/**
* Show the password form. If the visitor gives the correct password, they
* are redirected to the page they came from, if any.
*
* @return \Twig_Markup
*/
public function passwordForm()
{
// Set up the form.
$form = $this->app['form.factory']->createBuilder('form');
if ($this->config['password_only'] == false) {
$form->add('username', 'text');
}
$form->add('password', 'password');
$form = $form->getForm();
if ($this->app['request']->getMethod() == 'POST') {
$form->bind($this->app['request']);
$data = $form->getData();
if ($form->isValid() && $this->checkLogin($data)) {
// Set the session var, so we're authenticated..
$this->app['session']->set('passwordprotect', 1);
$this->app['session']->set('passwordprotect_name', $this->checkLogin($data));
// Print a friendly message..
printf("<p class='message-correct'>%s</p>", $this->config['message_correct']);
$returnto = $this->app['request']->get('returnto');
// And back we go, to the page we originally came from..
if (!empty($returnto)) {
Lib::simpleredirect($returnto);
die;
}
} else {
// Remove the session var, so we can test 'logging off'..
$this->app['session']->remove('passwordprotect');
$this->app['session']->remove('passwordprotect_name');
// Print a friendly message..
if (!empty($data['password'])) {
printf("<p class='message-wrong'>%s</p>", $this->config['message_wrong']);
}
}
}
// Render the form, and show it it the visitor.
$this->app['twig.loader.filesystem']->addPath(__DIR__);
$html = $this->app['twig']->render('assets/passwordform.twig', array('form' => $form->createView()));
return new \Twig_Markup($html, 'UTF-8');
}
/**
* @runInSeparateProcess
*/
public function testSimpleRedirectAbort()
{
$app = $this->getApp();
$this->setExpectedException('Symfony\\Component\\HttpKernel\\Exception\\HttpException', "Redirecting to '/test2'.");
$this->expectOutputString("<p>Redirecting to <a href='/test2'>/test2</a>.</p><script>window.setTimeout(function () { window.location='/test2'; }, 500);</script>");
$redirect = Library::simpleredirect('/test2', true);
}
/**
* Check if a user is logged in, and has the proper required permission. If
* not, we redirect the user to the dashboard.
*
* @param string $permission
*
* @return bool True if permission allowed
*/
public function requireUserPermission($permission = 'dashboard')
{
if ($this->app['users']->isAllowed($permission)) {
return true;
} else {
Lib::simpleredirect($this->app['config']->get('general/branding/path'));
return false;
}
}
public function slugTreeRecord($slug)
{
// Add snippets, since this is a Frontend route.
$this->app['htmlsnippets'] = true;
if (strripos($slug, '/')) {
// find the last "/"" in the slug
//dump($slug);
// dump($this->app['config']);
// dump($this->app['config']->get('data/contenttypes'));
// dump($this->app['config']->get('general/homepage_template'));
// dump(strripos($slug, '/') == strlen($slug));
// dump(strripos($slug, '/'));
// dump(strlen($slug));
$slug = rtrim($slug, '/');
if (in_array($slug, array('blogs', 'locations', 'structures', 'pages', 'blogposts', 'jobs', 'events', 'persons', 'network', 'publications', 'pressreleases', 'projects', 'taskforces', 'homepage', 'footers'))) {
switch ($slug) {
case 'blogs':
//dump('redirect blogs');
\Bolt\Library::simpleredirect('/blogposts');
die;
break;
default:
\Bolt\Library::simpleredirect('/' . $slug);
die;
break;
}
}
}
// $slug = \Bolt\Helpers\String::slug($slug, -1);
$slug = $this->app['slugify']->slugify($slug);
$contenttype = $this->getContenttypeBySlug($slug, true);
$frontend = new Bolt\Controllers\Frontend();
return $frontend->record($this->app, $contenttype, $slug);
}
/**
* Redirect the browser to another page.
*
* @param boolean $safe
*
* @return string
*/
public function redirect($path, $safe)
{
// Nope! We're not allowing user-supplied content to issue redirects.
if ($safe) {
return null;
}
Lib::simpleredirect($path);
return '';
}
/**
* Create a simple Form.
*
* @param string $formname
* @internal param string $name
* @return string
*/
public function simpleForm($formname = "", $with = array())
{
// Make sure that we allow a session cookie for pages with a form. If we don't, the
// form's CSRF token will not work correctly. This might be a temporary fix, depending
// on how we're going to solve the 'cookies in frontend'-issue.
// @see https://github.com/bolt/bolt/issues/3425
$this->app['config']->set('general/cookies_no_frontend', false);
$this->app['twig.loader.filesystem']->addPath(__DIR__);
// Select which form to use..
if (isset($this->config[$formname])) {
$formconfig = $this->config[$formname];
} else {
return "Simpleforms notice: No form known by name '{$formname}'.";
}
// Set the mail configuration for empty fields to the global defaults if they exist
foreach ($this->global_fields as $configkey) {
if (!array_key_exists($configkey, $formconfig) && !empty($this->config[$configkey])) {
$formconfig[$configkey] = $this->config[$configkey];
} elseif (!array_key_exists($configkey, $formconfig) && empty($this->config[$configkey])) {
$formconfig[$configkey] = false;
}
}
// translate labels if labels extension exists
if ($this->labelsenabled) {
$this->labelfields($formconfig);
}
if ($formconfig['debugmode'] == true) {
dump('Building ' . $formname);
dump($formconfig);
}
$message = "";
$error = "";
$sent = false;
$form = $this->app['form.factory']->createNamedBuilder($formname, 'form', null, array('csrf_protection' => $this->config['csrf']));
foreach ($formconfig['fields'] as $name => $field) {
$options = $this->buildField($name, $field, $with, $formname);
// only add known fields with options to the form
if ($options) {
$form->add($name, $options['attr']['type'], $options);
}
}
$form = $form->getForm();
require_once 'recaptcha-php-1.11/recaptchalib.php';
if ('POST' == $this->app['request']->getMethod()) {
if (!$this->app['request']->request->has($formname)) {
// we're not submitting this particular form
if ($formconfig['debugmode'] == true) {
$error .= "we're not submitting this form: " . $formname;
}
$sent = false;
} else {
// ok we're really submitting this form
$isRecaptchaValid = true;
// to prevent ReCaptcha check if not enabled
if ($this->config['recaptcha_enabled']) {
$isRecaptchaValid = false;
// by Default
$resp = recaptcha_check_answer($this->config['recaptcha_private_key'], $this->getRemoteAddress(), $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
$isRecaptchaValid = $resp->is_valid;
}
if ($isRecaptchaValid) {
$form->bind($this->app['request']);
if ($form->isValid()) {
$res = $this->processForm($formconfig, $form, $formname);
if ($res) {
$message = $formconfig['message_ok'];
$sent = true;
// If redirect_on_ok is set, redirect to that page when succesful.
if (!empty($formconfig['redirect_on_ok'])) {
$redirectpage = $this->app['storage']->getContent($formconfig['redirect_on_ok']);
if ($formconfig['debugmode'] == true) {
dump('Redirecting ' . $formconfig['redirect_on_ok']);
dump($redirectpage);
if ($redirectpage) {
dump("Redirect link: " . $redirectpage->link());
} else {
dump("redirectpage is missing for " . $formname);
}
} elseif ($redirectpage) {
return Lib::simpleredirect($redirectpage->link());
} else {
dump("redirectpage is missing for " . $formname);
}
}
} else {
$error = $formconfig['message_technical'];
}
} else {
$error = $formconfig['message_error'];
}
} else {
$error = $this->config['recaptcha_error_message'];
}
}
}
$use_ssl = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off';
$formhtml = $this->app['render']->render($formconfig['template'], array("submit" => "Send", "form" => $form->createView(), "message" => $message, "error" => $error, "sent" => $sent, "formname" => $formname, "recaptcha_html" => $this->config['recaptcha_enabled'] ? recaptcha_get_html($this->config['recaptcha_public_key'], null, $use_ssl) : '', "recaptcha_theme" => $this->config['recaptcha_enabled'] ? $this->config['recaptcha_theme'] : '', "button_text" => $formconfig['button_text'], "button_class" => $formconfig['button_class']));
return new \Twig_Markup($formhtml, 'UTF-8');
}
/**
* Edit a unit of content, or create a new one.
*
* @param string $contenttypeslug The content type slug
* @param integer $id The content ID
* @param Application $app The application/container
* @param Request $request The Symfony Request
*
* @return \Twig_Markup|\Symfony\Component\HttpFoundation\RedirectResponse
*/
public function editContent($contenttypeslug, $id, Application $app, Request $request)
{
// Make sure the user is allowed to see this page, based on 'allowed contenttypes'
// for Editors.
if (empty($id)) {
$perm = "contenttype:{$contenttypeslug}:create";
$new = true;
} else {
$perm = "contenttype:{$contenttypeslug}:edit:{$id}";
$new = false;
}
if (!$app['users']->isAllowed($perm)) {
$app['session']->getFlashBag()->add('error', Trans::__('You do not have the right privileges to edit that record.'));
return Lib::redirect('dashboard');
}
// set the editreferrer in twig if it was not set yet.
$tmp = parse_url($app['request']->server->get('HTTP_REFERER'));
$tmpreferrer = $tmp['path'];
if (!empty($tmp['query'])) {
$tmpreferrer .= '?' . $tmp['query'];
}
if (strpos($tmpreferrer, '/overview/') !== false || $tmpreferrer == $app['paths']['bolt']) {
$app['twig']->addGlobal('editreferrer', $tmpreferrer);
}
$contenttype = $app['storage']->getContentType($contenttypeslug);
if ($request->isMethod('POST')) {
if (!$app['users']->checkAntiCSRFToken()) {
$app->abort(Response::HTTP_BAD_REQUEST, Trans::__('Something went wrong'));
}
if (!empty($id)) {
// Check if we're allowed to edit this content.
if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:edit:{$id}")) {
$app['session']->getFlashBag()->add('error', Trans::__('You do not have the right privileges to edit that record.'));
return Lib::redirect('dashboard');
}
} else {
// Check if we're allowed to create content.
if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:create")) {
$app['session']->getFlashBag()->add('error', Trans::__('You do not have the right privileges to create a new record.'));
return Lib::redirect('dashboard');
}
}
// If we have an ID now, this is an existing record
if ($id) {
$content = $app['storage']->getContent($contenttype['slug'], array('id' => $id, 'status' => '!undefined'));
$oldStatus = $content['status'];
} else {
$content = $app['storage']->getContentObject($contenttypeslug);
$oldStatus = '';
}
// Add non successfull control values to request values
// http://www.w3.org/TR/html401/interact/forms.html#h-17.13.2
// Also do some corrections
$requestAll = $request->request->all();
foreach ($contenttype['fields'] as $key => $values) {
if (isset($requestAll[$key])) {
switch ($values['type']) {
case 'float':
// We allow ',' and '.' as decimal point and need '.' internally
$requestAll[$key] = str_replace(',', '.', $requestAll[$key]);
break;
}
} else {
switch ($values['type']) {
case 'select':
if (isset($values['multiple']) && $values['multiple'] === true) {
$requestAll[$key] = array();
}
break;
case 'checkbox':
$requestAll[$key] = 0;
break;
}
}
}
// To check whether the status is allowed, we act as if a status
// *transition* were requested.
$content->setFromPost($requestAll, $contenttype);
$newStatus = $content['status'];
// Don't try to spoof the $id.
if (!empty($content['id']) && $id != $content['id']) {
$app['session']->getFlashBag()->add('error', "Don't try to spoof the id!");
return Lib::redirect('dashboard');
}
// Save the record, and return to the overview screen, or to the record (if we clicked 'save and continue')
$statusOK = $app['users']->isContentStatusTransitionAllowed($oldStatus, $newStatus, $contenttype['slug'], $id);
if ($statusOK) {
// Get the associate record change comment
$comment = $request->request->get('changelog-comment');
// Save the record
$id = $app['storage']->saveContent($content, $comment);
// Log the change
if ($new) {
$app['session']->getFlashBag()->add('success', Trans::__('contenttypes.generic.saved-new', array('%contenttype%' => $contenttypeslug)));
$app['logger.system']->info('Created: ' . $content->getTitle(), array('event' => 'content'));
} else {
$app['session']->getFlashBag()->add('success', Trans::__('contenttypes.generic.saved-changes', array('%contenttype%' => $contenttype['slug'])));
$app['logger.system']->info('Saved: ' . $content->getTitle(), array('event' => 'content'));
}
/*
* We now only get a returnto parameter if we are saving a new
* record and staying on the same page, i.e. "Save {contenttype}"
*/
if ($app['request']->get('returnto')) {
$returnto = $app['request']->get('returnto');
if ($returnto === 'new') {
return Lib::redirect('editcontent', array('contenttypeslug' => $contenttype['slug'], 'id' => $id), '#' . $app['request']->get('returnto'));
} elseif ($returnto == 'saveandnew') {
return Lib::redirect('editcontent', array('contenttypeslug' => $contenttype['slug'], 'id' => 0), '#' . $app['request']->get('returnto'));
} elseif ($returnto === 'ajax') {
/*
* Flush any buffers from saveContent() dispatcher hooks
* and make sure our JSON output is clean.
*
* Currently occurs due to a 404 exception being generated
* in \Bolt\Storage::saveContent() dispatchers:
* $this->app['dispatcher']->dispatch(StorageEvents::PRE_SAVE, $event);
* $this->app['dispatcher']->dispatch(StorageEvents::POST_SAVE, $event);
*/
if (ob_get_length()) {
ob_end_clean();
}
// Get our record after POST_SAVE hooks are dealt with and return the JSON
$content = $app['storage']->getContent($contenttype['slug'], array('id' => $id, 'returnsingle' => true, 'status' => '!undefined'));
$val = array();
foreach ($content->values as $key => $value) {
// Some values are returned as \Twig_Markup and JSON can't deal with that
if (is_array($value)) {
foreach ($value as $subkey => $subvalue) {
if (gettype($subvalue) == 'object' && get_class($subvalue) == 'Twig_Markup') {
$val[$key][$subkey] = $subvalue->__toString();
}
}
} else {
$val[$key] = $value;
}
}
if (isset($val['datechanged'])) {
$val['datechanged'] = date_format(new \DateTime($val['datechanged']), 'c');
}
$lc = localeconv();
foreach ($contenttype['fields'] as $key => $values) {
switch ($values['type']) {
case 'float':
// Adjust decimal point dependent on locale
if ($lc['decimal_point'] === ',') {
$val[$key] = str_replace('.', ',', $val[$key]);
}
break;
}
}
// unset flashbag for ajax
$app['session']->getFlashBag()->clear('success');
return new JsonResponse($val);
}
}
// No returnto, so we go back to the 'overview' for this contenttype.
// check if a pager was set in the referrer - if yes go back there
$editreferrer = $app['request']->get('editreferrer');
if ($editreferrer) {
Lib::simpleredirect($editreferrer, true);
} else {
return Lib::redirect('overview', array('contenttypeslug' => $contenttype['slug']));
}
} else {
$app['session']->getFlashBag()->add('error', Trans::__('contenttypes.generic.error-saving', array('%contenttype%' => $contenttype['slug'])));
$app['logger.system']->error('Save error: ' . $content->getTitle(), array('event' => 'content'));
}
}
// We're doing a GET
if (!empty($id)) {
$content = $app['storage']->getContent($contenttype['slug'], array('id' => $id));
if (empty($content)) {
return $app->abort(Response::HTTP_NOT_FOUND, Trans::__('contenttypes.generic.not-existing', array('%contenttype%' => $contenttype['slug'])));
}
// Check if we're allowed to edit this content.
if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:edit:{$content['id']}")) {
$app['session']->getFlashBag()->add('error', Trans::__('You do not have the right privileges to edit that record.'));
return Lib::redirect('dashboard');
}
} else {
// Check if we're allowed to create content.
if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:create")) {
$app['session']->getFlashBag()->add('error', Trans::__('You do not have the right privileges to create a new record.'));
return Lib::redirect('dashboard');
}
$content = $app['storage']->getEmptyContent($contenttype['slug']);
}
$oldStatus = $content['status'];
$allStatuses = array('published', 'held', 'draft', 'timed');
$allowedStatuses = array();
foreach ($allStatuses as $status) {
if ($app['users']->isContentStatusTransitionAllowed($oldStatus, $status, $contenttype['slug'], $id)) {
$allowedStatuses[] = $status;
}
}
$duplicate = $app['request']->query->get('duplicate');
if (!empty($duplicate)) {
$content->setValue('id', '');
$content->setValue('slug', '');
$content->setValue('datecreated', '');
$content->setValue('datepublish', '');
$content->setValue('datedepublish', null);
$content->setValue('datechanged', '');
$content->setValue('username', '');
$content->setValue('ownerid', '');
// $content->setValue('templatefields', array());
$app['session']->getFlashBag()->add('info', Trans::__('contenttypes.generic.duplicated-finalize', array('%contenttype%' => $contenttype['slug'])));
}
// Set the users and the current owner of this content.
if (empty($id) || $duplicate) {
// For brand-new and duplicated items, the creator becomes the owner.
$contentowner = $app['users']->getCurrentUser();
} else {
// For existing items, we'll just keep the current owner.
$contentowner = $app['users']->getUser($content['ownerid']);
}
$filesystem = $app['filesystem']->getFilesystem();
// Test write access for uploadable fields
foreach ($contenttype['fields'] as $key => &$values) {
if (isset($values['upload'])) {
$values['canUpload'] = $filesystem->has($values['upload']) && $filesystem->getVisibility($values['upload']);
} else {
$values['canUpload'] = true;
}
}
if (!empty($content['templatefields']) && !empty($content['templatefields']->contenttype['fields'])) {
foreach ($content['templatefields']->contenttype['fields'] as $key => &$values) {
if (isset($values['upload'])) {
$values['canUpload'] = $filesystem->has($values['upload']) && $filesystem->getVisibility($values['upload']);
} else {
$values['canUpload'] = true;
}
}
}
// Determine which templates will result in templatefields
$templateFieldTemplates = array();
if ($templateFieldsConfig = $app['config']->get('theme/templatefields')) {
$templateFieldTemplates = array_keys($templateFieldsConfig);
// Special case for default template
$toRepair = array();
foreach ($contenttype['fields'] as $name => $field) {
if ($field['type'] == 'templateselect' && !empty($content->values[$name])) {
$toRepair[$name] = $content->values[$name];
$content->setValue($name, '');
}
}
if ($content->hasTemplateFields()) {
$templateFieldTemplates[] = '';
}
foreach ($toRepair as $name => $value) {
$content->setValue($name, $value);
}
}
// Info
$hasIncomingRelations = is_array($content->relation);
$hasRelations = isset($contenttype['relations']);
$hasTabs = $contenttype['groups'] !== false;
$hasTaxonomy = isset($contenttype['taxonomy']);
$hasTemplateFields = $content->hasTemplateFields();
// Generate tab groups
$groups = array();
$groupIds = array();
$addGroup = function ($group, $label) use(&$groups, &$groupIds) {
$nr = count($groups) + 1;
$id = rtrim('tab-' . Slugify::create()->slugify($group), '-');
if (isset($groupIds[$id]) || $id == 'tab') {
$id .= '-' . $nr;
}
$groups[$group] = array('label' => $label, 'id' => $id, 'is_active' => $nr === 1);
$groupIds[$id] = 1;
};
foreach ($contenttype['groups'] ? $contenttype['groups'] : array('ungrouped') as $group) {
if ($group === 'ungrouped') {
$addGroup($group, Trans::__('contenttypes.generic.group.ungrouped'));
} elseif ($group !== 'meta' && $group !== 'relations' && $group !== 'taxonomy') {
$default = array('DEFAULT' => ucfirst($group));
$key = array('contenttypes', $contenttype['slug'], 'group', $group);
$addGroup($group, Trans::__($key, $default));
}
}
if ($hasRelations || $hasIncomingRelations) {
$addGroup('relations', Trans::__('contenttypes.generic.group.relations'));
}
if ($hasTaxonomy || is_array($contenttype['groups']) && in_array('taxonomy', $contenttype['groups'])) {
$addGroup('taxonomy', Trans::__('contenttypes.generic.group.taxonomy'));
}
if ($hasTemplateFields || is_array($contenttype['groups']) && in_array('template', $contenttype['groups'])) {
$addGroup('template', Trans::__('Template'));
}
$addGroup('meta', Trans::__('contenttypes.generic.group.meta'));
// Render
$context = array('contenttype' => $contenttype, 'content' => $content, 'allowed_status' => $allowedStatuses, 'contentowner' => $contentowner, 'fields' => $app['config']->fields->fields(), 'fieldtemplates' => $templateFieldTemplates, 'can_upload' => $app['users']->isAllowed('files:uploads'), 'groups' => $groups, 'has' => array('incoming_relations' => $hasIncomingRelations, 'relations' => $hasRelations, 'tabs' => $hasTabs, 'taxonomy' => $hasTaxonomy, 'templatefields' => $hasTemplateFields));
return $app['render']->render('editcontent/editcontent.twig', array('context' => $context));
}
