/**
  * Generates a page for the first step of password recovery process.
  *
  * @param Request $request
  * @return string Rendered page content
  */
 public function indexAction(Request $request)
 {
     if ($this->getOperator()) {
         // If the operator is logged in just redirect him to the home page.
         return $this->redirect($request->getUriForPath('/operator'));
     }
     $page = array('version' => MIBEW_VERSION, 'title' => getlocal('Trouble Accessing Your Account?'), 'headertitle' => getlocal('Mibew Messenger'), 'show_small_login' => true, 'fixedwrap' => true, 'errors' => array());
     $login_or_email = '';
     if ($request->isMethod('POST')) {
         // When HTTP GET method is used the form is just rendered but the
         // user does not pass any data. Thus we need to prevent CSRF attacks
         // only for POST requests
         csrf_check_token($request);
     }
     if ($request->isMethod('POST') && $request->request->has('loginoremail')) {
         $login_or_email = $request->request->get('loginoremail');
         $to_restore = MailUtils::isValidAddress($login_or_email) ? operator_by_email($login_or_email) : operator_by_login($login_or_email);
         if (!$to_restore) {
             $page['errors'][] = getlocal('No such Operator');
         }
         $email = $to_restore['vcemail'];
         if (count($page['errors']) == 0 && !MailUtils::isValidAddress($email)) {
             $page['errors'][] = "Operator hasn't set his e-mail";
         }
         if (count($page['errors']) == 0) {
             $token = sha1($to_restore['vclogin'] . (function_exists('openssl_random_pseudo_bytes') ? openssl_random_pseudo_bytes(32) : time() + microtime() . mt_rand(0, 99999999)));
             // Update the operator
             $to_restore['dtmrestore'] = time();
             $to_restore['vcrestoretoken'] = $token;
             update_operator($to_restore);
             $href = $this->getRouter()->generate('password_recovery_reset', array('id' => $to_restore['operatorid'], 'token' => $token), UrlGeneratorInterface::ABSOLUTE_URL);
             // Load mail templates and substitute placeholders there.
             $mail_template = MailTemplate::loadByName('password_recovery', get_current_locale());
             if (!$mail_template) {
                 throw new \RuntimeException('Cannot load "password_recovery" mail template');
             }
             $this->sendMail(MailUtils::buildMessage($email, $email, $mail_template->buildSubject(), $mail_template->buildBody(array(get_operator_name($to_restore), $href))));
             $page['isdone'] = true;
             return $this->render('password_recovery', $page);
         }
     }
     $page['formloginoremail'] = $login_or_email;
     $page['localeLinks'] = get_locale_links();
     $page['isdone'] = false;
     return $this->render('password_recovery', $page);
 }
Beispiel #2
0
/**
 * Imports all locale's content (messages, mail templates, configs) to database.
 *
 * This function does not create the locale in database so you have to create it
 * by yourself.
 *
 * @param string $locale Code of the locale to import.
 */
function import_locale_content($locale)
{
    $config = (read_locale_config(MIBEW_FS_ROOT . '/locales/' . $locale . '/config.yml') ?: array()) + array('name' => $locale, 'rtl' => false, 'time_locale' => 'en_US', 'date_format' => array('full' => '%B %d, %Y %I:%M %p', 'date' => '%B %d, %Y', 'time' => '%I:%M %p'));
    Database::getInstance()->query('UPDATE {locale} SET ' . 'name = :name, rtl = :rtl, time_locale = :time_locale,' . 'date_format = :date_format ' . 'WHERE code = :code', array(':code' => $locale, ':name' => $config['name'], ':rtl' => $config['rtl'] ? 1 : 0, ':time_locale' => $config['time_locale'], ':date_format' => serialize($config['date_format'])));
    // Import localized messages to the just created locale
    import_messages($locale, MIBEW_FS_ROOT . '/locales/' . $locale . '/translation.po', true);
    // Import canned messages for the locale if they exist in the locale's
    // files.
    $canned_messages_file = MIBEW_FS_ROOT . '/locales/' . $locale . '/canned_messages.yml';
    if (is_readable($canned_messages_file)) {
        import_canned_messages($locale, $canned_messages_file);
    }
    // Import mail templates for the locale if they exist in the locale's
    // files.
    $mail_templates_file = MIBEW_FS_ROOT . '/locales/' . $locale . '/mail_templates.yml';
    if (is_readable($mail_templates_file)) {
        MailUtils::importTemplates($locale, $mail_templates_file);
    }
}
Beispiel #3
0
 /**
  * Process submitting of the mail form.
  *
  * @param Request $request Incoming request.
  * @return string Rendered page content.
  * @throws NotFoundException If the thread with specified ID and token is
  * not found.
  */
 public function submitFormAction(Request $request)
 {
     $errors = array();
     $thread_id = $request->attributes->get('thread_id');
     $token = $request->attributes->get('token');
     // Try to load the thread
     $thread = Thread::load($thread_id, $token);
     if (!$thread) {
         throw new NotFoundException('The thread is not found.');
     }
     $email = $request->request->get('email');
     $group = $thread->groupId ? group_by_id($thread->groupId) : null;
     if (!$email) {
         $errors[] = no_field('Your email');
     } elseif (!MailUtils::isValidAddress($email)) {
         $errors[] = wrong_field('Your email');
     }
     if (count($errors) > 0) {
         $request->attributes->set('errors', $errors);
         // Render the mail form again
         return $this->showFormAction($request);
     }
     $history = '';
     $last_id = -1;
     $messages = $thread->getMessages(true, $last_id);
     foreach ($messages as $msg) {
         $history .= message_to_text($msg);
     }
     // Load mail templates and substitute placeholders there.
     $mail_template = MailTemplate::loadByName('user_history', get_current_locale());
     if ($mail_template) {
         $this->sendMail(MailUtils::buildMessage($email, MIBEW_MAILBOX, $mail_template->buildSubject(), $mail_template->buildBody(array($thread->userName, $history, Settings::get('title'), Settings::get('hosturl')))));
     } else {
         trigger_error('Cannot send e-mail because "user_history" mail template cannot be loaded.', E_USER_WARNING);
     }
     $page = setup_logo($group);
     $page['email'] = $email;
     return $this->render('mailsent', $page);
 }
    /**
     * Process submitted leave message form.
     *
     * Send message to operator email and create special meil thread.
     * @param array $args Associative array of arguments. It must contains the
     *   following keys:
     *    - 'threadId': for this function this param equals to null;
     *    - 'token': for this function this param equals to null;
     *    - 'name': string, user name;
     *    - 'email': string, user email;
     *    - 'message': string, user message;
     *    - 'info': string, some info about user;
     *    - 'referrer': string, page user came from;
     *    - 'captcha': string, captcha value;
     *    - 'groupId': selected group id.
     *
     * @throws \Mibew\RequestProcessor\ThreadProcessorException Can throw an
     *   exception if captcha or email is wrong.
     */
    protected function apiProcessLeaveMessage($args)
    {
        // Check captcha
        if (Settings::get('enablecaptcha') == '1' && can_show_captcha()) {
            $captcha = $args['captcha'];
            $original = isset($_SESSION[SESSION_PREFIX . 'mibew_captcha'])
                ? $_SESSION[SESSION_PREFIX . 'mibew_captcha']
                : '';
            unset($_SESSION[SESSION_PREFIX . 'mibew_captcha']);
            if (empty($original) || empty($captcha) || $captcha != $original) {
                throw new ThreadProcessorException(
                    getlocal('The letters you typed don\'t match the letters that were shown in the picture.'),
                    ThreadProcessorException::ERROR_WRONG_CAPTCHA
                );
            }
        }

        // Get form fields
        $email = $args['email'];
        $name = $args['name'];
        $message = $args['message'];
        $info = $args['info'];
        $referrer = $args['referrer'];

        if (!MailUtils::isValidAddress($email)) {
            throw new ThreadProcessorException(
                wrong_field("Your email"),
                ThreadProcessorException::ERROR_WRONG_EMAIL
            );
        }

        // Verify group id
        $group_id = '';
        if (Settings::get('enablegroups') == '1') {
            if (preg_match("/^\d{1,8}$/", $args['groupId']) != 0) {
                $group = group_by_id($args['groupId']);
                if ($group) {
                    $group_id = $args['groupId'];
                }
            }
        }

        // Create thread for left message
        $remote_host = get_remote_host();
        $user_browser = $_SERVER['HTTP_USER_AGENT'];
        $visitor = visitor_from_request();

        // Get message locale
        $message_locale = Settings::get('left_messages_locale');
        if (!locale_is_available($message_locale)) {
            $message_locale = get_home_locale();
        }

        // Create thread
        $thread = new Thread();
        $thread->groupId = $group_id;
        $thread->userName = $name;
        $thread->remote = $remote_host;
        $thread->referer = $referrer;
        $thread->locale = get_current_locale();
        $thread->userId = $visitor['id'];
        $thread->userAgent = $user_browser;
        $thread->state = Thread::STATE_LEFT;
        $thread->closed = time();
        $thread->save();

        // Send some messages
        if ($referrer) {
            $thread->postMessage(
                Thread::KIND_FOR_AGENT,
                getlocal('Vistor came from page {0}', array($referrer), get_current_locale(), true)
            );
        }
        if ($email) {
            $thread->postMessage(
                Thread::KIND_FOR_AGENT,
                getlocal('E-Mail: {0}', array($email), get_current_locale(), true)
            );
        }
        if ($info) {
            $thread->postMessage(
                Thread::KIND_FOR_AGENT,
                getlocal('Info: {0}', array($info), get_current_locale(), true)
            );
        }
        $thread->postMessage(Thread::KIND_USER, $message, array('name' => $name));

        // Get email for message
        $inbox_mail = get_group_email($group_id);

        if (empty($inbox_mail)) {
            $inbox_mail = Settings::get('email');
        }

        // Send email
        if ($inbox_mail) {
            // Prepare message to send by email
            $mail_template = MailTemplate::loadByName('leave_message', $message_locale);
            if (!$mail_template) {
                trigger_error(
                    'Cannot send e-mail because "leave_message" mail template cannot be loaded.',
                    E_USER_WARNING
                );

                return;
            }

            $subject = $mail_template->buildSubject(array($args['name']));
            $body = $mail_template->buildBody(array(
                $args['name'],
                $email,
                $message,
                ($info ? $info . "\n" : ""),
            ));

            // Send
            $this->getMailerFactory()->getMailer()->send(
                MailUtils::buildMessage($inbox_mail, $email, $subject, $body)
            );
        }
    }
 /**
  * Processes submitting of the form which is generated in
  * {@link \Mibew\Controller\Settings\CommonController::showFormAction()}
  * method.
  *
  * @param Request $request Incoming request.
  * @return string Rendered page content.
  * @throws BadRequestException If one or more parameters of the request have
  *   wrong format.
  */
 public function submitFormAction(Request $request)
 {
     csrf_check_token($request);
     $errors = array();
     $params = array();
     $params['email'] = $request->request->get('email');
     $params['title'] = $request->request->get('title');
     $params['logo'] = $request->request->get('logo');
     $params['hosturl'] = $request->request->get('hosturl');
     $params['usernamepattern'] = $request->request->get('usernamepattern');
     $params['chattitle'] = $request->request->get('chattitle');
     $params['geolink'] = $request->request->get('geolink');
     $params['geolinkparams'] = $request->request->get('geolinkparams');
     $params['cron_key'] = $request->request->get('cronkey');
     $send_key = $request->request->get('sendmessagekey');
     if (!preg_match("/^c?enter\$/", $send_key)) {
         throw new BadRequestException('Wrong format of "sendmessagekey" field.');
     }
     $params['sendmessagekey'] = $send_key;
     $params['left_messages_locale'] = $request->request->get('leftmessageslocale');
     if (!in_array($params['left_messages_locale'], get_available_locales())) {
         $params['left_messages_locale'] = get_home_locale();
     }
     if ($params['email'] && !MailUtils::isValidAddress($params['email'])) {
         $errors[] = getlocal('Enter a valid email address');
     }
     if ($params['geolinkparams']) {
         foreach (explode(',', $params['geolinkparams']) as $one_param) {
             $wrong_param = !preg_match("/^\\s*(toolbar|scrollbars|location|status|menubar|width|height|resizable)=\\d{1,4}\$/", $one_param);
             if ($wrong_param) {
                 $errors[] = "Wrong link parameter: \"{$one_param}\", " . "should be one of 'toolbar, scrollbars, location, " . "status, menubar, width, height or resizable'";
             }
         }
     }
     if (preg_match("/^[0-9A-Za-z]*\$/", $params['cron_key']) == 0) {
         $errors[] = getlocal('Use only Latin letters(upper and lower case) and numbers in cron key.');
     }
     // Load styles configs
     $chat_style = $request->request->get('chat_style', ChatStyle::getDefaultStyle());
     $chat_style_list = ChatStyle::getAvailableStyles();
     if (!in_array($chat_style, $chat_style_list)) {
         $chat_style = $chat_style_list[0];
     }
     $page_style = $request->request->get('page_style', PageStyle::getDefaultStyle());
     $page_style_list = PageStyle::getAvailableStyles();
     if (!in_array($page_style, $page_style_list)) {
         $page_style = $page_style_list[0];
     }
     if (Settings::get('enabletracking')) {
         $invitation_style = $request->request->get('invitation_style', InvitationStyle::getDefaultStyle());
         $invitation_style_list = InvitationStyle::getAvailableStyles();
         if (!in_array($invitation_style, $invitation_style_list)) {
             $invitation_style = $invitation_style_list[0];
         }
     }
     if (count($errors) != 0) {
         $request->attributes->set('errors', $errors);
         // The form should be rebuild. Invoke appropriate action.
         return $this->showFormAction($request);
     }
     // Update system settings
     foreach ($params as $key => $value) {
         Settings::set($key, $value);
     }
     // Update styles params
     ChatStyle::setDefaultStyle($chat_style);
     PageStyle::setDefaultStyle($page_style);
     if (Settings::get('enabletracking')) {
         InvitationStyle::setDefaultStyle($invitation_style);
     }
     // Redirect the user to the same page using GET method
     $redirect_to = $this->generateUrl('settings_common', array('stored' => true));
     return $this->redirect($redirect_to);
 }
 /**
  * Processes submitting of the form which is generated in
  * {@link \Mibew\Controller\GroupController::showEditFormAction()} method.
  *
  * @param Request $request incoming request.
  * @return string Rendered page content.
  */
 public function submitFormAction(Request $request)
 {
     csrf_check_token($request);
     $errors = array();
     $group_id = $request->attributes->get('group_id', false);
     $parent_group = $request->request->get('parentgroup');
     if (!$parent_group || !preg_match("/^\\d{1,10}\$/", $parent_group)) {
         $parent_group = null;
     }
     $name = $request->request->get('name');
     $description = $request->request->get('description');
     $common_name = $request->request->get('commonname');
     $common_description = $request->request->get('commondescription');
     $email = $request->request->get('email');
     $weight = $request->request->get('weight');
     $title = $request->request->get('title');
     $chat_title = $request->request->get('chattitle');
     $host_url = $request->request->get('hosturl');
     $logo = $request->request->get('logo');
     if (!$name) {
         $errors[] = no_field("Name");
     }
     if ($email != '' && !MailUtils::isValidAddress($email)) {
         $errors[] = wrong_field("E-mail");
     }
     if (!preg_match("/^(\\d{1,10})?\$/", $weight)) {
         $errors[] = wrong_field("Weight");
     }
     if (!$weight) {
         $weight = 0;
     }
     $existing_group = group_by_name($name);
     $duplicate_name = !$group_id && $existing_group || $group_id && $existing_group && $group_id != $existing_group['groupid'];
     if ($duplicate_name) {
         $errors[] = getlocal("Please choose another name because a group with that name already exists.");
     }
     if (count($errors) != 0) {
         $request->attributes->set('errors', $errors);
         // The form should be rebuild. Invoke appropriate action.
         return $this->showFormAction($request);
     }
     if (!$group_id) {
         // Greate new group
         $new_dep = create_group(array('vclocalname' => $name, 'vclocaldescription' => $description, 'vccommonname' => $common_name, 'vccommondescription' => $common_description, 'vcemail' => $email, 'iweight' => $weight, 'parent' => $parent_group, 'vctitle' => $title, 'vcchattitle' => $chat_title, 'vchosturl' => $host_url, 'vclogo' => $logo));
         // Redirect an operator to group's member page.
         $redirect_to = $this->generateUrl('group_members', array('group_id' => (int) $new_dep['groupid']));
     } else {
         // Update exisitng group
         update_group(array('groupid' => $group_id, 'vclocalname' => $name, 'vclocaldescription' => $description, 'vccommonname' => $common_name, 'vccommondescription' => $common_description, 'vcemail' => $email, 'iweight' => $weight, 'parent' => $parent_group, 'vctitle' => $title, 'vcchattitle' => $chat_title, 'vchosturl' => $host_url, 'vclogo' => $logo));
         // Redirect an operator to group's page.
         $redirect_to = $this->generateUrl('group_edit', array('group_id' => $group_id));
     }
     return $this->redirect($redirect_to);
 }
Beispiel #7
0
/**
 * Enables specified locale.
 *
 * @param string $locale Locale code according to RFC 5646.
 * @todo Rewrite the function and move somewhere locale creation and its import.
 */
function enable_locale($locale)
{
    $db = Database::getInstance();

    // Check if the locale exists in the database
    list($count) = $db->query(
        "SELECT COUNT(*) FROM {locale} WHERE code = :code",
        array(':code' => $locale),
        array(
            'return_rows' => Database::RETURN_ONE_ROW,
            'fetch_type' => Database::FETCH_NUM,
        )
    );

    if ($count == 0) {
        // The locale does not exist in the database. Create it.
        $db->query(
            "INSERT INTO {locale} (code, enabled) VALUES (:code, :enabled)",
            array(
                ':code' => $locale,
                ':enabled' => 1,
            )
        );

        // Import localized messages to the just created locale
        import_messages(
            $locale,
            MIBEW_FS_ROOT . '/locales/' . $locale . '/translation.po',
            true
        );

        // Import canned messages for the locale if they exist in the locale's
        // files.
        $canned_messages_file = MIBEW_FS_ROOT . '/locales/' . $locale . '/canned_messages.yml';
        if (is_readable($canned_messages_file)) {
            import_canned_messages($locale, $canned_messages_file);
        }

        // Import mail templates for the locale if they exist in the locale's
        // files.
        $mail_templates_file = MIBEW_FS_ROOT . '/locales/' . $locale . '/mail_templates.yml';
        if (is_readable($mail_templates_file)) {
            MailUtils::importTemplates($locale, $mail_templates_file);
        }
    } else {
        // The locale exists in the database. Update it.
        $db->query(
            "UPDATE {locale} SET enabled = :enabled WHERE code = :code",
            array(
                ':enabled' => 1,
                ':code' => $locale,
            )
        );
    }
}
 /**
  * Processes submitting of the form which is generated in
  * {@link \Mibew\Controller\OperatorController::showEditFormAction()} method.
  *
  * @param Request $request Incoming request.
  * @return string Rendered page content.
  */
 public function submitFormAction(Request $request)
 {
     csrf_check_token($request);
     $errors = array();
     $operator = $this->getOperator();
     $op_id = $request->attributes->getInt('operator_id');
     $login = $request->request->get('login');
     $email = $request->request->get('email');
     $password = $request->request->get('password');
     $password_confirm = $request->request->get('passwordConfirm');
     $local_name = $request->request->get('name');
     $common_name = $request->request->get('commonname');
     $code = $request->request->get('code');
     if (!$local_name) {
         $errors[] = no_field('Name');
     }
     if (!$common_name) {
         $errors[] = no_field('International name (Latin)');
     }
     // The login is needed only for new operators. If login is changed for
     // existing operator the stored password hash becomes invalid.
     if (!$op_id) {
         if (!$login) {
             $errors[] = no_field('Login');
         } elseif (!preg_match("/^[\\w_\\.]+\$/", $login)) {
             $errors[] = getlocal('Login should contain only latin characters, numbers and underscore symbol.');
         }
     }
     if (!$email || !MailUtils::isValidAddress($email)) {
         $errors[] = wrong_field('E-mail');
     }
     if ($code && !preg_match("/^[A-Za-z0-9_]+\$/", $code)) {
         $errors[] = getlocal('Code should contain only latin characters, numbers and underscore symbol.');
     }
     if (!$op_id && !$password) {
         $errors[] = no_field('Password');
     }
     if ($password != $password_confirm) {
         $errors[] = getlocal('Entered passwords do not match');
     }
     $existing_operator = operator_by_login($login);
     $duplicate_login = !$op_id && $existing_operator || $op_id && $existing_operator && $op_id != $existing_operator['operatorid'];
     if ($duplicate_login) {
         $errors[] = getlocal('Please choose another login because an operator with that login is already registered in the system.');
     }
     // Check if operator with specified email already exists in the database.
     $existing_operator = operator_by_email($email);
     $duplicate_email = !$op_id && $existing_operator || $op_id && $existing_operator && $op_id != $existing_operator['operatorid'];
     if ($duplicate_email) {
         $errors[] = getlocal('Please choose another email because an operator with that email is already registered in the system.');
     }
     if (count($errors) != 0) {
         $request->attributes->set('errors', $errors);
         // The form should be rebuild. Invoke appropriate action.
         return $this->showFormAction($request);
     }
     if (!$op_id) {
         // Create new operator and redirect the current operator to avatar
         // page.
         $new_operator = create_operator($login, $email, $password, $local_name, $common_name, '', $code);
         $redirect_to = $this->generateUrl('operator_avatar', array('operator_id' => $new_operator['operatorid']));
         return $this->redirect($redirect_to);
     }
     // Mix old operator's fields with updated values
     $target_operator = array('vcemail' => $email, 'vclocalename' => $local_name, 'vccommonname' => $common_name, 'code' => $code) + operator_by_id($op_id);
     // Set the password only if it's not an empty string.
     if ($password !== '') {
         $target_operator['vcpassword'] = calculate_password_hash($target_operator['vclogin'], $password);
     }
     // Update operator's fields in the database.
     update_operator($target_operator);
     // Operator's data are cached in the authentication manager, thus we need
     // to manually update them.
     if ($target_operator['operatorid'] == $operator['operatorid']) {
         // Check if the admin has set his password for the first time.
         $to_dashboard = check_password_hash($operator['vclogin'], '', $operator['vcpassword']) && $password != '';
         // Update operator's fields.
         $this->getAuthenticationManager()->setOperator($target_operator);
         // Redirect the admin to the home page if needed.
         if ($to_dashboard) {
             return $this->redirect($this->generateUrl('home_operator'));
         }
     }
     // Redirect the operator to edit page again to use GET method instead of
     // POST.
     $redirect_to = $this->generateUrl('operator_edit', array('operator_id' => $op_id, 'stored' => true));
     return $this->redirect($redirect_to);
 }
Beispiel #9
0
    /**
     * Import locales content, namely translations, canned messages and mail
     * templates.
     *
     * When the content will be imported the locale will be marked as enabled.
     * @return boolean True if all content was imported successfully and false
     *   otherwise.
     */
    protected function importLocalesContent()
    {
        if (!($db = $this->getDatabase())) {
            return false;
        }

        try {
            $locales = $db->query(
                'SELECT * FROM {locale} WHERE enabled = :enabled',
                array(':enabled' => 0),
                array('return_rows' => Database::RETURN_ALL_ROWS)
            );

            foreach ($locales as $locale_info) {
                $locale = $locale_info['code'];

                // Import localized messages
                import_messages(
                    $locale,
                    MIBEW_FS_ROOT . '/locales/' . $locale . '/translation.po',
                    true
                );

                // Import canned messages
                $canned_messages_file = MIBEW_FS_ROOT . '/locales/' . $locale
                    . '/canned_messages.yml';
                if (is_readable($canned_messages_file)) {
                    import_canned_messages($locale, $canned_messages_file);
                }

                // Import mail templates
                $mail_templates_file = MIBEW_FS_ROOT . '/locales/' . $locale
                    . '/mail_templates.yml';
                if (is_readable($mail_templates_file)) {
                    MailUtils::importTemplates($locale, $mail_templates_file);
                }

                // Mark the locale as "enabled" to indicate that all its content
                // is imported.
                $db->query(
                    'UPDATE {locale} SET enabled = :enabled WHERE code = :locale',
                    array(
                        ':locale' => $locale,
                        ':enabled' => 1,
                    )
                );
            }
        } catch (\Exception $e) {
            $this->errors[] = getlocal(
                'Cannot import locales content. Error: {0}',
                array($e->getMessage())
            );

            return false;
        }

        return true;
    }