public function ldap_login($context)
{
if (!empty($context->username) || !empty($_POST['password'])) {
//LDAP connection
$ldap = ldap_connect(Symphony::Configuration()->get('server', 'ldap_authors'), Symphony::Configuration()->get('port', 'ldap_authors'));
if ($ldap) {
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, Symphony::Configuration()->get('protocol_version', 'ldap_authors'));
$filterdn = preg_replace('/\\%username\\%/', $context['username'], Symphony::Configuration()->get('filterdn', 'ldap_authors'));
$basedn = Symphony::Configuration()->get('basedn', 'ldap_authors');
try {
//Attempt to authenticate to the LDAP server
$bind = ldap_bind($ldap, $filterdn . ',' . $basedn, $_POST['password']);
$user = AuthorManager::fetchByUsername($context['username']);
if (count($user) > 0 && $user->get('LDAP') === '1') {
//LDAP user has visited before therefore login
$this->login($user);
return true;
} else {
//New LDAP user, we need to insert their details in the authors table
$ldap_user = $this->ldap_retrieve_user($ldap, $basedn, $filterdn);
if ($ldap_user) {
//Get attributes and insert data
$attrs = array(Symphony::Configuration()->get('first_name_key', 'ldap_authors'), Symphony::Configuration()->get('last_name_key', 'ldap_authors'), Symphony::Configuration()->get('email_key', 'ldap_authors'));
$author_details = $this->ldap_retrieve_attributes($attrs, $ldap_user[0]);
if (count($author_details) == 3) {
$id = AuthorManager::add(array('username' => $context['username'], 'password' => $this->fake_password(10), 'first_name' => $author_details[0], 'last_name' => $author_details[1], 'email' => $author_details[2], 'user_type' => Symphony::Configuration()->get('default_author_type', 'ldap_authors'), 'primary' => 'no', 'LDAP' => true));
if ($id) {
//Once user is inserted log them in
$user = AuthorManager::fetchByID($id);
$this->login($user);
return true;
} else {
Symphony::$Log->pushToLog('[LDAP] Unable to insert LDAP user into Symphony authors table.', E_ERROR);
}
} else {
Symphony::$Log->pushToLog('[LDAP] Unable to retireve first name, last name and email address from the LDAP server.', E_ERROR);
}
} else {
Symphony::$Log->pushToLog('[LDAP] Authentication with the LDAP server was successful, however unable to find LDAP user details.', E_ERROR);
}
}
} catch (Exception $e) {
Symphony::$Log->pushToLog('[LDAP] Unable to bind to LDAP server, this could be misconfiguration or invalid credentials. (User: "******")', E_WARNING);
}
return false;
} else {
Symphony::$Log->pushToLog('[LDAP] Unable to connect to LDAP server, please check configuration.', E_ERROR);
}
}
}
public static function get()
{
$url_parts = REST_API::getRequestURI();
$author_url = $url_parts[0];
$response = new XMLElement('response');
if (isset($author_url)) {
if (is_numeric($author_url)) {
$author = AuthorManager::fetchByID($author_url);
} else {
$author = AuthorManager::fetchByUsername($author_url);
}
if (!$author) {
REST_API::sendError('Author not found.', 404);
}
$response->appendChild(self::__buildAuthorXML($author));
} else {
$authors = AuthorManager::fetch();
foreach ($authors as $author) {
$response->appendChild(self::__buildAuthorXML($author));
}
}
REST_API::sendOutput($response);
}
public function __doit($fields, &$result, $position = null, $entry_id = null)
{
$post_values = new XMLElement('post-values');
$filter_results = array();
if (!is_array($this->eParamFILTERS)) {
$this->eParamFILTERS = array();
}
// Create the post data cookie element
if (is_array($fields) && !empty($fields)) {
General::array_to_xml($post_values, $fields, true);
}
/**
* Prior to saving entry from the front-end. This delegate will
* force the Event to terminate if it populates the `$filter_results`
* array. All parameters are passed by reference.
*
* @delegate EventPreSaveFilter
* @param string $context
* '/frontend/'
* @param array $fields
* @param Event $this
* @param array $messages
* An associative array of array's which contain 4 values,
* the name of the filter (string), the status (boolean),
* the message (string) an optionally an associative array
* of additional attributes to add to the filter element.
* @param XMLElement $post_values
* @param integer $entry_id
* If editing an entry, this parameter will be an integer,
* otherwise null.
*/
Symphony::ExtensionManager()->notifyMembers('EventPreSaveFilter', '/frontend/', array('fields' => &$fields, 'event' => &$this, 'messages' => &$filter_results, 'post_values' => &$post_values, 'entry_id' => &$entry_id));
if (is_array($filter_results) && !empty($filter_results)) {
$can_proceed = true;
foreach ($filter_results as $fr) {
list($name, $status, $message, $attributes) = $fr;
$result->appendChild($this->buildFilterElement($name, $status ? 'passed' : 'failed', $message, $attributes));
if ($status === false) {
$can_proceed = false;
}
}
if ($can_proceed !== true) {
$result->appendChild($post_values);
$result->setAttribute('result', 'error');
$result->appendChild(new XMLElement('message', __('Entry encountered errors when saving.')));
return false;
}
}
include_once TOOLKIT . '/class.sectionmanager.php';
include_once TOOLKIT . '/class.entrymanager.php';
if (!($section = SectionManager::fetch($this->getSource()))) {
$result->setAttribute('result', 'error');
$result->appendChild(new XMLElement('message', __('The Section, %s, could not be found.', array($this->getSource()))));
return false;
}
if (isset($entry_id)) {
$entry =& EntryManager::fetch($entry_id);
$entry = $entry[0];
if (!is_object($entry)) {
$result->setAttribute('result', 'error');
$result->appendChild(new XMLElement('message', __('The Entry, %s, could not be found.', array($entry_id))));
return false;
}
} else {
$entry =& EntryManager::create();
$entry->set('section_id', $this->getSource());
}
if (__ENTRY_FIELD_ERROR__ == $entry->checkPostData($fields, $errors, $entry->get('id') ? true : false)) {
$result->setAttribute('result', 'error');
$result->appendChild(new XMLElement('message', __('Entry encountered errors when saving.')));
foreach ($errors as $field_id => $message) {
$field = FieldManager::fetch($field_id);
if (is_array($fields[$field->get('element_name')])) {
$type = array_reduce($fields[$field->get('element_name')], array('SectionEvent', '__reduceType'));
} else {
$type = $fields[$field->get('element_name')] == '' ? 'missing' : 'invalid';
}
$result->appendChild(new XMLElement($field->get('element_name'), null, array('label' => General::sanitize($field->get('label')), 'type' => $type, 'message' => General::sanitize($message))));
}
if (isset($post_values) && is_object($post_values)) {
$result->appendChild($post_values);
}
return false;
} elseif (__ENTRY_OK__ != $entry->setDataFromPost($fields, $errors, false, $entry->get('id') ? true : false)) {
$result->setAttribute('result', 'error');
$result->appendChild(new XMLElement('message', __('Entry encountered errors when saving.')));
foreach ($errors as $field_id => $message) {
$field = FieldManager::fetch($field_id);
$result->appendChild(new XMLElement($field->get('element_name'), null, array('label' => General::sanitize($field->get('label')), 'type' => 'invalid', 'message' => General::sanitize($message))));
}
if (isset($post_values) && is_object($post_values)) {
$result->appendChild($post_values);
}
return false;
} else {
if (!$entry->commit()) {
$result->setAttribute('result', 'error');
$result->appendChild(new XMLElement('message', __('Unknown errors where encountered when saving.')));
if (isset($post_values) && is_object($post_values)) {
$result->appendChild($post_values);
}
return false;
}
$result->setAttribute('id', $entry->get('id'));
}
// PASSIVE FILTERS ONLY AT THIS STAGE. ENTRY HAS ALREADY BEEN CREATED.
if (in_array('send-email', $this->eParamFILTERS) && !in_array('expect-multiple', $this->eParamFILTERS)) {
if (!function_exists('__sendEmailFindFormValue')) {
function __sendEmailFindFormValue($needle, $haystack, $discard_field_name = true, $default = null, $collapse = true)
{
if (preg_match('/^(fields\\[[^\\]]+\\],?)+$/i', $needle)) {
$parts = preg_split('/\\,/i', $needle, -1, PREG_SPLIT_NO_EMPTY);
$parts = array_map('trim', $parts);
$stack = array();
foreach ($parts as $p) {
$field = str_replace(array('fields[', ']'), '', $p);
$discard_field_name ? $stack[] = $haystack[$field] : ($stack[$field] = $haystack[$field]);
}
if (is_array($stack) && !empty($stack)) {
return $collapse ? implode(' ', $stack) : $stack;
} else {
$needle = null;
}
}
$needle = trim($needle);
if (empty($needle)) {
return $default;
}
return $needle;
}
}
$fields = $_POST['send-email'];
$db = Symphony::Database();
$fields['recipient'] = __sendEmailFindFormValue($fields['recipient'], $_POST['fields'], true);
$fields['recipient'] = preg_split('/\\,/i', $fields['recipient'], -1, PREG_SPLIT_NO_EMPTY);
$fields['recipient'] = array_map('trim', $fields['recipient']);
$fields['subject'] = __sendEmailFindFormValue($fields['subject'], $_POST['fields'], true, __('[Symphony] A new entry was created on %s', array(Symphony::Configuration()->get('sitename', 'general'))));
$fields['body'] = __sendEmailFindFormValue($fields['body'], $_POST['fields'], false, null, false);
$fields['sender-email'] = __sendEmailFindFormValue($fields['sender-email'], $_POST['fields'], true, null);
$fields['sender-name'] = __sendEmailFindFormValue($fields['sender-name'], $_POST['fields'], true, null);
$fields['reply-to-name'] = __sendEmailFindFormValue($fields['reply-to-name'], $_POST['fields'], true, null);
$fields['reply-to-email'] = __sendEmailFindFormValue($fields['reply-to-email'], $_POST['fields'], true, null);
$edit_link = SYMPHONY_URL . '/publish/' . $section->get('handle') . '/edit/' . $entry->get('id') . '/';
$language = Symphony::Configuration()->get('lang', 'symphony');
$template_path = Event::getNotificationTemplate($language);
$body = sprintf(file_get_contents($template_path), $section->get('name'), $edit_link);
if (is_array($fields['body'])) {
foreach ($fields['body'] as $field_handle => $value) {
$body .= "// {$field_handle}" . PHP_EOL . $value . PHP_EOL . PHP_EOL;
}
} else {
$body .= $fields['body'];
}
// Loop over all the recipients and attempt to send them an email
// Errors will be appended to the Event XML
$errors = array();
foreach ($fields['recipient'] as $recipient) {
$author = AuthorManager::fetchByUsername($recipient);
if (empty($author)) {
$errors['recipient'][$recipient] = __('Recipient not found');
continue;
}
$email = Email::create();
// Huib: Exceptions are also thrown in the settings functions, not only in the send function.
// Those Exceptions should be caught too.
try {
$email->recipients = array($author->get('first_name') => $author->get('email'));
if ($fields['sender-name'] != null) {
$email->sender_name = $fields['sender-name'];
}
if ($fields['sender-email'] != null) {
$email->sender_email_address = $fields['sender-email'];
}
if ($fields['reply-to-name'] != null) {
$email->reply_to_name = $fields['reply-to-name'];
}
if ($fields['reply-to-email'] != null) {
$email->reply_to_email_address = $fields['reply-to-email'];
}
$email->text_plain = str_replace('<!-- RECIPIENT NAME -->', $author->get('first_name'), $body);
$email->subject = $fields['subject'];
$email->send();
} catch (EmailValidationException $e) {
$errors['address'][$author->get('email')] = $e->getMessage();
} catch (EmailGatewayException $e) {
// The current error array does not permit custom tags.
// Therefore, it is impossible to set a "proper" error message.
// Will return the failed email address instead.
$errors['gateway'][$author->get('email')] = $e->getMessage();
} catch (EmailException $e) {
// Because we don't want symphony to break because it can not send emails,
// all exceptions are logged silently.
// Any custom event can change this behaviour.
$errors['email'][$author->get('email')] = $e->getMessage();
}
}
// If there were errors, output them to the event
if (!empty($errors)) {
$xml = $this->buildFilterElement('send-email', 'failed');
foreach ($errors as $type => $messages) {
$xType = new XMLElement('error');
$xType->setAttribute('error-type', $type);
foreach ($messages as $recipient => $message) {
$xType->appendChild(new XMLElement('message', $message, array('recipient' => $recipient)));
}
$xml->appendChild($xType);
}
$result->appendChild($xml);
} else {
$result->appendChild($this->buildFilterElement('send-email', 'passed'));
}
}
$filter_results = array();
/**
* After saving entry from the front-end. This delegate will not force
* the Events to terminate if it populates the `$filter_results` array.
* Provided with references to this object, the `$_POST` data and also
* the error array
*
* @delegate EventPostSaveFilter
* @param string $context
* '/frontend/'
* @param integer $entry_id
* @param array $fields
* @param Entry $entry
* @param Event $this
* @param array $messages
* An associative array of array's which contain 4 values,
* the name of the filter (string), the status (boolean),
* the message (string) an optionally an associative array
* of additional attributes to add to the filter element.
*/
Symphony::ExtensionManager()->notifyMembers('EventPostSaveFilter', '/frontend/', array('entry_id' => $entry->get('id'), 'fields' => $fields, 'entry' => $entry, 'event' => &$this, 'messages' => &$filter_results));
if (is_array($filter_results) && !empty($filter_results)) {
foreach ($filter_results as $fr) {
list($name, $status, $message, $attributes) = $fr;
$result->appendChild($this->buildFilterElement($name, $status ? 'passed' : 'failed', $message, $attributes));
}
}
$filter_errors = array();
/**
* This delegate that lets extensions know the final status of the
* current Event. It is triggered when everything has processed correctly.
* The `$messages` array contains the results of the previous filters that
* have executed, and the `$errors` array contains any errors that have
* occurred as a result of this delegate. These errors cannot stop the
* processing of the Event, as that has already been done.
*
*
* @delegate EventFinalSaveFilter
* @param string $context
* '/frontend/'
* @param array $fields
* @param Event $this
* @param array $messages
* An associative array of array's which contain 4 values,
* the name of the filter (string), the status (boolean),
* the message (string) an optionally an associative array
* of additional attributes to add to the filter element.
* @param array $errors
* An associative array of array's which contain 4 values,
* the name of the filter (string), the status (boolean),
* the message (string) an optionally an associative array
* of additional attributes to add to the filter element.
* @param Entry $entry
*/
Symphony::ExtensionManager()->notifyMembers('EventFinalSaveFilter', '/frontend/', array('fields' => $fields, 'event' => $this, 'messages' => $filter_results, 'errors' => &$filter_errors, 'entry' => $entry));
if (is_array($filter_errors) && !empty($filter_errors)) {
foreach ($filter_errors as $fr) {
list($name, $status, $message, $attributes) = $fr;
$result->appendChild($this->buildFilterElement($name, $status ? 'passed' : 'failed', $message, $attributes));
}
}
$result->setAttributeArray(array('result' => 'success', 'type' => isset($entry_id) ? 'edited' : 'created'));
$result->appendChild(new XMLElement('message', isset($entry_id) ? __('Entry edited successfully.') : __('Entry created successfully.')));
if (isset($post_values) && is_object($post_values)) {
$result->appendChild($post_values);
}
return true;
}
public function parseAuthorAction($context)
{
if ($this->validateUser() && $this->validateElement('authors')) {
// Set action type from delegate name. Saves having to
// use three separate callbacks.
$action = $this->getActionFromDelegateName($context['delegate']);
// Figure out the author IDs and standardize their format
if ($context['author'] instanceof Author) {
// Workaround because the Author object returned by the delegate
// doesn't have an ID for some reason.
if ($action == 'created') {
require_once TOOLKIT . '/class.authormanager.php';
$author = AuthorManager::fetchByUsername($context['author']->get('username'));
$ids = (array) $author->get('id');
} else {
$ids = (array) $context['author']->get('id');
}
} else {
if (isset($context['author_id'])) {
$ids = array($context['author_id']);
} else {
$ids = (array) $context['author_ids'];
}
}
// Log it.
foreach ($ids as $id) {
Tracker::log('authors', $id, $action, $this->getAuthorID(), $this->getTimestamp());
}
}
}
/**
* This function handles the Send Mail filter which will send an email
* to each specified recipient informing them that an Entry has been
* created.
*
* @param XMLElement $result
* The XMLElement of the XML that is going to be returned as part
* of this event to the page.
* @param array $send_mail
* Associative array of `send-mail` parameters.
* @param array $fields
* Array of post data to extract the values from
* @param Section $section
* This Section for this event
* @param Section $section
* This current Entry that has just been updated or created
* @return XMLElement
* The modified `$result` with the results of the filter.
*/
public function processSendMailFilter(XMLElement $result, array $send_email, array &$fields, Section $section, Entry $entry)
{
$fields['recipient'] = self::replaceFieldToken($send_email['recipient'], $fields);
$fields['recipient'] = preg_split('/\\,/i', $fields['recipient'], -1, PREG_SPLIT_NO_EMPTY);
$fields['recipient'] = array_map('trim', $fields['recipient']);
$fields['subject'] = self::replaceFieldToken($send_email['subject'], $fields, __('[Symphony] A new entry was created on %s', array(Symphony::Configuration()->get('sitename', 'general'))));
$fields['body'] = self::replaceFieldToken($send_email['body'], $fields, null, false, false);
$fields['sender-email'] = self::replaceFieldToken($send_email['sender-email'], $fields);
$fields['sender-name'] = self::replaceFieldToken($send_email['sender-name'], $fields);
$fields['reply-to-name'] = self::replaceFieldToken($send_email['reply-to-name'], $fields);
$fields['reply-to-email'] = self::replaceFieldToken($send_email['reply-to-email'], $fields);
$edit_link = SYMPHONY_URL . '/publish/' . $section->get('handle') . '/edit/' . $entry->get('id') . '/';
$language = Symphony::Configuration()->get('lang', 'symphony');
$template_path = Event::getNotificationTemplate($language);
$body = sprintf(file_get_contents($template_path), $section->get('name'), $edit_link);
if (is_array($fields['body'])) {
foreach ($fields['body'] as $field_handle => $value) {
$body .= "// {$field_handle}" . PHP_EOL . $value . PHP_EOL . PHP_EOL;
}
} else {
$body .= $fields['body'];
}
// Loop over all the recipients and attempt to send them an email
// Errors will be appended to the Event XML
$errors = array();
foreach ($fields['recipient'] as $recipient) {
$author = AuthorManager::fetchByUsername($recipient);
if (empty($author)) {
$errors['recipient'][$recipient] = __('Recipient not found');
continue;
}
$email = Email::create();
// Huib: Exceptions are also thrown in the settings functions, not only in the send function.
// Those Exceptions should be caught too.
try {
$email->recipients = array($author->get('first_name') => $author->get('email'));
if ($fields['sender-name'] != null) {
$email->sender_name = $fields['sender-name'];
}
if ($fields['sender-email'] != null) {
$email->sender_email_address = $fields['sender-email'];
}
if ($fields['reply-to-name'] != null) {
$email->reply_to_name = $fields['reply-to-name'];
}
if ($fields['reply-to-email'] != null) {
$email->reply_to_email_address = $fields['reply-to-email'];
}
$email->text_plain = str_replace('<!-- RECIPIENT NAME -->', $author->get('first_name'), $body);
$email->subject = $fields['subject'];
$email->send();
} catch (EmailValidationException $e) {
$errors['address'][$author->get('email')] = $e->getMessage();
} catch (EmailGatewayException $e) {
$errors['gateway'][$author->get('email')] = $e->getMessage();
} catch (EmailException $e) {
$errors['email'][$author->get('email')] = $e->getMessage();
}
}
// If there were errors, output them to the event
if (!empty($errors)) {
$xml = self::buildFilterElement('send-email', 'failed');
foreach ($errors as $type => $messages) {
$xType = new XMLElement('error');
$xType->setAttribute('error-type', $type);
foreach ($messages as $recipient => $message) {
$xType->appendChild(new XMLElement('message', $message, array('recipient' => $recipient)));
}
$xml->appendChild($xType);
}
$result->appendChild($xml);
} else {
$result->appendChild(self::buildFilterElement('send-email', 'passed'));
}
return $result;
}
$fields = $_POST['fields'];
$required = array('firstname', 'lastname', 'username', 'email');
for ($i = 0; $i < count($required); $i++) {
if (trim($fields[$required[$i]]) == "") {
$errors[$required[$i]] = true;
}
}
if (is_array($errors)) {
define("__SYM_ENTRY_MISSINGFIELDS__", true);
} elseif ($fields['new_password'] != $fields['confirm_password']) {
$Admin->pageAlert("password-mismatch", NULL, false, 'error');
} elseif (trim($fields['password']) != "" && md5($fields['password']) != $DB->fetchVar('password', 0, "SELECT `password` FROM tbl_authors WHERE `id` = '" . $_REQUEST['id'] . "' LIMIT 1")) {
$Admin->pageAlert("password-incorrect", NULL, false, 'error');
} else {
$current_username = $DB->fetchVar('username', 0, "SELECT `username` FROM `tbl_authors` WHERE `id` = " . $_REQUEST['id']);
if (strtolower($current_username) != strtolower($fields['username']) && $authorManager->fetchByUsername($fields['username'])) {
$Admin->pageAlert("duplicate", array("An Author", "username"), false, 'error');
} else {
$author =& $authorManager->create();
$author->set('id', $_REQUEST['id']);
$author->set('textformat', $fields['textformat']);
if (isset($fields['superuser'])) {
$author->set('superuser', $fields['superuser']);
}
$author->set('email', $fields['email']);
$author->set('firstname', General::sanitize($fields['firstname']));
$author->set('lastname', General::sanitize($fields['lastname']));
if (isset($fields['allow_sections'])) {
$author->set('allow_sections', @implode(",", $fields['allow_sections']));
}
$author->set('auth_token_active', $fields['auth_token_active'] ? $fields['auth_token_active'] : 'no');
***/
if (@array_key_exists("save", $_POST['action']) || @array_key_exists("done", $_POST['action'])) {
$fields = $_POST['fields'];
include_once TOOLKIT . "/class.authormanager.php";
$authorManager = new AuthorManager($Admin);
$required = array('firstname', 'lastname', 'username', 'email', 'password');
for ($i = 0; $i < count($required); $i++) {
if (trim($fields[$required[$i]]) == "") {
$errors[$required[$i]] = true;
}
}
if (is_array($errors)) {
define("__SYM_ENTRY_MISSINGFIELDS__", true);
} elseif ($fields['password'] != $fields['password_confirm']) {
$Admin->pageAlert("password-mismatch", NULL, false, 'error');
} elseif ($authorManager->fetchByUsername($fields['username'])) {
$Admin->pageAlert("duplicate", array("An Author", "username"), false, 'error');
} else {
$author =& $authorManager->create();
$author->set('textformat', $fields['textformat']);
$author->set('superuser', $fields['superuser']);
$author->set('owner', '0');
$author->set('email', $fields['email']);
$author->set('username', $fields['username']);
$author->set('firstname', General::sanitize($fields['firstname']));
$author->set('lastname', General::sanitize($fields['lastname']));
$author->set('last_refresh', NULL);
$author->set('last_session', NULL);
$author->set('password', md5($fields['password']));
$author->set('allow_sections', @implode(",", $fields['allow_sections']));
$author->set('auth_token_active', $fields['auth_token_active'] ? $fields['auth_token_active'] : 'no');
