public function action_index()
{
// clear redirect referrer
\Session::delete('submitted_redirect');
// load language
\Lang::load('index');
// read flash message for display errors.
$form_status = \Session::get_flash('form_status');
if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) {
$output['form_status'] = $form_status['form_status'];
$output['form_status_message'] = $form_status['form_status_message'];
}
unset($form_status);
// get total accounts
$output['total_accounts'] = \Model_Accounts::count();
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('admin_administrator_dashbord'));
// <head> output ----------------------------------------------------------------------------------------------
// breadcrumb -------------------------------------------------------------------------------------------------
$page_breadcrumb = [];
$page_breadcrumb[0] = ['name' => \Lang::get('admin_admin_home'), 'url' => \Uri::create('admin')];
$output['page_breadcrumb'] = $page_breadcrumb;
unset($page_breadcrumb);
// breadcrumb -------------------------------------------------------------------------------------------------
// the admin views or theme should follow this structure. (admin/templates/controller/method) and follow with _v in the end.
return $this->generatePage('admin/templates/index/index_v', $output, false);
}
/**
* gmt date. the timezone up to current user data.
*
* @param string $date_format date format can use both date() function or strftime() function
* @param integer $timestamp localtime timestamp.
* @param type $timezone php timezone (http://www.php.net/manual/en/timezones.php)
* @return null
*/
public static function gmtDate($date_format = '%Y-%m-%d %H:%M:%S', $timestamp = '', $timezone = '')
{
// check empty date format
if (empty($date_format)) {
$date_format = '%Y-%m-%d %H:%M:%S';
}
// check timestamp
if (empty($timestamp)) {
$timestamp = time();
} else {
if (!self::isValidTimeStamp($timestamp)) {
$timestamp = strtotime($timestamp);
}
}
// make very sure that selected timezone is in the timezone list or converted to real timezone.
if ($timezone != null) {
$timezone = static::isValidTimezone($timezone);
}
// check timezone
if ($timezone == null) {
$account_model = new \Model_Accounts();
$cookie = $account_model->getAccountCookie();
$site_timezone = static::getRealTimezoneValue(\Model_Config::getval('site_timezone'));
if (!isset($cookie['account_id'])) {
// not member or not log in. use default config timezone.
$timezone = $site_timezone;
} else {
// find timezone for current user.
$row = \Model_Accounts::find($cookie['account_id']);
if (!empty($row)) {
$timezone = static::getRealTimezoneValue($row->account_timezone);
} else {
$timezone = $site_timezone;
}
}
unset($account_model, $cookie, $row, $site_timezone);
}
// what format of the date_format (use date() value or strftime() value)
if (strpos($date_format, '%') !== false) {
// use strftime() format
return \Date::forge($timestamp)->set_timezone($timezone)->format($date_format);
} else {
// use date() format
return date($date_format, strtotime(\Date::forge($timestamp)->set_timezone($timezone)->format('%Y-%m-%d %H:%M:%S')));
}
}
public function __construct()
{
parent::__construct();
// validate admin logged in
if (\Model_Accounts::isAdminLogin() == false) {
\Response::redirect(\Uri::create('admin/login') . '?rdr=' . urlencode(\Uri::main()));
}
// load global admin language
\Lang::load('admin');
}
public function action_index()
{
// log out.
\Model_Accounts::logout();
// go back
if (\Input::referrer() != null && \Input::referrer() != \Uri::main()) {
\Response::redirect(\Input::referrer());
} else {
\Response::redirect(\Uri::base());
}
}
public function action_index()
{
// load language
\Lang::load('account');
if (\Input::method() == 'POST') {
// store data for model
$data['account_email'] = \Security::strip_tags(trim(\Input::post('account_email')));
// validate form.
$validate = \Validation::forge();
$validate->add('account_email', \Lang::get('account_email'), array(), array('required', 'valid_email'));
if (!\Extension\NoCsrf::check(null, null, null, null, false)) {
// validate token failed
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
} elseif (!$validate->run()) {
// validate failed
$output['form_status'] = 'error';
$output['form_status_message'] = $validate->show_errors();
} else {
// check registered emails with not confirm
$query = \Model_Accounts::query()->select('account_id', 'account_username', 'account_email')->where('account_email', $data['account_email'])->where('account_last_login', null)->where('account_status', '0')->where('account_confirm_code', '!=', 'NULL');
if ($query->count() <= 0) {
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('account_didnot_found_entered_email');
} else {
$row = $query->get_one();
// generate confirm code
$data['account_confirm_code'] = \Str::random('alnum', 6);
$data['account_username'] = $row->account_username;
$options['not_notify_admin'] = true;
// send email to let user confirm registration
$result = \Model_Accounts::forge()->sendRegisterEmail($data, $options);
if ($result === true) {
$account = \Model_Accounts::find($row->account_id);
$account->account_confirm_code = $data['account_confirm_code'];
$account->save();
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('account_registration_completed_need_confirm');
} else {
$output['form_status'] = 'error';
$output['form_status_message'] = $result;
}
}
}
// re-populate form
$output['account_email'] = trim(\Input::post('account_email'));
}
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('account_resend_confirm_registration_email'));
// <head> output ----------------------------------------------------------------------------------------------
return $this->generatePage('front/templates/account/resendactivate_v', $output, false);
}
public function action_index()
{
// load language
\Lang::load('account');
// form submitted
if (\Input::method() == 'POST') {
$data['account_email'] = \Security::strip_tags(trim(\Input::post('account_email')));
// validate form.
$validate = \Validation::forge();
$validate->add('account_email', \Lang::get('account_email'), array(), array('required', 'valid_email'));
if (!\Extension\NoCsrf::check()) {
// validate token failed
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
} elseif (!$validate->run()) {
// validate failed
$output['form_status'] = 'error';
$output['form_status_message'] = $validate->show_errors();
} else {
// validate pass
include APPPATH . 'vendor' . DS . 'securimage' . DS . 'securimage.php';
$securimage = new \Securimage();
if ($securimage->check(\Input::post('captcha')) == false) {
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('account_wrong_captcha_code');
} else {
$continue_form = true;
}
if (isset($continue_form) && $continue_form === true) {
// try to send reset password email
$result = \Model_Accounts::sendResetPasswordEmail($data);
if ($result === true) {
$output['hide_form'] = true;
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('account_please_check_your_email_to_confirm_reset_password');
} else {
if (is_string($result)) {
$output['form_status'] = 'error';
$output['form_status_message'] = $result;
}
}
}
}
// re-populate form
$output['account_email'] = trim(\Input::post('account_email'));
}
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('account_forgot_username_or_password'));
// <head> output ----------------------------------------------------------------------------------------------
return $this->generatePage('front/templates/account/forgotpw_v', $output, false);
}
public function action_index($account_username = '', $confirm_code = '')
{
// load language
\Lang::load('account');
// store username and confirm code from url to form and require the form to submit.
$output['account_username'] = $account_username;
$output['confirm_code'] = $confirm_code;
if (\Input::method() == 'POST') {
// store data for validate and update account status.
$data['account_username'] = trim(\Input::post('account_username'));
$data['account_confirm_code'] = trim(\Input::post('confirm_code'));
// validate form.
$validate = \Validation::forge();
$validate->add('account_username', \Lang::get('account_username'), array(), array('required'));
$validate->add('confirm_code', \Lang::get('account_confirm_code'), array(), array('required'));
if (!\Extension\NoCsrf::check()) {
// validate token failed
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
} elseif (!$validate->run()) {
// validate failed
$output['form_status'] = 'error';
$output['form_status_message'] = $validate->show_errors();
} else {
// confirm register.
$result = \Model_Accounts::confirmRegister($data);
if ($result === true) {
$output['hide_register_form'] = true;
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('account_confirm_register_completed');
// @todo [fuelstart][account][plug] confirm register passed plug.
$plugin = new \Library\Plugins();
if ($plugin->hasAction('AccountControllerAfterConfirmedRegister') !== false) {
$plugin->doAction('AccountControllerAfterConfirmedRegister', ['input_username' => $account_username, 'inputs_post' => \Input::post()]);
}
unset($plugin);
} else {
$output['form_status'] = 'error';
$output['form_status_message'] = $result;
}
}
// re-populate form
$output['account_username'] = trim(\Input::post('account_username'));
$output['confirm_code'] = trim(\Input::post('confirm_code'));
}
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('account_confirm_register'));
// <head> output ----------------------------------------------------------------------------------------------
return $this->generatePage('front/templates/account/confirmregister_v', $output, false);
}
public function successAction()
{
$trans = new Application_Transactions();
$ns = new Zend_Session_Namespace('signup');
$acct = new Model_Accounts();
$acct->createUser($ns->email, $ns->password);
$acct->email = $ns->email;
echo $acct->email;
$site = new Model_Sites();
$site->createSite($ns->sitename, $ns->siteurl);
$trans->registerModelForCreateOrUpdate($acct);
$trans->registerModelForCreateOrUpdate($site);
$trans->commitAll();
var_dump($acct->email);
$trans->clearAll();
$serversTable = Doctrine::getTable('Model_Servers');
$record = $serversTable->findBy('id', 1);
$server = $record[0];
$userLogin = substr($acct->email, 0, strpos($acct->email, "@"));
var_dump($userLogin);
$result = $server->addUser($userLogin, $acct->password, $acct->email);
var_dump($result);
$authToken = $server->getTokenAuth($userLogin, $acct->password);
$acct->api = $authToken;
$acct->server = 1;
$piwik = $server->addSite($site->name, $site->url, $acct->api);
$site->account = $acct->id;
$site->server = 1;
$site->piwik = $piwik;
$trans->registerModelForCreateOrUpdate($acct);
$trans->registerModelForCreateOrUpdate($site);
$trans->commitAll();
$trans->clearAll();
$ns->unlock;
Zend_Session::namespaceUnset('signup');
}
public function action_viewlogins($account_id = '')
{
// set redirect url
$redirect = $this->getAndSetSubmitRedirection();
// check permission
if (\Model_AccountLevelPermission::checkAdminPermission('account_perm', 'account_viewlogin_log_perm') == false) {
\Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string()))));
\Response::redirect($redirect);
}
// viewing guest logins?
if ($account_id == '0') {
\Response::redirect($redirect);
}
// load language
\Lang::load('account');
\Lang::load('accountlogins');
// read flash message for display errors.
$form_status = \Session::get_flash('form_status');
if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) {
$output['form_status'] = $form_status['form_status'];
$output['form_status_message'] = $form_status['form_status_message'];
}
unset($form_status);
// get accounts data for this account.
$account = \Model_Accounts::find($account_id);
if ($account == null) {
// not found account.
\Response::redirect($redirect);
}
$output['account'] = $account;
$output['account_id'] = $account_id;
unset($account);
// set sort variable for sortable in views.
$next_sort = \Security::strip_tags(trim(\Input::get('sort')));
if ($next_sort == null || $next_sort == 'DESC') {
$next_sort = 'ASC';
} else {
$next_sort = 'DESC';
}
$output['next_sort'] = $next_sort;
unset($next_sort);
// list logins -----------------------------------------------------------------------------------------------------
$option['limit'] = \Model_Config::getval('content_admin_items_perpage');
$option['offset'] = trim(\Input::get('page')) != null ? ((int) \Input::get('page') - 1) * $option['limit'] : 0;
if (\Security::strip_tags(trim(\Input::get('orders'))) != null) {
$option['orders'] = \Security::strip_tags(trim(\Input::get('orders')));
}
if (\Security::strip_tags(trim(\Input::get('sort'))) != null) {
$option['sort'] = \Security::strip_tags(trim(\Input::get('sort')));
}
$list_logins = \Model_AccountLogins::listLogins(array('account_id' => $account_id), $option);
// pagination config
$config['pagination_url'] = \Uri::main() . \Uri::getCurrentQuerystrings(true, true, false);
$config['total_items'] = $list_logins['total'];
$config['per_page'] = $option['limit'];
$config['uri_segment'] = 'page';
$config['num_links'] = 3;
$config['show_first'] = true;
$config['show_last'] = true;
$config['first-inactive'] = "\n\t\t<li class=\"disabled\">{link}</li>";
$config['first-inactive-link'] = '<a href="#">{page}</a>';
$config['first-marker'] = '«';
$config['last-inactive'] = "\n\t\t<li class=\"disabled\">{link}</li>";
$config['last-inactive-link'] = '<a href="#">{page}</a>';
$config['last-marker'] = '»';
$config['previous-marker'] = '‹';
$config['next-marker'] = '›';
$pagination = \Pagination::forge('viewlogins_pagination', $config);
$output['list_logins'] = $list_logins;
$output['pagination'] = $pagination;
unset($config, $list_logins, $option, $pagination);
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('account_view_login_history'));
// <head> output ----------------------------------------------------------------------------------------------
// breadcrumb -------------------------------------------------------------------------------------------------
$page_breadcrumb = [];
$page_breadcrumb[0] = ['name' => \Lang::get('admin_admin_home'), 'url' => \Uri::create('admin')];
$page_breadcrumb[1] = ['name' => \Lang::get('account_accounts'), 'url' => \Uri::create('admin/account')];
$page_breadcrumb[2] = ['name' => \Lang::get('account_view_login_history'), 'url' => \Uri::main()];
$output['page_breadcrumb'] = $page_breadcrumb;
unset($page_breadcrumb);
// breadcrumb -------------------------------------------------------------------------------------------------
return $this->generatePage('admin/templates/account/viewlogins_v', $output, false);
}
public function getMyAccountId()
{
$account_id = 0;
$ca = \Model_Accounts::forge()->getAccountCookie('admin');
if (isset($ca['account_id'])) {
$account_id = $ca['account_id'];
}
unset($ca);
return $account_id;
}
// check for mobile, tablet, pc device
// get browser class for use instead of fuelphp agent which is does not work.
include_once APPPATH . 'vendor' . DS . 'browser' . DS . 'lib' . DS . 'Browser.php';
$browser = new Browser();
$pc_class = '';
if (!$browser->isMobile() && !$browser->isTablet()) {
$pc_class .= ' pc_device';
} elseif ($browser->isMobile()) {
$pc_class .= ' mobile_device';
} elseif ($browser->isTablet()) {
$pc_class .= ' tablet_device';
}
unset($browser);
// get admin cookie.
if (!isset($cookie_admin) || !isset($cookie_admin['account_display_name'])) {
$model_account = new \Model_Accounts();
$cookie_admin = $model_account->getAccountCookie('admin');
if ($cookie_admin == null) {
$cookie_admin = $model_account->getAccountCookie();
}
unset($model_account);
if (is_array($cookie_admin) && array_key_exists('account_id', $cookie_admin)) {
$account_id = $cookie_admin['account_id'];
}
}
if (!isset($account_id)) {
$account_id = 0;
}
// load functions file to work with theme.
include_once __DIR__ . DS . 'inc_functions.php';
// get admin avatar at navbar
public function action_index()
{
// load language
\Lang::load('account');
// load config from db.
$cfg_values = array('member_allow_register', 'member_verification');
$config = \Model_Config::getvalues($cfg_values);
$output['config'] = $config;
unset($cfg_values);
// pre-set form values
$output['account_username'] = null;
$output['account_email'] = null;
$output['account_password'] = null;
$output['account_confirm_password'] = null;
$output['captcha'] = null;
if (\Input::method() == 'POST' && $config['member_allow_register']['value'] == '1') {
// store data to array for send to model with add/register method.
$data['account_username'] = trim(\Input::post('account_username'));
$data['account_display_name'] = \Security::htmlentities($data['account_username']);
$data['account_email'] = \Security::strip_tags(trim(\Input::post('account_email')));
$data['account_password'] = trim(\Input::post('account_password'));
// validate form.
$validate = \Validation::forge();
$validate->add_callable(new \Extension\FsValidate());
$validate->add('account_username', \Lang::get('account_username'), array(), array('required', 'noSpaceBetweenText'));
$validate->add('account_email', \Lang::get('account_email'), array(), array('required', 'valid_email'));
$validate->add('account_password', \Lang::get('account_password'), array(), array('required'));
$validate->add('account_confirm_password', \Lang::get('account_confirm_password'), array(), array('required'))->add_rule('match_field', 'account_password');
if (!\Extension\NoCsrf::check()) {
// validate token failed
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
} elseif (!$validate->run()) {
// validate failed
$output['form_status'] = 'error';
$output['form_status_message'] = $validate->show_errors();
} else {
// validate pass
include APPPATH . 'vendor' . DS . 'securimage' . DS . 'securimage.php';
$securimage = new \Securimage();
if ($securimage->check(\Input::post('captcha')) == false) {
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('account_wrong_captcha_code');
} else {
$continue_register = true;
}
// if captcha pass
if (isset($continue_register) && $continue_register === true) {
// register action
$result = \Model_Accounts::registerAccount($data);
if ($result === true) {
$output['hide_register_form'] = true;
// if member verification is need, show those message. if no need, just show success message.
if ($config['member_verification']['value'] == '0') {
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('account_registration_complted');
} elseif ($config['member_verification']['value'] == '1') {
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('account_registration_completed_need_confirm');
} elseif ($config['member_verification']['value'] == '2') {
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('account_registration_completed_need_admin_verify');
}
} else {
$output['form_status'] = 'error';
$output['form_status_message'] = $result;
}
}
}
// re-populate form
$output['account_username'] = trim(\Input::post('account_username'));
$output['account_email'] = trim(\Input::post('account_email'));
//$output['account_password'] = trim(\Input::post('account_password'));
//$output['account_confirm_password'] = trim(\Input::post('account_confirm_password'));
//$output['captcha'] = \Input::post('captcha');
}
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('account_register'));
// <head> output ----------------------------------------------------------------------------------------------
return $this->generatePage('front/templates/account/register_v', $output, false);
}
/**
* check member permission.
* if account id is not set, get it from member cookie.
*
* @param string $page_name
* @param string $action
* @param integer $account_id
* @return boolean
*/
public static function checkMemberPermission($page_name = '', $action = '', $account_id = '')
{
if ($account_id == null) {
// account id is empty, get it from cookie.
$model_accounts = new \Model_Accounts();
$cm_account = $model_accounts->getAccountCookie('member');
$account_id = isset($cm_account['account_id']) ? $cm_account['account_id'] : '0';
unset($cm_account, $model_accounts);
}
return static::checkAdminPermission($page_name, $action, $account_id);
}
private function checkAccountData($account_id = '')
{
if ($account_id == null) {
$cookie_account = \Model_Accounts::forge()->getAccountCookie('admin');
$account_id = 0;
if (isset($cookie_account['account_id'])) {
$account_id = $cookie_account['account_id'];
}
}
if ($account_id == 0 || !is_numeric($account_id)) {
return \Lang::get('acperm_account_not_found');
}
$account = \Model_Accounts::find($account_id);
// if not found account.
if ($account == null) {
unset($account);
return \Lang::get('acperm_account_not_found');
}
// set level groups for check that this admin can set permission for this user.
// lower admin level cannot add/edit/delete/change permission for admin that has higher level.
$level_groups = array();
foreach ($account->account_level as $lvl) {
$level_groups[] = $lvl->level_group_id;
}
if (\Model_Accounts::forge()->canIAddEditAccount($level_groups) == false) {
\Lang::load('account');
return \Lang::get('account_you_cannot_edit_account_that_contain_role_higher_than_yours');
}
return $account;
}
public function action_index()
{
// is user logged in?
if (\Model_Accounts::isMemberLogin() == false) {
\Response::redirect(\Uri::create('account/login') . '?rdr=' . urlencode(\Uri::main()));
}
// load language
\Lang::load('account');
\Lang::load('accountlogins');
// get account id
$cookie_account = \Model_Accounts::forge()->getAccountCookie();
// get account data
$row = \Model_Accounts::find($cookie_account['account_id']);
if ($row == null) {
// not found user data.
unset($row);
\Response::redirect(\Uri::main());
}
$output['account'] = $row;
// set sort variable for sortable in views.
$next_sort = \Security::strip_tags(trim(\Input::get('sort')));
if ($next_sort == null || $next_sort == 'DESC') {
$next_sort = 'ASC';
} else {
$next_sort = 'DESC';
}
$output['next_sort'] = $next_sort;
unset($next_sort);
// list logins -----------------------------------------------------------------------------------------------------
$option['limit'] = \Model_Config::getval('content_items_perpage');
$option['offset'] = trim(\Input::get('page')) != null ? ((int) \Input::get('page') - 1) * $option['limit'] : 0;
if (\Security::strip_tags(trim(\Input::get('orders'))) != null) {
$option['orders'] = \Security::strip_tags(trim(\Input::get('orders')));
}
if (\Security::strip_tags(trim(\Input::get('sort'))) != null) {
$option['sort'] = \Security::strip_tags(trim(\Input::get('sort')));
}
$data['account_id'] = $cookie_account['account_id'];
$data['site_id'] = \Model_Sites::getSiteId();
$list_logins = \Model_AccountLogins::listLogins($data, $option);
// pagination config
$config['pagination_url'] = \Uri::main() . \Uri::getCurrentQuerystrings(true, true, false);
$config['total_items'] = $list_logins['total'];
$config['per_page'] = $option['limit'];
$config['uri_segment'] = 'page';
$config['num_links'] = 3;
$config['show_first'] = true;
$config['show_last'] = true;
$config['first-inactive'] = "\n\t\t<li class=\"disabled\">{link}</li>";
$config['first-inactive-link'] = '<a href="#">{page}</a>';
$config['first-marker'] = '«';
$config['last-inactive'] = "\n\t\t<li class=\"disabled\">{link}</li>";
$config['last-inactive-link'] = '<a href="#">{page}</a>';
$config['last-marker'] = '»';
$config['previous-marker'] = '‹';
$config['next-marker'] = '›';
$pagination = \Pagination::forge('viewlogins_pagination', $config);
$output['list_logins'] = $list_logins;
$output['pagination'] = $pagination;
unset($config, $data, $list_logins, $option, $pagination);
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('account_login_history'));
// <head> output ----------------------------------------------------------------------------------------------
return $this->generatePage('front/templates/account/viewlogins_v', $output, false);
}
public function action_index()
{
// load language
\Lang::load('admin');
\Lang::load('account');
// load config from db.
$cfg_values = array('member_max_login_fail', 'member_login_fail_wait_time');
$config = Model_Config::getvalues($cfg_values);
$output['config'] = $config;
unset($cfg_values);
// set active theme for admin. this controller is not based on admin controller, then it is require to set to admin theme.
$theme = \Theme::instance();
$theme->active($this->theme_system_name);
// set login redirect
if (\Input::get('rdr') != null) {
$output['go_to'] = urlencode(\Input::get('rdr'));
} else {
$output['go_to'] = urlencode(\Uri::create('admin'));
}
// read flash message for display errors. this is REQUIRED if you coding the check login with simultaneous login detection on.
// this is REQUIRED in login page. because failed 'is login' check will redirect to here.
$form_status = \Session::get_flash('form_status');
if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) {
$output['form_status'] = $form_status['form_status'];
$output['form_status_message'] = $form_status['form_status_message'];
}
unset($form_status);
// count login fail and show captcha.
if (\Session::get('login_all_fail_count', '0') >= $this->login_fail_time_show_captcha || \Session::get('show_captcha', false) === true) {
$output['show_captcha'] = true;
// if last time login failed is over wait time, reset it
if ((time() - \Session::get('login_all_fail_time', time())) / 60 > $config['member_login_fail_wait_time']['value']) {
// reset captcha requirement and wait time.
\Session::set('login_all_fail_count', \Session::get('login_all_fail_count') - ($this->login_fail_time_show_captcha + 1));
// do not reset this, just reduce to fail time show captcha+1. doing this to prevent brute force attack.
\Session::delete('login_all_fail_time');
\Session::delete('show_captcha');
}
}
// browser check
$output['browser_check'] = $this->browserCheck();
// if form submitted --------------------------------------------------------------------------------------------
if (\Input::method() == 'POST') {
// store data for login
$data['account_identity'] = trim(\Input::post('account_identity'));
if (strpos($data['account_identity'], '@') === false) {
$data['account_username'] = $data['account_identity'];
} else {
$data['account_email'] = $data['account_identity'];
}
$data['account_password'] = trim(\Input::post('account_password'));
// validate form.
$validate = \Validation::forge();
// check username or email required
$validate->add('account_identity', \Lang::get('account_username_or_email'), array(), array('required'));
$validate->add('account_password', \Lang::get('account_password'), array(), array('required'));
if (!\Extension\NoCsrf::check()) {
// validate token failed
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
$output['input_csrf_token'] = \Extension\NoCsrf::generate();
} elseif (!$validate->run()) {
// validate failed
$output['form_status'] = 'error';
$output['form_status_message'] = $validate->show_errors();
if (\Input::is_ajax()) {
$response = new \Response();
$response->set_header('Content-Type', 'application/json');
$response->body(json_encode($output));
return $response;
}
} else {
// count login failed and wait if it was exceed max failed allowed.
if (\Session::get('login_all_fail_count', '0') > $config['member_max_login_fail']['value'] && (time() - \Session::get('login_all_fail_time', time())) / 60 <= $config['member_login_fail_wait_time']['value']) {
// continuous login failed over max fail limit.
$result = Lang::get('account_login_failed_too_many', array('wait_minute' => $config['member_login_fail_wait_time']['value'], 'wait_til_time' => date('d F Y H:i:s', time() + $config['member_login_fail_wait_time']['value'] * 60)));
} else {
// not reach maximum limit
// check if show captcha
if (isset($output['show_captcha']) && $output['show_captcha'] === true) {
include APPPATH . 'vendor' . DS . 'securimage' . DS . 'securimage.php';
$securimage = new \Securimage();
if ($securimage->check(\Input::post('captcha')) == false) {
$result = \Lang::get('account_wrong_captcha_code');
}
}
// try to login. ---------------------------------------------
if (!isset($result) || isset($result) && $result == null) {
$result = \Model_Accounts::adminLogin($data);
}
}
// check login result ----------------------------------------------
if ($result === true) {
// success
$all_fail_count = 0;
\Session::delete('login_all_fail_count');
\Session::delete('login_all_fail_time');
\Session::delete('show_captcha');
if (\Input::is_ajax()) {
$output['login_status'] = true;
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('account_login_success');
if (!isset($output['go_to'])) {
$output['go_to'] = \Uri::main();
} else {
$output['go_to'] = urldecode($output['go_to']);
}
$response = new \Response();
$response->set_header('Content-Type', 'application/json');
$response->body(json_encode($output));
return $response;
} else {
if (isset($output['go_to'])) {
\Response::redirect(urldecode($output['go_to']));
} else {
\Response::redirect(\Uri::base());
}
}
} else {
// failed
$all_fail_count = \Session::get('login_all_fail_count', '0') + 1;
\Session::set('login_all_fail_count', $all_fail_count);
\Session::set('login_all_fail_time', time());
// if login fail count more than or equal to fail time show captcha
if ($all_fail_count >= $this->login_fail_time_show_captcha) {
$output['show_captcha'] = true;
\Session::set('show_captcha', true);
}
$output['form_status'] = 'error';
$output['form_status_message'] = $result;
if (\Input::is_ajax()) {
$response = new \Response();
$response->set_header('Content-Type', 'application/json');
$response->body(json_encode($output));
return $response;
}
}
}
// re-populate form
$output['account_identity'] = $data['account_identity'];
}
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('account_login'));
$output['page_meta'][] = '<meta name="robots" content="noindex, nofollow" />';
// <head> output ----------------------------------------------------------------------------------------------
// breadcrumb -------------------------------------------------------------------------------------------------
$page_breadcrumb = [];
$page_breadcrumb[0] = ['name' => \Lang::get('admin_admin_home'), 'url' => \Uri::create('admin')];
$page_breadcrumb[1] = ['name' => \Lang::get('account_login'), 'url' => \Uri::create('admin/login')];
$output['page_breadcrumb'] = $page_breadcrumb;
unset($page_breadcrumb);
// breadcrumb -------------------------------------------------------------------------------------------------
if (\Input::is_ajax()) {
$response = new \Response();
$response->set_header('Content-Type', 'application/json');
$response->body(json_encode($output));
return $response;
} else {
return $theme->view('admin/templates/login/index_v', $output, false);
}
}
public function action_index()
{
// load language
\Lang::load('account');
// is user logged in?
if (\Model_Accounts::isMemberLogin() == false) {
\Response::redirect(\Uri::create('account/login') . '?rdr=' . urlencode(\Uri::main()));
}
// load config from db.
$cfg_values = array('allow_avatar', 'avatar_size', 'avatar_allowed_types');
$config = \Model_Config::getvalues($cfg_values);
$output['config'] = $config;
// set config data to display in view file.
$output['allow_avatar'] = $config['allow_avatar']['value'];
$output['avatar_size'] = $config['avatar_size']['value'];
$output['avatar_allowed_types'] = $config['avatar_allowed_types']['value'];
unset($cfg_values);
// read flash message for display errors. this is REQUIRED if you coding the check login with simultaneous login detection on.
$form_status = \Session::get_flash('form_status');
if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) {
$output['form_status'] = $form_status['form_status'];
$output['form_status_message'] = $form_status['form_status_message'];
}
unset($form_status);
// get account id
$cookie_account = \Model_Accounts::forge()->getAccountCookie();
// get account data
$query = \Model_Accounts::query()->where('account_id', $cookie_account['account_id'])->where('account_username', $cookie_account['account_username'])->where('account_email', $cookie_account['account_email']);
if ($query->count() > 0) {
// found
$row = $query->get_one();
$output['row'] = $row;
// loop set data for display in form.
foreach ($row as $key => $field) {
$output[$key] = $field;
}
// get account_fields data of current user and send to views form
// to access data from view, use $account_field['field_name']. for example: the field_name is phone, just use $account_field['phone'];
$account_fields = \Model_AccountFields::getData($cookie_account['account_id']);
if ($account_fields->count() > 0) {
foreach ($account_fields as $af) {
$output['account_field'][$af->field_name] = \Extension\Str::isJsonFormat($af->field_value) ? json_decode($af->field_value, true) : $af->field_value;
}
}
unset($account_fields, $af);
// get timezone list to display.
\Config::load('timezone', 'timezone');
$output['timezone_list'] = \Config::get('timezone.timezone', array());
unset($query);
} else {
// not found account.
unset($cookie_account, $query);
\Model_Accounts::logout();
\Response::redirect(\Uri::create('account/login') . '?rdr=' . urlencode(\Uri::main()));
}
// if form submitted
if (\Input::method() == 'POST') {
// store data for save to db.
$data['account_id'] = $cookie_account['account_id'];
$data['account_username'] = $cookie_account['account_username'];
//trim(\Input::post('account_username'));//no, do not edit username.
$data['account_old_email'] = $cookie_account['account_email'];
$data['account_email'] = \Security::strip_tags(trim(\Input::post('account_email')));
$data['account_password'] = trim(\Input::post('account_password'));
$data['account_new_password'] = trim(\Input::post('account_new_password'));
$data['account_display_name'] = \Security::htmlentities(\Input::post('account_display_name'));
$data['account_firstname'] = \Security::htmlentities(trim(\Input::post('account_firstname', null)));
if ($data['account_firstname'] == null) {
$data['account_firstname'] = null;
}
$data['account_middlename'] = \Security::htmlentities(trim(\Input::post('account_middlename', null)));
if ($data['account_middlename'] == null) {
$data['account_middlename'] = null;
}
$data['account_lastname'] = \Security::htmlentities(trim(\Input::post('account_lastname', null)));
if ($data['account_lastname'] == null) {
$data['account_lastname'] = null;
}
$data['account_birthdate'] = \Security::strip_tags(trim(\Input::post('account_birthdate', null)));
if ($data['account_birthdate'] == null) {
$data['account_birthdate'] = null;
}
$data['account_signature'] = \Security::htmlentities(trim(\Input::post('account_signature', null)));
if ($data['account_signature'] == null) {
$data['account_signature'] = null;
}
$data['account_timezone'] = \Security::strip_tags(trim(\Input::post('account_timezone')));
$data['account_language'] = \Security::strip_tags(trim(\Input::post('account_language', null)));
if ($data['account_language'] == null) {
$data['account_language'] = null;
}
// store data for account_fields
$data_field = array();
if (is_array(\Input::post('account_field'))) {
foreach (\Input::post('account_field') as $field_name => $field_value) {
if (is_string($field_name)) {
if (is_array($field_value)) {
$field_value = json_encode($field_value);
}
$data_field[$field_name] = $field_value;
}
}
}
unset($field_name, $field_value);
// validate form.
$validate = \Validation::forge();
$validate->add_callable(new \Extension\FsValidate());
//$validate->add('account_username', \Lang::get('account_username'), array(), array('required', 'noSpaceBetweenText'));//no, do not edit username.
$validate->add('account_email', \Lang::get('account_email'), array(), array('required', 'valid_email'));
$validate->add('account_display_name', \Lang::get('account_display_name'), array(), array('required'));
$validate->add('account_birthdate', \Lang::get('account_birthdate'))->add_rule('valid_date', 'Y-m-d');
$validate->add('account_timezone', \Lang::get('account_timezone'), array(), array('required'));
if (!\Extension\NoCsrf::check()) {
// validate token failed
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
} elseif (!$validate->run()) {
// validate failed
$output['form_status'] = 'error';
$output['form_status_message'] = $validate->show_errors();
} else {
// save
$result = \Model_accounts::memberEditProfile($data, $data_field);
if ($result === true) {
if (\Session::get_flash('form_status', null, false) == null) {
\Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('account_saved')));
}
\Response::redirect(\Uri::main());
} else {
$output['form_status'] = 'error';
$output['form_status_message'] = $result;
}
}
// re-populate form
//$output['account_username'] = trim(\Input::post('account_username'));//no, do not edit username.
$output['account_email'] = trim(\Input::post('account_email'));
$output['account_display_name'] = trim(\Input::post('account_display_name'));
$output['account_firstname'] = trim(\Input::post('account_firstname'));
$output['account_middlename'] = trim(\Input::post('account_middlename'));
$output['account_lastname'] = trim(\Input::post('account_lastname'));
$output['account_birthdate'] = trim(\Input::post('account_birthdate'));
$output['account_signature'] = trim(\Input::post('account_signature'));
$output['account_timezone'] = trim(\Input::post('account_timezone'));
$output['account_language'] = trim(\Input::post('account_language'));
// re-populate form for account fields
if (is_array(\Input::post('account_field'))) {
foreach (\Input::post('account_field') as $field_name => $field_value) {
if (is_string($field_name)) {
$output['account_field'][$field_name] = $field_value;
}
}
}
unset($field_name, $field_value);
}
// clear variables
unset($cookie_account, $data, $result);
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('account_edit'));
// <head> output ----------------------------------------------------------------------------------------------
return $this->generatePage('front/templates/account/edit_v', $output, false);
}
public function action_index($account_id = '', $confirm_code = '', $action = '')
{
// load language
\Lang::load('account');
// get config
$cfg_values = array('member_confirm_wait_time');
$config = Model_Config::getvalues($cfg_values);
$output['config'] = $config;
unset($cfg_values);
$output['reset_action'] = $action;
// check account id and confirm code.
$query = \Model_Accounts::query()->where('account_id', $account_id)->where('account_confirm_code', $confirm_code);
if ($query->count() <= 0) {
$output['hide_form'] = true;
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('account_invalid_reset_password_request_code');
}
// if cancel reset password
if ($action == 'cancel' && $query->count() > 0) {
// cancel no need to use form, hide it.
$output['hide_form'] = true;
// empty confirm code.
$row = $query->get_one();
$row->account_confirm_code = null;
$row->account_confirm_code_since = null;
$row->save();
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('account_your_reset_password_request_was_cancelled');
}
// form submitted
if (\Input::method() == 'POST' && $action == 'reset') {
$data['account_password'] = trim(\Input::post('account_password'));
// validate form.
$validate = \Validation::forge();
$validate->add('account_password', \Lang::get('account_password'), array(), array('required'));
$validate->add('account_confirm_password', \Lang::get('account_confirm_password'), array(), array('required'))->add_rule('match_field', 'account_password');
if (!\Extension\NoCsrf::check()) {
// validate token failed
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
} elseif (!$validate->run()) {
// validate failed
$output['form_status'] = 'error';
$output['form_status_message'] = $validate->show_errors();
} else {
$row = $query->get_one();
$cfg_member_confirm_wait_time = $config['member_confirm_wait_time']['value'] * 60;
if (time() - $row->account_confirm_code_since > $cfg_member_confirm_wait_time) {
// confirm wait time is too long than limit.
$output['form_status'] = 'error';
$output['form_status_message'] = \Lang::get('account_reset_password_time_expired');
// empty confirm code.
$row->account_confirm_code = null;
$row->account_confirm_code_since = null;
$row->save();
} else {
// empty confirm code and update password
$row->account_password = \Model_Accounts::forge()->hashPassword($data['account_password']);
$row->account_confirm_code = null;
$row->account_confirm_code_since = null;
$row->save();
$output['hide_form'] = true;
$output['form_status'] = 'success';
$output['form_status_message'] = \Lang::get('account_reset_password_successfully');
}
}
unset($cfg_member_confirm_wait_time, $data, $validate);
}
unset($config, $query, $row);
// <head> output ----------------------------------------------------------------------------------------------
$output['page_title'] = $this->generateTitle(\Lang::get('account_reset_password'));
// <head> output ----------------------------------------------------------------------------------------------
return $this->generatePage('front/templates/account/resetpw_v', $output, false);
}