public function view()
{
$u = new User();
$ui = UserInfo::getByID($u->getUserID());
Loader::model("page_statistics");
Loader::model("user_statistics");
$timeStr = '';
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
$timeStr = '%x ' . t('at') . ' %I:%M %p';
} else {
$timeStr = '%x ' . t('at') . ' %l:%M %p';
}
if (is_object($ui)) {
$this->set('uLastLogin', strftime($timeStr, $ui->getLastLogin('user')));
$this->set('uName', $ui->getUserName());
$this->set('lastEditSite', strftime($timeStr, strtotime(PageStatistics::getSiteLastEdit('user'))));
$llu = UserStatistics::getLastLoggedInUser();
if ($llu->getUserID() == $u->getUserID()) {
$this->set('lastLoginSite', t('Your login is the most recent.'));
} else {
$this->set('lastLoginSite', strftime($timeStr, $llu->getLastLogin()));
}
Loader::block('form');
}
$this->set('totalFormSubmissions', FormBlockStatistics::getTotalSubmissions());
$this->set('totalFormSubmissionsToday', FormBlockStatistics::getTotalSubmissions(date('Y-m-d')));
}
protected function setUser(User $user)
{
$this->user = $user;
$_SESSION['userID'] = $user->getUserID();
$_SESSION['auth_userID'] = $user->getUserID();
$_SESSION['auth'] = $user->getAuthenticationAuthorityIndex();
$_SESSION['ping'] = time();
}
/**
* Gets total page views for everyone but the passed user object.
*
* @param \User $u
* @param date $date
*
* @return int
*/
public static function getTotalPageViewsForOthers($u, $date = null)
{
$db = Loader::db();
if ($date != null) {
$v = array($u->getUserID(), $date);
return $db->GetOne("select count(pstID) from PageStatistics where uID <> ? and date = ?", $v);
}
$v = array($u->getUserID());
return $db->GetOne("select count(pstID) from PageStatistics where uID <> ?", $v);
}
public function check($content, $type, $additionalArgs = array())
{
if ($this->controller) {
$args['ip_address'] = Loader::helper('validation/ip')->getRequestIP();
$args['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
$args['content'] = $content;
foreach ($additionalArgs as $key => $value) {
$args[$key] = $value;
}
if (isset($args['user']) && is_object($args['user'])) {
$u = $args['user'];
} else {
$u = new User();
}
if (!isset($args['email']) && $u->isRegistered()) {
$ui = UserInfo::getByID($u->getUserID());
$args['email'] = $ui->getUserEmail();
}
$r = $this->controller->check($args);
if ($r) {
return true;
} else {
$c = Page::getCurrentPage();
if (is_object($c)) {
$logText .= t('URL: %s', Loader::helper('navigation')->getLinkToCollection($c, true));
$logText .= "\n";
}
if ($u->isRegistered()) {
$logText .= t('User: %s (ID %s)', $u->getUserName(), $u->getUserID());
$logText .= "\n";
}
$logText .= t('Type: %s', Loader::helper('text')->unhandle($type));
$logText .= "\n";
foreach ($args as $key => $value) {
$logText .= Loader::helper('text')->unhandle($key) . ': ' . $value . "\n";
}
if (Config::get('ANTISPAM_LOG_SPAM')) {
Log::addEntry($logText, t('spam'));
}
if (Config::get('ANTISPAM_NOTIFY_EMAIL') != '') {
$mh = Loader::helper('mail');
$mh->to(Config::get('ANTISPAM_NOTIFY_EMAIL'));
$mh->addParameter('content', $logText);
$mh->load('spam_detected');
$mh->sendMail();
}
return false;
}
} else {
return true;
// return true if it passes the test
}
}
public function delete($cID = false, $token = false) {
if (Loader::helper('validation/token')->validate('delete', $token)) {
$s = Stack::getByID($cID);
if (is_object($s)) {
$sps = new Permissions($s);
if ($sps->canDeletePage()) {
$u = new User();
$pkr = new DeletePagePageWorkflowRequest();
$pkr->setRequestedPage($s);
$pkr->setRequesterUserID($u->getUserID());
$response = $pkr->trigger();
if ($response instanceof WorkflowProgressResponse) {
// we only get this response if we have skipped workflows and jumped straight in to an approve() step.
$this->redirect('/dashboard/blocks/stacks', 'stack_deleted');
} else {
$this->redirect('/dashboard/blocks/stacks', 'view_details', $cID, 'delete_saved');
}
} else {
$this->error->add(t('You do not have access to delete this stack.'));
}
} else {
$this->error->add(t('Invalid stack'));
}
} else {
$this->error->add(Loader::helper('validation/token')->getErrorMessage());
}
}
/**
* Adds a key to the database.
*
* @static
* @param int $keyID
* @param string $vCode
* @param null|string $label
* @return string
*/
public static function addKey($keyID, $vCode, $label = null)
{
$userID = User::getUserID();
if ($userID == null) {
$userID = 0;
}
$exists = Db::queryRow("SELECT userID, keyID, vCode FROM zz_api WHERE keyID = :keyID AND vCode = :vCode", array(":keyID" => $keyID, ":vCode" => $vCode), 0);
if ($exists == null) {
// Insert the api key
Db::execute("replace into zz_api (userID, keyID, vCode, label) VALUES (:userID, :keyID, :vCode, :label)", array(":userID" => $userID, ":keyID" => $keyID, ":vCode" => $vCode, ":label" => $label));
} else {
if ($exists["userID"] == 0) {
// Someone already gave us this key anonymously, give it to this user
Db::execute("UPDATE zz_api SET userID = :userID, label = :label WHERE keyID = :keyID", array(":userID" => $userID, ":label" => $label, ":keyID" => $keyID));
return "keyID {$keyID} previously existed in our database but has now been assigned to you.";
} else {
return "keyID {$keyID} is already in the database...";
}
}
$pheal = Util::getPheal($keyID, $vCode);
$result = $pheal->accountScope->APIKeyInfo();
$key = $result->key;
$keyType = $key->type;
if ($keyType == "Account") {
$keyType = "Character";
}
$ip = IP::get();
Log::log("API: {$keyID} has been added. Type: {$keyType} ({$ip})");
return "Success, your {$keyType} key has been added.";
}
public function __construct()
{
Loader::model('user_statistics');
Loader::model('page_statistics');
$u = new User();
$ui = UserInfo::getByID($u->getUserID());
$us = new UserStatistics($ui);
$this->set('uLastActivity', $us->getPreviousSessionPageViews());
$timeStr = '';
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
$timeStr = '%x ' . t('at') . ' %I:%M %p';
} else {
$timeStr = '%x ' . t('at') . ' %l:%M %p';
}
$this->set('uLastLogin', strftime($timeStr, $ui->getLastLogin('user')));
$this->set('uName', $ui->getUserName());
$this->set('totalViews', PageStatistics::getTotalPageViewsForOthers($u));
$this->set('totalVersions', PageStatistics::getTotalPageVersions());
$this->set('lastEditSite', strftime($timeStr, strtotime(PageStatistics::getSiteLastEdit('user'))));
$llu = UserStatistics::getLastLoggedInUser();
if ($llu->getUserID() == $u->getUserID()) {
$this->set('lastLoginSite', t('Your login is the most recent.'));
} else {
$this->set('lastLoginSite', strftime($timeStr, $llu->getLastLogin()));
}
$this->set('totalEditMode', PageStatistics::getTotalPagesCheckedOut());
Loader::block('form');
$this->set('totalFormSubmissions', FormBlockStatistics::getTotalSubmissions());
$this->set('totalFormSubmissionsToday', FormBlockStatistics::getTotalSubmissions(date('Y-m-d')));
}
public function view($userID = 0)
{
if (!ENABLE_USER_PROFILES) {
$this->render("/page_not_found");
}
$html = Loader::helper('html');
$canEdit = false;
$u = new User();
if ($userID > 0) {
$profile = UserInfo::getByID($userID);
if (!is_object($profile)) {
throw new Exception('Invalid User ID.');
}
} else {
if ($u->isRegistered()) {
$profile = UserInfo::getByID($u->getUserID());
$canEdit = true;
} else {
$this->set('intro_msg', t('You must sign in order to access this page!'));
$this->render('/login');
}
}
$this->set('profile', $profile);
$this->set('av', Loader::helper('concrete/avatar'));
$this->set('t', Loader::helper('text'));
$this->set('canEdit', $canEdit);
}
public function file_sets_add()
{
extract($this->getHelperObjects());
Loader::model('file_set');
if (!$validation_token->validate("file_sets_add")) {
$this->set('error', array($validation_token->getErrorMessage()));
$this->view();
return;
}
if (!$this->post('file_set_name')) {
$this->set('error', array(t('Please Enter a Name')));
$this->view();
return;
}
//print('<pre>');print_r(get_included_files());print('</pre>');
$u = new User();
$file_set = new FileSet();
//AS: Adodb Active record is complaining a ?/value array mismatch unless
//we explicatly set the primary key ID field to null
$file_set->fsID = null;
$file_set->fsName = $this->post('file_set_name');
$file_set->fsType = FileSet::TYPE_PUBLIC;
$file_set->uID = $u->getUserID();
$file_set->fsOverrideGlobalPermissions = $this->post('fsOverrideGlobalPermissions') == 1 ? 1 : 0;
$file_set->save();
$this->redirect('/dashboard/files/sets', 'file_set_added');
}
/** Return an User instance given its id (or null if it's not found)
* @param int $uID The id of the user
* @param boolean $login = false Set to true to make the user the current one
* @param boolean $cacheItemsOnLogin = false Set to true to cache some items when $login is true
* @return User|null
*/
public static function getByUserID($uID, $login = false, $cacheItemsOnLogin = true)
{
$db = Loader::db();
$v = array($uID);
$q = "SELECT uID, uName, uIsActive, uLastOnline, uTimezone, uDefaultLanguage FROM Users WHERE uID = ? LIMIT 1";
$r = $db->query($q, $v);
$row = $r ? $r->FetchRow() : null;
$nu = null;
if ($row) {
$nu = new User();
$nu->uID = $row['uID'];
$nu->uName = $row['uName'];
$nu->uIsActive = $row['uIsActive'];
$nu->uDefaultLanguage = $row['uDefaultLanguage'];
$nu->uLastLogin = $row['uLastLogin'];
$nu->uTimezone = $row['uTimezone'];
$nu->uGroups = $nu->_getUserGroups(true);
$nu->superUser = $nu->getUserID() == USER_SUPER_ID;
if ($login) {
User::regenerateSession();
$_SESSION['uID'] = $row['uID'];
$_SESSION['uName'] = $row['uName'];
$_SESSION['uBlockTypesSet'] = false;
$_SESSION['uGroups'] = $nu->uGroups;
$_SESSION['uLastOnline'] = $row['uLastOnline'];
$_SESSION['uTimezone'] = $row['uTimezone'];
$_SESSION['uDefaultLanguage'] = $row['uDefaultLanguage'];
if ($cacheItemsOnLogin) {
Loader::helper('concrete/interface')->cacheInterfaceItems();
}
$nu->recordLogin();
}
}
return $nu;
}
public function close()
{
$u = new User();
$v = array($this->log, htmlentities($this->sessionText, ENT_COMPAT, APP_CHARSET), $this->isInternal, $u->getUserID());
$db = Loader::db();
$db->Execute("insert into Logs (logType, logText, logIsInternal, logUserID) values (?, ?, ?, ?)", $v);
$this->sessionText = '';
}
public function canDeleteFileSet()
{
$fs = $this->getPermissionObject();
$u = new User();
if ($fs->getFileSetType() == FileSet::TYPE_PRIVATE && $fs->getFileSetUserID() == $u->getUserID()) {
return true;
}
return $this->validate('delete_file_set');
}
public function package()
{
Loader::model('file_set');
$pl = new MootoolsPluginList();
$package = $this->post("package");
$fs = Fileset::getByName($package);
$u = new User();
$ui = UserInfo::getByID($u->getUserID());
$username = $ui->getAttribute(MOOTOOLS_GITHUB_USER);
$pkgHandle = FRONTEND_DEVELOPER_PACKAGE_HANDLE;
$uID = $u->getUserID();
$files = $pl->getMootoolsPluginFiles($fs);
$filesets[$fs->getFileSetName()] = $files;
$package = Package::getByHandle($pkgHandle);
$path = $package->getPackagePath();
include $path . "/elements/plugin_files.php";
exit;
}
public function validate(PermissionAccess $pae) {
$users = $this->getAccessEntityUsers($pae);
if (count($users) == 0) {
return false;
} else if (is_object($users[0])) {
$u = new User();
return $users[0]->getUserID() == $u->getUserID();
}
}
public function on_start()
{
$u = new \User();
if (!$u->isRegistered()) {
$this->render('/login');
}
$this->error = Loader::helper('validation/error');
$this->set('valt', Loader::helper('validation/token'));
$this->set('av', Loader::helper('concrete/avatar'));
$this->set('profile', \UserInfo::getByID($u->getUserID()));
}
public function view() {
$u = new User();
$ui = UserInfo::getByID($u->getUserID());
Loader::model("page_statistics");
Loader::model("user_statistics");
Loader::block('form');
$dh = Loader::helper('date');
if (is_object($ui)) {
$this->set('uLastLogin', $dh->date(DATE_APP_GENERIC_MDYT, $ui->getLastLogin('user')));
$this->set('uName', $ui->getUserName());
$this->set('lastEditSite', $dh->date(DATE_APP_GENERIC_MDYT, strtotime(PageStatistics::getSiteLastEdit('user'))));
$llu = UserStatistics::getLastLoggedInUser();
if ($llu->getUserID() == $u->getUserID()) {
$this->set('lastLoginSite', t('Your login is the most recent.'));
} else {
$this->set('lastLoginSite', $dh->date(DATE_APP_GENERIC_MDYT, $llu->getLastLogin()));
}
}
$this->set('totalFormSubmissions', FormBlockStatistics::getTotalSubmissions());
$this->set('totalFormSubmissionsToday', FormBlockStatistics::getTotalSubmissions(date('Y-m-d')));
}
public function save($data)
{
$db = Loader::db();
$db->query("DELETE FROM btBuilderPackage WHERE bID = ?", array(intval($this->bID)));
$fsIDs = $this->post("fsID");
foreach ($fsIDs as $key => $fsID) {
$db->query("INSERT INTO btBuilderPackage VALUES (?, ?, ?)", array($this->bID, $fsID, $key));
}
$u = new User();
$data["uID"] = $u->getUserID();
parent::save($data);
}
public function __construct() {
$html = Loader::helper('html');
parent::__construct();
$u = new User();
if (!$u->isRegistered()) {
$this->set('intro_msg', t('You must sign in order to access this page!'));
Loader::controller('/login');
$this->render('/login');
}
$this->set('ui', UserInfo::getByID($u->getUserID()));
$this->set('av', Loader::helper('concrete/avatar'));
}
/**
* Generates a unique token for a given action. This is a token in the form of
* time:hash, where hash is md5(time:userID:action:salt)
* @param string table
* @param string key
* @param int length
*/
public function generate($action = '', $time = null) {
$u = new User();
$uID = $u->getUserID();
if (!$uID) {
$uID = 0;
}
if ($time == null) {
$time = time();
}
$hash = $time . ':' . md5($time . ':' . $uID . ':' . $action . ':' . PASSWORD_SALT);
return $hash;
}
/**
* Generates a unique token for a given action. This is a token in the form of
* time:hash, where hash is md5(time:userID:action:pepper)
* @param string table
* @param string key
* @param int length
*/
public function generate($action = '', $time = null)
{
$u = new User();
$uID = $u->getUserID();
if (!$uID) {
$uID = 0;
}
if ($time == null) {
$time = time();
}
$hash = $time . ':' . md5($time . ':' . $uID . ':' . $action . ':' . Config::get('SECURITY_TOKEN_VALIDATION'));
return $hash;
}
public static function set($key, $value)
{
global $redis;
if (!User::isLoggedIn()) {
throw new Exception('User is not logged in.');
}
$id = User::getUserID();
if (is_null($value) || is_string($value) && strlen(trim($value)) == 0) {
$redis->hDel("user:{$id}", $key);
return true;
}
$redis->hSet("user:{$id}", $key, json_encode($value));
return true;
}
public static function set($key, $value)
{
if (!User::isLoggedIn()) {
throw new Exception("User is not logged in.");
}
$id = User::getUserID();
self::$userConfig = null;
if (is_null($value) || is_string($value) && strlen(trim($value)) == 0) {
// Just remove the row and let the defaults take over
return Db::execute("delete from zz_users_config where id = :id and locker = :key", array(":id" => $id, ":key" => $key));
}
$value = json_encode($value);
return Db::execute("insert into zz_users_config (id, locker, content) values (:id, :key, :value)\n on duplicate key update content = :value", array(":id" => $id, ":key" => $key, ":value" => $value));
}
public function __construct() {
$u = new User();
$this->uc = Collection::getByHandle("uID=" . $u->getUserID());
$myNotes = "";
$bl = $this->uc->getBlocks('dashboard_notes');
if (is_object($bl[0])) {
$bo = $bl[0];
$this->notesBlock = $bo;
$bc = $bl[0]->getInstance();
$myNotes = $bc->content;
}
$this->set('myNotes', $myNotes);
}
public function validate(PermissionAccess $pae)
{
if ($pae instanceof FileSetPermissionAccess) {
return true;
}
if ($pae instanceof FilePermissionAccess) {
$f = $pae->getPermissionObject();
}
if (is_object($f)) {
$u = new User();
return $u->getUserID() == $f->getUserID();
}
return false;
}
public function archive()
{
$id = intval($this->request->request->get('naID'));
if ($this->token->validate() && $id > 0) {
$u = new \User();
if ($u->isRegistered()) {
$r = $this->entityManager->getRepository('Concrete\\Core\\Entity\\Notification\\NotificationAlert');
$alert = $r->findOneById($id);
if (is_object($alert) && is_object($alert->getUser()) && $alert->getUser()->getUserID() == $u->getUserID()) {
$alert->setNotificationIsArchived(true);
$this->entityManager->persist($alert);
$this->entityManager->flush();
}
}
}
$this->app->shutdown();
}
public function getMySets($u = false)
{
if ($u == false) {
$u = new User();
}
$db = Loader::db();
$sets = array();
$r = $db->Execute('select * from FileSets where fsType = ? or (fsType in (?, ?) and uID = ?) order by fsName asc', array(FileSet::TYPE_PUBLIC, FileSet::TYPE_STARRED, FileSet::TYPE_PRIVATE, $u->getUserID()));
while ($row = $r->FetchRow()) {
$fs = new FileSet();
$fs->Set($row);
$fsp = new Permissions($fs);
if ($fsp->canSearchFiles()) {
$sets[] = $fs;
}
}
return $sets;
}
public function getMootoolsPluginPackage()
{
Loader::model('file_set');
Loader::model('file_list');
$u = new User();
$fl = new FileList();
$fl->filterByMootoolsPlugin(true);
$fl->filterByExtension("js");
$fl->filter('u.uID', $u->getUserID(), '=');
$files = $fl->get();
$ufsets = array();
foreach ($files as $file) {
$fsets = $file->getFileSets();
foreach ($fsets as $fset) {
$ufsets[$fset->getFileSetID()] = $fset;
}
}
return $ufsets;
}
public static function addKey($keyID, $vCode, $label = null)
{
global $mdb;
$keyID = (int) $keyID;
$userID = User::getUserID();
if ($userID == null) {
$userID = 0;
}
$exists = $mdb->exists('apis', ['keyID' => $keyID, 'vCode' => $vCode]);
if ($exists) {
if ($userID > 0) {
$mdb->set('apis', ['keyID' => $keyID, 'vCode' => $vCode], ['userID' => $userID]);
return 'We have assigned this API key to your account.';
}
return 'We already have this API in our database.';
}
$mdb->save('apis', ['keyID' => $keyID, 'vCode' => $vCode, 'label' => $label, 'lastApiUpdate' => new MongoDate(2), 'userID' => $userID]);
return 'Success, your API has been added.';
}
public function on_start()
{
$u = new \User();
if (!$u->isRegistered()) {
return $this->replace('/login');
}
$dh = \Core::make('helper/concrete/dashboard');
$desktop = DesktopList::getMyDesktop();
if ($dh->inDashboard($desktop) && $this->getPageObject()->getCollectionPath() != '/account/welcome') {
$this->theme = 'dashboard';
$this->set('pageTitle', t('My Account'));
}
$this->setThemeViewTemplate('account.php');
$this->error = Loader::helper('validation/error');
$this->token = Loader::helper('validation/token');
$this->set('valt', $this->token);
$this->set('av', Loader::helper('concrete/avatar'));
$this->set('profile', \UserInfo::getByID($u->getUserID()));
$nav = new AccountMenu($this->getPageObject());
$this->set('nav', $nav);
}
/**
* Sets up a list to only return items the proper user can access
*/
public function setupPermissions()
{
$u = new User();
if ($u->isSuperUser() || $this->ignorePermissions) {
return;
// super user always sees everything. no need to limit
}
$groups = $u->getUserGroups();
$groupIDs = array();
foreach ($groups as $key => $value) {
$groupIDs[] = $key;
}
$uID = -1;
if ($u->isRegistered()) {
$uID = $u->getUserID();
}
$date = Loader::helper('date')->getLocalDateTime();
if ($this->includeAliases) {
$cInheritPermissionsFromCID = 'if(p2.cID is null, p1.cInheritPermissionsFromCID, p2.cInheritPermissionsFromCID)';
} else {
$cInheritPermissionsFromCID = 'p1.cInheritPermissionsFromCID';
}
if (PERMISSIONS_MODEL != 'simple') {
// support timed release
$this->filter(false, "((select count(cID) from PagePermissions pp1 where pp1.cID = {$cInheritPermissionsFromCID} and\n\t\t\t\t((pp1.cgPermissions like 'r%' and cv.cvIsApproved = 1) or (pp1.cgPermissions like '%rv%')) and (\n\t\t\t\t\t(pp1.gID in (" . implode(',', $groupIDs) . ") or pp1.uID = {$uID})\n\t\t\t\t\tand \n\t\t\t\t\t\t(pp1.cgStartDate is null or pp1.cgStartDate <= '{$date}')\n\t\t\t\t\tand \n\t\t\t\t\t\t(pp1.cgEndDate is null or pp1.cgEndDate >= '{$date}')\n\t\t\t\t)) > 0 or (p1.cPointerExternalLink !='' AND p1.cPointerExternalLink IS NOT NULL ))");
} else {
$this->filter(false, "(((select count(cID) from PagePermissions pp1 where pp1.cID = {$cInheritPermissionsFromCID} and pp1.cgPermissions like 'r%' and (pp1.gID in (" . implode(',', $groupIDs) . ") or pp1.uID = {$uID}))) > 0 or (p1.cPointerExternalLink !='' AND p1.cPointerExternalLink IS NOT NULL))");
}
}
