jr_review0Form', __t("You already submitted a review.", true));
             } else {
                 $this->data['Review']['author'] = 0;
             }
         }
     }
     # check for duplicate reviews
     $is_jr_editor = $this->Access->isJreviewsEditor($this->_user->id);
     $is_duplicate = false;
     // It's a guest so we only care about checking the IP address if this feature is not disabled and
     // server is not localhost
     if (!$this->_user->id) {
         if (!$this->Config->review_ipcheck_disable && $this->ipaddress != '127.0.0.1') {
             // Do the ip address check everywhere except in localhost
             $is_duplicate = (bool) $this->Review->findCount(array('conditions' => array('Review.pid = ' . $this->data['Review']['pid'], "Review.ipaddress = '{$this->ipaddress}'", "Review.mode = '{$this->data['Review']['mode']}'", "Review.published >= 0")));
         }
     } elseif (!$is_jr_editor && !$this->Config->user_multiple_reviews || $is_jr_editor && $this->Config->author_review == 2) {
         $is_duplicate = (bool) $this->Review->findCount(array('conditions' => array('Review.pid = ' . $this->data['Review']['pid'], "(Review.userid = {$this->_user->id}" . ($this->ipaddress != '127.0.0.1' && !$this->Config->review_ipcheck_disable && !$is_jr_editor ? " OR Review.ipaddress = '{$this->ipaddress}') " : ')'), "Review.mode = '{$this->data['Review']['mode']}'", "Review.published >= 0")));
     }
     if ($isNew && $is_duplicate) {
         return $this->ajaxUpdatePage('jr_review0Form', __t("You already submitted a review.", true));
     }
     # Validate standard fields
     $this->Review->validateInput($this->data['Review']['name'], "name", "text", __t("You must fill in your name.", true), !$this->_user->id && ($this->Config->reviewform_name == 'required' ? true : false));
     $this->Review->validateInput($this->data['Review']['email'], "email", "email", __t("You must fill in a valid email address.", true), ($this->Config->reviewform_email == 'required' ? true : false) && !$this->_user->id && $isNew);
     $this->Review->validateInput($this->data['Review']['title'], "title", "text", __t("You must fill in a title for the review.", true), $this->Config->reviewform_title == 'required' ? true : false);
     if ($listing_type['Criteria']['state'] == 1) {
         # Validate rating fields
         $criteria_qty = $listing_type['Criteria']['quantity'];
         $ratingErr = 0;
         if (!isset($this->data['Rating'])) {
             $ratingErr = $criteria_qty;
         } else {
             for ($i = 0; $i < $criteria_qty; $i++) {
                 if (!isset($this->data['Rating']['ratings'][$i]) || (empty($this->data['Rating']['ratings'][$i]) || $this->data['Rating']['ratings'][$i] == 'undefined' || (double) $this->data['Rating']['ratings'][$i] > $this->Config->rating_scale)) {
                     $ratingErr++;
//.........这里部分代码省略.........
开发者ID:atikahmed,项目名称:joomla-probid,代码行数:101,代码来源:reviews_controller.php

示例7: index

 function index()
 {
     /*        if($this->_user->id === 0) 
             {
                 $this->cacheAction = Configure::read('Cache.expires');        
             }   */
     $this->EverywhereAfterFind = true;
     // Triggers the afterFind in the Observer Model
     if (!isset($this->params['module'])) {
         $this->params['module'] = array();
     }
     // For direct calls to the controller
     $module_id = Sanitize::getInt($this->params, 'module_id', Sanitize::getInt($this->data, 'module_id'));
     if (empty($this->params)) {
         $query = "SELECT params FROM #__modules WHERE id = " . $module_id;
         $this->_db->setQuery($query);
         $this->params['module'] = stringToArray($this->_db->loadResult());
     }
     $ids = $conditions = $joins = $order = array();
     # Read module parameters
     $extension = Sanitize::getString($this->params['module'], 'extension');
     $reviews_type = Sanitize::getString($this->params['module'], 'reviews_type');
     $custom_where = Sanitize::getString($this->params['module'], 'custom_where');
     $cat_id = Sanitize::getString($this->params['module'], 'category');
     $listing_id = Sanitize::getString($this->params['module'], 'listing');
     $limit = Sanitize::getInt($this->params['module'], 'module_limit', 5);
     $total = min(50, Sanitize::getInt($this->params['module'], 'module_total', 10));
     if ($extension == 'com_content') {
         $dir_id = Sanitize::getString($this->params['module'], 'dir');
         $section_id = Sanitize::getString($this->params['module'], 'section');
         $criteria_id = Sanitize::getString($this->params['module'], 'criteria');
     } else {
         $dir_id = null;
         $section_id = null;
         $criteria_id = null;
     }
     # Prevent sql injection
     $token = Sanitize::getString($this->params, 'token');
     $tokenMatch = 0 === strcmp($token, cmsFramework::formIntegrityToken($this->params, array('module', 'module_id', 'form', 'data'), false));
     isset($this->params['module']) and $this->viewSuffix = Sanitize::getString($this->params['module'], 'tmpl_suffix');
     // This parameter determines the module mode
     $sort = Sanitize::getString($this->params['module'], 'reviews_order');
     if (in_array($sort, array('random'))) {
         srand((double) microtime() * 1000000);
         $this->params['rand'] = rand();
     }
     # Category auto detect
     if (Sanitize::getInt($this->params['module'], 'cat_auto') && $extension == 'com_content') {
         $ids = CommonController::_discoverIDs($this);
         extract($ids);
     }
     $extension != '' and $conditions[] = "Review.mode = " . $this->quote($extension);
     # Set conditionals based on configuration parameters
     if ($extension == 'com_content') {
         $conditions = array_merge($conditions, array('Listing.state = 1', '( Listing.publish_up = "' . NULL_DATE . '" OR DATE(Listing.publish_up) <= DATE("' . _CURRENT_SERVER_TIME . '") )', '( Listing.publish_down = "' . NULL_DATE . '" OR DATE(Listing.publish_down) >= DATE("' . _CURRENT_SERVER_TIME . '") )'));
         if ($this->cmsVersion == CMS_JOOMLA15) {
             //                $conditions[] = 'Section.access <= ' . $this->Access->getAccessId();
             $conditions[] = 'Category.access <= ' . $this->Access->getAccessId();
             $conditions[] = 'Listing.access <= ' . $this->Access->getAccessId();
         } else {
             $conditions[] = 'Category.access IN (' . $this->Access->getAccessLevels() . ')';
             $conditions[] = 'Listing.access IN ( ' . $this->Access->getAccessLevels() . ')';
         }
         if (!empty($cat_id)) {
             if ($this->cmsVersion == CMS_JOOMLA15) {
                 $conditions[] = 'Listing.catid IN (' . cleanIntegerCommaList($cat_id) . ')';
             } else {
                 $this->Review->joins['ParentCategory'] = "LEFT JOIN #__categories AS ParentCategory ON Category.lft BETWEEN ParentCategory.lft AND ParentCategory.rgt";
                 $conditions[] = 'ParentCategory.id IN (' . cleanIntegerCommaList($cat_id) . ')';
             }
         }
         empty($cat_id) and !empty($section_id) and $conditions[] = 'Listing.sectionid IN (' . cleanIntegerCommaList($section_id) . ')';
         empty($cat_id) and !empty($dir_id) and $conditions[] = 'JreviewsCategory.dirid IN (' . cleanIntegerCommaList($dir_id) . ')';
         empty($cat_id) and !empty($criteria_id) and $conditions[] = 'JreviewsCategory.criteriaid IN (' . cleanIntegerCommaList($criteria_id) . ')';
     } else {
         if (Sanitize::getInt($this->params['module'], 'cat_auto') && isset($this->Listing) && method_exists($this->Listing, 'catUrlParam')) {
             if ($cat_id = Sanitize::getInt($this->passedArgs, $this->Listing->catUrlParam())) {
                 $conditions[] = 'JreviewsCategory.id IN (' . $cat_id . ')';
             }
         } elseif ($cat_id) {
             $conditions[] = 'JreviewsCategory.id IN (' . cleanIntegerCommaList($cat_id) . ')';
         }
     }
     $listing_id and $conditions[] = "Review.pid IN ( " . cleanIntegerCommaList($listing_id) . ")";
     $conditions[] = 'Review.published > 0';
     switch ($sort) {
         case 'latest':
             $order[] = $this->Review->processSorting('rdate');
             break;
         case 'helpful':
             $order[] = $this->Review->processSorting('helpful');
             break;
         case 'random':
             $order[] = 'RAND(' . $this->params['rand'] . ')';
             break;
         default:
             $order[] = $this->Review->processSorting('rdate');
             break;
     }
     switch ($reviews_type) {
//.........这里部分代码省略.........
开发者ID:atikahmed,项目名称:joomla-probid,代码行数:101,代码来源:module_reviews_controller.php

示例8: index

 function index()
 {
     $this->EverywhereAfterFind = true;
     // Triggers the afterFind in the Observer Model
     if (!isset($this->params['module'])) {
         $this->params['module'] = array();
     }
     // For direct calls to the controller
     // Required for ajax pagination to remember module settings
     $Session = RegisterClass::getInstance('MvcSession');
     $module_id = Sanitize::getInt($this->params, 'module_id', Sanitize::getInt($this->data, 'module_id'));
     if ($this->ajaxRequest) {
         $this->params = $Session->get('module_params' . $module_id, null, S2Paths::get('jreviews', 'S2_CMSCOMP'));
     } else {
         srand((double) microtime() * 1000000);
         $this->params['rand'] = rand();
         $Session->set('module_rand' . $module_id, $this->params['rand'], S2Paths::get('jreviews', 'S2_CMSCOMP'));
         $Session->set('module_params' . $module_id, $this->params, S2Paths::get('jreviews', 'S2_CMSCOMP'));
     }
     # Prevent sql injection
     $token = Sanitize::getString($this->params, 'token');
     $tokenMatch = 0 === strcmp($token, cmsFramework::formIntegrityToken($this->params, array('module', 'module_id', 'form', 'data'), false));
     $this->viewSuffix = Sanitize::getString($this->params['module'], 'tmpl_suffix');
     $conditions = array();
     $joins = array();
     $order = array();
     # Read module parameters
     $extension = Sanitize::getString($this->params['module'], 'extension');
     $reviews_type = Sanitize::getString($this->params['module'], 'reviews_type');
     $custom_where = Sanitize::getString($this->params['module'], 'custom_where');
     $cat_id = Sanitize::getString($this->params['module'], 'category');
     $listing_id = Sanitize::getString($this->params['module'], 'listing');
     if ($extension == 'com_content') {
         $dir_id = Sanitize::getString($this->params['module'], 'dir');
         $section_id = Sanitize::getString($this->params['module'], 'section');
         $criteria_id = Sanitize::getString($this->params['module'], 'criteria');
     } else {
         $dir_id = null;
         $section_id = null;
         $criteria_id = null;
     }
     // This parameter determines the module mode
     $sort = Sanitize::getString($this->params['module'], 'reviews_order');
     # Category auto detect
     if (Sanitize::getInt($this->params['module'], 'cat_auto') && $extension == 'com_content') {
         $ids = CommonController::_discoverIDs($this);
         extract($ids);
     }
     $extension != '' and $conditions[] = "Review.mode = " . $this->quote($extension);
     # Set conditionals based on configuration parameters
     if ($extension == 'com_content') {
         $conditions = array_merge($conditions, array('Listing.state = 1', '( Listing.publish_up = "' . NULL_DATE . '" OR DATE(Listing.publish_up) <= DATE("' . _CURRENT_SERVER_TIME . '") )', '( Listing.publish_down = "' . NULL_DATE . '" OR DATE(Listing.publish_down) >= DATE("' . _CURRENT_SERVER_TIME . '") )', 'Listing.access <= ' . $this->_user->gid));
         $cat_id != '' and $conditions[] = 'Listing.catid IN (' . cleanIntegerCommaList($cat_id) . ')';
         $cat_id == '' and $section_id != '' and $conditions[] = 'Listing.sectionid IN (' . cleanIntegerCommaList($section_id) . ')';
         $cat_id == '' and $dir_id != '' and $conditions[] = 'JreviewsCategory.dirid IN (' . cleanIntegerCommaList($dir_id) . ')';
         $cat_id == '' and $criteria_id != '' and $conditions[] = 'JreviewsCategory.criteriaid IN (' . cleanIntegerCommaList($criteria_id) . ')';
     } else {
         if (Sanitize::getInt($this->params['module'], 'cat_auto') && isset($this->Listing) && method_exists($this->Listing, 'catUrlParam')) {
             if ($cat_id = Sanitize::getInt($this->passedArgs, $this->Listing->catUrlParam())) {
                 $conditions[] = 'JreviewsCategory.id IN (' . $cat_id . ')';
             }
         } elseif ($cat_id) {
             $conditions[] = 'JreviewsCategory.id IN (' . cleanIntegerCommaList($cat_id) . ')';
         }
     }
     $listing_id and $conditions[] = "Review.pid IN ( " . cleanIntegerCommaList($listing_id) . ")";
     $conditions[] = 'Review.published > 0';
     switch ($sort) {
         case 'latest':
             $order[] = $this->Review->processSorting('rdate');
             break;
         case 'helpful':
             $order[] = $this->Review->processSorting('helpful');
             break;
         case 'random':
             $order[] = 'RAND(' . $this->params['rand'] . ')';
             break;
         default:
             $order[] = $this->Review->processSorting('rdate');
             break;
     }
     switch ($reviews_type) {
         case 'all':
             break;
         case 'user':
             $conditions[] = 'Review.author = 0';
             break;
         case 'editor':
             $conditions[] = 'Review.author = 1';
             break;
     }
     # Custom WHERE
     $tokenMatch and $custom_where and $conditions[] = $custom_where;
     $queryData = array('joins' => $joins, 'conditions' => $conditions, 'order' => $order, 'limit' => $this->module_limit, 'offset' => $this->module_offset);
     # Don't run it here because it's run in the Everywhere Observer Component
     $this->Review->runProcessRatings = false;
     // Excludes listing owner info in Everywhere component
     $this->Review->controller = 'module_reviews';
     $reviews = $this->Review->findAll($queryData);
     if (Sanitize::getInt($this->params['module'], 'ajax_nav', 1)) {
//.........这里部分代码省略.........
开发者ID:bizanto,项目名称:Hooked,代码行数:101,代码来源:module_reviews_controller.php

示例9: index

 function index()
 {
     // Required for ajax pagination to remember module settings
     $Session = RegisterClass::getInstance('MvcSession');
     $module_id = Sanitize::getInt($this->params, 'module_id', Sanitize::getInt($this->data, 'module_id'));
     if (!isset($this->params['module'])) {
         $this->params['module'] = array();
     }
     // For direct calls to the controller
     if ($this->ajaxRequest) {
         $this->params = $Session->get('module_params' . $module_id, null, S2Paths::get('jreviews', 'S2_CMSCOMP'));
     } else {
         srand((double) microtime() * 1000000);
         $this->params['rand'] = rand();
         $Session->set('module_rand' . $module_id, $this->params['rand'], S2Paths::get('jreviews', 'S2_CMSCOMP'));
         $Session->set('module_params' . $module_id, $this->params, S2Paths::get('jreviews', 'S2_CMSCOMP'));
     }
     # Prevent sql injection
     $token = Sanitize::getString($this->params, 'token');
     $tokenMatch = 0 === strcmp($token, cmsFramework::formIntegrityToken($this->params, array('module', 'module_id', 'form', 'data'), false));
     $this->viewSuffix = Sanitize::getString($this->params['module'], 'tmpl_suffix');
     $conditions = array();
     $joins = array();
     $order = array();
     $having = array();
     # Read module parameters
     $dir_id = Sanitize::getString($this->params['module'], 'dir');
     $section_id = Sanitize::getString($this->params['module'], 'section');
     $cat_id = Sanitize::getString($this->params['module'], 'category');
     $listing_id = Sanitize::getString($this->params['module'], 'listing');
     $criteria_id = Sanitize::getString($this->params['module'], 'criteria');
     $limit = Sanitize::getString($this->params['module'], 'module_limit', 5);
     $extension = Sanitize::getString($this->params['module'], 'extension');
     $extension = $extension != '' ? $extension : 'com_content';
     if (isset($this->Listing)) {
         $this->Listing->_user = $this->_user;
         // This parameter determines the module mode
         $sort = Sanitize::getString($this->params['module'], 'listing_order');
         $custom_order = Sanitize::getString($this->params['module'], 'custom_order');
         $custom_where = Sanitize::getString($this->params['module'], 'custom_where');
         if ($extension != 'com_content' && in_array($sort, array('topratededitor', 'featuredrandom', 'rhits'))) {
             echo "You have selected the {$sort} mode which is not supported for components other than com_content. Please read the tooltips in the module parameters for more info on allowed settings.";
             return;
         }
         # Category auto detect
         if (Sanitize::getInt($this->params['module'], 'cat_auto') && $extension == 'com_content') {
             $ids = CommonController::_discoverIDs($this);
             extract($ids);
         }
         # Set conditionals based on configuration parameters
         if ($extension == 'com_content') {
             // Only works for core articles
             $conditions = array_merge($conditions, array('Listing.state = 1', '( Listing.publish_up = "' . NULL_DATE . '" OR DATE(Listing.publish_up) <= DATE("' . _CURRENT_SERVER_TIME . '") )', '( Listing.publish_down = "' . NULL_DATE . '" OR DATE(Listing.publish_down) >= DATE("' . _CURRENT_SERVER_TIME . '") )', 'Listing.access <= ' . $this->_user->gid));
             // Remove unnecessary fields from model query
             $this->Listing->modelUnbind(array('Listing.fulltext AS `Listing.description`', 'Listing.metakey AS `Listing.metakey`', 'Listing.metadesc AS `Listing.metadesc`', 'User.email AS `User.email`'));
             $cat_id != '' and $conditions[] = 'Listing.catid IN (' . cleanIntegerCommaList($cat_id) . ')';
             $cat_id == '' and $section_id != '' and $conditions[] = 'Listing.sectionid IN (' . cleanIntegerCommaList($section_id) . ')';
             $cat_id == '' and $dir_id != '' and $conditions[] = 'JreviewsCategory.dirid IN (' . cleanIntegerCommaList($dir_id) . ')';
             $cat_id == '' and $criteria_id != '' and $conditions[] = 'JreviewsCategory.criteriaid IN (' . cleanIntegerCommaList($criteria_id) . ')';
         } else {
             if (Sanitize::getInt($this->params['module'], 'cat_auto') && method_exists($this->Listing, 'catUrlParam')) {
                 if ($cat_id = Sanitize::getInt($this->passedArgs, $this->Listing->catUrlParam())) {
                     $conditions[] = 'JreviewsCategory.id IN (' . cleanIntegerCommaList($cat_id) . ')';
                 }
             } elseif ($cat_id) {
                 $conditions[] = 'JreviewsCategory.id IN (' . cleanIntegerCommaList($cat_id) . ')';
             }
         }
         $listing_id and $conditions[] = "Listing.{$this->Listing->realKey} IN (" . cleanIntegerCommaList($listing_id) . ")";
         switch ($sort) {
             case 'random':
                 $order[] = 'RAND(' . $this->params['rand'] . ')';
                 break;
             case 'featuredrandom':
                 $conditions[] = 'featured > 0';
                 $order[] = 'RAND(' . $this->params['rand'] . ')';
                 break;
             case 'topratededitor':
                 $conditions[] = 'Totals.editor_rating > 0';
                 break;
                 // Editor rating sorting options dealt with in the Listing->processSorting method
         }
         # Custom WHERE
         $tokenMatch and $custom_where and $conditions[] = $custom_where;
         # Filtering options
         $having = array();
         // Listings submitted in the past x days
         $entry_period = Sanitize::getInt($this->params['module'], 'filter_listing_period');
         if ($entry_period > 0 && $this->Listing->dateKey) {
             $conditions[] = "Listing.{$this->Listing->dateKey} >= DATE_SUB('" . _CURRENT_SERVER_TIME . "', INTERVAL {$entry_period} DAY)";
         }
         // Listings with reviews submitted in past x days
         $review_period = Sanitize::getInt($this->params['module'], 'filter_review_period');
         if ($review_period > 0) {
             $conditions[] = "Review.created >= DATE_SUB(CURDATE(), INTERVAL {$review_period} DAY)";
             $joins[] = 'LEFT JOIN #__jreviews_comments AS Review ON Listing.' . $this->Listing->realKey . ' = Review.pid';
         }
         // Listings with review count higher than
         $filter_review_count = Sanitize::getInt($this->params['module'], 'filter_review_count');
         $filter_review_count > 0 and $conditions[] = "Totals.user_rating_count >= " . $filter_review_count;
//.........这里部分代码省略.........
开发者ID:bizanto,项目名称:Hooked,代码行数:101,代码来源:module_listings_controller.php

示例10: _save

 function _save()
 {
     /*******************************************************************
      * This method is processed inside an iframe
      * To access any of the DOM elements via jQuery it's necessary to prepend
      * all jQuery calls with $parentFrame (i.e. $parentFrame.jQuery)
      ********************************************************************/
     $this->autoRender = false;
     $this->autoLayout = false;
     $response = array();
     $parentFrame = 'window.parent';
     $validation = '';
     $listing_id = Sanitize::getInt($this->data['Listing'], 'id', 0);
     $isNew = $this->Listing->isNew = $listing_id == 0 ? true : false;
     $this->data['email'] = Sanitize::getString($this->data, 'email');
     $this->data['name'] = Sanitize::getString($this->data, 'name');
     $this->data['sectionid_hidden'] = Sanitize::getInt($this->data['Listing'], 'sectionid_hidden');
     $this->data['categoryid_hidden'] = Sanitize::getInt($this->data['Listing'], 'categoryid_hidden');
     $this->data['Listing']['sectionid'] = Sanitize::getInt($this->data['Listing'], 'sectionid');
     $this->data['Listing']['catid'] = Sanitize::getInt($this->data['Listing'], 'catid');
     $this->data['Listing']['title'] = Sanitize::getString($this->data['Listing'], 'title', '');
     $this->data['Listing']['created_by_alias'] = Sanitize::getString($this->data, 'name', '');
     # Check submit access
     $category_id = $this->data['Listing']['catid'] ? $this->data['Listing']['catid'] : $this->data['categoryid_hidden'];
     # Get criteria info
     $criteria = $this->Criteria->findRow(array('conditions' => array('Criteria.id = 
             (SELECT criteriaid FROM #__jreviews_categories WHERE id = ' . (int) $category_id . ' AND `option` = "com_content")
         ')));
     if (!$criteria) {
         $validation = __t("The category selected is invalid.", true);
         $response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');";
         $response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');";
         $response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();";
         return $this->makeJS($response);
     }
     $this->data['Criteria']['id'] = $criteria['Criteria']['criteria_id'];
     # Override global configuration
     isset($criteria['ListingType']) and $this->Config->override($criteria['ListingType']['config']);
     if ($isNew && !$this->Access->canAddListing()) {
         return $this->makeJS("{$parentFrame}.s2Alert('" . __t("You are not allowed to submit listings in this category.", true, true) . "')");
     } elseif (!$isNew) {
         # Stop form data tampering
         $owner = $this->Listing->getListingOwner($listing_id);
         $formToken = cmsFramework::formIntegrityToken($this->data['Listing'], array_keys($this->formTokenKeys), false);
         if (!$this->Access->canEditListing($owner['user_id']) || !Sanitize::getString($this->params['form'], $formToken)) {
             return $this->makeJS("{$parentFrame}.s2Alert('" . s2Messages::accessDenied() . "')");
         }
     }
     # Load the notifications observer model component and initialize it.
     # Done here so it only loads on save and not for all controlller actions.
     $this->components = array('security', 'notifications');
     $this->__initComponents();
     if ($this->invalidToken == true) {
         return $this->makeJS("{$parentFrame}.s2Alert('" . s2Messages::invalidToken() . "')");
     }
     # Override configuration
     //        $category = $this->Category->findRow(array('conditions'=>array('Category.id = ' . $this->data['Listing']['catid'])));
     //        $this->Config->override($category['ListingType']['config']);
     if ($this->Access->loadWysiwygEditor()) {
         $this->data['Listing']['introtext'] = Sanitize::stripScripts(Sanitize::stripWhitespace(Sanitize::getVar($this->data['__raw']['Listing'], 'introtext')));
         $this->data['Listing']['fulltext'] = Sanitize::stripScripts(Sanitize::stripWhitespace(Sanitize::getVar($this->data['__raw']['Listing'], 'fulltext')));
         $this->data['Listing']['introtext'] = html_entity_decode($this->data['Listing']['introtext'], ENT_QUOTES, cmsFramework::getCharset());
         $this->data['Listing']['fulltext'] = html_entity_decode($this->data['Listing']['fulltext'], ENT_QUOTES, cmsFramework::getCharset());
     } else {
         $this->data['Listing']['introtext'] = Sanitize::stripAll($this->data['Listing'], 'introtext', '');
         if (isset($this->data['Listing']['fulltext'])) {
             $this->data['Listing']['fulltext'] = Sanitize::stripAll($this->data['Listing'], 'fulltext', '');
         } else {
             $this->data['Listing']['fulltext'] = '';
         }
     }
     $this->data['Listing']['introtext'] = str_replace('<br>', '<br />', $this->data['Listing']['introtext']);
     $this->data['Listing']['fulltext'] = str_replace('<br>', '<br />', $this->data['Listing']['fulltext']);
     if ($this->Access->canAddMeta()) {
         $this->data['Listing']['metadesc'] = Sanitize::getString($this->data['Listing'], 'metadesc');
         $this->data['Listing']['metakey'] = Sanitize::getString($this->data['Listing'], 'metakey');
     }
     // Title alias handling
     $slug = '';
     $alias = Sanitize::getString($this->data['Listing'], 'alias');
     if ($isNew && $alias == '') {
         $slug = trim(S2Router::sefUrlEncode($this->data['Listing']['title']));
         if (trim(str_replace('-', '', $slug)) == '') {
             $slug = date("Y-m-d-H-i-s");
         }
     } elseif ($alias != '') {
         // Alias filled in so we convert it to a valid alias
         $slug = trim(S2Router::sefUrlEncode($alias));
         if (trim(str_replace('-', '', $slug)) == '') {
             $slug = date("Y-m-d-H-i-s");
         }
     }
     $slug != '' and $this->data['Listing']['alias'] = mb_strtolower($slug);
     # Check for duplicates
     switch ($this->Config->content_title_duplicates) {
         case 'category':
             // Checks for duplicates in the same category
             $query = "\n                        SELECT \n                            count(*) \n                        FROM \n                            #__content AS Listing WHERE Listing.title = " . $this->_db->Quote($this->data['Listing']['title']) . "\n                            AND Listing.state >= 0 \n                            AND Listing.catid = " . $this->data['Listing']['catid'] . (!$isNew ? " AND Listing.id <> " . $listing_id : '');
             $this->_db->setQuery($query);
             $titleExists = $this->_db->loadResult();
//.........这里部分代码省略.........
开发者ID:bizanto,项目名称:Hooked,代码行数:101,代码来源:listings_controller.php


注:本文中的cmsFramework::formIntegrityToken方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。