/** * Builds a page with login form. * * @param Request $request Incoming request. * @return string Rendered page content. */ public function showFormAction(Request $request) { // Check if the operator already logged in if ($this->getOperator()) { // Redirect the operator to home page. // TODO: Use a route for URI generation. return $this->redirect($request->getUriForPath('/operator')); } $page = array('formisRemember' => true, 'version' => MIBEW_VERSION, 'errors' => $request->attributes->get('errors', array())); // Try to get login from the request. if ($request->request->has('login')) { $page['formlogin'] = $request->request->get('login'); } elseif ($request->query->has('login')) { $login = $request->query->get('login'); if (preg_match("/^(\\w{1,15})\$/", $login)) { $page['formlogin'] = $login; } } $page['localeLinks'] = get_locale_links(); $page['title'] = getlocal('Login'); $page['headertitle'] = getlocal('Mibew Messenger'); $page['show_small_login'] = false; $page['fixedwrap'] = true; return $this->render('login', $page); }
/** * Renders operator's home page. * * @param Request $request Incoming request * @return string Rendered page content. */ public function dashboardAction(Request $request) { $operator = $this->getOperator(); $is_online = is_operator_online($operator['operatorid']); $page = array('version' => MIBEW_VERSION, 'localeLinks' => get_locale_links(), 'needUpdate' => version_compare(Settings::get('dbversion'), MIBEW_VERSION, '<'), 'profilePage' => $this->generateUrl('operator_edit', array('operator_id' => $operator['operatorid'])), 'isOnline' => $is_online, 'warnOffline' => true, 'title' => getlocal('Home'), 'menuid' => 'main'); $page = array_merge($page, prepare_menu($operator)); return $this->render('index', $page); }
function show_install_err($text) { global $page, $version, $errors, $webimroot; $page = array('version' => $version, 'localeLinks' => get_locale_links("{$webimroot}/install/index.php")); $errors = array($text); start_html_output(); require '../view/install_err.php'; exit; }
/** * Generates a page for the first step of password recovery process. * * @param Request $request * @return string Rendered page content */ public function indexAction(Request $request) { if ($this->getOperator()) { // If the operator is logged in just redirect him to the home page. return $this->redirect($request->getUriForPath('/operator')); } $page = array('version' => MIBEW_VERSION, 'title' => getlocal('Trouble Accessing Your Account?'), 'headertitle' => getlocal('Mibew Messenger'), 'show_small_login' => true, 'fixedwrap' => true, 'errors' => array()); $login_or_email = ''; if ($request->isMethod('POST')) { // When HTTP GET method is used the form is just rendered but the // user does not pass any data. Thus we need to prevent CSRF attacks // only for POST requests csrf_check_token($request); } if ($request->isMethod('POST') && $request->request->has('loginoremail')) { $login_or_email = $request->request->get('loginoremail'); $to_restore = MailUtils::isValidAddress($login_or_email) ? operator_by_email($login_or_email) : operator_by_login($login_or_email); if (!$to_restore) { $page['errors'][] = getlocal('No such Operator'); } $email = $to_restore['vcemail']; if (count($page['errors']) == 0 && !MailUtils::isValidAddress($email)) { $page['errors'][] = "Operator hasn't set his e-mail"; } if (count($page['errors']) == 0) { $token = sha1($to_restore['vclogin'] . (function_exists('openssl_random_pseudo_bytes') ? openssl_random_pseudo_bytes(32) : time() + microtime() . mt_rand(0, 99999999))); // Update the operator $to_restore['dtmrestore'] = time(); $to_restore['vcrestoretoken'] = $token; update_operator($to_restore); $href = $this->getRouter()->generate('password_recovery_reset', array('id' => $to_restore['operatorid'], 'token' => $token), UrlGeneratorInterface::ABSOLUTE_URL); // Load mail templates and substitute placeholders there. $mail_template = MailTemplate::loadByName('password_recovery', get_current_locale()); if (!$mail_template) { throw new \RuntimeException('Cannot load "password_recovery" mail template'); } $this->sendMail(MailUtils::buildMessage($email, $email, $mail_template->buildSubject(), $mail_template->buildBody(array(get_operator_name($to_restore), $href)))); $page['isdone'] = true; return $this->render('password_recovery', $page); } } $page['formloginoremail'] = $login_or_email; $page['localeLinks'] = get_locale_links(); $page['isdone'] = false; return $this->render('password_recovery', $page); }
* Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ require_once '../libs/common.php'; require_once '../libs/settings.php'; require_once 'dbinfo.php'; $page = array('version' => $version, 'localeLinks' => get_locale_links("{$webimroot}/install/index.php")); $page['done'] = array(); $page['nextstep'] = false; $page['nextnotice'] = false; $page['soundcheck'] = false; $errors = array(); function check_webimroot() { global $page, $errors, $webimroot; $requestUri = $_SERVER["REQUEST_URI"]; if (!preg_match('/^(.*)\\/install(\\/[^\\/\\\\]*)?$/', $requestUri, $matches)) { $errors[] = "Cannot detect application location: {$requestUri}"; return false; } $applocation = $matches[1]; if ($applocation != $webimroot) {
$errors = array(); $page = array('version' => $version); $loginoremail = ""; if (isset($_POST['loginoremail'])) { $loginoremail = getparam("loginoremail"); $torestore = is_valid_email($loginoremail) ? operator_by_email($loginoremail) : operator_by_login($loginoremail); if (!$torestore) { $errors[] = getlocal("no_such_operator"); } $email = $torestore['vcemail']; if (count($errors) == 0 && !is_valid_email($email)) { $errors[] = "Operator hasn't set his e-mail"; } if (count($errors) == 0) { $token = md5(time() + microtime() . rand(0, 99999999)); $link = connect(); $query = "update {$mysqlprefix}chatoperator set dtmrestore = CURRENT_TIMESTAMP, vcrestoretoken = '{$token}' where operatorid = " . $torestore['operatorid']; perform_query($query, $link); $href = get_app_location(true, false) . "/operator/resetpwd.php?id=" . $torestore['operatorid'] . "&token={$token}"; webim_mail($email, $email, getstring("restore.mailsubj"), getstring2("restore.mailtext", array(get_operator_name($torestore), $href)), $link); mysql_close($link); $page['isdone'] = true; require '../view/restore.php'; exit; } } $page['formloginoremail'] = topage($loginoremail); $page['localeLinks'] = get_locale_links("{$webimroot}/operator/restore.php"); $page['isdone'] = false; start_html_output(); require '../view/restore.php';
if (check_login(false)) { header("Location: {$mibewroot}/operator/"); exit; } $errors = array(); $page = array('formisRemember' => true, 'version' => $version); if (isset($_POST['login']) && isset($_POST['password'])) { $login = getparam('login'); $password = getparam('password'); $remember = isset($_POST['isRemember']) && $_POST['isRemember'] == "on"; $operator = operator_by_login($login); if ($operator && isset($operator['vcpassword']) && check_password_hash($login, $password, $operator['vcpassword'])) { $target = $password == '' ? "{$mibewroot}/operator/operator.php?op=" . intval($operator['operatorid']) : (isset($_SESSION['backpath']) ? $_SESSION['backpath'] : "{$mibewroot}/operator/index.php"); login_operator($operator, $remember, is_secure_request()); header("Location: {$target}"); exit; } else { $errors[] = getlocal("page_login.error"); $page['formlogin'] = $login; } } else { if (isset($_GET['login'])) { $login = getgetparam('login'); if (preg_match("/^(\\w{1,15})\$/", $login)) { $page['formlogin'] = $login; } } } $page['localeLinks'] = get_locale_links("{$mibewroot}/operator/login.php"); start_html_output(); require '../view/login.php';
/** * Renders installation error page. * * It is just a wrapper for {@link AbstractController::render()} method * which adds several default values to $parameters array. * * @param string $template Name of the template which should be rendered * @param array $parameters List of values that should be passed to the * template. * @return string Rendered page content */ protected function renderError($template, array $parameters = array()) { // Add default values $parameters += array('version' => MIBEW_VERSION, 'localeLinks' => get_locale_links(), 'title' => getlocal('Problem'), 'fixedwrap' => true); return $this->render($template, $parameters); }
/* * This file is part of Mibew Messenger project. * * Copyright (c) 2005-2011 Mibew Messenger Community * All rights reserved. The contents of this file are subject to the terms of * the Eclipse Public License v1.0 which accompanies this distribution, and * is available at http://www.eclipse.org/legal/epl-v10.html * * Alternatively, the contents of this file may be used under the terms of * the GNU General Public License Version 2 or later (the "GPL"), in which case * the provisions of the GPL are applicable instead of those above. If you wish * to allow use of your version of this file only under the terms of the GPL, and * not to allow others to use your version of this file under the terms of the * EPL, indicate your decision by deleting the provisions above and replace them * with the notice and other provisions required by the GPL. * * Contributors: * Evgeny Gryaznov - initial API and implementation */ require_once '../libs/common.php'; require_once '../libs/operator.php'; $operator = check_login(); $link = connect(); loadsettings_($link); $isonline = is_operator_online($operator['operatorid'], $link); mysql_close($link); $page = array('version' => $version, 'localeLinks' => get_locale_links("{$webimroot}/operator/index.php"), 'needUpdate' => $settings['dbversion'] != $dbversion, 'updateWizard' => "{$webimroot}/install/", 'newFeatures' => $settings['featuresversion'] != $featuresversion, 'featuresPage' => "{$webimroot}/operator/features.php", 'isOnline' => $isonline); prepare_menu($operator); start_html_output(); require '../view/menu.php';
<?php /* * This file is a part of Mibew Messenger. * * Copyright 2005-2015 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ require_once '../libs/common.php'; require_once '../libs/operator.php'; $operator = check_login(); $link = connect(); loadsettings_($link); $isonline = is_operator_online($operator['operatorid'], $link); mysql_close($link); $page = array('version' => $version, 'localeLinks' => get_locale_links("{$mibewroot}/operator/index.php"), 'needUpdate' => $settings['dbversion'] != $dbversion, 'needChangePassword' => check_password_hash($operator['vclogin'], '', $operator['vcpassword']), 'profilePage' => "{$mibewroot}/operator/operator.php?op=" . safe_htmlspecialchars($operator['operatorid']), 'updateWizard' => "{$mibewroot}/install/", 'newFeatures' => $settings['featuresversion'] != $featuresversion, 'featuresPage' => "{$mibewroot}/operator/features.php", 'isOnline' => $isonline); prepare_menu($operator); start_html_output(); require '../view/menu.php';
<?php /* * Copyright 2005-2013 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ require_once '../libs/common.php'; require_once '../libs/operator.php'; $operator = check_login(); $link = connect(); loadsettings_($link); $isonline = is_operator_online($operator['operatorid'], $link); mysql_close($link); $page = array('version' => $version, 'localeLinks' => get_locale_links("{$webimroot}/operator/index.php"), 'needUpdate' => $settings['dbversion'] != $dbversion, 'needChangePassword' => $operator['vcpassword'] == md5(''), 'profilePage' => "{$webimroot}/operator/operator.php?op=" . $operator['operatorid'], 'updateWizard' => "{$webimroot}/install/", 'newFeatures' => $settings['featuresversion'] != $featuresversion, 'featuresPage' => "{$webimroot}/operator/features.php", 'isOnline' => $isonline); prepare_menu($operator); start_html_output(); require '../view/menu.php';