/** * Form Handler to save a content quick create. * * @param Form $form * * @return string|bool */ public static function QuickDraftSave(Form $form) { if (!$form->getElementValue('title')) { \Core\set_message('All pages must have titles.', 'error'); return false; } /** @var $model ContentModel */ $model = new ContentModel(); /** @var $page PageModel Page object for this model, already linked up! */ $page = $model->getLink('Page'); // The content nickname is derived from the page title. $model->set('nickname', $form->getElementValue('title')); $model->save(); $ins = new InsertableModel(); $ins->set('site', $page->get('site')); $ins->set('baseurl', '/content/view/' . $model->get('id')); $ins->set('name', 'body'); $ins->set('value', '<p>' . nl2br($form->getElementValue('content')) . '</p>'); $ins->save(); $page->set('title', $form->getElementValue('title')); $page->set('published_status', 'draft'); $page->set('editurl', '/content/edit/' . $model->get('id')); $page->set('deleteurl', '/content/delete/' . $model->get('id')); $page->set('component', 'content'); $page->save(); return true; }
public static function SpamKeywordsSave(Form $form) { ConfigHandler::Set('/security/spam_threshold', $form->getElementValue('threshold')); foreach ($form->getElements() as $el) { /** @var FormElement $el */ $n = $el->get('name'); if (strpos($n, 'score[') === 0) { $n = substr($n, 6, -1); $s = $el->get('value'); if ($s == '') { $s = 1; } $model = SpamHamKeywordModel::Construct($n); $model->set('score', $s); $model->save(); } } if ($form->getElementValue('new_keyword')) { $n = $form->getElementValue('new_keyword'); $s = $form->getElementValue('new_score'); if ($s == '') { $s = 1; } $model = SpamHamKeywordModel::Construct($n); $model->set('score', $s); $model->save(); } return true; }
public static function _GenerateLicenses(Form $form) { $qty = $form->getElementValue('qty'); if (!is_numeric($qty)) { Core::SetMessage('Please set a valid quantity', 'error'); return false; } if ($qty < 1) { Core::SetMessage('Please set a quantity greater than 0', 'error'); return false; } if ($qty > 999) { Core::SetMessage('Quantity limited to 999', 'warning'); $qty = 999; } $expires = new \Core\Date\DateTime(); $expires->modify($form->getElementValue('duration')); $expires = $expires->format('Y-m-d'); for ($i = 0; $i < $qty; $i++) { $license = new PackageRepositoryLicenseModel(); $license->set('password', \Core\random_hex(rand(35, 49))); $license->set('expires', $expires); $license->save(); } Core::SetMessage('Generated ' . $qty . ' license(s)!', 'success'); return '/packagerepositorylicense/admin'; }
/** * Form Handler for logging in. * * @static * * @param \Form $form * * @return bool|null|string */ public static function LoginHandler(\Form $form){ /** @var \FormElement $e */ $e = $form->getElement('email'); /** @var \FormElement $p */ $p = $form->getElement('pass'); /** @var \UserModel $u */ $u = \UserModel::Find(array('email' => $e->get('value')), 1); if(!$u){ // Log this as a login attempt! $logmsg = 'Failed Login. Email not registered' . "\n" . 'Email: ' . $e->get('value') . "\n"; \SystemLogModel::LogSecurityEvent('/user/login', $logmsg); $e->setError('t:MESSAGE_ERROR_USER_LOGIN_EMAIL_NOT_FOUND'); return false; } if($u->get('active') == 0){ // The model provides a quick cut-off for active/inactive users. // This is the control managed with in the admin. $logmsg = 'Failed Login. User tried to login before account activation' . "\n" . 'User: '******'email') . "\n"; \SystemLogModel::LogSecurityEvent('/user/login', $logmsg, null, $u->get('id')); $e->setError('t:MESSAGE_ERROR_USER_LOGIN_ACCOUNT_NOT_ACTIVE'); return false; } elseif($u->get('active') == -1){ // The model provides a quick cut-off for active/inactive users. // This is the control managed with in the admin. $logmsg = 'Failed Login. User tried to login after account deactivation.' . "\n" . 'User: '******'email') . "\n"; \SystemLogModel::LogSecurityEvent('/user/login', $logmsg, null, $u->get('id')); $e->setError('t:MESSAGE_ERROR_USER_LOGIN_ACCOUNT_DEACTIVATED'); return false; } try{ /** @var \Core\User\AuthDrivers\datastore $auth */ $auth = $u->getAuthDriver('datastore'); } catch(Exception $e){ $e->setError('t:MESSAGE_ERROR_USER_LOGIN_PASSWORD_AUTH_DISABLED'); return false; } // This is a special case if the password isn't set yet. // It can happen with imported users or if a password is invalidated. if($u->get('password') == ''){ // Use the Nonce system to generate a one-time key with this user's data. $nonce = \NonceModel::Generate( '20 minutes', ['type' => 'password-reset', 'user' => $u->get('id')] ); $link = '/datastoreauth/forgotpassword?e=' . urlencode($u->get('email')) . '&n=' . $nonce; $email = new \Email(); $email->setSubject('Initial Password Request'); $email->to($u->get('email')); $email->assign('link', \Core\resolve_link($link)); $email->assign('ip', REMOTE_IP); $email->templatename = 'emails/user/initialpassword.tpl'; try{ $email->send(); \SystemLogModel::LogSecurityEvent('/user/initialpassword/send', 'Initial password request sent successfully', null, $u->get('id')); \Core\set_message('t:MESSAGE_INFO_USER_LOGIN_MUST_SET_NEW_PASSWORD_INSTRUCTIONS_HAVE_BEEN_EMAILED'); return true; } catch(\Exception $e){ \Core\ErrorManagement\exception_handler($e); \Core\set_message('t:MESSAGE_ERROR_USER_LOGIN_MUST_SET_NEW_PASSWORD_UNABLE_TO_SEND_EMAIL'); return false; } } if(!$auth->checkPassword($p->get('value'))){ // Log this as a login attempt! $logmsg = 'Failed Login. Invalid password' . "\n" . 'Email: ' . $e->get('value') . "\n"; \SystemLogModel::LogSecurityEvent('/user/login/failed_password', $logmsg, null, $u->get('id')); // Also, I want to look up and see how many login attempts there have been in the past couple minutes. // If there are too many, I need to start slowing the attempts. $time = new \CoreDateTime(); $time->modify('-5 minutes'); $securityfactory = new \ModelFactory('SystemLogModel'); $securityfactory->where('code = /user/login/failed_password'); $securityfactory->where('datetime > ' . $time->getFormatted(\Time::FORMAT_EPOCH, \Time::TIMEZONE_GMT)); $securityfactory->where('ip_addr = ' . REMOTE_IP); $attempts = $securityfactory->count(); if($attempts > 4){ // Start slowing down the response. This should help deter brute force attempts. // (x+((x-7)/4)^3)-4 sleep( ($attempts+(($attempts-7)/4)^3)-4 ); // This makes a nice little curve with the following delays: // 5th attempt: 0.85 // 6th attempt: 2.05 // 7th attempt: 3.02 // 8th attempt: 4.05 // 9th attempt: 5.15 // 10th attempt: 6.52 // 11th attempt: 8.10 // 12th attempt: 10.05 } $e->setError('t:MESSAGE_ERROR_USER_LOGIN_INCORRECT_PASSWORD'); $p->set('value', ''); return false; } if($form->getElementValue('redirect')){ // The page was set via client-side javascript on the login page. // This is the most reliable option. $url = $form->getElementValue('redirect'); } elseif(REL_REQUEST_PATH == '/user/login'){ // If the user came from the registration page, get the page before that. $url = $form->referrer; } else{ // else the registration link is now on the same page as the 403 handler. $url = REL_REQUEST_PATH; } // Well, record this too! \SystemLogModel::LogSecurityEvent('/user/login', 'Login successful (via password)', null, $u->get('id')); // yay... $u->set('last_login', \CoreDateTime::Now('U', \Time::TIMEZONE_GMT)); $u->save(); \Core\Session::SetUser($u); // Allow an external script to override the redirecting URL. $overrideurl = \HookHandler::DispatchHook('/user/postlogin/getredirecturl'); if($overrideurl){ $url = $overrideurl; } return $url; }
public static function _i18nSaveHandler(Form $form) { // NEW IDEA! // Instead of setting the override for keys, (possibly useful, just somewhere else)... // Set the enabled languages for this site. // This allows site administrators to NOT have every language under the sun appear if they're running SuSE. $selected = $form->getElement('languages[]')->get('value'); // Implode them into a single string. $enabled = implode('|', $selected); // Strip out any invalid character. $enabled = preg_replace('/[^a-zA-Z_|]/', '', $enabled); // And save! ConfigHandler::Set('/core/language/languages_enabled', $enabled); return true; // Create a custom ini for just these options. // This will allow the site admin to change a string without worrying about it getting overridden from an update. $lang = $form->getElementValue('lang'); $ini = "[$lang]\n; Custom locale strings set by the site manager!\n\n"; foreach($form->getElements() as $el){ /** @var FormElement $el */ $name = $el->get('name'); $val = $el->get('value'); if(strpos($name, 'MESSAGE') === 0 || strpos($name, 'FORMAT') === 0 || strpos($name, 'STRING') === 0){ $ini .= $name . ' = "' . str_replace('"', '\\"', $val) . '";' . "\n"; } } // Save this ini out to a custom i18n file. $fileout = \Core\Filestore\Factory::File(ROOT_PDIR . 'themes/custom/i18n/' . $lang . '.ini'); $fileout->putContents($ini); \Core\set_message('t:MESSAGE_SUCCESS_UPDATED_TRANSLATION_STRINGS'); return true; }
/** * This is the form handler for a password protected page. * * @return bool */ public static function PasswordProtectHandler(Form $form){ /** @var PageModel $page */ $page = $form->getElementValue('page'); $val = $form->getElementValue('passinput'); if( $val !== $page->get('password_protected') ){ \Core\set_message('t:MESSAGE_ERROR_INCORRECT_PASSWORD'); return false; } else { \Core\Session::Set('page-password-protected/' . $page->get('baseurl'), $val); return true; } }