function secondstageAction() { $request = new Bolts_Request($this->getRequest()); $appNamespace = new Zend_Session_Namespace('Bolts_Temp'); $basepath = Zend_Registry::get('basepath'); $config_table = new Config(); $appname = "My Application"; if ($request->has('appname')) { $appname = $request->appname; } $config_table->set('bolts', 'site_name', $appname); $config_table->set('bolts', 'title_prefix', $appname); $config_table->set('bolts', 'upload_path', $basepath . "/uploads", true); $config_table->set('bolts', 'theme', 'default', true); $config_table->set('bolts', 'missing_image', $basepath . "/themes/frontend/bolts/images/image-missing.png", true); $config_table->set('bolts', 'site_url', 'http://' . $_SERVER['SERVER_NAME']); $config_table->set('bolts', 'salt', substr(md5(rand(1, 1000)), 0, 10)); $config_table->cache(); $username = $request->username; $users_table = new Users(); $user = $users_table->fetchByUsername($username); $password = substr(md5(rand(50000, 100000)), 0, 8); if (!is_null($user)) { $user->password = $password; $user->save(); $users_table->setMetaData($username, "is_installer", 1); $appNamespace->autoLogin = true; $appNamespace->autoLoginUsername = $username; $appNamespace->autoLoginPassword = $password; $appNamespace->autoLoginPasswordHash = md5($password); } else { die("Somehow the admin user didn't get created or didn't get sent with the request. This is bad. Really, really bad."); } $this->_redirect("/bolts/install/finished/username/" . $username); }
function indexAction() { $config_table = new Config(); $modules_table = new Modules("core"); $request = new Bolts_Request($this->getRequest()); if ($request->has('modid')) { $modid = $request->modid; } else { $modid = 'bolts'; } if ($this->_request->isPost()) { //we are posting $config_params = $this->_request->getParams(); foreach ($config_params as $ckey => $value) { $data = array('value' => $value); $config_table->update($data, "ckey = '" . $ckey . "' and module='" . $modid . "'"); } $this->view->success = $this->_T('Configuration Updated.'); $config_table->cache(); $params = array(); $this->_Bolts_plugin->doAction($this->_mca . '_post_save', $params); // ACTION HOOK } $config = $config_table->fetchAll($config_table->select()->where('module = ?', $modid)); if (count($config) > 0) { $config = $config->toArray(); sort($config); $this->view->config = $config; } $modules = $modules_table->getEnabledModules(); sort($modules); $this->view->modules = $modules; $this->view->current = $modid; $this->view->modid = $modid; }
function setcookieAction() { // TODO maybe? - prevent people from viewing this page if localization is not enabled $request = new Bolts_Request($this->getRequest()); if ($request->has("code") && $request->code != "") { $locale_code = $request->code; $time = Bolts_Registry::get('locale_cache_lifetime'); if (Bolts_Translate::validateLocaleCode($locale_code)) { setcookie("locale_code", $locale_code, time() + $time, "/"); if ($request->has("return_url")) { $url_filter = new Bolts_Url_Filter(); header("Location: " . $url_filter->filter($request->return_url, array('locale_code' => $locale_code))); } else { header("Location: /" . $locale_code); } } } else { $this->_redirect("/bolts/locale/choose/"); } }
function deleteAction() { $request = new Bolts_Request($this->getRequest()); $roles_table = new Roles(); if ($request->has('id')) { $id = $request->id; $role = $roles_table->fetchRow("id = " . $id); if (is_null($role)) { $this->_redirect('/bolts/role'); } } else { $this->_redirect('/bolts/role'); } if ($this->getRequest()->isPost() and $request->has("delete")) { $errors = array(); // can't be last admin if ((bool) $role->isadmin and $roles_table->getCountByWhereClause("isadmin = 1") == 1) { $errors[] = $this->_T("This is the only admin role. It cannot be deleted."); } // can't be guest if ((bool) $role->isguest) { $errors[] = $this->_T("This is the guest role. It cannot be deleted."); } // can't be default if ((bool) $role->isdefault) { $errors[] = $this->_T("This is the default role. It cannot be deleted."); } // can't have any users $userwhereclause = "role_id = " . $role->id; $users_table = new UsersRoles(); if ($users_table->getCountByWhereClause($userwhereclause) > 0) { $errors[] = $this->_T("This role cannot be deleted because there are users assigned to it."); } // can't have children $inherited_by = $roles_table->fetchImmediateChildren($role->id); if (count($inherited_by) > 0) { $error = $this->_T("This role is inherited by role(s) "); $firstpass = true; foreach ($inherited_by as $role_i) { if ($firstpass) { $firstpass = false; } else { $error .= ", "; } $error .= $role_i->shortname; } $error .= $this->_T(". It cannot be deleted."); $errors[] = $error; } if ($request->delete == "Yes") { if (count($errors) > 0) { $this->view->errors = $errors; } else { $roles_table->delete("id = " . $id); $this->view->success = $this->_T("Role deleted."); } } else { $this->_redirect("/bolts/role"); } } $this->view->role = $role->toArray(); }
function testdataAction() { $request = new Bolts_Request($this->getRequest()); if ($this->getRequest()->isPost()) { $errors = array(); $data_path = $request->data_path; $data_file = $data_path . "/users.dat"; $image_dir = $data_path . "/images"; $users_table = new Users(); $users_roles_table = new UsersRoles(); if ($request->has("email_domain")) { $email_domain = $request->email_domain; } else { $email_domain = "nowhere.com"; } if (!file_exists($data_file)) { $errors[] = $this->_T("Data file missing. Check path."); } else { $users = unserialize(file_get_contents($data_file)); if (!is_array($users)) { $errors[] = $this->_T("Data file is corrupt or something."); } } if (count($errors) == 0) { $old_users = $users_table->fetchAll(); foreach ($old_users as $old_user) { if ($users_table->getMetaData($old_user->username, "is_test_user") == "true") { $where = $users_table->getAdapter()->quoteInto("username = ?", $old_user->username); $users_table->delete($where); $users_roles_table->delete($where); } } $count = 0; foreach ($users as $user) { $tmp_user = array(); foreach ($user as $key => $value) { if ($key != "avatar") { $tmp_user[$key] = $value; } } $tmp_user['email'] = strtolower($tmp_user['username'] . "@" . $email_domain); $tmp_user['password'] = "******"; $destination_path = $users_table->getAvatarPath($user['username']); $destination_filename = $users_table->getAvatarPath($user['username'], true); if (!is_dir($destination_path)) { mkdir($destination_path, 0777, true); } if (file_exists($destination_filename)) { unlink($destination_filename); } $source_image = $image_dir . "/" . $user['avatar']; copy($source_image, $destination_filename); $role_data = array("username" => $tmp_user['username'], "role_id" => $tmp_user['role_id']); $users_roles_table->insert($role_data); unset($tmp_user['role_id']); $users_table->insert($tmp_user); $users_table->setMetaData($tmp_user['username'], "is_test_user", "true"); $save_users[] = $user; $count++; } $this->view->success = "User data loaded. Created " . $count . " users."; Bolts_Registry::set('test_data_path', $request->data_path); $this->view->data_path = Bolts_Registry::get('test_data_path'); $this->view->email_domain = $email_domain; } else { $this->view->errors = $errors; $this->view->data_path = Zend_Registry::get('basepath') . "/tmp/testdata"; $this->view->email_domain = $request->email_domain; } } else { $this->view->data_path = Zend_Registry::get('basepath') . "/tmp/testdata"; $this->view->email_domain = "nowhere.com"; $this->view->notice = $this->_T("Warning: If you are reinstalling the test data, the old test data will be overwritten. Users created outside the test data should not be affected."); } }
function uninstallAction() { $request = new Bolts_Request($this->getRequest()); if ($request->has('id')) { $this->view->id = $request->id; $this->view->notice = $this->_T("You are about to uninstall a module. This cannot be undone."); } else { $this->_redirect('/bolts/module/index'); } if ($this->getRequest()->isPost()) { $del = strtolower($request->delete); if ($del == 'yes' && $request->has('id')) { $this->_redirect("/bolts/module/index/id/" . $request->id . "/perform/uninstall"); } else { $this->_redirect('/bolts/module/index'); } } }
function editAction() { $request = new Bolts_Request($this->getRequest()); $modules_table = new Modules(); $roles_resources_table = new RolesResources(); $roles_res_extra_table = new RolesResourcesExtra(); if ($request->has("id")) { $role_id = $request->id; $roles_table = new Roles(); $role = $roles_table->fetchRow("id = " . $role_id); if (!is_null($role)) { $this->view->role = $role->toArray(); $this->view->roleshortname = $role->shortname; } else { $this->_redirect("/role"); } } else { $this->_redirect("/role"); } if ($request->has("modid")) { if ($modules_table->exists($request->modid)) { $module_id = $request->modid; } else { $module_id = "default"; } } else { $module_id = "default"; } if ($this->getRequest()->isPost()) { $resources = $this->getRequest()->getPost('resource'); // Hose everything for this role and module $where = $roles_resources_table->getAdapter()->quoteInto("role_id = ? and ", $role_id); $where .= $roles_resources_table->getAdapter()->quoteInto("module = ? ", $module_id); $roles_resources_table->delete($where); foreach ($resources as $resource) { $resource_array = explode("-", $resource); $resource_module = $resource_array[0]; $resource_controller = $resource_array[1]; $resource_action = $resource_array[2]; $data = array('role_id' => $role_id, 'module' => $resource_module, 'controller' => $resource_controller, 'action' => $resource_action); $roles_resources_table->insert($data); } $where = $roles_res_extra_table->getAdapter()->quoteInto("role_id = ? and ", $role_id); $where .= $roles_res_extra_table->getAdapter()->quoteInto("module = ? ", $module_id); $roles_res_extra_table->delete($where); if ($request->has("extra_resource")) { foreach ($request->extra_resource as $extra_resource_item) { $data = array('role_id' => $role_id, 'module' => $module_id, 'resource' => $extra_resource_item); $roles_res_extra_table->insert($data); } } $this->view->success = $this->_T("Resources updated."); } $db_roles_resources = $roles_resources_table->fetchAll('role_id = ' . $role_id); $resources = array(); foreach ($db_roles_resources as $resource) { if (!array_key_exists($resource->module, $resources)) { $resources[$resource->module] = array(); } if (!array_key_exists($resource->controller, $resources[$resource->module])) { $resources[$resource->module][$resource->controller] = array(); } $resources[$resource->module][$resource->controller][] = $resource->action; } /* * This is a poor man's introspector. The reflection API needs the classes actually available, * which creates naming conflicts between modules. What I do instead is read the physical files, * line by line, find the lines with "function fooAction" and determine that the action name is * "foo". It's a hack, but it works. */ $all_actions = array(); $modules = array(); $controllerdirs = array(); $enabled_modules = $modules_table->getEnabledModules(); foreach ($enabled_modules as $enabled_module) { $controllerdirs[$enabled_module] = Zend_Registry::get("basepath") . "/modules/" . $enabled_module . "/controllers"; } $controllerdir = $controllerdirs[$module_id]; $d = dir($controllerdir); $modules[] = $module_id; while (($entry = $d->read()) !== false) { if ($entry != '.' and $entry != '..' and $entry != '.svn') { $controller_name = substr($entry, 0, stripos($entry, 'Controller.php')); if ($module_id != "default" && substr($controller_name, 0, 1) == "_") { $controller_name = substr($controller_name, stripos($controller_name, '_') + 1); } $lines = file($controllerdir . '/' . $entry); foreach ($lines as $line) { if (preg_match('/function.*Action.*\\(.*\\).*\\{?/', $line)) { $action_name = trim(preg_replace('/Action.*/', '', preg_replace('/^.*function/', '', $line))); $allowed = false; if (array_key_exists($module_id, $resources)) { if (array_key_exists($controller_name, $resources[$module_id])) { if (in_array($action_name, $resources[$module_id][$controller_name])) { $allowed = true; } } } $inherited = false; if (count($roles_table->getInheritedRoles($role_id)) > 0) { $inherited = $this->isResourceInherited($module_id, $controller_name, $action_name, $role_id); } $all_actions[$module_id][$controller_name][$action_name] = array('allowed' => $allowed, 'inherited' => $inherited); } } } } $d->close(); $this->view->modid = $module_id; $mod_cfg = $modules_table->parseIni($module_id); $this->view->module_title = $mod_cfg['general']['name']; $this->view->actions = $all_actions; $this->view->modules = $enabled_modules; // get "extra" resources $extra_resources = array(); if (array_key_exists('resources', $mod_cfg)) { foreach ($mod_cfg['resources'] as $resource_name => $nicename) { $extra_resources[$resource_name]['nicename'] = $nicename; $extra_resources[$resource_name]['inherited'] = $this->isExtraResourceInherited($module_id, $resource_name, $role_id); $extra_resources[$resource_name]['allowed'] = $roles_res_extra_table->isAllowed($role_id, $module_id, $resource_name); } } $this->view->extra_resources = $extra_resources; }
function registerAction() { $request = new Bolts_Request($this->getRequest()); if ($this->_auth->hasIdentity()) { $this->_redirect('/bolts/user/profile/username/' . $this->_identity->username); } $users_table = new Users(); $user = array(); $pre_register_params = array(); if ($request->has('url')) { $this->view->url_param = $request->url; $pre_register_params['return_url'] = $request->url; } else { $pre_register_params['return_url'] = false; } $pre_register_params = $this->_Bolts_plugin->doFilter('default_pre_register', $pre_register_params); // FILTER HOOK foreach ($pre_register_params as $key => $value) { if ($key == 'return_url') { $this->view->url_param = $value; } else { $this->view->{$key} = $value; } } if ($this->getRequest()->isPost()) { $errors = array(); $user['username'] = $request->username; if ($request->has('full_name')) { if (strlen($request->full_name) < 1) { $user['full_name'] = $this->_T("Unidentified User"); } else { $user['full_name'] = $request->full_name; } } else { $user['full_name'] = $this->_T("Unidentified User"); } $user['email'] = $request->email; $user['password'] = $request->password; $user['confirm'] = $request->confirm; if ($request->has('Birthday_Day') && $request->has('Birthday_Month') && $request->has('Birthday_Year')) { $user['birthday'] = strtotime($request->Birthday_Day . " " . $request->Birthday_Month . " " . $request->Birthday_Year); } else { $user['birthday'] = null; } // validate username $username_validator = new Zend_Validate(); $username_validator->addValidator(new Zend_Validate_StringLength(1, Bolts_Registry::get('username_length'))); $username_validator->addValidator(new Zend_Validate_Alnum()); if (!$username_validator->isValid($user['username'])) { $show_username = "******" . $user['username'] . "'"; if (trim($user['username']) == "") { $show_username = "******" . $this->_T("empty") . "]"; } $errors[] = $this->_T("%s isn't a valid username. (Between %d and %d characters, only letters and numbers)", array($show_username, 1, Bolts_Registry::get('username_length'))); } $user_where = $users_table->getAdapter()->quoteInto('username = ?', $user['username']); if ($users_table->getCountByWhereClause($user_where) > 0) { $errors[] = $this->_T("The username '%s' is already in use", $user['username']); } // validate email $email_validator = new Zend_Validate_EmailAddress(); if (!$email_validator->isValid($user['email'])) { $show_email = "'" . $user['email'] . "'"; if (trim($user['email']) == "") { $show_email = "[" . $this->_T("empty") . "]"; } $errors[] = $show_email . ' ' . $this->_T('is not a valid email.'); } // make sure no one is using this email already $email_where = $users_table->getAdapter()->quoteInto('email = ?', $user['email']); if ($users_table->getCountByWhereClause($email_where) > 0) { $errors[] = $this->_T("Email is already in use."); } $password_validator = new Zend_Validate(); $password_validator->addValidator(new Zend_Validate_StringLength(6, 32)); // make sure password is at least six chars if (!$password_validator->isValid($user['password'])) { $errors[] = $this->_T("Password must be between %d and %d characters", array(6, Bolts_Registry::get('password_length'))); } // if password is set, make sure it matches confirm if ($user['password'] != $user['confirm']) { $errors[] = $this->_T("Passwords don't match"); } // do we meet the minimum age? $minimum_age = Bolts_Registry::get('minimum_registration_age', '13'); $years_ago = strtotime($minimum_age . ' years ago'); if ($user['birthday'] > $years_ago) { $errors[] = $this->_T("You must be at least %d years old to register.", $minimum_age); } $params = array('request' => $this->getRequest(), 'user' => $user, 'errors' => $errors); $additional = $this->_Bolts_plugin->doFilter($this->_mca, $params); // FILTER HOOK $errors = $additional['errors']; $user = $additional['user']; // convert birthday_ts to mysql date $birthday_db = date(DB_DATETIME_FORMAT, $user['birthday']); if (count($errors) == 0) { $roles_table = new Roles(); $users_roles_table = new UsersRoles(); $default_role_shortname = Bolts_Registry::get('default_role_shortname'); $role_data = array("username" => $user['username'], "role_id" => $roles_table->getIdByShortname($default_role_shortname)); $users_roles_table->insert($role_data); $user_data = array('username' => $user['username'], 'email' => $user['email'], 'full_name' => $user['full_name'], 'birthday' => $birthday_db, 'password' => $user['password'], 'created_on' => date("Y-m-d H:i:s"), 'ip' => getenv('REMOTE_ADDR')); if (array_key_exists('about_me', $additional['user'])) { $user_data['about_me'] = $additional['user']['about_me']; } // MAKE IT OFFICIAL $users_table->insert($user_data); // DO SOME PLUGINS $params = array('user' => $user_data, 'request' => $request, 'username' => $user['username'], 'autologin' => true, 'autologin_username' => $user['username'], 'autologin_password' => $user['password'], 'autologin_password_hash' => md5($user['password']), 'locale_code' => $this->locale_code); $params = $this->_Bolts_plugin->doFilter("default_post_register", $params); // FILTER HOOK $this->_Bolts_plugin->doAction($this->_mca . "_post_register", $params); // ACTION HOOK (deprecated) // SET UP AUTO-LOGIN, OR DON'T if ($params['autologin']) { $appNamespace = new Zend_Session_Namespace('Bolts_Temp'); $appNamespace->autoLogin = $params['autologin']; $appNamespace->autoLoginUsername = $params['autologin_username']; $appNamespace->autoLoginPassword = $params['autologin_password']; $appNamespace->autoLoginPasswordHash = $params['autologin_password_hash']; } // SEND THE USER ON THEIR WAY $url = '/bolts/user/postregister'; // if there was a URL passed in then add that encoded URL as a param to the default redirect if ($request->has('url')) { $url .= '/url/' . $request->url; } $this->_redirect($url); } else { $this->view->errors = $errors; } } $this->view->user = $user; $this->view->pagetitle = $this->_T("Register"); }