/** * @Route(methods="POST", defaults={"_maintenance" = true}) * @Request({"credentials": "array", "remember_me": "boolean", "redirect": "string"}) */ public function authenticateAction($credentials, $remember = false, $redirect = '') { try { if (!App::csrf()->validate()) { throw new CsrfException(__('Invalid token. Please try again.')); } App::auth()->authorize($user = App::auth()->authenticate($credentials, false)); if (($event = App::auth()->login($user, $remember)) && $event->hasResponse()) { return $event->getResponse(); } if (App::request()->isXmlHttpRequest()) { return App::response()->json(['csrf' => App::csrf()->generate()]); } else { return App::redirect(preg_replace('#(https?:)?//[^/]+#', '', $redirect)); } } catch (CsrfException $e) { if (App::request()->isXmlHttpRequest()) { return App::response()->json(['csrf' => App::csrf()->generate()], 401); } $error = $e->getMessage(); } catch (BadCredentialsException $e) { $error = __('Invalid username or password.'); } catch (AuthException $e) { $error = $e->getMessage(); } if (App::request()->isXmlHttpRequest()) { App::abort(401, $error); } else { App::message()->error($error); return App::redirect(preg_replace('#(https?:)?//[^/]+#', '', App::url()->previous())); } }
/** * @Route(methods="POST", defaults={"_maintenance" = true}) * @Request({"credentials": "array", "_remember_me": "boolean"}) */ public function authenticateAction($credentials, $remember = false) { $isXml = App::request()->isXmlHttpRequest(); try { if (!App::csrf()->validate()) { throw new AuthException(__('Invalid token. Please try again.')); } App::auth()->authorize($user = App::auth()->authenticate($credentials, false)); if (!$isXml) { return App::auth()->login($user, $remember); } else { App::auth()->setUser($user, $remember); return ['success' => true]; } } catch (BadCredentialsException $e) { $error = __('Invalid username or password.'); } catch (AuthException $e) { $error = $e->getMessage(); } if (!$isXml) { App::message()->error($error); return App::redirect(App::url()->previous()); } else { App::abort(400, $error); } }
/** * @Request({"user", "key"}) */ public function confirmAction($username = "", $activation = "") { if (empty($username) || empty($activation) || !($user = User::where(compact('username', 'activation'))->first())) { return $this->messageView(__('Invalid key.'), $success = false); } if ($user->isBlocked()) { return $this->messageView(__('Your account has not been activated or is blocked.'), $success = false); } $error = ''; if ('POST' === App::request()->getMethod()) { try { if (!App::csrf()->validate()) { throw new Exception(__('Invalid token. Please try again.')); } $password = App::request()->request->get('password'); if (empty($password)) { throw new Exception(__('Enter password.')); } if ($password != trim($password)) { throw new Exception(__('Invalid password.')); } $user->password = App::get('auth.password')->hash($password); $user->activation = null; $user->save(); App::message()->success(__('Your password has been reset.')); return App::redirect('@user/login'); } catch (Exception $e) { $error = $e->getMessage(); } } return ['$view' => ['title' => __('Reset Confirm'), 'name' => 'system/user/reset-confirm.php'], 'username' => $username, 'activation' => $activation, 'error' => $error]; }
/** * @Request({"redirect": "string"}, csrf=true) */ public function migrateAction($redirect = null) { if ($updates = $this->scripts->hasUpdates()) { $this->scripts->update(); $message = __('Your Pagekit database has been updated successfully.'); } else { $message = __('Your database is up to date.'); } App::config('system')->set('version', App::version()); if ($redirect) { App::message()->success($message); return App::redirect($redirect); } return App::response()->json(compact('status', 'message')); }
/** * @Route(methods="POST", defaults={"_maintenance" = true}) * @Request({"credentials": "array"}) */ public function authenticateAction($credentials) { try { if (!App::csrf()->validate()) { throw new AuthException(__('Invalid token. Please try again.')); } App::auth()->authorize($user = App::auth()->authenticate($credentials, false)); return App::auth()->login($user, App::request()->get(Auth::REMEMBER_ME_PARAM)); } catch (BadCredentialsException $e) { App::message()->error(__('Invalid username or password.')); } catch (AuthException $e) { App::message()->error($e->getMessage()); } return App::redirect(App::url()->previous()); }
/** * @Route("/file/edit", name="file/edit") * @Access("download: manage downloads") * @Request({"id": "int"}) */ public function editAction($id = 0) { try { if (!($file = File::where(compact('id'))->related('categories')->first())) { if ($id) { App::abort(404, __('Invalid file id.')); } $file = File::create(['status' => 1, 'slug' => '', 'data' => [], 'tags' => [], 'date' => new \DateTime()]); $file->set('markdown', $this->download->config('markdown')); } return ['$view' => ['title' => $id ? __('Edit download') : __('Add download'), 'name' => 'bixie/download/admin/file.php'], '$data' => ['categories' => Category::findAll(), 'statuses' => File::getStatuses(), 'roles' => array_values(Role::findAll()), 'config' => $this->download->config(), 'file' => $file, 'tags' => File::allTags()], 'file' => $file]; } catch (\Exception $e) { App::message()->error($e->getMessage()); return App::redirect('@download/download'); } }
/** * @Request({"redirect": "string"}, csrf=true) */ public function migrateAction($redirect = null) { $config = App::config('system'); $manager = new PackageManager(); $scripts = $manager->loadScripts(null, __DIR__ . '/../../scripts.php'); if (isset($scripts['updates'])) { $updates = $manager->filterUpdates($scripts['updates'], $config->get('version')); $manager->execute($updates); } $config->set('version', App::version()); $message = __('Your Pagekit database has been updated successfully.'); if ($redirect) { App::message()->success($message); return App::redirect($redirect); } return App::response()->json(compact('status', 'message')); }
/** * @Route("/project/edit", name="project/edit") * @Access("portfolio: manage portfolio") * @Request({"id": "int"}) */ public function editAction($id = 0) { try { if (!($project = Project::where(compact('id'))->first())) { if ($id) { App::abort(404, __('Invalid project id.')); } $module = App::module('bixie/portfolio'); $project = Project::create(['data' => [], 'tags' => [], 'date' => new \DateTime()]); $project->set('markdown', $module->config('markdown')); } return ['$view' => ['title' => $id ? __('Edit Project') : __('Add Project'), 'name' => 'bixie/portfolio/admin/project.php'], '$data' => ['config' => App::module('bixie/portfolio')->config(), 'project' => $project, 'tags' => Project::allTags()], 'project' => $project]; } catch (\Exception $e) { App::message()->error($e->getMessage()); return App::redirect('@portfolio/post'); } }
/** * @Route("/post/edit", name="post/edit") * @Access("blog: manage own posts || blog: manage all posts") * @Request({"id": "int"}) */ public function editAction($id = 0) { try { if (!($post = Post::where(compact('id'))->related('user')->first())) { if ($id) { App::abort(404, __('Invalid post id.')); } $module = App::module('blog'); $post = Post::create(['user_id' => App::user()->id, 'status' => Post::STATUS_DRAFT, 'date' => new \DateTime(), 'comment_status' => (bool) $module->config('posts.comments_enabled')]); $post->set('title', $module->config('posts.show_title')); $post->set('markdown', $module->config('posts.markdown_enabled')); } $user = App::user(); if (!$user->hasAccess('blog: manage all posts') && $post->user_id !== $user->id) { App::abort(403, __('Insufficient User Rights.')); } $roles = App::db()->createQueryBuilder()->from('@system_role')->where(['id' => Role::ROLE_ADMINISTRATOR])->whereInSet('permissions', ['blog: manage all posts', 'blog: manage own posts'], false, 'OR')->execute('id')->fetchAll(\PDO::FETCH_COLUMN); $authors = App::db()->createQueryBuilder()->from('@system_user')->whereInSet('roles', $roles)->execute('id, username')->fetchAll(); return ['$view' => ['title' => $id ? __('Edit Post') : __('Add Post'), 'name' => 'blog/admin/post-edit.php'], '$data' => ['post' => $post, 'statuses' => Post::getStatuses(), 'roles' => array_values(Role::findAll()), 'canEditAll' => $user->hasAccess('blog: manage all posts'), 'authors' => $authors], 'post' => $post]; } catch (\Exception $e) { App::message()->error($e->getMessage()); return App::redirect('@blog/post'); } }
/** * @Request({"user", "key"}) */ public function activateAction($username, $activation) { if (empty($username) || empty($activation) || !($user = User::where(['username' => $username, 'activation' => $activation, 'status' => User::STATUS_BLOCKED, 'access IS NULL'])->first())) { App::message()->error(__('Invalid key.')); return App::redirect(); } if ($admin = $this->module->config('registration') == 'approval' and !$user->get('verified')) { $user->activation = App::get('auth.random')->generateString(32); $this->sendApproveMail($user); App::message()->success(__('Your email has been verified. Once an administrator approves your account, you will be notified by email.')); } else { $user->set('verified', true); $user->status = User::STATUS_ACTIVE; $user->activation = ''; $this->sendWelcomeEmail($user); if ($admin) { App::message()->success(__('The user\'s account has been activated and the user has been notified about it.')); } else { App::message()->success(__('Your account has been activated.')); } } $user->save(); return App::redirect('@user/login'); }