当前位置: 首页>>代码示例>>PHP>>正文


PHP cmsUser::checkCsrfToken方法代码示例

本文整理汇总了PHP中cmsUser::checkCsrfToken方法的典型用法代码示例。如果您正苦于以下问题:PHP cmsUser::checkCsrfToken方法的具体用法?PHP cmsUser::checkCsrfToken怎么用?PHP cmsUser::checkCsrfToken使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在cmsUser的用法示例。


在下文中一共展示了cmsUser::checkCsrfToken方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: polls

function polls()
{
    $model = new cms_model_polls();
    global $_LANG;
    $do = cmsCore::getInstance()->do;
    //========================================================================================================================//
    //========================================================================================================================//
    if ($do == 'view') {
        $answer = cmsCore::request('answer', 'str', '');
        $poll_id = cmsCore::request('poll_id', 'int');
        if (!$answer || !$poll_id) {
            if (cmsCore::isAjax()) {
                cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['SELECT_THE_OPTION']));
            } else {
                cmsCore::error404();
            }
        }
        $poll = $model->getPoll($poll_id);
        if (!$poll) {
            cmsCore::jsonOutput(array('error' => true, 'text' => ''));
        }
        if ($model->isUserVoted($poll_id)) {
            cmsCore::jsonOutput(array('error' => true, 'text' => ''));
        }
        if (!cmsUser::checkCsrfToken()) {
            cmsCore::halt();
        }
        $model->votePoll($poll, $answer);
        cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['VOTE_ACCEPTED']));
    }
}
开发者ID:4uva4ek,项目名称:svato,代码行数:31,代码来源:frontend.php

示例2: applet_robots

function applet_robots()
{
    global $_LANG;
    global $adminAccess;
    if (!cmsUser::isAdminCan('admin/robots', $adminAccess)) {
        cpAccessDenied();
    }
    cmsCore::c('page')->setTitle($_LANG['ROBOTS_TITLE']);
    cpAddPathway($_LANG['ROBOTS_TITLE']);
    $do = cmsCore::request('do', array('edit', 'save'), 'edit');
    if (!file_exists(PATH . '/robots.txt')) {
        $fp = fopen(PATH . '/robots.txt', 'w');
        fwrite($fp, str_replace(array('%domen%', '%host%'), array(str_replace(array('https://', 'http://'), '', cmsCore::c('config')->host), cmsCore::c('config')->host), file_get_contents(PATH . '/includes/default_robots.txt')));
        fclose($fp);
        chmod(PATH . '/robots.txt', 0777);
    }
    if ($do == 'save') {
        if (!cmsUser::checkCsrfToken()) {
            cmsCore::error404();
        }
        $data = cmsCore::request('robots', 'str');
        $fp = fopen(PATH . '/robots.txt', 'w');
        fwrite($fp, stripcslashes($data) . "\n");
        fclose($fp);
    }
    $robots = file_get_contents(PATH . '/robots.txt');
    cmsCore::c('page')->initTemplate('applets', 'robots')->assign('robots', $robots)->display();
}
开发者ID:CMS-RuDi,项目名称:CMS-RuDi,代码行数:28,代码来源:robots.php

示例3: applet_templates

function applet_templates()
{
    global $adminAccess;
    global $_LANG;
    if (!cmsUser::isAdminCan('admin/config', $adminAccess)) {
        cpAccessDenied();
    }
    $do = cmsCore::request('do', array('config', 'save_config'), 'main');
    cmsCore::c('page')->setTitle($_LANG['AD_TEMPLATES_SETTING']);
    cpAddPathway($_LANG['AD_TEMPLATES_SETTING'], 'index.php?view=templates');
    if ($do == 'main') {
        cmsCore::c('page')->initTemplate('applets', 'templates')->assign('templates', cmsCore::getDirsList('/templates'))->display();
    }
    if ($do == 'config') {
        $template = cmsCore::request('template', 'str', '');
        cpAddPathway($_LANG['AD_TEMPLATE'] . ': ' . $template, 'index.php?view=templates&do=config&template=' . $template);
        if (!file_exists(PATH . '/templates/' . $template) || !file_exists(PATH . '/templates/' . $template . '/config.php')) {
            cmsCore::error404();
        }
        include PATH . '/templates/' . $template . '/config.php';
        if (function_exists('get_template_cfg_fields')) {
            $tpl_cfgs = get_template_cfg_fields();
            if (!empty($tpl_cfgs)) {
                $tpl_cfgs_val = cmsCore::getTplCfg($template);
                cmsCore::c('page')->initTemplate('applets', 'templates')->assign('template', $template)->assign('form_gen_form', cmsCore::c('form_gen')->generateForm($tpl_cfgs, $tpl_cfgs_val))->display();
            } else {
                cmsCore::addSessionMessage($_LANG['AD_TEMPLATE_NO_CONFIG'], 'error');
                cmsCore::redirectBack();
            }
        } else {
            cmsCore::addSessionMessage($_LANG['AD_TEMPLATE_CFG_ERROR'], 'error');
            cmsCore::redirectBack();
        }
    }
    if ($do == 'save_config') {
        $template = cmsCore::request('template', 'str', '');
        if (!file_exists(PATH . '/templates/' . $template) || !file_exists(PATH . '/templates/' . $template . '/config.php') || !cmsUser::checkCsrfToken()) {
            cmsCore::error404();
        }
        include PATH . '/templates/' . $template . '/config.php';
        if (function_exists('get_template_cfg_fields')) {
            $tpl_cfgs = get_template_cfg_fields();
            if (!empty($tpl_cfgs)) {
                $tpl_cfgs = cmsCore::c('form_gen')->requestForm($tpl_cfgs);
                cmsCore::saveTplCfg($tpl_cfgs, $template);
                cmsCore::addSessionMessage($_LANG['AD_TEMPLATE_CFG_SAVED'], 'success');
                cmsCore::redirect('/admin/index.php?view=templates');
            } else {
                cmsCore::error404();
            }
        } else {
            cmsCore::error404();
        }
    }
}
开发者ID:CMS-RuDi,项目名称:CMS-RuDi,代码行数:55,代码来源:templates.php

示例4: applet_arhive

function applet_arhive()
{
    $inCore = cmsCore::getInstance();
    global $_LANG;
    cmsCore::c('page')->setTitle($_LANG['AD_ARTICLES_ARCHIVE']);
    $cfg = $inCore->loadComponentConfig('content');
    $cfg_arhive = $inCore->loadComponentConfig('arhive');
    cpAddPathway($_LANG['AD_ARTICLE_SITE'], 'index.php?view=tree');
    cpAddPathway($_LANG['AD_ARTICLES_ARCHIVE'], 'index.php?view=arhive');
    $do = cmsCore::request('do', 'str', 'list');
    $id = cmsCore::request('id', 'int', -1);
    if ($do == 'saveconfig') {
        if (!cmsUser::checkCsrfToken()) {
            cmsCore::error404();
        }
        $cfg['source'] = cmsCore::request('source', 'str', '');
        $inCore->saveComponentConfig('arhive', $cfg);
        cmsCore::addSessionMessage($_LANG['AD_CONFIG_SAVE_SUCCESS'], 'success');
        cmsCore::redirect('?view=arhive&do=config');
    }
    if ($do == 'config') {
        $toolmenu = array(array('icon' => 'folders.gif', 'title' => $_LANG['AD_LIST_OF_ARTICLES'], 'link' => '?view=arhive'));
        cpToolMenu($toolmenu);
        cpAddPathway($_LANG['AD_SETTINGS'], 'index.php?view=arhive&do=config');
        cmsCore::c('page')->initTemplate('applets', 'arhive')->assign('cfg_arhive', $cfg_arhive)->display();
    }
    if ($do == 'list') {
        $toolmenu = array(array('icon' => 'config.gif', 'title' => $_LANG['AD_SETTINGS'], 'link' => '?view=arhive&do=config'), array('icon' => 'delete.gif', 'title' => $_LANG['AD_DELETE_SELECTED'], 'link' => "javascript:checkSel('?view=arhive&do=delete&multiple=1');"));
        cpToolMenu($toolmenu);
        //TABLE COLUMNS
        $fields = array(array('title' => 'id', 'field' => 'id', 'width' => '40'), array('title' => $_LANG['AD_CREATE'], 'field' => 'pubdate', 'width' => '80', 'filter' => 15, 'fdate' => '%d/%m/%Y'), array('title' => $_LANG['TITLE'], 'field' => 'title', 'width' => '', 'link' => '?view=content&do=edit&id=%id%', 'filter' => 15), array('title' => $_LANG['AD_PARTITION'], 'field' => 'category_id', 'width' => '150', 'filter' => 1, 'prc' => 'cpCatById', 'filterlist' => cpGetList('cms_category')));
        //ACTIONS
        $actions = array(array('title' => $_LANG['AD_TO_ARTICLES_CATALOG'], 'icon' => 'arhive_off.gif', 'link' => '?view=arhive&do=arhive_off&id=%id%'), array('title' => $_LANG['DELETE'], 'icon' => 'delete.gif', 'link' => '?view=content&do=delete&id=%id%', 'confirm' => $_LANG['AD_DELETE_MATERIALS']));
        //Print table
        cpListTable('cms_content', $fields, $actions, 'is_arhive=1');
    }
    if ($do == 'arhive_off') {
        if (cmsCore::inRequest('id')) {
            cmsCore::c('db')->setFlag('cms_content', $id, 'is_arhive', '0');
            cmsCore::redirect('?view=arhive');
        }
    }
    if ($do == 'delete') {
        if (!cmsCore::inRequest('item')) {
            if ($id >= 0) {
                cmsCore::m('content')->deleteArticle($id, $cfg['af_delete']);
            }
        } else {
            cmsCore::m('content')->deleteArticles(cmsCore::request('item', 'array_int'), $cfg['af_delete']);
        }
        cmsCore::redirect('?view=arhive');
    }
}
开发者ID:CMS-RuDi,项目名称:CMS-RuDi,代码行数:53,代码来源:arhive.php

示例5: applet_robots

function applet_robots() {
    global $_LANG;
    global $adminAccess;
    
    if (!cmsUser::isAdminCan('admin/robots', $adminAccess)) { cpAccessDenied(); }
    
    cmsCore::c('page')->setTitle($_LANG['ROBOTS_TITLE']);

    cpAddPathway($_LANG['ROBOTS_TITLE']);

    $do = cmsCore::request('do', array('edit', 'save'), 'edit');

    if (!file_exists(PATH .'/robots.txt')) {
        $fp = fopen(PATH .'/robots.txt', 'w');
        fwrite($fp, str_replace(array('%domen%', '%host%'), array(str_replace(array('https://', 'http://'), '', cmsCore::c('config')->host), cmsCore::c('config')->host), file_get_contents(PATH .'/includes/default_robots.txt')));
        fclose ($fp);
        chmod(PATH .'/robots.txt', 0777);
    }

    if ($do == 'save') {
        if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); }

        $data = cmsCore::request('robots', 'str');
        
        $fp = fopen(PATH .'/robots.txt', 'w');
        fwrite($fp, stripcslashes($data) ."\n");
        fclose ($fp);
    }

    $robots = file_get_contents(PATH .'/robots.txt');
?>
<form action="" method="post">
    <div style="width:650px;">
        <input type="hidden" name="csrf_token" value="<?php echo cmsUser::getCsrfToken(); ?>" />
        
        <div class="form-group">
            <label><?php echo $_LANG['ROBOTS_TXT_DATA']; ?></label>
            <textarea name="robots" class="form-control" style="height: 400px;"><?php echo $robots; ?></textarea>
            <div class="help-block"><?php echo $_LANG['ROBOTS_TXT_INFO']; ?></div>
        </div>
        
        <input type="hidden" name="do" value="save" />
        
        <input type="submit" class="btn btn-primary" name="save" value="<?php echo $_LANG['SAVE']; ?>" />
        <input type="button" class="btn btn-default" name="back" value="<?php echo $_LANG['CANCEL']; ?>" onclick="window.history.back();" />
    </div>
</form>
<?php
}
开发者ID:Acsac,项目名称:CMS-RuDi,代码行数:49,代码来源:robots.php

示例6: mod_invite

function mod_invite($mod, $cfg) {
    global $_LANG;

    $errors      = false;
    $is_redirect = false; // в модуле нельзя использовать cmsCore::redirectBack(), используем костыли ;)

    if (cmsCore::inRequest('send_invite_email')) {
        $is_redirect = true;

        $username = cmsCore::request('username', 'str', '');
        $email    = cmsCore::request('friend_email', 'email', '');

        if (!$username && !cmsCore::c('user')->id) {
            cmsCore::addSessionMessage($_LANG['ERR_NEED_NAME'], 'error'); $errors = true;
        }
        
        if (cmsCore::c('user')->id) {
            $username = cmsCore::c('user')->nickname;
        }

        if (!$email) {
            cmsCore::addSessionMessage($_LANG['ERR_NEED_MAIL'], 'error'); $errors = true;
        }

        if (!$errors) {
            if (!cmsUser::checkCsrfToken()) {
                cmsCore::error404();
            }

            $letter = cmsCore::getLanguageTextFile('mail_invite');
            $letter = str_replace('{sitename}', cmsConfig::getConfig('sitename'), $letter);
            $letter = str_replace('{site_url}', HOST, $letter);
            $letter = str_replace('{username}', $username, $letter);

            cmsCore::mailText($email, sprintf($_LANG['INVITE_SUBJECT'], $username), $letter);
            cmsCore::addSessionMessage($_LANG['INVITE_SENDED'], 'success');
        }
    }

    cmsPage::initTemplate('modules', $cfg['tpl'])->
        assign('user_id', cmsCore::c('user')->id)->
        assign('is_redirect', $is_redirect)->
        display();

    return true;
}
开发者ID:Acsac,项目名称:CMS-RuDi,代码行数:46,代码来源:module.php

示例7: applet_config

function applet_config()
{
    // получаем оригинальный конфиг
    $config = cmsConfig::getDefaultConfig();
    global $_LANG;
    global $adminAccess;
    if (!cmsUser::isAdminCan('admin/config', $adminAccess)) {
        cpAccessDenied();
    }
    cmsCore::c('page')->setTitle($_LANG['AD_SITE_SETTING']);
    cpAddPathway($_LANG['AD_SITE_SETTING'], 'index.php?view=config');
    $do = cmsCore::request('do', 'str', 'list');
    if ($do == 'save') {
        if (!cmsUser::checkCsrfToken()) {
            cmsCore::error404();
        }
        $newCFG = cmsCore::getArrayFromRequest(array('scheme' => array('scheme', array('http', 'https'), ''), 'sitename' => array('sitename', 'str', ''), 'title_and_sitename' => array('title_and_sitename', 'int', 0), 'title_and_page' => array('title_and_page', 'int', 0), 'hometitle' => array('hometitle', 'str', ''), 'homecom' => array('homecom', 'str', ''), 'com_without_name_in_url' => array('com_without_name_in_url', 'str', ''), 'siteoff' => array('siteoff', 'int', 0), 'only_authorized' => array('only_authorized', 'int', 0), 'debug' => array('debug', 'int', 0), 'offtext' => array('offtext', 'str', ''), 'keywords' => array('keywords', 'str', ''), 'metadesc' => array('metadesc', 'str', ''), 'seourl' => array('seourl', 'int', 0), 'lang' => array('lang', 'str', 'ru'), 'is_change_lang' => array('is_change_lang', 'int', 0), 'sitemail' => array('sitemail', 'str', ''), 'sitemail_name' => array('sitemail_name', 'str', ''), 'wmark' => array('wmark', 'str', ''), 'template' => array('template', 'str', ''), 'admin_template' => array('admin_template', 'str', ''), 'cache' => array('cache', 'int', 0), 'cache_type' => array('cache_type', array('file', 'memcached'), ''), 'memcached_host' => array('memcached_host', 'str', ''), 'memcached_port' => array('memcached_port', 'int', 0), 'combine_css_enable' => array('combine_css_enable', 'int', 0), 'combine_css' => array('combine_css', 'html', ''), 'combine_js_enable' => array('combine_js_enable', 'int', 0), 'combine_js' => array('combine_js', 'html', ''), 'splash' => array('splash', 'int', 0), 'slight' => array('slight', 'int', 0), 'show_pw' => array('show_pw', 'int', 0), 'last_item_pw' => array('last_item_pw', 'int', 0), 'index_pw' => array('index_pw', 'int', 0), 'fastcfg' => array('fastcfg', 'int', 0), 'mailer' => array('mailer', 'str', ''), 'smtpsecure' => array('smtpsecure', 'str', ''), 'smtpauth' => array('smtpauth', 'int', 0), 'smtpuser' => array('smtpuser', 'str', $config['smtpuser']), 'smtppass' => array('smtppass', 'str', $config['smtppass']), 'smtphost' => array('smtphost', 'str', ''), 'smtpport' => array('smtpport', 'int', '25'), 'timezone' => array('timezone', 'str', $config['timezone']), 'user_stats' => array('user_stats', 'int', 0), 'seo_url_count' => array('seo_url_count', 'int', 0), 'max_pagebar_links' => array('max_pagebar_links', 'int', 0), 'allow_ip' => array('allow_ip', 'str', ''), 'iframe_enable' => array('iframe_enable', 'int', 0), 'vk_enable' => array('vk_enable', 'int', 0), 'vk_id' => array('vk_id', 'str', ''), 'vk_private_key' => array('vk_private_key', 'str', '')));
        $newCFG['sitename'] = stripslashes($newCFG['sitename']);
        $newCFG['hometitle'] = stripslashes($newCFG['hometitle']);
        $newCFG['offtext'] = htmlspecialchars($newCFG['offtext'], ENT_QUOTES);
        $newCFG['db_host'] = $config['db_host'];
        $newCFG['db_base'] = $config['db_base'];
        $newCFG['db_user'] = $config['db_user'];
        $newCFG['db_pass'] = $config['db_pass'];
        $newCFG['db_prefix'] = $config['db_prefix'];
        if (cmsConfig::saveToFile($newCFG)) {
            cmsCore::addSessionMessage($_LANG['AD_CONFIG_SAVE_SUCCESS'], 'success');
        } else {
            cmsCore::addSessionMessage($_LANG['AD_CONFIG_SITE_ERROR'], 'error');
        }
        cmsCore::clearCache();
        cmsCore::redirect('index.php?view=config');
    }
    cpCheckWritable('/includes/config/config.inc.json');
    $result = cmsCore::c('db')->query("SELECT (sum(data_length)+sum(index_length))/1024/1024 as size FROM INFORMATION_SCHEMA.TABLES WHERE table_schema = '" . $config['db_base'] . "'", true);
    if (!cmsCore::c('db')->error()) {
        $s = cmsCore::c('db')->fetch_assoc($result);
    } else {
        $s['size'] = 0;
    }
    cmsCore::c('page')->initTemplate('applets', 'config')->assign('config', $config)->assign('timezone_opt', cmsCore::getTimeZonesOptions($config['timezone']))->assign('admin_templates', cmsCore::getDirsList('/templates/admin'))->assign('templates', cmsCore::getDirsList('/templates'))->assign('tpl_info', cmsCore::c('page')->getTplInfo(cmsCore::c('page')->template))->assign('components_opt', cmsCore::getListItems('cms_components', $config['com_without_name_in_url'], 'title', 'ASC', 'internal=0', 'link'))->assign('homecom_opt', cmsCore::getListItems('cms_components', $config['homecom'], 'title', 'ASC', 'internal=0', 'link'))->assign('langs', cmsCore::getDirsList('/languages'))->assign('db_size', round($s['size'], 2))->display();
}
开发者ID:CMS-RuDi,项目名称:CMS-RuDi,代码行数:42,代码来源:config.php

示例8: photos


//.........这里部分代码省略.........
        }
        if (mb_strstr($photo['NSDiffer'], 'club')) {
            cmsCore::halt();
        }
        if (!$inUser->is_admin) {
            cmsCore::halt();
        }
        if (!cmsCore::inRequest('move_photo')) {
            cmsPage::initTemplate('components', 'com_photos_move')->assign('form_action', '/photos/movephoto' . $photo['id'] . '.html')->assign('html', $inPhoto->getAlbumsOption('', $photo['album_id']))->display('com_photos_move.tpl');
            cmsCore::jsonOutput(array('error' => false, 'html' => ob_get_clean()));
        } else {
            $album = cmsCore::callEvent('GET_PHOTO_ALBUM', $inDB->getNsCategory('cms_photo_albums', cmsCore::request('album_id', 'int')));
            if (!$album) {
                cmsCore::halt();
            }
            if (!$album['public'] && !$inUser->is_admin) {
                cmsCore::error404();
            }
            // Смотрим ограничения загрузки в сутки
            $today_uploaded = $album['uplimit'] ? $model->loadedByUser24h($inUser->id, $album['id']) : 0;
            if (!$inUser->is_admin && $album['uplimit'] && $today_uploaded >= $album['uplimit']) {
                cmsCore::jsonOutput(array('error' => true, 'text' => '<strong>' . $_LANG['MAX_UPLOAD_IN_DAY'] . '</strong> ' . $_LANG['CAN_UPLOAD_TOMORROW']));
            }
            $inDB->query("UPDATE cms_photo_files SET album_id = '{$album['id']}' WHERE id = '{$photo['id']}'");
            cmsActions::updateLog('add_photo', array('target' => $album['title'], 'target_url' => '/photos/' . $album['id'], 'target_id' => $album['id']), $photo['id']);
            cmsCore::addSessionMessage($_LANG['PHOTO_MOVED'], 'info');
            cmsCore::jsonOutput(array('error' => false, 'redirect' => '/photos/' . $album['id']));
        }
    }
    /////////////////////////////// PHOTO DELETE /////////////////////////////////////////////////////////////////////////////////////////
    if ($do == 'delphoto') {
        if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') {
            cmsCore::halt();
        }
        if (!$inUser->id) {
            cmsCore::halt();
        }
        if (!cmsUser::checkCsrfToken()) {
            cmsCore::halt();
        }
        $photo = cmsCore::callEvent('GET_PHOTO', $inPhoto->getPhoto($id));
        if (!$photo) {
            cmsCore::halt();
        }
        if (mb_strstr($photo['NSDiffer'], 'club')) {
            cmsCore::halt();
        }
        $is_author = $photo['user_id'] == $inUser->id && $inUser->id;
        if (!$inUser->is_admin && !$is_author) {
            cmsCore::halt();
        }
        $inPhoto->deletePhoto($photo, $model->initUploadClass($inDB->getNsCategory('cms_photo_albums', $photo['album_id'])));
        cmsCore::addSessionMessage($_LANG['PHOTO_DELETED'], 'success');
        cmsUser::clearCsrfToken();
        cmsCore::jsonOutput(array('error' => false, 'redirect' => '/photos/' . $photo['album_id']));
    }
    /////////////////////////////// PHOTO PUBLISH /////////////////////////////////////////////////////////////////////////////////////////
    if ($do == 'publish_photo') {
        if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') {
            cmsCore::halt();
        }
        if (!$inUser->id) {
            cmsCore::halt();
        }
        $photo = cmsCore::callEvent('GET_PHOTO', $inPhoto->getPhoto($id));
        if (!$photo) {
            cmsCore::halt();
        }
        if (!$inUser->is_admin) {
            cmsCore::halt();
        }
        $inPhoto->publishPhoto($photo['id']);
        cmsCore::callEvent('ADD_PHOTO_DONE', $photo);
        $description = '<a href="/photos/photo' . $photo['id'] . '.html" class="act_photo"><img src="/images/photos/small/' . $photo['file'] . '" alt="' . htmlspecialchars(stripslashes($photo['title'])) . '" /></a>';
        cmsActions::log('add_photo', array('object' => $photo['title'], 'object_url' => '/photos/photo' . $photo['id'] . '.html', 'object_id' => $photo['id'], 'user_id' => $photo['user_id'], 'target' => $photo['cat_title'], 'target_id' => $photo['album_id'], 'target_url' => '/photos/' . $photo['album_id'], 'description' => $description));
        cmsCore::halt('ok');
    }
    /////////////////////////////// VIEW LATEST/BEST PHOTOS //////////////////////////////////////////////////////////////////////////////
    if (in_array($do, array('latest', 'best'))) {
        if ($do == 'latest') {
            $inDB->orderBy('f.pubdate', 'DESC');
            $pagetitle = $pagetitle && $inCore->isMenuIdStrict() ? $pagetitle : $_LANG['NEW_PHOTO_IN_GALLERY'];
        } else {
            $inDB->orderBy('f.rating', 'DESC');
            $pagetitle = $pagetitle && $inCore->isMenuIdStrict() ? $pagetitle : $_LANG['BEST_PHOTOS'];
        }
        $inDB->limit($model->config['best_latest_perpage']);
        // выбираем категории фото
        $inDB->addJoin("INNER JOIN cms_photo_albums a ON a.id = f.album_id AND a.published = 1 AND a.NSDiffer = ''");
        $inDB->addSelect('a.title as cat_title');
        $photos = $inPhoto->getPhotos(false, 'with_comments');
        if (!$photos) {
            cmsCore::error404();
        }
        $inPage->addPathway($pagetitle);
        $inPage->setTitle($pagetitle);
        cmsPage::initTemplate('components', 'com_photos_bl')->assign('maxcols', $model->config['best_latest_maxcols'])->assign('pagetitle', $pagetitle)->assign('photos', $photos)->display('com_photos_bl.tpl');
    }
    /////////////////////////////// /////////////////////////////// ////////////////
}
开发者ID:deltas1,项目名称:icms1,代码行数:101,代码来源:frontend.php

示例9: applet_menu

function applet_menu()
{
    $inCore = cmsCore::getInstance();
    $inDB = cmsDatabase::getInstance();
    global $_LANG;
    global $adminAccess;
    if (!cmsUser::isAdminCan('admin/menu', $adminAccess)) {
        cpAccessDenied();
    }
    $GLOBALS['cp_page_title'] = $_LANG['AD_MENU'];
    cpAddPathway($_LANG['AD_MENU'], 'index.php?view=menu');
    $do = cmsCore::request('do', 'str', 'list');
    $id = cmsCore::request('id', 'int', -1);
    if ($do == 'list') {
        $toolmenu[] = array('icon' => 'new.gif', 'title' => $_LANG['AD_MENU_POINT_ADD'], 'link' => '?view=menu&do=add');
        $toolmenu[] = array('icon' => 'newmenu.gif', 'title' => $_LANG['AD_MENU_ADD'], 'link' => '?view=menu&do=addmenu');
        $toolmenu[] = array('icon' => 'edit.gif', 'title' => $_LANG['AD_EDIT_SELECTED'], 'link' => "javascript:checkSel('?view=menu&do=edit&multiple=1');");
        $toolmenu[] = array('icon' => 'delete.gif', 'title' => $_LANG['AD_DELETE_SELECTED'], 'link' => "javascript:checkSel('?view=menu&do=delete&multiple=1');");
        $toolmenu[] = array('icon' => 'show.gif', 'title' => $_LANG['AD_ALLOW_SELECTED'], 'link' => "javascript:checkSel('?view=menu&do=show&multiple=1');");
        $toolmenu[] = array('icon' => 'hide.gif', 'title' => $_LANG['AD_DISALLOW_SELECTED'], 'link' => "javascript:checkSel('?view=menu&do=hide&multiple=1');");
        $toolmenu[] = array('icon' => 'help.gif', 'title' => $_LANG['AD_HELP'], 'link' => '?view=help&topic=menu');
        cpToolMenu($toolmenu);
        $fields[] = array('title' => 'Lt', 'field' => 'NSLeft', 'width' => '30');
        $fields[] = array('title' => $_LANG['TITLE'], 'field' => 'title', 'width' => '', 'link' => '?view=menu&do=edit&id=%id%');
        $fields[] = array('title' => $_LANG['SHOW'], 'field' => 'published', 'width' => '60');
        $fields[] = array('title' => $_LANG['AD_ORDER'], 'field' => 'ordering', 'width' => '100');
        $fields[] = array('title' => $_LANG['AD_LINK'], 'field' => array('linktype', 'linkid', 'link'), 'width' => '240', 'prc' => 'cpMenutypeById');
        $fields[] = array('title' => $_LANG['AD_MENU'], 'field' => 'menu', 'width' => '70', 'filter' => '10', 'filterlist' => cpGetList('menu'), 'prc' => 'list_menu');
        $fields[] = array('title' => $_LANG['TEMPLATE'], 'field' => 'template', 'width' => '70', 'prc' => 'cpTemplateById');
        $actions[] = array('title' => $_LANG['EDIT'], 'icon' => 'edit.gif', 'link' => '?view=menu&do=edit&id=%id%');
        $actions[] = array('title' => $_LANG['DELETE'], 'icon' => 'delete.gif', 'confirm' => $_LANG['AD_MENU_POINT_CONFIRM'], 'link' => '?view=menu&do=delete&id=%id%');
        cpListTable('cms_menu', $fields, $actions, 'parent_id>0', 'NSLeft, ordering');
    } else {
        $toolmenu[] = array('icon' => 'save.gif', 'title' => $_LANG['SAVE'], 'link' => 'javascript:document.addform.submit();');
        $toolmenu[] = array('icon' => 'cancel.gif', 'title' => $_LANG['CANCEL'], 'link' => 'index.php?view=menu');
        cpToolMenu($toolmenu);
    }
    if ($do == 'move_up') {
        $inDB->moveNsCategory('cms_menu', $id, 'up');
        cmsCore::redirectBack();
    }
    if ($do == 'move_down') {
        $inDB->moveNsCategory('cms_menu', $id, 'down');
        cmsCore::redirectBack();
    }
    if ($do == 'show') {
        if (!isset($_REQUEST['item'])) {
            if ($id >= 0) {
                dbShow('cms_menu', $id);
            }
            echo '1';
            exit;
        } else {
            dbShowList('cms_menu', $_REQUEST['item']);
            cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success');
            cmsCore::redirectBack();
        }
    }
    if ($do == 'hide') {
        if (!isset($_REQUEST['item'])) {
            if ($id >= 0) {
                dbHide('cms_menu', $id);
            }
            echo '1';
            exit;
        } else {
            dbHideList('cms_menu', cmsCore::request('item', 'array_int', array()));
            cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success');
            cmsCore::redirectBack();
        }
    }
    if ($do == 'delete') {
        if (!isset($_REQUEST['item'])) {
            if ($id >= 0) {
                $inDB->deleteNS('cms_menu', (int) $id);
            }
        } else {
            $items = cmsCore::request('item', 'array_int', array());
            foreach ($items as $item_id) {
                $inDB->deleteNS('cms_menu', $item_id);
            }
        }
        cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success');
        cmsCore::redirectBack();
    }
    if ($do == 'update') {
        if (!cmsUser::checkCsrfToken()) {
            cmsCore::error404();
        }
        $id = cmsCore::request('id', 'int', 0);
        if (!$id) {
            cmsCore::redirectBack();
        }
        $title = cmsCore::request('title', 'str', '');
        $menu = cmsCore::arrayToYaml(cmsCore::request('menu', 'array_str', ''));
        $linktype = cmsCore::request('mode', 'str', '');
        $linkid = cmsCore::request($linktype, 'str', '');
        $link = $inCore->getMenuLink($linktype, $linkid);
        $target = cmsCore::request('target', 'str', '');
        $published = cmsCore::request('published', 'int', 0);
//.........这里部分代码省略.........
开发者ID:vicktorwork,项目名称:cms1,代码行数:101,代码来源:menu.php

示例10: applet_content

function applet_content()
{
    $inCore = cmsCore::getInstance();
    $inUser = cmsUser::getInstance();
    $inDB = cmsDatabase::getInstance();
    global $_LANG;
    //check access
    global $adminAccess;
    if (!cmsUser::isAdminCan('admin/content', $adminAccess)) {
        cpAccessDenied();
    }
    $cfg = $inCore->loadComponentConfig('content');
    cmsCore::loadModel('content');
    $model = new cms_model_content();
    $GLOBALS['cp_page_title'] = $_LANG['AD_ARTICLES'];
    cpAddPathway($_LANG['AD_ARTICLES'], 'index.php?view=tree');
    $do = cmsCore::request('do', 'str', 'add');
    $id = cmsCore::request('id', 'int', -1);
    if ($do == 'arhive_on') {
        $inDB->query("UPDATE cms_content SET is_arhive = 1 WHERE id = '{$id}'");
        cmsCore::addSessionMessage($_LANG['AD_ARTICLES_TO_ARHIVE'], 'success');
        cmsCore::redirectBack();
    }
    if ($do == 'move') {
        $item_id = cmsCore::request('id', 'int', 0);
        $cat_id = cmsCore::request('cat_id', 'int', 0);
        $dir = $_REQUEST['dir'];
        $step = 1;
        $model->moveItem($item_id, $cat_id, $dir, $step);
        echo '1';
        exit;
    }
    if ($do == 'move_to_cat') {
        $items = cmsCore::request('item', 'array_int');
        $to_cat_id = cmsCore::request('obj_id', 'int', 0);
        if ($items && $to_cat_id) {
            $last_ordering = (int) $inDB->get_field('cms_content', "category_id = '{$to_cat_id}' ORDER BY ordering DESC", 'ordering');
            foreach ($items as $item_id) {
                $article = $model->getArticle($item_id);
                if (!$article) {
                    continue;
                }
                $last_ordering++;
                $model->updateArticle($article['id'], array('category_id' => $to_cat_id, 'ordering' => $last_ordering, 'url' => $article['url'], 'title' => $inDB->escape_string($article['title']), 'id' => $article['id'], 'user_id' => $article['user_id']));
            }
            cmsCore::addSessionMessage($_LANG['AD_ARTICLES_TO'], 'success');
        }
        cmsCore::redirect('?view=tree&cat_id=' . $to_cat_id);
    }
    if ($do == 'show') {
        if (!isset($_REQUEST['item'])) {
            if ($id >= 0) {
                dbShow('cms_content', $id);
            }
            echo '1';
            exit;
        } else {
            dbShowList('cms_content', cmsCore::request('item', 'array_int'));
            cmsCore::redirectBack();
        }
    }
    if ($do == 'hide') {
        if (!isset($_REQUEST['item'])) {
            if ($id >= 0) {
                dbHide('cms_content', $id);
            }
            echo '1';
            exit;
        } else {
            dbHideList('cms_content', cmsCore::request('item', 'array_int'));
            cmsCore::redirectBack();
        }
    }
    if ($do == 'delete') {
        if (!isset($_REQUEST['item'])) {
            if ($id >= 0) {
                $model->deleteArticle($id);
                cmsCore::addSessionMessage($_LANG['AD_ARTICLE_REMOVE'], 'success');
            }
        } else {
            $model->deleteArticles(cmsCore::request('item', 'array_int'));
            cmsCore::addSessionMessage($_LANG['AD_ARTICLES_REMOVE'], 'success');
        }
        cmsCore::redirectBack();
    }
    if ($do == 'update') {
        if (!cmsUser::checkCsrfToken()) {
            cmsCore::error404();
        }
        if (isset($_REQUEST['id'])) {
            $id = cmsCore::request('id', 'int', 0);
            $article['category_id'] = cmsCore::request('category_id', 'int', 1);
            $article['title'] = cmsCore::request('title', 'str');
            $article['url'] = cmsCore::request('url', 'str');
            $article['showtitle'] = cmsCore::request('showtitle', 'int', 0);
            $article['description'] = cmsCore::request('description', 'html', '');
            $article['description'] = $inDB->escape_string($article['description']);
            $article['content'] = cmsCore::request('content', 'html', '');
            $article['content'] = $inDB->escape_string($article['content']);
            $article['for_img'] = cmsCore::request('for_img', 'html', '');
//.........这里部分代码省略.........
开发者ID:vityapro,项目名称:cms,代码行数:101,代码来源:content.php

示例11: comments


//.........这里部分代码省略.........
        // получаем массив со ссылкой и заголовком цели комментария
        // для этого:
        //  1. узнаем ответственный компонент из cms_comment_targets
        $target = $inDB->get_fields('cms_comment_targets', "target='{$comment['target']}'", '*');
        if (!$target) {
            cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_UNKNOWN_TARGET'] . ' #1'));
        }
        //  2. подключим модель этого компонента
        if (cmsCore::loadModel($target['component'])) {
            $model_class = 'cms_model_' . $target['component'];
            if (class_exists($model_class)) {
                $target_model = new $model_class();
            }
        }
        if (!isset($target_model)) {
            cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_UNKNOWN_TARGET'] . ' #2'));
        }
        //  3. запросим массив $target_data[link, title] у метода getCommentTarget модели
        $target_data = $target_model->getCommentTarget($comment['target'], $comment['target_id']);
        if (!$target_data) {
            cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_UNKNOWN_TARGET'] . ' #3'));
        }
        $comment['target_title'] = $target_data['title'];
        $comment['target_link'] = $target_data['link'];
        // 4. Узнаем видимость комментария в модели $target_model
        if (method_exists($target_model, 'getVisibility')) {
            $comment['is_hidden'] = $target_model->getVisibility($comment['target'], $comment['target_id']);
        } else {
            $comment['is_hidden'] = 0;
        }
        // публикация согласно настроек
        $comment['published'] = $inUser->is_admin || $model->is_can_moderate || $model->is_add_published ? 1 : 0;
        // Проверяем токен перед самым добавлением комментария
        if (!cmsUser::checkCsrfToken()) {
            cmsCore::error404();
        }
        // 5. добавляем комментарий в базу
        $comment_id = $model->addComment($comment);
        // 6. Пересчитываем количество комментариев у цели если нужно
        if (method_exists($target_model, 'updateCommentsCount')) {
            $target_model->updateCommentsCount($comment['target'], $comment['target_id']);
        }
        if (!$comment['is_hidden'] && $comment['published']) {
            //регистрируем событие
            $content_short = strip_tags($comment['content']);
            cmsActions::log('add_comment', array('object' => $_LANG['COMMENT'], 'object_url' => $comment['target_link'] . '#c' . $comment_id, 'object_id' => $comment_id, 'target' => $comment['target_title'], 'target_url' => $comment['target_link'], 'target_id' => $comment['target_id'], 'description' => mb_strlen($content_short) > 140 ? mb_substr($content_short, 0, 140) : $content_short));
        }
        ////////////////////////////////////////////////////////////////
        ///////////////// Операции по уведомлениям /////////////////////
        $inConf = cmsConfig::getInstance();
        $from_nick = $inUser->id ? $inUser->nickname : $comment['guestname'];
        $targetlink = HOST . $comment['target_link'] . '#c' . $comment_id;
        //получаем ID и e-mail автора
        $author = $inUser->id ? $model->getTargetAuthor($target['target_table'], $comment['target_id']) : '';
        //подписываем пользователя на обновления, если нужно
        if ($inUser->id && cmsCore::inRequest('subscribe')) {
            cmsUser::subscribe($inUser->id, $comment['target'], $comment['target_id']);
        }
        if ($comment['published']) {
            //рассылаем уведомления о новом комменте
            cmsUser::sendUpdateNotify($comment['target'], $comment['target_id'], array('link' => $comment['target_link'] . '#c' . $comment_id, 'title' => stripslashes($comment['target_title']), 'letter_file' => 'newcomment', 'author' => $inUser->id ? $inUser->nickname : $comment['guestname']));
            //проверяем и выдаем награду если нужно
            cmsUser::checkAwards($inUser->id);
        }
        //отправляем админу уведомление о комментарии на e-mail, если нужно
        if ($model->config['email']) {
开发者ID:vicktorwork,项目名称:cms1,代码行数:67,代码来源:frontend.php

示例12: applet_users


//.........这里部分代码省略.........
                    'object' => '',
                    'user_id' => $user_id,
                    'object_url' => '',
                    'object_id' => $user_id,
                    'target' => '',
                    'target_url' => '',
                    'target_id' => 0,
                    'description' => ''
                )
            );
        }
        
        cmsCore::redirectBack();
    }
    
    if ($do == 'delete') {
        if (!cmsCore::inRequest('item')) {
            if ($id >= 0) {
                $model->deleteUser($id);
            }
        } else {
            $model->deleteUsers(cmsCore::request('item', 'array_int', array()));
        }
        
        cmsCore::redirectBack();
    }

    if ($do == 'delete_full') {
        $model->deleteUser($id, true);
        cmsCore::redirectBack();
    }

    if ($do == 'submit' || $do == 'update') {
        if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); }

        $types = array(
            'login' => array( 'login', 'str', '' ),
            'nickname' => array( 'nickname', 'str', '', 'htmlspecialchars' ),
            'email' => array( 'email', 'email', '' ),
            'group_id' => array( 'group_id', 'int', 1 ),
            'is_locked' => array( 'is_locked', 'int', 0 ),
            'password' => array( 'pass', 'str', '', 'stripslashes' ),
            'pass2' => array( 'pass2', 'str', '', 'stripslashes' )
        );

        $items = cmsCore::getArrayFromRequest($types);

        $errors = false;

        // проверяем логин
        if (mb_strlen($items['login']) < 2 ||
                mb_strlen($items['login']) > 15 ||
                is_numeric($items['login']) ||
                !preg_match("/^([a-zA-Z0-9])+$/ui", $items['login'])) {
            cmsCore::addSessionMessage($_LANG['ERR_LOGIN'], 'error');
            $errors = true;
        }

        // проверяем пароль
        if ($do == 'submit') {
            if (!$items['password']) {
                cmsCore::addSessionMessage($_LANG['TYPE_PASS'], 'error');
                $errors = true;
            }
        }
        
开发者ID:Acsac,项目名称:CMS-RuDi,代码行数:66,代码来源:users.php

示例13: validateForm

 /**
  * ====== DEPRECATED =========
  * используйте cmsUser::checkCsrfToken();
  */
 public static function validateForm()
 {
     return cmsUser::checkCsrfToken();
 }
开发者ID:vityapro,项目名称:cms,代码行数:8,代码来源:cms.php

示例14: applet_content

function applet_content() {
    $inCore = cmsCore::getInstance();
    cmsCore::m('content');
    
    global $_LANG;

    //check access
    global $adminAccess;
    if (!cmsUser::isAdminCan('admin/content', $adminAccess)) { cpAccessDenied(); }

    $cfg = $inCore->loadComponentConfig('content');

    cmsCore::c('page')->setTitle($_LANG['AD_ARTICLES']);
    cpAddPathway($_LANG['AD_ARTICLES'], 'index.php?view=tree');

    $do = cmsCore::request('do', 'str', 'add');
    $id = cmsCore::request('id', 'int', -1);

    if ($do == 'arhive_on') {
        cmsCore::c('db')->setFlag('cms_content', $id, 'is_arhive', '1');
        cmsCore::addSessionMessage($_LANG['AD_ARTICLES_TO_ARHIVE'], 'success');
        cmsCore::redirectBack();
    }

    if ($do == 'move') {
        $item_id = cmsCore::request('id', 'int', 0);
        $cat_id  = cmsCore::request('cat_id', 'int', 0);

        $dir     = cmsCore::request('dir', 'str');
        $step    = 1;

        cmsCore::m('content')->moveItem($item_id, $cat_id, $dir, $step);
        cmsCore::halt(1);
    }

    if ($do == 'move_to_cat') {
        $items     = cmsCore::request('item', 'array_int');
        $to_cat_id = cmsCore::request('obj_id', 'int', 0);

        if ($items && $to_cat_id) {
            $last_ordering = (int)cmsCore::c('db')->get_field('cms_content', "category_id = '". $to_cat_id ."' ORDER BY ordering DESC", 'ordering');
            foreach ($items as $item_id) {
                $article = cmsCore::m('content')->getArticle($item_id);
                if (!$article) { continue; }
                $last_ordering++;
                
                cmsCore::m('content')->updateArticle(
                    $article['id'],
                    array(
                        'category_id' => $to_cat_id,
                        'ordering' => $last_ordering,
                        'url' => $article['url'],
                        'title' => cmsCore::c('db')->escape_string($article['title']),
                        'id' => $article['id'],
                        'user_id' => $article['user_id']
                    )
                );
            }
            
            cmsCore::addSessionMessage($_LANG['AD_ARTICLES_TO'], 'success');
        }

        cmsCore::redirect('?view=tree&cat_id='. $to_cat_id);
    }

    if ($do == 'show') {
        if (!cmsCore::inRequest('item')) {
            if ($id >= 0) { cmsCore::c('db')->setFlag('cms_content', $id, 'published', '1'); }
            cmsCore::halt('1');
        } else {
            cmsCore::c('db')->setFlags('cms_content', cmsCore::request('item', 'array_int'), 'published', '1');
            cmsCore::redirectBack();
        }
    }

    if ($do == 'hide') {
        if (!cmsCore::inRequest('item')) {
            if ($id >= 0) { cmsCore::c('db')->setFlag('cms_content', $id, 'published', '0'); }
            cmsCore::halt('1');
        } else {
            cmsCore::c('db')->setFlags('cms_content', cmsCore::request('item', 'array_int'), 'published', '0');
            cmsCore::redirectBack();
        }
    }

    if ($do == 'delete') {
        if (!cmsCore::inRequest('item')) {
            if ($id >= 0) {
                cmsCore::m('content')->deleteArticle($id);
                cmsCore::addSessionMessage($_LANG['AD_ARTICLE_REMOVE'], 'success');
            }
        } else {
            cmsCore::m('content')->deleteArticles(cmsCore::request('item', 'array_int'));
            cmsCore::addSessionMessage($_LANG['AD_ARTICLES_REMOVE'], 'success');
        }
        cmsCore::redirectBack();
    }

    if ($do == 'update'){
        if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); }
//.........这里部分代码省略.........
开发者ID:Acsac,项目名称:CMS-RuDi,代码行数:101,代码来源:content.php

示例15:

	$blog = $inBlog->getBlog($cat['blog_id']);
	if (!$blog) { cmsCore::halt(); }

	$club = $model->getClub($blog['user_id']);
	if(!$club) { cmsCore::halt(); }

	if(!$club['enabled_blogs']){ cmsCore::halt(); }

	$model->initClubMembers($club['id']);

    $is_admin  = $inUser->is_admin || ($inUser->id == $club['admin_id']);
    $is_moder  = $model->checkUserRightsInClub('moderator');

    if (!$is_admin && !$is_moder) { cmsCore::halt(); }

	if(!cmsUser::checkCsrfToken()) { cmsCore::halt(); }

	$inBlog->deleteBlogCategory($cat['id']);

	cmsCore::addSessionMessage($_LANG['CAT_IS_DELETED'], 'success');

    cmsCore::jsonOutput(array('error' => false, 'redirect'  => $model->getBlogURL($club['id'])));
}
///////////////////////// ПУБЛИКАЦИЯ ПОСТА /////////////////////////////////////
if ($bdo == 'publishpost'){
	if (!cmsCore::isAjax() || !$inUser->id) { return false; }

	$post = $inBlog->getPost($post_id);
	if (!$post){ cmsCore::halt(); }

	$blog = $inBlog->getBlog($post['blog_id']);
开发者ID:Acsac,项目名称:CMS-RuDi,代码行数:31,代码来源:club_blogs.php


注:本文中的cmsUser::checkCsrfToken方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。