mirror of
https://github.com/openvk/openvk
synced 2025-07-07 08:19:49 +03:00
Replace OpenVKPresenter
Code formatted for nice view. And removed tracy warning in function onBeforeRender() - added <if> statement to check user session.
This commit is contained in:
FireFox1121
GitHub
parent
610b2bda6d
commit
e2141d17af
1 changed files with 126 additions and 131 deletions
|
|
@ -1,5 +1,9 @@
|
||||||
<?php declare(strict_types=1);
|
<?php
|
||||||
|
|
||||||
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace openvk\Web\Presenters;
|
namespace openvk\Web\Presenters;
|
||||||
|
|
||||||
use Chandler\Signaling\SignalManager;
|
use Chandler\Signaling\SignalManager;
|
||||||
use Chandler\MVC\SimplePresenter;
|
use Chandler\MVC\SimplePresenter;
|
||||||
use Chandler\Session\Session;
|
use Chandler\Session\Session;
|
||||||
|
|
@ -7,16 +11,19 @@ use Chandler\Security\Authenticator;
|
||||||
use Latte\Engine as TemplatingEngine;
|
use Latte\Engine as TemplatingEngine;
|
||||||
use openvk\Web\Models\Entities\IP;
|
use openvk\Web\Models\Entities\IP;
|
||||||
use openvk\Web\Themes\Themepacks;
|
use openvk\Web\Themes\Themepacks;
|
||||||
use openvk\Web\Models\Repositories\{IPs, Users, APITokens};
|
use openvk\Web\Models\Repositories\{
|
||||||
|
IPs,
|
||||||
|
Users,
|
||||||
|
APITokens
|
||||||
|
};
|
||||||
|
|
||||||
|
abstract class OpenVKPresenter extends SimplePresenter {
|
||||||
|
|
||||||
abstract class OpenVKPresenter extends SimplePresenter
|
|
||||||
{
|
|
||||||
protected $banTolerant = false;
|
protected $banTolerant = false;
|
||||||
protected $errorTemplate = "@error";
|
protected $errorTemplate = "@error";
|
||||||
protected $user = NULL;
|
protected $user = NULL;
|
||||||
|
|
||||||
private function calculateQueryString(array $data): string
|
private function calculateQueryString(array $data): string {
|
||||||
{
|
|
||||||
$rawUrl = "tcp+stratum://fakeurl.net$_SERVER[REQUEST_URI]"; #HTTP_HOST can be tainted
|
$rawUrl = "tcp+stratum://fakeurl.net$_SERVER[REQUEST_URI]"; #HTTP_HOST can be tainted
|
||||||
$url = (object) parse_url($rawUrl);
|
$url = (object) parse_url($rawUrl);
|
||||||
$path = $url->path;
|
$path = $url->path;
|
||||||
|
|
@ -24,8 +31,7 @@ abstract class OpenVKPresenter extends SimplePresenter
|
||||||
return "$path?" . http_build_query(array_merge($_GET, $data));
|
return "$path?" . http_build_query(array_merge($_GET, $data));
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function flash(string $type, string $title, ?string $message = NULL, ?int $code = NULL): void
|
protected function flash(string $type, string $title, ?string $message = NULL, ?int $code = NULL): void {
|
||||||
{
|
|
||||||
Session::i()->set("_error", json_encode([
|
Session::i()->set("_error", json_encode([
|
||||||
"type" => $type,
|
"type" => $type,
|
||||||
"title" => $title,
|
"title" => $title,
|
||||||
|
|
@ -34,13 +40,11 @@ abstract class OpenVKPresenter extends SimplePresenter
|
||||||
]));
|
]));
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function setTempTheme(string $theme): void
|
protected function setTempTheme(string $theme): void {
|
||||||
{
|
|
||||||
Session::i()->set("_tempTheme", $theme);
|
Session::i()->set("_tempTheme", $theme);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function flashFail(string $type, string $title, ?string $message = NULL, ?int $code = NULL): void
|
protected function flashFail(string $type, string $title, ?string $message = NULL, ?int $code = NULL): void {
|
||||||
{
|
|
||||||
$this->flash($type, $title, $message, $code);
|
$this->flash($type, $title, $message, $code);
|
||||||
$referer = $_SERVER["HTTP_REFERER"] ?? "/";
|
$referer = $_SERVER["HTTP_REFERER"] ?? "/";
|
||||||
|
|
||||||
|
|
@ -49,15 +53,14 @@ abstract class OpenVKPresenter extends SimplePresenter
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function logInUserWithToken(): void
|
protected function logInUserWithToken(): void {
|
||||||
{
|
|
||||||
$header = $_SERVER["HTTP_AUTHORIZATION"] ?? "";
|
$header = $_SERVER["HTTP_AUTHORIZATION"] ?? "";
|
||||||
$token;
|
$token;
|
||||||
|
|
||||||
preg_match("%Bearer (.*)$%", $header, $matches);
|
preg_match("%Bearer (.*)$%", $header, $matches);
|
||||||
$token = $matches[1] ?? "";
|
$token = $matches[1] ?? "";
|
||||||
$token = (new APITokens)->getByCode($token);
|
$token = (new APITokens)->getByCode($token);
|
||||||
if(!$token) {
|
if (!$token) {
|
||||||
header("HTTP/1.1 401 Unauthorized");
|
header("HTTP/1.1 401 Unauthorized");
|
||||||
header("Content-Type: application/json");
|
header("Content-Type: application/json");
|
||||||
exit(json_encode(["error" => "The access token is invalid"]));
|
exit(json_encode(["error" => "The access token is invalid"]));
|
||||||
|
|
@ -71,11 +74,10 @@ abstract class OpenVKPresenter extends SimplePresenter
|
||||||
$this->template->userTainted = false;
|
$this->template->userTainted = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function assertUserLoggedIn(bool $returnUrl = true): void
|
protected function assertUserLoggedIn(bool $returnUrl = true): void {
|
||||||
{
|
if (is_null($this->user)) {
|
||||||
if(is_null($this->user)) {
|
|
||||||
$loginUrl = "/login";
|
$loginUrl = "/login";
|
||||||
if($returnUrl && $_SERVER["REQUEST_METHOD"] === "GET") {
|
if ($returnUrl && $_SERVER["REQUEST_METHOD"] === "GET") {
|
||||||
$currentUrl = function_exists("get_current_url") ? get_current_url() : $_SERVER["REQUEST_URI"];
|
$currentUrl = function_exists("get_current_url") ? get_current_url() : $_SERVER["REQUEST_URI"];
|
||||||
$loginUrl .= "?jReturnTo=" . rawurlencode($currentUrl);
|
$loginUrl .= "?jReturnTo=" . rawurlencode($currentUrl);
|
||||||
}
|
}
|
||||||
|
|
@ -87,10 +89,9 @@ abstract class OpenVKPresenter extends SimplePresenter
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function hasPermission(string $model, string $action, int $context): bool
|
protected function hasPermission(string $model, string $action, int $context): bool {
|
||||||
{
|
if (is_null($this->user)) {
|
||||||
if(is_null($this->user)) {
|
if ($model !== "user") {
|
||||||
if($model !== "user") {
|
|
||||||
$this->flash("info", "Недостаточно прав", "Чтобы просматривать эту страницу, нужно зайти на сайт.");
|
$this->flash("info", "Недостаточно прав", "Чтобы просматривать эту страницу, нужно зайти на сайт.");
|
||||||
|
|
||||||
header("HTTP/1.1 302 Found");
|
header("HTTP/1.1 302 Found");
|
||||||
|
|
@ -104,56 +105,53 @@ abstract class OpenVKPresenter extends SimplePresenter
|
||||||
return (bool) $this->user->raw->can($action)->model($model)->whichBelongsTo($context === -1 ? null : $context);
|
return (bool) $this->user->raw->can($action)->model($model)->whichBelongsTo($context === -1 ? null : $context);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function assertPermission(string $model, string $action, int $context, bool $throw = false): void
|
protected function assertPermission(string $model, string $action, int $context, bool $throw = false): void {
|
||||||
{
|
if ($this->hasPermission($model, $action, $context))
|
||||||
if($this->hasPermission($model, $action, $context)) return;
|
return;
|
||||||
|
|
||||||
if($throw)
|
if ($throw)
|
||||||
throw new SecurityPolicyViolationException("Permission error");
|
throw new SecurityPolicyViolationException("Permission error");
|
||||||
else
|
else
|
||||||
$this->flashFail("err", "Недостаточно прав", "У вас недостаточно прав чтобы выполнять это действие.");
|
$this->flashFail("err", "Недостаточно прав", "У вас недостаточно прав чтобы выполнять это действие.");
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function assertCaptchaCheckPassed(): void
|
protected function assertCaptchaCheckPassed(): void {
|
||||||
{
|
if (!check_captcha())
|
||||||
if(!check_captcha())
|
|
||||||
$this->flashFail("err", "Неправильно введены символы", "Пожалуйста, убедитесь, что вы правильно заполнили поле с капчей.");
|
$this->flashFail("err", "Неправильно введены символы", "Пожалуйста, убедитесь, что вы правильно заполнили поле с капчей.");
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function willExecuteWriteAction(): void
|
protected function willExecuteWriteAction(): void {
|
||||||
{
|
|
||||||
$ip = (new IPs)->get(CONNECTING_IP);
|
$ip = (new IPs)->get(CONNECTING_IP);
|
||||||
$res = $ip->rateLimit();
|
$res = $ip->rateLimit();
|
||||||
|
|
||||||
if(!($res === IP::RL_RESET || $res === IP::RL_CANEXEC)) {
|
if (!($res === IP::RL_RESET || $res === IP::RL_CANEXEC)) {
|
||||||
if($res === IP::RL_BANNED && OPENVK_ROOT_CONF["openvk"]["preferences"]["security"]["rateLimits"]["autoban"]) {
|
if ($res === IP::RL_BANNED && OPENVK_ROOT_CONF["openvk"]["preferences"]["security"]["rateLimits"]["autoban"]) {
|
||||||
$this->user->identity->ban("Account has possibly been stolen");
|
$this->user->identity->ban("Account has possibly been stolen");
|
||||||
exit("Хакеры? Интересно...");
|
exit("Хакеры? Интересно...");
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->flashFail("err", "Чумба, ты совсем ёбнутый?", "Сходи к мозгоправу, попей колёсики. В OpenVK нельзя вбрасывать щитпосты так часто. Код исключения: $res.");
|
$this->flashFail("err", "Чумба, ты совсем ёбнутый?", "Сходи к мозгоправу, попей колёсики. В OpenVK нельзя вбрасывать щитпосты так часто. Код исключения: $res.");
|
||||||
|
//$this->flashFail("err", "Чумба, ты совсем ёбнутый?", "Пиздуй к мозгоправу, проглоти колёсики. В OpenVK нельзя вбрасывать щитпосты так часто. Код исключения: $res.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function signal(object $event): bool
|
protected function signal(object $event): bool {
|
||||||
{
|
|
||||||
return (SignalManager::i())->triggerEvent($event, $this->user->id);
|
return (SignalManager::i())->triggerEvent($event, $this->user->id);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function logEvent(string $type, array $data): bool
|
protected function logEvent(string $type, array $data): bool {
|
||||||
{
|
|
||||||
$db = eventdb();
|
$db = eventdb();
|
||||||
if(!$db)
|
if (!$db)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
$data = array_merge([
|
$data = array_merge([
|
||||||
"timestamp" => time(),
|
"timestamp" => time(),
|
||||||
"verified" => (int) true,
|
"verified" => (int) true,
|
||||||
], $data);
|
], $data);
|
||||||
$columns = implode(", ", array_map(function($col) {
|
$columns = implode(", ", array_map(function ($col) {
|
||||||
return "`" . addslashes($col) . "`";
|
return "`" . addslashes($col) . "`";
|
||||||
}, array_keys($data)));
|
}, array_keys($data)));
|
||||||
$values = implode(", ", array_map(function($val) {
|
$values = implode(", ", array_map(function ($val) {
|
||||||
return "'" . addslashes((string) (int) $val) . "'";
|
return "'" . addslashes((string) (int) $val) . "'";
|
||||||
}, array_values($data)));
|
}, array_values($data)));
|
||||||
|
|
||||||
|
|
@ -165,28 +163,25 @@ abstract class OpenVKPresenter extends SimplePresenter
|
||||||
/**
|
/**
|
||||||
* @override
|
* @override
|
||||||
*/
|
*/
|
||||||
protected function sendmail(string $to, string $template, array $params = []): void
|
protected function sendmail(string $to, string $template, array $params = []): void {
|
||||||
{
|
|
||||||
parent::sendmail($to, __DIR__ . "/../../Email/$template", $params);
|
parent::sendmail($to, __DIR__ . "/../../Email/$template", $params);
|
||||||
}
|
}
|
||||||
|
|
||||||
function getTemplatingEngine(): TemplatingEngine
|
function getTemplatingEngine(): TemplatingEngine {
|
||||||
{
|
|
||||||
$latte = parent::getTemplatingEngine();
|
$latte = parent::getTemplatingEngine();
|
||||||
$latte->addFilter("translate", function($s) {
|
$latte->addFilter("translate", function ($s) {
|
||||||
return tr($s);
|
return tr($s);
|
||||||
});
|
});
|
||||||
|
|
||||||
return $latte;
|
return $latte;
|
||||||
}
|
}
|
||||||
|
|
||||||
function onStartup(): void
|
function onStartup(): void {
|
||||||
{
|
|
||||||
$user = Authenticator::i()->getUser();
|
$user = Authenticator::i()->getUser();
|
||||||
|
|
||||||
$this->template->isXmas = intval(date('d')) >= 15 && date('m') == 12 || intval(date('d')) <= 15 && date('m') == 1 ? true : false;
|
$this->template->isXmas = intval(date('d')) >= 15 && date('m') == 12 || intval(date('d')) <= 15 && date('m') == 1 ? true : false;
|
||||||
|
|
||||||
if(!is_null($user)) {
|
if (!is_null($user)) {
|
||||||
$this->user = (object) [];
|
$this->user = (object) [];
|
||||||
$this->user->raw = $user;
|
$this->user->raw = $user;
|
||||||
$this->user->identity = (new Users)->getByChandlerUser($user);
|
$this->user->identity = (new Users)->getByChandlerUser($user);
|
||||||
|
|
@ -194,7 +189,7 @@ abstract class OpenVKPresenter extends SimplePresenter
|
||||||
$this->template->thisUser = $this->user->identity;
|
$this->template->thisUser = $this->user->identity;
|
||||||
$this->template->userTainted = $user->isTainted();
|
$this->template->userTainted = $user->isTainted();
|
||||||
|
|
||||||
if($this->user->identity->isBanned() && !$this->banTolerant) {
|
if ($this->user->identity->isBanned() && !$this->banTolerant) {
|
||||||
header("HTTP/1.1 403 Forbidden");
|
header("HTTP/1.1 403 Forbidden");
|
||||||
$this->getTemplatingEngine()->render(__DIR__ . "/templates/@banned.xml", [
|
$this->getTemplatingEngine()->render(__DIR__ . "/templates/@banned.xml", [
|
||||||
"thisUser" => $this->user->identity,
|
"thisUser" => $this->user->identity,
|
||||||
|
|
@ -206,7 +201,6 @@ abstract class OpenVKPresenter extends SimplePresenter
|
||||||
$this->user->identity->setOnline(time());
|
$this->user->identity->setOnline(time());
|
||||||
$this->user->identity->save();
|
$this->user->identity->save();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
setlocale(LC_TIME, ...(explode(";", tr("__locale"))));
|
setlocale(LC_TIME, ...(explode(";", tr("__locale"))));
|
||||||
|
|
@ -214,29 +208,30 @@ abstract class OpenVKPresenter extends SimplePresenter
|
||||||
parent::onStartup();
|
parent::onStartup();
|
||||||
}
|
}
|
||||||
|
|
||||||
function onBeforeRender(): void
|
function onBeforeRender(): void {
|
||||||
{
|
|
||||||
parent::onBeforeRender();
|
parent::onBeforeRender();
|
||||||
|
|
||||||
if(!is_null($this->user)) {
|
if (!is_null($this->user)) {
|
||||||
$theme = $this->user->identity->getTheme();
|
$theme = $this->user->identity->getTheme();
|
||||||
if(!is_null($theme) && $theme->overridesTemplates()) {
|
if (!is_null($theme) && $theme->overridesTemplates()) {
|
||||||
$this->template->_templatePath = $theme->getBaseDir() . "/tpl";
|
$this->template->_templatePath = $theme->getBaseDir() . "/tpl";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!is_null(Session::i()->get("_error"))) {
|
if (!is_null(Session::i()->get("_error"))) {
|
||||||
$this->template->flashMessage = json_decode(Session::i()->get("_error"));
|
$this->template->flashMessage = json_decode(Session::i()->get("_error"));
|
||||||
Session::i()->set("_error", NULL);
|
Session::i()->set("_error", NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(Session::i()->get("_tempTheme"))
|
if (Session::i()->get("_tempTheme"))
|
||||||
$this->template->theme = Themepacks::i()[Session::i()->get("_tempTheme", "ovk")];
|
$this->template->theme = Themepacks::i()[Session::i()->get("_tempTheme", "ovk")];
|
||||||
else if($this->requestParam("themePreview"))
|
else if ($this->requestParam("themePreview"))
|
||||||
$this->template->theme = Themepacks::i()[$this->requestParam("themePreview")];
|
$this->template->theme = Themepacks::i()[$this->requestParam("themePreview")];
|
||||||
else if($this->user->identity !== null && $this->user->identity->getTheme())
|
else if (!is_null($this->user)) {
|
||||||
|
if ($this->user->identity !== null && $this->user->identity->getTheme()) {
|
||||||
$this->template->theme = $this->user->identity->getTheme();
|
$this->template->theme = $this->user->identity->getTheme();
|
||||||
|
}
|
||||||
// Знаю, каша ебаная, целестора рефактор всё равно сделает :)))
|
// Знаю, каша ебаная, целестора рефактор всё равно сделает :)))
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
Loading…
Reference in a new issue