public function check($content, $type, $additionalArgs = array())
{
if ($this->controller) {
$args['ip_address'] = Loader::helper('validation/ip')->getRequestIP();
$args['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
$args['content'] = $content;
foreach ($additionalArgs as $key => $value) {
$args[$key] = $value;
}
if (isset($args['user']) && is_object($args['user'])) {
$u = $args['user'];
} else {
$u = new User();
}
if (!isset($args['email']) && $u->isRegistered()) {
$ui = UserInfo::getByID($u->getUserID());
$args['email'] = $ui->getUserEmail();
}
$r = $this->controller->check($args);
if ($r) {
return true;
} else {
$c = Page::getCurrentPage();
if (is_object($c)) {
$logText .= t('URL: %s', Loader::helper('navigation')->getLinkToCollection($c, true));
$logText .= "\n";
}
if ($u->isRegistered()) {
$logText .= t('User: %s (ID %s)', $u->getUserName(), $u->getUserID());
$logText .= "\n";
}
$logText .= t('Type: %s', Loader::helper('text')->unhandle($type));
$logText .= "\n";
foreach ($args as $key => $value) {
$logText .= Loader::helper('text')->unhandle($key) . ': ' . $value . "\n";
}
if (Config::get('ANTISPAM_LOG_SPAM')) {
Log::addEntry($logText, t('spam'));
}
if (Config::get('ANTISPAM_NOTIFY_EMAIL') != '') {
$mh = Loader::helper('mail');
$mh->to(Config::get('ANTISPAM_NOTIFY_EMAIL'));
$mh->addParameter('content', $logText);
$mh->load('spam_detected');
$mh->sendMail();
}
return false;
}
} else {
return true;
// return true if it passes the test
}
}
public function view($userID = 0)
{
if (!ENABLE_USER_PROFILES) {
$this->render("/page_not_found");
}
$html = Loader::helper('html');
$canEdit = false;
$u = new User();
if ($userID > 0) {
$profile = UserInfo::getByID($userID);
if (!is_object($profile)) {
throw new Exception('Invalid User ID.');
}
} else {
if ($u->isRegistered()) {
$profile = UserInfo::getByID($u->getUserID());
$canEdit = true;
} else {
$this->set('intro_msg', t('You must sign in order to access this page!'));
$this->render('/login');
}
}
$this->set('profile', $profile);
$this->set('av', Loader::helper('concrete/avatar'));
$this->set('t', Loader::helper('text'));
$this->set('canEdit', $canEdit);
}
/**
* Converts a user entered datetime to the system datetime
* @param string $userDateTime
* @param string $systemDateTime
* @return string $datetime
*/
public function getSystemDateTime($userDateTime = 'now', $mask = NULL) {
if(!isset($mask) || !strlen($mask)) {
$mask = 'Y-m-d H:i:s';
}
if(!isset($userDateTime) || !strlen($userDateTime)) {
return NULL; // if passed a null value, pass it back
} elseif(strlen($userDateTime)) {
$datetime = new DateTime($userDateTime);
if (defined('APP_TIMEZONE')) {
$tz = new DateTimeZone(APP_TIMEZONE_SERVER);
$datetime = new DateTime($userDateTime,$tz); // create the in the user's timezone
$stz = new DateTimeZone(date_default_timezone_get()); // grab the default timezone
$datetime->setTimeZone($stz); // convert the datetime object to the current timezone
}
if(defined('ENABLE_USER_TIMEZONES') && ENABLE_USER_TIMEZONES) {
$u = new User();
if($u && $u->isRegistered()) {
$utz = $u->getUserTimezone();
if($utz) {
$tz = new DateTimeZone($utz);
$datetime = new DateTime($userDateTime,$tz); // create the in the user's timezone
$stz = new DateTimeZone(date_default_timezone_get()); // grab the default timezone
$datetime->setTimeZone($stz); // convert the datetime object to the current timezone
}
}
}
} else {
$datetime = new DateTime();
}
return $datetime->format($mask);
}
public function displayItem() {
$u = new User();
if ($u->isRegistered()) {
if ($u->config('UI_SITEMAP')) {
$sh = Loader::helper('concrete/dashboard/sitemap');
return $sh->canRead();
}
}
return false;
}
public function displayItem() {
$u = new User();
if ($u->isRegistered()) {
$fp = FilePermissions::getGlobal();
if ($fp->canSearchFiles() && $u->config('UI_FILEMANAGER')) {
return true;
}
}
return false;
}
public function on_start()
{
$u = new \User();
if (!$u->isRegistered()) {
$this->render('/login');
}
$this->error = Loader::helper('validation/error');
$this->set('valt', Loader::helper('validation/token'));
$this->set('av', Loader::helper('concrete/avatar'));
$this->set('profile', \UserInfo::getByID($u->getUserID()));
}
public function __construct() {
$html = Loader::helper('html');
parent::__construct();
$u = new User();
if (!$u->isRegistered()) {
$this->set('intro_msg', t('You must sign in order to access this page!'));
Loader::controller('/login');
$this->render('/login');
}
$this->set('ui', UserInfo::getByID($u->getUserID()));
$this->set('av', Loader::helper('concrete/avatar'));
}
/**
* Returns the preferred section based on session, cookie,
* user object, default browser (if allowed), and finally
* site preferences.
* Since the user's language is not a locale but a language,
* attempts to determine best section for the given language.
*
* @return Section
*/
public static function getPreferredSection()
{
$site = \Site::getSite();
$locale = false;
$app = Facade::getFacadeApplication();
// they have a language in a certain session going already
$session = $app->make('session');
if ($session->has('multilingual_default_locale')) {
$locale = $session->get('multilingual_default_locale');
} else {
$cookie = $app->make('cookie');
if ($cookie->has('multilingual_default_locale')) {
$locale = $cookie->get('multilingual_default_locale');
}
}
if ($locale) {
$home = Section::getByLocale($locale);
if ($home) {
return $home;
}
}
$u = new \User();
if ($u->isRegistered()) {
$userDefaultLanguage = $u->getUserDefaultLanguage();
if ($userDefaultLanguage) {
$home = Section::getByLocaleOrLanguage($userDefaultLanguage);
if ($home) {
return $home;
}
}
}
$config = $site->getConfigRepository();
if ($config->get('multilingual.use_browser_detected_locale')) {
$home = false;
$locales = \Punic\Misc::getBrowserLocales();
foreach (array_keys($locales) as $locale) {
$home = Section::getByLocaleOrLanguage($locale);
if ($home) {
break;
}
}
if ($home) {
return $home;
}
}
$site = \Site::getSite();
return Section::getByLocale($site->getDefaultLocale());
}
public function shouldAddToCache(View $v)
{
$c = $v->getCollectionObject();
if (!is_object($c)) {
return false;
}
$cp = new Permissions($c);
if (!$cp->canViewPage()) {
return false;
}
$u = new User();
$allowedControllerActions = array('view');
if (is_object($v->controller)) {
if (!in_array($v->controller->getTask(), $allowedControllerActions)) {
return false;
}
}
if (!$c->getCollectionFullPageCaching()) {
return false;
}
if ($u->isRegistered() || $_SERVER['REQUEST_METHOD'] == 'POST') {
return false;
}
if ($c->isGeneratedCollection()) {
if (is_object($v->controller) && !$v->controller->supportsPageCache() || !is_object($v->controller)) {
return false;
}
}
if ($c->getCollectionFullPageCaching() == 1 || FULL_PAGE_CACHE_GLOBAL === 'all') {
// this cache page at the page level
// this overrides any global settings
return true;
}
if (FULL_PAGE_CACHE_GLOBAL !== 'blocks') {
// we are NOT specifically caching this page, and we don't
return false;
}
$blocks = $c->getBlocks();
array_merge($c->getGlobalBlocks(), $blocks);
foreach ($blocks as $b) {
$controller = $b->getInstance();
if (!$controller->cacheBlockOutput()) {
return false;
}
}
return true;
}
/**
* Get a list of available battlefield for a user
*
* @param object $user Instance of a User object
*
* @return array List of battlefields available
*/
public function getListForUser(User $user)
{
$userId = $user->ID;
try {
if ($user->isRegistered()) {
$list = $this->_db->fetchAllRequest('getBattlefieldListForUser', array(':userId' => $userId));
} else {
$list = $this->_db->fetchAllRequest('getBattlefieldListForAnonUser', array(':userId' => $userId));
}
foreach ($list as $i => $battlefield) {
$list[$i]['hiveList'] = $this->_db->fetchAllRequest('getBattlefieldHiveList', array(':battlefieldId' => $battlefield['ID']));
}
} catch (Exception $e) {
throw $e;
}
return $list;
}
public function archive()
{
$id = intval($this->request->request->get('naID'));
if ($this->token->validate() && $id > 0) {
$u = new \User();
if ($u->isRegistered()) {
$r = $this->entityManager->getRepository('Concrete\\Core\\Entity\\Notification\\NotificationAlert');
$alert = $r->findOneById($id);
if (is_object($alert) && is_object($alert->getUser()) && $alert->getUser()->getUserID() == $u->getUserID()) {
$alert->setNotificationIsArchived(true);
$this->entityManager->persist($alert);
$this->entityManager->flush();
}
}
}
$this->app->shutdown();
}
/**
* Converts a user entered datetime to the system datetime
* @param string $userDateTime
* @param string $systemDateTime
* @return string $datetime
*/
public function getSystemDateTime($userDateTime = 'now', $mask = NULL)
{
if (!isset($mask) || !strlen($mask)) {
$mask = 'Y-m-d H:i:s';
}
$req = Request::get();
if ($req->hasCustomRequestUser()) {
return date($mask, strtotime($req->getCustomRequestDateTime()));
}
if (!isset($userDateTime) || !strlen($userDateTime)) {
return null;
// if passed a null value, pass it back
}
$datetime = new DateTime($userDateTime);
if (defined('APP_TIMEZONE')) {
$tz = new DateTimeZone(APP_TIMEZONE_SERVER);
$datetime = new DateTime($userDateTime, $tz);
// create the in the user's timezone
$stz = new DateTimeZone(date_default_timezone_get());
// grab the default timezone
$datetime->setTimeZone($stz);
// convert the datetime object to the current timezone
}
if (defined('ENABLE_USER_TIMEZONES') && ENABLE_USER_TIMEZONES) {
$u = new User();
if ($u && $u->isRegistered()) {
$utz = $u->getUserTimezone();
if ($utz) {
$tz = new DateTimeZone($utz);
$datetime = new DateTime($userDateTime, $tz);
// create the in the user's timezone
$stz = new DateTimeZone(date_default_timezone_get());
// grab the default timezone
$datetime->setTimeZone($stz);
// convert the datetime object to the current timezone
}
}
}
if (Localization::activeLocale() != 'en_US' && $mask != 'Y-m-d H:i:s') {
return $this->dateTimeFormatLocal($datetime, $mask);
} else {
return $datetime->format($mask);
}
}
/**
*
* Returns the preferred section based on session, cookie,
* user object, default browser (if allowed), and finally
* site preferences.
* Since the user's language is not a locale but a language,
* attempts to determine best section for the given language.
* @return Section
*/
public static function getPreferredSection()
{
$locale = false;
// they have a language in a certain session going already
if (Session::has('multilingual_default_locale')) {
$locale = Session::get('multilingual_default_locale');
} else {
if (Cookie::has('multilingual_default_locale')) {
$locale = Cookie::get('multilingual_default_locale');
}
}
if ($locale) {
$home = Section::getByLocale($locale);
if ($home) {
return $home;
}
}
$u = new \User();
if ($u->isRegistered()) {
$userDefaultLanguage = $u->getUserDefaultLanguage();
if ($userDefaultLanguage) {
$home = Section::getByLocaleOrLanguage($userDefaultLanguage);
if ($home) {
return $home;
}
}
}
if (Config::get('concrete.multilingual.use_browser_detected_locale')) {
$home = false;
$locales = \Punic\Misc::getBrowserLocales();
foreach (array_keys($locales) as $locale) {
$home = Section::getByLocaleOrLanguage($locale);
if ($home) {
break;
}
}
if ($home) {
return $home;
}
}
return Section::getByLocale(Config::get('concrete.multilingual.default_locale'));
}
public function on_start()
{
$u = new \User();
if (!$u->isRegistered()) {
return $this->replace('/login');
}
$dh = \Core::make('helper/concrete/dashboard');
$desktop = DesktopList::getMyDesktop();
if ($dh->inDashboard($desktop) && $this->getPageObject()->getCollectionPath() != '/account/welcome') {
$this->theme = 'dashboard';
$this->set('pageTitle', t('My Account'));
}
$this->setThemeViewTemplate('account.php');
$this->error = Loader::helper('validation/error');
$this->token = Loader::helper('validation/token');
$this->set('valt', $this->token);
$this->set('av', Loader::helper('concrete/avatar'));
$this->set('profile', \UserInfo::getByID($u->getUserID()));
$nav = new AccountMenu($this->getPageObject());
$this->set('nav', $nav);
}
/**
* Sets up a list to only return items the proper user can access
*/
public function setupPermissions()
{
$u = new User();
if ($u->isSuperUser() || $this->ignorePermissions) {
return;
// super user always sees everything. no need to limit
}
$groups = $u->getUserGroups();
$groupIDs = array();
foreach ($groups as $key => $value) {
$groupIDs[] = $key;
}
$uID = -1;
if ($u->isRegistered()) {
$uID = $u->getUserID();
}
$date = Loader::helper('date')->getLocalDateTime();
if ($this->includeAliases) {
$cInheritPermissionsFromCID = 'if(p2.cID is null, p1.cInheritPermissionsFromCID, p2.cInheritPermissionsFromCID)';
} else {
$cInheritPermissionsFromCID = 'p1.cInheritPermissionsFromCID';
}
if (PERMISSIONS_MODEL != 'simple') {
// support timed release
$this->filter(false, "((select count(cID) from PagePermissions pp1 where pp1.cID = {$cInheritPermissionsFromCID} and\n\t\t\t\t((pp1.cgPermissions like 'r%' and cv.cvIsApproved = 1) or (pp1.cgPermissions like '%rv%')) and (\n\t\t\t\t\t(pp1.gID in (" . implode(',', $groupIDs) . ") or pp1.uID = {$uID})\n\t\t\t\t\tand \n\t\t\t\t\t\t(pp1.cgStartDate is null or pp1.cgStartDate <= '{$date}')\n\t\t\t\t\tand \n\t\t\t\t\t\t(pp1.cgEndDate is null or pp1.cgEndDate >= '{$date}')\n\t\t\t\t)) > 0 or (p1.cPointerExternalLink !='' AND p1.cPointerExternalLink IS NOT NULL ))");
} else {
$this->filter(false, "(((select count(cID) from PagePermissions pp1 where pp1.cID = {$cInheritPermissionsFromCID} and pp1.cgPermissions like 'r%' and (pp1.gID in (" . implode(',', $groupIDs) . ") or pp1.uID = {$uID}))) > 0 or (p1.cPointerExternalLink !='' AND p1.cPointerExternalLink IS NOT NULL))");
}
}
<?php
if (is_object($scc)) {
?>
<style type="text/css">
<?php
print $scc->getValue();
?>
</style>
<?php
}
?>
<?php
$v = View::getInstance();
if (Config::get('concrete.user.profiles_enabled') && $u->isRegistered()) {
$v->requireAsset('core/account');
$v->addFooterItem('<script type="text/javascript">$(function() { ccm_enableUserProfileMenu(); });</script>');
}
$favIconFID = intval(Config::get('concrete.misc.favicon_fid'));
$appleIconFID = intval(Config::get('concrete.misc.iphone_home_screen_thumbnail_fid'));
$modernIconFID = intval(Config::get('concrete.misc.modern_tile_thumbnail_fid'));
$modernIconBGColor = strval(Config::get('concrete.misc.modern_tile_thumbnail_bgcolor'));
if ($favIconFID) {
$f = File::getByID($favIconFID);
?>
<link rel="shortcut icon" href="<?php
echo $f->getRelativePath();
?>
" type="image/x-icon" />
<link rel="icon" href="<?php
public function canViewToolbar()
{
$u = new User();
if (!$u->isRegistered()) {
return false;
}
if ($u->isSuperUser()) {
return true;
}
$dh = Loader::helper('concrete/dashboard');
if ($dh->canRead() || $this->canViewPageVersions() || $this->canPreviewPageAsUser() || $this->canEditPageSpeedSettings() || $this->canEditPageProperties() || $this->canEditPageContents() || $this->canAddSubpage() || $this->canDeletePage() || $this->canApprovePageVersions() || $this->canEditPagePermissions() || $this->canMoveOrCopyPage()) {
return true;
} else {
return false;
}
}
protected function finishLogin($loginData = array())
{
$u = new User();
if ($this->post('uMaintainLogin')) {
$u->setUserForeverCookie();
}
if (count($this->locales) > 0) {
if (Config::get('LANGUAGE_CHOOSE_ON_LOGIN') && $this->post('USER_LOCALE') != '') {
$u->setUserDefaultLanguage($this->post('USER_LOCALE'));
}
}
// Verify that the user has filled out all
// required items that are required on register
// That means users logging in after new user attributes
// have been created and required will be prompted here to
// finish their profile
$this->set('invalidRegistrationFields', false);
Loader::model('attribute/categories/user');
$ui = UserInfo::getByID($u->getUserID());
$aks = UserAttributeKey::getRegistrationList();
$unfilledAttributes = array();
foreach ($aks as $uak) {
if ($uak->isAttributeKeyRequiredOnRegister()) {
$av = $ui->getAttributeValueObject($uak);
if (!is_object($av)) {
$unfilledAttributes[] = $uak;
}
}
}
if ($this->post('completePartialProfile')) {
foreach ($unfilledAttributes as $uak) {
$e1 = $uak->validateAttributeForm();
if ($e1 == false) {
$this->error->add(t('The field "%s" is required', $uak->getAttributeKeyName()));
} else {
if ($e1 instanceof ValidationErrorHelper) {
$this->error->add($e1);
}
}
}
if (!$this->error->has()) {
// the user has needed to complete a partial profile, and they have done so,
// and they have no errors. So we save our profile data against the account.
foreach ($unfilledAttributes as $uak) {
$uak->saveAttributeForm($ui);
$unfilledAttributes = array();
}
}
}
if (count($unfilledAttributes) > 0) {
$u->logout();
$this->set('invalidRegistrationFields', true);
$this->set('unfilledAttributes', $unfilledAttributes);
}
$txt = Loader::helper('text');
$rcID = $this->post('rcID');
$nh = Loader::helper('validation/numbers');
//set redirect url
if ($nh->integer($rcID)) {
$nh = Loader::helper('navigation');
$rc = Page::getByID($rcID);
$url = $nh->getLinkToCollection($rc, true);
$loginData['redirectURL'] = $url;
} elseif (strlen($rcID)) {
$rcID = trim($rcID, '/');
$nc2 = Page::getByPath('/' . $rcID);
if (is_object($nc2) && !$nc2->isError()) {
$loginData['redirectURL'] = BASE_URL . DIR_REL . '/' . DISPATCHER_FILENAME . '/' . $rcID;
}
}
/*
//full page login redirect (non-ajax login)
if( strlen($loginData['redirectURL']) && $_REQUEST['format']!='JSON' ){
header('Location: ' . $loginData['redirectURL']);
exit;
}
*/
$dash = Page::getByPath("/dashboard", "RECENT");
$dbp = new Permissions($dash);
Events::fire('on_user_login', $this);
//End JSON Login
if ($_REQUEST['format'] == 'JSON') {
return $loginData;
}
//should administrator be redirected to dashboard? defaults to yes if not set.
$adminToDash = intval(Config::get('LOGIN_ADMIN_TO_DASHBOARD'));
//Full page login, standard redirection
$u = new User();
// added for the required registration attribute change above. We recalc the user and make sure they're still logged in
if ($u->isRegistered()) {
if ($u->config('NEWSFLOW_LAST_VIEWED') == 'FIRSTRUN') {
$u->saveConfig('NEWSFLOW_LAST_VIEWED', 0);
}
if ($loginData['redirectURL']) {
//make double secretly sure there's no caching going on
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Pragma: no-cache");
header('Expires: Fri, 30 Oct 1998 14:19:41 GMT');
//in the past
$this->externalRedirect($loginData['redirectURL']);
} else {
if ($dbp->canRead() && $adminToDash) {
$this->redirect('/dashboard');
} else {
//options set in dashboard/users/registration
$login_redirect_cid = intval(Config::get('LOGIN_REDIRECT_CID'));
$login_redirect_mode = Config::get('LOGIN_REDIRECT');
//redirect to user profile
if ($login_redirect_mode == 'PROFILE' && ENABLE_USER_PROFILES) {
$this->redirect('/profile/', $u->uID);
//redirect to custom page
} elseif ($login_redirect_mode == 'CUSTOM' && $login_redirect_cid > 0) {
$redirectTarget = Page::getByID($login_redirect_cid);
if (intval($redirectTarget->cID) > 0) {
$this->redirect($redirectTarget->getCollectionPath());
} else {
$this->redirect('/');
}
//redirect home
} else {
$this->redirect('/');
}
}
}
}
}
<?php
defined('C5_EXECUTE') or die("Access Denied.");
$u = new User();
if ($u->isRegistered()) {
$ui = $u->getUserInfoObject();
?>
<div class="ccm-conversation-avatar"><?php
echo $ui->getUserAvatar()->output();
?>
</div>
<?php
} else {
// non-logged-in posting.
?>
<div class="form-group">
<label class="control-label" for="cnvMessageAuthorName"><?php
echo t('Full Name');
?>
</label>
<input type="text" class="form-control" name="cnvMessageAuthorName" />
</div>
<div class="form-group">
<label class="control-label" for="cnvMessageAuthorEmail"><?php
echo t('Email Address');
?>
</label>
<input type="text" class="form-control" name="cnvMessageAuthorEmail" />
</div>
<div class="form-group">
<label class="control-label" for="cnvMessageAuthorWebsite"><?php
function action_form_save_vote()
{
$u = new User();
$db = Loader::db();
$bo = $this->getBlockObject();
$c = $this->getCollectionObject();
if ($this->requiresRegistration()) {
if (!$u->isRegistered()) {
$this->redirect('/login');
}
}
if (!$this->hasVoted()) {
$duID = 0;
if ($u->getUserID() > 0) {
$duID = $u->getUserID();
}
$v = array($_REQUEST['optionID'], $this->bID, $duID, $_SERVER['REMOTE_ADDR'], $this->cID);
$q = "insert into btSurveyResults (optionID, bID, uID, ipAddress, cID) values (?, ?, ?, ?, ?)";
$db->query($q, $v);
setcookie("ccmPoll" . $this->bID . '-' . $this->cID, "voted", time() + 1296000, DIR_REL . '/');
$this->redirect($c->getCollectionPath() . '?survey_voted=1');
}
}
<?php
defined('C5_EXECUTE') or die("Access Denied.");
?>
<?php
$this->inc('elements/head.php');
$this->inc('elements/header.php');
$u = new User();
if (Config::get('c5hub.fundamental.general.sticky_footer') == true && !$u->isRegistered()) {
$stickyFooter = ' c5h-sticky-footer-content';
}
?>
<main class="clearfix<?php
echo $stickyFooter;
?>
">
<div class="">
<?php
$a = new Area('Main');
$a->setAreaGridMaximumColumns(12);
$a->display($c);
?>
</div>
<?php
$areaCount = $c->getAttribute('area_count');
$areas = 1;
while ($areas <= $areaCount) {
echo '<div class="c5h-custom-area-' . $areas . '">';
$a = new Area('Main ' . $areas);
function action_submit_form()
{
$ip = Loader::helper('validation/ip');
Loader::library("file/importer");
if (!$ip->check()) {
$this->set('invalidIP', $ip->getErrorMessage());
return;
}
$txt = Loader::helper('text');
$db = Loader::db();
//question set id
$qsID = intval($_POST['qsID']);
if ($qsID == 0) {
throw new Exception(t("Oops, something is wrong with the form you posted (it doesn't have a question set id)."));
}
//get all questions for this question set
$rows = $db->GetArray("SELECT * FROM {$this->btQuestionsTablename} WHERE questionSetId=? AND bID=? order by position asc, msqID", array($qsID, intval($this->bID)));
// check captcha if activated
if ($this->displayCaptcha) {
$captcha = Loader::helper('validation/captcha');
if (!$captcha->check()) {
$errors['captcha'] = t("Incorrect captcha code");
$_REQUEST['ccmCaptchaCode'] = '';
}
}
//checked required fields
foreach ($rows as $row) {
if ($row['inputType'] == 'datetime') {
if (!isset($datetime)) {
$datetime = Loader::helper("form/date_time");
}
$translated = $datetime->translate('Question' . $row['msqID']);
if ($translated) {
$_POST['Question' . $row['msqID']] = $translated;
}
}
if (intval($row['required']) == 1) {
$notCompleted = 0;
if ($row['inputType'] == 'email') {
if (!Loader::helper('validation/strings')->email($_POST['Question' . $row['msqID']])) {
$errors['emails'] = t('You must enter a valid email address.');
}
}
if ($row['inputType'] == 'checkboxlist') {
$answerFound = 0;
foreach ($_POST as $key => $val) {
if (strstr($key, 'Question' . $row['msqID'] . '_') && strlen($val)) {
$answerFound = 1;
}
}
if (!$answerFound) {
$notCompleted = 1;
}
} elseif ($row['inputType'] == 'fileupload') {
if (!isset($_FILES['Question' . $row['msqID']]) || !is_uploaded_file($_FILES['Question' . $row['msqID']]['tmp_name'])) {
$notCompleted = 1;
}
} elseif (!strlen(trim($_POST['Question' . $row['msqID']]))) {
$notCompleted = 1;
}
if ($notCompleted) {
$errors['CompleteRequired'] = t("Complete required fields *");
}
}
}
//try importing the file if everything else went ok
$tmpFileIds = array();
if (!count($errors)) {
foreach ($rows as $row) {
if ($row['inputType'] != 'fileupload') {
continue;
}
$questionName = 'Question' . $row['msqID'];
if (!intval($row['required']) && (!isset($_FILES[$questionName]['tmp_name']) || !is_uploaded_file($_FILES[$questionName]['tmp_name']))) {
continue;
}
$fi = new FileImporter();
$resp = $fi->import($_FILES[$questionName]['tmp_name'], $_FILES[$questionName]['name']);
if (!$resp instanceof FileVersion) {
switch ($resp) {
case FileImporter::E_FILE_INVALID_EXTENSION:
$errors['fileupload'] = t('Invalid file extension.');
break;
case FileImporter::E_FILE_INVALID:
$errors['fileupload'] = t('Invalid file.');
break;
}
} else {
$tmpFileIds[intval($row['msqID'])] = $resp->getFileID();
if (intval($this->addFilesToSet)) {
Loader::model('file_set');
$fs = new FileSet();
$fs = $fs->getByID($this->addFilesToSet);
if ($fs->getFileSetID()) {
$fs->addFileToSet($resp);
}
}
}
}
}
if (count($errors)) {
$this->set('formResponse', t('Please correct the following errors:'));
$this->set('errors', $errors);
} else {
//no form errors
//save main survey record
$u = new User();
$uID = 0;
if ($u->isRegistered()) {
$uID = $u->getUserID();
}
$q = "insert into {$this->btAnswerSetTablename} (questionSetId, uID) values (?,?)";
$db->query($q, array($qsID, $uID));
$answerSetID = $db->Insert_ID();
$this->lastAnswerSetId = $answerSetID;
$questionAnswerPairs = array();
if (strlen(FORM_BLOCK_SENDER_EMAIL) > 1 && strstr(FORM_BLOCK_SENDER_EMAIL, '@')) {
$formFormEmailAddress = FORM_BLOCK_SENDER_EMAIL;
} else {
$adminUserInfo = UserInfo::getByID(USER_SUPER_ID);
$formFormEmailAddress = $adminUserInfo->getUserEmail();
}
$replyToEmailAddress = $formFormEmailAddress;
//loop through each question and get the answers
foreach ($rows as $row) {
//save each answer
$answerDisplay = '';
if ($row['inputType'] == 'checkboxlist') {
$answer = array();
$answerLong = "";
$keys = array_keys($_POST);
foreach ($keys as $key) {
if (strpos($key, 'Question' . $row['msqID'] . '_') === 0) {
$answer[] = $txt->sanitize($_POST[$key]);
}
}
} elseif ($row['inputType'] == 'text') {
$answerLong = $txt->sanitize($_POST['Question' . $row['msqID']]);
$answer = '';
} elseif ($row['inputType'] == 'fileupload') {
$answerLong = "";
$answer = intval($tmpFileIds[intval($row['msqID'])]);
if ($answer > 0) {
$answerDisplay = File::getByID($answer)->getVersion()->getDownloadURL();
} else {
$answerDisplay = t('No file specified');
}
} elseif ($row['inputType'] == 'url') {
$answerLong = "";
$answer = $txt->sanitize($_POST['Question' . $row['msqID']]);
} elseif ($row['inputType'] == 'email') {
$answerLong = "";
$answer = $txt->sanitize($_POST['Question' . $row['msqID']]);
if (!empty($row['options'])) {
$settings = unserialize($row['options']);
if (is_array($settings) && array_key_exists('send_notification_from', $settings) && $settings['send_notification_from'] == 1) {
$email = $txt->email($answer);
if (!empty($email)) {
$replyToEmailAddress = $email;
}
}
}
} elseif ($row['inputType'] == 'telephone') {
$answerLong = "";
$answer = $txt->sanitize($_POST['Question' . $row['msqID']]);
} else {
$answerLong = "";
$answer = $txt->sanitize($_POST['Question' . $row['msqID']]);
}
if (is_array($answer)) {
$answer = join(',', $answer);
}
$questionAnswerPairs[$row['msqID']]['question'] = $row['question'];
$questionAnswerPairs[$row['msqID']]['answer'] = $txt->sanitize($answer . $answerLong);
$questionAnswerPairs[$row['msqID']]['answerDisplay'] = strlen($answerDisplay) ? $answerDisplay : $questionAnswerPairs[$row['msqID']]['answer'];
$v = array($row['msqID'], $answerSetID, $answer, $answerLong);
$q = "insert into {$this->btAnswersTablename} (msqID,asID,answer,answerLong) values (?,?,?,?)";
$db->query($q, $v);
}
$foundSpam = false;
$submittedData = '';
foreach ($questionAnswerPairs as $questionAnswerPair) {
$submittedData .= $questionAnswerPair['question'] . "\r\n" . $questionAnswerPair['answer'] . "\r\n" . "\r\n";
}
$antispam = Loader::helper('validation/antispam');
if (!$antispam->check($submittedData, 'form_block')) {
// found to be spam. We remove it
$foundSpam = true;
$q = "delete from {$this->btAnswerSetTablename} where asID = ?";
$v = array($this->lastAnswerSetId);
$db->Execute($q, $v);
$db->Execute("delete from {$this->btAnswersTablename} where asID = ?", array($this->lastAnswerSetId));
}
if (intval($this->notifyMeOnSubmission) > 0 && !$foundSpam) {
if (strlen(FORM_BLOCK_SENDER_EMAIL) > 1 && strstr(FORM_BLOCK_SENDER_EMAIL, '@')) {
$formFormEmailAddress = FORM_BLOCK_SENDER_EMAIL;
} else {
$adminUserInfo = UserInfo::getByID(USER_SUPER_ID);
$formFormEmailAddress = $adminUserInfo->getUserEmail();
}
$mh = Loader::helper('mail');
$mh->to($this->recipientEmail);
$mh->from($formFormEmailAddress);
$mh->replyto($replyToEmailAddress);
$mh->addParameter('formName', $this->surveyName);
$mh->addParameter('questionSetId', $this->questionSetId);
$mh->addParameter('questionAnswerPairs', $questionAnswerPairs);
$mh->load('block_form_submission');
$mh->setSubject(t('%s Form Submission', $this->surveyName));
//echo $mh->body.'<br>';
@$mh->sendMail();
}
if (!$this->noSubmitFormRedirect) {
if ($this->redirectCID > 0) {
$pg = Page::getByID($this->redirectCID);
if (is_object($pg) && $pg->cID) {
$this->redirect($pg->getCollectionPath());
}
}
$c = Page::getCurrentPage();
header("Location: " . Loader::helper('navigation')->getLinkToCollection($c, true) . "?surveySuccess=1&qsid=" . $this->questionSetId . "#" . $this->questionSetId);
exit;
}
}
}
/**
* Returns the User class of the $input parameter.
*
* The $input parameter can be an user ID, username or e-mail.
* Returns FALSE if $input is NULL.
*/
public function getUser($input, $fetchOptions = array())
{
if (!empty($fetchOptions['custom_field'])) {
$results = $this->getDatabase()->fetchRow("SELECT `user_id` FROM `xf_user_field_value` WHERE `field_id` = '" . $fetchOptions['custom_field'] . "' AND `field_value` = '{$input}'");
if (!empty($results['user_id'])) {
$input = $results['user_id'];
}
}
if ($input == FALSE || $input == NULL) {
return FALSE;
} else {
if (is_numeric($input)) {
// $input is a number, grab the user by an ID.
$user = new User($this->models, $this->models->getUserModel()->getUserById($input, $fetchOptions));
if (!$user->isRegistered()) {
// The user ID was not found, grabbing the user by the username instead.
$user = new User($this->models, $this->models->getUserModel()->getUserByName($input, $fetchOptions));
}
} else {
if ($this->models->getUserModel()->couldBeEmail($input)) {
// $input is an e-mail, return the user of the e-mail.
$user = new User($this->models, $this->models->getUserModel()->getUserByEmail($input, $fetchOptions));
} else {
// $input is an username, return the user of the username.
$user = new User($this->models, $this->models->getUserModel()->getUserByName($input, $fetchOptions));
}
}
}
if ($user->isRegistered()) {
$this->getModels()->checkModel('user_field', XenForo_Model::create('XenForo_Model_UserField'));
$user->data['custom_fields'] = $this->getModels()->getModel('user_field')->getUserFieldValues($user->getID());
}
return $user;
}
public function supportsPageCache($blocks, $controller = false)
{
$u = new User();
$allowedControllerActions = array('view');
if (is_object($controller)) {
if (!in_array($controller->getTask(), $allowedControllerActions)) {
return false;
}
}
if ($this->cCacheFullPageContent == 0) {
return false;
}
if ($u->isRegistered() || $_SERVER['REQUEST_METHOD'] == 'POST') {
return false;
}
// test get variables
$allowedGetVars = array('cid');
if (is_array($_GET)) {
foreach ($_GET as $key => $value) {
if (!in_array(strtolower($key), $allowedGetVars)) {
return false;
}
}
}
if ($this->cCacheFullPageContent == 1 || FULL_PAGE_CACHE_GLOBAL === 'all') {
// this cache page at the page level
// this overrides any global settings
return true;
}
if (FULL_PAGE_CACHE_GLOBAL !== 'blocks') {
// we are NOT specifically caching this page, and we don't
return false;
}
if ($this->isGeneratedCollection()) {
return false;
}
if (is_array($blocks)) {
foreach ($blocks as $b) {
$controller = $b->getInstance();
if (!$controller->cacheBlockOutput()) {
return false;
}
}
}
return true;
}
public function edit()
{
$process = Param::get('process', 'edit');
$user = new User();
switch ($process) {
case self::EDIT_ACCOUNT:
$user->id = get_authenticated_user_id($_SESSION['userid']);
$user->fname = Param::get('firstname');
$user->lname = Param::get('lastname');
$user->new_username = Param::get('username');
$user->new_email = Param::get('email');
try {
$user->updateAccount();
$_SESSION['username'] = $user->new_username;
$user->editSuccess = true;
} catch (ValidationException $e) {
}
break;
case self::EDIT_PROFILE:
$user->id = get_authenticated_user_id($_SESSION['userid']);
$user->company = Param::get('company');
$user->division = Param::get('division');
$user->specialization = Param::get('specialization');
try {
$user->updateProfile();
$user->editSuccess = true;
} catch (ValidationException $e) {
}
break;
case self::EDIT_PASSWORD:
$user->id = get_authenticated_user_id($_SESSION['userid']);
//set username and old password to password
//property to authenticate user
$user->username = $_SESSION['username'];
$user->password = htmlentities(Param::get('oldPassword'));
if (!$user->isRegistered()) {
$user->validation_errors['notAuthorized']['authenticate'] = true;
break;
}
//Unset username so it won't be included in validation
unset($user->username);
$user->password = htmlentities(Param::get('password'));
$user->confirmpassword = htmlentities(Param::get('confirmPassword'));
try {
$user->updatePassword();
$user->editSuccess = true;
} catch (ValidationException $e) {
}
break;
case self::EDIT_PICTURE:
$user = new User();
$target_directory = "bootstrap/img/users/" . $_SESSION['username'];
try {
if (file_exists($file_tmp = $_FILES['picture']['tmp_name'])) {
$finfo = new finfo(FILEINFO_MIME_TYPE);
if (false === ($file_extension = array_search($finfo->file($_FILES['picture']['tmp_name']), $this->mime_types, true))) {
throw new PictureFormatException("Invalid file format.");
}
$user_profile = glob("bootstrap/img/users/" . $_SESSION['username'] . ".*");
if ($user_profile) {
foreach ($user_profile as $picture) {
exec("rm {$picture}");
}
}
if (!move_uploaded_file($_FILES['picture']['tmp_name'], $target_directory . "." . $file_extension)) {
throw new FileNotFound("File not found.");
}
} else {
throw new FileNotFound('File not found.');
}
$user->editSuccess = true;
} catch (FileNotFound $e) {
$_SESSION['upload_error'] = true;
} catch (PictureFormatException $e) {
$_SESSION['upload_error'] = true;
}
break;
case self::EDIT_PAGE:
$user->id = $_SESSION['userid'];
break;
}
$user->getProfile();
$this->set(get_defined_vars());
}
/**
* Adds a generic attribute record (with this type) to the AttributeValues table
*/
public function addAttributeValue()
{
$db = Loader::db();
$u = new User();
$dh = Loader::helper('date');
$uID = $u->isRegistered() ? $u->getUserID() : 0;
$avDate = $dh->getLocalDateTime();
$v = array($this->atID, $this->akID, $uID, $avDate);
$db->Execute('insert into AttributeValues (atID, akID, uID, avDateAdded) values (?, ?, ?, ?)', $v);
$avID = $db->Insert_ID();
return AttributeValue::getByID($avID);
}
protected function setupFilePermissions()
{
$u = new User();
if ($this->permissionLevel == false || $u->isSuperUser()) {
return false;
}
$vs = FileSetPermissions::getOverriddenSets($this->permissionLevel, FilePermissions::PTYPE_ALL);
$nvs = FileSetPermissions::getOverriddenSets($this->permissionLevel, FilePermissions::PTYPE_NONE);
$vsm = FileSetPermissions::getOverriddenSets($this->permissionLevel, FilePermissions::PTYPE_MINE);
// we remove all the items from nonviewableSets that appear in viewableSets because viewing trumps non-viewing
for ($i = 0; $i < count($nvs); $i++) {
if (in_array($nvs[$i], $vs)) {
unset($nvs[$i]);
}
}
// we have $nvs, which is an array of sets of files that we CANNOT see
// first, we add -1 so that we are always dealing with an array that at least has one value, just for
// query writing sanity sake
$nvs[] = -1;
$vs[] = -1;
$vsm[] = -1;
//$this->debug();
// this excludes all file that are found in sets that I can't find
$this->filter(false, '((select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $nvs) . ')) = 0)');
$uID = $u->isRegistered() ? $u->getUserID() : 0;
// This excludes all files found in sets where I may only read mine, and I did not upload the file
$this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $vsm) . ')) = 0)');
$fp = FilePermissions::getGlobal();
if ($fp->getFileSearchLevel() == FilePermissions::PTYPE_MINE) {
// this means that we're only allowed to read files we've uploaded (unless, of course, those files are in previously covered sets)
$this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $vs) . ')) > 0)');
}
// now we filter out files we directly don't have access to
$groups = $u->getUserGroups();
$groupIDs = array();
foreach ($groups as $key => $value) {
$groupIDs[] = $key;
}
$uID = -1;
if ($u->isRegistered()) {
$uID = $u->getUserID();
}
if (PERMISSIONS_MODEL != 'simple') {
// There is a really stupid MySQL bug that, if the subquery returns null, the entire query is nullified
// So I have to do this query OUTSIDE of MySQL and give it to mysql
$db = Loader::db();
$fIDs = $db->GetCol("select Files.fID from Files inner join FilePermissions on FilePermissions.fID = Files.fID where fOverrideSetPermissions = 1 and (FilePermissions.gID in (" . implode(',', $groupIDs) . ") or FilePermissions.uID = {$uID}) having max(" . $this->permissionLevel . ") = 0");
if (count($fIDs) > 0) {
$this->filter(false, "(f.fID not in (" . implode(',', $fIDs) . "))");
}
}
}
<?php
defined('C5_EXECUTE') or die("Access Denied.");
$u = new User();
$scrapbookHelper = Loader::helper('concrete/scrapbook');
if (!$u->isRegistered()) {
die(t("Access Denied."));
}
Loader::model('pile');
$p = false;
$scrapbookName = $_REQUEST['scrapbookName'];
if ($scrapbookName) {
$scrapbookHelper->setDefault($scrapbookName);
}
$c = Page::getByID($_REQUEST['cID']);
// add a block to a pile
$cp = new Permissions($c);
if (!$cp->canViewPage()) {
exit;
}
if (($_REQUEST['btask'] == 'add' || $_REQUEST['ctask'] == 'add') && $scrapbookName) {
if ($_REQUEST['btask'] == 'add') {
$a = Area::get($c, $_REQUEST['arHandle']);
if ($a->isGlobalArea()) {
$ax = STACKS_AREA_NAME;
$cx = Stack::getByName($_REQUEST['arHandle']);
}
$b = Block::getByID($_REQUEST['bID'], $cx, $ax);
if ($b->getBlockTypeHandle() == BLOCK_HANDLE_SCRAPBOOK_PROXY) {
$bi = $b->getInstance();
$b = Block::getByID($bi->getOriginalBlockID());
public function canAccess()
{
$u = new \User();
return $u->isRegistered();
}
function action_form_save_vote()
{
$u = new User();
$db = Loader::db();
$bo = $this->getBlockObject();
if ($this->post('rcID')) {
// we pass the rcID through the form so we can deal with stacks
$c = Page::getByID($this->post('rcID'));
} else {
$c = $this->getCollectionObject();
}
if ($this->requiresRegistration()) {
if (!$u->isRegistered()) {
$this->redirect('/login');
}
}
if (!$this->hasVoted()) {
$antispam = Loader::helper('validation/antispam');
if ($antispam->check('', 'survey_block')) {
// we do a blank check which will still check IP and UserAgent's
$duID = 0;
if ($u->getUserID() > 0) {
$duID = $u->getUserID();
}
$v = array($_REQUEST['optionID'], $this->bID, $duID, $_SERVER['REMOTE_ADDR'], $this->cID);
$q = "insert into btSurveyResults (optionID, bID, uID, ipAddress, cID) values (?, ?, ?, ?, ?)";
$db->query($q, $v);
setcookie("ccmPoll" . $this->bID . '-' . $this->cID, "voted", time() + 1296000, DIR_REL . '/');
$this->redirect($c->getCollectionPath() . '?survey_voted=1');
}
}
}
