public function execute(){ require_once(ROOT_PDIR . 'core/libs/core/Core.class.php'); require_once(ROOT_PDIR . 'core/libs/core/ComponentHandler.class.php'); require_once(ROOT_PDIR . 'core/helpers/UpdaterHelper.class.php'); // Is the system not installed yet? //if(!\Core\DB()->tableExists(DB_PREFIX . 'component')){ try{ \Core::LoadComponents(); //\ThemeHandler::GetTheme('default')->install(); \ThemeHandler::GetTheme('base-v3')->install(); unset($_SESSION['passes']); // Yup, that's it! // The core system handles all installs automatically. \core\redirect(ROOT_WDIR); } catch(\Exception $e){ $this->getTemplate()->assign('errors', $e->getMessage()); $this->getTemplate()->assign('component', 'Core Plus'); } }
public static function Catch404Hook(View $view){ $request = PageRequest::GetSystemRequest(); // All the exact matches, in the order of precedence. $exactmatches = []; // The first search I want do is for the full URL exactly as submitted. // This is because the user can submit URLs with GET parameters attached to them. // It needs to act in a google-esque manner, where if the user requested x=1&y=2... then give them x=1 and y=2! $exactmatches[] = '/' . substr($request->uri, strlen(ROOT_WDIR)); // This one is the resolved URL, without any GET parameters. It's still a very common and very specific rewrite choice. $exactmatches[] = $request->uriresolved; // Now, look for them! foreach($exactmatches as $incomingurl){ // Look for it! $maps = RewriteMapModel::Find(array('rewriteurl' => $incomingurl)); // Did I get one did I get one did I get one? if(sizeof($maps)){ // Grab the first one, that'll be the latest, (should multiple exist.... somehow :/ ) $match = $maps[0]->get('baseurl'); // Resolve that to the new rewriteurl and redirect! $newpage = PageModel::Construct($match); \core\redirect($newpage->get('rewriteurl'), 301); } } // Else, no match was found... maybe it's a fuzzy page! // Since this page will have no longer existed, I can't just use the builtin logic :( $fuzzy = $request->uriresolved; do{ $fuzzy = substr($fuzzy, 0, strrpos($fuzzy, '/')); $fuzzymaps = RewriteMapModel::Find(array('rewriteurl' => $fuzzy, 'fuzzy' => '1')); if(sizeof($fuzzymaps)){ // Yay! // Don't forget to throw on the rest of the url. $match = $fuzzymaps[0]->get('baseurl'); $newpage = PageModel::Construct($match); $url = $newpage->get('rewriteurl'); if($newpage->get('fuzzy')){ // Only if the new page is fuzzy too. $url .= substr($incomingurl, strlen($fuzzy)); } \core\redirect($url, 301); } } while($fuzzy); // Sigh, guess this page didn't make the cut. // There is no return necessary, this hook will simply silently continue to the next. }
public function delete() { $view = $this->getView(); $req = $this->getPageRequest(); $mid = $req->getParameter(0); $m = new NavigationModel($mid); if (!$req->isPost()) { return View::ERROR_BADREQUEST; } if (!$m->exists()) { return View::ERROR_NOTFOUND; } $m->delete(); \core\redirect('/navigation'); }
public function keys_delete() { $view = $this->getView(); $req = $this->getPageRequest(); // This is a post-only page! if(!$req->isPost()){ $view->error = View::ERROR_BADREQUEST; return; } $key = $req->getParameter(0); if(!$key){ $view->error = View::ERROR_BADREQUEST; return; } $key = strtoupper(preg_replace('/[^a-zA-Z0-9]*/', '', $key)); exec('gpg --homedir "' . GPG_HOMEDIR . '" --no-permission-warning --batch --yes --delete-key "' . $key . '"', $output, $result); if($result != 0){ \Core\set_message('Unable to remove key ' . $key, 'error'); } \core\redirect('/updater/keys'); }
public function images_delete() { $view = $this->getView(); $request = $this->getPageRequest(); if (!$request->isPost()) { return View::ERROR_BADREQUEST; } $albumid = $request->getParameter(0); $album = new GalleryAlbumModel($albumid); $image = new GalleryImageModel($request->getParameter('image')); if (!$albumid) { return View::ERROR_BADREQUEST; } if (!$album->exists()) { return View::ERROR_NOTFOUND; } if (!$image->exists()) { return View::ERROR_NOTFOUND; } if ($image->get('albumid') != $album->get('id')) { return View::ERROR_BADREQUEST; } $image->delete(); Core::SetMessage('Removed image successfully', 'success'); \core\redirect($album->get('rewriteurl')); }
public function delete(){ $view = $this->getView(); $req = $this->getPageRequest(); $id = $req->getParameter(0); $model = new UserGroupModel($id); if(!$req->isPost()){ return View::ERROR_BADREQUEST; } if(Core::IsComponentAvailable('multisite') && MultiSiteHelper::IsEnabled()){ $where['site'] = MultiSiteHelper::GetCurrentSiteID(); } $model->delete(); \Core\set_message('Removed group successfully', 'success'); \core\redirect('/usergroupadmin'); }
private function _forgotPassword2(){ $view = $this->getView(); $request = $this->getPageRequest(); $genericauth = new \Core\User\AuthDrivers\datastore(); // Create a simple form to render. This is better than doing it in the template. $form = new Form(); $form->set('method', 'POST'); $form->addElement('password', ['name' => 'p1', 'title' => 'Password', 'required' => true]); $form->addElement('password', ['name' => 'p2', 'title' => 'Confirm', 'required' => true]); $form->addElement('submit', ['name' => 'submit', 'value' => 'Set New Password']); $view->title = 'Forgot Password'; $view->assign('step', 2); $view->assign('form', $form); $view->assign('requirements', $genericauth->getPasswordComplexityAsHTML()); $n = $request->getParameter(0); /** @var $nonce NonceModel */ $nonce = NonceModel::Construct($n); if(!$nonce->isValid()){ SystemLogModel::LogSecurityEvent('/user/forgotpassword/confirm', 'Failed Forgot Password. Invalid nonce requested: [' . $n . ']'); \Core\set_message('t:MESSAGE_ERROR_USER_LOGIN_EMAIL_NOT_FOUND'); \core\redirect('/'); return; } $nonce->decryptData(); $data = $nonce->get('data'); /** @var UserModel $u */ $u = UserModel::Construct($data['user']); if(!$u){ SystemLogModel::LogSecurityEvent('/user/forgotpassword/confirm', 'Failed Forgot Password. Invalid user account requested: [' . $data['user'] . ']'); \Core\set_message('t:MESSAGE_ERROR_USER_LOGIN_EMAIL_NOT_FOUND'); \core\redirect('/'); return; } if($request->isPost()){ // Validate the password. if($_POST['p1'] != $_POST['p2']){ \Core\set_message('t:MESSAGE_ERROR_USER_REGISTER_PASSWORD_MISMATCH'); return; } // Else, try to set it... the user model will complain if it's invalid. try{ $u->enableAuthDriver('datastore'); /** @var \Core\User\AuthDrivers\datastore $auth */ $auth = $u->getAuthDriver('datastore'); $auth->setPassword($_POST['p1']); $u->save(); // NOW I can invalidate that nonce! $nonce->markUsed(); SystemLogModel::LogSecurityEvent('/user/forgotpassword/confirm', 'Reset password successfully!', null, $u->get('id')); \Core\set_message('Reset password successfully', 'success'); if($u->get('active')){ \Core\Session::SetUser($u); } \core\redirect('/'); } catch(ModelValidationException $e){ SystemLogModel::LogSecurityEvent('/user/forgotpassword/confirm', 'Failed Forgot Password. ' . $e->getMessage(), null, $u->get('id')); \Core\set_message($e->getMessage(), 'error'); return; } catch(Exception $e){ SystemLogModel::LogSecurityEvent('/user/forgotpassword/confirm', 'Failed Forgot Password. ' . $e->getMessage(), null, $u->get('id')); \Core\set_message((DEVELOPMENT_MODE ? $e->getMessage() : 'An unknown error occured'), 'error'); return; } } }
/** * Helper function for the setdefault method. * @param $message */ private function _sendError($message) { $request = $this->getPageRequest(); $view = $this->getView(); if ($request->prefersContentType(View::CTYPE_JSON)) { $view->jsondata = array('message' => $message, 'status' => 0); } else { \Core\set_message($message, 'error'); \core\redirect('/theme'); } }
/** * Function that is fired off on page load. * This checks if a form was submitted and that form was present in the SESSION. * * @return null */ public static function CheckSavedSessionData() { // This needs to ignore the /form/savetemporary.ajax page! // This is a custom page that's meant to intercept all POST submissions. if(preg_match('#^/form/(.*)\.ajax$#', REL_REQUEST_PATH)) return; // There has to be data in the session. $forms = \Core\Session::Get('FormData/*'); $formid = (isset($_REQUEST['___formid'])) ? $_REQUEST['___formid'] : false; $form = false; foreach ($forms as $k => $v) { // If the object isn't a valid object after unserializing... if (!($el = unserialize($v))) { \Core\Session::UnsetKey('FormData/' . $k); continue; } // Check the expires time if ($el->get('expires') <= Time::GetCurrent()) { \Core\Session::UnsetKey('FormData/' . $k); continue; } if ($k == $formid) { // Remember this for after all the checks have finished. $form = $el; } } // No form found... simple enough if (!$form) return; // Otherwise /** @var $form Form */ // Ensure the submission types match up. if (strtoupper($form->get('method')) != $_SERVER['REQUEST_METHOD']) { \Core\set_message('t:MESSAGE_ERROR_FORM_SUBMISSION_TYPE_DOES_NOT_MATCH'); return; } // Ensure the REFERRER and original URL match up. if($_SERVER['HTTP_REFERER'] != $form->originalurl){ // @todo This is reported to be causing issues with production sites. // If found true, this check may need to be removed / refactored. //\Core\set_message('Form submission referrer does not match, please try your submission again.', 'error'); SystemLogModel::LogInfoEvent( 'Form Referrer Mismatch', 'Form referrer does not match! Submitted: [' . $_SERVER['HTTP_REFERER'] . '] Expected: [' . $form->originalurl . ']' ); //return; } // Run though each element submitted and try to validate it. if (strtoupper($form->get('method')) == 'POST') $src =& $_POST; else $src =& $_GET; $form->loadFrom($src); // Try to load the form from that form. That will call all of the model's validation logic // and will throw exceptions if it doesn't. try{ $form->getModel(); // Still good? if (!$form->hasError()){ $status = call_user_func($form->get('callsmethod'), $form); } else{ $status = false; } } catch(ModelValidationException $e){ \Core\set_message($e->getMessage(), 'error'); $status = false; } catch(GeneralValidationException $e){ \Core\set_message($e->getMessage(), 'error'); $status = false; } catch(Exception $e){ if(DEVELOPMENT_MODE){ // Developers get the full message \Core\set_message($e->getMessage(), 'error'); } else{ // While users of production-enabled sites get a friendlier message. \Core\set_message('t:MESSAGE_ERROR_FORM_SUBMISSION_UNHANDLED_EXCEPTION'); } Core\ErrorManagement\exception_handler($e); $status = false; } // The form was submitted. Set its persistent flag to true so that whatever may be listening for it can retrieve the user's values. $form->persistent = true; // Regardless, bundle this form back into the session so the controller can use it if needed. \Core\Session::Set('FormData/' . $formid, serialize($form)); // Fail statuses. if ($status === false) return; if ($status === null) return; // Guess it's not false and not null... must be good then. // @todo Handle an internal save procedure for "special" groups such as pageinsertables and what not. // Cleanup \Core\Session::UnsetKey('FormData/' . $formid); if ($status === 'die'){ // If it's set to die, simply exit the script without outputting anything. exit; } elseif($status === 'back'){ if($form->referrer && $form->referrer != REL_REQUEST_PATH){ // Go back to the original form's referrer. \Core\redirect($form->referrer); } else{ // Use Core to guess which page to redirect back to, (not as reliable). \Core\go_back(); } } elseif ($status === true){ // If the return code is boolean true, it's a reload. \Core\reload(); } elseif($status === REL_REQUEST_PATH || $status === CUR_CALL){ // If the page returned the same page as the current url, force a reload, (as redirect will ignore it) \Core\reload(); } else{ // Anything else gets sent to the redirect system. \core\redirect($status); } }
/** * The frontend listing page that displays all blog articles that are published across the system. */ public function index() { $view = $this->getView(); $request = $this->getPageRequest(); $manager = \Core\user()->checkAccess('p:/blog/manage_all'); // Get a list of all the blogs on the system. I'll get the page object from each one and see if the current user has access // to each one. Then I'll have a list of ids that the user can view. $parents = array(); $editor = false; $page = null; $blogs = BlogModel::Find(null, null, null); foreach ($blogs as $blog) { /** @var BlogModel $blog */ $page = $blog->getLink('Page'); $editor = \Core\user()->checkAccess($blog->get('manage_articles_permission ')) || $manager; $viewer = \Core\user()->checkAccess($blog->get('access')) || $editor; if (!$viewer) { continue; } $parents[] = $blog->get('baseurl'); } // Is the user a manager, but no blogs exist on the system? if ($manager && !sizeof($parents)) { Core::SetMessage('There are no blogs on the system currently, you can use the All Pages interface to create one.', 'tutorial'); \core\redirect('/admin/pages'); } $filters = new FilterForm(); $filters->haspagination = true; $filters->setLimit(20); $filters->load($this->getPageRequest()); $factory = new ModelFactory('PageModel'); if (sizeof($parents)) { $factory->where('parenturl IN ' . implode(',', $parents)); } else { // This is to prevent the system from trying to load all pages that have a parent of "". $factory->where('parenturl = -there-are-no-blogs-'); } if ($request->getParameter('q')) { $query = $request->getParameter('q'); $factory->where(\Core\Search\Helper::GetWhereClause($request->getParameter('q'))); } else { $query = null; } $factory->order('published DESC'); if (!$editor) { // Limit these to published articles. $factory->where('published_status = published'); // And where the published date is >= now. $factory->where('published <= ' . CoreDateTime::Now('U', Time::TIMEZONE_GMT)); } $filters->applyToFactory($factory); $articles = $factory->get(); //var_dump($factory, $articles); die(); $view->mode = View::MODE_PAGEORAJAX; $view->assign('articles', $articles); $view->assign('page', $page); $view->assign('filters', $filters); $view->assign('query', $query); if ($editor) { //$view->addControl('Add Blog Article', '/blog/article/create/' . $blog->get('id'), 'add'); } if ($manager) { $view->addControl('Edit Blog Listing Page', '/blog/editindex', 'edit'); $view->addControl('Create New Blog', '/blog/create', 'add'); $view->addControl('All Articles', '/admin/pages/?filter[parenturl]=/blog/view/', 'tasks'); } }
/** * This is a helper controller to expose server-side data to javascript. * * It's useful for currently logged in user and what not. * Obviously nothing critical is exposed here, since it'll be sent to the useragent. */ public function jshelper(){ $request = $this->getPageRequest(); // This is a json-only page. if($request->ctype != View::CTYPE_JSON){ \core\redirect('/'); } // The data that will be returned. $data = array(); $cu = Core::User(); if(!$cu->exists()){ $data['user'] = array( 'id' => null, 'displayname' => ConfigHandler::Get('/user/displayname/anonymous'), //'email' => null, ); $data['accessstringtemplate'] = null; } else{ $data['user'] = array( 'id' => $cu->get('id'), 'displayname' => $cu->getDisplayName(), //'email' => $cu->get('email'), ); // Templated version of the access string form system, useful for dynamic permissions on the page. $templateel = new FormAccessStringInput(array( 'title' => '##TITLE##', 'name' => '##NAME##', 'description' => '##DESCRIPTION##', 'class' => '##CLASS##', 'value' => 'none' )); $data['accessstringtemplate'] = $templateel->render(); } $this->getView()->jsondata = $data; $this->getView()->contenttype = View::CTYPE_JSON; }