{
$theme_name = next(explode('/themes/', get_stylesheet_directory()));
global $wp_rewrite;
$new_non_wp_rules = array('css/(.*)' => 'wp-content/themes/' . $theme_name . '/css/$1', 'js/(.*)' => 'wp-content/themes/' . $theme_name . '/js/$1', 'img/(.*)' => 'wp-content/themes/' . $theme_name . '/img/$1', 'plugins/(.*)' => 'wp-content/plugins/$1');
$wp_rewrite->non_wp_rules += $new_non_wp_rules;
}
static function htaccess_rules($rules)
{
global $wp_filesystem;
if (!defined('FS_METHOD')) {
define('FS_METHOD', 'direct');
}
if (is_null($wp_filesystem)) {
WP_Filesystem(array(), ABSPATH);
}
if (!defined('WP_CONTENT_DIR')) {
define('WP_CONTENT_DIR', ABSPATH . 'wp-content');
}
$theme_name = next(explode('/themes/', get_template_directory()));
$filename = WP_CONTENT_DIR . '/themes/' . $theme_name . '/inc/h5bp-htaccess';
$rules .= $wp_filesystem->get_contents($filename);
return $rules;
}
static function flush_rewrites()
{
global $wp_rewrite;
$wp_rewrite->flush_rules();
}
}
Basics::hooks();
public function addAction()
{
// set page title
$this->view->pageTitle = 'Add User';
// breadcrumb
$this->pageBreadcrumbs[] = 'Add User';
$this->view->setVar('pageBreadcrumbs', $this->pageBreadcrumbs);
// get groups
$this->view->groups = Groups::find(array('name <> "admin"', 'order' => 'name'));
// create group list
$groupList = array();
foreach ($this->view->groups as $group) {
$groupList[$group->id] = $group->label;
}
$this->view->groupId = null;
$this->view->firstName = null;
$this->view->lastName = null;
$this->view->username = null;
$this->view->newPassword = null;
$this->view->confirmPassword = null;
$this->view->status = null;
// process post
if ($this->request->isPost()) {
// Receiving the variables sent by POST
$this->view->groupId = $this->request->getPost('group_id', 'int');
$this->view->firstName = $this->filter->sanitize($this->request->getPost('first_name', 'string'), "trim");
$this->view->lastName = $this->filter->sanitize($this->request->getPost('last_name', 'string'), "trim");
$this->view->username = $this->filter->sanitize($this->request->getPost('username', 'email'), "trim");
$this->view->newPassword = $this->filter->sanitize($this->request->getPost('new_password'), "trim");
$this->view->confirmPassword = $this->filter->sanitize($this->request->getPost('confirm_new_password'), "trim");
$this->view->status = $this->request->getPost('status', 'string');
// make sure email does not exists
// find user in the database
$user = Users::findFirst(array("username = :email:", "bind" => array('email' => $this->view->username)));
if (!empty($user)) {
$this->getFlashSession('error', 'Email already exists for another user.', true);
return true;
} else {
// match the two passwords
if ($this->view->newPassword != $this->view->confirmPassword) {
$this->getFlashSession('error', 'Both passwords should match.', true);
return;
} elseif (!in_array($this->view->groupId, array_keys($groupList))) {
$this->getFlashSession('error', 'Invalid user type selection.', true);
return;
} else {
$user = new Users();
$user->group_id = $this->view->groupId;
$user->first_name = $this->view->firstName;
$user->last_name = $this->view->lastName;
$user->username = $this->view->username;
$user->password = hash('sha256', $this->config->application['securitySalt'] . $this->view->newPassword);
$user->status = $this->view->status == 'on' ? 'active' : 'inactive';
$user->created = date('Y-m-d H:i:s');
$user->modified = date('Y-m-d H:i:s');
$user->modified_by = $this->userSession['email'];
if ($user->create() == false) {
$this->logger->log("Failed to save user", \Phalcon\Logger::ERROR);
foreach ($user->getMessages() as $message) {
$this->logger->log($message, \Phalcon\Logger::ERROR);
}
$this->getFlashSession('error', 'Sorry, we could not create a new user. Please try again.', true);
} else {
// email user
Basics::sendEmail(array('type' => 'newUser', 'toName' => $user->first_name . " " . $user->last_name, 'toEmail' => $user->username, 'tempPassword' => $this->view->newPassword, 'welcomeUrl' => $this->config->application['baseUrl']));
$this->getFlashSession('success', 'New user is created.', true);
// Forward to index
return $this->response->redirect("/user");
}
}
}
}
// post
}
/**
* Reset Password
*/
public function resetPasswordAction()
{
// set page title
$this->view->pageTitle = 'Reset Password';
$resetHashToken = $this->dispatcher->getParam("token");
if (empty($resetHashToken)) {
$this->getFlashSession('error', 'Invalid reset link', false);
// Forward to signin
return $this->dispatcher->forward(array('controller' => 'access', 'action' => 'signin'));
} else {
// verify hash token exists in database
// find user in the database
$user = Users::findFirst(array("hashtoken_reset = :token: AND status = :status: AND hashtoken_expire IS NOT NULL AND hashtoken_expire > NOW()", "bind" => array('token' => $resetHashToken, 'status' => 'active')));
if (empty($user)) {
$this->getFlashSession('error', 'Your password reset link has expired. Try send the reset request again.', false);
// Forward to signin
return $this->dispatcher->forward(array('controller' => 'access', 'action' => 'signin'));
}
$this->view->resetHashToken = $resetHashToken;
}
// process post
if ($this->request->isPost()) {
// Receiving the variables sent by POST
$newPassword = $this->filter->sanitize($this->request->getPost('new_password'), "trim");
$confirmPassword = $this->filter->sanitize($this->request->getPost('confirm_password'), "trim");
if (!empty($newPassword) && !empty($confirmPassword)) {
// match the two passwords
if ($newPassword == $confirmPassword) {
// update password
$password = hash('sha256', $this->config->application['securitySalt'] . $newPassword);
$user->password = $password;
$user->hashtoken_reset = null;
$user->hashtoken_expire = null;
if ($user->update() == false) {
$this->logger->log("Failed to reset user's password", \Phalcon\Logger::ERROR);
foreach ($user->getMessages() as $message) {
$this->logger->log($message, \Phalcon\Logger::ERROR);
}
$this->getFlashSession('error', 'Sorry, we could not reset your password. Please try again.', false);
} else {
// email user
Basics::sendEmail(array('type' => 'resetConfirm', 'toName' => $user->first_name . " " . $user->last_name, 'toEmail' => $user->username));
$this->getFlashSession('success', 'Your password has been changed. You can now sign in with your new password.', false);
// Forward to signin
return $this->dispatcher->forward(array('controller' => 'access', 'action' => 'signin'));
}
} else {
$this->getFlashSession('error', 'Both passwords should match.', false);
}
} else {
$this->getFlashSession('error', 'Please enter both passwords.', false);
}
}
}
/**
* Send email using Mandrill Service
* Options (type, subject, toEmail, toName)
*/
public static function sendEmail($options = array())
{
$di = PhDi::getDefault();
$config = $di['config'];
$logger = $di['logger'];
$mail = new PHPMailer();
$mail->isSMTP();
$mail->Host = 'smtp1.example.com';
$mail->Port = '587';
$mail->SMTPAuth = true;
$mail->Username = '******';
$mail->Password = '******';
$mail->setFrom('*****@*****.**', 'Mailer');
$mail->addAddress($options['toEmail'], $options['toName']);
switch ($options['type']) {
case 'reset':
$mail->Subject = 'Password reset notification';
$message = <<<EOT
<h3>Hi, {$options['toName']}</h3>
<p class="lead">Forgot your password?</p>
<p class="callout">Please click the following link to start password reset process. <a href="{$options['resetUrl']}" target="_blank">Click here! »</a>.</p>
<p>This link will expire {$config->application->hashTokenExpiryHours} hours after this email was sent.</p>
<p><br>Thank you!</p>
EOT;
$altBody = <<<EOT
Hi, {$options['toName']}
You recently requested to reset your password.
Please click the following link to start password reset process.
{$options['resetUrl']}
This link will expire {$config->application->hashTokenExpiryHours} hours after this email was sent.
Thank you!
EOT;
break;
case 'resetConfirm':
$mail->Subject = 'Your password has been reset';
$message = <<<EOT
<h3>Hi, {$options['toName']}</h3>
<p class="lead">The password has been successfully reset.</p>
<p><br>Thank you!</p>
EOT;
$altBody = <<<EOT
Hi, {$options['toName']}
The password has been successfully reset.
Thank you!
EOT;
break;
case 'newUser':
$mail->Subject = 'Your new account has been created';
$message = <<<EOT
<h3>Hi, {$options['toName']}</h3>
<p class="lead">This is to confirm creation of your new account.</p>
<p class="callout">Your temporary password is <b>{$options['tempPassword']}</b>. <a href="{$options['welcomeUrl']}" target="_blank">Click here! »</a> to access your new account.</p>
<p><br>Thank you!</p>
EOT;
$altBody = <<<EOT
Hi, {$options['toName']}
This is to confirm creation of your new account.
Your temporary password is <b>{$options['tempPassword']}</b>. Click this link {$options['welcomeUrl']} to access your new account.
Thank you!
EOT;
break;
}
$content = Basics::emailTemplate(array('messageBlock' => $message, 'baseUrl' => $config->application->baseUrl));
$mail->msgHTML($content);
$mail->AltBody = $altBody;
//send the message, check for errors
if (!$mail->send()) {
$logger->log("PHPMailer Error: " . $mail->ErrorInfo, \Phalcon\Logger::ERROR);
} else {
$logger->log("Reset email send to: " . $options['toEmail'], \Phalcon\Logger::INFO);
}
}
wp_head();
?>
<!-- ----------------------------------------------------------------------------- SCRIPTS -->
<script defer src="<?php
echo site_url();
?>
/js/plugins.js"></script>
<script defer src="<?php
echo site_url();
?>
/js/script.js"></script>
</head>
<body <?php
body_class(Basics::body_class());
?>
>
<div id="wrap" class="container" role="document">
<header id="banner" class="span-24" role="banner">
<div class="container">
<figure clas="logo"></figure>
<nav id="nav-main" role="navigation">
<?php
wp_nav_menu(array('theme_location' => 'primary_navigation'));
?>
</nav>