Beispiel #1
0
 public function action_index()
 {
     // load language
     \Lang::load('account');
     if (\Input::method() == 'POST') {
         // store data for model
         $data['account_email'] = \Security::strip_tags(trim(\Input::post('account_email')));
         // validate form.
         $validate = \Validation::forge();
         $validate->add('account_email', \Lang::get('account_email'), array(), array('required', 'valid_email'));
         if (!\Extension\NoCsrf::check(null, null, null, null, false)) {
             // validate token failed
             $output['form_status'] = 'error';
             $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
         } elseif (!$validate->run()) {
             // validate failed
             $output['form_status'] = 'error';
             $output['form_status_message'] = $validate->show_errors();
         } else {
             // check registered emails with not confirm
             $query = \Model_Accounts::query()->select('account_id', 'account_username', 'account_email')->where('account_email', $data['account_email'])->where('account_last_login', null)->where('account_status', '0')->where('account_confirm_code', '!=', 'NULL');
             if ($query->count() <= 0) {
                 $output['form_status'] = 'error';
                 $output['form_status_message'] = \Lang::get('account_didnot_found_entered_email');
             } else {
                 $row = $query->get_one();
                 // generate confirm code
                 $data['account_confirm_code'] = \Str::random('alnum', 6);
                 $data['account_username'] = $row->account_username;
                 $options['not_notify_admin'] = true;
                 // send email to let user confirm registration
                 $result = \Model_Accounts::forge()->sendRegisterEmail($data, $options);
                 if ($result === true) {
                     $account = \Model_Accounts::find($row->account_id);
                     $account->account_confirm_code = $data['account_confirm_code'];
                     $account->save();
                     $output['form_status'] = 'success';
                     $output['form_status_message'] = \Lang::get('account_registration_completed_need_confirm');
                 } else {
                     $output['form_status'] = 'error';
                     $output['form_status_message'] = $result;
                 }
             }
         }
         // re-populate form
         $output['account_email'] = trim(\Input::post('account_email'));
     }
     // <head> output ----------------------------------------------------------------------------------------------
     $output['page_title'] = $this->generateTitle(\Lang::get('account_resend_confirm_registration_email'));
     // <head> output ----------------------------------------------------------------------------------------------
     return $this->generatePage('front/templates/account/resendactivate_v', $output, false);
 }
Beispiel #2
0
 public function action_index()
 {
     // load language
     \Lang::load('account');
     // is user logged in?
     if (\Model_Accounts::isMemberLogin() == false) {
         \Response::redirect(\Uri::create('account/login') . '?rdr=' . urlencode(\Uri::main()));
     }
     // load config from db.
     $cfg_values = array('allow_avatar', 'avatar_size', 'avatar_allowed_types');
     $config = \Model_Config::getvalues($cfg_values);
     $output['config'] = $config;
     // set config data to display in view file.
     $output['allow_avatar'] = $config['allow_avatar']['value'];
     $output['avatar_size'] = $config['avatar_size']['value'];
     $output['avatar_allowed_types'] = $config['avatar_allowed_types']['value'];
     unset($cfg_values);
     // read flash message for display errors. this is REQUIRED if you coding the check login with simultaneous login detection on.
     $form_status = \Session::get_flash('form_status');
     if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) {
         $output['form_status'] = $form_status['form_status'];
         $output['form_status_message'] = $form_status['form_status_message'];
     }
     unset($form_status);
     // get account id
     $cookie_account = \Model_Accounts::forge()->getAccountCookie();
     // get account data
     $query = \Model_Accounts::query()->where('account_id', $cookie_account['account_id'])->where('account_username', $cookie_account['account_username'])->where('account_email', $cookie_account['account_email']);
     if ($query->count() > 0) {
         // found
         $row = $query->get_one();
         $output['row'] = $row;
         // loop set data for display in form.
         foreach ($row as $key => $field) {
             $output[$key] = $field;
         }
         // get account_fields data of current user and send to views form
         // to access data from view, use $account_field['field_name']. for example: the field_name is phone, just use $account_field['phone'];
         $account_fields = \Model_AccountFields::getData($cookie_account['account_id']);
         if ($account_fields->count() > 0) {
             foreach ($account_fields as $af) {
                 $output['account_field'][$af->field_name] = \Extension\Str::isJsonFormat($af->field_value) ? json_decode($af->field_value, true) : $af->field_value;
             }
         }
         unset($account_fields, $af);
         // get timezone list to display.
         \Config::load('timezone', 'timezone');
         $output['timezone_list'] = \Config::get('timezone.timezone', array());
         unset($query);
     } else {
         // not found account.
         unset($cookie_account, $query);
         \Model_Accounts::logout();
         \Response::redirect(\Uri::create('account/login') . '?rdr=' . urlencode(\Uri::main()));
     }
     // if form submitted
     if (\Input::method() == 'POST') {
         // store data for save to db.
         $data['account_id'] = $cookie_account['account_id'];
         $data['account_username'] = $cookie_account['account_username'];
         //trim(\Input::post('account_username'));//no, do not edit username.
         $data['account_old_email'] = $cookie_account['account_email'];
         $data['account_email'] = \Security::strip_tags(trim(\Input::post('account_email')));
         $data['account_password'] = trim(\Input::post('account_password'));
         $data['account_new_password'] = trim(\Input::post('account_new_password'));
         $data['account_display_name'] = \Security::htmlentities(\Input::post('account_display_name'));
         $data['account_firstname'] = \Security::htmlentities(trim(\Input::post('account_firstname', null)));
         if ($data['account_firstname'] == null) {
             $data['account_firstname'] = null;
         }
         $data['account_middlename'] = \Security::htmlentities(trim(\Input::post('account_middlename', null)));
         if ($data['account_middlename'] == null) {
             $data['account_middlename'] = null;
         }
         $data['account_lastname'] = \Security::htmlentities(trim(\Input::post('account_lastname', null)));
         if ($data['account_lastname'] == null) {
             $data['account_lastname'] = null;
         }
         $data['account_birthdate'] = \Security::strip_tags(trim(\Input::post('account_birthdate', null)));
         if ($data['account_birthdate'] == null) {
             $data['account_birthdate'] = null;
         }
         $data['account_signature'] = \Security::htmlentities(trim(\Input::post('account_signature', null)));
         if ($data['account_signature'] == null) {
             $data['account_signature'] = null;
         }
         $data['account_timezone'] = \Security::strip_tags(trim(\Input::post('account_timezone')));
         $data['account_language'] = \Security::strip_tags(trim(\Input::post('account_language', null)));
         if ($data['account_language'] == null) {
             $data['account_language'] = null;
         }
         // store data for account_fields
         $data_field = array();
         if (is_array(\Input::post('account_field'))) {
             foreach (\Input::post('account_field') as $field_name => $field_value) {
                 if (is_string($field_name)) {
                     if (is_array($field_value)) {
                         $field_value = json_encode($field_value);
                     }
                     $data_field[$field_name] = $field_value;
                 }
             }
         }
         unset($field_name, $field_value);
         // validate form.
         $validate = \Validation::forge();
         $validate->add_callable(new \Extension\FsValidate());
         //$validate->add('account_username', \Lang::get('account_username'), array(), array('required', 'noSpaceBetweenText'));//no, do not edit username.
         $validate->add('account_email', \Lang::get('account_email'), array(), array('required', 'valid_email'));
         $validate->add('account_display_name', \Lang::get('account_display_name'), array(), array('required'));
         $validate->add('account_birthdate', \Lang::get('account_birthdate'))->add_rule('valid_date', 'Y-m-d');
         $validate->add('account_timezone', \Lang::get('account_timezone'), array(), array('required'));
         if (!\Extension\NoCsrf::check()) {
             // validate token failed
             $output['form_status'] = 'error';
             $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
         } elseif (!$validate->run()) {
             // validate failed
             $output['form_status'] = 'error';
             $output['form_status_message'] = $validate->show_errors();
         } else {
             // save
             $result = \Model_accounts::memberEditProfile($data, $data_field);
             if ($result === true) {
                 if (\Session::get_flash('form_status', null, false) == null) {
                     \Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('account_saved')));
                 }
                 \Response::redirect(\Uri::main());
             } else {
                 $output['form_status'] = 'error';
                 $output['form_status_message'] = $result;
             }
         }
         // re-populate form
         //$output['account_username'] = trim(\Input::post('account_username'));//no, do not edit username.
         $output['account_email'] = trim(\Input::post('account_email'));
         $output['account_display_name'] = trim(\Input::post('account_display_name'));
         $output['account_firstname'] = trim(\Input::post('account_firstname'));
         $output['account_middlename'] = trim(\Input::post('account_middlename'));
         $output['account_lastname'] = trim(\Input::post('account_lastname'));
         $output['account_birthdate'] = trim(\Input::post('account_birthdate'));
         $output['account_signature'] = trim(\Input::post('account_signature'));
         $output['account_timezone'] = trim(\Input::post('account_timezone'));
         $output['account_language'] = trim(\Input::post('account_language'));
         // re-populate form for account fields
         if (is_array(\Input::post('account_field'))) {
             foreach (\Input::post('account_field') as $field_name => $field_value) {
                 if (is_string($field_name)) {
                     $output['account_field'][$field_name] = $field_value;
                 }
             }
         }
         unset($field_name, $field_value);
     }
     // clear variables
     unset($cookie_account, $data, $result);
     // <head> output ----------------------------------------------------------------------------------------------
     $output['page_title'] = $this->generateTitle(\Lang::get('account_edit'));
     // <head> output ----------------------------------------------------------------------------------------------
     return $this->generatePage('front/templates/account/edit_v', $output, false);
 }
Beispiel #3
0
 public function action_multiple()
 {
     $ids = \Input::post('id');
     $act = trim(\Input::post('act'));
     $redirect = $this->getAndSetSubmitRedirection();
     if (\Extension\NoCsrf::check()) {
         // if action is delete.
         if ($act == 'del') {
             // check permission.
             if (\Model_AccountLevelPermission::checkAdminPermission('account_perm', 'account_delete_perm') == false) {
                 \Response::redirect($redirect);
             }
             if (is_array($ids)) {
                 foreach ($ids as $id) {
                     // get target level group id
                     $lvls = \DB::select()->as_object()->from(\Model_AccountLevel::getTableName())->where('account_id', $id)->execute();
                     // not found
                     if (count($lvls) <= 0) {
                         continue;
                     } else {
                         // format level group for check can i add, edit
                         $level_group = array();
                         foreach ($lvls as $lvl) {
                             $level_group[] = $lvl->level_group_id;
                         }
                     }
                     if (\Model_Accounts::forge()->canIAddEditAccount($level_group) == true) {
                         // delete account.
                         \Model_Accounts::deleteAccount($id);
                         // clear cache
                         \Extension\Cache::deleteCache('model.accounts-checkAccount-' . \Model_Sites::getSiteId() . '-' . $id);
                     }
                 }
             }
         } elseif ($act == 'enable') {
             // check permission.
             if (\Model_AccountLevelPermission::checkAdminPermission('account_perm', 'account_delete_perm') == false) {
                 \Response::redirect($redirect);
             }
             if (is_array($ids)) {
                 foreach ($ids as $id) {
                     if ($id == '0') {
                         continue;
                     }
                     // get target level group id
                     $lvls = \DB::select()->as_object()->from(\Model_AccountLevel::getTableName())->where('account_id', $id)->execute();
                     // not found
                     if (count($lvls) <= 0) {
                         continue;
                     } else {
                         // format level group for check can i add, edit
                         $level_group = array();
                         foreach ($lvls as $lvl) {
                             $level_group[] = $lvl->level_group_id;
                         }
                     }
                     if (\Model_Accounts::forge()->canIAddEditAccount($level_group) == true) {
                         \DB::update(\Model_Accounts::getTableName())->where('account_id', $id)->set(['account_status' => '1', 'account_status_text' => null])->execute();
                         unset($entry);
                     }
                     // clear cache
                     \Extension\Cache::deleteCache('model.accounts-checkAccount-' . \Model_Sites::getSiteId() . '-' . $id);
                 }
             }
         } elseif ($act == 'disable') {
             // check permission.
             if (\Model_AccountLevelPermission::checkAdminPermission('account_perm', 'account_delete_perm') == false) {
                 \Response::redirect($redirect);
             }
             if (is_array($ids)) {
                 foreach ($ids as $id) {
                     if ($id == '0') {
                         continue;
                     }
                     // get target level group id
                     $lvls = \DB::select()->as_object()->from(\Model_AccountLevel::getTableName())->where('account_id', $id)->execute();
                     // not found
                     if (count($lvls) <= 0) {
                         continue;
                     } else {
                         // format level group for check can i add, edit
                         $level_group = array();
                         foreach ($lvls as $lvl) {
                             $level_group[] = $lvl->level_group_id;
                         }
                     }
                     if (\Model_Accounts::forge()->canIAddEditAccount($level_group) == true) {
                         \DB::update(\Model_Accounts::getTableName())->where('account_id', $id)->set(['account_status' => '0', 'account_status_text' => null])->execute();
                     }
                     // clear cache
                     \Extension\Cache::deleteCache('model.accounts-checkAccount-' . \Model_Sites::getSiteId() . '-' . $id);
                 }
             }
         }
     }
     // go back
     \Response::redirect($redirect);
 }
 public function getMyAccountId()
 {
     $account_id = 0;
     $ca = \Model_Accounts::forge()->getAccountCookie('admin');
     if (isset($ca['account_id'])) {
         $account_id = $ca['account_id'];
     }
     unset($ca);
     return $account_id;
 }
 private function checkAccountData($account_id = '')
 {
     if ($account_id == null) {
         $cookie_account = \Model_Accounts::forge()->getAccountCookie('admin');
         $account_id = 0;
         if (isset($cookie_account['account_id'])) {
             $account_id = $cookie_account['account_id'];
         }
     }
     if ($account_id == 0 || !is_numeric($account_id)) {
         return \Lang::get('acperm_account_not_found');
     }
     $account = \Model_Accounts::find($account_id);
     // if not found account.
     if ($account == null) {
         unset($account);
         return \Lang::get('acperm_account_not_found');
     }
     // set level groups for check that this admin can set permission for this user.
     // lower admin level cannot add/edit/delete/change permission for admin that has higher level.
     $level_groups = array();
     foreach ($account->account_level as $lvl) {
         $level_groups[] = $lvl->level_group_id;
     }
     if (\Model_Accounts::forge()->canIAddEditAccount($level_groups) == false) {
         \Lang::load('account');
         return \Lang::get('account_you_cannot_edit_account_that_contain_role_higher_than_yours');
     }
     return $account;
 }
Beispiel #6
0
 public function action_index()
 {
     // is user logged in?
     if (\Model_Accounts::isMemberLogin() == false) {
         \Response::redirect(\Uri::create('account/login') . '?rdr=' . urlencode(\Uri::main()));
     }
     // load language
     \Lang::load('account');
     \Lang::load('accountlogins');
     // get account id
     $cookie_account = \Model_Accounts::forge()->getAccountCookie();
     // get account data
     $row = \Model_Accounts::find($cookie_account['account_id']);
     if ($row == null) {
         // not found user data.
         unset($row);
         \Response::redirect(\Uri::main());
     }
     $output['account'] = $row;
     // set sort variable for sortable in views.
     $next_sort = \Security::strip_tags(trim(\Input::get('sort')));
     if ($next_sort == null || $next_sort == 'DESC') {
         $next_sort = 'ASC';
     } else {
         $next_sort = 'DESC';
     }
     $output['next_sort'] = $next_sort;
     unset($next_sort);
     // list logins -----------------------------------------------------------------------------------------------------
     $option['limit'] = \Model_Config::getval('content_items_perpage');
     $option['offset'] = trim(\Input::get('page')) != null ? ((int) \Input::get('page') - 1) * $option['limit'] : 0;
     if (\Security::strip_tags(trim(\Input::get('orders'))) != null) {
         $option['orders'] = \Security::strip_tags(trim(\Input::get('orders')));
     }
     if (\Security::strip_tags(trim(\Input::get('sort'))) != null) {
         $option['sort'] = \Security::strip_tags(trim(\Input::get('sort')));
     }
     $data['account_id'] = $cookie_account['account_id'];
     $data['site_id'] = \Model_Sites::getSiteId();
     $list_logins = \Model_AccountLogins::listLogins($data, $option);
     // pagination config
     $config['pagination_url'] = \Uri::main() . \Uri::getCurrentQuerystrings(true, true, false);
     $config['total_items'] = $list_logins['total'];
     $config['per_page'] = $option['limit'];
     $config['uri_segment'] = 'page';
     $config['num_links'] = 3;
     $config['show_first'] = true;
     $config['show_last'] = true;
     $config['first-inactive'] = "\n\t\t<li class=\"disabled\">{link}</li>";
     $config['first-inactive-link'] = '<a href="#">{page}</a>';
     $config['first-marker'] = '&laquo;';
     $config['last-inactive'] = "\n\t\t<li class=\"disabled\">{link}</li>";
     $config['last-inactive-link'] = '<a href="#">{page}</a>';
     $config['last-marker'] = '&raquo;';
     $config['previous-marker'] = '&lsaquo;';
     $config['next-marker'] = '&rsaquo;';
     $pagination = \Pagination::forge('viewlogins_pagination', $config);
     $output['list_logins'] = $list_logins;
     $output['pagination'] = $pagination;
     unset($config, $data, $list_logins, $option, $pagination);
     // <head> output ----------------------------------------------------------------------------------------------
     $output['page_title'] = $this->generateTitle(\Lang::get('account_login_history'));
     // <head> output ----------------------------------------------------------------------------------------------
     return $this->generatePage('front/templates/account/viewlogins_v', $output, false);
 }
Beispiel #7
0
 public function action_index($account_id = '', $confirm_code = '', $action = '')
 {
     // load language
     \Lang::load('account');
     // get config
     $cfg_values = array('member_confirm_wait_time');
     $config = Model_Config::getvalues($cfg_values);
     $output['config'] = $config;
     unset($cfg_values);
     $output['reset_action'] = $action;
     // check account id and confirm code.
     $query = \Model_Accounts::query()->where('account_id', $account_id)->where('account_confirm_code', $confirm_code);
     if ($query->count() <= 0) {
         $output['hide_form'] = true;
         $output['form_status'] = 'error';
         $output['form_status_message'] = \Lang::get('account_invalid_reset_password_request_code');
     }
     // if cancel reset password
     if ($action == 'cancel' && $query->count() > 0) {
         // cancel no need to use form, hide it.
         $output['hide_form'] = true;
         // empty confirm code.
         $row = $query->get_one();
         $row->account_confirm_code = null;
         $row->account_confirm_code_since = null;
         $row->save();
         $output['form_status'] = 'success';
         $output['form_status_message'] = \Lang::get('account_your_reset_password_request_was_cancelled');
     }
     // form submitted
     if (\Input::method() == 'POST' && $action == 'reset') {
         $data['account_password'] = trim(\Input::post('account_password'));
         // validate form.
         $validate = \Validation::forge();
         $validate->add('account_password', \Lang::get('account_password'), array(), array('required'));
         $validate->add('account_confirm_password', \Lang::get('account_confirm_password'), array(), array('required'))->add_rule('match_field', 'account_password');
         if (!\Extension\NoCsrf::check()) {
             // validate token failed
             $output['form_status'] = 'error';
             $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
         } elseif (!$validate->run()) {
             // validate failed
             $output['form_status'] = 'error';
             $output['form_status_message'] = $validate->show_errors();
         } else {
             $row = $query->get_one();
             $cfg_member_confirm_wait_time = $config['member_confirm_wait_time']['value'] * 60;
             if (time() - $row->account_confirm_code_since > $cfg_member_confirm_wait_time) {
                 // confirm wait time is too long than limit.
                 $output['form_status'] = 'error';
                 $output['form_status_message'] = \Lang::get('account_reset_password_time_expired');
                 // empty confirm code.
                 $row->account_confirm_code = null;
                 $row->account_confirm_code_since = null;
                 $row->save();
             } else {
                 // empty confirm code and update password
                 $row->account_password = \Model_Accounts::forge()->hashPassword($data['account_password']);
                 $row->account_confirm_code = null;
                 $row->account_confirm_code_since = null;
                 $row->save();
                 $output['hide_form'] = true;
                 $output['form_status'] = 'success';
                 $output['form_status_message'] = \Lang::get('account_reset_password_successfully');
             }
         }
         unset($cfg_member_confirm_wait_time, $data, $validate);
     }
     unset($config, $query, $row);
     // <head> output ----------------------------------------------------------------------------------------------
     $output['page_title'] = $this->generateTitle(\Lang::get('account_reset_password'));
     // <head> output ----------------------------------------------------------------------------------------------
     return $this->generatePage('front/templates/account/resetpw_v', $output, false);
 }