/**
* @Route(methods="POST", defaults={"_maintenance" = true})
* @Request({"credentials": "array", "remember_me": "boolean", "redirect": "string"})
*/
public function authenticateAction($credentials, $remember = false, $redirect = '')
{
try {
if (!App::csrf()->validate()) {
throw new CsrfException(__('Invalid token. Please try again.'));
}
App::auth()->authorize($user = App::auth()->authenticate($credentials, false));
if (($event = App::auth()->login($user, $remember)) && $event->hasResponse()) {
return $event->getResponse();
}
if (App::request()->isXmlHttpRequest()) {
return App::response()->json(['csrf' => App::csrf()->generate()]);
} else {
return App::redirect(preg_replace('#(https?:)?//[^/]+#', '', $redirect));
}
} catch (CsrfException $e) {
if (App::request()->isXmlHttpRequest()) {
return App::response()->json(['csrf' => App::csrf()->generate()], 401);
}
$error = $e->getMessage();
} catch (BadCredentialsException $e) {
$error = __('Invalid username or password.');
} catch (AuthException $e) {
$error = $e->getMessage();
}
if (App::request()->isXmlHttpRequest()) {
App::abort(401, $error);
} else {
App::message()->error($error);
return App::redirect(preg_replace('#(https?:)?//[^/]+#', '', App::url()->previous()));
}
}
/**
* @Route(methods="POST", defaults={"_maintenance" = true})
* @Request({"credentials": "array", "_remember_me": "boolean"})
*/
public function authenticateAction($credentials, $remember = false)
{
$isXml = App::request()->isXmlHttpRequest();
try {
if (!App::csrf()->validate()) {
throw new AuthException(__('Invalid token. Please try again.'));
}
App::auth()->authorize($user = App::auth()->authenticate($credentials, false));
if (!$isXml) {
return App::auth()->login($user, $remember);
} else {
App::auth()->setUser($user, $remember);
return ['success' => true];
}
} catch (BadCredentialsException $e) {
$error = __('Invalid username or password.');
} catch (AuthException $e) {
$error = $e->getMessage();
}
if (!$isXml) {
App::message()->error($error);
return App::redirect(App::url()->previous());
} else {
App::abort(400, $error);
}
}
/**
* @Request({"user", "key"})
*/
public function confirmAction($username = "", $activation = "")
{
if (empty($username) || empty($activation) || !($user = User::where(compact('username', 'activation'))->first())) {
return $this->messageView(__('Invalid key.'), $success = false);
}
if ($user->isBlocked()) {
return $this->messageView(__('Your account has not been activated or is blocked.'), $success = false);
}
$error = '';
if ('POST' === App::request()->getMethod()) {
try {
if (!App::csrf()->validate()) {
throw new Exception(__('Invalid token. Please try again.'));
}
$password = App::request()->request->get('password');
if (empty($password)) {
throw new Exception(__('Enter password.'));
}
if ($password != trim($password)) {
throw new Exception(__('Invalid password.'));
}
$user->password = App::get('auth.password')->hash($password);
$user->activation = null;
$user->save();
App::message()->success(__('Your password has been reset.'));
return App::redirect('@user/login');
} catch (Exception $e) {
$error = $e->getMessage();
}
}
return ['$view' => ['title' => __('Reset Confirm'), 'name' => 'system/user/reset-confirm.php'], 'username' => $username, 'activation' => $activation, 'error' => $error];
}
/**
* @Request({"redirect": "string"}, csrf=true)
*/
public function migrateAction($redirect = null)
{
if ($updates = $this->scripts->hasUpdates()) {
$this->scripts->update();
$message = __('Your Pagekit database has been updated successfully.');
} else {
$message = __('Your database is up to date.');
}
App::config('system')->set('version', App::version());
if ($redirect) {
App::message()->success($message);
return App::redirect($redirect);
}
return App::response()->json(compact('status', 'message'));
}
/**
* @Route(methods="POST", defaults={"_maintenance" = true})
* @Request({"credentials": "array"})
*/
public function authenticateAction($credentials)
{
try {
if (!App::csrf()->validate()) {
throw new AuthException(__('Invalid token. Please try again.'));
}
App::auth()->authorize($user = App::auth()->authenticate($credentials, false));
return App::auth()->login($user, App::request()->get(Auth::REMEMBER_ME_PARAM));
} catch (BadCredentialsException $e) {
App::message()->error(__('Invalid username or password.'));
} catch (AuthException $e) {
App::message()->error($e->getMessage());
}
return App::redirect(App::url()->previous());
}
/**
* @Route("/file/edit", name="file/edit")
* @Access("download: manage downloads")
* @Request({"id": "int"})
*/
public function editAction($id = 0)
{
try {
if (!($file = File::where(compact('id'))->related('categories')->first())) {
if ($id) {
App::abort(404, __('Invalid file id.'));
}
$file = File::create(['status' => 1, 'slug' => '', 'data' => [], 'tags' => [], 'date' => new \DateTime()]);
$file->set('markdown', $this->download->config('markdown'));
}
return ['$view' => ['title' => $id ? __('Edit download') : __('Add download'), 'name' => 'bixie/download/admin/file.php'], '$data' => ['categories' => Category::findAll(), 'statuses' => File::getStatuses(), 'roles' => array_values(Role::findAll()), 'config' => $this->download->config(), 'file' => $file, 'tags' => File::allTags()], 'file' => $file];
} catch (\Exception $e) {
App::message()->error($e->getMessage());
return App::redirect('@download/download');
}
}
/**
* @Request({"redirect": "string"}, csrf=true)
*/
public function migrateAction($redirect = null)
{
$config = App::config('system');
$manager = new PackageManager();
$scripts = $manager->loadScripts(null, __DIR__ . '/../../scripts.php');
if (isset($scripts['updates'])) {
$updates = $manager->filterUpdates($scripts['updates'], $config->get('version'));
$manager->execute($updates);
}
$config->set('version', App::version());
$message = __('Your Pagekit database has been updated successfully.');
if ($redirect) {
App::message()->success($message);
return App::redirect($redirect);
}
return App::response()->json(compact('status', 'message'));
}
/**
* @Route("/project/edit", name="project/edit")
* @Access("portfolio: manage portfolio")
* @Request({"id": "int"})
*/
public function editAction($id = 0)
{
try {
if (!($project = Project::where(compact('id'))->first())) {
if ($id) {
App::abort(404, __('Invalid project id.'));
}
$module = App::module('bixie/portfolio');
$project = Project::create(['data' => [], 'tags' => [], 'date' => new \DateTime()]);
$project->set('markdown', $module->config('markdown'));
}
return ['$view' => ['title' => $id ? __('Edit Project') : __('Add Project'), 'name' => 'bixie/portfolio/admin/project.php'], '$data' => ['config' => App::module('bixie/portfolio')->config(), 'project' => $project, 'tags' => Project::allTags()], 'project' => $project];
} catch (\Exception $e) {
App::message()->error($e->getMessage());
return App::redirect('@portfolio/post');
}
}
/**
* @Route("/post/edit", name="post/edit")
* @Access("blog: manage own posts || blog: manage all posts")
* @Request({"id": "int"})
*/
public function editAction($id = 0)
{
try {
if (!($post = Post::where(compact('id'))->related('user')->first())) {
if ($id) {
App::abort(404, __('Invalid post id.'));
}
$module = App::module('blog');
$post = Post::create(['user_id' => App::user()->id, 'status' => Post::STATUS_DRAFT, 'date' => new \DateTime(), 'comment_status' => (bool) $module->config('posts.comments_enabled')]);
$post->set('title', $module->config('posts.show_title'));
$post->set('markdown', $module->config('posts.markdown_enabled'));
}
$user = App::user();
if (!$user->hasAccess('blog: manage all posts') && $post->user_id !== $user->id) {
App::abort(403, __('Insufficient User Rights.'));
}
$roles = App::db()->createQueryBuilder()->from('@system_role')->where(['id' => Role::ROLE_ADMINISTRATOR])->whereInSet('permissions', ['blog: manage all posts', 'blog: manage own posts'], false, 'OR')->execute('id')->fetchAll(\PDO::FETCH_COLUMN);
$authors = App::db()->createQueryBuilder()->from('@system_user')->whereInSet('roles', $roles)->execute('id, username')->fetchAll();
return ['$view' => ['title' => $id ? __('Edit Post') : __('Add Post'), 'name' => 'blog/admin/post-edit.php'], '$data' => ['post' => $post, 'statuses' => Post::getStatuses(), 'roles' => array_values(Role::findAll()), 'canEditAll' => $user->hasAccess('blog: manage all posts'), 'authors' => $authors], 'post' => $post];
} catch (\Exception $e) {
App::message()->error($e->getMessage());
return App::redirect('@blog/post');
}
}
/**
* @Request({"user", "key"})
*/
public function activateAction($username, $activation)
{
if (empty($username) || empty($activation) || !($user = User::where(['username' => $username, 'activation' => $activation, 'status' => User::STATUS_BLOCKED, 'access IS NULL'])->first())) {
App::message()->error(__('Invalid key.'));
return App::redirect();
}
if ($admin = $this->module->config('registration') == 'approval' and !$user->get('verified')) {
$user->activation = App::get('auth.random')->generateString(32);
$this->sendApproveMail($user);
App::message()->success(__('Your email has been verified. Once an administrator approves your account, you will be notified by email.'));
} else {
$user->set('verified', true);
$user->status = User::STATUS_ACTIVE;
$user->activation = '';
$this->sendWelcomeEmail($user);
if ($admin) {
App::message()->success(__('The user\'s account has been activated and the user has been notified about it.'));
} else {
App::message()->success(__('Your account has been activated.'));
}
}
$user->save();
return App::redirect('@user/login');
}
