// TryLoadDocument <?php /** , ( JSON ): { "type":"agreement", - , , , : carta, license .. "title":"", - "text":". . : ______ ", - , XSS CLeditor, . - . "owner":29, - , , . (.. "") "edit":[29,555,34,52], - , . !! Administrator,Jurists ! "view":[5677,599677,5999898677,855677] - , http://.../docs?doc_id=5 ( ) "view-temp":[{"id":5,"until":1413640050},{"id":9,"until":1413640100},{"id":7,"until":1413640050}] - view, "until"( timestamp) , ( ) "edit-temp":[{"id":5,"until":1413640050},{"id":9,"until":1413640100},{"id":7,"until":1413640050}] - edit, "until"( timestamp) , ( ) } : CREATE TABLE IF NOT EXISTS `documents` ( `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT 'id ', `type` varchar(255) NOT NULL COMMENT ' ', `title` varchar(255) NOT NULL COMMENT ' ', `text` text NOT NULL COMMENT ' ', `owner` bigint(20) NOT NULL COMMENT ' ', `edit` text NOT NULL COMMENT ' , ', `edit-temp` text NOT NULL COMMENT ' ', `view` text NOT NULL COMMENT ' , ', `view-temp` text NOT NULL COMMENT ' ', UNIQUE KEY `id` (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=cp1251 COMMENT=' - ...'; */
<?php class Document {...} if(DOC_API_MODE!="API")// Document, ) { ...// }
define("DOC_API_MODE","API"); include_once 'docs.php';
private $data;// ( $data['title'] - ) private $uid;//=user id — id , ( ) private $modx;// modx API
public function __construct($modx) {//.. $modx ( ), $this->modx=$modx; $this->uid=$this->modx->user->get('id');// }
public function &__set ( $name , $value ) {//( ) title text $allowed=["title","text"]; if(in_array($name,$allowed)) { if($this->editAllowed())// $this->data[$name]=$value; } } public function &__get ( $name ) {// edit & view, ... if($this->isOwner() || $this->viewAllowed() || $this->editAllowed()) { switch ($name) { case "title":return $this->data['title']; case "text": return $this->data['text']; case "id": return $this->data['id']; case "uid": return $this->uid; } } return 'forbidden'; }
public function MakeNew($type,$title,$text)// , { $this->data['text']=$text;// $this->data['title']=$title;// $this->data['view']=[];// $this->data['view-temp']=[]; $this->data['edit']=[];// $this->data['edit-temp']=[]; $this->load($this->saveAsNew($type));// } public function viewAllowed() {// , , - .. $allowed= $this->isOwner()// - || in_array($this->uid,$this->data['view']);// if($allowed) return true; else for($i=0; $i<count($this->data['view-temp']);$i++) if($this->data['view-temp'][$i]->id==$this->uid) return $this->data['view-temp'][$i]->until > time(); return false; } public function editAllowed() {// , , - .. $allowed = $this->isOwner() || // - in_array($this->uid,$this->data['edit']);// if($allowed) return true; else for($i=0; $i<count($this->data['edit-temp']);$i++) if($this->data['edit-temp'][$i]->id==$this->uid) return $this->data['edit-temp'][$i]->until > time(); // '->' - json_decode return false; } public function manageAllowed() {//true . false . return $this->modx->user->isMember('Jurists')||$this->modx->user->isMember('Administrator'); } public function allow($new_user,$can_edit,$time=0) { // - . $new_user - , //$can_edit - ( , ) //$time - ( 0 - . $user_id=(int)$new_user; if($user_id!=0 && $this->manageAllowed()) if($can_edit) { if($this->editAllowed()) { if($time==0)// $this->data['edit'][]=$user_id; else// $time $this->data['edit-temp'][]=["id"=>$user_id,"until"=>time()+$time]; } } else { if($time==0)// $this->data['view'][]=$user_id; else// $time $this->data['view-temp'][]=["id"=>$user_id,"until"=>time()+$time]; } } public function isOwner() { $usual=$this->uid==$this->data['owner'];// : if($usual) return true;// , else// return $this->manageAllowed(); }
private function clearTemp() {// e if(count($this->data['view-temp'])+count($this->data['edit-temp']) > 0)// - { for($i=0; $i<count($this->data['view-temp']);$i++) // , (time()) { if($this->data['view-temp'][$i]->until < time()) unset($this->data['view-temp'][$i]); } $this->data['view-temp']=array_values($this->data['view-temp']);// ( [1,3,5]=>[0,1,2)] for($i=0; $i<count($this->data['edit-temp']);$i++) // , (time()) { if($this->data['edit-temp'][$i]->until < time()) unset($this->data['edit-temp'][$i]); } $this->data['edit-temp'] = array_values($this->data['edit-temp']);// ( [1,3,5]=>[0,1,2)] $this->save();// } }
public function load($id) {// ( , ) $sql="SELECT * FROM `documents` WHERE `id`=:id"; $query = new xPDOCriteria($this->modx, $sql,array(':id'=>$id)); if($query->prepare() && $query->stmt->execute()) {// $this->data = $query->stmt->fetchAll(PDO::FETCH_ASSOC)[0]; if(count($this->data)==0) return false;// , $this->data['edit']=json_decode($this->data['edit']);/// $this->data['edit-temp']=json_decode($this->data['edit-temp']);/// $this->data['view']=json_decode($this->data['view']);/// $this->data['view-temp']=json_decode($this->data['view-temp']);/// $this->clearTemp();// view-temp & edit-temp return true;// , , } else return false;// , } public function save() {// $sql="UPDATE `documents` SET `title`=:title, `text`=:text, `view`=:view, `edit`=:edit, `view-temp`=:viewtemp, `edit-temp`=:edittemp WHERE `id`=:id";// $this->data['view']=json_encode($this->data['view']);/// $this->data['view-temp']=json_encode($this->data['view-temp']);/// $this->data['edit']=json_encode($this->data['edit']);/// $this->data['edit-temp']=json_encode($this->data['edit-temp']);/// $query=new xPDOCriteria($this->modx, $sql, [":title"=>$this->data['title'],":text"=>$this->data['text'],":edit"=>$this->data['edit'],":view"=>$this->data['view'],":edittemp"=>$this->data['edit-temp'],":viewtemp"=>$this->data['view-temp'],":id"=>$this->data["id"]]);// $query->prepare() && $query->stmt->execute();// // $this->data['view']=json_decode($this->data['view']); $this->data['view-temp']=json_decode($this->data['view-temp']); $this->data['edit']=json_decode($this->data['edit']); $this->data['edit-temp']=json_decode($this->data['edit-temp']); } private function saveAsNew($type) {// $type $sql="INSERT INTO `documents` (`title`,`text`,`view`,`edit`,`owner`,`type`) VALUES(:title,:text,:view,:edit,:uid,:type)";// $this->data['view']=json_encode($this->data['view']);/// $this->data['edit']=json_encode($this->data['edit']);/// $this->data['view-temp']=json_encode($this->data['view-temp']);/// $this->data['edit-temp']=json_encode($this->data['edit-temp']);/// $query=new xPDOCriteria($this->modx, $sql, [":title"=>$this->data['title'],":text"=>$this->data['text'],":edit"=>$this->data['edit'],":view"=>$this->data['view'],":uid"=>$this->uid,":type"=>$type]);// // , //$this->modx->log(modX::LOG_LEVEL_ERROR," : ".$query->toSQL()); $query->prepare(); $query->stmt->execute();// return $this->modx->lastInsertId();// id }
if($modx->user->get('id')==0)// , { $modx->sendRedirect($modx->makeUrl(14));// 14, . exit;// , ( ) }
$doc=new Document($modx);// if(!$doc->load($_GET['doc_id']))// {// , ... return ' ...'; }
//!!! Rights, $modx->setPlaceholder('CanManage',$doc->manageAllowed()?'true':'false'); //!!! DocText, $modx->setPlaceholder('CanEdit',$doc->editAllowed()?'true':'false');
function DataToUID($userstr,$modx)// "" { $link_rgx="/(.*uid=)([\d]{1,})(.*)/";// http://* *?uid=56 $id_rgx="/([^\w]{0,})([\d]{1,})/";// id ( ) if(preg_match($link_rgx,$userstr)) {// http://* *?uid=56 $r="$2"; return preg_replace($link_rgx,$r,$userstr); } else if(preg_match($id_rgx,$userstr))// " 234", { $r="$2"; return preg_replace($id_rgx,$r,$userstr);// } else// ? ? { $usr=$modx->getObject('modUser',["username"=>$userstr]);// return $usr?$usr->get('id'):'-1'; } }
if(isset($_POST['add']))// " ... { $userID=(int)DataToUID($_POST['userid'],$modx);// id 'userid' if($userID!='-1')// { if($_POST['allow']=="edit")// ( 'allow') { // $modx->log(modX::LOG_LEVEL_ERROR," #".$doc->id." #".$doc->uid." #".$userID); $doc->allow($userID,true,(int)$_POST['length']); $doc->save(); } else if($_POST['allow']=="view")//// ( 'allow') { // $modx->log(modX::LOG_LEVEL_ERROR," #".$doc->id." #".$doc->uid." #".$userID); $doc->allow($userID,false,(int)$_POST['length']); $doc->save(); } }else $modx->log(modX::LOG_LEVEL_ERROR,"DataToUID . (".$_POST['userid'].")");// , }
if(isset($_POST['edit']))// "" { $modx->log(modX::LOG_LEVEL_ERROR," #".$doc->id." #".$doc->uid);// if(!empty($_POST["text"]))// ( ) { $doc->text=$_POST["text"];// text $doc->save(); $modx->log(modX::LOG_LEVEL_ERROR," #".$doc->id." #".$doc->uid);// } }
/********** *************/ if(!isset($_POST['ajax']))// , . { $output=""; // , , // DocTitle title, . - . $output.=$modx->getChunk('DocTitle',['title'=>$doc->title]); // DocText title, . - . $output.=$modx->getChunk('DocText',['text'=>$doc->text]); $modx->setPlaceholder('doc', $output); return ''; }
if($modx->user->get('id')==0)// , { $modx->sendRedirect($modx->makeUrl(14));// 14, . exit;// , ( ) } /*******/ $doc=new Document($modx);// if(!$doc->load($_GET['doc_id']))// {// , ... return ' ...'; } //!!! Rights, $modx->setPlaceholder('CanManage',$doc->manageAllowed()?'true':'false'); //!!! DocText, $modx->setPlaceholder('CanEdit',$doc->editAllowed()?'true':'false'); function DataToUID($userstr,$modx)// "" { $link_rgx="/(.*uid=)([\d]{1,})(.*)/";// http://* *?uid=56 $id_rgx="/([^\w]{0,})([\d]{1,})/";// id ( ) if(preg_match($link_rgx,$userstr)) {// http://* *?uid=56 $r="$2"; return preg_replace($link_rgx,$r,$userstr); } else if(preg_match($id_rgx,$userstr))// " 234", { $r="$2"; return preg_replace($id_rgx,$r,$userstr);// } else// ? ? { $usr=$modx->getObject('modUser',["username"=>$userstr]);// return $usr?$usr->get('id'):'-1'; } } /********* ***********/ if(isset($_POST['add']))// " ... { $userID=(int)DataToUID($_POST['userid'],$modx);// id 'userid' if($userID!='-1')// { if($_POST['allow']=="edit")// ( 'allow') { // $modx->log(modX::LOG_LEVEL_ERROR," #".$doc->id." #".$doc->uid." #".$userID); $doc->allow($userID,true,(int)$_POST['length']); $doc->save(); } else if($_POST['allow']=="view")//// ( 'allow') { // $modx->log(modX::LOG_LEVEL_ERROR," #".$doc->id." #".$doc->uid." #".$userID); $doc->allow($userID,false,(int)$_POST['length']); $doc->save(); } }else $modx->log(modX::LOG_LEVEL_ERROR,"DataToUID . (".$_POST['userid'].")");// , } if(isset($_POST['edit']))// "" { $modx->log(modX::LOG_LEVEL_ERROR," #".$doc->id." #".$doc->uid);// if(!empty($_POST["text"]))// ( ) { $doc->text=$_POST["text"];// text $doc->save(); $modx->log(modX::LOG_LEVEL_ERROR," #".$doc->id." #".$doc->uid);// } } /********** *************/ if(!isset($_POST['ajax']))// , . { $output=""; // , , // DocTitle title, . - . $output.=$modx->getChunk('DocTitle',['title'=>$doc->title]); // DocText title, . - . $output.=$modx->getChunk('DocText',['text'=>$doc->text]); $modx->setPlaceholder('doc', $output); return ''; } return '...';// , -
<form action="[[~[[*id]]]]?doc_id=[[!GET? ¶m=`doc_id`]]" method="post" > <fieldset><span> ...</span><input type="text" name="userid" style=" background: white; width: 340px; padding: 5px; font-size: 14px; margin: 0 15px; "/> <select name="allow"> <option value="view" selected="selected"></option> <option value="edit"> </option> </select> <select name="length"> <option value="60"> 1 .</option> <option value="600"> 10 .</option> <option value="3600"> .</option> <option value="86400"> .</option> <option value="0">.</option> </select> <input type="hidden" name="add" value="1" /> </fieldset> <input type="submit" value=" !"/> </form>
<h2>[[!+title]]</h2>
[[!If? &subject=`[[!+CanEdit]]` &operator=`EQ` &operand=`true` &then=`<form action="[[~[[*id]]]]?doc_id=[[!GET? ¶m=`doc_id`]]" method="post"> <input type="submit" value=" ..."/>`]] <textarea id="text" name="text" > [[+text]] </textarea> <script type="text/javascript"> CKEDITOR.replace( 'text' ); CKEDITOR.config.height=800; </script> <!-- CKeditor--> [[!If? &subject=`[[!+CanEdit]]` &operator=`EQ` &operand=`true` &then=`<input type="hidden" name="edit" value="1"/> <input type="submit" value=" ..."/> </form>`]]
<? return isset($param)?$_GET[$param.""]:'0';
[[!TryLoadDocument]] [[!If? &subject=`[[!+CanManage]]` &operator=`EQ` &operand=`true` &then=`[[$Rights]]`]] [[!+doc]] [[!If? &subject=`[[!+CanManage]]` &operator=`EQ` &operand=`true` &then=`[[$Rights]]`]]
<script src="//cdn.ckeditor.com/4.4.5/full/ckeditor.js"></script>
<?php ... define("DOC_API_MODE","API"); include_once 'docs.php'; ... $doc= new Document($modx); $title=""; $text=$modx->getChunk('agreement_template');// // - $doc->MakeNew('agreement',$title,$text);//, ...
Source: https://habr.com/ru/post/241357/
All Articles