public function action_delete($id = null, $key = null) { $this->_views['method_title'] = _i('Delete'); if ($id !== null && $key !== null) { if (!$this->getAuth()->hasAccess('maccess.user')) { $this->notices->set('warning', _i('You must log in to delete your account with this verification link.')); return new Response($this->builder->build()); } try { $this->getAuth()->deleteAccount($id, $key); $this->notices->set('success', _i('Your account has been deleted from the system.')); } catch (Auth\WrongKeyException $e) { $this->notices->set('warning', _i('It appears that you are accessing an invalid link or your activation key has expired.')); } return new Response($this->builder->build()); } else { if (!$this->getAuth()->hasAccess('maccess.user')) { return $this->redirect('admin/account/login'); } if ($this->getPost() && !$this->security->checkCsrfToken($this->getRequest())) { $this->notices->set('warning', _i('The security token wasn\'t found. Try resubmitting.')); } elseif ($this->getPost()) { $validator = new Validator(); $validator->add('password', _i('Password'), [new Assert\NotBlank()])->validate($this->getPost()); if (!$validator->getViolations()->count()) { $input = $validator->getFinalValues(); try { $account_deletion_key = $this->getAuth()->createAccountDeletionKey($input['password']); } catch (Auth\WrongPasswordException $e) { $this->notices->setFlash('error', _i('The password entered was incorrect.')); return $this->redirect('admin/account/delete'); } $user = $this->getAuth()->getUser(); $from = 'no-reply@' . (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'no-email-assigned'); $title = $this->preferences->get('foolframe.gen.website_title') . ' ' . _i('Account Deletion'); $this->builder->createLayout('email'); $this->builder->getProps()->setTitle([$title]); $this->builder->createPartial('body', 'account/email/delete_account')->getParamManager()->setParams(['title' => $title, 'site' => $this->preferences->get('foolframe.gen.website_title'), 'username' => $user->username, 'link' => $this->uri->create('admin/account/delete/' . $user->id . '/' . $account_deletion_key)]); $message = $this->mailer->create()->setFrom([$from => $this->preferences->get('foolframe.gen.website_title')])->setTo($user->email)->setSubject($title)->setBody($this->builder->build(), 'text/html'); if ($this->mailer->send($message) === 1) { $this->notices->setFlash('success', _i('An email has been sent to verify the deletion of your account. The verification link will only work for 15 minutes.')); } else { // the email driver was unable to send the email. the account will not be deleted. $this->notices->setFlash('error', _i('An error was encountered and the system was unable to send the verification email. Please try again later.')); $this->getContext()->getService('logger')->error('The system was unable to send a verification email to ' . $user->username . '. This user was attempting to delete their account.'); } return $this->redirect('admin/account/delete'); } else { $this->notices->set('error', $validator->getViolations()->getText()); } } $this->builder->createPartial('body', 'account/request_delete'); return new Response($this->builder->build()); } }
public function submit($data, $media) { // some beginners' validation, while through validation will happen in the Comment model $validator = new Validator(); $validator->add('thread_num', _i('Thread Number'), [new Assert\NotBlank()])->add('name', _i('Name'), [new Assert\Length(['max' => 64])])->add('email', _i('Email'), [new Assert\Length(['max' => 64])])->add('title', _i('Title'), [new Assert\Length(['max' => 64])])->add('delpass', _i('Deletion pass'), [new Assert\Length(['min' => 3, 'max' => 32])]); // no empty posts without images if ($media === null) { $validator->add('comment', _i('Comment'), [new Assert\NotBlank(), new Assert\Length(['min' => 3])]); } // this is for redirecting, not for the database $limit = false; if (isset($data['last_limit'])) { $limit = intval($data['last_limit']); unset($data['last_limit']); } $validator->validate($data); if (!$validator->getViolations()->count()) { try { $data['poster_ip'] = Inet::ptod($this->getRequest()->getClientIp()); $bulk = new CommentBulk(); $bulk->import($data, $this->radix); $comment = new CommentInsert($this->getContext(), $bulk); $comment->insert($media, $data); } catch (\Foolz\Foolfuuka\Model\CommentSendingRequestCaptchaException $e) { if ($this->getRequest()->isXmlHttpRequest()) { return $this->response->setData(['captcha' => true]); } else { return $this->error(_i('Your message looked like spam. Make sure you have JavaScript enabled to display the reCAPTCHA to submit the comment.')); } } catch (\Foolz\Foolfuuka\Model\CommentSendingException $e) { if ($this->getRequest()->isXmlHttpRequest()) { return $this->response->setData(['error' => $e->getMessage()]); } else { return $this->error($e->getMessage()); } } } else { if ($this->getRequest()->isXmlHttpRequest()) { return $this->response->setData(['error' => $validator->getViolations()->getText()]); } else { return $this->error($validator->getViolations()->getHtml()); } } if ($this->request->isXmlHttpRequest()) { $latest_doc_id = $this->getPost('latest_doc_id'); if ($latest_doc_id && ctype_digit((string) $latest_doc_id)) { try { $board = Board::forge($this->getContext())->getThread($comment->comment->thread_num)->setRadix($this->radix)->setOptions(['type' => 'from_doc_id', 'latest_doc_id' => $latest_doc_id]); $comments = $board->getComments(); } catch (\Foolz\Foolfuuka\Model\BoardThreadNotFoundException $e) { return $this->error(_i('Thread not found.')); } catch (\Foolz\Foolfuuka\Model\BoardException $e) { return $this->error(_i('Unknown error.')); } $comment_obj = new Comment($this->getContext()); $comment_obj->setControllerMethod($limit ? 'last/' . $limit : 'thread'); $media_obj = new Media($this->getContext()); $m = null; foreach ($board->getCommentsUnsorted() as $bulk) { $comment_obj->setBulk($bulk, $this->radix); if ($bulk->media) { $media_obj->setBulk($bulk, $this->radix); $m = $media_obj; } else { $m = null; } if ($this->builder) { $this->param_manager->setParam('controller_method', $limit ? 'last/' . $limit : 'thread'); $partial = $this->builder->createPartial('board_comment', 'board_comment'); $partial->getParamManager()->setParam('p', $comment_obj)->setParam('p_media', $m); $bulk->comment->formatted = $partial->build(); $partial->clearBuilt(); } } $this->response->setData(['success' => _i('Message sent.')] + $comments); } else { if ($this->builder) { $this->param_manager->setParam('controller_method', $limit ? 'last/' . $limit : 'thread'); $partial = $this->builder->createPartial('board_comment', 'board_comment'); $partial->getParamManager()->setParam('p', new Comment($this->getContext(), $comment->bulk))->setParam('p_media', new Media($this->getContext(), $comment->bulk)); $bulk->comment->formatted = $partial->build(); $partial->clearBuilt(); } $this->response->setData(['success' => _i('Message sent.'), 'thread_num' => $comment->comment->thread_num, $comment->comment->thread_num => ['posts' => [$comment->bulk]]]); } } else { $this->builder->createLayout('redirect')->getParamManager()->setParam('url', $this->uri->create([$this->radix->shortname, !$limit ? 'thread' : 'last/' . $limit, $comment->comment->thread_num]) . '#' . $comment->comment->num); $this->builder->getProps()->addTitle(_i('Redirecting')); $this->response->setContent($this->builder->build()); } return $this->response; }
public function action_create_admin() { // if an admin account exists, lock down this step and redirect to the next step instead /** @var Users $users */ $users = $this->getContext()->getService('users'); $check_users = $users->getAll(); if ($check_users['count'] > 0) { return new RedirectResponse($this->uri->create('install/modules')); } if ($this->getPost()) { $validator = new Validator(); $validator->add('username', _i('Username'), [new Trim(), new Assert\NotBlank(), new Assert\Length(['min' => 4, 'max' => 32])])->add('email', _i('Email'), [new Trim(), new Assert\NotBlank(), new Assert\Email()])->add('password', _i('Password'), [new Trim(), new Assert\NotBlank(), new Assert\Length(['min' => 4, 'max' => 64])])->add('confirm_password', _i('Confirm Password'), [new EqualsField(['field' => _i('Password'), 'value' => $this->getPost('password')])]); $validator->validate($this->getPost()); if (!$validator->getViolations()->count()) { $input = $validator->getFinalValues(); $auth = new Auth($this->getContext()); list($id, $activation_key) = $auth->createUser($input['username'], $input['password'], $input['email']); $auth->activateUser($id, $activation_key); $auth->authenticateWithId($id); $user = $auth->getUser(); $user->save(['group_id' => 100]); // leave the module installation later in case we must do something with users $this->install->install_modules(); return new RedirectResponse($this->uri->create('install/complete')); } else { $this->notices->set('warning', $validator->getViolations()->getText()); } } $this->process('create_admin'); $this->param_manager->setParam('method_title', _i('Admin Account')); $this->builder->createPartial('body', 'install/create_admin'); return new Response($this->builder->build()); }