public function generateKeysForAllMembers($intField)
{
if (!$intField) {
return '';
}
$objMembers = \Database::getInstance()->execute("SELECT * FROM tl_member WHERE loginLink = ''");
while ($objMembers->next()) {
\Database::getInstance()->prepare("UPDATE tl_member %s WHERE id = ?")->set(array('loginLink' => \LoginLink::generateLoginKey()))->execute($objMembers->id);
}
$_SESSION['TL_INFO'][] = sprintf('LoginKeys für %s Mitglieder generiert und gespeichert!', $objMembers->numRows);
\Config::persist('login_link_generateKeysForAllMembers', '');
}
/**
* Check for new \Contao versions
*/
public function checkForUpdates()
{
if (!is_numeric(BUILD)) {
return;
}
$objRequest = new \Request();
$objRequest->send(\Config::get('liveUpdateBase') . (LONG_TERM_SUPPORT ? 'lts-version.txt' : 'version.txt'));
if (!$objRequest->hasError()) {
\Config::set('latestVersion', $objRequest->response);
\Config::persist('latestVersion', $objRequest->response);
}
// Add a log entry
$this->log('Checked for Contao updates', __METHOD__, TL_CRON);
}
/**
* Generate module:
* - Display a wildcard in the back end
* - Declare actionlist with templates and compilers in the front end
* @return string
*/
public function generate()
{
if (Input::get('update') != 'database' && !extension_loaded('soap')) {
System::loadLanguageFile('tl_repository');
$theme = new RepositoryBackendTheme();
return '
<div id="tl_buttons" class="buttonwrapper">
' . $theme->createMainButton('dbcheck16', $this->createUrl(array('update' => 'database')), $GLOBALS['TL_LANG']['tl_repository']['updatedatabase']) . '
</div>
<p class="tl_empty">' . $GLOBALS['TL_LANG']['tl_repository']['missingSoapModule'] . '</p>';
}
// if
$this->actions = array(array('', 'repository_mgrlist', 'listinsts'), array('edit', 'repository_mgredit', 'edit'), array('install', 'repository_mgrinst', 'install'), array('upgrade', 'repository_mgrupgd', 'upgrade'), array('update', 'repository_mgrupdt', 'update'), array('uninstall', 'repository_mgruist', 'uninstall'));
// Switch to maintenance mode (see #4561)
if (Input::post('repository_action') == 'install' || Input::post('repository_action') == 'uninstall') {
Config::persist('maintenanceMode', true);
}
return parent::generate();
}
/**
* Initialize the controller
*
* 1. Import the user
* 2. Call the parent constructor
* 3. Authenticate the user
* 4. Load the language files
* DO NOT CHANGE THIS ORDER!
*/
public function __construct()
{
$this->import('BackendUser', 'User');
parent::__construct();
$this->User->authenticate();
// Password change required
if ($this->User->pwChange) {
$objSession = $this->Database->prepare("SELECT su FROM tl_session WHERE sessionID=? AND pid=?")->execute(session_id(), $this->User->id);
if (!$objSession->su) {
$this->redirect('contao/password.php');
}
}
// Front end redirect
if (\Input::get('do') == 'feRedirect') {
$this->redirectToFrontendPage(\Input::get('page'), \Input::get('article'));
}
// Convenience functions
if ($this->User->isAdmin) {
// Safe mode off
if (\Input::get('smo')) {
$this->import('Automator');
$this->Automator->purgeInternalCache();
\Config::persist('coreOnlyMode', false);
$this->redirect($this->getReferer());
}
// Maintenance mode off
if (\Input::get('mmo')) {
\Config::persist('maintenanceMode', false);
$this->redirect($this->getReferer());
}
// Build internal cache
if (\Input::get('bic')) {
$this->import('Automator');
$this->Automator->generateInternalCache();
$this->redirect($this->getReferer());
}
}
\System::loadLanguageFile('default');
\System::loadLanguageFile('modules');
}
/**
* Version 3.0.0 update
*/
protected function update300()
{
// Step 1: database structure
if (!$this->Database->tableExists('tl_files')) {
$this->enableSafeMode();
if (\Input::post('FORM_SUBMIT') == 'tl_30update') {
$this->import('Database\\Updater', 'Updater');
$this->Updater->run300Update();
$this->reload();
}
// Disable the tasks extension (see #4907)
if (is_dir(TL_ROOT . '/system/modules/tasks')) {
\System::disableModule('tasks');
}
// Reset the upload path if it has been changed already (see #5560 and #5870)
if (\Config::get('uploadPath') == 'files' && is_dir(TL_ROOT . '/tl_files')) {
\Config::set('uploadPath', 'tl_files');
\Config::persist('uploadPath', 'tl_files');
}
// Show a warning if the upload folder does not exist (see #4626)
if (!is_dir(TL_ROOT . '/' . \Config::get('uploadPath'))) {
$this->Template->filesWarning = sprintf($GLOBALS['TL_LANG']['tl_install']['filesWarning'], '<a href="https://gist.github.com/3304014" target="_blank">https://gist.github.com/3304014</a>');
}
$this->Template->step = 1;
$this->Template->is30Update = true;
$this->outputAndExit();
}
$objRow = $this->Database->query("SELECT COUNT(*) AS count FROM tl_files");
// Step 2: scan the upload folder if it is not empty (see #6061)
if ($objRow->count < 1 && count(scan(TL_ROOT . '/' . \Config::get('uploadPath'))) > 0) {
$this->enableSafeMode();
if (\Input::post('FORM_SUBMIT') == 'tl_30update') {
$this->import('Database\\Updater', 'Updater');
$this->Updater->scanUploadFolder();
\Config::persist('checkFileTree', true);
$this->reload();
}
$this->Template->step = 2;
$this->Template->is30Update = true;
$this->outputAndExit();
} elseif (\Config::get('checkFileTree')) {
$this->enableSafeMode();
if (\Input::post('FORM_SUBMIT') == 'tl_30update') {
$this->import('Database\\Updater', 'Updater');
$this->Updater->updateFileTreeFields();
\Config::persist('checkFileTree', false);
$this->reload();
}
$this->Template->step = 3;
$this->Template->is30Update = true;
$this->outputAndExit();
}
}
/**
* Save the current value
*
* @param mixed $varValue
*/
protected function save($varValue)
{
if (\Input::post('FORM_SUBMIT') != $this->strTable) {
return;
}
$arrData = $GLOBALS['TL_DCA'][$this->strTable]['fields'][$this->strField];
// Make sure that checkbox values are boolean
if ($arrData['inputType'] == 'checkbox' && !$arrData['eval']['multiple']) {
$varValue = $varValue ? true : false;
}
if ($varValue != '') {
// Convert binary UUIDs (see #6893)
if ($arrData['inputType'] == 'fileTree') {
$varValue = deserialize($varValue);
if (!is_array($varValue)) {
$varValue = \StringUtil::binToUuid($varValue);
} else {
$varValue = serialize(array_map('StringUtil::binToUuid', $varValue));
}
}
// Convert date formats into timestamps
if ($varValue != '' && in_array($arrData['eval']['rgxp'], array('date', 'time', 'datim'))) {
$objDate = new \Date($varValue, \Date::getFormatFromRgxp($arrData['eval']['rgxp']));
$varValue = $objDate->tstamp;
}
// Handle entities
if ($arrData['inputType'] == 'text' || $arrData['inputType'] == 'textarea') {
$varValue = deserialize($varValue);
if (!is_array($varValue)) {
$varValue = \StringUtil::restoreBasicEntities($varValue);
} else {
$varValue = serialize(array_map('StringUtil::restoreBasicEntities', $varValue));
}
}
}
// Trigger the save_callback
if (is_array($arrData['save_callback'])) {
foreach ($arrData['save_callback'] as $callback) {
if (is_array($callback)) {
$this->import($callback[0]);
$varValue = $this->{$callback[0]}->{$callback[1]}($varValue, $this);
} elseif (is_callable($callback)) {
$varValue = $callback($varValue, $this);
}
}
}
$strCurrent = $this->varValue;
// Handle arrays and strings
if (is_array($strCurrent)) {
$strCurrent = serialize($strCurrent);
} elseif (is_string($strCurrent)) {
$strCurrent = html_entity_decode($this->varValue, ENT_QUOTES, \Config::get('characterSet'));
}
// Save the value if there was no error
if ((strlen($varValue) || !$arrData['eval']['doNotSaveEmpty']) && $strCurrent != $varValue) {
\Config::persist($this->strField, $varValue);
$deserialize = deserialize($varValue);
$prior = is_bool(\Config::get($this->strField)) ? \Config::get($this->strField) ? 'true' : 'false' : \Config::get($this->strField);
// Add a log entry
if (!is_array(deserialize($prior)) && !is_array($deserialize)) {
if ($arrData['inputType'] == 'password' || $arrData['inputType'] == 'textStore') {
$this->log('The global configuration variable "' . $this->strField . '" has been changed', __METHOD__, TL_CONFIGURATION);
} else {
$this->log('The global configuration variable "' . $this->strField . '" has been changed from "' . $prior . '" to "' . $varValue . '"', __METHOD__, TL_CONFIGURATION);
}
}
// Set the new value so the input field can show it
$this->varValue = $deserialize;
\Config::set($this->strField, $deserialize);
}
}
/**
* Ajax actions that do require a data container object
*
* @param \DataContainer $dc
*/
public function executePostActions(\DataContainer $dc)
{
header('Content-Type: text/html; charset=' . \Config::get('characterSet'));
// Bypass any core logic for non-core drivers (see #5957)
if (!$dc instanceof \DC_File && !$dc instanceof \DC_Folder && !$dc instanceof \DC_Table) {
$this->executePostActionsHook($dc);
exit;
}
switch ($this->strAction) {
// Load nodes of the page structure tree
case 'loadStructure':
echo $dc->ajaxTreeView($this->strAjaxId, intval(\Input::post('level')));
exit;
break;
// Load nodes of the file manager tree
// Load nodes of the file manager tree
case 'loadFileManager':
echo $dc->ajaxTreeView(\Input::post('folder', true), intval(\Input::post('level')));
exit;
break;
// Load nodes of the page tree
// Load nodes of the page tree
case 'loadPagetree':
$strField = $dc->field = \Input::post('name');
/** @var \PageSelector $strClass */
$strClass = $GLOBALS['BE_FFL']['pageSelector'];
/** @var \PageSelector $objWidget */
$objWidget = new $strClass($strClass::getAttributesFromDca($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField], $dc->field, null, $strField, $dc->table, $dc));
echo $objWidget->generateAjax($this->strAjaxId, \Input::post('field'), intval(\Input::post('level')));
exit;
break;
// Load nodes of the file tree
// Load nodes of the file tree
case 'loadFiletree':
$strField = $dc->field = \Input::post('name');
/** @var \FileSelector $strClass */
$strClass = $GLOBALS['BE_FFL']['fileSelector'];
/** @var \FileSelector $objWidget */
$objWidget = new $strClass($strClass::getAttributesFromDca($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField], $dc->field, null, $strField, $dc->table, $dc));
// Load a particular node
if (\Input::post('folder', true) != '') {
echo $objWidget->generateAjax(\Input::post('folder', true), \Input::post('field'), intval(\Input::post('level')));
} else {
echo $objWidget->generate();
}
exit;
break;
// Reload the page/file picker
// Reload the page/file picker
case 'reloadPagetree':
case 'reloadFiletree':
$intId = \Input::get('id');
$strField = $dc->field = \Input::post('name');
// Handle the keys in "edit multiple" mode
if (\Input::get('act') == 'editAll') {
$intId = preg_replace('/.*_([0-9a-zA-Z]+)$/', '$1', $strField);
$strField = preg_replace('/(.*)_[0-9a-zA-Z]+$/', '$1', $strField);
}
// The field does not exist
if (!isset($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField])) {
$this->log('Field "' . $strField . '" does not exist in DCA "' . $dc->table . '"', __METHOD__, TL_ERROR);
header('HTTP/1.1 400 Bad Request');
die('Bad Request');
}
$objRow = null;
$varValue = null;
// Load the value
if ($GLOBALS['TL_DCA'][$dc->table]['config']['dataContainer'] == 'File') {
$varValue = \Config::get($strField);
} elseif ($intId > 0 && $this->Database->tableExists($dc->table)) {
$objRow = $this->Database->prepare("SELECT * FROM " . $dc->table . " WHERE id=?")->execute($intId);
// The record does not exist
if ($objRow->numRows < 1) {
$this->log('A record with the ID "' . $intId . '" does not exist in table "' . $dc->table . '"', __METHOD__, TL_ERROR);
header('HTTP/1.1 400 Bad Request');
die('Bad Request');
}
$varValue = $objRow->{$strField};
$dc->activeRecord = $objRow;
}
// Call the load_callback
if (is_array($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField]['load_callback'])) {
foreach ($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField]['load_callback'] as $callback) {
if (is_array($callback)) {
$this->import($callback[0]);
$varValue = $this->{$callback[0]}->{$callback[1]}($varValue, $dc);
} elseif (is_callable($callback)) {
$varValue = $callback($varValue, $dc);
}
}
}
// Set the new value
$varValue = \Input::post('value', true);
$strKey = $this->strAction == 'reloadPagetree' ? 'pageTree' : 'fileTree';
// Convert the selected values
if ($varValue != '') {
$varValue = trimsplit("\t", $varValue);
// Automatically add resources to the DBAFS
if ($strKey == 'fileTree') {
foreach ($varValue as $k => $v) {
if (\Dbafs::shouldBeSynchronized($v)) {
$varValue[$k] = \Dbafs::addResource($v)->uuid;
}
}
}
$varValue = serialize($varValue);
}
/** @var \FileTree|\PageTree $strClass */
$strClass = $GLOBALS['BE_FFL'][$strKey];
/** @var \FileTree|\PageTree $objWidget */
$objWidget = new $strClass($strClass::getAttributesFromDca($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField], $dc->field, $varValue, $strField, $dc->table, $dc));
echo $objWidget->generate();
exit;
break;
// Feature/unfeature an element
// Feature/unfeature an element
case 'toggleFeatured':
if (class_exists($dc->table, false)) {
$dca = new $dc->table();
if (method_exists($dca, 'toggleFeatured')) {
$dca->toggleFeatured(\Input::post('id'), \Input::post('state') == 1 ? true : false);
}
}
exit;
break;
// Toggle subpalettes
// Toggle subpalettes
case 'toggleSubpalette':
$this->import('BackendUser', 'User');
// Check whether the field is a selector field and allowed for regular users (thanks to Fabian Mihailowitsch) (see #4427)
if (!is_array($GLOBALS['TL_DCA'][$dc->table]['palettes']['__selector__']) || !in_array(\Input::post('field'), $GLOBALS['TL_DCA'][$dc->table]['palettes']['__selector__']) || $GLOBALS['TL_DCA'][$dc->table]['fields'][\Input::post('field')]['exclude'] && !$this->User->hasAccess($dc->table . '::' . \Input::post('field'), 'alexf')) {
$this->log('Field "' . \Input::post('field') . '" is not an allowed selector field (possible SQL injection attempt)', __METHOD__, TL_ERROR);
header('HTTP/1.1 400 Bad Request');
die('Bad Request');
}
if ($dc instanceof DC_Table) {
if (\Input::get('act') == 'editAll') {
$this->strAjaxId = preg_replace('/.*_([0-9a-zA-Z]+)$/', '$1', \Input::post('id'));
$this->Database->prepare("UPDATE " . $dc->table . " SET " . \Input::post('field') . "='" . (intval(\Input::post('state') == 1) ? 1 : '') . "' WHERE id=?")->execute($this->strAjaxId);
if (\Input::post('load')) {
echo $dc->editAll($this->strAjaxId, \Input::post('id'));
}
} else {
$this->Database->prepare("UPDATE " . $dc->table . " SET " . \Input::post('field') . "='" . (intval(\Input::post('state') == 1) ? 1 : '') . "' WHERE id=?")->execute($dc->id);
if (\Input::post('load')) {
echo $dc->edit(false, \Input::post('id'));
}
}
} elseif ($dc instanceof \DC_File) {
$val = intval(\Input::post('state') == 1) ? true : false;
\Config::persist(\Input::post('field'), $val);
if (\Input::post('load')) {
\Config::set(\Input::post('field'), $val);
echo $dc->edit(false, \Input::post('id'));
}
}
exit;
break;
// DropZone file upload
// DropZone file upload
case 'fileupload':
$dc->move();
exit;
break;
// HOOK: pass unknown actions to callback functions
// HOOK: pass unknown actions to callback functions
default:
$this->executePostActionsHook($dc);
exit;
break;
}
}
